php-src/ext/openssl/tests/openssl_decrypt_gcm_siv.phpt at 489417ab7a3d71d5fe38e85eee85c8ad5a6fe2f6 · php/php-src · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
--TEST--
openssl_decrypt() with GCM-SIV cipher algorithm tests
--EXTENSIONS--
openssl
--SKIPIF--
<?php
if (!in_array('aes-256-gcm-siv', openssl_get_cipher_methods())) {
    die("skip aes-256-gcm-siv not available (requires OpenSSL >= 3.2)");
}
?>
--FILE--
<?php
require_once __DIR__ . "/cipher_tests.inc";
$method = 'aes-256-gcm-siv';
$tests = openssl_get_cipher_tests($method);

foreach ($tests as $idx => $test) {
    echo "TEST $idx\n";
    $pt = openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
        $test['iv'], $test['tag'], $test['aad']);
    var_dump($test['pt'] === $pt);
}

// Use the last vector (non-empty pt + AAD) for tampering checks.
echo "TEST WRONGTAG\n";
$bad_tag = $test['tag'];
$bad_tag[0] = chr(ord($bad_tag[0]) ^ 0x01);
var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
    $test['iv'], $bad_tag, $test['aad']));

echo "TEST WRONGCT\n";
$bad_ct = $test['ct'];
$bad_ct[0] = chr(ord($bad_ct[0]) ^ 0x01);
var_dump(openssl_decrypt($bad_ct, $method, $test['key'], OPENSSL_RAW_DATA,
    $test['iv'], $test['tag'], $test['aad']));

echo "TEST WRONGNONCE\n";
$bad_iv = $test['iv'];
$bad_iv[0] = chr(ord($bad_iv[0]) ^ 0x01);
var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
    $bad_iv, $test['tag'], $test['aad']));

echo "TEST WRONGAAD\n";
var_dump(openssl_decrypt($test['ct'], $method, $test['key'], OPENSSL_RAW_DATA,
    $test['iv'], $test['tag'], 'unexpected aad'));
?>
--EXPECT--
TEST 0
bool(true)
TEST 1
bool(true)
TEST 2
bool(true)
TEST WRONGTAG
bool(false)
TEST WRONGCT
bool(false)
TEST WRONGNONCE
bool(false)
TEST WRONGAAD
bool(false)