From ef29a16f67abc02aa769027078633c78279beae9 Mon Sep 17 00:00:00 2001 From: Rostyslav Tyshko Date: Sat, 2 Nov 2024 01:37:15 +0100 Subject: [PATCH] add test_decrypt_data_with_incorrect_nonce --- accounts/src/key_management/mod.rs | 35 ++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/accounts/src/key_management/mod.rs b/accounts/src/key_management/mod.rs index 43a1c93..eb377ba 100644 --- a/accounts/src/key_management/mod.rs +++ b/accounts/src/key_management/mod.rs @@ -165,6 +165,41 @@ mod tests { assert!(Into::::into(shared_secret.is_identity())); } + #[test] + #[should_panic] + fn test_decrypt_data_with_incorrect_nonce() { + let address_key_holder = AddressKeyHolder::new_os_random(); + + // Generate ephemeral public key and shared secret + let scalar = Scalar::random(OsRng); + let ephemeral_public_key_sender = (ProjectivePoint::generator() * scalar).to_affine(); + let shared_secret = address_key_holder.calculate_shared_secret_receiver(ephemeral_public_key_sender); + + // Prepare the encryption key from shared secret + let key_raw = shared_secret.to_bytes(); + let key_raw_adjust_pre = &key_raw.as_slice()[..32]; + let key_raw_adjust: [u8; 32] = key_raw_adjust_pre.try_into().unwrap(); + let key: Key = key_raw_adjust.into(); + + let cipher = Aes256Gcm::new(&key); + + // Encrypt sample data with a specific nonce + let nonce = Nonce::from_slice(b"unique nonce"); + let plaintext = b"Sensitive data"; + let ciphertext = cipher.encrypt(nonce, plaintext.as_ref()).expect("encryption failure"); + + // Attempt decryption with an incorrect nonce + let incorrect_nonce = Nonce::from_slice(b"wrong nonce"); + let decrypted_data = address_key_holder.decrypt_data( + ephemeral_public_key_sender, + CipherText::from(ciphertext.clone()), + incorrect_nonce.clone(), + ); + + // The decryption should fail or produce incorrect output due to nonce mismatch + assert_ne!(decrypted_data, plaintext); + } + #[test] fn key_generation_test() { let seed_holder = SeedHolder::new_os_random();