require 'helper'
require 'securerandom'

class TestRcsCommon < Test::Unit::TestCase

  include RCS::Crypt

  def test_crypt_multiple_of_block_size

    clear = SecureRandom.random_bytes(16)
    key = Digest::MD5.digest "4yeN5zu0+il3Jtcb5a1sBcAdjYFcsD9z"

    # padding is ON by default
    enc = aes_encrypt(clear, key)

    # must be multiple of block_len
    assert_equal true, enc.length % 16 == 0

    dec = aes_decrypt(enc, key)

    assert_equal clear, dec
  end

  def test_crypt_not_multiple_of_block_size

    clear = SecureRandom.random_bytes(19)
    key = Digest::MD5.digest "4yeN5zu0+il3Jtcb5a1sBcAdjYFcsD9z"

    # padding is ON by default
    enc = aes_encrypt(clear, key)

    # must be multiple of block_len
    assert_equal true, enc.length % 16 == 0

    dec = aes_decrypt(enc, key)

    assert_equal clear, dec
  end

  def test_crypt_multiple_of_block_size_no_pad

    clear = SecureRandom.random_bytes(16)
    key = Digest::MD5.digest "4yeN5zu0+il3Jtcb5a1sBcAdjYFcsD9z"

    # padding is ON by default, disable it
    enc = aes_encrypt(clear, key, PAD_NOPAD)

    # must be exactly the same size
    assert_equal true, enc.length == clear.length

    dec = aes_decrypt(enc, key, PAD_NOPAD)

    assert_equal clear, dec
  end

  def test_crypt_not_multiple_of_block_size_no_pad

    clear = SecureRandom.random_bytes(19)
    key = Digest::MD5.digest "4yeN5zu0+il3Jtcb5a1sBcAdjYFcsD9z"

    # padding is ON by default, disable it
    assert_raise(OpenSSL::Cipher::CipherError) do
      aes_encrypt(clear, key, PAD_NOPAD)
    end
  end

  def test_crypt_wrong_padding

    clear = SecureRandom.random_bytes(16)
    key = Digest::MD5.digest "4yeN5zu0+il3Jtcb5a1sBcAdjYFcsD9z"

    # padding is ON by default, disable it
    enc = aes_encrypt(clear, key, PAD_NOPAD)

    # must be exactly the same size
    assert_equal true, enc.length == clear.length

    assert_raise(OpenSSL::Cipher::CipherError) do
      aes_decrypt(enc, key)
    end
  end

  def test_crypt_integrity
    clear = SecureRandom.random_bytes(21)
    key = Digest::MD5.digest "secret"

    enc = aes_encrypt_integrity(clear, key)
    dec = aes_decrypt(enc, key)

    # extract the sha1 integrity check
    check = dec.slice!(dec.length - Digest::SHA1.new.digest_length, dec.length)

    assert_equal clear, dec
    assert_equal check, Digest::SHA1.digest(dec)
  end

  def test_decrypt_integrity
    clear = SecureRandom.random_bytes(21)
    key = Digest::MD5.digest "secret"

    clear_check = clear + Digest::SHA1.digest(clear)

    enc = aes_encrypt(clear_check, key)
    dec = ""
    assert_nothing_raised do
      dec = aes_decrypt_integrity(enc, key)
    end
    assert_equal clear, dec
  end

  def test_decrypt_integrity_fail
    clear = SecureRandom.random_bytes(21)
    key = Digest::MD5.digest "secret"

    # fake sha1 check
    clear_check = clear + SecureRandom.random_bytes(20)
    enc = aes_encrypt(clear_check, key)

    # this will fail to validate the sha1
    assert_raise RuntimeError do
      aes_decrypt_integrity(enc, key)
    end
  end

end