1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/encryptor.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/string_number_conversions.h"
11 #include "crypto/symmetric_key.h"
12 #include "testing/gtest/include/gtest/gtest.h"
14 TEST(EncryptorTest
, EncryptDecrypt
) {
15 scoped_ptr
<crypto::SymmetricKey
> key(
16 crypto::SymmetricKey::DeriveKeyFromPassword(
17 crypto::SymmetricKey::AES
, "password", "saltiest", 1000, 256));
18 EXPECT_TRUE(NULL
!= key
.get());
20 crypto::Encryptor encryptor
;
21 // The IV must be exactly as long as the cipher block size.
22 std::string
iv("the iv: 16 bytes");
23 EXPECT_EQ(16U, iv
.size());
24 EXPECT_TRUE(encryptor
.Init(key
.get(), crypto::Encryptor::CBC
, iv
));
26 std::string
plaintext("this is the plaintext");
27 std::string ciphertext
;
28 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
30 EXPECT_LT(0U, ciphertext
.size());
33 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
35 EXPECT_EQ(plaintext
, decypted
);
38 // CTR mode encryption is only implemented using NSS.
41 TEST(EncryptorTest
, EncryptDecryptCTR
) {
42 scoped_ptr
<crypto::SymmetricKey
> key(
43 crypto::SymmetricKey::GenerateRandomKey(
44 crypto::SymmetricKey::AES
, 128));
46 EXPECT_TRUE(NULL
!= key
.get());
47 const std::string kInitialCounter
= "0000000000000000";
49 crypto::Encryptor encryptor
;
50 EXPECT_TRUE(encryptor
.Init(key
.get(), crypto::Encryptor::CTR
, ""));
51 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
53 std::string
plaintext("normal plaintext of random length");
54 std::string ciphertext
;
55 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
56 EXPECT_LT(0U, ciphertext
.size());
59 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
60 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
61 EXPECT_EQ(plaintext
, decypted
);
63 plaintext
= "0123456789012345";
64 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
65 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
66 EXPECT_LT(0U, ciphertext
.size());
68 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
69 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
70 EXPECT_EQ(plaintext
, decypted
);
73 TEST(EncryptorTest
, CTRCounter
) {
74 const int kCounterSize
= 16;
75 const char kTest1
[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
78 // Increment 10 times.
79 crypto::Encryptor::Counter
counter1(std::string(kTest1
, kCounterSize
));
80 for (int i
= 0; i
< 10; ++i
)
83 EXPECT_EQ(0, memcmp(buf
, kTest1
, 15));
84 EXPECT_TRUE(buf
[15] == 10);
86 // Check corner cases.
87 const char kTest2
[] = {0, 0, 0, 0, 0, 0, 0, 0,
88 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
89 const char kExpect2
[] = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};
90 crypto::Encryptor::Counter
counter2(std::string(kTest2
, kCounterSize
));
93 EXPECT_EQ(0, memcmp(buf
, kExpect2
, kCounterSize
));
95 const char kTest3
[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
96 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
97 const char kExpect3
[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
98 crypto::Encryptor::Counter
counter3(std::string(kTest3
, kCounterSize
));
101 EXPECT_EQ(0, memcmp(buf
, kExpect3
, kCounterSize
));
106 // TODO(wtc): add more known-answer tests. Test vectors are available from
107 // http://www.ietf.org/rfc/rfc3602
108 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
109 // http://gladman.plushost.co.uk/oldsite/AES/index.php
110 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip
112 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt.
113 TEST(EncryptorTest
, EncryptAES256CBC
) {
114 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt.
115 static const unsigned char raw_key
[] = {
116 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
117 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
118 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
119 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
121 static const unsigned char raw_iv
[] = {
122 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
123 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
125 static const unsigned char raw_plaintext
[] = {
127 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
128 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
130 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
131 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
133 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
134 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
136 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
137 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
139 static const unsigned char raw_ciphertext
[] = {
141 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
142 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
144 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
145 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
147 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
148 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
150 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
151 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
152 // PKCS #5 padding, encrypted.
153 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2,
154 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44
157 std::string
key(reinterpret_cast<const char*>(raw_key
), sizeof(raw_key
));
158 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
159 crypto::SymmetricKey::AES
, key
));
160 ASSERT_TRUE(NULL
!= sym_key
.get());
162 crypto::Encryptor encryptor
;
163 // The IV must be exactly as long a the cipher block size.
164 std::string
iv(reinterpret_cast<const char*>(raw_iv
), sizeof(raw_iv
));
165 EXPECT_EQ(16U, iv
.size());
166 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
168 std::string
plaintext(reinterpret_cast<const char*>(raw_plaintext
),
169 sizeof(raw_plaintext
));
170 std::string ciphertext
;
171 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
173 EXPECT_EQ(sizeof(raw_ciphertext
), ciphertext
.size());
174 EXPECT_EQ(0, memcmp(ciphertext
.data(), raw_ciphertext
, ciphertext
.size()));
176 std::string decypted
;
177 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
179 EXPECT_EQ(plaintext
, decypted
);
182 // Expected output derived from the NSS implementation.
183 TEST(EncryptorTest
, EncryptAES128CBCRegression
) {
184 std::string key
= "128=SixteenBytes";
185 std::string iv
= "Sweet Sixteen IV";
186 std::string plaintext
= "Plain text with a g-clef U+1D11E \360\235\204\236";
187 std::string expected_ciphertext_hex
=
188 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A"
189 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8";
191 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
192 crypto::SymmetricKey::AES
, key
));
193 ASSERT_TRUE(NULL
!= sym_key
.get());
195 crypto::Encryptor encryptor
;
196 // The IV must be exactly as long a the cipher block size.
197 EXPECT_EQ(16U, iv
.size());
198 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
200 std::string ciphertext
;
201 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
202 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),
205 std::string decypted
;
206 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
207 EXPECT_EQ(plaintext
, decypted
);
210 // Expected output derived from the NSS implementation.
211 TEST(EncryptorTest
, EncryptAES192CBCRegression
) {
212 std::string key
= "192bitsIsTwentyFourByte!";
213 std::string iv
= "Sweet Sixteen IV";
214 std::string plaintext
= "Small text";
215 std::string expected_ciphertext_hex
= "78DE5D7C2714FC5C61346C5416F6C89A";
217 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
218 crypto::SymmetricKey::AES
, key
));
219 ASSERT_TRUE(NULL
!= sym_key
.get());
221 crypto::Encryptor encryptor
;
222 // The IV must be exactly as long a the cipher block size.
223 EXPECT_EQ(16U, iv
.size());
224 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
226 std::string ciphertext
;
227 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
228 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),
231 std::string decypted
;
232 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decypted
));
233 EXPECT_EQ(plaintext
, decypted
);
236 // Not all platforms allow import/generation of symmetric keys with an
238 #if !defined(OS_WIN) && !defined(USE_NSS)
239 TEST(EncryptorTest
, UnsupportedKeySize
) {
240 std::string key
= "7 = bad";
241 std::string iv
= "Sweet Sixteen IV";
242 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
243 crypto::SymmetricKey::AES
, key
));
244 ASSERT_TRUE(NULL
!= sym_key
.get());
246 crypto::Encryptor encryptor
;
247 // The IV must be exactly as long a the cipher block size.
248 EXPECT_EQ(16U, iv
.size());
249 EXPECT_FALSE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
251 #endif // unsupported platforms.
253 TEST(EncryptorTest
, UnsupportedIV
) {
254 std::string key
= "128=SixteenBytes";
255 std::string iv
= "OnlyForteen :(";
256 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
257 crypto::SymmetricKey::AES
, key
));
258 ASSERT_TRUE(NULL
!= sym_key
.get());
260 crypto::Encryptor encryptor
;
261 EXPECT_FALSE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
264 TEST(EncryptorTest
, EmptyEncrypt
) {
265 std::string key
= "128=SixteenBytes";
266 std::string iv
= "Sweet Sixteen IV";
267 std::string plaintext
;
268 std::string expected_ciphertext_hex
= "8518B8878D34E7185E300D0FCC426396";
270 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
271 crypto::SymmetricKey::AES
, key
));
272 ASSERT_TRUE(NULL
!= sym_key
.get());
274 crypto::Encryptor encryptor
;
275 // The IV must be exactly as long a the cipher block size.
276 EXPECT_EQ(16U, iv
.size());
277 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
279 std::string ciphertext
;
280 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
281 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),