1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/encryptor.h"
9 #include "base/memory/scoped_ptr.h"
10 #include "base/strings/string_number_conversions.h"
11 #include "crypto/symmetric_key.h"
12 #include "testing/gtest/include/gtest/gtest.h"
14 TEST(EncryptorTest
, EncryptDecrypt
) {
15 scoped_ptr
<crypto::SymmetricKey
> key(
16 crypto::SymmetricKey::DeriveKeyFromPassword(
17 crypto::SymmetricKey::AES
, "password", "saltiest", 1000, 256));
18 EXPECT_TRUE(key
.get());
20 crypto::Encryptor encryptor
;
21 // The IV must be exactly as long as the cipher block size.
22 std::string
iv("the iv: 16 bytes");
23 EXPECT_EQ(16U, iv
.size());
24 EXPECT_TRUE(encryptor
.Init(key
.get(), crypto::Encryptor::CBC
, iv
));
26 std::string
plaintext("this is the plaintext");
27 std::string ciphertext
;
28 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
30 EXPECT_LT(0U, ciphertext
.size());
32 std::string decrypted
;
33 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
35 EXPECT_EQ(plaintext
, decrypted
);
38 TEST(EncryptorTest
, DecryptWrongKey
) {
39 scoped_ptr
<crypto::SymmetricKey
> key(
40 crypto::SymmetricKey::DeriveKeyFromPassword(
41 crypto::SymmetricKey::AES
, "password", "saltiest", 1000, 256));
42 EXPECT_TRUE(key
.get());
44 // A wrong key that can be detected by implementations that validate every
45 // byte in the padding.
46 scoped_ptr
<crypto::SymmetricKey
> wrong_key(
47 crypto::SymmetricKey::DeriveKeyFromPassword(
48 crypto::SymmetricKey::AES
, "wrongword", "sweetest", 1000, 256));
49 EXPECT_TRUE(wrong_key
.get());
51 // A wrong key that can't be detected by any implementation. The password
52 // "wrongword;" would also work.
53 scoped_ptr
<crypto::SymmetricKey
> wrong_key2(
54 crypto::SymmetricKey::DeriveKeyFromPassword(
55 crypto::SymmetricKey::AES
, "wrongword+", "sweetest", 1000, 256));
56 EXPECT_TRUE(wrong_key2
.get());
58 // A wrong key that can be detected by all implementations.
59 scoped_ptr
<crypto::SymmetricKey
> wrong_key3(
60 crypto::SymmetricKey::DeriveKeyFromPassword(
61 crypto::SymmetricKey::AES
, "wrongwordx", "sweetest", 1000, 256));
62 EXPECT_TRUE(wrong_key3
.get());
64 crypto::Encryptor encryptor
;
65 // The IV must be exactly as long as the cipher block size.
66 std::string
iv("the iv: 16 bytes");
67 EXPECT_EQ(16U, iv
.size());
68 EXPECT_TRUE(encryptor
.Init(key
.get(), crypto::Encryptor::CBC
, iv
));
70 std::string
plaintext("this is the plaintext");
71 std::string ciphertext
;
72 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
74 static const unsigned char expected_ciphertext
[] = {
75 0x7D, 0x67, 0x5B, 0x53, 0xE6, 0xD8, 0x0F, 0x27,
76 0x74, 0xB1, 0x90, 0xFE, 0x6E, 0x58, 0x4A, 0xA0,
77 0x0E, 0x35, 0xE3, 0x01, 0xC0, 0xFE, 0x9A, 0xD8,
78 0x48, 0x1D, 0x42, 0xB0, 0xBA, 0x21, 0xB2, 0x0C
81 ASSERT_EQ(arraysize(expected_ciphertext
), ciphertext
.size());
82 for (size_t i
= 0; i
< ciphertext
.size(); ++i
) {
83 ASSERT_EQ(expected_ciphertext
[i
],
84 static_cast<unsigned char>(ciphertext
[i
]));
87 std::string decrypted
;
89 // This wrong key causes the last padding byte to be 5, which is a valid
90 // padding length, and the second to last padding byte to be 137, which is
91 // invalid. If an implementation simply uses the last padding byte to
92 // determine the padding length without checking every padding byte,
93 // Encryptor::Decrypt() will still return true. This is the case for NSS
94 // (crbug.com/124434).
95 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX)
96 crypto::Encryptor decryptor
;
97 EXPECT_TRUE(decryptor
.Init(wrong_key
.get(), crypto::Encryptor::CBC
, iv
));
98 EXPECT_FALSE(decryptor
.Decrypt(ciphertext
, &decrypted
));
101 // This demonstrates that not all wrong keys can be detected by padding
102 // error. This wrong key causes the last padding byte to be 1, which is
103 // a valid padding block of length 1.
104 crypto::Encryptor decryptor2
;
105 EXPECT_TRUE(decryptor2
.Init(wrong_key2
.get(), crypto::Encryptor::CBC
, iv
));
106 EXPECT_TRUE(decryptor2
.Decrypt(ciphertext
, &decrypted
));
108 // This wrong key causes the last padding byte to be 253, which should be
109 // rejected by all implementations.
110 crypto::Encryptor decryptor3
;
111 EXPECT_TRUE(decryptor3
.Init(wrong_key3
.get(), crypto::Encryptor::CBC
, iv
));
112 EXPECT_FALSE(decryptor3
.Decrypt(ciphertext
, &decrypted
));
117 // From NIST SP 800-38a test cast:
118 // - F.5.1 CTR-AES128.Encrypt
119 // - F.5.6 CTR-AES256.Encrypt
120 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
121 const unsigned char kAES128CTRKey
[] = {
122 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
123 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
126 const unsigned char kAES256CTRKey
[] = {
127 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
128 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
129 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
130 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
133 const unsigned char kAESCTRInitCounter
[] = {
134 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
135 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
138 const unsigned char kAESCTRPlaintext
[] = {
140 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
141 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
143 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
144 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
146 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
147 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
149 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
150 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
153 const unsigned char kAES128CTRCiphertext
[] = {
155 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
156 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
158 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff,
159 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
161 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e,
162 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
164 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
165 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
168 const unsigned char kAES256CTRCiphertext
[] = {
170 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
171 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
173 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
174 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
176 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
177 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
179 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
180 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6
183 void TestAESCTREncrypt(
184 const unsigned char* key
, size_t key_size
,
185 const unsigned char* init_counter
, size_t init_counter_size
,
186 const unsigned char* plaintext
, size_t plaintext_size
,
187 const unsigned char* ciphertext
, size_t ciphertext_size
) {
188 std::string
key_str(reinterpret_cast<const char*>(key
), key_size
);
189 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
190 crypto::SymmetricKey::AES
, key_str
));
191 ASSERT_TRUE(sym_key
.get());
193 crypto::Encryptor encryptor
;
194 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CTR
, ""));
196 base::StringPiece
init_counter_str(
197 reinterpret_cast<const char*>(init_counter
), init_counter_size
);
198 base::StringPiece
plaintext_str(
199 reinterpret_cast<const char*>(plaintext
), plaintext_size
);
201 EXPECT_TRUE(encryptor
.SetCounter(init_counter_str
));
202 std::string encrypted
;
203 EXPECT_TRUE(encryptor
.Encrypt(plaintext_str
, &encrypted
));
205 EXPECT_EQ(ciphertext_size
, encrypted
.size());
206 EXPECT_EQ(0, memcmp(encrypted
.data(), ciphertext
, encrypted
.size()));
208 std::string decrypted
;
209 EXPECT_TRUE(encryptor
.SetCounter(init_counter_str
));
210 EXPECT_TRUE(encryptor
.Decrypt(encrypted
, &decrypted
));
212 EXPECT_EQ(plaintext_str
, decrypted
);
215 void TestAESCTRMultipleDecrypt(
216 const unsigned char* key
, size_t key_size
,
217 const unsigned char* init_counter
, size_t init_counter_size
,
218 const unsigned char* plaintext
, size_t plaintext_size
,
219 const unsigned char* ciphertext
, size_t ciphertext_size
) {
220 std::string
key_str(reinterpret_cast<const char*>(key
), key_size
);
221 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
222 crypto::SymmetricKey::AES
, key_str
));
223 ASSERT_TRUE(sym_key
.get());
225 crypto::Encryptor encryptor
;
226 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CTR
, ""));
228 // Counter is set only once.
229 EXPECT_TRUE(encryptor
.SetCounter(base::StringPiece(
230 reinterpret_cast<const char*>(init_counter
), init_counter_size
)));
232 std::string
ciphertext_str(reinterpret_cast<const char*>(ciphertext
),
235 int kTestDecryptSizes
[] = { 32, 16, 8 };
238 for (size_t i
= 0; i
< arraysize(kTestDecryptSizes
); ++i
) {
239 std::string decrypted
;
240 size_t len
= kTestDecryptSizes
[i
];
242 encryptor
.Decrypt(ciphertext_str
.substr(offset
, len
), &decrypted
));
243 EXPECT_EQ(len
, decrypted
.size());
244 EXPECT_EQ(0, memcmp(decrypted
.data(), plaintext
+ offset
, len
));
251 TEST(EncryptorTest
, EncryptAES128CTR
) {
253 kAES128CTRKey
, arraysize(kAES128CTRKey
),
254 kAESCTRInitCounter
, arraysize(kAESCTRInitCounter
),
255 kAESCTRPlaintext
, arraysize(kAESCTRPlaintext
),
256 kAES128CTRCiphertext
, arraysize(kAES128CTRCiphertext
));
259 TEST(EncryptorTest
, EncryptAES256CTR
) {
261 kAES256CTRKey
, arraysize(kAES256CTRKey
),
262 kAESCTRInitCounter
, arraysize(kAESCTRInitCounter
),
263 kAESCTRPlaintext
, arraysize(kAESCTRPlaintext
),
264 kAES256CTRCiphertext
, arraysize(kAES256CTRCiphertext
));
267 TEST(EncryptorTest
, EncryptAES128CTR_MultipleDecrypt
) {
268 TestAESCTRMultipleDecrypt(
269 kAES128CTRKey
, arraysize(kAES128CTRKey
),
270 kAESCTRInitCounter
, arraysize(kAESCTRInitCounter
),
271 kAESCTRPlaintext
, arraysize(kAESCTRPlaintext
),
272 kAES128CTRCiphertext
, arraysize(kAES128CTRCiphertext
));
275 TEST(EncryptorTest
, EncryptAES256CTR_MultipleDecrypt
) {
276 TestAESCTRMultipleDecrypt(
277 kAES256CTRKey
, arraysize(kAES256CTRKey
),
278 kAESCTRInitCounter
, arraysize(kAESCTRInitCounter
),
279 kAESCTRPlaintext
, arraysize(kAESCTRPlaintext
),
280 kAES256CTRCiphertext
, arraysize(kAES256CTRCiphertext
));
283 TEST(EncryptorTest
, EncryptDecryptCTR
) {
284 scoped_ptr
<crypto::SymmetricKey
> key(
285 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES
, 128));
287 EXPECT_TRUE(key
.get());
288 const std::string kInitialCounter
= "0000000000000000";
290 crypto::Encryptor encryptor
;
291 EXPECT_TRUE(encryptor
.Init(key
.get(), crypto::Encryptor::CTR
, ""));
292 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
294 std::string
plaintext("normal plaintext of random length");
295 std::string ciphertext
;
296 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
297 EXPECT_LT(0U, ciphertext
.size());
299 std::string decrypted
;
300 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
301 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
302 EXPECT_EQ(plaintext
, decrypted
);
304 plaintext
= "0123456789012345";
305 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
306 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
307 EXPECT_LT(0U, ciphertext
.size());
309 EXPECT_TRUE(encryptor
.SetCounter(kInitialCounter
));
310 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
311 EXPECT_EQ(plaintext
, decrypted
);
314 TEST(EncryptorTest
, CTRCounter
) {
315 const int kCounterSize
= 16;
316 const unsigned char kTest1
[] =
317 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
318 unsigned char buf
[16];
320 // Increment 10 times.
321 crypto::Encryptor::Counter
counter1(
322 std::string(reinterpret_cast<const char*>(kTest1
), kCounterSize
));
323 for (int i
= 0; i
< 10; ++i
)
324 counter1
.Increment();
326 EXPECT_EQ(0, memcmp(buf
, kTest1
, 15));
327 EXPECT_TRUE(buf
[15] == 10);
329 // Check corner cases.
330 const unsigned char kTest2
[] = {
331 0, 0, 0, 0, 0, 0, 0, 0,
332 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
334 const unsigned char kExpect2
[] =
335 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};
336 crypto::Encryptor::Counter
counter2(
337 std::string(reinterpret_cast<const char*>(kTest2
), kCounterSize
));
338 counter2
.Increment();
340 EXPECT_EQ(0, memcmp(buf
, kExpect2
, kCounterSize
));
342 const unsigned char kTest3
[] = {
343 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
344 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff
346 const unsigned char kExpect3
[] =
347 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
348 crypto::Encryptor::Counter
counter3(
349 std::string(reinterpret_cast<const char*>(kTest3
), kCounterSize
));
350 counter3
.Increment();
352 EXPECT_EQ(0, memcmp(buf
, kExpect3
, kCounterSize
));
355 // TODO(wtc): add more known-answer tests. Test vectors are available from
356 // http://www.ietf.org/rfc/rfc3602
357 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
358 // http://gladman.plushost.co.uk/oldsite/AES/index.php
359 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip
361 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt.
362 TEST(EncryptorTest
, EncryptAES256CBC
) {
363 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt.
364 static const unsigned char kRawKey
[] = {
365 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
366 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
367 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
368 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
370 static const unsigned char kRawIv
[] = {
371 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
372 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
374 static const unsigned char kRawPlaintext
[] = {
376 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
377 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
379 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
380 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
382 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
383 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
385 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
386 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
388 static const unsigned char kRawCiphertext
[] = {
390 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
391 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
393 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
394 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
396 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
397 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
399 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
400 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
401 // PKCS #5 padding, encrypted.
402 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2,
403 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44
406 std::string
key(reinterpret_cast<const char*>(kRawKey
), sizeof(kRawKey
));
407 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
408 crypto::SymmetricKey::AES
, key
));
409 ASSERT_TRUE(sym_key
.get());
411 crypto::Encryptor encryptor
;
412 // The IV must be exactly as long a the cipher block size.
413 std::string
iv(reinterpret_cast<const char*>(kRawIv
), sizeof(kRawIv
));
414 EXPECT_EQ(16U, iv
.size());
415 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
417 std::string
plaintext(reinterpret_cast<const char*>(kRawPlaintext
),
418 sizeof(kRawPlaintext
));
419 std::string ciphertext
;
420 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
422 EXPECT_EQ(sizeof(kRawCiphertext
), ciphertext
.size());
423 EXPECT_EQ(0, memcmp(ciphertext
.data(), kRawCiphertext
, ciphertext
.size()));
425 std::string decrypted
;
426 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
428 EXPECT_EQ(plaintext
, decrypted
);
431 // Expected output derived from the NSS implementation.
432 TEST(EncryptorTest
, EncryptAES128CBCRegression
) {
433 std::string key
= "128=SixteenBytes";
434 std::string iv
= "Sweet Sixteen IV";
435 std::string plaintext
= "Plain text with a g-clef U+1D11E \360\235\204\236";
436 std::string expected_ciphertext_hex
=
437 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A"
438 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8";
440 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
441 crypto::SymmetricKey::AES
, key
));
442 ASSERT_TRUE(sym_key
.get());
444 crypto::Encryptor encryptor
;
445 // The IV must be exactly as long a the cipher block size.
446 EXPECT_EQ(16U, iv
.size());
447 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
449 std::string ciphertext
;
450 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
451 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),
454 std::string decrypted
;
455 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
456 EXPECT_EQ(plaintext
, decrypted
);
459 // Expected output derived from the NSS implementation.
460 TEST(EncryptorTest
, EncryptAES192CBCRegression
) {
461 std::string key
= "192bitsIsTwentyFourByte!";
462 std::string iv
= "Sweet Sixteen IV";
463 std::string plaintext
= "Small text";
464 std::string expected_ciphertext_hex
= "78DE5D7C2714FC5C61346C5416F6C89A";
466 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
467 crypto::SymmetricKey::AES
, key
));
468 ASSERT_TRUE(sym_key
.get());
470 crypto::Encryptor encryptor
;
471 // The IV must be exactly as long a the cipher block size.
472 EXPECT_EQ(16U, iv
.size());
473 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
475 std::string ciphertext
;
476 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
477 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),
480 std::string decrypted
;
481 EXPECT_TRUE(encryptor
.Decrypt(ciphertext
, &decrypted
));
482 EXPECT_EQ(plaintext
, decrypted
);
485 // Not all platforms allow import/generation of symmetric keys with an
487 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX)
488 TEST(EncryptorTest
, UnsupportedKeySize
) {
489 std::string key
= "7 = bad";
490 std::string iv
= "Sweet Sixteen IV";
491 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
492 crypto::SymmetricKey::AES
, key
));
493 ASSERT_TRUE(sym_key
.get());
495 crypto::Encryptor encryptor
;
496 // The IV must be exactly as long a the cipher block size.
497 EXPECT_EQ(16U, iv
.size());
498 EXPECT_FALSE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
500 #endif // unsupported platforms.
502 TEST(EncryptorTest
, UnsupportedIV
) {
503 std::string key
= "128=SixteenBytes";
504 std::string iv
= "OnlyForteen :(";
505 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
506 crypto::SymmetricKey::AES
, key
));
507 ASSERT_TRUE(sym_key
.get());
509 crypto::Encryptor encryptor
;
510 EXPECT_FALSE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
513 TEST(EncryptorTest
, EmptyEncrypt
) {
514 std::string key
= "128=SixteenBytes";
515 std::string iv
= "Sweet Sixteen IV";
516 std::string plaintext
;
517 std::string expected_ciphertext_hex
= "8518B8878D34E7185E300D0FCC426396";
519 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
520 crypto::SymmetricKey::AES
, key
));
521 ASSERT_TRUE(sym_key
.get());
523 crypto::Encryptor encryptor
;
524 // The IV must be exactly as long a the cipher block size.
525 EXPECT_EQ(16U, iv
.size());
526 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
528 std::string ciphertext
;
529 EXPECT_TRUE(encryptor
.Encrypt(plaintext
, &ciphertext
));
530 EXPECT_EQ(expected_ciphertext_hex
, base::HexEncode(ciphertext
.data(),
534 TEST(EncryptorTest
, CipherTextNotMultipleOfBlockSize
) {
535 std::string key
= "128=SixteenBytes";
536 std::string iv
= "Sweet Sixteen IV";
538 scoped_ptr
<crypto::SymmetricKey
> sym_key(crypto::SymmetricKey::Import(
539 crypto::SymmetricKey::AES
, key
));
540 ASSERT_TRUE(sym_key
.get());
542 crypto::Encryptor encryptor
;
543 // The IV must be exactly as long a the cipher block size.
544 EXPECT_EQ(16U, iv
.size());
545 EXPECT_TRUE(encryptor
.Init(sym_key
.get(), crypto::Encryptor::CBC
, iv
));
547 // Use a separately allocated array to improve the odds of the memory tools
548 // catching invalid accesses.
550 // Otherwise when using std::string as the other tests do, accesses several
551 // bytes off the end of the buffer may fall inside the reservation of
552 // the string and not be detected.
553 scoped_ptr
<char[]> ciphertext(new char[1]);
555 std::string plaintext
;
557 encryptor
.Decrypt(base::StringPiece(ciphertext
.get(), 1), &plaintext
));