search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updating trunk VERSION from 874.0 to 875.0
[chromium-blink-merge.git] / crypto / encryptor_unittest.cc
blob2d710bcac46e61a0a6212b4955099ea66b63394c
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/encryptor.h"
6
7 #include <string>
8
9 #include "base/memory/scoped_ptr.h"
10 #include "base/string_number_conversions.h"
11 #include "crypto/symmetric_key.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13
14 TEST(EncryptorTest, EncryptDecrypt) {
15 scoped_ptr<crypto::SymmetricKey> key(
16 crypto::SymmetricKey::DeriveKeyFromPassword(
17 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256));
18 EXPECT_TRUE(NULL != key.get());
19
20 crypto::Encryptor encryptor;
21 // The IV must be exactly as long as the cipher block size.
22 std::string iv("the iv: 16 bytes");
23 EXPECT_EQ(16U, iv.size());
24 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv));
25
26 std::string plaintext("this is the plaintext");
27 std::string ciphertext;
28 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
29
30 EXPECT_LT(0U, ciphertext.size());
31
32 std::string decypted;
33 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
34
35 EXPECT_EQ(plaintext, decypted);
36 }
37
38 // CTR mode encryption is only implemented using NSS.
39 #if defined(USE_NSS)
40
41 TEST(EncryptorTest, EncryptDecryptCTR) {
42 scoped_ptr<crypto::SymmetricKey> key(
43 crypto::SymmetricKey::GenerateRandomKey(
44 crypto::SymmetricKey::AES, 128));
45
46 EXPECT_TRUE(NULL != key.get());
47 const std::string kInitialCounter = "0000000000000000";
48
49 crypto::Encryptor encryptor;
50 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CTR, ""));
51 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
52
53 std::string plaintext("normal plaintext of random length");
54 std::string ciphertext;
55 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
56 EXPECT_LT(0U, ciphertext.size());
57
58 std::string decypted;
59 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
60 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
61 EXPECT_EQ(plaintext, decypted);
62
63 plaintext = "0123456789012345";
64 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
65 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
66 EXPECT_LT(0U, ciphertext.size());
67
68 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
69 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
70 EXPECT_EQ(plaintext, decypted);
71 }
72
73 TEST(EncryptorTest, CTRCounter) {
74 const int kCounterSize = 16;
75 const char kTest1[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
76 uint8 buf[16];
77
78 // Increment 10 times.
79 crypto::Encryptor::Counter counter1(std::string(kTest1, kCounterSize));
80 for (int i = 0; i < 10; ++i)
81 counter1.Increment();
82 counter1.Write(buf);
83 EXPECT_EQ(0, memcmp(buf, kTest1, 15));
84 EXPECT_TRUE(buf[15] == 10);
85
86 // Check corner cases.
87 const char kTest2[] = {0, 0, 0, 0, 0, 0, 0, 0,
88 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
89 const char kExpect2[] = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};
90 crypto::Encryptor::Counter counter2(std::string(kTest2, kCounterSize));
91 counter2.Increment();
92 counter2.Write(buf);
93 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize));
94
95 const char kTest3[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
96 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};
97 const char kExpect3[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};
98 crypto::Encryptor::Counter counter3(std::string(kTest3, kCounterSize));
99 counter3.Increment();
100 counter3.Write(buf);
101 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize));
102 }
103
104 #endif
105
106 // TODO(wtc): add more known-answer tests. Test vectors are available from
107 // http://www.ietf.org/rfc/rfc3602
108 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
109 // http://gladman.plushost.co.uk/oldsite/AES/index.php
110 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip
111
112 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt.
113 TEST(EncryptorTest, EncryptAES256CBC) {
114 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt.
115 static const unsigned char raw_key[] = {
116 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
117 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
118 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
119 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
120 };
121 static const unsigned char raw_iv[] = {
122 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
123 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
124 };
125 static const unsigned char raw_plaintext[] = {
126 // Block #1
127 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
128 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
129 // Block #2
130 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
131 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
132 // Block #3
133 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
134 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
135 // Block #4
136 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
137 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
138 };
139 static const unsigned char raw_ciphertext[] = {
140 // Block #1
141 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
142 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
143 // Block #2
144 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
145 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
146 // Block #3
147 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
148 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
149 // Block #4
150 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
151 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
152 // PKCS #5 padding, encrypted.
153 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2,
154 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44
155 };
156
157 std::string key(reinterpret_cast<const char*>(raw_key), sizeof(raw_key));
158 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
159 crypto::SymmetricKey::AES, key));
160 ASSERT_TRUE(NULL != sym_key.get());
161
162 crypto::Encryptor encryptor;
163 // The IV must be exactly as long a the cipher block size.
164 std::string iv(reinterpret_cast<const char*>(raw_iv), sizeof(raw_iv));
165 EXPECT_EQ(16U, iv.size());
166 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
167
168 std::string plaintext(reinterpret_cast<const char*>(raw_plaintext),
169 sizeof(raw_plaintext));
170 std::string ciphertext;
171 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
172
173 EXPECT_EQ(sizeof(raw_ciphertext), ciphertext.size());
174 EXPECT_EQ(0, memcmp(ciphertext.data(), raw_ciphertext, ciphertext.size()));
175
176 std::string decypted;
177 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
178
179 EXPECT_EQ(plaintext, decypted);
180 }
181
182 // Expected output derived from the NSS implementation.
183 TEST(EncryptorTest, EncryptAES128CBCRegression) {
184 std::string key = "128=SixteenBytes";
185 std::string iv = "Sweet Sixteen IV";
186 std::string plaintext = "Plain text with a g-clef U+1D11E \360\235\204\236";
187 std::string expected_ciphertext_hex =
188 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A"
189 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8";
190
191 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
192 crypto::SymmetricKey::AES, key));
193 ASSERT_TRUE(NULL != sym_key.get());
194
195 crypto::Encryptor encryptor;
196 // The IV must be exactly as long a the cipher block size.
197 EXPECT_EQ(16U, iv.size());
198 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
199
200 std::string ciphertext;
201 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
202 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
203 ciphertext.size()));
204
205 std::string decypted;
206 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
207 EXPECT_EQ(plaintext, decypted);
208 }
209
210 // Expected output derived from the NSS implementation.
211 TEST(EncryptorTest, EncryptAES192CBCRegression) {
212 std::string key = "192bitsIsTwentyFourByte!";
213 std::string iv = "Sweet Sixteen IV";
214 std::string plaintext = "Small text";
215 std::string expected_ciphertext_hex = "78DE5D7C2714FC5C61346C5416F6C89A";
216
217 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
218 crypto::SymmetricKey::AES, key));
219 ASSERT_TRUE(NULL != sym_key.get());
220
221 crypto::Encryptor encryptor;
222 // The IV must be exactly as long a the cipher block size.
223 EXPECT_EQ(16U, iv.size());
224 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
225
226 std::string ciphertext;
227 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
228 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
229 ciphertext.size()));
230
231 std::string decypted;
232 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
233 EXPECT_EQ(plaintext, decypted);
234 }
235
236 // Not all platforms allow import/generation of symmetric keys with an
237 // unsupported size.
238 #if !defined(OS_WIN) && !defined(USE_NSS)
239 TEST(EncryptorTest, UnsupportedKeySize) {
240 std::string key = "7 = bad";
241 std::string iv = "Sweet Sixteen IV";
242 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
243 crypto::SymmetricKey::AES, key));
244 ASSERT_TRUE(NULL != sym_key.get());
245
246 crypto::Encryptor encryptor;
247 // The IV must be exactly as long a the cipher block size.
248 EXPECT_EQ(16U, iv.size());
249 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
250 }
251 #endif // unsupported platforms.
252
253 TEST(EncryptorTest, UnsupportedIV) {
254 std::string key = "128=SixteenBytes";
255 std::string iv = "OnlyForteen :(";
256 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
257 crypto::SymmetricKey::AES, key));
258 ASSERT_TRUE(NULL != sym_key.get());
259
260 crypto::Encryptor encryptor;
261 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
262 }
263
264 TEST(EncryptorTest, EmptyEncrypt) {
265 std::string key = "128=SixteenBytes";
266 std::string iv = "Sweet Sixteen IV";
267 std::string plaintext;
268 std::string expected_ciphertext_hex = "8518B8878D34E7185E300D0FCC426396";
269
270 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
271 crypto::SymmetricKey::AES, key));
272 ASSERT_TRUE(NULL != sym_key.get());
273
274 crypto::Encryptor encryptor;
275 // The IV must be exactly as long a the cipher block size.
276 EXPECT_EQ(16U, iv.size());
277 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
278
279 std::string ciphertext;
280 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
281 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
282 ciphertext.size()));
283 }
284
285 TEST(EncryptorTest, EmptyDecrypt) {
286 std::string key = "128=SixteenBytes";
287 std::string iv = "Sweet Sixteen IV";
288
289 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(
290 crypto::SymmetricKey::AES, key));
291 ASSERT_TRUE(NULL != sym_key.get());
292
293 crypto::Encryptor encryptor;
294 // The IV must be exactly as long a the cipher block size.
295 EXPECT_EQ(16U, iv.size());
296 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
297
298 std::string decrypted;
299 EXPECT_FALSE(encryptor.Decrypt("", &decrypted));
300 EXPECT_EQ("", decrypted);
301 }