1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/encryptor.h" 6 7 #include <string> 8 9 #include "base/memory/scoped_ptr.h" 10 #include "base/strings/string_number_conversions.h" 11 #include "crypto/symmetric_key.h" 12 #include "testing/gtest/include/gtest/gtest.h" 13 14 TEST(EncryptorTest, EncryptDecrypt) { 15 scoped_ptr<crypto::SymmetricKey> key( 16 crypto::SymmetricKey::DeriveKeyFromPassword( 17 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256)); 18 EXPECT_TRUE(key.get()); 19 20 crypto::Encryptor encryptor; 21 // The IV must be exactly as long as the cipher block size. 22 std::string iv("the iv: 16 bytes"); 23 EXPECT_EQ(16U, iv.size()); 24 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)); 25 26 std::string plaintext("this is the plaintext"); 27 std::string ciphertext; 28 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 29 30 EXPECT_LT(0U, ciphertext.size()); 31 32 std::string decrypted; 33 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 34 35 EXPECT_EQ(plaintext, decrypted); 36 } 37 38 TEST(EncryptorTest, DecryptWrongKey) { 39 scoped_ptr<crypto::SymmetricKey> key( 40 crypto::SymmetricKey::DeriveKeyFromPassword( 41 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256)); 42 EXPECT_TRUE(key.get()); 43 44 // A wrong key that can be detected by implementations that validate every 45 // byte in the padding. 46 scoped_ptr<crypto::SymmetricKey> wrong_key( 47 crypto::SymmetricKey::DeriveKeyFromPassword( 48 crypto::SymmetricKey::AES, "wrongword", "sweetest", 1000, 256)); 49 EXPECT_TRUE(wrong_key.get()); 50 51 // A wrong key that can't be detected by any implementation. The password 52 // "wrongword;" would also work. 53 scoped_ptr<crypto::SymmetricKey> wrong_key2( 54 crypto::SymmetricKey::DeriveKeyFromPassword( 55 crypto::SymmetricKey::AES, "wrongword+", "sweetest", 1000, 256)); 56 EXPECT_TRUE(wrong_key2.get()); 57 58 // A wrong key that can be detected by all implementations. 59 scoped_ptr<crypto::SymmetricKey> wrong_key3( 60 crypto::SymmetricKey::DeriveKeyFromPassword( 61 crypto::SymmetricKey::AES, "wrongwordx", "sweetest", 1000, 256)); 62 EXPECT_TRUE(wrong_key3.get()); 63 64 crypto::Encryptor encryptor; 65 // The IV must be exactly as long as the cipher block size. 66 std::string iv("the iv: 16 bytes"); 67 EXPECT_EQ(16U, iv.size()); 68 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)); 69 70 std::string plaintext("this is the plaintext"); 71 std::string ciphertext; 72 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 73 74 static const unsigned char expected_ciphertext[] = { 75 0x7D, 0x67, 0x5B, 0x53, 0xE6, 0xD8, 0x0F, 0x27, 76 0x74, 0xB1, 0x90, 0xFE, 0x6E, 0x58, 0x4A, 0xA0, 77 0x0E, 0x35, 0xE3, 0x01, 0xC0, 0xFE, 0x9A, 0xD8, 78 0x48, 0x1D, 0x42, 0xB0, 0xBA, 0x21, 0xB2, 0x0C 79 }; 80 81 ASSERT_EQ(arraysize(expected_ciphertext), ciphertext.size()); 82 for (size_t i = 0; i < ciphertext.size(); ++i) { 83 ASSERT_EQ(expected_ciphertext[i], 84 static_cast<unsigned char>(ciphertext[i])); 85 } 86 87 std::string decrypted; 88 89 // This wrong key causes the last padding byte to be 5, which is a valid 90 // padding length, and the second to last padding byte to be 137, which is 91 // invalid. If an implementation simply uses the last padding byte to 92 // determine the padding length without checking every padding byte, 93 // Encryptor::Decrypt() will still return true. This is the case for NSS 94 // (crbug.com/124434). 95 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) 96 crypto::Encryptor decryptor; 97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); 98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decrypted)); 99 #endif 100 101 // This demonstrates that not all wrong keys can be detected by padding 102 // error. This wrong key causes the last padding byte to be 1, which is 103 // a valid padding block of length 1. 104 crypto::Encryptor decryptor2; 105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv)); 106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decrypted)); 107 108 // This wrong key causes the last padding byte to be 253, which should be 109 // rejected by all implementations. 110 crypto::Encryptor decryptor3; 111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv)); 112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decrypted)); 113 } 114 115 namespace { 116 117 // From NIST SP 800-38a test cast: 118 // - F.5.1 CTR-AES128.Encrypt 119 // - F.5.6 CTR-AES256.Encrypt 120 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 121 const unsigned char kAES128CTRKey[] = { 122 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 123 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 124 }; 125 126 const unsigned char kAES256CTRKey[] = { 127 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 128 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 129 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 130 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 131 }; 132 133 const unsigned char kAESCTRInitCounter[] = { 134 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 135 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 136 }; 137 138 const unsigned char kAESCTRPlaintext[] = { 139 // Block #1 140 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 141 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 142 // Block #2 143 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 144 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 145 // Block #3 146 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 147 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 148 // Block #4 149 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 150 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 151 }; 152 153 const unsigned char kAES128CTRCiphertext[] = { 154 // Block #1 155 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 156 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 157 // Block #2 158 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 159 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 160 // Block #3 161 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 162 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 163 // Block #4 164 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 165 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee 166 }; 167 168 const unsigned char kAES256CTRCiphertext[] = { 169 // Block #1 170 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 171 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, 172 // Block #2 173 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 174 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5, 175 // Block #3 176 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, 177 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d, 178 // Block #4 179 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, 180 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6 181 }; 182 183 void TestAESCTREncrypt( 184 const unsigned char* key, size_t key_size, 185 const unsigned char* init_counter, size_t init_counter_size, 186 const unsigned char* plaintext, size_t plaintext_size, 187 const unsigned char* ciphertext, size_t ciphertext_size) { 188 std::string key_str(reinterpret_cast<const char*>(key), key_size); 189 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 190 crypto::SymmetricKey::AES, key_str)); 191 ASSERT_TRUE(sym_key.get()); 192 193 crypto::Encryptor encryptor; 194 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); 195 196 base::StringPiece init_counter_str( 197 reinterpret_cast<const char*>(init_counter), init_counter_size); 198 base::StringPiece plaintext_str( 199 reinterpret_cast<const char*>(plaintext), plaintext_size); 200 201 EXPECT_TRUE(encryptor.SetCounter(init_counter_str)); 202 std::string encrypted; 203 EXPECT_TRUE(encryptor.Encrypt(plaintext_str, &encrypted)); 204 205 EXPECT_EQ(ciphertext_size, encrypted.size()); 206 EXPECT_EQ(0, memcmp(encrypted.data(), ciphertext, encrypted.size())); 207 208 std::string decrypted; 209 EXPECT_TRUE(encryptor.SetCounter(init_counter_str)); 210 EXPECT_TRUE(encryptor.Decrypt(encrypted, &decrypted)); 211 212 EXPECT_EQ(plaintext_str, decrypted); 213 } 214 215 void TestAESCTRMultipleDecrypt( 216 const unsigned char* key, size_t key_size, 217 const unsigned char* init_counter, size_t init_counter_size, 218 const unsigned char* plaintext, size_t plaintext_size, 219 const unsigned char* ciphertext, size_t ciphertext_size) { 220 std::string key_str(reinterpret_cast<const char*>(key), key_size); 221 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 222 crypto::SymmetricKey::AES, key_str)); 223 ASSERT_TRUE(sym_key.get()); 224 225 crypto::Encryptor encryptor; 226 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); 227 228 // Counter is set only once. 229 EXPECT_TRUE(encryptor.SetCounter(base::StringPiece( 230 reinterpret_cast<const char*>(init_counter), init_counter_size))); 231 232 std::string ciphertext_str(reinterpret_cast<const char*>(ciphertext), 233 ciphertext_size); 234 235 int kTestDecryptSizes[] = { 32, 16, 8 }; 236 237 int offset = 0; 238 for (size_t i = 0; i < arraysize(kTestDecryptSizes); ++i) { 239 std::string decrypted; 240 size_t len = kTestDecryptSizes[i]; 241 EXPECT_TRUE( 242 encryptor.Decrypt(ciphertext_str.substr(offset, len), &decrypted)); 243 EXPECT_EQ(len, decrypted.size()); 244 EXPECT_EQ(0, memcmp(decrypted.data(), plaintext + offset, len)); 245 offset += len; 246 } 247 } 248 249 } // namespace 250 251 TEST(EncryptorTest, EncryptAES128CTR) { 252 TestAESCTREncrypt( 253 kAES128CTRKey, arraysize(kAES128CTRKey), 254 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 255 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 256 kAES128CTRCiphertext, arraysize(kAES128CTRCiphertext)); 257 } 258 259 TEST(EncryptorTest, EncryptAES256CTR) { 260 TestAESCTREncrypt( 261 kAES256CTRKey, arraysize(kAES256CTRKey), 262 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 263 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 264 kAES256CTRCiphertext, arraysize(kAES256CTRCiphertext)); 265 } 266 267 TEST(EncryptorTest, EncryptAES128CTR_MultipleDecrypt) { 268 TestAESCTRMultipleDecrypt( 269 kAES128CTRKey, arraysize(kAES128CTRKey), 270 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 271 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 272 kAES128CTRCiphertext, arraysize(kAES128CTRCiphertext)); 273 } 274 275 TEST(EncryptorTest, EncryptAES256CTR_MultipleDecrypt) { 276 TestAESCTRMultipleDecrypt( 277 kAES256CTRKey, arraysize(kAES256CTRKey), 278 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 279 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 280 kAES256CTRCiphertext, arraysize(kAES256CTRCiphertext)); 281 } 282 283 TEST(EncryptorTest, EncryptDecryptCTR) { 284 scoped_ptr<crypto::SymmetricKey> key( 285 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 128)); 286 287 EXPECT_TRUE(key.get()); 288 const std::string kInitialCounter = "0000000000000000"; 289 290 crypto::Encryptor encryptor; 291 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CTR, "")); 292 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 293 294 std::string plaintext("normal plaintext of random length"); 295 std::string ciphertext; 296 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 297 EXPECT_LT(0U, ciphertext.size()); 298 299 std::string decrypted; 300 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 301 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 302 EXPECT_EQ(plaintext, decrypted); 303 304 plaintext = "0123456789012345"; 305 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 306 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 307 EXPECT_LT(0U, ciphertext.size()); 308 309 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 310 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 311 EXPECT_EQ(plaintext, decrypted); 312 } 313 314 TEST(EncryptorTest, CTRCounter) { 315 const int kCounterSize = 16; 316 const unsigned char kTest1[] = 317 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 318 unsigned char buf[16]; 319 320 // Increment 10 times. 321 crypto::Encryptor::Counter counter1( 322 std::string(reinterpret_cast<const char*>(kTest1), kCounterSize)); 323 for (int i = 0; i < 10; ++i) 324 counter1.Increment(); 325 counter1.Write(buf); 326 EXPECT_EQ(0, memcmp(buf, kTest1, 15)); 327 EXPECT_TRUE(buf[15] == 10); 328 329 // Check corner cases. 330 const unsigned char kTest2[] = { 331 0, 0, 0, 0, 0, 0, 0, 0, 332 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 333 }; 334 const unsigned char kExpect2[] = 335 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0}; 336 crypto::Encryptor::Counter counter2( 337 std::string(reinterpret_cast<const char*>(kTest2), kCounterSize)); 338 counter2.Increment(); 339 counter2.Write(buf); 340 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize)); 341 342 const unsigned char kTest3[] = { 343 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 344 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 345 }; 346 const unsigned char kExpect3[] = 347 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 348 crypto::Encryptor::Counter counter3( 349 std::string(reinterpret_cast<const char*>(kTest3), kCounterSize)); 350 counter3.Increment(); 351 counter3.Write(buf); 352 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize)); 353 } 354 355 // TODO(wtc): add more known-answer tests. Test vectors are available from 356 // http://www.ietf.org/rfc/rfc3602 357 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 358 // http://gladman.plushost.co.uk/oldsite/AES/index.php 359 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip 360 361 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt. 362 TEST(EncryptorTest, EncryptAES256CBC) { 363 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt. 364 static const unsigned char kRawKey[] = { 365 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 366 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 367 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 368 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 369 }; 370 static const unsigned char kRawIv[] = { 371 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 372 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 373 }; 374 static const unsigned char kRawPlaintext[] = { 375 // Block #1 376 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 377 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 378 // Block #2 379 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 380 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 381 // Block #3 382 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 383 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 384 // Block #4 385 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 386 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, 387 }; 388 static const unsigned char kRawCiphertext[] = { 389 // Block #1 390 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, 391 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, 392 // Block #2 393 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, 394 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d, 395 // Block #3 396 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf, 397 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61, 398 // Block #4 399 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc, 400 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b, 401 // PKCS #5 padding, encrypted. 402 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2, 403 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44 404 }; 405 406 std::string key(reinterpret_cast<const char*>(kRawKey), sizeof(kRawKey)); 407 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 408 crypto::SymmetricKey::AES, key)); 409 ASSERT_TRUE(sym_key.get()); 410 411 crypto::Encryptor encryptor; 412 // The IV must be exactly as long a the cipher block size. 413 std::string iv(reinterpret_cast<const char*>(kRawIv), sizeof(kRawIv)); 414 EXPECT_EQ(16U, iv.size()); 415 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 416 417 std::string plaintext(reinterpret_cast<const char*>(kRawPlaintext), 418 sizeof(kRawPlaintext)); 419 std::string ciphertext; 420 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 421 422 EXPECT_EQ(sizeof(kRawCiphertext), ciphertext.size()); 423 EXPECT_EQ(0, memcmp(ciphertext.data(), kRawCiphertext, ciphertext.size())); 424 425 std::string decrypted; 426 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 427 428 EXPECT_EQ(plaintext, decrypted); 429 } 430 431 // Expected output derived from the NSS implementation. 432 TEST(EncryptorTest, EncryptAES128CBCRegression) { 433 std::string key = "128=SixteenBytes"; 434 std::string iv = "Sweet Sixteen IV"; 435 std::string plaintext = "Plain text with a g-clef U+1D11E \360\235\204\236"; 436 std::string expected_ciphertext_hex = 437 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A" 438 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8"; 439 440 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 441 crypto::SymmetricKey::AES, key)); 442 ASSERT_TRUE(sym_key.get()); 443 444 crypto::Encryptor encryptor; 445 // The IV must be exactly as long a the cipher block size. 446 EXPECT_EQ(16U, iv.size()); 447 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 448 449 std::string ciphertext; 450 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 451 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), 452 ciphertext.size())); 453 454 std::string decrypted; 455 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 456 EXPECT_EQ(plaintext, decrypted); 457 } 458 459 // Expected output derived from the NSS implementation. 460 TEST(EncryptorTest, EncryptAES192CBCRegression) { 461 std::string key = "192bitsIsTwentyFourByte!"; 462 std::string iv = "Sweet Sixteen IV"; 463 std::string plaintext = "Small text"; 464 std::string expected_ciphertext_hex = "78DE5D7C2714FC5C61346C5416F6C89A"; 465 466 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 467 crypto::SymmetricKey::AES, key)); 468 ASSERT_TRUE(sym_key.get()); 469 470 crypto::Encryptor encryptor; 471 // The IV must be exactly as long a the cipher block size. 472 EXPECT_EQ(16U, iv.size()); 473 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 474 475 std::string ciphertext; 476 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 477 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), 478 ciphertext.size())); 479 480 std::string decrypted; 481 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 482 EXPECT_EQ(plaintext, decrypted); 483 } 484 485 // Not all platforms allow import/generation of symmetric keys with an 486 // unsupported size. 487 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) 488 TEST(EncryptorTest, UnsupportedKeySize) { 489 std::string key = "7 = bad"; 490 std::string iv = "Sweet Sixteen IV"; 491 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 492 crypto::SymmetricKey::AES, key)); 493 ASSERT_TRUE(sym_key.get()); 494 495 crypto::Encryptor encryptor; 496 // The IV must be exactly as long a the cipher block size. 497 EXPECT_EQ(16U, iv.size()); 498 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 499 } 500 #endif // unsupported platforms. 501 502 TEST(EncryptorTest, UnsupportedIV) { 503 std::string key = "128=SixteenBytes"; 504 std::string iv = "OnlyForteen :("; 505 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 506 crypto::SymmetricKey::AES, key)); 507 ASSERT_TRUE(sym_key.get()); 508 509 crypto::Encryptor encryptor; 510 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 511 } 512 513 TEST(EncryptorTest, EmptyEncrypt) { 514 std::string key = "128=SixteenBytes"; 515 std::string iv = "Sweet Sixteen IV"; 516 std::string plaintext; 517 std::string expected_ciphertext_hex = "8518B8878D34E7185E300D0FCC426396"; 518 519 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 520 crypto::SymmetricKey::AES, key)); 521 ASSERT_TRUE(sym_key.get()); 522 523 crypto::Encryptor encryptor; 524 // The IV must be exactly as long a the cipher block size. 525 EXPECT_EQ(16U, iv.size()); 526 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 527 528 std::string ciphertext; 529 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 530 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), 531 ciphertext.size())); 532 } 533 534 TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) { 535 std::string key = "128=SixteenBytes"; 536 std::string iv = "Sweet Sixteen IV"; 537 538 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 539 crypto::SymmetricKey::AES, key)); 540 ASSERT_TRUE(sym_key.get()); 541 542 crypto::Encryptor encryptor; 543 // The IV must be exactly as long a the cipher block size. 544 EXPECT_EQ(16U, iv.size()); 545 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 546 547 // Use a separately allocated array to improve the odds of the memory tools 548 // catching invalid accesses. 549 // 550 // Otherwise when using std::string as the other tests do, accesses several 551 // bytes off the end of the buffer may fall inside the reservation of 552 // the string and not be detected. 553 scoped_ptr<char[]> ciphertext(new char[1]); 554 555 std::string plaintext; 556 EXPECT_FALSE( 557 encryptor.Decrypt(base::StringPiece(ciphertext.get(), 1), &plaintext)); 558 } 559
