1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/encryptor.h" 6 7 #include <string> 8 9 #include "base/memory/scoped_ptr.h" 10 #include "base/strings/string_number_conversions.h" 11 #include "crypto/symmetric_key.h" 12 #include "testing/gtest/include/gtest/gtest.h" 13 14 TEST(EncryptorTest, EncryptDecrypt) { 15 scoped_ptr<crypto::SymmetricKey> key( 16 crypto::SymmetricKey::DeriveKeyFromPassword( 17 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256)); 18 EXPECT_TRUE(key.get()); 19 20 crypto::Encryptor encryptor; 21 // The IV must be exactly as long as the cipher block size. 22 std::string iv("the iv: 16 bytes"); 23 EXPECT_EQ(16U, iv.size()); 24 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)); 25 26 std::string plaintext("this is the plaintext"); 27 std::string ciphertext; 28 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 29 30 EXPECT_LT(0U, ciphertext.size()); 31 32 std::string decrypted; 33 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 34 35 EXPECT_EQ(plaintext, decrypted); 36 } 37 38 TEST(EncryptorTest, DecryptWrongKey) { 39 scoped_ptr<crypto::SymmetricKey> key( 40 crypto::SymmetricKey::DeriveKeyFromPassword( 41 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256)); 42 EXPECT_TRUE(key.get()); 43 44 // A wrong key that can be detected by implementations that validate every 45 // byte in the padding. 46 scoped_ptr<crypto::SymmetricKey> wrong_key( 47 crypto::SymmetricKey::DeriveKeyFromPassword( 48 crypto::SymmetricKey::AES, "wrongword", "sweetest", 1000, 256)); 49 EXPECT_TRUE(wrong_key.get()); 50 51 // A wrong key that can't be detected by any implementation. The password 52 // "wrongword;" would also work. 53 scoped_ptr<crypto::SymmetricKey> wrong_key2( 54 crypto::SymmetricKey::DeriveKeyFromPassword( 55 crypto::SymmetricKey::AES, "wrongword+", "sweetest", 1000, 256)); 56 EXPECT_TRUE(wrong_key2.get()); 57 58 // A wrong key that can be detected by all implementations. 59 scoped_ptr<crypto::SymmetricKey> wrong_key3( 60 crypto::SymmetricKey::DeriveKeyFromPassword( 61 crypto::SymmetricKey::AES, "wrongwordx", "sweetest", 1000, 256)); 62 EXPECT_TRUE(wrong_key3.get()); 63 64 crypto::Encryptor encryptor; 65 // The IV must be exactly as long as the cipher block size. 66 std::string iv("the iv: 16 bytes"); 67 EXPECT_EQ(16U, iv.size()); 68 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv)); 69 70 std::string plaintext("this is the plaintext"); 71 std::string ciphertext; 72 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 73 74 static const unsigned char expected_ciphertext[] = { 75 0x7D, 0x67, 0x5B, 0x53, 0xE6, 0xD8, 0x0F, 0x27, 76 0x74, 0xB1, 0x90, 0xFE, 0x6E, 0x58, 0x4A, 0xA0, 77 0x0E, 0x35, 0xE3, 0x01, 0xC0, 0xFE, 0x9A, 0xD8, 78 0x48, 0x1D, 0x42, 0xB0, 0xBA, 0x21, 0xB2, 0x0C 79 }; 80 81 ASSERT_EQ(arraysize(expected_ciphertext), ciphertext.size()); 82 for (size_t i = 0; i < ciphertext.size(); ++i) { 83 ASSERT_EQ(expected_ciphertext[i], 84 static_cast<unsigned char>(ciphertext[i])); 85 } 86 87 std::string decrypted; 88 89 // This wrong key causes the last padding byte to be 5, which is a valid 90 // padding length, and the second to last padding byte to be 137, which is 91 // invalid. If an implementation simply uses the last padding byte to 92 // determine the padding length without checking every padding byte, 93 // Encryptor::Decrypt() will still return true. This is the case for NSS 94 // (crbug.com/124434). 95 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) 96 crypto::Encryptor decryptor; 97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); 98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decrypted)); 99 #endif 100 101 // This demonstrates that not all wrong keys can be detected by padding 102 // error. This wrong key causes the last padding byte to be 1, which is 103 // a valid padding block of length 1. 104 crypto::Encryptor decryptor2; 105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv)); 106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decrypted)); 107 108 // This wrong key causes the last padding byte to be 253, which should be 109 // rejected by all implementations. 110 crypto::Encryptor decryptor3; 111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv)); 112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decrypted)); 113 } 114 115 namespace { 116 117 // From NIST SP 800-38a test cast: 118 // - F.5.1 CTR-AES128.Encrypt 119 // - F.5.6 CTR-AES256.Encrypt 120 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 121 const unsigned char kAES128CTRKey[] = { 122 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6, 123 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c 124 }; 125 126 const unsigned char kAES256CTRKey[] = { 127 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 128 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 129 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 130 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 131 }; 132 133 const unsigned char kAESCTRInitCounter[] = { 134 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7, 135 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff 136 }; 137 138 const unsigned char kAESCTRPlaintext[] = { 139 // Block #1 140 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 141 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 142 // Block #2 143 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 144 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 145 // Block #3 146 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 147 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 148 // Block #4 149 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 150 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10 151 }; 152 153 const unsigned char kAES128CTRCiphertext[] = { 154 // Block #1 155 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26, 156 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce, 157 // Block #2 158 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff, 159 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff, 160 // Block #3 161 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e, 162 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab, 163 // Block #4 164 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1, 165 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee 166 }; 167 168 const unsigned char kAES256CTRCiphertext[] = { 169 // Block #1 170 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5, 171 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28, 172 // Block #2 173 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a, 174 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5, 175 // Block #3 176 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c, 177 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d, 178 // Block #4 179 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6, 180 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6 181 }; 182 183 void TestAESCTREncrypt( 184 const unsigned char* key, size_t key_size, 185 const unsigned char* init_counter, size_t init_counter_size, 186 const unsigned char* plaintext, size_t plaintext_size, 187 const unsigned char* ciphertext, size_t ciphertext_size) { 188 std::string key_str(reinterpret_cast<const char*>(key), key_size); 189 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 190 crypto::SymmetricKey::AES, key_str)); 191 ASSERT_TRUE(sym_key.get()); 192 193 crypto::Encryptor encryptor; 194 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); 195 196 base::StringPiece init_counter_str( 197 reinterpret_cast<const char*>(init_counter), init_counter_size); 198 base::StringPiece plaintext_str( 199 reinterpret_cast<const char*>(plaintext), plaintext_size); 200 201 EXPECT_TRUE(encryptor.SetCounter(init_counter_str)); 202 std::string encrypted; 203 EXPECT_TRUE(encryptor.Encrypt(plaintext_str, &encrypted)); 204 205 EXPECT_EQ(ciphertext_size, encrypted.size()); 206 EXPECT_EQ(0, memcmp(encrypted.data(), ciphertext, encrypted.size())); 207 208 std::string decrypted; 209 EXPECT_TRUE(encryptor.SetCounter(init_counter_str)); 210 EXPECT_TRUE(encryptor.Decrypt(encrypted, &decrypted)); 211 212 EXPECT_EQ(plaintext_str, decrypted); 213 } 214 215 void TestAESCTRMultipleDecrypt( 216 const unsigned char* key, size_t key_size, 217 const unsigned char* init_counter, size_t init_counter_size, 218 const unsigned char* plaintext, size_t plaintext_size, 219 const unsigned char* ciphertext, size_t ciphertext_size) { 220 std::string key_str(reinterpret_cast<const char*>(key), key_size); 221 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 222 crypto::SymmetricKey::AES, key_str)); 223 ASSERT_TRUE(sym_key.get()); 224 225 crypto::Encryptor encryptor; 226 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); 227 228 // Counter is set only once. 229 EXPECT_TRUE(encryptor.SetCounter(base::StringPiece( 230 reinterpret_cast<const char*>(init_counter), init_counter_size))); 231 232 std::string ciphertext_str(reinterpret_cast<const char*>(ciphertext), 233 ciphertext_size); 234 235 int kTestDecryptSizes[] = { 32, 16, 8 }; 236 237 int offset = 0; 238 for (size_t i = 0; i < arraysize(kTestDecryptSizes); ++i) { 239 std::string decrypted; 240 size_t len = kTestDecryptSizes[i]; 241 EXPECT_TRUE( 242 encryptor.Decrypt(ciphertext_str.substr(offset, len), &decrypted)); 243 EXPECT_EQ(len, decrypted.size()); 244 EXPECT_EQ(0, memcmp(decrypted.data(), plaintext + offset, len)); 245 offset += len; 246 } 247 } 248 249 } // namespace 250 251 TEST(EncryptorTest, EncryptAES128CTR) { 252 TestAESCTREncrypt( 253 kAES128CTRKey, arraysize(kAES128CTRKey), 254 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 255 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 256 kAES128CTRCiphertext, arraysize(kAES128CTRCiphertext)); 257 } 258 259 TEST(EncryptorTest, EncryptAES256CTR) { 260 TestAESCTREncrypt( 261 kAES256CTRKey, arraysize(kAES256CTRKey), 262 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 263 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 264 kAES256CTRCiphertext, arraysize(kAES256CTRCiphertext)); 265 } 266 267 TEST(EncryptorTest, EncryptAES128CTR_MultipleDecrypt) { 268 TestAESCTRMultipleDecrypt( 269 kAES128CTRKey, arraysize(kAES128CTRKey), 270 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 271 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 272 kAES128CTRCiphertext, arraysize(kAES128CTRCiphertext)); 273 } 274 275 TEST(EncryptorTest, EncryptAES256CTR_MultipleDecrypt) { 276 TestAESCTRMultipleDecrypt( 277 kAES256CTRKey, arraysize(kAES256CTRKey), 278 kAESCTRInitCounter, arraysize(kAESCTRInitCounter), 279 kAESCTRPlaintext, arraysize(kAESCTRPlaintext), 280 kAES256CTRCiphertext, arraysize(kAES256CTRCiphertext)); 281 } 282 283 TEST(EncryptorTest, EncryptDecryptCTR) { 284 scoped_ptr<crypto::SymmetricKey> key( 285 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 128)); 286 287 EXPECT_TRUE(key.get()); 288 const std::string kInitialCounter = "0000000000000000"; 289 290 crypto::Encryptor encryptor; 291 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CTR, "")); 292 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 293 294 std::string plaintext("normal plaintext of random length"); 295 std::string ciphertext; 296 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 297 EXPECT_LT(0U, ciphertext.size()); 298 299 std::string decrypted; 300 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 301 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 302 EXPECT_EQ(plaintext, decrypted); 303 304 plaintext = "0123456789012345"; 305 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 306 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 307 EXPECT_LT(0U, ciphertext.size()); 308 309 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); 310 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 311 EXPECT_EQ(plaintext, decrypted); 312 } 313 314 TEST(EncryptorTest, CTRCounter) { 315 const int kCounterSize = 16; 316 const unsigned char kTest1[] = 317 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 318 unsigned char buf[16]; 319 320 // Increment 10 times. 321 crypto::Encryptor::Counter counter1( 322 std::string(reinterpret_cast<const char*>(kTest1), kCounterSize)); 323 for (int i = 0; i < 10; ++i) 324 counter1.Increment(); 325 counter1.Write(buf); 326 EXPECT_EQ(0, memcmp(buf, kTest1, 15)); 327 EXPECT_TRUE(buf[15] == 10); 328 329 // Check corner cases. 330 const unsigned char kTest2[] = { 331 0, 0, 0, 0, 0, 0, 0, 0, 332 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 333 }; 334 const unsigned char kExpect2[] = 335 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0}; 336 crypto::Encryptor::Counter counter2( 337 std::string(reinterpret_cast<const char*>(kTest2), kCounterSize)); 338 counter2.Increment(); 339 counter2.Write(buf); 340 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize)); 341 342 const unsigned char kTest3[] = { 343 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 344 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff 345 }; 346 const unsigned char kExpect3[] = 347 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; 348 crypto::Encryptor::Counter counter3( 349 std::string(reinterpret_cast<const char*>(kTest3), kCounterSize)); 350 counter3.Increment(); 351 counter3.Write(buf); 352 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize)); 353 } 354 355 // TODO(wtc): add more known-answer tests. Test vectors are available from 356 // http://www.ietf.org/rfc/rfc3602 357 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf 358 // http://gladman.plushost.co.uk/oldsite/AES/index.php 359 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip 360 361 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt. 362 TEST(EncryptorTest, EncryptAES256CBC) { 363 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt. 364 static const unsigned char kRawKey[] = { 365 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe, 366 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81, 367 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7, 368 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4 369 }; 370 static const unsigned char kRawIv[] = { 371 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07, 372 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f 373 }; 374 static const unsigned char kRawPlaintext[] = { 375 // Block #1 376 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96, 377 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a, 378 // Block #2 379 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c, 380 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51, 381 // Block #3 382 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11, 383 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef, 384 // Block #4 385 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17, 386 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10, 387 }; 388 static const unsigned char kRawCiphertext[] = { 389 // Block #1 390 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba, 391 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6, 392 // Block #2 393 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d, 394 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d, 395 // Block #3 396 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf, 397 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61, 398 // Block #4 399 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc, 400 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b, 401 // PKCS #5 padding, encrypted. 402 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2, 403 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44 404 }; 405 406 std::string key(reinterpret_cast<const char*>(kRawKey), sizeof(kRawKey)); 407 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 408 crypto::SymmetricKey::AES, key)); 409 ASSERT_TRUE(sym_key.get()); 410 411 crypto::Encryptor encryptor; 412 // The IV must be exactly as long a the cipher block size. 413 std::string iv(reinterpret_cast<const char*>(kRawIv), sizeof(kRawIv)); 414 EXPECT_EQ(16U, iv.size()); 415 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 416 417 std::string plaintext(reinterpret_cast<const char*>(kRawPlaintext), 418 sizeof(kRawPlaintext)); 419 std::string ciphertext; 420 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 421 422 EXPECT_EQ(sizeof(kRawCiphertext), ciphertext.size()); 423 EXPECT_EQ(0, memcmp(ciphertext.data(), kRawCiphertext, ciphertext.size())); 424 425 std::string decrypted; 426 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 427 428 EXPECT_EQ(plaintext, decrypted); 429 } 430 431 // Expected output derived from the NSS implementation. 432 TEST(EncryptorTest, EncryptAES128CBCRegression) { 433 std::string key = "128=SixteenBytes"; 434 std::string iv = "Sweet Sixteen IV"; 435 std::string plaintext = "Plain text with a g-clef U+1D11E \360\235\204\236"; 436 std::string expected_ciphertext_hex = 437 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A" 438 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8"; 439 440 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 441 crypto::SymmetricKey::AES, key)); 442 ASSERT_TRUE(sym_key.get()); 443 444 crypto::Encryptor encryptor; 445 // The IV must be exactly as long a the cipher block size. 446 EXPECT_EQ(16U, iv.size()); 447 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 448 449 std::string ciphertext; 450 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 451 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), 452 ciphertext.size())); 453 454 std::string decrypted; 455 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted)); 456 EXPECT_EQ(plaintext, decrypted); 457 } 458 459 // Symmetric keys with an unsupported size should be rejected. Whether they are 460 // rejected by SymmetricKey::Import or Encryptor::Init depends on the platform. 461 TEST(EncryptorTest, UnsupportedKeySize) { 462 std::string key = "7 = bad"; 463 std::string iv = "Sweet Sixteen IV"; 464 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 465 crypto::SymmetricKey::AES, key)); 466 if (!sym_key.get()) 467 return; 468 469 crypto::Encryptor encryptor; 470 // The IV must be exactly as long as the cipher block size. 471 EXPECT_EQ(16U, iv.size()); 472 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 473 } 474 475 TEST(EncryptorTest, UnsupportedIV) { 476 std::string key = "128=SixteenBytes"; 477 std::string iv = "OnlyForteen :("; 478 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 479 crypto::SymmetricKey::AES, key)); 480 ASSERT_TRUE(sym_key.get()); 481 482 crypto::Encryptor encryptor; 483 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 484 } 485 486 TEST(EncryptorTest, EmptyEncrypt) { 487 std::string key = "128=SixteenBytes"; 488 std::string iv = "Sweet Sixteen IV"; 489 std::string plaintext; 490 std::string expected_ciphertext_hex = "8518B8878D34E7185E300D0FCC426396"; 491 492 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 493 crypto::SymmetricKey::AES, key)); 494 ASSERT_TRUE(sym_key.get()); 495 496 crypto::Encryptor encryptor; 497 // The IV must be exactly as long a the cipher block size. 498 EXPECT_EQ(16U, iv.size()); 499 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 500 501 std::string ciphertext; 502 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); 503 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), 504 ciphertext.size())); 505 } 506 507 TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) { 508 std::string key = "128=SixteenBytes"; 509 std::string iv = "Sweet Sixteen IV"; 510 511 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( 512 crypto::SymmetricKey::AES, key)); 513 ASSERT_TRUE(sym_key.get()); 514 515 crypto::Encryptor encryptor; 516 // The IV must be exactly as long a the cipher block size. 517 EXPECT_EQ(16U, iv.size()); 518 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); 519 520 // Use a separately allocated array to improve the odds of the memory tools 521 // catching invalid accesses. 522 // 523 // Otherwise when using std::string as the other tests do, accesses several 524 // bytes off the end of the buffer may fall inside the reservation of 525 // the string and not be detected. 526 scoped_ptr<char[]> ciphertext(new char[1]); 527 528 std::string plaintext; 529 EXPECT_FALSE( 530 encryptor.Decrypt(base::StringPiece(ciphertext.get(), 1), &plaintext)); 531 } 532