crypto/encryptor_unittest.cc - Issue 10543146: Use NSS for symmetric key crypto operations on Windows and Mac.

Side by Side Diff: crypto/encryptor_unittest.cc

Issue 10543146: Use NSS for symmetric key crypto operations on Windows and Mac. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: review feedback Created 8 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "crypto/encryptor.h"	5 #include "crypto/encryptor.h"

6	6

7 #include <string>	7 #include <string>

8	8

9 #include "base/memory/scoped_ptr.h"	9 #include "base/memory/scoped_ptr.h"

10 #include "base/string_number_conversions.h"	10 #include "base/string_number_conversions.h"

(...skipping 73 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
84 static_cast<unsigned char>(ciphertext[i]));	84 static_cast<unsigned char>(ciphertext[i]));

85 }	85 }

86	86

87 std::string decypted;	87 std::string decypted;

88	88

89 // This wrong key causes the last padding byte to be 5, which is a valid	89 // This wrong key causes the last padding byte to be 5, which is a valid

90 // padding length, and the second to last padding byte to be 137, which is	90 // padding length, and the second to last padding byte to be 137, which is

91 // invalid. If an implementation simply uses the last padding byte to	91 // invalid. If an implementation simply uses the last padding byte to

92 // determine the padding length without checking every padding byte,	92 // determine the padding length without checking every padding byte,

93 // Encryptor::Decrypt() will still return true. This is the case for NSS	93 // Encryptor::Decrypt() will still return true. This is the case for NSS

94 // (crbug.com/124434) and Mac OS X 10.7 (crbug.com/127586).	94 // (crbug.com/124434) and Mac OS X 10.7 (crbug.com/127586).
	wtc 2012/06/14 21:28:48 Delete " and Mac OS X 10.7 (crbug.com/127586)" fro Delete " and Mac OS X 10.7 (crbug.com/127586)" from this comment. ddorwin 2012/06/14 22:01:55 Done. Show quoted text On 2012/06/14 21:28:48, wtc wrote: > > Delete " and Mac OS X 10.7 (crbug.com/127586)" from this > comment. Done.
95 #if !defined(USE_NSS)	95 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX)

96 crypto::Encryptor decryptor;	96 crypto::Encryptor decryptor;

97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv));	97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv));

98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decypted));	98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decypted));

99 #endif	99 #endif

100	100

101 // This demonstrates that not all wrong keys can be detected by padding	101 // This demonstrates that not all wrong keys can be detected by padding

102 // error. This wrong key causes the last padding byte to be 1, which is	102 // error. This wrong key causes the last padding byte to be 1, which is

103 // a valid padding block of length 1.	103 // a valid padding block of length 1.

104 crypto::Encryptor decryptor2;	104 crypto::Encryptor decryptor2;

105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv));	105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv));

106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decypted));	106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decypted));

107	107

108 // This wrong key causes the last padding byte to be 253, which should be	108 // This wrong key causes the last padding byte to be 253, which should be

109 // rejected by all implementations.	109 // rejected by all implementations.

110 crypto::Encryptor decryptor3;	110 crypto::Encryptor decryptor3;

111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv));	111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv));

112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decypted));	112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decypted));

113 }	113 }

114	114

115 // CTR mode encryption is only implemented using NSS.	115 // CTR mode encryption is only implemented using NSS.

116 #if defined(USE_NSS)	116 #if defined(USE_NSS) \|\| defined(OS_WIN) \|\| defined(OS_MACOSX)

117	117

118 TEST(EncryptorTest, EncryptDecryptCTR) {	118 TEST(EncryptorTest, EncryptDecryptCTR) {

119 scoped_ptr<crypto::SymmetricKey> key(	119 scoped_ptr<crypto::SymmetricKey> key(

120 crypto::SymmetricKey::GenerateRandomKey(	120 crypto::SymmetricKey::GenerateRandomKey(

121 crypto::SymmetricKey::AES, 128));	121 crypto::SymmetricKey::AES, 128));

122	122

123 EXPECT_TRUE(NULL != key.get());	123 EXPECT_TRUE(NULL != key.get());

124 const std::string kInitialCounter = "0000000000000000";	124 const std::string kInitialCounter = "0000000000000000";

125	125

126 crypto::Encryptor encryptor;	126 crypto::Encryptor encryptor;

(...skipping 15 matching lines...) Expand all Loading...
142 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));	142 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));

143 EXPECT_LT(0U, ciphertext.size());	143 EXPECT_LT(0U, ciphertext.size());

144	144

145 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));	145 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));

146 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));	146 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));

147 EXPECT_EQ(plaintext, decypted);	147 EXPECT_EQ(plaintext, decypted);

148 }	148 }

149	149

150 TEST(EncryptorTest, CTRCounter) {	150 TEST(EncryptorTest, CTRCounter) {

151 const int kCounterSize = 16;	151 const int kCounterSize = 16;

152 const char kTest1[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};	152 const unsigned char kTest1[] =

153 uint8 buf[16];	153 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

	154 unsigned char buf[16];

154	155

155 // Increment 10 times.	156 // Increment 10 times.

156 crypto::Encryptor::Counter counter1(std::string(kTest1, kCounterSize));	157 crypto::Encryptor::Counter counter1(

	158 std::string(reinterpret_cast<const char*>(kTest1), kCounterSize));

157 for (int i = 0; i < 10; ++i)	159 for (int i = 0; i < 10; ++i)

158 counter1.Increment();	160 counter1.Increment();

159 counter1.Write(buf);	161 counter1.Write(buf);

160 EXPECT_EQ(0, memcmp(buf, kTest1, 15));	162 EXPECT_EQ(0, memcmp(buf, kTest1, 15));

161 EXPECT_TRUE(buf[15] == 10);	163 EXPECT_TRUE(buf[15] == 10);

162	164

163 // Check corner cases.	165 // Check corner cases.

164 const char kTest2[] = {0, 0, 0, 0, 0, 0, 0, 0,	166 const unsigned char kTest2[] = {

165 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};	167 0, 0, 0, 0, 0, 0, 0, 0,

166 const char kExpect2[] = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};	168 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff

167 crypto::Encryptor::Counter counter2(std::string(kTest2, kCounterSize));	169 };

	170 const unsigned char kExpect2[] =

	171 {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0};

	172 crypto::Encryptor::Counter counter2(

	173 std::string(reinterpret_cast<const char*>(kTest2), kCounterSize));

168 counter2.Increment();	174 counter2.Increment();

169 counter2.Write(buf);	175 counter2.Write(buf);

170 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize));	176 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize));

171	177

172 const char kTest3[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,	178 const unsigned char kTest3[] = {

173 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff};	179 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,

174 const char kExpect3[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};	180 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff

175 crypto::Encryptor::Counter counter3(std::string(kTest3, kCounterSize));	181 };

	182 const unsigned char kExpect3[] =

	183 {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0};

	184 crypto::Encryptor::Counter counter3(

	185 std::string(reinterpret_cast<const char*>(kTest3), kCounterSize));

176 counter3.Increment();	186 counter3.Increment();

177 counter3.Write(buf);	187 counter3.Write(buf);

178 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize));	188 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize));

179 }	189 }

180	190

181 #endif	191 #endif

182	192

183 // TODO(wtc): add more known-answer tests. Test vectors are available from	193 // TODO(wtc): add more known-answer tests. Test vectors are available from

184 // http://www.ietf.org/rfc/rfc3602	194 // http://www.ietf.org/rfc/rfc3602

185 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf	195 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf

(...skipping 119 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
305 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),	315 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),

306 ciphertext.size()));	316 ciphertext.size()));

307	317

308 std::string decypted;	318 std::string decypted;

309 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));	319 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));

310 EXPECT_EQ(plaintext, decypted);	320 EXPECT_EQ(plaintext, decypted);

311 }	321 }

312	322

313 // Not all platforms allow import/generation of symmetric keys with an	323 // Not all platforms allow import/generation of symmetric keys with an

314 // unsupported size.	324 // unsupported size.

315 #if !defined(OS_WIN) && !defined(USE_NSS)	325 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX)

316 TEST(EncryptorTest, UnsupportedKeySize) {	326 TEST(EncryptorTest, UnsupportedKeySize) {

317 std::string key = "7 = bad";	327 std::string key = "7 = bad";

318 std::string iv = "Sweet Sixteen IV";	328 std::string iv = "Sweet Sixteen IV";

319 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(	329 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import(

320 crypto::SymmetricKey::AES, key));	330 crypto::SymmetricKey::AES, key));

321 ASSERT_TRUE(NULL != sym_key.get());	331 ASSERT_TRUE(NULL != sym_key.get());

322	332

323 crypto::Encryptor encryptor;	333 crypto::Encryptor encryptor;

324 // The IV must be exactly as long a the cipher block size.	334 // The IV must be exactly as long a the cipher block size.

325 EXPECT_EQ(16U, iv.size());	335 EXPECT_EQ(16U, iv.size());

(...skipping 25 matching lines...) Expand all Loading...
351 crypto::Encryptor encryptor;	361 crypto::Encryptor encryptor;

352 // The IV must be exactly as long a the cipher block size.	362 // The IV must be exactly as long a the cipher block size.

353 EXPECT_EQ(16U, iv.size());	363 EXPECT_EQ(16U, iv.size());

354 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));	364 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));

355	365

356 std::string ciphertext;	366 std::string ciphertext;

357 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));	367 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));

358 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),	368 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),

359 ciphertext.size()));	369 ciphertext.size()));

360 }	370 }

OLD	NEW

« chrome/renderer/chrome_render_process_observer.cc ('K') | « crypto/encryptor_mac.cc ('k') | crypto/encryptor_win.cc » ('j') | crypto/symmetric_key.h » ('J')