Chromium Code Reviews Chromium Code Reviews
Issue 10543146:
Use NSS for symmetric key crypto operations on Windows and Mac. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/encryptor.h" | 5 #include "crypto/encryptor.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 85 } | 85 } |
| 86 | 86 |
| 87 std::string decypted; | 87 std::string decypted; |
| 88 | 88 |
| 89 // This wrong key causes the last padding byte to be 5, which is a valid | 89 // This wrong key causes the last padding byte to be 5, which is a valid |
| 90 // padding length, and the second to last padding byte to be 137, which is | 90 // padding length, and the second to last padding byte to be 137, which is |
| 91 // invalid. If an implementation simply uses the last padding byte to | 91 // invalid. If an implementation simply uses the last padding byte to |
| 92 // determine the padding length without checking every padding byte, | 92 // determine the padding length without checking every padding byte, |
| 93 // Encryptor::Decrypt() will still return true. This is the case for NSS | 93 // Encryptor::Decrypt() will still return true. This is the case for NSS |
| 94 // (crbug.com/124434) and Mac OS X 10.7 (crbug.com/127586). | 94 // (crbug.com/124434) and Mac OS X 10.7 (crbug.com/127586). |
| 95 #if !defined(USE_NSS) | 95 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) |
| 96 crypto::Encryptor decryptor; | 96 crypto::Encryptor decryptor; |
| 97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); | 97 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv)); |
| 98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decypted)); | 98 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decypted)); |
| 99 #endif | 99 #endif |
| 100 | 100 |
| 101 // This demonstrates that not all wrong keys can be detected by padding | 101 // This demonstrates that not all wrong keys can be detected by padding |
| 102 // error. This wrong key causes the last padding byte to be 1, which is | 102 // error. This wrong key causes the last padding byte to be 1, which is |
| 103 // a valid padding block of length 1. | 103 // a valid padding block of length 1. |
| 104 crypto::Encryptor decryptor2; | 104 crypto::Encryptor decryptor2; |
| 105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv)); | 105 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv)); |
| 106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decypted)); | 106 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decypted)); |
| 107 | 107 |
| 108 // This wrong key causes the last padding byte to be 253, which should be | 108 // This wrong key causes the last padding byte to be 253, which should be |
| 109 // rejected by all implementations. | 109 // rejected by all implementations. |
| 110 crypto::Encryptor decryptor3; | 110 crypto::Encryptor decryptor3; |
| 111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv)); | 111 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv)); |
| 112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decypted)); | 112 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decypted)); |
| 113 } | 113 } |
| 114 | 114 |
| 115 // CTR mode encryption is only implemented using NSS. | 115 // CTR mode encryption is only implemented using NSS. |
| 116 #if defined(USE_NSS) | 116 #if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 117 | 117 |
| 118 TEST(EncryptorTest, EncryptDecryptCTR) { | 118 TEST(EncryptorTest, EncryptDecryptCTR) { |
| 119 scoped_ptr<crypto::SymmetricKey> key( | 119 scoped_ptr<crypto::SymmetricKey> key( |
| 120 crypto::SymmetricKey::GenerateRandomKey( | 120 crypto::SymmetricKey::GenerateRandomKey( |
| 121 crypto::SymmetricKey::AES, 128)); | 121 crypto::SymmetricKey::AES, 128)); |
| 122 | 122 |
| 123 EXPECT_TRUE(NULL != key.get()); | 123 EXPECT_TRUE(NULL != key.get()); |
| 124 const std::string kInitialCounter = "0000000000000000"; | 124 const std::string kInitialCounter = "0000000000000000"; |
| 125 | 125 |
| 126 crypto::Encryptor encryptor; | 126 crypto::Encryptor encryptor; |
| (...skipping 15 matching lines...) Expand all Loading... | |
| 142 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); | 142 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); |
| 143 EXPECT_LT(0U, ciphertext.size()); | 143 EXPECT_LT(0U, ciphertext.size()); |
| 144 | 144 |
| 145 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); | 145 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter)); |
| 146 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted)); | 146 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted)); |
| 147 EXPECT_EQ(plaintext, decypted); | 147 EXPECT_EQ(plaintext, decypted); |
| 148 } | 148 } |
| 149 | 149 |
| 150 TEST(EncryptorTest, CTRCounter) { | 150 TEST(EncryptorTest, CTRCounter) { |
| 151 const int kCounterSize = 16; | 151 const int kCounterSize = 16; |
| 152 const char kTest1[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | 152 const uint8 kTest1[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
|
Ryan Sleevi
2012/06/14 19:35:26
unsigned char, to be consistent with the rest of t
ddorwin
2012/06/14 20:44:19
Done.
| |
| 153 uint8 buf[16]; | 153 uint8 buf[16]; |
| 154 | 154 |
| 155 // Increment 10 times. | 155 // Increment 10 times. |
| 156 crypto::Encryptor::Counter counter1(std::string(kTest1, kCounterSize)); | 156 crypto::Encryptor::Counter counter1( |
| 157 std::string(reinterpret_cast<const char*>(kTest1), kCounterSize)); | |
| 157 for (int i = 0; i < 10; ++i) | 158 for (int i = 0; i < 10; ++i) |
| 158 counter1.Increment(); | 159 counter1.Increment(); |
| 159 counter1.Write(buf); | 160 counter1.Write(buf); |
| 160 EXPECT_EQ(0, memcmp(buf, kTest1, 15)); | 161 EXPECT_EQ(0, memcmp(buf, kTest1, 15)); |
| 161 EXPECT_TRUE(buf[15] == 10); | 162 EXPECT_TRUE(buf[15] == 10); |
| 162 | 163 |
| 163 // Check corner cases. | 164 // Check corner cases. |
| 164 const char kTest2[] = {0, 0, 0, 0, 0, 0, 0, 0, | 165 const uint8 kTest2[] = {0, 0, 0, 0, 0, 0, 0, 0, |
| 165 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; | 166 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
| 166 const char kExpect2[] = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0}; | 167 const uint8 kExpect2[] = {0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0}; |
| 167 crypto::Encryptor::Counter counter2(std::string(kTest2, kCounterSize)); | 168 crypto::Encryptor::Counter counter2( |
| 169 std::string(reinterpret_cast<const char*>(kTest2), kCounterSize)); | |
| 168 counter2.Increment(); | 170 counter2.Increment(); |
| 169 counter2.Write(buf); | 171 counter2.Write(buf); |
| 170 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize)); | 172 EXPECT_EQ(0, memcmp(buf, kExpect2, kCounterSize)); |
| 171 | 173 |
| 172 const char kTest3[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, | 174 const uint8 kTest3[] = {0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, |
| 173 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; | 175 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff}; |
| 174 const char kExpect3[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; | 176 const uint8 kExpect3[] = {0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0}; |
| 175 crypto::Encryptor::Counter counter3(std::string(kTest3, kCounterSize)); | 177 crypto::Encryptor::Counter counter3( |
| 178 std::string(reinterpret_cast<const char*>(kTest3), kCounterSize)); | |
| 176 counter3.Increment(); | 179 counter3.Increment(); |
| 177 counter3.Write(buf); | 180 counter3.Write(buf); |
| 178 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize)); | 181 EXPECT_EQ(0, memcmp(buf, kExpect3, kCounterSize)); |
| 179 } | 182 } |
| 180 | 183 |
| 181 #endif | 184 #endif |
| 182 | 185 |
| 183 // TODO(wtc): add more known-answer tests. Test vectors are available from | 186 // TODO(wtc): add more known-answer tests. Test vectors are available from |
| 184 // http://www.ietf.org/rfc/rfc3602 | 187 // http://www.ietf.org/rfc/rfc3602 |
| 185 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf | 188 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf |
| (...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 305 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), | 308 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), |
| 306 ciphertext.size())); | 309 ciphertext.size())); |
| 307 | 310 |
| 308 std::string decypted; | 311 std::string decypted; |
| 309 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted)); | 312 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted)); |
| 310 EXPECT_EQ(plaintext, decypted); | 313 EXPECT_EQ(plaintext, decypted); |
| 311 } | 314 } |
| 312 | 315 |
| 313 // Not all platforms allow import/generation of symmetric keys with an | 316 // Not all platforms allow import/generation of symmetric keys with an |
| 314 // unsupported size. | 317 // unsupported size. |
| 315 #if !defined(OS_WIN) && !defined(USE_NSS) | 318 #if !defined(USE_NSS) && !defined(OS_WIN) && !defined(OS_MACOSX) |
| 316 TEST(EncryptorTest, UnsupportedKeySize) { | 319 TEST(EncryptorTest, UnsupportedKeySize) { |
| 317 std::string key = "7 = bad"; | 320 std::string key = "7 = bad"; |
| 318 std::string iv = "Sweet Sixteen IV"; | 321 std::string iv = "Sweet Sixteen IV"; |
| 319 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( | 322 scoped_ptr<crypto::SymmetricKey> sym_key(crypto::SymmetricKey::Import( |
| 320 crypto::SymmetricKey::AES, key)); | 323 crypto::SymmetricKey::AES, key)); |
| 321 ASSERT_TRUE(NULL != sym_key.get()); | 324 ASSERT_TRUE(NULL != sym_key.get()); |
| 322 | 325 |
| 323 crypto::Encryptor encryptor; | 326 crypto::Encryptor encryptor; |
| 324 // The IV must be exactly as long a the cipher block size. | 327 // The IV must be exactly as long a the cipher block size. |
| 325 EXPECT_EQ(16U, iv.size()); | 328 EXPECT_EQ(16U, iv.size()); |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 351 crypto::Encryptor encryptor; | 354 crypto::Encryptor encryptor; |
| 352 // The IV must be exactly as long a the cipher block size. | 355 // The IV must be exactly as long a the cipher block size. |
| 353 EXPECT_EQ(16U, iv.size()); | 356 EXPECT_EQ(16U, iv.size()); |
| 354 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); | 357 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv)); |
| 355 | 358 |
| 356 std::string ciphertext; | 359 std::string ciphertext; |
| 357 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); | 360 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext)); |
| 358 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), | 361 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(), |
| 359 ciphertext.size())); | 362 ciphertext.size())); |
| 360 } | 363 } |
| OLD | NEW |
