OLD | NEW |
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/crypto/symmetric_key.h" | 5 #include "crypto/symmetric_key.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 | 8 |
9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
10 #include "base/string_number_conversions.h" | 10 #include "base/string_number_conversions.h" |
11 #include "base/string_util.h" | 11 #include "base/string_util.h" |
12 #include "testing/gtest/include/gtest/gtest.h" | 12 #include "testing/gtest/include/gtest/gtest.h" |
13 | 13 |
14 TEST(SymmetricKeyTest, GenerateRandomKey) { | 14 TEST(SymmetricKeyTest, GenerateRandomKey) { |
15 scoped_ptr<base::SymmetricKey> key( | 15 scoped_ptr<crypto::SymmetricKey> key( |
16 base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); | 16 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); |
17 ASSERT_TRUE(NULL != key.get()); | 17 ASSERT_TRUE(NULL != key.get()); |
18 std::string raw_key; | 18 std::string raw_key; |
19 EXPECT_TRUE(key->GetRawKey(&raw_key)); | 19 EXPECT_TRUE(key->GetRawKey(&raw_key)); |
20 EXPECT_EQ(32U, raw_key.size()); | 20 EXPECT_EQ(32U, raw_key.size()); |
21 | 21 |
22 // Do it again and check that the keys are different. | 22 // Do it again and check that the keys are different. |
23 // (Note: this has a one-in-10^77 chance of failure!) | 23 // (Note: this has a one-in-10^77 chance of failure!) |
24 scoped_ptr<base::SymmetricKey> key2( | 24 scoped_ptr<crypto::SymmetricKey> key2( |
25 base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); | 25 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); |
26 ASSERT_TRUE(NULL != key2.get()); | 26 ASSERT_TRUE(NULL != key2.get()); |
27 std::string raw_key2; | 27 std::string raw_key2; |
28 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); | 28 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); |
29 EXPECT_EQ(32U, raw_key2.size()); | 29 EXPECT_EQ(32U, raw_key2.size()); |
30 EXPECT_NE(raw_key, raw_key2); | 30 EXPECT_NE(raw_key, raw_key2); |
31 } | 31 } |
32 | 32 |
33 TEST(SymmetricKeyTest, ImportGeneratedKey) { | 33 TEST(SymmetricKeyTest, ImportGeneratedKey) { |
34 scoped_ptr<base::SymmetricKey> key1( | 34 scoped_ptr<crypto::SymmetricKey> key1( |
35 base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); | 35 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 256)); |
36 ASSERT_TRUE(NULL != key1.get()); | 36 ASSERT_TRUE(NULL != key1.get()); |
37 std::string raw_key1; | 37 std::string raw_key1; |
38 EXPECT_TRUE(key1->GetRawKey(&raw_key1)); | 38 EXPECT_TRUE(key1->GetRawKey(&raw_key1)); |
39 | 39 |
40 scoped_ptr<base::SymmetricKey> key2( | 40 scoped_ptr<crypto::SymmetricKey> key2( |
41 base::SymmetricKey::Import(base::SymmetricKey::AES, raw_key1)); | 41 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, raw_key1)); |
42 ASSERT_TRUE(NULL != key2.get()); | 42 ASSERT_TRUE(NULL != key2.get()); |
43 | 43 |
44 std::string raw_key2; | 44 std::string raw_key2; |
45 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); | 45 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); |
46 | 46 |
47 EXPECT_EQ(raw_key1, raw_key2); | 47 EXPECT_EQ(raw_key1, raw_key2); |
48 } | 48 } |
49 | 49 |
50 TEST(SymmetricKeyTest, ImportDerivedKey) { | 50 TEST(SymmetricKeyTest, ImportDerivedKey) { |
51 scoped_ptr<base::SymmetricKey> key1( | 51 scoped_ptr<crypto::SymmetricKey> key1( |
52 base::SymmetricKey::DeriveKeyFromPassword(base::SymmetricKey::HMAC_SHA1, | 52 crypto::SymmetricKey::DeriveKeyFromPassword( |
53 "password", "somesalt", 1024, | 53 crypto::SymmetricKey::HMAC_SHA1, "password", "somesalt", 1024, 160)); |
54 160)); | |
55 ASSERT_TRUE(NULL != key1.get()); | 54 ASSERT_TRUE(NULL != key1.get()); |
56 std::string raw_key1; | 55 std::string raw_key1; |
57 EXPECT_TRUE(key1->GetRawKey(&raw_key1)); | 56 EXPECT_TRUE(key1->GetRawKey(&raw_key1)); |
58 | 57 |
59 scoped_ptr<base::SymmetricKey> key2( | 58 scoped_ptr<crypto::SymmetricKey> key2( |
60 base::SymmetricKey::Import(base::SymmetricKey::HMAC_SHA1, raw_key1)); | 59 crypto::SymmetricKey::Import(crypto::SymmetricKey::HMAC_SHA1, raw_key1)); |
61 ASSERT_TRUE(NULL != key2.get()); | 60 ASSERT_TRUE(NULL != key2.get()); |
62 | 61 |
63 std::string raw_key2; | 62 std::string raw_key2; |
64 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); | 63 EXPECT_TRUE(key2->GetRawKey(&raw_key2)); |
65 | 64 |
66 EXPECT_EQ(raw_key1, raw_key2); | 65 EXPECT_EQ(raw_key1, raw_key2); |
67 } | 66 } |
68 | 67 |
69 struct PBKDF2TestVector { | 68 struct PBKDF2TestVector { |
70 base::SymmetricKey::Algorithm algorithm; | 69 crypto::SymmetricKey::Algorithm algorithm; |
71 const char* password; | 70 const char* password; |
72 const char* salt; | 71 const char* salt; |
73 unsigned int rounds; | 72 unsigned int rounds; |
74 unsigned int key_size_in_bits; | 73 unsigned int key_size_in_bits; |
75 const char* expected; // ASCII encoded hex bytes | 74 const char* expected; // ASCII encoded hex bytes |
76 }; | 75 }; |
77 | 76 |
78 class SymmetricKeyDeriveKeyFromPasswordTest | 77 class SymmetricKeyDeriveKeyFromPasswordTest |
79 : public testing::TestWithParam<PBKDF2TestVector> { | 78 : public testing::TestWithParam<PBKDF2TestVector> { |
80 }; | 79 }; |
81 | 80 |
82 TEST_P(SymmetricKeyDeriveKeyFromPasswordTest, DeriveKeyFromPassword) { | 81 TEST_P(SymmetricKeyDeriveKeyFromPasswordTest, DeriveKeyFromPassword) { |
83 PBKDF2TestVector test_data(GetParam()); | 82 PBKDF2TestVector test_data(GetParam()); |
84 #if defined(OS_MACOSX) | 83 #if defined(OS_MACOSX) |
85 // The OS X crypto libraries have minimum salt and iteration requirements | 84 // The OS X crypto libraries have minimum salt and iteration requirements |
86 // so some of the tests below will cause them to barf. Skip these. | 85 // so some of the tests below will cause them to barf. Skip these. |
87 if (strlen(test_data.salt) < 8 || test_data.rounds < 1000) { | 86 if (strlen(test_data.salt) < 8 || test_data.rounds < 1000) { |
88 VLOG(1) << "Skipped test vector for " << test_data.expected; | 87 VLOG(1) << "Skipped test vector for " << test_data.expected; |
89 return; | 88 return; |
90 } | 89 } |
91 #endif // OS_MACOSX | 90 #endif // OS_MACOSX |
92 | 91 |
93 scoped_ptr<base::SymmetricKey> key( | 92 scoped_ptr<crypto::SymmetricKey> key( |
94 base::SymmetricKey::DeriveKeyFromPassword( | 93 crypto::SymmetricKey::DeriveKeyFromPassword( |
95 test_data.algorithm, | 94 test_data.algorithm, |
96 test_data.password, test_data.salt, | 95 test_data.password, test_data.salt, |
97 test_data.rounds, test_data.key_size_in_bits)); | 96 test_data.rounds, test_data.key_size_in_bits)); |
98 ASSERT_TRUE(NULL != key.get()); | 97 ASSERT_TRUE(NULL != key.get()); |
99 | 98 |
100 std::string raw_key; | 99 std::string raw_key; |
101 key->GetRawKey(&raw_key); | 100 key->GetRawKey(&raw_key); |
102 EXPECT_EQ(test_data.key_size_in_bits / 8, raw_key.size()); | 101 EXPECT_EQ(test_data.key_size_in_bits / 8, raw_key.size()); |
103 EXPECT_EQ(test_data.expected, | 102 EXPECT_EQ(test_data.expected, |
104 StringToLowerASCII(base::HexEncode(raw_key.data(), | 103 StringToLowerASCII(base::HexEncode(raw_key.data(), |
105 raw_key.size()))); | 104 raw_key.size()))); |
106 } | 105 } |
107 | 106 |
108 static const PBKDF2TestVector kTestVectors[] = { | 107 static const PBKDF2TestVector kTestVectors[] = { |
109 // These tests come from | 108 // These tests come from |
110 // http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt | 109 // http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt |
111 { | 110 { |
112 base::SymmetricKey::HMAC_SHA1, | 111 crypto::SymmetricKey::HMAC_SHA1, |
113 "password", | 112 "password", |
114 "salt", | 113 "salt", |
115 1, | 114 1, |
116 160, | 115 160, |
117 "0c60c80f961f0e71f3a9b524af6012062fe037a6", | 116 "0c60c80f961f0e71f3a9b524af6012062fe037a6", |
118 }, | 117 }, |
119 { | 118 { |
120 base::SymmetricKey::HMAC_SHA1, | 119 crypto::SymmetricKey::HMAC_SHA1, |
121 "password", | 120 "password", |
122 "salt", | 121 "salt", |
123 2, | 122 2, |
124 160, | 123 160, |
125 "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957", | 124 "ea6c014dc72d6f8ccd1ed92ace1d41f0d8de8957", |
126 }, | 125 }, |
127 { | 126 { |
128 base::SymmetricKey::HMAC_SHA1, | 127 crypto::SymmetricKey::HMAC_SHA1, |
129 "password", | 128 "password", |
130 "salt", | 129 "salt", |
131 4096, | 130 4096, |
132 160, | 131 160, |
133 "4b007901b765489abead49d926f721d065a429c1", | 132 "4b007901b765489abead49d926f721d065a429c1", |
134 }, | 133 }, |
135 // This test takes over 30s to run on the trybots. | 134 // This test takes over 30s to run on the trybots. |
136 #if 0 | 135 #if 0 |
137 { | 136 { |
138 base::SymmetricKey::HMAC_SHA1, | 137 crypto::SymmetricKey::HMAC_SHA1, |
139 "password", | 138 "password", |
140 "salt", | 139 "salt", |
141 16777216, | 140 16777216, |
142 160, | 141 160, |
143 "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984", | 142 "eefe3d61cd4da4e4e9945b3d6ba2158c2634e984", |
144 }, | 143 }, |
145 #endif | 144 #endif |
146 | 145 |
147 // These tests come from RFC 3962, via BSD source code at | 146 // These tests come from RFC 3962, via BSD source code at |
148 // http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/bioctl/pbkdf2.c?rev=HEAD&con
tent-type=text/plain | 147 // http://www.openbsd.org/cgi-bin/cvsweb/src/sbin/bioctl/pbkdf2.c?rev=HEAD&con
tent-type=text/plain |
149 { | 148 { |
150 base::SymmetricKey::HMAC_SHA1, | 149 crypto::SymmetricKey::HMAC_SHA1, |
151 "password", | 150 "password", |
152 "ATHENA.MIT.EDUraeburn", | 151 "ATHENA.MIT.EDUraeburn", |
153 1, | 152 1, |
154 160, | 153 160, |
155 "cdedb5281bb2f801565a1122b25635150ad1f7a0", | 154 "cdedb5281bb2f801565a1122b25635150ad1f7a0", |
156 }, | 155 }, |
157 { | 156 { |
158 base::SymmetricKey::HMAC_SHA1, | 157 crypto::SymmetricKey::HMAC_SHA1, |
159 "password", | 158 "password", |
160 "ATHENA.MIT.EDUraeburn", | 159 "ATHENA.MIT.EDUraeburn", |
161 2, | 160 2, |
162 160, | 161 160, |
163 "01dbee7f4a9e243e988b62c73cda935da05378b9", | 162 "01dbee7f4a9e243e988b62c73cda935da05378b9", |
164 }, | 163 }, |
165 { | 164 { |
166 base::SymmetricKey::HMAC_SHA1, | 165 crypto::SymmetricKey::HMAC_SHA1, |
167 "password", | 166 "password", |
168 "ATHENA.MIT.EDUraeburn", | 167 "ATHENA.MIT.EDUraeburn", |
169 1200, | 168 1200, |
170 160, | 169 160, |
171 "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddb", | 170 "5c08eb61fdf71e4e4ec3cf6ba1f5512ba7e52ddb", |
172 }, | 171 }, |
173 { | 172 { |
174 base::SymmetricKey::HMAC_SHA1, | 173 crypto::SymmetricKey::HMAC_SHA1, |
175 "password", | 174 "password", |
176 "\0224VxxV4\022", /* 0x1234567878563412 */ | 175 "\0224VxxV4\022", /* 0x1234567878563412 */ |
177 5, | 176 5, |
178 160, | 177 160, |
179 "d1daa78615f287e6a1c8b120d7062a493f98d203", | 178 "d1daa78615f287e6a1c8b120d7062a493f98d203", |
180 }, | 179 }, |
181 { | 180 { |
182 base::SymmetricKey::HMAC_SHA1, | 181 crypto::SymmetricKey::HMAC_SHA1, |
183 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | 182 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", |
184 "pass phrase equals block size", | 183 "pass phrase equals block size", |
185 1200, | 184 1200, |
186 160, | 185 160, |
187 "139c30c0966bc32ba55fdbf212530ac9c5ec59f1", | 186 "139c30c0966bc32ba55fdbf212530ac9c5ec59f1", |
188 }, | 187 }, |
189 { | 188 { |
190 base::SymmetricKey::HMAC_SHA1, | 189 crypto::SymmetricKey::HMAC_SHA1, |
191 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | 190 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", |
192 "pass phrase exceeds block size", | 191 "pass phrase exceeds block size", |
193 1200, | 192 1200, |
194 160, | 193 160, |
195 "9ccad6d468770cd51b10e6a68721be611a8b4d28", | 194 "9ccad6d468770cd51b10e6a68721be611a8b4d28", |
196 }, | 195 }, |
197 { | 196 { |
198 base::SymmetricKey::HMAC_SHA1, | 197 crypto::SymmetricKey::HMAC_SHA1, |
199 "\360\235\204\236", /* g-clef (0xf09d849e) */ | 198 "\360\235\204\236", /* g-clef (0xf09d849e) */ |
200 "EXAMPLE.COMpianist", | 199 "EXAMPLE.COMpianist", |
201 50, | 200 50, |
202 160, | 201 160, |
203 "6b9cf26d45455a43a5b8bb276a403b39e7fe37a0", | 202 "6b9cf26d45455a43a5b8bb276a403b39e7fe37a0", |
204 }, | 203 }, |
205 | 204 |
206 // Regression tests for AES keys, derived from the Linux NSS implementation. | 205 // Regression tests for AES keys, derived from the Linux NSS implementation. |
207 { | 206 { |
208 base::SymmetricKey::AES, | 207 crypto::SymmetricKey::AES, |
209 "A test password", | 208 "A test password", |
210 "saltsalt", | 209 "saltsalt", |
211 1, | 210 1, |
212 256, | 211 256, |
213 "44899a7777f0e6e8b752f875f02044b8ac593de146de896f2e8a816e315a36de", | 212 "44899a7777f0e6e8b752f875f02044b8ac593de146de896f2e8a816e315a36de", |
214 }, | 213 }, |
215 { | 214 { |
216 base::SymmetricKey::AES, | 215 crypto::SymmetricKey::AES, |
217 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", | 216 "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", |
218 "pass phrase exceeds block size", | 217 "pass phrase exceeds block size", |
219 20, | 218 20, |
220 256, | 219 256, |
221 "e0739745dc28b8721ba402e05214d2ac1eab54cf72bee1fba388297a09eb493c", | 220 "e0739745dc28b8721ba402e05214d2ac1eab54cf72bee1fba388297a09eb493c", |
222 }, | 221 }, |
223 }; | 222 }; |
224 | 223 |
225 INSTANTIATE_TEST_CASE_P(, SymmetricKeyDeriveKeyFromPasswordTest, | 224 INSTANTIATE_TEST_CASE_P(, SymmetricKeyDeriveKeyFromPasswordTest, |
226 testing::ValuesIn(kTestVectors)); | 225 testing::ValuesIn(kTestVectors)); |
OLD | NEW |