| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "crypto/aes_128_gcm_helpers_nss.h" |
| 6 |
| 7 #include <pk11pub.h> |
| 8 #include <secerr.h> |
| 9 #include <string> |
| 10 |
| 11 #include "base/logging.h" |
| 12 #include "base/rand_util.h" |
| 13 #include "base/strings/string_number_conversions.h" |
| 14 #include "base/strings/string_util.h" |
| 15 #include "crypto/nss_util.h" |
| 16 #include "crypto/random.h" |
| 17 #include "crypto/scoped_nss_types.h" |
| 18 #include "testing/gtest/include/gtest/gtest.h" |
| 19 |
| 20 namespace crypto { |
| 21 |
| 22 namespace { |
| 23 |
| 24 // The AES GCM test vectors come from the gcmDecrypt128.rsp and |
| 25 // gcmEncryptExtIV128.rsp files downloaded from |
| 26 // http://csrc.nist.gov/groups/STM/cavp/index.html on 2013-02-01. The test |
| 27 // vectors in that file look like this: |
| 28 // |
| 29 // [Keylen = 128] |
| 30 // [IVlen = 96] |
| 31 // [PTlen = 0] |
| 32 // [AADlen = 0] |
| 33 // [Taglen = 128] |
| 34 // |
| 35 // Count = 0 |
| 36 // Key = cf063a34d4a9a76c2c86787d3f96db71 |
| 37 // IV = 113b9785971864c83b01c787 |
| 38 // CT = |
| 39 // AAD = |
| 40 // Tag = 72ac8493e3a5228b5d130a69d2510e42 |
| 41 // PT = |
| 42 // |
| 43 // Count = 1 |
| 44 // Key = a49a5e26a2f8cb63d05546c2a62f5343 |
| 45 // IV = 907763b19b9b4ab6bd4f0281 |
| 46 // CT = |
| 47 // AAD = |
| 48 // Tag = a2be08210d8c470a8df6e8fbd79ec5cf |
| 49 // FAIL |
| 50 // |
| 51 // ... |
| 52 // |
| 53 // These files are huge (2.6 MB and 2.8 MB), so this file contains just a |
| 54 // selection of test vectors. |
| 55 |
| 56 // Describes a group of test vectors that all have a given key length, IV |
| 57 // length, plaintext length, AAD length, and tag length. |
| 58 struct TestGroupInfo { |
| 59 size_t key_len; |
| 60 size_t iv_len; |
| 61 size_t input_len; |
| 62 size_t aad_len; |
| 63 size_t tag_len; |
| 64 }; |
| 65 |
| 66 // Each test vector consists of six strings of lowercase hexadecimal digits. |
| 67 // The strings may be empty (zero length). A test vector with a NULL |key| |
| 68 // marks the end of an array of test vectors. |
| 69 struct TestVector { |
| 70 // Input: |
| 71 const char* key; |
| 72 const char* iv; |
| 73 const char* input; |
| 74 const char* aad; |
| 75 const char* tag; |
| 76 |
| 77 // Expected output: |
| 78 const char* output; // An empty string "" means decryption or encryption |
| 79 // succeeded and the plaintext is zero-length. NULL means |
| 80 // that the decryption or encryption failed. |
| 81 }; |
| 82 |
| 83 const TestGroupInfo test_group_info[] = { |
| 84 {128, 96, 0, 0, 128}, |
| 85 {128, 96, 0, 128, 128}, |
| 86 {128, 96, 128, 0, 128}, |
| 87 {128, 96, 408, 160, 128}, |
| 88 {128, 96, 408, 720, 128}, |
| 89 {128, 96, 104, 0, 128}, |
| 90 }; |
| 91 |
| 92 const TestVector decryption_test_group_0[] = { |
| 93 {"cf063a34d4a9a76c2c86787d3f96db71", |
| 94 "113b9785971864c83b01c787", |
| 95 "", |
| 96 "", |
| 97 "72ac8493e3a5228b5d130a69d2510e42", |
| 98 ""}, |
| 99 { |
| 100 "a49a5e26a2f8cb63d05546c2a62f5343", |
| 101 "907763b19b9b4ab6bd4f0281", |
| 102 "", |
| 103 "", |
| 104 "a2be08210d8c470a8df6e8fbd79ec5cf", |
| 105 NULL // FAIL |
| 106 }, |
| 107 {NULL}}; |
| 108 |
| 109 const TestVector decryption_test_group_1[] = { |
| 110 { |
| 111 "d1f6af919cde85661208bdce0c27cb22", |
| 112 "898c6929b435017bf031c3c5", |
| 113 "", |
| 114 "7c5faa40e636bbc91107e68010c92b9f", |
| 115 "ae45f11777540a2caeb128be8092468a", |
| 116 NULL // FAIL |
| 117 }, |
| 118 {"2370e320d4344208e0ff5683f243b213", |
| 119 "04dbb82f044d30831c441228", |
| 120 "", |
| 121 "d43a8e5089eea0d026c03a85178b27da", |
| 122 "2a049c049d25aa95969b451d93c31c6e", |
| 123 ""}, |
| 124 {NULL}}; |
| 125 |
| 126 const TestVector decryption_test_group_2[] = { |
| 127 {"e98b72a9881a84ca6b76e0f43e68647a", |
| 128 "8b23299fde174053f3d652ba", |
| 129 "5a3c1cf1985dbb8bed818036fdd5ab42", |
| 130 "", |
| 131 "23c7ab0f952b7091cd324835043b5eb5", |
| 132 "28286a321293253c3e0aa2704a278032"}, |
| 133 {"33240636cd3236165f1a553b773e728e", |
| 134 "17c4d61493ecdc8f31700b12", |
| 135 "47bb7e23f7bdfe05a8091ac90e4f8b2e", |
| 136 "", |
| 137 "b723c70e931d9785f40fd4ab1d612dc9", |
| 138 "95695a5b12f2870b9cc5fdc8f218a97d"}, |
| 139 { |
| 140 "5164df856f1e9cac04a79b808dc5be39", |
| 141 "e76925d5355e0584ce871b2b", |
| 142 "0216c899c88d6e32c958c7e553daa5bc", |
| 143 "", |
| 144 "a145319896329c96df291f64efbe0e3a", |
| 145 NULL // FAIL |
| 146 }, |
| 147 {NULL}}; |
| 148 |
| 149 const TestVector decryption_test_group_3[] = { |
| 150 {"af57f42c60c0fc5a09adb81ab86ca1c3", |
| 151 "a2dc01871f37025dc0fc9a79", |
| 152 "b9a535864f48ea7b6b1367914978f9bfa087d854bb0e269bed8d279d2eea1210e48947" |
| 153 "338b22f9bad09093276a331e9c79c7f4", |
| 154 "41dc38988945fcb44faf2ef72d0061289ef8efd8", |
| 155 "4f71e72bde0018f555c5adcce062e005", |
| 156 "3803a0727eeb0ade441e0ec107161ded2d425ec0d102f21f51bf2cf9947c7ec4aa7279" |
| 157 "5b2f69b041596e8817d0a3c16f8fadeb"}, |
| 158 {"ebc753e5422b377d3cb64b58ffa41b61", |
| 159 "2e1821efaced9acf1f241c9b", |
| 160 "069567190554e9ab2b50a4e1fbf9c147340a5025fdbd201929834eaf6532325899ccb9" |
| 161 "f401823e04b05817243d2142a3589878", |
| 162 "b9673412fd4f88ba0e920f46dd6438ff791d8eef", |
| 163 "534d9234d2351cf30e565de47baece0b", |
| 164 "39077edb35e9c5a4b1e4c2a6b9bb1fce77f00f5023af40333d6d699014c2bcf4209c18" |
| 165 "353a18017f5b36bfc00b1f6dcb7ed485"}, |
| 166 { |
| 167 "52bdbbf9cf477f187ec010589cb39d58", |
| 168 "d3be36d3393134951d324b31", |
| 169 "700188da144fa692cf46e4a8499510a53d90903c967f7f13e8a1bd8151a74adc4fe63e" |
| 170 "32b992760b3a5f99e9a47838867000a9", |
| 171 "93c4fc6a4135f54d640b0c976bf755a06a292c33", |
| 172 "8ca4e38aa3dfa6b1d0297021ccf3ea5f", |
| 173 NULL // FAIL |
| 174 }, |
| 175 {NULL}}; |
| 176 |
| 177 const TestVector decryption_test_group_4[] = { |
| 178 {"da2bb7d581493d692380c77105590201", |
| 179 "44aa3e7856ca279d2eb020c6", |
| 180 "9290d430c9e89c37f0446dbd620c9a6b34b1274aeb6f911f75867efcf95b6feda69f1a" |
| 181 "f4ee16c761b3c9aeac3da03aa9889c88", |
| 182 "4cd171b23bddb3a53cdf959d5c1710b481eb3785a90eb20a2345ee00d0bb7868c367ab" |
| 183 "12e6f4dd1dee72af4eee1d197777d1d6499cc541f34edbf45cda6ef90b3c024f9272d7" |
| 184 "2ec1909fb8fba7db88a4d6f7d3d925980f9f9f72", |
| 185 "9e3ac938d3eb0cadd6f5c9e35d22ba38", |
| 186 "9bbf4c1a2742f6ac80cb4e8a052e4a8f4f07c43602361355b717381edf9fabd4cb7e3a" |
| 187 "d65dbd1378b196ac270588dd0621f642"}, |
| 188 {"d74e4958717a9d5c0e235b76a926cae8", |
| 189 "0b7471141e0c70b1995fd7b1", |
| 190 "e701c57d2330bf066f9ff8cf3ca4343cafe4894651cd199bdaaa681ba486b4a65c5a22" |
| 191 "b0f1420be29ea547d42c713bc6af66aa", |
| 192 "4a42b7aae8c245c6f1598a395316e4b8484dbd6e64648d5e302021b1d3fa0a38f46e22" |
| 193 "bd9c8080b863dc0016482538a8562a4bd0ba84edbe2697c76fd039527ac179ec5506cf" |
| 194 "34a6039312774cedebf4961f3978b14a26509f96", |
| 195 "e192c23cb036f0b31592989119eed55d", |
| 196 "840d9fb95e32559fb3602e48590280a172ca36d9b49ab69510f5bd552bfab7a306f85f" |
| 197 "f0a34bc305b88b804c60b90add594a17"}, |
| 198 { |
| 199 "1986310c725ac94ecfe6422e75fc3ee7", |
| 200 "93ec4214fa8e6dc4e3afc775", |
| 201 "b178ec72f85a311ac4168f42a4b2c23113fbea4b85f4b9dabb74e143eb1b8b0a361e02" |
| 202 "43edfd365b90d5b325950df0ada058f9", |
| 203 "e80b88e62c49c958b5e0b8b54f532d9ff6aa84c8a40132e93e55b59fc24e8decf28463" |
| 204 "139f155d1e8ce4ee76aaeefcd245baa0fc519f83a5fb9ad9aa40c4b21126013f576c42" |
| 205 "72c2cb136c8fd091cc4539877a5d1e72d607f960", |
| 206 "8b347853f11d75e81e8a95010be81f17", |
| 207 NULL // FAIL |
| 208 }, |
| 209 {NULL}}; |
| 210 |
| 211 const TestVector decryption_test_group_5[] = { |
| 212 {"387218b246c1a8257748b56980e50c94", |
| 213 "dd7e014198672be39f95b69d", |
| 214 "cdba9e73eaf3d38eceb2b04a8d", |
| 215 "", |
| 216 "ecf90f4a47c9c626d6fb2c765d201556", |
| 217 "48f5b426baca03064554cc2b30"}, |
| 218 {"294de463721e359863887c820524b3d4", |
| 219 "3338b35c9d57a5d28190e8c9", |
| 220 "2f46634e74b8e4c89812ac83b9", |
| 221 "", |
| 222 "dabd506764e68b82a7e720aa18da0abe", |
| 223 "46a2e55c8e264df211bd112685"}, |
| 224 {"28ead7fd2179e0d12aa6d5d88c58c2dc", |
| 225 "5055347f18b4d5add0ae5c41", |
| 226 "142d8210c3fb84774cdbd0447a", |
| 227 "", |
| 228 "5fd321d9cdb01952dc85f034736c2a7d", |
| 229 "3b95b981086ee73cc4d0cc1422"}, |
| 230 { |
| 231 "7d7b6c988137b8d470c57bf674a09c87", |
| 232 "9edf2aa970d016ac962e1fd8", |
| 233 "a85b66c3cb5eab91d5bdc8bc0e", |
| 234 "", |
| 235 "dc054efc01f3afd21d9c2484819f569a", |
| 236 NULL // FAIL |
| 237 }, |
| 238 {NULL}}; |
| 239 |
| 240 const TestVector encryption_test_group_0[] = { |
| 241 {"11754cd72aec309bf52f7687212e8957", |
| 242 "3c819d9a9bed087615030b65", |
| 243 "", |
| 244 "", |
| 245 "250327c674aaf477aef2675748cf6971", |
| 246 ""}, |
| 247 {"ca47248ac0b6f8372a97ac43508308ed", |
| 248 "ffd2b598feabc9019262d2be", |
| 249 "", |
| 250 "", |
| 251 "60d20404af527d248d893ae495707d1a", |
| 252 ""}, |
| 253 {NULL}}; |
| 254 |
| 255 const TestVector encryption_test_group_1[] = { |
| 256 {"77be63708971c4e240d1cb79e8d77feb", |
| 257 "e0e00f19fed7ba0136a797f3", |
| 258 "", |
| 259 "7a43ec1d9c0a5a78a0b16533a6213cab", |
| 260 "209fcc8d3675ed938e9c7166709dd946", |
| 261 ""}, |
| 262 {"7680c5d3ca6154758e510f4d25b98820", |
| 263 "f8f105f9c3df4965780321f8", |
| 264 "", |
| 265 "c94c410194c765e3dcc7964379758ed3", |
| 266 "94dca8edfcf90bb74b153c8d48a17930", |
| 267 ""}, |
| 268 {NULL}}; |
| 269 |
| 270 const TestVector encryption_test_group_2[] = { |
| 271 {"7fddb57453c241d03efbed3ac44e371c", |
| 272 "ee283a3fc75575e33efd4887", |
| 273 "d5de42b461646c255c87bd2962d3b9a2", |
| 274 "", |
| 275 "b36d1df9b9d5e596f83e8b7f52971cb3", |
| 276 "2ccda4a5415cb91e135c2a0f78c9b2fd"}, |
| 277 {"ab72c77b97cb5fe9a382d9fe81ffdbed", |
| 278 "54cc7dc2c37ec006bcc6d1da", |
| 279 "007c5e5b3e59df24a7c355584fc1518d", |
| 280 "", |
| 281 "2b4401346697138c7a4891ee59867d0c", |
| 282 "0e1bde206a07a9c2c1b65300f8c64997"}, |
| 283 {NULL}}; |
| 284 |
| 285 const TestVector encryption_test_group_3[] = { |
| 286 {"fe47fcce5fc32665d2ae399e4eec72ba", |
| 287 "5adb9609dbaeb58cbd6e7275", |
| 288 "7c0e88c88899a779228465074797cd4c2e1498d259b54390b85e3eef1c02df60e743f1" |
| 289 "b840382c4bccaf3bafb4ca8429bea063", |
| 290 "88319d6e1d3ffa5f987199166c8a9b56c2aeba5a", |
| 291 "291ef1982e4defedaa2249f898556b47", |
| 292 "98f4826f05a265e6dd2be82db241c0fbbbf9ffb1c173aa83964b7cf539304373636525" |
| 293 "3ddbc5db8778371495da76d269e5db3e"}, |
| 294 {"ec0c2ba17aa95cd6afffe949da9cc3a8", |
| 295 "296bce5b50b7d66096d627ef", |
| 296 "b85b3753535b825cbe5f632c0b843c741351f18aa484281aebec2f45bb9eea2d79d987" |
| 297 "b764b9611f6c0f8641843d5d58f3a242", |
| 298 "f8d00f05d22bf68599bcdeb131292ad6e2df5d14", |
| 299 "890147971946b627c40016da1ecf3e77", |
| 300 "a7443d31c26bdf2a1c945e29ee4bd344a99cfaf3aa71f8b3f191f83c2adfc7a0716299" |
| 301 "5506fde6309ffc19e716eddf1a828c5a"}, |
| 302 {NULL}}; |
| 303 |
| 304 const TestVector encryption_test_group_4[] = { |
| 305 {"2c1f21cf0f6fb3661943155c3e3d8492", |
| 306 "23cb5ff362e22426984d1907", |
| 307 "42f758836986954db44bf37c6ef5e4ac0adaf38f27252a1b82d02ea949c8a1a2dbc0d6" |
| 308 "8b5615ba7c1220ff6510e259f06655d8", |
| 309 "5d3624879d35e46849953e45a32a624d6a6c536ed9857c613b572b0333e701557a713e" |
| 310 "3f010ecdf9a6bd6c9e3e44b065208645aff4aabee611b391528514170084ccf587177f" |
| 311 "4488f33cfb5e979e42b6e1cfc0a60238982a7aec", |
| 312 "57a3ee28136e94c74838997ae9823f3a", |
| 313 "81824f0e0d523db30d3da369fdc0d60894c7a0a20646dd015073ad2732bd989b14a222" |
| 314 "b6ad57af43e1895df9dca2a5344a62cc"}, |
| 315 {"d9f7d2411091f947b4d6f1e2d1f0fb2e", |
| 316 "e1934f5db57cc983e6b180e7", |
| 317 "73ed042327f70fe9c572a61545eda8b2a0c6e1d6c291ef19248e973aee6c312012f490" |
| 318 "c2c6f6166f4a59431e182663fcaea05a", |
| 319 "0a8a18a7150e940c3d87b38e73baee9a5c049ee21795663e264b694a949822b639092d" |
| 320 "0e67015e86363583fcf0ca645af9f43375f05fdb4ce84f411dcbca73c2220dea03a201" |
| 321 "15d2e51398344b16bee1ed7c499b353d6c597af8", |
| 322 "21b51ca862cb637cdd03b99a0f93b134", |
| 323 "aaadbd5c92e9151ce3db7210b8714126b73e43436d242677afa50384f2149b831f1d57" |
| 324 "3c7891c2a91fbc48db29967ec9542b23"}, |
| 325 {NULL}}; |
| 326 |
| 327 const TestVector encryption_test_group_5[] = { |
| 328 {"fe9bb47deb3a61e423c2231841cfd1fb", |
| 329 "4d328eb776f500a2f7fb47aa", |
| 330 "f1cc3818e421876bb6b8bbd6c9", |
| 331 "", |
| 332 "43fd4727fe5cdb4b5b42818dea7ef8c9", |
| 333 "b88c5c1977b35b517b0aeae967"}, |
| 334 {"6703df3701a7f54911ca72e24dca046a", |
| 335 "12823ab601c350ea4bc2488c", |
| 336 "793cd125b0b84a043e3ac67717", |
| 337 "", |
| 338 "38e6bcd29962e5f2c13626b85a877101", |
| 339 "b2051c80014f42f08735a7b0cd"}, |
| 340 {NULL}}; |
| 341 |
| 342 const TestVector* const decryption_test_group_array[] = { |
| 343 decryption_test_group_0, |
| 344 decryption_test_group_1, |
| 345 decryption_test_group_2, |
| 346 decryption_test_group_3, |
| 347 decryption_test_group_4, |
| 348 decryption_test_group_5, |
| 349 }; |
| 350 |
| 351 const TestVector* const encryption_test_group_array[] = { |
| 352 encryption_test_group_0, |
| 353 encryption_test_group_1, |
| 354 encryption_test_group_2, |
| 355 encryption_test_group_3, |
| 356 encryption_test_group_4, |
| 357 encryption_test_group_5, |
| 358 }; |
| 359 |
| 360 bool DecodeHexString(const base::StringPiece& hex, std::string* bytes) { |
| 361 bytes->clear(); |
| 362 if (hex.empty()) |
| 363 return true; |
| 364 std::vector<uint8> v; |
| 365 if (!base::HexStringToBytes(hex.as_string(), &v)) |
| 366 return false; |
| 367 if (!v.empty()) |
| 368 bytes->assign(reinterpret_cast<const char*>(&v[0]), v.size()); |
| 369 return true; |
| 370 } |
| 371 |
| 372 class Aes128GcmHelpersTest : public ::testing::Test { |
| 373 public: |
| 374 enum Mode { DECRYPT, ENCRYPT }; |
| 375 |
| 376 void SetUp() override { EnsureNSSInit(); } |
| 377 |
| 378 bool DecryptOrEncrypt(Mode mode, |
| 379 const base::StringPiece& input, |
| 380 const base::StringPiece& key, |
| 381 const base::StringPiece& nonce, |
| 382 const base::StringPiece& aad, |
| 383 size_t auth_tag_size, |
| 384 std::string* output) { |
| 385 DCHECK(output); |
| 386 |
| 387 const CK_ATTRIBUTE_TYPE cka_mode = |
| 388 mode == DECRYPT ? CKA_DECRYPT : CKA_ENCRYPT; |
| 389 |
| 390 SECItem key_item; |
| 391 key_item.type = siBuffer; |
| 392 key_item.data = const_cast<unsigned char*>( |
| 393 reinterpret_cast<const unsigned char*>(key.data())); |
| 394 key_item.len = key.size(); |
| 395 |
| 396 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 397 DCHECK(slot); |
| 398 |
| 399 crypto::ScopedPK11SymKey aead_key( |
| 400 PK11_ImportSymKey(slot.get(), CKM_AES_GCM, PK11_OriginUnwrap, cka_mode, |
| 401 &key_item, nullptr)); |
| 402 |
| 403 CK_GCM_PARAMS gcm_params; |
| 404 gcm_params.pIv = const_cast<unsigned char*>( |
| 405 reinterpret_cast<const unsigned char*>(nonce.data())); |
| 406 gcm_params.ulIvLen = nonce.size(); |
| 407 |
| 408 gcm_params.pAAD = const_cast<unsigned char*>( |
| 409 reinterpret_cast<const unsigned char*>(aad.data())); |
| 410 |
| 411 gcm_params.ulAADLen = aad.size(); |
| 412 |
| 413 gcm_params.ulTagBits = auth_tag_size * 8; |
| 414 |
| 415 SECItem param; |
| 416 param.type = siBuffer; |
| 417 param.data = reinterpret_cast<unsigned char*>(&gcm_params); |
| 418 param.len = sizeof(CK_GCM_PARAMS); |
| 419 |
| 420 size_t maximum_output_length = input.size(); |
| 421 if (mode == ENCRYPT) |
| 422 maximum_output_length += auth_tag_size; |
| 423 |
| 424 unsigned int output_length = 0; |
| 425 unsigned char* raw_input = const_cast<unsigned char*>( |
| 426 reinterpret_cast<const unsigned char*>(input.data())); |
| 427 unsigned char* raw_output = reinterpret_cast<unsigned char*>( |
| 428 base::WriteInto(output, maximum_output_length + 1 /* null */)); |
| 429 |
| 430 PK11Helper_TransformFunction* transform_function = |
| 431 mode == DECRYPT ? PK11DecryptHelper : PK11EncryptHelper; |
| 432 |
| 433 const SECStatus result = transform_function( |
| 434 aead_key.get(), CKM_AES_GCM, ¶m, raw_output, &output_length, |
| 435 maximum_output_length, raw_input, input.size()); |
| 436 |
| 437 if (result != SECSuccess) |
| 438 return false; |
| 439 |
| 440 const size_t expected_output_length = mode == DECRYPT |
| 441 ? input.size() - auth_tag_size |
| 442 : input.size() + auth_tag_size; |
| 443 |
| 444 EXPECT_EQ(expected_output_length, output_length); |
| 445 |
| 446 output->resize(expected_output_length); |
| 447 return true; |
| 448 } |
| 449 |
| 450 private: |
| 451 // The prototype of PK11_Decrypt and PK11_Encrypt. |
| 452 using PK11Helper_TransformFunction = SECStatus(PK11SymKey* symKey, |
| 453 CK_MECHANISM_TYPE mechanism, |
| 454 SECItem* param, |
| 455 unsigned char* out, |
| 456 unsigned int* outLen, |
| 457 unsigned int maxLen, |
| 458 const unsigned char* data, |
| 459 unsigned int dataLen); |
| 460 }; |
| 461 |
| 462 } // namespace |
| 463 |
| 464 TEST_F(Aes128GcmHelpersTest, RoundTrip) { |
| 465 const std::string message = "Hello, world!"; |
| 466 |
| 467 const size_t kKeySize = 16; |
| 468 const size_t kNonceSize = 16; |
| 469 |
| 470 std::string key, nonce; |
| 471 RandBytes(base::WriteInto(&key, kKeySize + 1), kKeySize); |
| 472 RandBytes(base::WriteInto(&nonce, kNonceSize + 1), kNonceSize); |
| 473 |
| 474 // AEAD_AES_128_GCM is defined with a default authentication tag size of 16, |
| 475 // but RFC 5282 extends this to authentication tag sizes of 8 and 12 as well. |
| 476 size_t auth_tag_size = base::RandInt(2, 4) * 4; |
| 477 |
| 478 std::string encrypted; |
| 479 ASSERT_TRUE(DecryptOrEncrypt(ENCRYPT, message, key, nonce, |
| 480 base::StringPiece(), auth_tag_size, &encrypted)); |
| 481 |
| 482 std::string decrypted; |
| 483 ASSERT_TRUE(DecryptOrEncrypt(DECRYPT, encrypted, key, nonce, |
| 484 base::StringPiece(), auth_tag_size, &decrypted)); |
| 485 |
| 486 EXPECT_EQ(message, decrypted); |
| 487 } |
| 488 |
| 489 TEST_F(Aes128GcmHelpersTest, DecryptionVectors) { |
| 490 for (size_t i = 0; i < arraysize(decryption_test_group_array); i++) { |
| 491 SCOPED_TRACE(i); |
| 492 const TestVector* test_vectors = decryption_test_group_array[i]; |
| 493 const TestGroupInfo& test_info = test_group_info[i]; |
| 494 |
| 495 for (size_t j = 0; test_vectors[j].key != nullptr; j++) { |
| 496 // If not present then decryption is expected to fail. |
| 497 bool has_output = test_vectors[j].output; |
| 498 |
| 499 // Decode the test vector. |
| 500 std::string key, iv, input, aad, tag, expected_output; |
| 501 ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key)); |
| 502 ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv)); |
| 503 ASSERT_TRUE(DecodeHexString(test_vectors[j].input, &input)); |
| 504 ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad)); |
| 505 ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag)); |
| 506 if (has_output) |
| 507 ASSERT_TRUE(DecodeHexString(test_vectors[j].output, &expected_output)); |
| 508 |
| 509 // The test vector's lengths should look sane. Note that the lengths |
| 510 // in |test_info| are in bits. |
| 511 EXPECT_EQ(test_info.key_len, key.length() * 8); |
| 512 EXPECT_EQ(test_info.iv_len, iv.length() * 8); |
| 513 EXPECT_EQ(test_info.input_len, input.length() * 8); |
| 514 EXPECT_EQ(test_info.aad_len, aad.length() * 8); |
| 515 EXPECT_EQ(test_info.tag_len, tag.length() * 8); |
| 516 if (has_output) |
| 517 EXPECT_EQ(test_info.input_len, expected_output.length() * 8); |
| 518 |
| 519 const std::string ciphertext = input + tag; |
| 520 std::string output; |
| 521 |
| 522 if (!DecryptOrEncrypt(DECRYPT, ciphertext, key, iv, aad, tag.length(), |
| 523 &output)) { |
| 524 EXPECT_FALSE(has_output); |
| 525 continue; |
| 526 } |
| 527 |
| 528 EXPECT_TRUE(has_output); |
| 529 EXPECT_EQ(expected_output, output); |
| 530 } |
| 531 } |
| 532 } |
| 533 |
| 534 TEST_F(Aes128GcmHelpersTest, EncryptionVectors) { |
| 535 for (size_t i = 0; i < arraysize(encryption_test_group_array); i++) { |
| 536 SCOPED_TRACE(i); |
| 537 const TestVector* test_vectors = encryption_test_group_array[i]; |
| 538 const TestGroupInfo& test_info = test_group_info[i]; |
| 539 |
| 540 for (size_t j = 0; test_vectors[j].key != nullptr; j++) { |
| 541 // If not present then decryption is expected to fail. |
| 542 bool has_output = test_vectors[j].output; |
| 543 |
| 544 // Decode the test vector. |
| 545 std::string key, iv, input, aad, tag, expected_output; |
| 546 ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key)); |
| 547 ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv)); |
| 548 ASSERT_TRUE(DecodeHexString(test_vectors[j].input, &input)); |
| 549 ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad)); |
| 550 ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag)); |
| 551 if (has_output) |
| 552 ASSERT_TRUE(DecodeHexString(test_vectors[j].output, &expected_output)); |
| 553 |
| 554 // The test vector's lengths should look sane. Note that the lengths |
| 555 // in |test_info| are in bits. |
| 556 EXPECT_EQ(test_info.key_len, key.length() * 8); |
| 557 EXPECT_EQ(test_info.iv_len, iv.length() * 8); |
| 558 EXPECT_EQ(test_info.input_len, input.length() * 8); |
| 559 EXPECT_EQ(test_info.aad_len, aad.length() * 8); |
| 560 EXPECT_EQ(test_info.tag_len, tag.length() * 8); |
| 561 if (has_output) |
| 562 EXPECT_EQ(test_info.input_len, expected_output.length() * 8); |
| 563 |
| 564 std::string output; |
| 565 |
| 566 if (!DecryptOrEncrypt(ENCRYPT, input, key, iv, aad, tag.length(), |
| 567 &output)) { |
| 568 EXPECT_FALSE(has_output); |
| 569 continue; |
| 570 } |
| 571 |
| 572 const std::string expected_output_with_tag = expected_output + tag; |
| 573 |
| 574 EXPECT_TRUE(has_output); |
| 575 EXPECT_EQ(expected_output_with_tag, output); |
| 576 } |
| 577 } |
| 578 } |
| 579 |
| 580 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
