Chromium Code Reviews Chromium Code Reviews
Issue 24656002:
[webcrypto] Add decrypt() for AES-CBC. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "webcrypto_impl.h" | 5 #include "webcrypto_impl.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| (...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 114 | 114 |
| 115 bool EncryptInternal( | 115 bool EncryptInternal( |
| 116 const WebKit::WebCryptoAlgorithm& algorithm, | 116 const WebKit::WebCryptoAlgorithm& algorithm, |
| 117 const WebKit::WebCryptoKey& key, | 117 const WebKit::WebCryptoKey& key, |
| 118 const unsigned char* data, | 118 const unsigned char* data, |
| 119 unsigned data_size, | 119 unsigned data_size, |
| 120 WebKit::WebArrayBuffer* buffer) { | 120 WebKit::WebArrayBuffer* buffer) { |
| 121 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); | 121 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); |
| 122 } | 122 } |
| 123 | 123 |
| 124 bool DecryptInternal( | |
| 125 const WebKit::WebCryptoAlgorithm& algorithm, | |
| 126 const WebKit::WebCryptoKey& key, | |
| 127 const unsigned char* data, | |
| 128 unsigned data_size, | |
| 129 WebKit::WebArrayBuffer* buffer) { | |
| 130 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); | |
| 131 } | |
| 132 | |
| 124 private: | 133 private: |
| 125 WebCryptoImpl crypto_; | 134 WebCryptoImpl crypto_; |
| 126 }; | 135 }; |
| 127 | 136 |
| 128 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 137 TEST_F(WebCryptoImplTest, DigestSampleSets) { |
| 129 // The results are stored here in hex format for readability. | 138 // The results are stored here in hex format for readability. |
| 130 // | 139 // |
| 131 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced | 140 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced |
| 132 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 | 141 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 |
| 133 // | 142 // |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 308 | 317 |
| 309 WebKit::WebArrayBuffer output; | 318 WebKit::WebArrayBuffer output; |
| 310 | 319 |
| 311 ASSERT_TRUE(SignInternal( | 320 ASSERT_TRUE(SignInternal( |
| 312 algorithm, key, message_raw.data(), message_raw.size(), &output)); | 321 algorithm, key, message_raw.data(), message_raw.size(), &output)); |
| 313 | 322 |
| 314 ExpectArrayBufferMatchesHex(test.mac, output); | 323 ExpectArrayBufferMatchesHex(test.mac, output); |
| 315 } | 324 } |
| 316 } | 325 } |
| 317 | 326 |
| 318 TEST_F(WebCryptoImplTest, AesCbcEncryptionFailures) { | 327 TEST_F(WebCryptoImplTest, AesCbcFailures) { |
| 319 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 328 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
| 320 "2b7e151628aed2a6abf7158809cf4f3c", | 329 "2b7e151628aed2a6abf7158809cf4f3c", |
| 321 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), | 330 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), |
| 322 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); | 331 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); |
| 323 | 332 |
| 324 WebKit::WebArrayBuffer output; | 333 WebKit::WebArrayBuffer output; |
| 325 | 334 |
| 326 // Use an invalid |iv| (fewer than 16 bytes) | 335 // Use an invalid |iv| (fewer than 16 bytes) |
| 327 { | 336 { |
| 328 std::vector<uint8> plain_text(33); | 337 std::vector<uint8> input(32); |
| 329 std::vector<uint8> iv; | 338 std::vector<uint8> iv; |
| 330 EXPECT_FALSE(EncryptInternal(CreateAesCbcAlgorithm(iv), | 339 EXPECT_FALSE(EncryptInternal( |
| 331 key, | 340 CreateAesCbcAlgorithm(iv), key, input.data(), input.size(), &output)); |
| 332 plain_text.data(), | 341 EXPECT_FALSE(DecryptInternal( |
| 333 plain_text.size(), | 342 CreateAesCbcAlgorithm(iv), key, input.data(), input.size(), &output)); |
| 334 &output)); | |
| 335 } | 343 } |
| 336 | 344 |
| 337 // Use an invalid |iv| (more than 16 bytes) | 345 // Use an invalid |iv| (more than 16 bytes) |
| 338 { | 346 { |
| 339 std::vector<uint8> plain_text(33); | 347 std::vector<uint8> input(32); |
| 340 std::vector<uint8> iv(17); | 348 std::vector<uint8> iv(17); |
| 341 EXPECT_FALSE(EncryptInternal(CreateAesCbcAlgorithm(iv), | 349 EXPECT_FALSE(EncryptInternal( |
| 342 key, | 350 CreateAesCbcAlgorithm(iv), key, input.data(), input.size(), &output)); |
| 343 plain_text.data(), | 351 EXPECT_FALSE(DecryptInternal( |
| 344 plain_text.size(), | 352 CreateAesCbcAlgorithm(iv), key, input.data(), input.size(), &output)); |
| 345 &output)); | |
| 346 } | 353 } |
| 347 | 354 |
| 348 // Give an input that is too large (would cause integer overflow when | 355 // Give an input that is too large (would cause integer overflow when |
| 349 // narrowing to an int). | 356 // narrowing to an int). |
| 350 { | 357 { |
| 351 std::vector<uint8> iv(16); | 358 std::vector<uint8> iv(16); |
| 352 | 359 |
| 353 // Pretend the input is large. Don't pass data pointer as NULL in case that | 360 // Pretend the input is large. Don't pass data pointer as NULL in case that |
| 354 // is special cased; the implementation shouldn't actually dereference the | 361 // is special cased; the implementation shouldn't actually dereference the |
| 355 // data. | 362 // data. |
| 356 const unsigned char* plain_text = iv.data(); | 363 const unsigned char* input = iv.data(); |
| 357 unsigned plain_text_len = INT_MAX - 3; | 364 unsigned input_len = INT_MAX - 3; |
| 358 | 365 |
| 359 EXPECT_FALSE(EncryptInternal( | 366 EXPECT_FALSE(EncryptInternal( |
| 360 CreateAesCbcAlgorithm(iv), key, plain_text, plain_text_len, &output)); | 367 CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); |
| 368 EXPECT_FALSE(DecryptInternal( | |
| 369 CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | |
| 361 } | 370 } |
| 362 | 371 |
| 363 // Fail importing the key (too few bytes specified) | 372 // Fail importing the key (too few bytes specified) |
| 364 { | 373 { |
| 365 WebKit::WebCryptoKeyType type; | 374 WebKit::WebCryptoKeyType type; |
| 366 scoped_ptr<WebKit::WebCryptoKeyHandle> handle; | 375 scoped_ptr<WebKit::WebCryptoKeyHandle> handle; |
| 367 | 376 |
| 368 std::vector<uint8> key_raw(1); | 377 std::vector<uint8> key_raw(1); |
| 369 std::vector<uint8> iv(16); | 378 std::vector<uint8> iv(16); |
| 370 | 379 |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 463 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 472 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
| 464 test.key, | 473 test.key, |
| 465 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), | 474 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), |
| 466 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); | 475 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); |
| 467 | 476 |
| 468 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); | 477 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); |
| 469 std::vector<uint8> iv = HexStringToBytes(test.iv); | 478 std::vector<uint8> iv = HexStringToBytes(test.iv); |
| 470 | 479 |
| 471 WebKit::WebArrayBuffer output; | 480 WebKit::WebArrayBuffer output; |
| 472 | 481 |
| 482 // Test encryption. | |
| 473 EXPECT_TRUE(EncryptInternal(CreateAesCbcAlgorithm(iv), | 483 EXPECT_TRUE(EncryptInternal(CreateAesCbcAlgorithm(iv), |
| 474 key, | 484 key, |
| 475 plain_text.data(), | 485 plain_text.data(), |
| 476 plain_text.size(), | 486 plain_text.size(), |
| 477 &output)); | 487 &output)); |
| 488 ExpectArrayBufferMatchesHex(test.cipher_text, output); | |
| 478 | 489 |
| 479 ExpectArrayBufferMatchesHex(test.cipher_text, output); | 490 // Test decryption. |
| 491 std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text); | |
| 492 EXPECT_TRUE(DecryptInternal(CreateAesCbcAlgorithm(iv), | |
| 493 key, | |
| 494 cipher_text.data(), | |
| 495 cipher_text.size(), | |
| 496 &output)); | |
| 497 ExpectArrayBufferMatchesHex(test.plain_text, output); | |
| 498 | |
| 499 const unsigned kAesCbcBlockSize = 16; | |
| 500 | |
| 501 // Decrypt with a padding error by stripping the last block. This also ends | |
| 502 // up testing decryption over empty cipher text. | |
| 503 if (cipher_text.size() >= kAesCbcBlockSize) { | |
| 504 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), | |
|
Ryan Sleevi
2013/09/25 20:36:14
This reminds me: There should be a test for Encryp
eroman
2013/09/25 20:39:13
The last test vector in AesCbcSampleSets does that
Ryan Sleevi
2013/09/25 20:41:05
D'oh. Missed that. Yup.
| |
| 505 key, | |
| 506 cipher_text.data(), | |
| 507 cipher_text.size() - kAesCbcBlockSize, | |
| 508 &output)); | |
| 509 } | |
| 510 | |
| 511 // Decrypt cipher text which is not block-aligned, by stripping a few bytes | |
| 512 // off the cipher text. | |
| 513 if (cipher_text.size() > 3) { | |
| 514 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), | |
| 515 key, | |
| 516 cipher_text.data(), | |
| 517 cipher_text.size() - 3, | |
| 518 &output)); | |
| 519 } | |
| 480 } | 520 } |
| 481 } | 521 } |
| 482 | 522 |
| 483 } // namespace content | 523 } // namespace content |
| OLD | NEW |
