OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" | |
6 | |
7 #include "net/quic/test_tools/quic_test_utils.h" | |
8 | |
9 using base::StringPiece; | |
10 using std::string; | |
11 | |
12 namespace { | |
13 | |
14 // The AES GCM test vectors come from the file gcmEncryptExtIV128.rsp | |
15 // downloaded from http://csrc.nist.gov/groups/STM/cavp/index.html on | |
16 // 2013-02-01. The test vectors in that file look like this: | |
17 // | |
18 // [Keylen = 128] | |
19 // [IVlen = 96] | |
20 // [PTlen = 0] | |
21 // [AADlen = 0] | |
22 // [Taglen = 128] | |
23 // | |
24 // Count = 0 | |
25 // Key = 11754cd72aec309bf52f7687212e8957 | |
26 // IV = 3c819d9a9bed087615030b65 | |
27 // PT = | |
28 // AAD = | |
29 // CT = | |
30 // Tag = 250327c674aaf477aef2675748cf6971 | |
31 // | |
32 // Count = 1 | |
33 // Key = ca47248ac0b6f8372a97ac43508308ed | |
34 // IV = ffd2b598feabc9019262d2be | |
35 // PT = | |
36 // AAD = | |
37 // CT = | |
38 // Tag = 60d20404af527d248d893ae495707d1a | |
39 // | |
40 // ... | |
41 // | |
42 // The gcmEncryptExtIV128.rsp file is huge (2.8 MB), so I selected just a | |
43 // few test vectors for this unit test. | |
44 | |
45 // Describes a group of test vectors that all have a given key length, IV | |
46 // length, plaintext length, AAD length, and tag length. | |
47 struct TestGroupInfo { | |
48 size_t key_len; | |
49 size_t iv_len; | |
50 size_t pt_len; | |
51 size_t aad_len; | |
52 size_t tag_len; | |
53 }; | |
54 | |
55 // Each test vector consists of six strings of lowercase hexadecimal digits. | |
56 // The strings may be empty (zero length). A test vector with a NULL |key| | |
57 // marks the end of an array of test vectors. | |
58 struct TestVector { | |
59 const char* key; | |
60 const char* iv; | |
61 const char* pt; | |
62 const char* aad; | |
63 const char* ct; | |
64 const char* tag; | |
65 }; | |
66 | |
67 const TestGroupInfo test_group_info[] = { | |
68 { 128, 96, 0, 0, 128 }, | |
69 { 128, 96, 0, 128, 128 }, | |
70 { 128, 96, 128, 0, 128 }, | |
71 { 128, 96, 408, 160, 128 }, | |
72 { 128, 96, 408, 720, 128 }, | |
73 { 128, 96, 104, 0, 128 }, | |
74 }; | |
75 | |
76 const TestVector test_group_0[] = { | |
77 { "11754cd72aec309bf52f7687212e8957", | |
78 "3c819d9a9bed087615030b65", | |
79 "", | |
80 "", | |
81 "", | |
82 "250327c674aaf477aef2675748cf6971" | |
83 }, | |
84 { "ca47248ac0b6f8372a97ac43508308ed", | |
85 "ffd2b598feabc9019262d2be", | |
86 "", | |
87 "", | |
88 "", | |
89 "60d20404af527d248d893ae495707d1a" | |
90 }, | |
91 { NULL } | |
92 }; | |
93 | |
94 const TestVector test_group_1[] = { | |
95 { "77be63708971c4e240d1cb79e8d77feb", | |
96 "e0e00f19fed7ba0136a797f3", | |
97 "", | |
98 "7a43ec1d9c0a5a78a0b16533a6213cab", | |
99 "", | |
100 "209fcc8d3675ed938e9c7166709dd946" | |
101 }, | |
102 { "7680c5d3ca6154758e510f4d25b98820", | |
103 "f8f105f9c3df4965780321f8", | |
104 "", | |
105 "c94c410194c765e3dcc7964379758ed3", | |
106 "", | |
107 "94dca8edfcf90bb74b153c8d48a17930" | |
108 }, | |
109 { NULL } | |
110 }; | |
111 | |
112 const TestVector test_group_2[] = { | |
113 { "7fddb57453c241d03efbed3ac44e371c", | |
114 "ee283a3fc75575e33efd4887", | |
115 "d5de42b461646c255c87bd2962d3b9a2", | |
116 "", | |
117 "2ccda4a5415cb91e135c2a0f78c9b2fd", | |
118 "b36d1df9b9d5e596f83e8b7f52971cb3" | |
119 }, | |
120 { "ab72c77b97cb5fe9a382d9fe81ffdbed", | |
121 "54cc7dc2c37ec006bcc6d1da", | |
122 "007c5e5b3e59df24a7c355584fc1518d", | |
123 "", | |
124 "0e1bde206a07a9c2c1b65300f8c64997", | |
125 "2b4401346697138c7a4891ee59867d0c" | |
126 }, | |
127 { NULL } | |
128 }; | |
129 | |
130 const TestVector test_group_3[] = { | |
131 { "fe47fcce5fc32665d2ae399e4eec72ba", | |
132 "5adb9609dbaeb58cbd6e7275", | |
133 "7c0e88c88899a779228465074797cd4c2e1498d259b54390b85e3eef1c02df60e743f1" | |
134 "b840382c4bccaf3bafb4ca8429bea063", | |
135 "88319d6e1d3ffa5f987199166c8a9b56c2aeba5a", | |
136 "98f4826f05a265e6dd2be82db241c0fbbbf9ffb1c173aa83964b7cf539304373636525" | |
137 "3ddbc5db8778371495da76d269e5db3e", | |
138 "291ef1982e4defedaa2249f898556b47" | |
139 }, | |
140 { "ec0c2ba17aa95cd6afffe949da9cc3a8", | |
141 "296bce5b50b7d66096d627ef", | |
142 "b85b3753535b825cbe5f632c0b843c741351f18aa484281aebec2f45bb9eea2d79d987" | |
143 "b764b9611f6c0f8641843d5d58f3a242", | |
144 "f8d00f05d22bf68599bcdeb131292ad6e2df5d14", | |
145 "a7443d31c26bdf2a1c945e29ee4bd344a99cfaf3aa71f8b3f191f83c2adfc7a0716299" | |
146 "5506fde6309ffc19e716eddf1a828c5a", | |
147 "890147971946b627c40016da1ecf3e77" | |
148 }, | |
149 { NULL } | |
150 }; | |
151 | |
152 const TestVector test_group_4[] = { | |
153 { "2c1f21cf0f6fb3661943155c3e3d8492", | |
154 "23cb5ff362e22426984d1907", | |
155 "42f758836986954db44bf37c6ef5e4ac0adaf38f27252a1b82d02ea949c8a1a2dbc0d6" | |
156 "8b5615ba7c1220ff6510e259f06655d8", | |
157 "5d3624879d35e46849953e45a32a624d6a6c536ed9857c613b572b0333e701557a713e" | |
158 "3f010ecdf9a6bd6c9e3e44b065208645aff4aabee611b391528514170084ccf587177f" | |
159 "4488f33cfb5e979e42b6e1cfc0a60238982a7aec", | |
160 "81824f0e0d523db30d3da369fdc0d60894c7a0a20646dd015073ad2732bd989b14a222" | |
161 "b6ad57af43e1895df9dca2a5344a62cc", | |
162 "57a3ee28136e94c74838997ae9823f3a" | |
163 }, | |
164 { "d9f7d2411091f947b4d6f1e2d1f0fb2e", | |
165 "e1934f5db57cc983e6b180e7", | |
166 "73ed042327f70fe9c572a61545eda8b2a0c6e1d6c291ef19248e973aee6c312012f490" | |
167 "c2c6f6166f4a59431e182663fcaea05a", | |
168 "0a8a18a7150e940c3d87b38e73baee9a5c049ee21795663e264b694a949822b639092d" | |
169 "0e67015e86363583fcf0ca645af9f43375f05fdb4ce84f411dcbca73c2220dea03a201" | |
170 "15d2e51398344b16bee1ed7c499b353d6c597af8", | |
171 "aaadbd5c92e9151ce3db7210b8714126b73e43436d242677afa50384f2149b831f1d57" | |
172 "3c7891c2a91fbc48db29967ec9542b23", | |
173 "21b51ca862cb637cdd03b99a0f93b134" | |
174 }, | |
175 { NULL } | |
176 }; | |
177 | |
178 const TestVector test_group_5[] = { | |
179 { "fe9bb47deb3a61e423c2231841cfd1fb", | |
180 "4d328eb776f500a2f7fb47aa", | |
181 "f1cc3818e421876bb6b8bbd6c9", | |
182 "", | |
183 "b88c5c1977b35b517b0aeae967", | |
184 "43fd4727fe5cdb4b5b42818dea7ef8c9" | |
185 }, | |
186 { "6703df3701a7f54911ca72e24dca046a", | |
187 "12823ab601c350ea4bc2488c", | |
188 "793cd125b0b84a043e3ac67717", | |
189 "", | |
190 "b2051c80014f42f08735a7b0cd", | |
191 "38e6bcd29962e5f2c13626b85a877101" | |
192 }, | |
193 { NULL } | |
194 }; | |
195 | |
196 const TestVector* const test_group_array[] = { | |
197 test_group_0, | |
198 test_group_1, | |
199 test_group_2, | |
200 test_group_3, | |
201 test_group_4, | |
202 test_group_5, | |
203 }; | |
204 | |
205 } // namespace | |
206 | |
207 namespace net { | |
208 namespace test { | |
209 | |
210 // EncryptWithNonce wraps the |Encrypt| method of |encrypter| to allow passing | |
211 // in an nonce and also to allocate the buffer needed for the ciphertext. | |
212 QuicData* EncryptWithNonce(Aes128Gcm12Encrypter* encrypter, | |
213 StringPiece nonce, | |
214 StringPiece associated_data, | |
215 StringPiece plaintext) { | |
216 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); | |
217 scoped_ptr<char[]> ciphertext(new char[ciphertext_size]); | |
218 | |
219 if (!encrypter->Encrypt(nonce, associated_data, plaintext, | |
220 reinterpret_cast<unsigned char*>(ciphertext.get()))) { | |
221 return nullptr; | |
222 } | |
223 | |
224 return new QuicData(ciphertext.release(), ciphertext_size, true); | |
225 } | |
226 | |
227 TEST(Aes128Gcm12EncrypterTest, Encrypt) { | |
228 for (size_t i = 0; i < arraysize(test_group_array); i++) { | |
229 SCOPED_TRACE(i); | |
230 const TestVector* test_vectors = test_group_array[i]; | |
231 const TestGroupInfo& test_info = test_group_info[i]; | |
232 for (size_t j = 0; test_vectors[j].key != nullptr; j++) { | |
233 // Decode the test vector. | |
234 string key; | |
235 string iv; | |
236 string pt; | |
237 string aad; | |
238 string ct; | |
239 string tag; | |
240 ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key)); | |
241 ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv)); | |
242 ASSERT_TRUE(DecodeHexString(test_vectors[j].pt, &pt)); | |
243 ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad)); | |
244 ASSERT_TRUE(DecodeHexString(test_vectors[j].ct, &ct)); | |
245 ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag)); | |
246 | |
247 // The test vector's lengths should look sane. Note that the lengths | |
248 // in |test_info| are in bits. | |
249 EXPECT_EQ(test_info.key_len, key.length() * 8); | |
250 EXPECT_EQ(test_info.iv_len, iv.length() * 8); | |
251 EXPECT_EQ(test_info.pt_len, pt.length() * 8); | |
252 EXPECT_EQ(test_info.aad_len, aad.length() * 8); | |
253 EXPECT_EQ(test_info.pt_len, ct.length() * 8); | |
254 EXPECT_EQ(test_info.tag_len, tag.length() * 8); | |
255 | |
256 Aes128Gcm12Encrypter encrypter; | |
257 ASSERT_TRUE(encrypter.SetKey(key)); | |
258 scoped_ptr<QuicData> encrypted(EncryptWithNonce( | |
259 &encrypter, iv, | |
260 // This deliberately tests that the encrypter can handle an AAD that | |
261 // is set to nullptr, as opposed to a zero-length, non-nullptr | |
262 // pointer. | |
263 aad.length() ? aad : StringPiece(), pt)); | |
264 ASSERT_TRUE(encrypted.get()); | |
265 | |
266 // The test vectors have 16 byte authenticators but this code only uses | |
267 // the first 12. | |
268 ASSERT_LE(static_cast<size_t>(Aes128Gcm12Encrypter::kAuthTagSize), | |
269 tag.length()); | |
270 tag.resize(Aes128Gcm12Encrypter::kAuthTagSize); | |
271 | |
272 ASSERT_EQ(ct.length() + tag.length(), encrypted->length()); | |
273 test::CompareCharArraysWithHexError("ciphertext", encrypted->data(), | |
274 ct.length(), ct.data(), ct.length()); | |
275 test::CompareCharArraysWithHexError( | |
276 "authentication tag", encrypted->data() + ct.length(), tag.length(), | |
277 tag.data(), tag.length()); | |
278 } | |
279 } | |
280 } | |
281 | |
282 TEST(Aes128Gcm12EncrypterTest, GetMaxPlaintextSize) { | |
283 Aes128Gcm12Encrypter encrypter; | |
284 EXPECT_EQ(1000u, encrypter.GetMaxPlaintextSize(1012)); | |
285 EXPECT_EQ(100u, encrypter.GetMaxPlaintextSize(112)); | |
286 EXPECT_EQ(10u, encrypter.GetMaxPlaintextSize(22)); | |
287 } | |
288 | |
289 TEST(Aes128Gcm12EncrypterTest, GetCiphertextSize) { | |
290 Aes128Gcm12Encrypter encrypter; | |
291 EXPECT_EQ(1012u, encrypter.GetCiphertextSize(1000)); | |
292 EXPECT_EQ(112u, encrypter.GetCiphertextSize(100)); | |
293 EXPECT_EQ(22u, encrypter.GetCiphertextSize(10)); | |
294 } | |
295 | |
296 } // namespace test | |
297 } // namespace net | |
OLD | NEW |