Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / content / child / webcrypto / test / aes_gcm_unittest.cc
blob20d5e9e6806bf1f633e96f9ded58d6a0c7f43074
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/stl_util.h"
6 #include "content/child/webcrypto/algorithm_dispatch.h"
7 #include "content/child/webcrypto/crypto_data.h"
8 #include "content/child/webcrypto/status.h"
9 #include "content/child/webcrypto/test/test_helpers.h"
10 #include "content/child/webcrypto/webcrypto_util.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
15 namespace content {
17 namespace webcrypto {
19 namespace {
21 // Creates an AES-GCM algorithm.
22 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
23 const std::vector<uint8_t>& iv,
24 const std::vector<uint8_t>& additional_data,
25 unsigned int tag_length_bits) {
26 EXPECT_TRUE(SupportsAesGcm());
27 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
28 blink::WebCryptoAlgorithmIdAesGcm,
29 new blink::WebCryptoAesGcmParams(vector_as_array(&iv),
30 iv.size(),
31 true,
32 vector_as_array(&additional_data),
33 additional_data.size(),
34 true,
35 tag_length_bits));
38 blink::WebCryptoAlgorithm CreateAesGcmKeyGenAlgorithm(
39 unsigned short key_length_bits) {
40 EXPECT_TRUE(SupportsAesGcm());
41 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm,
42 key_length_bits);
45 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
46 const std::vector<uint8_t>& iv,
47 const std::vector<uint8_t>& additional_data,
48 unsigned int tag_length_bits,
49 const std::vector<uint8_t>& plain_text,
50 std::vector<uint8_t>* cipher_text,
51 std::vector<uint8_t>* authentication_tag) {
52 EXPECT_TRUE(SupportsAesGcm());
53 blink::WebCryptoAlgorithm algorithm =
54 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
56 std::vector<uint8_t> output;
57 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
58 if (status.IsError())
59 return status;
61 if ((tag_length_bits % 8) != 0) {
62 EXPECT_TRUE(false) << "Encrypt should have failed.";
63 return Status::OperationError();
66 size_t tag_length_bytes = tag_length_bits / 8;
68 if (tag_length_bytes > output.size()) {
69 EXPECT_TRUE(false) << "tag length is larger than output";
70 return Status::OperationError();
73 // The encryption result is cipher text with authentication tag appended.
74 cipher_text->assign(output.begin(),
75 output.begin() + (output.size() - tag_length_bytes));
76 authentication_tag->assign(output.begin() + cipher_text->size(),
77 output.end());
79 return Status::Success();
82 Status AesGcmDecrypt(const blink::WebCryptoKey& key,
83 const std::vector<uint8_t>& iv,
84 const std::vector<uint8_t>& additional_data,
85 unsigned int tag_length_bits,
86 const std::vector<uint8_t>& cipher_text,
87 const std::vector<uint8_t>& authentication_tag,
88 std::vector<uint8_t>* plain_text) {
89 EXPECT_TRUE(SupportsAesGcm());
90 blink::WebCryptoAlgorithm algorithm =
91 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
93 // Join cipher text and authentication tag.
94 std::vector<uint8_t> cipher_text_with_tag;
95 cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size());
96 cipher_text_with_tag.insert(
97 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
98 cipher_text_with_tag.insert(cipher_text_with_tag.end(),
99 authentication_tag.begin(),
100 authentication_tag.end());
102 return Decrypt(algorithm, key, CryptoData(cipher_text_with_tag), plain_text);
105 TEST(WebCryptoAesGcmTest, GenerateKeyBadLength) {
106 if (!SupportsAesGcm()) {
107 LOG(WARNING) << "AES GCM not supported, skipping tests";
108 return;
111 const unsigned short kKeyLen[] = {0, 127, 257};
112 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
113 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
114 SCOPED_TRACE(i);
115 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
116 GenerateSecretKey(
117 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
121 TEST(WebCryptoAesGcmTest, ImportExportJwk) {
122 // Some Linux test runners may not have a new enough version of NSS.
123 if (!SupportsAesGcm()) {
124 LOG(WARNING) << "AES GCM not supported, skipping tests";
125 return;
128 const blink::WebCryptoAlgorithm algorithm =
129 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm);
131 // AES-GCM 128
132 ImportExportJwkSymmetricKey(
133 128,
134 algorithm,
135 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
136 "A128GCM");
138 // AES-GCM 256
139 ImportExportJwkSymmetricKey(
140 256, algorithm, blink::WebCryptoKeyUsageDecrypt, "A256GCM");
143 // TODO(eroman):
144 // * Test decryption when the tag length exceeds input size
145 // * Test decryption with empty input
146 // * Test decryption with tag length of 0.
147 TEST(WebCryptoAesGcmTest, SampleSets) {
148 // Some Linux test runners may not have a new enough version of NSS.
149 if (!SupportsAesGcm()) {
150 LOG(WARNING) << "AES GCM not supported, skipping tests";
151 return;
154 scoped_ptr<base::ListValue> tests;
155 ASSERT_TRUE(ReadJsonTestFileToList("aes_gcm.json", &tests));
157 // Note that WebCrypto appends the authentication tag to the ciphertext.
158 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
159 SCOPED_TRACE(test_index);
160 base::DictionaryValue* test;
161 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
163 const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
164 const std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
165 const std::vector<uint8_t> test_additional_data =
166 GetBytesFromHexString(test, "additional_data");
167 const std::vector<uint8_t> test_plain_text =
168 GetBytesFromHexString(test, "plain_text");
169 const std::vector<uint8_t> test_authentication_tag =
170 GetBytesFromHexString(test, "authentication_tag");
171 const unsigned int test_tag_size_bits = test_authentication_tag.size() * 8;
172 const std::vector<uint8_t> test_cipher_text =
173 GetBytesFromHexString(test, "cipher_text");
175 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
176 test_key,
177 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
178 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
180 // Verify exported raw key is identical to the imported data
181 std::vector<uint8_t> raw_key;
182 EXPECT_EQ(Status::Success(),
183 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
185 EXPECT_BYTES_EQ(test_key, raw_key);
187 // Test encryption.
188 std::vector<uint8_t> cipher_text;
189 std::vector<uint8_t> authentication_tag;
190 EXPECT_EQ(Status::Success(),
191 AesGcmEncrypt(key,
192 test_iv,
193 test_additional_data,
194 test_tag_size_bits,
195 test_plain_text,
196 &cipher_text,
197 &authentication_tag));
199 EXPECT_BYTES_EQ(test_cipher_text, cipher_text);
200 EXPECT_BYTES_EQ(test_authentication_tag, authentication_tag);
202 // Test decryption.
203 std::vector<uint8_t> plain_text;
204 EXPECT_EQ(Status::Success(),
205 AesGcmDecrypt(key,
206 test_iv,
207 test_additional_data,
208 test_tag_size_bits,
209 test_cipher_text,
210 test_authentication_tag,
211 &plain_text));
212 EXPECT_BYTES_EQ(test_plain_text, plain_text);
214 // Decryption should fail if any of the inputs are tampered with.
215 EXPECT_EQ(Status::OperationError(),
216 AesGcmDecrypt(key,
217 Corrupted(test_iv),
218 test_additional_data,
219 test_tag_size_bits,
220 test_cipher_text,
221 test_authentication_tag,
222 &plain_text));
223 EXPECT_EQ(Status::OperationError(),
224 AesGcmDecrypt(key,
225 test_iv,
226 Corrupted(test_additional_data),
227 test_tag_size_bits,
228 test_cipher_text,
229 test_authentication_tag,
230 &plain_text));
231 EXPECT_EQ(Status::OperationError(),
232 AesGcmDecrypt(key,
233 test_iv,
234 test_additional_data,
235 test_tag_size_bits,
236 Corrupted(test_cipher_text),
237 test_authentication_tag,
238 &plain_text));
239 EXPECT_EQ(Status::OperationError(),
240 AesGcmDecrypt(key,
241 test_iv,
242 test_additional_data,
243 test_tag_size_bits,
244 test_cipher_text,
245 Corrupted(test_authentication_tag),
246 &plain_text));
248 // Try different incorrect tag lengths
249 uint8_t kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255};
250 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) {
251 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i];
252 if (test_tag_size_bits == wrong_tag_size_bits)
253 continue;
254 EXPECT_NE(Status::Success(),
255 AesGcmDecrypt(key,
256 test_iv,
257 test_additional_data,
258 wrong_tag_size_bits,
259 test_cipher_text,
260 test_authentication_tag,
261 &plain_text));
266 } // namespace
268 } // namespace webcrypto
270 } // namespace content