search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Revert "Add sbox tests related to warming up of locales."
[chromium-blink-merge.git] / components / webcrypto / test / aes_gcm_unittest.cc
blob28ebc2796f60dd71e01607ce97297fc6fbd19ef6
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/stl_util.h"
6 #include "components/webcrypto/algorithm_dispatch.h"
7 #include "components/webcrypto/crypto_data.h"
8 #include "components/webcrypto/status.h"
9 #include "components/webcrypto/test/test_helpers.h"
10 #include "components/webcrypto/webcrypto_util.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
14
15 namespace webcrypto {
16
17 namespace {
18
19 // Creates an AES-GCM algorithm.
20 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
21 const std::vector<uint8_t>& iv,
22 const std::vector<uint8_t>& additional_data,
23 unsigned int tag_length_bits) {
24 EXPECT_TRUE(SupportsAesGcm());
25 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
26 blink::WebCryptoAlgorithmIdAesGcm,
27 new blink::WebCryptoAesGcmParams(
28 vector_as_array(&iv), static_cast<unsigned int>(iv.size()), true,
29 vector_as_array(&additional_data),
30 static_cast<unsigned int>(additional_data.size()), true,
31 tag_length_bits));
32 }
33
34 blink::WebCryptoAlgorithm CreateAesGcmKeyGenAlgorithm(
35 unsigned short key_length_bits) {
36 EXPECT_TRUE(SupportsAesGcm());
37 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm,
38 key_length_bits);
39 }
40
41 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
42 const std::vector<uint8_t>& iv,
43 const std::vector<uint8_t>& additional_data,
44 unsigned int tag_length_bits,
45 const std::vector<uint8_t>& plain_text,
46 std::vector<uint8_t>* cipher_text,
47 std::vector<uint8_t>* authentication_tag) {
48 EXPECT_TRUE(SupportsAesGcm());
49 blink::WebCryptoAlgorithm algorithm =
50 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
51
52 std::vector<uint8_t> output;
53 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
54 if (status.IsError())
55 return status;
56
57 if ((tag_length_bits % 8) != 0) {
58 ADD_FAILURE() << "Encrypt should have failed.";
59 return Status::OperationError();
60 }
61
62 size_t tag_length_bytes = tag_length_bits / 8;
63
64 if (tag_length_bytes > output.size()) {
65 ADD_FAILURE() << "tag length is larger than output";
66 return Status::OperationError();
67 }
68
69 // The encryption result is cipher text with authentication tag appended.
70 cipher_text->assign(output.begin(),
71 output.begin() + (output.size() - tag_length_bytes));
72 authentication_tag->assign(output.begin() + cipher_text->size(),
73 output.end());
74
75 return Status::Success();
76 }
77
78 Status AesGcmDecrypt(const blink::WebCryptoKey& key,
79 const std::vector<uint8_t>& iv,
80 const std::vector<uint8_t>& additional_data,
81 unsigned int tag_length_bits,
82 const std::vector<uint8_t>& cipher_text,
83 const std::vector<uint8_t>& authentication_tag,
84 std::vector<uint8_t>* plain_text) {
85 EXPECT_TRUE(SupportsAesGcm());
86 blink::WebCryptoAlgorithm algorithm =
87 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
88
89 // Join cipher text and authentication tag.
90 std::vector<uint8_t> cipher_text_with_tag;
91 cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size());
92 cipher_text_with_tag.insert(cipher_text_with_tag.end(), cipher_text.begin(),
93 cipher_text.end());
94 cipher_text_with_tag.insert(cipher_text_with_tag.end(),
95 authentication_tag.begin(),
96 authentication_tag.end());
97
98 return Decrypt(algorithm, key, CryptoData(cipher_text_with_tag), plain_text);
99 }
100
101 class WebCryptoAesGcmTest : public WebCryptoTestBase {};
102
103 TEST_F(WebCryptoAesGcmTest, GenerateKeyBadLength) {
104 if (!SupportsAesGcm()) {
105 LOG(WARNING) << "AES GCM not supported, skipping tests";
106 return;
107 }
108
109 const unsigned short kKeyLen[] = {0, 127, 257};
110 blink::WebCryptoKey key;
111 for (size_t i = 0; i < arraysize(kKeyLen); ++i) {
112 SCOPED_TRACE(i);
113 EXPECT_EQ(Status::ErrorGenerateAesKeyLength(),
114 GenerateSecretKey(CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true,
115 blink::WebCryptoKeyUsageDecrypt, &key));
116 }
117 }
118
119 TEST_F(WebCryptoAesGcmTest, GenerateKeyEmptyUsage) {
120 if (!SupportsAesGcm()) {
121 LOG(WARNING) << "AES GCM not supported, skipping tests";
122 return;
123 }
124
125 blink::WebCryptoKey key;
126 EXPECT_EQ(Status::ErrorCreateKeyEmptyUsages(),
127 GenerateSecretKey(CreateAesGcmKeyGenAlgorithm(256), true, 0, &key));
128 }
129
130 TEST_F(WebCryptoAesGcmTest, ImportExportJwk) {
131 // Some Linux test runners may not have a new enough version of NSS.
132 if (!SupportsAesGcm()) {
133 LOG(WARNING) << "AES GCM not supported, skipping tests";
134 return;
135 }
136
137 const blink::WebCryptoAlgorithm algorithm =
138 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm);
139
140 // AES-GCM 128
141 ImportExportJwkSymmetricKey(
142 128, algorithm,
143 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
144 "A128GCM");
145
146 // AES-GCM 256
147 ImportExportJwkSymmetricKey(256, algorithm, blink::WebCryptoKeyUsageDecrypt,
148 "A256GCM");
149 }
150
151 // TODO(eroman):
152 // * Test decryption when the tag length exceeds input size
153 // * Test decryption with empty input
154 // * Test decryption with tag length of 0.
155 TEST_F(WebCryptoAesGcmTest, SampleSets) {
156 // Some Linux test runners may not have a new enough version of NSS.
157 if (!SupportsAesGcm()) {
158 LOG(WARNING) << "AES GCM not supported, skipping tests";
159 return;
160 }
161
162 scoped_ptr<base::ListValue> tests;
163 ASSERT_TRUE(ReadJsonTestFileToList("aes_gcm.json", &tests));
164
165 // Note that WebCrypto appends the authentication tag to the ciphertext.
166 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
167 SCOPED_TRACE(test_index);
168 base::DictionaryValue* test;
169 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
170
171 const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
172 const std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
173 const std::vector<uint8_t> test_additional_data =
174 GetBytesFromHexString(test, "additional_data");
175 const std::vector<uint8_t> test_plain_text =
176 GetBytesFromHexString(test, "plain_text");
177 const std::vector<uint8_t> test_authentication_tag =
178 GetBytesFromHexString(test, "authentication_tag");
179 const unsigned int test_tag_size_bits =
180 static_cast<unsigned int>(test_authentication_tag.size()) * 8;
181 const std::vector<uint8_t> test_cipher_text =
182 GetBytesFromHexString(test, "cipher_text");
183
184 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
185 test_key, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
186 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
187
188 // Verify exported raw key is identical to the imported data
189 std::vector<uint8_t> raw_key;
190 EXPECT_EQ(Status::Success(),
191 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
192
193 EXPECT_BYTES_EQ(test_key, raw_key);
194
195 // Test encryption.
196 std::vector<uint8_t> cipher_text;
197 std::vector<uint8_t> authentication_tag;
198 EXPECT_EQ(
199 Status::Success(),
200 AesGcmEncrypt(key, test_iv, test_additional_data, test_tag_size_bits,
201 test_plain_text, &cipher_text, &authentication_tag));
202
203 EXPECT_BYTES_EQ(test_cipher_text, cipher_text);
204 EXPECT_BYTES_EQ(test_authentication_tag, authentication_tag);
205
206 // Test decryption.
207 std::vector<uint8_t> plain_text;
208 EXPECT_EQ(
209 Status::Success(),
210 AesGcmDecrypt(key, test_iv, test_additional_data, test_tag_size_bits,
211 test_cipher_text, test_authentication_tag, &plain_text));
212 EXPECT_BYTES_EQ(test_plain_text, plain_text);
213
214 // Decryption should fail if any of the inputs are tampered with.
215 EXPECT_EQ(Status::OperationError(),
216 AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data,
217 test_tag_size_bits, test_cipher_text,
218 test_authentication_tag, &plain_text));
219 EXPECT_EQ(Status::OperationError(),
220 AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data),
221 test_tag_size_bits, test_cipher_text,
222 test_authentication_tag, &plain_text));
223 EXPECT_EQ(Status::OperationError(),
224 AesGcmDecrypt(key, test_iv, test_additional_data,
225 test_tag_size_bits, Corrupted(test_cipher_text),
226 test_authentication_tag, &plain_text));
227 EXPECT_EQ(Status::OperationError(),
228 AesGcmDecrypt(key, test_iv, test_additional_data,
229 test_tag_size_bits, test_cipher_text,
230 Corrupted(test_authentication_tag), &plain_text));
231
232 // Try different incorrect tag lengths
233 uint8_t kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255};
234 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) {
235 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i];
236 if (test_tag_size_bits == wrong_tag_size_bits)
237 continue;
238 EXPECT_NE(Status::Success(),
239 AesGcmDecrypt(key, test_iv, test_additional_data,
240 wrong_tag_size_bits, test_cipher_text,
241 test_authentication_tag, &plain_text));
242 }
243 }
244 }
245
246 } // namespace
247
248 } // namespace webcrypto