1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/stl_util.h"
6 #include "components/webcrypto/algorithm_dispatch.h"
7 #include "components/webcrypto/algorithms/test_helpers.h"
8 #include "components/webcrypto/crypto_data.h"
9 #include "components/webcrypto/status.h"
10 #include "components/webcrypto/webcrypto_util.h"
11 #include "testing/gtest/include/gtest/gtest.h"
12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
19 // Creates an AES-GCM algorithm.
20 blink::WebCryptoAlgorithm
CreateAesGcmAlgorithm(
21 const std::vector
<uint8_t>& iv
,
22 const std::vector
<uint8_t>& additional_data
,
23 unsigned int tag_length_bits
) {
24 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
25 blink::WebCryptoAlgorithmIdAesGcm
,
26 new blink::WebCryptoAesGcmParams(
27 vector_as_array(&iv
), static_cast<unsigned int>(iv
.size()), true,
28 vector_as_array(&additional_data
),
29 static_cast<unsigned int>(additional_data
.size()), true,
33 blink::WebCryptoAlgorithm
CreateAesGcmKeyGenAlgorithm(
34 unsigned short key_length_bits
) {
35 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm
,
39 Status
AesGcmEncrypt(const blink::WebCryptoKey
& key
,
40 const std::vector
<uint8_t>& iv
,
41 const std::vector
<uint8_t>& additional_data
,
42 unsigned int tag_length_bits
,
43 const std::vector
<uint8_t>& plain_text
,
44 std::vector
<uint8_t>* cipher_text
,
45 std::vector
<uint8_t>* authentication_tag
) {
46 blink::WebCryptoAlgorithm algorithm
=
47 CreateAesGcmAlgorithm(iv
, additional_data
, tag_length_bits
);
49 std::vector
<uint8_t> output
;
50 Status status
= Encrypt(algorithm
, key
, CryptoData(plain_text
), &output
);
54 if ((tag_length_bits
% 8) != 0) {
55 ADD_FAILURE() << "Encrypt should have failed.";
56 return Status::OperationError();
59 size_t tag_length_bytes
= tag_length_bits
/ 8;
61 if (tag_length_bytes
> output
.size()) {
62 ADD_FAILURE() << "tag length is larger than output";
63 return Status::OperationError();
66 // The encryption result is cipher text with authentication tag appended.
67 cipher_text
->assign(output
.begin(),
68 output
.begin() + (output
.size() - tag_length_bytes
));
69 authentication_tag
->assign(output
.begin() + cipher_text
->size(),
72 return Status::Success();
75 Status
AesGcmDecrypt(const blink::WebCryptoKey
& key
,
76 const std::vector
<uint8_t>& iv
,
77 const std::vector
<uint8_t>& additional_data
,
78 unsigned int tag_length_bits
,
79 const std::vector
<uint8_t>& cipher_text
,
80 const std::vector
<uint8_t>& authentication_tag
,
81 std::vector
<uint8_t>* plain_text
) {
82 blink::WebCryptoAlgorithm algorithm
=
83 CreateAesGcmAlgorithm(iv
, additional_data
, tag_length_bits
);
85 // Join cipher text and authentication tag.
86 std::vector
<uint8_t> cipher_text_with_tag
;
87 cipher_text_with_tag
.reserve(cipher_text
.size() + authentication_tag
.size());
88 cipher_text_with_tag
.insert(cipher_text_with_tag
.end(), cipher_text
.begin(),
90 cipher_text_with_tag
.insert(cipher_text_with_tag
.end(),
91 authentication_tag
.begin(),
92 authentication_tag
.end());
94 return Decrypt(algorithm
, key
, CryptoData(cipher_text_with_tag
), plain_text
);
97 class WebCryptoAesGcmTest
: public WebCryptoTestBase
{};
99 TEST_F(WebCryptoAesGcmTest
, GenerateKeyBadLength
) {
100 const unsigned short kKeyLen
[] = {0, 127, 257};
101 blink::WebCryptoKey key
;
102 for (size_t i
= 0; i
< arraysize(kKeyLen
); ++i
) {
104 EXPECT_EQ(Status::ErrorGenerateAesKeyLength(),
105 GenerateSecretKey(CreateAesGcmKeyGenAlgorithm(kKeyLen
[i
]), true,
106 blink::WebCryptoKeyUsageDecrypt
, &key
));
110 TEST_F(WebCryptoAesGcmTest
, GenerateKeyEmptyUsage
) {
111 blink::WebCryptoKey key
;
112 EXPECT_EQ(Status::ErrorCreateKeyEmptyUsages(),
113 GenerateSecretKey(CreateAesGcmKeyGenAlgorithm(256), true, 0, &key
));
116 TEST_F(WebCryptoAesGcmTest
, ImportExportJwk
) {
117 const blink::WebCryptoAlgorithm algorithm
=
118 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm
);
121 ImportExportJwkSymmetricKey(
123 blink::WebCryptoKeyUsageEncrypt
| blink::WebCryptoKeyUsageDecrypt
,
127 ImportExportJwkSymmetricKey(256, algorithm
, blink::WebCryptoKeyUsageDecrypt
,
132 // * Test decryption when the tag length exceeds input size
133 // * Test decryption with empty input
134 // * Test decryption with tag length of 0.
135 TEST_F(WebCryptoAesGcmTest
, SampleSets
) {
136 scoped_ptr
<base::ListValue
> tests
;
137 ASSERT_TRUE(ReadJsonTestFileToList("aes_gcm.json", &tests
));
139 // Note that WebCrypto appends the authentication tag to the ciphertext.
140 for (size_t test_index
= 0; test_index
< tests
->GetSize(); ++test_index
) {
141 SCOPED_TRACE(test_index
);
142 base::DictionaryValue
* test
;
143 ASSERT_TRUE(tests
->GetDictionary(test_index
, &test
));
145 const std::vector
<uint8_t> test_key
= GetBytesFromHexString(test
, "key");
146 const std::vector
<uint8_t> test_iv
= GetBytesFromHexString(test
, "iv");
147 const std::vector
<uint8_t> test_additional_data
=
148 GetBytesFromHexString(test
, "additional_data");
149 const std::vector
<uint8_t> test_plain_text
=
150 GetBytesFromHexString(test
, "plain_text");
151 const std::vector
<uint8_t> test_authentication_tag
=
152 GetBytesFromHexString(test
, "authentication_tag");
153 const unsigned int test_tag_size_bits
=
154 static_cast<unsigned int>(test_authentication_tag
.size()) * 8;
155 const std::vector
<uint8_t> test_cipher_text
=
156 GetBytesFromHexString(test
, "cipher_text");
158 blink::WebCryptoKey key
= ImportSecretKeyFromRaw(
159 test_key
, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm
),
160 blink::WebCryptoKeyUsageEncrypt
| blink::WebCryptoKeyUsageDecrypt
);
162 // Verify exported raw key is identical to the imported data
163 std::vector
<uint8_t> raw_key
;
164 EXPECT_EQ(Status::Success(),
165 ExportKey(blink::WebCryptoKeyFormatRaw
, key
, &raw_key
));
167 EXPECT_BYTES_EQ(test_key
, raw_key
);
170 std::vector
<uint8_t> cipher_text
;
171 std::vector
<uint8_t> authentication_tag
;
174 AesGcmEncrypt(key
, test_iv
, test_additional_data
, test_tag_size_bits
,
175 test_plain_text
, &cipher_text
, &authentication_tag
));
177 EXPECT_BYTES_EQ(test_cipher_text
, cipher_text
);
178 EXPECT_BYTES_EQ(test_authentication_tag
, authentication_tag
);
181 std::vector
<uint8_t> plain_text
;
184 AesGcmDecrypt(key
, test_iv
, test_additional_data
, test_tag_size_bits
,
185 test_cipher_text
, test_authentication_tag
, &plain_text
));
186 EXPECT_BYTES_EQ(test_plain_text
, plain_text
);
188 // Decryption should fail if any of the inputs are tampered with.
189 EXPECT_EQ(Status::OperationError(),
190 AesGcmDecrypt(key
, Corrupted(test_iv
), test_additional_data
,
191 test_tag_size_bits
, test_cipher_text
,
192 test_authentication_tag
, &plain_text
));
193 EXPECT_EQ(Status::OperationError(),
194 AesGcmDecrypt(key
, test_iv
, Corrupted(test_additional_data
),
195 test_tag_size_bits
, test_cipher_text
,
196 test_authentication_tag
, &plain_text
));
197 EXPECT_EQ(Status::OperationError(),
198 AesGcmDecrypt(key
, test_iv
, test_additional_data
,
199 test_tag_size_bits
, Corrupted(test_cipher_text
),
200 test_authentication_tag
, &plain_text
));
201 EXPECT_EQ(Status::OperationError(),
202 AesGcmDecrypt(key
, test_iv
, test_additional_data
,
203 test_tag_size_bits
, test_cipher_text
,
204 Corrupted(test_authentication_tag
), &plain_text
));
206 // Try different incorrect tag lengths
207 uint8_t kAlternateTagLengths
[] = {0, 8, 96, 120, 128, 160, 255};
208 for (size_t tag_i
= 0; tag_i
< arraysize(kAlternateTagLengths
); ++tag_i
) {
209 unsigned int wrong_tag_size_bits
= kAlternateTagLengths
[tag_i
];
210 if (test_tag_size_bits
== wrong_tag_size_bits
)
212 EXPECT_NE(Status::Success(),
213 AesGcmDecrypt(key
, test_iv
, test_additional_data
,
214 wrong_tag_size_bits
, test_cipher_text
,
215 test_authentication_tag
, &plain_text
));
222 } // namespace webcrypto
