net/quic/crypto/aes_128_gcm_12_decrypter_test.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
   6
   7 #include "net/quic/test_tools/quic_test_utils.h"
   8
   9 using base::StringPiece;
  10 using std::string;
  11
  12 namespace {
  13
  14 // The AES GCM test vectors come from the file gcmDecrypt128.rsp
  15 // downloaded from http://csrc.nist.gov/groups/STM/cavp/index.html on
  16 // 2013-02-01. The test vectors in that file look like this:
  17 //
  18 // [Keylen = 128]
  19 // [IVlen = 96]
  20 // [PTlen = 0]
  21 // [AADlen = 0]
  22 // [Taglen = 128]
  23 //
  24 // Count = 0
  25 // Key = cf063a34d4a9a76c2c86787d3f96db71
  26 // IV = 113b9785971864c83b01c787
  27 // CT =
  28 // AAD =
  29 // Tag = 72ac8493e3a5228b5d130a69d2510e42
  30 // PT =
  31 //
  32 // Count = 1
  33 // Key = a49a5e26a2f8cb63d05546c2a62f5343
  34 // IV = 907763b19b9b4ab6bd4f0281
  35 // CT =
  36 // AAD =
  37 // Tag = a2be08210d8c470a8df6e8fbd79ec5cf
  38 // FAIL
  39 //
  40 // ...
  41 //
  42 // The gcmDecrypt128.rsp file is huge (2.6 MB), so I selected just a
  43 // few test vectors for this unit test.
  44
  45 // Describes a group of test vectors that all have a given key length, IV
  46 // length, plaintext length, AAD length, and tag length.
  47 struct TestGroupInfo {
  48   size_t key_len;
  49   size_t iv_len;
  50   size_t pt_len;
  51   size_t aad_len;
  52   size_t tag_len;
  53 };
  54
  55 // Each test vector consists of six strings of lowercase hexadecimal digits.
  56 // The strings may be empty (zero length). A test vector with a NULL |key|
  57 // marks the end of an array of test vectors.
  58 struct TestVector {
  59   // Input:
  60   const char* key;
  61   const char* iv;
  62   const char* ct;
  63   const char* aad;
  64   const char* tag;
  65
  66   // Expected output:
  67   const char* pt;  // An empty string "" means decryption succeeded and
  68                    // the plaintext is zero-length. NULL means decryption
  69                    // failed.
  70 };
  71
  72 const TestGroupInfo test_group_info[] = {
  73   { 128, 96, 0, 0, 128 },
  74   { 128, 96, 0, 128, 128 },
  75   { 128, 96, 128, 0, 128 },
  76   { 128, 96, 408, 160, 128 },
  77   { 128, 96, 408, 720, 128 },
  78   { 128, 96, 104, 0, 128 },
  79 };
  80
  81 const TestVector test_group_0[] = {
  82   { "cf063a34d4a9a76c2c86787d3f96db71",
  83     "113b9785971864c83b01c787",
  84     "",
  85     "",
  86     "72ac8493e3a5228b5d130a69d2510e42",
  87     ""
  88   },
  89   { "a49a5e26a2f8cb63d05546c2a62f5343",
  90     "907763b19b9b4ab6bd4f0281",
  91     "",
  92     "",
  93     "a2be08210d8c470a8df6e8fbd79ec5cf",
  94     NULL  // FAIL
  95   },
  96   { NULL }
  97 };
  98
  99 const TestVector test_group_1[] = {
 100   { "d1f6af919cde85661208bdce0c27cb22",
 101     "898c6929b435017bf031c3c5",
 102     "",
 103     "7c5faa40e636bbc91107e68010c92b9f",
 104     "ae45f11777540a2caeb128be8092468a",
 105     NULL  // FAIL
 106   },
 107   { "2370e320d4344208e0ff5683f243b213",
 108     "04dbb82f044d30831c441228",
 109     "",
 110     "d43a8e5089eea0d026c03a85178b27da",
 111     "2a049c049d25aa95969b451d93c31c6e",
 112     ""
 113   },
 114   { NULL }
 115 };
 116
 117 const TestVector test_group_2[] = {
 118   { "e98b72a9881a84ca6b76e0f43e68647a",
 119     "8b23299fde174053f3d652ba",
 120     "5a3c1cf1985dbb8bed818036fdd5ab42",
 121     "",
 122     "23c7ab0f952b7091cd324835043b5eb5",
 123     "28286a321293253c3e0aa2704a278032"
 124   },
 125   { "33240636cd3236165f1a553b773e728e",
 126     "17c4d61493ecdc8f31700b12",
 127     "47bb7e23f7bdfe05a8091ac90e4f8b2e",
 128     "",
 129     "b723c70e931d9785f40fd4ab1d612dc9",
 130     "95695a5b12f2870b9cc5fdc8f218a97d"
 131   },
 132   { "5164df856f1e9cac04a79b808dc5be39",
 133     "e76925d5355e0584ce871b2b",
 134     "0216c899c88d6e32c958c7e553daa5bc",
 135     "",
 136     "a145319896329c96df291f64efbe0e3a",
 137     NULL  // FAIL
 138   },
 139   { NULL }
 140 };
 141
 142 const TestVector test_group_3[] = {
 143   { "af57f42c60c0fc5a09adb81ab86ca1c3",
 144     "a2dc01871f37025dc0fc9a79",
 145     "b9a535864f48ea7b6b1367914978f9bfa087d854bb0e269bed8d279d2eea1210e48947"
 146     "338b22f9bad09093276a331e9c79c7f4",
 147     "41dc38988945fcb44faf2ef72d0061289ef8efd8",
 148     "4f71e72bde0018f555c5adcce062e005",
 149     "3803a0727eeb0ade441e0ec107161ded2d425ec0d102f21f51bf2cf9947c7ec4aa7279"
 150     "5b2f69b041596e8817d0a3c16f8fadeb"
 151   },
 152   { "ebc753e5422b377d3cb64b58ffa41b61",
 153     "2e1821efaced9acf1f241c9b",
 154     "069567190554e9ab2b50a4e1fbf9c147340a5025fdbd201929834eaf6532325899ccb9"
 155     "f401823e04b05817243d2142a3589878",
 156     "b9673412fd4f88ba0e920f46dd6438ff791d8eef",
 157     "534d9234d2351cf30e565de47baece0b",
 158     "39077edb35e9c5a4b1e4c2a6b9bb1fce77f00f5023af40333d6d699014c2bcf4209c18"
 159     "353a18017f5b36bfc00b1f6dcb7ed485"
 160   },
 161   { "52bdbbf9cf477f187ec010589cb39d58",
 162     "d3be36d3393134951d324b31",
 163     "700188da144fa692cf46e4a8499510a53d90903c967f7f13e8a1bd8151a74adc4fe63e"
 164     "32b992760b3a5f99e9a47838867000a9",
 165     "93c4fc6a4135f54d640b0c976bf755a06a292c33",
 166     "8ca4e38aa3dfa6b1d0297021ccf3ea5f",
 167     NULL  // FAIL
 168   },
 169   { NULL }
 170 };
 171
 172 const TestVector test_group_4[] = {
 173   { "da2bb7d581493d692380c77105590201",
 174     "44aa3e7856ca279d2eb020c6",
 175     "9290d430c9e89c37f0446dbd620c9a6b34b1274aeb6f911f75867efcf95b6feda69f1a"
 176     "f4ee16c761b3c9aeac3da03aa9889c88",
 177     "4cd171b23bddb3a53cdf959d5c1710b481eb3785a90eb20a2345ee00d0bb7868c367ab"
 178     "12e6f4dd1dee72af4eee1d197777d1d6499cc541f34edbf45cda6ef90b3c024f9272d7"
 179     "2ec1909fb8fba7db88a4d6f7d3d925980f9f9f72",
 180     "9e3ac938d3eb0cadd6f5c9e35d22ba38",
 181     "9bbf4c1a2742f6ac80cb4e8a052e4a8f4f07c43602361355b717381edf9fabd4cb7e3a"
 182     "d65dbd1378b196ac270588dd0621f642"
 183   },
 184   { "d74e4958717a9d5c0e235b76a926cae8",
 185     "0b7471141e0c70b1995fd7b1",
 186     "e701c57d2330bf066f9ff8cf3ca4343cafe4894651cd199bdaaa681ba486b4a65c5a22"
 187     "b0f1420be29ea547d42c713bc6af66aa",
 188     "4a42b7aae8c245c6f1598a395316e4b8484dbd6e64648d5e302021b1d3fa0a38f46e22"
 189     "bd9c8080b863dc0016482538a8562a4bd0ba84edbe2697c76fd039527ac179ec5506cf"
 190     "34a6039312774cedebf4961f3978b14a26509f96",
 191     "e192c23cb036f0b31592989119eed55d",
 192     "840d9fb95e32559fb3602e48590280a172ca36d9b49ab69510f5bd552bfab7a306f85f"
 193     "f0a34bc305b88b804c60b90add594a17"
 194   },
 195   { "1986310c725ac94ecfe6422e75fc3ee7",
 196     "93ec4214fa8e6dc4e3afc775",
 197     "b178ec72f85a311ac4168f42a4b2c23113fbea4b85f4b9dabb74e143eb1b8b0a361e02"
 198     "43edfd365b90d5b325950df0ada058f9",
 199     "e80b88e62c49c958b5e0b8b54f532d9ff6aa84c8a40132e93e55b59fc24e8decf28463"
 200     "139f155d1e8ce4ee76aaeefcd245baa0fc519f83a5fb9ad9aa40c4b21126013f576c42"
 201     "72c2cb136c8fd091cc4539877a5d1e72d607f960",
 202     "8b347853f11d75e81e8a95010be81f17",
 203     NULL  // FAIL
 204   },
 205   { NULL }
 206 };
 207
 208 const TestVector test_group_5[] = {
 209   { "387218b246c1a8257748b56980e50c94",
 210     "dd7e014198672be39f95b69d",
 211     "cdba9e73eaf3d38eceb2b04a8d",
 212     "",
 213     "ecf90f4a47c9c626d6fb2c765d201556",
 214     "48f5b426baca03064554cc2b30"
 215   },
 216   { "294de463721e359863887c820524b3d4",
 217     "3338b35c9d57a5d28190e8c9",
 218     "2f46634e74b8e4c89812ac83b9",
 219     "",
 220     "dabd506764e68b82a7e720aa18da0abe",
 221     "46a2e55c8e264df211bd112685"
 222   },
 223   { "28ead7fd2179e0d12aa6d5d88c58c2dc",
 224     "5055347f18b4d5add0ae5c41",
 225     "142d8210c3fb84774cdbd0447a",
 226     "",
 227     "5fd321d9cdb01952dc85f034736c2a7d",
 228     "3b95b981086ee73cc4d0cc1422"
 229   },
 230   { "7d7b6c988137b8d470c57bf674a09c87",
 231     "9edf2aa970d016ac962e1fd8",
 232     "a85b66c3cb5eab91d5bdc8bc0e",
 233     "",
 234     "dc054efc01f3afd21d9c2484819f569a",
 235     NULL  // FAIL
 236   },
 237   { NULL }
 238 };
 239
 240 const TestVector* const test_group_array[] = {
 241   test_group_0,
 242   test_group_1,
 243   test_group_2,
 244   test_group_3,
 245   test_group_4,
 246   test_group_5,
 247 };
 248
 249 }  // namespace
 250
 251 namespace net {
 252 namespace test {
 253
 254 // DecryptWithNonce wraps the |Decrypt| method of |decrypter| to allow passing
 255 // in an nonce and also to allocate the buffer needed for the plaintext.
 256 QuicData* DecryptWithNonce(Aes128Gcm12Decrypter* decrypter,
 257                            StringPiece nonce,
 258                            StringPiece associated_data,
 259                            StringPiece ciphertext) {
 260   QuicPacketNumber packet_number;
 261   StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number));
 262   decrypter->SetNoncePrefix(nonce_prefix);
 263   memcpy(&packet_number, nonce.data() + nonce_prefix.size(),
 264          sizeof(packet_number));
 265   scoped_ptr<char[]> output(new char[ciphertext.length()]);
 266   size_t output_length = 0;
 267   const bool success = decrypter->DecryptPacket(
 268       packet_number, associated_data, ciphertext, output.get(), &output_length,
 269       ciphertext.length());
 270   if (!success) {
 271     return nullptr;
 272   }
 273   return new QuicData(output.release(), output_length, true);
 274 }
 275
 276 TEST(Aes128Gcm12DecrypterTest, Decrypt) {
 277   for (size_t i = 0; i < arraysize(test_group_array); i++) {
 278     SCOPED_TRACE(i);
 279     const TestVector* test_vectors = test_group_array[i];
 280     const TestGroupInfo& test_info = test_group_info[i];
 281     for (size_t j = 0; test_vectors[j].key != nullptr; j++) {
 282       // If not present then decryption is expected to fail.
 283       bool has_pt = test_vectors[j].pt;
 284
 285       // Decode the test vector.
 286       string key;
 287       string iv;
 288       string ct;
 289       string aad;
 290       string tag;
 291       string pt;
 292       ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key));
 293       ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv));
 294       ASSERT_TRUE(DecodeHexString(test_vectors[j].ct, &ct));
 295       ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad));
 296       ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag));
 297       if (has_pt) {
 298         ASSERT_TRUE(DecodeHexString(test_vectors[j].pt, &pt));
 299       }
 300
 301       // The test vector's lengths should look sane. Note that the lengths
 302       // in |test_info| are in bits.
 303       EXPECT_EQ(test_info.key_len, key.length() * 8);
 304       EXPECT_EQ(test_info.iv_len, iv.length() * 8);
 305       EXPECT_EQ(test_info.pt_len, ct.length() * 8);
 306       EXPECT_EQ(test_info.aad_len, aad.length() * 8);
 307       EXPECT_EQ(test_info.tag_len, tag.length() * 8);
 308       if (has_pt) {
 309         EXPECT_EQ(test_info.pt_len, pt.length() * 8);
 310       }
 311
 312       // The test vectors have 16 byte authenticators but this code only uses
 313       // the first 12.
 314       ASSERT_LE(static_cast<size_t>(Aes128Gcm12Decrypter::kAuthTagSize),
 315                 tag.length());
 316       tag.resize(Aes128Gcm12Decrypter::kAuthTagSize);
 317       string ciphertext = ct + tag;
 318
 319       Aes128Gcm12Decrypter decrypter;
 320       ASSERT_TRUE(decrypter.SetKey(key));
 321
 322       scoped_ptr<QuicData> decrypted(DecryptWithNonce(
 323           &decrypter, iv,
 324           // This deliberately tests that the decrypter can handle an AAD that
 325           // is set to nullptr, as opposed to a zero-length, non-nullptr
 326           // pointer.
 327           aad.length() ? aad : StringPiece(), ciphertext));
 328       if (!decrypted.get()) {
 329         EXPECT_FALSE(has_pt);
 330         continue;
 331       }
 332       EXPECT_TRUE(has_pt);
 333
 334       ASSERT_EQ(pt.length(), decrypted->length());
 335       test::CompareCharArraysWithHexError("plaintext", decrypted->data(),
 336                                           pt.length(), pt.data(), pt.length());
 337     }
 338   }
 339 }
 340
 341 }  // namespace test
 342 }  // namespace net