search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
cygprofile: increase timeouts to allow showing web contents
[chromium-blink-merge.git] / components / gcm_driver / crypto / gcm_message_cryptographer_unittest.cc
bloba1a0280e013012f42ced3b5b2bc2df00e1d6d366
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h"
6
7 #include "base/base64.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/string_util.h"
10 #include "crypto/random.h"
11 #include "crypto/symmetric_key.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13
14 namespace gcm {
15
16 namespace {
17
18 // The number of bits of the key in AEAD_AES_128_GCM.
19 const size_t kKeySizeBits = 128;
20
21 // Example plaintext data to use in the tests.
22 const char kExamplePlaintext[] = "Example plaintext";
23
24 // A test vector contains the information necessary to either encrypt or decrypt
25 // a message. These vectors were created using a JavaScript implementation of
26 // the same RFCs that the GCMMessageCryptographer implements.
27 struct TestVector {
28 const char* const input;
29 const char* const key;
30 const char* const salt;
31 size_t record_size;
32 const char* const output;
33 };
34
35 const TestVector kEncryptionTestVectors[] = {
36 // Simple message.
37 { "Hello, world!",
38 "AhA6n2oFYPWIh+cXwyv1m2C0JvmjHB4ZkXj8QylESXU=",
39 "tsJYqAGvFDk6lDEv7daecw==",
40 4096,
41 "KNXRqBR9VKhtajeMaeKR/rHYIiORcyeFpUwWFGyS"
42 },
43 // Empty message.
44 { "",
45 "lMyvTong4VR053jfCpWmMDGW5dEDAqiTZUIU+inhTjU=",
46 "wH3uvZqcN6oey9whiGpn1A==",
47 4096,
48 "Mnfr+AU5o7D30gjFdVOTFtw="
49 },
50 // Message with an invalid salt size.
51 { "Hello, world!",
52 "CcdxzkR6z1EY9vSrM7/IxYVxDxu46hV638EZQTPd7XI=",
53 "aRr1fI1YSGVi5XU=",
54 4096,
55 nullptr // expected to fail
56 }
57 };
58
59 const TestVector kDecryptionTestVectors[] = {
60 // Simple message.
61 { "avAFNhdbQohzizu+ORbU4XHhHSaXzw9lTN7UzB/j",
62 "47ZytAw9qHlm+Q8g+7rH81rUPzaCgGcoFvlS1qxQtQk=",
63 "EuR7EVetcaWpndXd/dKeyA==",
64 4096,
65 "Hello, world!"
66 },
67 // Simple message with 16 bytes of padding.
68 { "0198n7ZJ/ZPMnl4ZU2l9Lma5ktKbuzXCiJEXyYtROmWTP8RSiZd8sUd48xpk6Q==",
69 "MYSsNybwrTzRIzQYUq/yFPc6ugcTrJdEZJDM4NswvUg=",
70 "8sEAMQYnufo2UkKl80cUGQ==",
71 4096,
72 "Hello, world!"
73 },
74 // Empty message.
75 { "g+ACk32a4gK2dS2xllKXn4c=",
76 "S3+Ki/+XtzR66gUp/zR75CC5JXO62pyr5fWfneTYwFE=",
77 "4RM6s19jJHdmqiVEJDp9jg==",
78 4096,
79 ""
80 },
81 // Message with an invalid salt size.
82 { "rt4OiodS087DAQo6e24wA55k0hRPAHgz7OX7m+nj",
83 "wW3Iy5ma803lLd+ysPdHUe2NB3HqXbY0XhCCdG5Y1Gw=",
84 "N7oMH/xohAhMhOY=",
85 4096,
86 nullptr // expected to fail
87 },
88 // Message with an invalid record size.
89 { "AsuoRkFtqLE1c0mGCae4OvgZSCSHWCoeRL9mXKjY",
90 "omxWz7tse3lgDpxUP+e7u14Dp1irvV3BdzXTcZOtsHs=",
91 "vKJD3bexto1hY64KVzS7ug==",
92 3,
93 nullptr // expected to fail
94 },
95 // Truncated message.
96 { "AGr4BfZSXW9txWkAG8pjg7IuRWWm1Mo8bDli/PSv",
97 "kR5BMfqMKOD1yrLKE2giObXHI7merrMtnoO2oqneqXA=",
98 "SQeJSPrqHvTdSfAMF8bBzQ==",
99 13,
100 nullptr // expected to fail
101 },
102 // Message with multiple (2) records.
103 { "H2ujfPbpRbVSy+adIG2NRe4VxkX4V0r/zl6e9xnMSF6LSutblGdWLrwQc82Xh7DXAQlihW0q3"
104 "IQzHP+LIxuAiA==",
105 "W3W4gx7sqcfmBnvNNdO9d4MBCC1bvJkvsNjZOGD+CCg=",
106 "xG0TPGi9aIcxjpXKmaYBBQ==",
107 7,
108 nullptr // expected to fail
109 }
110 };
111
112 } // namespace
113
114 class GCMMessageCryptographerTest : public ::testing::Test {
115 public:
116 void SetUp() override {
117 scoped_ptr<crypto::SymmetricKey> random_key(
118 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES,
119 kKeySizeBits));
120
121 ASSERT_TRUE(random_key->GetRawKey(&key_));
122 }
123
124 protected:
125 // Generates a cryptographically secure random salt of 16-octets in size, the
126 // required length as expected by the HKDF.
127 std::string GenerateRandomSalt() {
128 const size_t kSaltSize = 16;
129
130 std::string salt;
131
132 crypto::RandBytes(base::WriteInto(&salt, kSaltSize + 1), kSaltSize);
133 return salt;
134 }
135
136 GCMMessageCryptographer* cryptographer() { return &cryptographer_; }
137
138 base::StringPiece key() const { return key_; }
139
140 private:
141 GCMMessageCryptographer cryptographer_;
142
143 std::string key_;
144 };
145
146 TEST_F(GCMMessageCryptographerTest, RoundTrip) {
147 const std::string salt = GenerateRandomSalt();
148
149 size_t record_size = 0;
150
151 std::string ciphertext, plaintext;
152 ASSERT_TRUE(cryptographer()->Encrypt(kExamplePlaintext, key(), salt,
153 &record_size, &ciphertext));
154
155 EXPECT_GT(record_size, ciphertext.size() - 16);
156 EXPECT_GT(ciphertext.size(), 0u);
157
158 ASSERT_TRUE(cryptographer()->Decrypt(ciphertext, key(), salt, record_size,
159 &plaintext));
160
161 EXPECT_EQ(kExamplePlaintext, plaintext);
162 }
163
164 TEST_F(GCMMessageCryptographerTest, RoundTripEmptyMessage) {
165 const std::string salt = GenerateRandomSalt();
166 const std::string message = "";
167
168 size_t record_size = 0;
169
170 std::string ciphertext, plaintext;
171 ASSERT_TRUE(cryptographer()->Encrypt(message, key(), salt, &record_size,
172 &ciphertext));
173
174 EXPECT_GT(record_size, ciphertext.size() - 16);
175 EXPECT_GT(ciphertext.size(), 0u);
176
177 ASSERT_TRUE(cryptographer()->Decrypt(ciphertext, key(), salt, record_size,
178 &plaintext));
179
180 EXPECT_EQ(message, plaintext);
181 }
182
183 TEST_F(GCMMessageCryptographerTest, InvalidRecordSize) {
184 const std::string salt = GenerateRandomSalt();
185
186 size_t record_size = 0;
187
188 std::string ciphertext, plaintext;
189 EXPECT_TRUE(cryptographer()->Encrypt(kExamplePlaintext, key(), salt,
190 &record_size, &ciphertext));
191
192 EXPECT_GT(record_size, ciphertext.size() - 16);
193 EXPECT_FALSE(cryptographer()->Decrypt(ciphertext, key(), salt,
194 0 /* record_size */, &plaintext));
195
196 EXPECT_FALSE(cryptographer()->Decrypt(ciphertext, key(), salt,
197 ciphertext.size() - 17, &plaintext));
198
199 EXPECT_TRUE(cryptographer()->Decrypt(ciphertext, key(), salt,
200 ciphertext.size() - 16, &plaintext));
201 }
202
203 TEST_F(GCMMessageCryptographerTest, InvalidRecordPadding) {
204 std::string message = std::string(1, '\0') + kExamplePlaintext;
205
206 const std::string salt = GenerateRandomSalt();
207
208 const std::string nonce = cryptographer()->DeriveNonce(key(), salt);
209 const std::string content_encryption_key =
210 cryptographer()->DeriveContentEncryptionKey(key(), salt);
211
212 ASSERT_GT(message.size(), 1u);
213 const size_t record_size = message.size() + 1;
214
215 std::string ciphertext, plaintext;
216 ASSERT_TRUE(cryptographer()->EncryptDecryptRecordInternal(
217 GCMMessageCryptographer::ENCRYPT, message, content_encryption_key, nonce,
218 &ciphertext));
219
220 ASSERT_TRUE(cryptographer()->Decrypt(ciphertext, key(), salt, record_size,
221 &plaintext));
222
223 // Note that GCMMessageCryptographer::Decrypt removes the padding.
224 EXPECT_EQ(kExamplePlaintext, plaintext);
225
226 // Now run the same steps again, but say that there are four padding octets.
227 // This should be rejected because the padding will not be all zeros.
228 message[0] = 4;
229
230 ASSERT_TRUE(cryptographer()->EncryptDecryptRecordInternal(
231 GCMMessageCryptographer::ENCRYPT, message, content_encryption_key, nonce,
232 &ciphertext));
233
234 ASSERT_FALSE(cryptographer()->Decrypt(ciphertext, key(), salt, record_size,
235 &plaintext));
236
237 // Run the same steps again, but say that there are more padding octets than
238 // the length of the message.
239 message[0] = 64;
240
241 EXPECT_GT(static_cast<size_t>(message[0]), message.size());
242 ASSERT_TRUE(cryptographer()->EncryptDecryptRecordInternal(
243 GCMMessageCryptographer::ENCRYPT, message, content_encryption_key, nonce,
244 &ciphertext));
245
246 ASSERT_FALSE(cryptographer()->Decrypt(ciphertext, key(), salt, record_size,
247 &plaintext));
248 }
249
250 TEST_F(GCMMessageCryptographerTest, EncryptionTestVectors) {
251 std::string key, salt, output, ciphertext;
252 size_t record_size = 0;
253
254 for (size_t i = 0; i < arraysize(kEncryptionTestVectors); ++i) {
255 SCOPED_TRACE(i);
256
257 ASSERT_TRUE(base::Base64Decode(kEncryptionTestVectors[i].key, &key));
258 ASSERT_TRUE(base::Base64Decode(kEncryptionTestVectors[i].salt, &salt));
259
260 const bool has_output = kEncryptionTestVectors[i].output;
261 const bool result = cryptographer()->Encrypt(
262 kEncryptionTestVectors[i].input, key, salt, &record_size, &ciphertext);
263
264 if (!has_output) {
265 EXPECT_FALSE(result);
266 continue;
267 }
268
269 EXPECT_TRUE(result);
270 ASSERT_TRUE(base::Base64Decode(kEncryptionTestVectors[i].output,
271 &output));
272
273 EXPECT_EQ(kEncryptionTestVectors[i].record_size, record_size);
274 EXPECT_EQ(output, ciphertext);
275 }
276 }
277
278 TEST_F(GCMMessageCryptographerTest, DecryptionTestVectors) {
279 std::string input, key, salt, plaintext;
280 for (size_t i = 0; i < arraysize(kDecryptionTestVectors); ++i) {
281 SCOPED_TRACE(i);
282
283 ASSERT_TRUE(base::Base64Decode(kDecryptionTestVectors[i].input, &input));
284 ASSERT_TRUE(base::Base64Decode(kDecryptionTestVectors[i].key, &key));
285 ASSERT_TRUE(base::Base64Decode(kDecryptionTestVectors[i].salt, &salt));
286
287 const bool has_output = kDecryptionTestVectors[i].output;
288 const bool result = cryptographer()->Decrypt(
289 input, key, salt, kDecryptionTestVectors[i].record_size, &plaintext);
290
291 if (!has_output) {
292 EXPECT_FALSE(result);
293 continue;
294 }
295
296 EXPECT_TRUE(result);
297 EXPECT_EQ(kDecryptionTestVectors[i].output, plaintext);
298 }
299 }
300
301 } // namespace gcm