1 // Copyright 2012 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "crypto/encryptor.h"
12 #include "base/containers/span.h"
13 #include "base/strings/string_number_conversions.h"
14 #include "crypto/symmetric_key.h"
15 #include "testing/gtest/include/gtest/gtest.h"
17 TEST(EncryptorTest, EncryptDecrypt) {
18 std::unique_ptr<crypto::SymmetricKey> key(
19 crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
20 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256));
21 EXPECT_TRUE(key.get());
23 crypto::Encryptor encryptor;
24 // The IV must be exactly as long as the cipher block size.
25 std::string iv("the iv: 16 bytes");
26 EXPECT_EQ(16U, iv.size());
27 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv));
29 std::string plaintext("this is the plaintext");
30 std::string ciphertext;
31 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
32 EXPECT_LT(0U, ciphertext.size());
34 std::string decrypted;
35 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
36 EXPECT_EQ(plaintext, decrypted);
38 // Repeat the test with the bytes API.
39 std::vector<uint8_t> plaintext_vec(plaintext.begin(), plaintext.end());
40 std::vector<uint8_t> ciphertext_vec;
41 EXPECT_TRUE(encryptor.Encrypt(plaintext_vec, &ciphertext_vec));
42 EXPECT_LT(0U, ciphertext_vec.size());
44 std::vector<uint8_t> decrypted_vec;
45 EXPECT_TRUE(encryptor.Decrypt(ciphertext_vec, &decrypted_vec));
46 EXPECT_EQ(plaintext_vec, decrypted_vec);
49 TEST(EncryptorTest, DecryptWrongKey) {
50 std::unique_ptr<crypto::SymmetricKey> key(
51 crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
52 crypto::SymmetricKey::AES, "password", "saltiest", 1000, 256));
53 EXPECT_TRUE(key.get());
55 // A wrong key that can be detected by implementations that validate every
56 // byte in the padding.
57 std::unique_ptr<crypto::SymmetricKey> wrong_key(
58 crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
59 crypto::SymmetricKey::AES, "wrongword", "sweetest", 1000, 256));
60 EXPECT_TRUE(wrong_key.get());
62 // A wrong key that can't be detected by any implementation. The password
63 // "wrongword;" would also work.
64 std::unique_ptr<crypto::SymmetricKey> wrong_key2(
65 crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
66 crypto::SymmetricKey::AES, "wrongword+", "sweetest", 1000, 256));
67 EXPECT_TRUE(wrong_key2.get());
69 // A wrong key that can be detected by all implementations.
70 std::unique_ptr<crypto::SymmetricKey> wrong_key3(
71 crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
72 crypto::SymmetricKey::AES, "wrongwordx", "sweetest", 1000, 256));
73 EXPECT_TRUE(wrong_key3.get());
75 crypto::Encryptor encryptor;
76 // The IV must be exactly as long as the cipher block size.
77 std::string iv("the iv: 16 bytes");
78 EXPECT_EQ(16U, iv.size());
79 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CBC, iv));
81 std::string plaintext("this is the plaintext");
82 std::string ciphertext;
83 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
85 static const unsigned char expected_ciphertext[] = {
86 0x7D, 0x67, 0x5B, 0x53, 0xE6, 0xD8, 0x0F, 0x27,
87 0x74, 0xB1, 0x90, 0xFE, 0x6E, 0x58, 0x4A, 0xA0,
88 0x0E, 0x35, 0xE3, 0x01, 0xC0, 0xFE, 0x9A, 0xD8,
89 0x48, 0x1D, 0x42, 0xB0, 0xBA, 0x21, 0xB2, 0x0C
92 ASSERT_EQ(std::size(expected_ciphertext), ciphertext.size());
93 for (size_t i = 0; i < ciphertext.size(); ++i) {
94 ASSERT_EQ(expected_ciphertext[i],
95 static_cast<unsigned char>(ciphertext[i]));
98 std::string decrypted;
100 // This wrong key causes the last padding byte to be 5, which is a valid
101 // padding length, and the second to last padding byte to be 137, which is
102 // invalid. If an implementation simply uses the last padding byte to
103 // determine the padding length without checking every padding byte,
104 // Encryptor::Decrypt() will still return true. This is the case for NSS
105 // (crbug.com/124434).
106 crypto::Encryptor decryptor;
107 EXPECT_TRUE(decryptor.Init(wrong_key.get(), crypto::Encryptor::CBC, iv));
108 EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decrypted));
110 // This demonstrates that not all wrong keys can be detected by padding
111 // error. This wrong key causes the last padding byte to be 1, which is
112 // a valid padding block of length 1.
113 crypto::Encryptor decryptor2;
114 EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv));
115 EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decrypted));
117 // This wrong key causes the last padding byte to be 253, which should be
118 // rejected by all implementations.
119 crypto::Encryptor decryptor3;
120 EXPECT_TRUE(decryptor3.Init(wrong_key3.get(), crypto::Encryptor::CBC, iv));
121 EXPECT_FALSE(decryptor3.Decrypt(ciphertext, &decrypted));
126 // From NIST SP 800-38a test cast:
127 // - F.5.1 CTR-AES128.Encrypt
128 // - F.5.6 CTR-AES256.Encrypt
129 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
130 const unsigned char kAES128CTRKey[] = {
131 0x2b, 0x7e, 0x15, 0x16, 0x28, 0xae, 0xd2, 0xa6,
132 0xab, 0xf7, 0x15, 0x88, 0x09, 0xcf, 0x4f, 0x3c
135 const unsigned char kAES256CTRKey[] = {
136 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
137 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
138 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
139 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
142 const unsigned char kAESCTRInitCounter[] = {
143 0xf0, 0xf1, 0xf2, 0xf3, 0xf4, 0xf5, 0xf6, 0xf7,
144 0xf8, 0xf9, 0xfa, 0xfb, 0xfc, 0xfd, 0xfe, 0xff
147 const unsigned char kAESCTRPlaintext[] = {
149 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
150 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
152 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
153 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
155 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
156 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
158 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
159 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10
162 const unsigned char kAES128CTRCiphertext[] = {
164 0x87, 0x4d, 0x61, 0x91, 0xb6, 0x20, 0xe3, 0x26,
165 0x1b, 0xef, 0x68, 0x64, 0x99, 0x0d, 0xb6, 0xce,
167 0x98, 0x06, 0xf6, 0x6b, 0x79, 0x70, 0xfd, 0xff,
168 0x86, 0x17, 0x18, 0x7b, 0xb9, 0xff, 0xfd, 0xff,
170 0x5a, 0xe4, 0xdf, 0x3e, 0xdb, 0xd5, 0xd3, 0x5e,
171 0x5b, 0x4f, 0x09, 0x02, 0x0d, 0xb0, 0x3e, 0xab,
173 0x1e, 0x03, 0x1d, 0xda, 0x2f, 0xbe, 0x03, 0xd1,
174 0x79, 0x21, 0x70, 0xa0, 0xf3, 0x00, 0x9c, 0xee
177 const unsigned char kAES256CTRCiphertext[] = {
179 0x60, 0x1e, 0xc3, 0x13, 0x77, 0x57, 0x89, 0xa5,
180 0xb7, 0xa7, 0xf5, 0x04, 0xbb, 0xf3, 0xd2, 0x28,
182 0xf4, 0x43, 0xe3, 0xca, 0x4d, 0x62, 0xb5, 0x9a,
183 0xca, 0x84, 0xe9, 0x90, 0xca, 0xca, 0xf5, 0xc5,
185 0x2b, 0x09, 0x30, 0xda, 0xa2, 0x3d, 0xe9, 0x4c,
186 0xe8, 0x70, 0x17, 0xba, 0x2d, 0x84, 0x98, 0x8d,
188 0xdf, 0xc9, 0xc5, 0x8d, 0xb6, 0x7a, 0xad, 0xa6,
189 0x13, 0xc2, 0xdd, 0x08, 0x45, 0x79, 0x41, 0xa6
192 void TestAESCTREncrypt(
193 const unsigned char* key, size_t key_size,
194 const unsigned char* init_counter, size_t init_counter_size,
195 const unsigned char* plaintext, size_t plaintext_size,
196 const unsigned char* ciphertext, size_t ciphertext_size) {
197 std::string key_str(reinterpret_cast<const char*>(key), key_size);
198 std::unique_ptr<crypto::SymmetricKey> sym_key(
199 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key_str));
200 ASSERT_TRUE(sym_key.get());
202 crypto::Encryptor encryptor;
203 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, ""));
205 std::string_view init_counter_str(reinterpret_cast<const char*>(init_counter),
207 std::string_view plaintext_str(reinterpret_cast<const char*>(plaintext),
210 EXPECT_TRUE(encryptor.SetCounter(init_counter_str));
211 std::string encrypted;
212 EXPECT_TRUE(encryptor.Encrypt(plaintext_str, &encrypted));
214 EXPECT_EQ(ciphertext_size, encrypted.size());
215 EXPECT_EQ(0, memcmp(encrypted.data(), ciphertext, encrypted.size()));
217 std::string decrypted;
218 EXPECT_TRUE(encryptor.SetCounter(init_counter_str));
219 EXPECT_TRUE(encryptor.Decrypt(encrypted, &decrypted));
221 EXPECT_EQ(plaintext_str, decrypted);
223 // Repeat the test with the bytes API.
225 encryptor.SetCounter(base::make_span(init_counter, init_counter_size)));
226 std::vector<uint8_t> encrypted_vec;
227 EXPECT_TRUE(encryptor.Encrypt(base::make_span(plaintext, plaintext_size),
230 EXPECT_EQ(ciphertext_size, encrypted_vec.size());
231 EXPECT_EQ(0, memcmp(encrypted_vec.data(), ciphertext, encrypted_vec.size()));
233 std::vector<uint8_t> decrypted_vec;
235 encryptor.SetCounter(base::make_span(init_counter, init_counter_size)));
236 EXPECT_TRUE(encryptor.Decrypt(encrypted_vec, &decrypted_vec));
238 EXPECT_EQ(std::vector<uint8_t>(plaintext, plaintext + plaintext_size),
242 void TestAESCTRMultipleDecrypt(
243 const unsigned char* key, size_t key_size,
244 const unsigned char* init_counter, size_t init_counter_size,
245 const unsigned char* plaintext, size_t plaintext_size,
246 const unsigned char* ciphertext, size_t ciphertext_size) {
247 std::string key_str(reinterpret_cast<const char*>(key), key_size);
248 std::unique_ptr<crypto::SymmetricKey> sym_key(
249 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key_str));
250 ASSERT_TRUE(sym_key.get());
252 crypto::Encryptor encryptor;
253 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, ""));
255 // Counter is set only once.
256 EXPECT_TRUE(encryptor.SetCounter(std::string_view(
257 reinterpret_cast<const char*>(init_counter), init_counter_size)));
259 std::string ciphertext_str(reinterpret_cast<const char*>(ciphertext),
262 int kTestDecryptSizes[] = { 32, 16, 8 };
265 for (size_t i = 0; i < std::size(kTestDecryptSizes); ++i) {
266 std::string decrypted;
267 size_t len = kTestDecryptSizes[i];
269 encryptor.Decrypt(ciphertext_str.substr(offset, len), &decrypted));
270 EXPECT_EQ(len, decrypted.size());
271 EXPECT_EQ(0, memcmp(decrypted.data(), plaintext + offset, len));
278 TEST(EncryptorTest, EncryptAES128CTR) {
279 TestAESCTREncrypt(kAES128CTRKey, std::size(kAES128CTRKey), kAESCTRInitCounter,
280 std::size(kAESCTRInitCounter), kAESCTRPlaintext,
281 std::size(kAESCTRPlaintext), kAES128CTRCiphertext,
282 std::size(kAES128CTRCiphertext));
285 TEST(EncryptorTest, EncryptAES256CTR) {
286 TestAESCTREncrypt(kAES256CTRKey, std::size(kAES256CTRKey), kAESCTRInitCounter,
287 std::size(kAESCTRInitCounter), kAESCTRPlaintext,
288 std::size(kAESCTRPlaintext), kAES256CTRCiphertext,
289 std::size(kAES256CTRCiphertext));
292 TEST(EncryptorTest, EncryptAES128CTR_MultipleDecrypt) {
293 TestAESCTRMultipleDecrypt(kAES128CTRKey, std::size(kAES128CTRKey),
294 kAESCTRInitCounter, std::size(kAESCTRInitCounter),
295 kAESCTRPlaintext, std::size(kAESCTRPlaintext),
296 kAES128CTRCiphertext,
297 std::size(kAES128CTRCiphertext));
300 TEST(EncryptorTest, EncryptAES256CTR_MultipleDecrypt) {
301 TestAESCTRMultipleDecrypt(kAES256CTRKey, std::size(kAES256CTRKey),
302 kAESCTRInitCounter, std::size(kAESCTRInitCounter),
303 kAESCTRPlaintext, std::size(kAESCTRPlaintext),
304 kAES256CTRCiphertext,
305 std::size(kAES256CTRCiphertext));
308 TEST(EncryptorTest, EncryptDecryptCTR) {
309 std::unique_ptr<crypto::SymmetricKey> key(
310 crypto::SymmetricKey::GenerateRandomKey(crypto::SymmetricKey::AES, 128));
312 EXPECT_TRUE(key.get());
313 const std::string kInitialCounter = "0000000000000000";
315 crypto::Encryptor encryptor;
316 EXPECT_TRUE(encryptor.Init(key.get(), crypto::Encryptor::CTR, ""));
317 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
319 std::string plaintext("normal plaintext of random length");
320 std::string ciphertext;
321 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
322 EXPECT_LT(0U, ciphertext.size());
324 std::string decrypted;
325 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
326 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
327 EXPECT_EQ(plaintext, decrypted);
329 plaintext = "0123456789012345";
330 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
331 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
332 EXPECT_LT(0U, ciphertext.size());
334 EXPECT_TRUE(encryptor.SetCounter(kInitialCounter));
335 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
336 EXPECT_EQ(plaintext, decrypted);
339 // TODO(wtc): add more known-answer tests. Test vectors are available from
340 // http://www.ietf.org/rfc/rfc3602
341 // http://csrc.nist.gov/publications/nistpubs/800-38a/sp800-38a.pdf
342 // http://gladman.plushost.co.uk/oldsite/AES/index.php
343 // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip
345 // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt.
346 TEST(EncryptorTest, EncryptAES256CBC) {
347 // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt.
348 static const unsigned char kRawKey[] = {
349 0x60, 0x3d, 0xeb, 0x10, 0x15, 0xca, 0x71, 0xbe,
350 0x2b, 0x73, 0xae, 0xf0, 0x85, 0x7d, 0x77, 0x81,
351 0x1f, 0x35, 0x2c, 0x07, 0x3b, 0x61, 0x08, 0xd7,
352 0x2d, 0x98, 0x10, 0xa3, 0x09, 0x14, 0xdf, 0xf4
354 static const unsigned char kRawIv[] = {
355 0x00, 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07,
356 0x08, 0x09, 0x0a, 0x0b, 0x0c, 0x0d, 0x0e, 0x0f
358 static const unsigned char kRawPlaintext[] = {
360 0x6b, 0xc1, 0xbe, 0xe2, 0x2e, 0x40, 0x9f, 0x96,
361 0xe9, 0x3d, 0x7e, 0x11, 0x73, 0x93, 0x17, 0x2a,
363 0xae, 0x2d, 0x8a, 0x57, 0x1e, 0x03, 0xac, 0x9c,
364 0x9e, 0xb7, 0x6f, 0xac, 0x45, 0xaf, 0x8e, 0x51,
366 0x30, 0xc8, 0x1c, 0x46, 0xa3, 0x5c, 0xe4, 0x11,
367 0xe5, 0xfb, 0xc1, 0x19, 0x1a, 0x0a, 0x52, 0xef,
369 0xf6, 0x9f, 0x24, 0x45, 0xdf, 0x4f, 0x9b, 0x17,
370 0xad, 0x2b, 0x41, 0x7b, 0xe6, 0x6c, 0x37, 0x10,
372 static const unsigned char kRawCiphertext[] = {
374 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
375 0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
377 0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
378 0x67, 0x9f, 0x77, 0x7b, 0xc6, 0x70, 0x2c, 0x7d,
380 0x39, 0xf2, 0x33, 0x69, 0xa9, 0xd9, 0xba, 0xcf,
381 0xa5, 0x30, 0xe2, 0x63, 0x04, 0x23, 0x14, 0x61,
383 0xb2, 0xeb, 0x05, 0xe2, 0xc3, 0x9b, 0xe9, 0xfc,
384 0xda, 0x6c, 0x19, 0x07, 0x8c, 0x6a, 0x9d, 0x1b,
385 // PKCS #5 padding, encrypted.
386 0x3f, 0x46, 0x17, 0x96, 0xd6, 0xb0, 0xd6, 0xb2,
387 0xe0, 0xc2, 0xa7, 0x2b, 0x4d, 0x80, 0xe6, 0x44
390 std::string key(reinterpret_cast<const char*>(kRawKey), sizeof(kRawKey));
391 std::unique_ptr<crypto::SymmetricKey> sym_key(
392 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
393 ASSERT_TRUE(sym_key.get());
395 crypto::Encryptor encryptor;
396 // The IV must be exactly as long a the cipher block size.
397 std::string iv(reinterpret_cast<const char*>(kRawIv), sizeof(kRawIv));
398 EXPECT_EQ(16U, iv.size());
399 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
401 std::string plaintext(reinterpret_cast<const char*>(kRawPlaintext),
402 sizeof(kRawPlaintext));
403 std::string ciphertext;
404 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
406 EXPECT_EQ(sizeof(kRawCiphertext), ciphertext.size());
407 EXPECT_EQ(0, memcmp(ciphertext.data(), kRawCiphertext, ciphertext.size()));
409 std::string decrypted;
410 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
412 EXPECT_EQ(plaintext, decrypted);
415 // Expected output derived from the NSS implementation.
416 TEST(EncryptorTest, EncryptAES128CBCRegression) {
417 std::string key = "128=SixteenBytes";
418 std::string iv = "Sweet Sixteen IV";
419 std::string plaintext = "Plain text with a g-clef U+1D11E \360\235\204\236";
420 std::string expected_ciphertext_hex =
421 "D4A67A0BA33C30F207344D81D1E944BBE65587C3D7D9939A"
422 "C070C62B9C15A3EA312EA4AD1BC7929F4D3C16B03AD5ADA8";
424 std::unique_ptr<crypto::SymmetricKey> sym_key(
425 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
426 ASSERT_TRUE(sym_key.get());
428 crypto::Encryptor encryptor;
429 // The IV must be exactly as long a the cipher block size.
430 EXPECT_EQ(16U, iv.size());
431 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
433 std::string ciphertext;
434 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
435 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
438 std::string decrypted;
439 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
440 EXPECT_EQ(plaintext, decrypted);
443 // Symmetric keys with an unsupported size should be rejected. Whether they are
444 // rejected by SymmetricKey::Import or Encryptor::Init depends on the platform.
445 TEST(EncryptorTest, UnsupportedKeySize) {
446 std::string key = "7 = bad";
447 std::string iv = "Sweet Sixteen IV";
448 std::unique_ptr<crypto::SymmetricKey> sym_key(
449 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
453 crypto::Encryptor encryptor;
454 // The IV must be exactly as long as the cipher block size.
455 EXPECT_EQ(16U, iv.size());
456 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
459 TEST(EncryptorTest, UnsupportedIV) {
460 std::string key = "128=SixteenBytes";
461 std::string iv = "OnlyForteen :(";
462 std::unique_ptr<crypto::SymmetricKey> sym_key(
463 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
464 ASSERT_TRUE(sym_key.get());
466 crypto::Encryptor encryptor;
467 EXPECT_FALSE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
470 TEST(EncryptorTest, EmptyEncryptCBC) {
471 std::string key = "128=SixteenBytes";
472 std::string iv = "Sweet Sixteen IV";
473 std::string plaintext;
474 std::string expected_ciphertext_hex = "8518B8878D34E7185E300D0FCC426396";
476 std::unique_ptr<crypto::SymmetricKey> sym_key(
477 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
478 ASSERT_TRUE(sym_key.get());
480 crypto::Encryptor encryptor;
481 // The IV must be exactly as long as the cipher block size.
482 EXPECT_EQ(16U, iv.size());
483 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
485 std::string ciphertext;
486 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
487 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext.data(),
490 std::string decrypted;
491 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
492 EXPECT_EQ(decrypted, plaintext);
494 // Decrypting the empty string should fail. Our formulation of CBC expects a
495 // full block of padding for CBC.
496 EXPECT_FALSE(encryptor.Decrypt(std::string(), &decrypted));
498 // Repeat the test with the byte-based API.
499 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
500 std::vector<uint8_t> ciphertext_bytes;
502 encryptor.Encrypt(base::span<const uint8_t>(), &ciphertext_bytes));
503 EXPECT_EQ(expected_ciphertext_hex, base::HexEncode(ciphertext_bytes));
505 std::vector<uint8_t> decrypted_bytes;
506 EXPECT_TRUE(encryptor.Decrypt(ciphertext_bytes, &decrypted_bytes));
507 EXPECT_EQ(decrypted_bytes.size(), 0u);
509 // Decrypting the empty string should fail. Our formulation of CBC expects a
510 // full block of padding for CBC.
512 encryptor.Decrypt(base::span<const uint8_t>(), &decrypted_bytes));
515 TEST(EncryptorTest, EmptyEncryptCTR) {
516 std::string key = "128=SixteenBytes";
517 std::string iv = "Sweet Sixteen IV";
518 std::string plaintext;
519 std::string expected_ciphertext;
521 std::unique_ptr<crypto::SymmetricKey> sym_key(
522 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
523 ASSERT_TRUE(sym_key.get());
525 crypto::Encryptor encryptor;
526 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, ""));
527 ASSERT_TRUE(encryptor.SetCounter(iv));
529 std::string ciphertext;
530 EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
531 EXPECT_EQ(expected_ciphertext, ciphertext);
533 std::string decrypted;
534 EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decrypted));
535 EXPECT_EQ(decrypted, plaintext);
537 // Repeat the test with the byte-based API.
538 ASSERT_TRUE(encryptor.SetCounter(iv));
539 std::vector<uint8_t> ciphertext_bytes;
541 encryptor.Encrypt(base::span<const uint8_t>(), &ciphertext_bytes));
542 EXPECT_EQ(ciphertext_bytes.size(), 0u);
544 std::vector<uint8_t> decrypted_bytes;
545 EXPECT_TRUE(encryptor.Decrypt(base::span<const uint8_t>(), &decrypted_bytes));
546 EXPECT_EQ(decrypted_bytes.size(), 0u);
549 TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) {
550 std::string key = "128=SixteenBytes";
551 std::string iv = "Sweet Sixteen IV";
553 std::unique_ptr<crypto::SymmetricKey> sym_key(
554 crypto::SymmetricKey::Import(crypto::SymmetricKey::AES, key));
555 ASSERT_TRUE(sym_key.get());
557 crypto::Encryptor encryptor;
558 // The IV must be exactly as long a the cipher block size.
559 EXPECT_EQ(16U, iv.size());
560 EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CBC, iv));
562 // Use a separately allocated array to improve the odds of the memory tools
563 // catching invalid accesses.
565 // Otherwise when using std::string as the other tests do, accesses several
566 // bytes off the end of the buffer may fall inside the reservation of
567 // the string and not be detected.
568 std::unique_ptr<char[]> ciphertext(new char[1]);
570 std::string plaintext;
572 encryptor.Decrypt(std::string_view(ciphertext.get(), 1), &plaintext));