arc/keymaster/context/openssl_utils_test.cc - mirrors/cros/chromiumos/platform2 - Git at Google

 // Copyright 2020 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #include "arc/keymaster/context/openssl_utils.h"

 #include <brillo/secure_blob.h>
 #include <gtest/gtest.h>

 namespace arc {
 namespace keymaster {
 namespace context {

 namespace {

 // Arbitrary 32 byte keys.
 const brillo::SecureBlob kEncryptionKey1(32, 99);
 const brillo::SecureBlob kEncryptionKey2(32, 98);
 // Arbitrary byte arrays.
 const brillo::Blob kAuthData1 = {1, 2, 3};
 const brillo::Blob kAuthData2 = {1, 2, 4};
 const brillo::SecureBlob kBlob(145, 42);

 }  // anonymous namespace

 TEST(OpenSslUtils, EncryptThenDecrypt) {
   // Encrypt.
   base::Optional<brillo::Blob> encrypted =
       Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
   ASSERT_TRUE(encrypted.has_value());

   // Decrypt.
   base::Optional<brillo::SecureBlob> decrypted =
       Aes256GcmDecrypt(kEncryptionKey1, kAuthData1, encrypted.value());
   ASSERT_TRUE(decrypted.has_value());

   // Verify blobs before encryption and after decryption match.
   ASSERT_EQ(kBlob, decrypted.value());
 }

 TEST(OpenSslUtils, EncryptedBlobSize) {
   // Encrypt.
   base::Optional<brillo::Blob> encrypted =
       Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
   ASSERT_TRUE(encrypted.has_value());

   // Verify encrypted blob is large enough to contain auth tag and IV.
   EXPECT_GE(encrypted->size(), kBlob.size() + kTagSize + kIvSize);
 }

 TEST(OpenSslUtils, DecryptWithDifferentEncryptionKeyError) {
   // Encrypt with some encryption key.
   base::Optional<brillo::Blob> encrypted =
       Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
   ASSERT_TRUE(encrypted.has_value());

   // Try to decrypt with another encryption key.
   ASSERT_NE(kEncryptionKey1, kEncryptionKey2);
   base::Optional<brillo::SecureBlob> decrypted =
       Aes256GcmDecrypt(kEncryptionKey2, kAuthData1, encrypted.value());

   // Verify decryption fails.
   EXPECT_FALSE(decrypted.has_value());
 }

 TEST(OpenSslUtils, DecryptWithDifferentAuthDataError) {
   // Encrypt with some auth data.
   base::Optional<brillo::Blob> encrypted =
       Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
   ASSERT_TRUE(encrypted.has_value());

   // Try to decrypt with different auth data.
   ASSERT_NE(kAuthData1, kAuthData2);
   base::Optional<brillo::SecureBlob> decrypted =
       Aes256GcmDecrypt(kEncryptionKey1, kAuthData2, encrypted.value());

   // Verify decryption fails.
   EXPECT_FALSE(decrypted.has_value());
 }

 }  // namespace context
 }  // namespace keymaster
 }  // namespace arc
	// Copyright 2020 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#include "arc/keymaster/context/openssl_utils.h"

	#include <brillo/secure_blob.h>
	#include <gtest/gtest.h>

	namespace arc {
	namespace keymaster {
	namespace context {

	namespace {

	// Arbitrary 32 byte keys.
	const brillo::SecureBlob kEncryptionKey1(32, 99);
	const brillo::SecureBlob kEncryptionKey2(32, 98);
	// Arbitrary byte arrays.
	const brillo::Blob kAuthData1 = {1, 2, 3};
	const brillo::Blob kAuthData2 = {1, 2, 4};
	const brillo::SecureBlob kBlob(145, 42);

	} // anonymous namespace

	TEST(OpenSslUtils, EncryptThenDecrypt) {
	// Encrypt.
	base::Optional<brillo::Blob> encrypted =
	Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
	ASSERT_TRUE(encrypted.has_value());

	// Decrypt.
	base::Optional<brillo::SecureBlob> decrypted =
	Aes256GcmDecrypt(kEncryptionKey1, kAuthData1, encrypted.value());
	ASSERT_TRUE(decrypted.has_value());

	// Verify blobs before encryption and after decryption match.
	ASSERT_EQ(kBlob, decrypted.value());
	}

	TEST(OpenSslUtils, EncryptedBlobSize) {
	// Encrypt.
	base::Optional<brillo::Blob> encrypted =
	Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
	ASSERT_TRUE(encrypted.has_value());

	// Verify encrypted blob is large enough to contain auth tag and IV.
	EXPECT_GE(encrypted->size(), kBlob.size() + kTagSize + kIvSize);
	}

	TEST(OpenSslUtils, DecryptWithDifferentEncryptionKeyError) {
	// Encrypt with some encryption key.
	base::Optional<brillo::Blob> encrypted =
	Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
	ASSERT_TRUE(encrypted.has_value());

	// Try to decrypt with another encryption key.
	ASSERT_NE(kEncryptionKey1, kEncryptionKey2);
	base::Optional<brillo::SecureBlob> decrypted =
	Aes256GcmDecrypt(kEncryptionKey2, kAuthData1, encrypted.value());

	// Verify decryption fails.
	EXPECT_FALSE(decrypted.has_value());
	}

	TEST(OpenSslUtils, DecryptWithDifferentAuthDataError) {
	// Encrypt with some auth data.
	base::Optional<brillo::Blob> encrypted =
	Aes256GcmEncrypt(kEncryptionKey1, kAuthData1, kBlob);
	ASSERT_TRUE(encrypted.has_value());

	// Try to decrypt with different auth data.
	ASSERT_NE(kAuthData1, kAuthData2);
	base::Optional<brillo::SecureBlob> decrypted =
	Aes256GcmDecrypt(kEncryptionKey1, kAuthData2, encrypted.value());

	// Verify decryption fails.
	EXPECT_FALSE(decrypted.has_value());
	}

	} // namespace context
	} // namespace keymaster
	} // namespace arc