Demonstrate that not all wrong keys can be detected by padding error.

R=xhwang@chromium.org
BUG=124434
TEST=crypto_unittests --gtest_filter=EncryptorTest.DecryptWrongKey

Review URL: http://codereview.chromium.org/10247001

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@134220 0039d316-1c4b-4281-b951-d872f2087c98

1 files changed, 14 insertions, 0 deletions

diff --git a/crypto/encryptor_unittest.cc b/crypto/encryptor_unittest.cc
index 09ec968..ac60672 100644
--- a/crypto/encryptor_unittest.cc
+++ b/crypto/encryptor_unittest.cc
@@ -46,6 +46,13 @@ TEST(EncryptorTest, DecryptWrongKey) {
             crypto::SymmetricKey::AES, "wrongword", "sweetest", 1000, 256));
   EXPECT_TRUE(NULL != wrong_key.get());
 
+  // A wrong key that can't be detected by padding error.  The password
+  // "wrongword;" would also work.
+  scoped_ptr<crypto::SymmetricKey> wrong_key2(
+        crypto::SymmetricKey::DeriveKeyFromPassword(
+            crypto::SymmetricKey::AES, "wrongword+", "sweetest", 1000, 256));
+  EXPECT_TRUE(NULL != wrong_key2.get());
+
   crypto::Encryptor encryptor;
   // The IV must be exactly as long as the cipher block size.
   std::string iv("the iv: 16 bytes");
@@ -77,6 +84,13 @@ TEST(EncryptorTest, DecryptWrongKey) {
 #if !defined(USE_NSS)
   EXPECT_FALSE(decryptor.Decrypt(ciphertext, &decypted));
 #endif
+
+  // This demonstrates that not all wrong keys can be detected by padding
+  // error. This wrong key causes the last padding byte to be 1, which is
+  // a valid padding block of length 1.
+  crypto::Encryptor decryptor2;
+  EXPECT_TRUE(decryptor2.Init(wrong_key2.get(), crypto::Encryptor::CBC, iv));
+  EXPECT_TRUE(decryptor2.Decrypt(ciphertext, &decypted));
 }
 
 // CTR mode encryption is only implemented using NSS.