| Index: content/child/webcrypto/test/aes_cbc_unittest.cc
|
| diff --git a/content/child/webcrypto/test/aes_cbc_unittest.cc b/content/child/webcrypto/test/aes_cbc_unittest.cc
|
| deleted file mode 100644
|
| index 9d1fa6ac012e7715a87cd546b6f407d8180f9328..0000000000000000000000000000000000000000
|
| --- a/content/child/webcrypto/test/aes_cbc_unittest.cc
|
| +++ /dev/null
|
| @@ -1,571 +0,0 @@
|
| -// Copyright 2014 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "base/stl_util.h"
|
| -#include "content/child/webcrypto/algorithm_dispatch.h"
|
| -#include "content/child/webcrypto/crypto_data.h"
|
| -#include "content/child/webcrypto/status.h"
|
| -#include "content/child/webcrypto/test/test_helpers.h"
|
| -#include "content/child/webcrypto/webcrypto_util.h"
|
| -#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
|
| -#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
|
| -
|
| -namespace content {
|
| -
|
| -namespace webcrypto {
|
| -
|
| -namespace {
|
| -
|
| -// Creates an AES-CBC algorithm.
|
| -blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(
|
| - const std::vector<uint8_t>& iv) {
|
| - return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| - blink::WebCryptoAlgorithmIdAesCbc,
|
| - new blink::WebCryptoAesCbcParams(vector_as_array(&iv), iv.size()));
|
| -}
|
| -
|
| -blink::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm(
|
| - unsigned short key_length_bits) {
|
| - return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesCbc,
|
| - key_length_bits);
|
| -}
|
| -
|
| -blink::WebCryptoKey GetTestAesCbcKey() {
|
| - const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
|
| - blink::WebCryptoKey key = ImportSecretKeyFromRaw(
|
| - HexStringToBytes(key_hex),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
|
| -
|
| - // Verify exported raw key is identical to the imported data
|
| - std::vector<uint8_t> raw_key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_BYTES_EQ_HEX(key_hex, raw_key);
|
| - return key;
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, InputTooLarge) {
|
| - std::vector<uint8_t> output;
|
| -
|
| - // Give an input that is too large (would cause integer overflow when
|
| - // narrowing to an int). Note that both OpenSSL and NSS operate on signed int
|
| - // lengths.
|
| - std::vector<uint8_t> iv(16);
|
| -
|
| - // Pretend the input is large. Don't pass data pointer as NULL in case that
|
| - // is special cased; the implementation shouldn't actually dereference the
|
| - // data.
|
| - CryptoData input(&iv[0], INT_MAX - 3);
|
| -
|
| - EXPECT_EQ(
|
| - Status::ErrorDataTooLarge(),
|
| - Encrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output));
|
| - EXPECT_EQ(
|
| - Status::ErrorDataTooLarge(),
|
| - Decrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output));
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ExportKeyUnsupportedFormat) {
|
| - std::vector<uint8_t> output;
|
| -
|
| - // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
|
| - // keys).
|
| - EXPECT_EQ(
|
| - Status::ErrorUnsupportedExportKeyFormat(),
|
| - ExportKey(blink::WebCryptoKeyFormatSpki, GetTestAesCbcKey(), &output));
|
| - EXPECT_EQ(
|
| - Status::ErrorUnsupportedExportKeyFormat(),
|
| - ExportKey(blink::WebCryptoKeyFormatPkcs8, GetTestAesCbcKey(), &output));
|
| -}
|
| -
|
| -// Tests importing of keys (in a variety of formats), errors during import,
|
| -// encryption, and decryption, using known answers.
|
| -TEST(WebCryptoAesCbcTest, KnownAnswerEncryptDecrypt) {
|
| - scoped_ptr<base::ListValue> tests;
|
| - ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
|
| -
|
| - for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
|
| - SCOPED_TRACE(test_index);
|
| - base::DictionaryValue* test;
|
| - ASSERT_TRUE(tests->GetDictionary(test_index, &test));
|
| -
|
| - blink::WebCryptoKeyFormat key_format = GetKeyFormatFromJsonTestCase(test);
|
| - std::vector<uint8_t> key_data =
|
| - GetKeyDataFromJsonTestCase(test, key_format);
|
| - std::string import_error = "Success";
|
| - test->GetString("import_error", &import_error);
|
| -
|
| - // Import the key.
|
| - blink::WebCryptoKey key;
|
| - Status status = ImportKey(
|
| - key_format, CryptoData(key_data),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true,
|
| - blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
|
| - &key);
|
| - ASSERT_EQ(import_error, StatusToString(status));
|
| - if (status.IsError())
|
| - continue;
|
| -
|
| - // Test encryption.
|
| - if (test->HasKey("plain_text")) {
|
| - std::vector<uint8_t> test_plain_text =
|
| - GetBytesFromHexString(test, "plain_text");
|
| -
|
| - std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
|
| -
|
| - std::string encrypt_error = "Success";
|
| - test->GetString("encrypt_error", &encrypt_error);
|
| -
|
| - std::vector<uint8_t> output;
|
| - status = Encrypt(CreateAesCbcAlgorithm(test_iv), key,
|
| - CryptoData(test_plain_text), &output);
|
| - ASSERT_EQ(encrypt_error, StatusToString(status));
|
| - if (status.IsError())
|
| - continue;
|
| -
|
| - std::vector<uint8_t> test_cipher_text =
|
| - GetBytesFromHexString(test, "cipher_text");
|
| -
|
| - EXPECT_BYTES_EQ(test_cipher_text, output);
|
| - }
|
| -
|
| - // Test decryption.
|
| - if (test->HasKey("cipher_text")) {
|
| - std::vector<uint8_t> test_cipher_text =
|
| - GetBytesFromHexString(test, "cipher_text");
|
| -
|
| - std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
|
| -
|
| - std::string decrypt_error = "Success";
|
| - test->GetString("decrypt_error", &decrypt_error);
|
| -
|
| - std::vector<uint8_t> output;
|
| - status = Decrypt(CreateAesCbcAlgorithm(test_iv), key,
|
| - CryptoData(test_cipher_text), &output);
|
| - ASSERT_EQ(decrypt_error, StatusToString(status));
|
| - if (status.IsError())
|
| - continue;
|
| -
|
| - std::vector<uint8_t> test_plain_text =
|
| - GetBytesFromHexString(test, "plain_text");
|
| -
|
| - EXPECT_BYTES_EQ(test_plain_text, output);
|
| - }
|
| - }
|
| -}
|
| -
|
| -// TODO(eroman): Do this same test for AES-GCM, AES-KW, AES-CTR ?
|
| -TEST(WebCryptoAesCbcTest, GenerateKeyIsRandom) {
|
| - // Check key generation for each allowed key length.
|
| - std::vector<blink::WebCryptoAlgorithm> algorithm;
|
| - const unsigned short kKeyLength[] = {128, 256};
|
| - for (size_t key_length_i = 0; key_length_i < arraysize(kKeyLength);
|
| - ++key_length_i) {
|
| - blink::WebCryptoKey key;
|
| -
|
| - std::vector<std::vector<uint8_t>> keys;
|
| - std::vector<uint8_t> key_bytes;
|
| -
|
| - // Generate a small sample of keys.
|
| - for (int j = 0; j < 16; ++j) {
|
| - ASSERT_EQ(Status::Success(),
|
| - GenerateSecretKey(
|
| - CreateAesCbcKeyGenAlgorithm(kKeyLength[key_length_i]), true,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| - EXPECT_TRUE(key.handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
|
| - EXPECT_EQ(key_bytes.size() * 8,
|
| - key.algorithm().aesParams()->lengthBits());
|
| - keys.push_back(key_bytes);
|
| - }
|
| - // Ensure all entries in the key sample set are unique. This is a simplistic
|
| - // estimate of whether the generated keys appear random.
|
| - EXPECT_FALSE(CopiesExist(keys));
|
| - }
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, GenerateKeyBadLength) {
|
| - const unsigned short kKeyLen[] = {0, 127, 257};
|
| - blink::WebCryptoKey key;
|
| - for (size_t i = 0; i < arraysize(kKeyLen); ++i) {
|
| - SCOPED_TRACE(i);
|
| - EXPECT_EQ(Status::ErrorGenerateAesKeyLength(),
|
| - GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| - }
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ImportKeyEmptyUsage) {
|
| - blink::WebCryptoKey key;
|
| - ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw,
|
| - CryptoData(std::vector<uint8_t>(16)),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - true, 0, &key));
|
| -}
|
| -
|
| -// If key_ops is specified but empty, no key usages are allowed for the key.
|
| -TEST(WebCryptoAesCbcTest, ImportKeyJwkEmptyKeyOps) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetBoolean("ext", false);
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| - dict.Set("key_ops", new base::ListValue); // Takes ownership.
|
| -
|
| - // The JWK does not contain encrypt usages.
|
| - EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - // The JWK does not contain sign usage (nor is it applicable).
|
| - EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageSign, &key));
|
| -}
|
| -
|
| -// If key_ops is missing, then any key usages can be specified.
|
| -TEST(WebCryptoAesCbcTest, ImportKeyJwkNoKeyOps) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| -
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
| -
|
| - // The JWK does not contain sign usage (nor is it applicable).
|
| - EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageVerify, &key));
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsEncryptDecrypt) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| - base::ListValue* key_ops = new base::ListValue;
|
| - dict.Set("key_ops", key_ops); // Takes ownership.
|
| -
|
| - key_ops->AppendString("encrypt");
|
| -
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
| -
|
| - key_ops->AppendString("decrypt");
|
| -
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageDecrypt, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
|
| -
|
| - EXPECT_EQ(
|
| - Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
|
| - key.usages());
|
| -}
|
| -
|
| -// Test failure if input usage is NOT a strict subset of the JWK usage.
|
| -TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsNotSuperset) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| - base::ListValue* key_ops = new base::ListValue;
|
| - dict.Set("key_ops", key_ops); // Takes ownership.
|
| -
|
| - key_ops->AppendString("encrypt");
|
| -
|
| - EXPECT_EQ(
|
| - Status::ErrorJwkKeyopsInconsistent(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
|
| - &key));
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ImportKeyJwkUseEnc) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| -
|
| - // Test JWK composite use 'enc' usage
|
| - dict.SetString("alg", "A128CBC");
|
| - dict.SetString("use", "enc");
|
| - EXPECT_EQ(
|
| - Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
|
| - blink::WebCryptoKeyUsageWrapKey |
|
| - blink::WebCryptoKeyUsageUnwrapKey,
|
| - &key));
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
|
| - blink::WebCryptoKeyUsageWrapKey |
|
| - blink::WebCryptoKeyUsageUnwrapKey,
|
| - key.usages());
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ImportJwkInvalidJson) {
|
| - blink::WebCryptoKey key;
|
| - // Fail on empty JSON.
|
| - EXPECT_EQ(
|
| - Status::ErrorJwkNotDictionary(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(MakeJsonVector("")),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - // Fail on invalid JSON.
|
| - const std::vector<uint8_t> bad_json_vec = MakeJsonVector(
|
| - "{"
|
| - "\"kty\" : \"oct\","
|
| - "\"alg\" : \"HS256\","
|
| - "\"use\" : ");
|
| - EXPECT_EQ(Status::ErrorJwkNotDictionary(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(bad_json_vec),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -}
|
| -
|
| -// Fail on inconsistent key_ops - asking for "encrypt" however JWK contains
|
| -// only "foo".
|
| -TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsLacksUsages) {
|
| - blink::WebCryptoKey key;
|
| -
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| -
|
| - base::ListValue* key_ops = new base::ListValue;
|
| - // Note: the following call makes dict assume ownership of key_ops.
|
| - dict.Set("key_ops", key_ops);
|
| - key_ops->AppendString("foo");
|
| - EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
|
| - blink::WebCryptoKeyUsageEncrypt, &key));
|
| -}
|
| -
|
| -TEST(WebCryptoAesCbcTest, ImportExportJwk) {
|
| - const blink::WebCryptoAlgorithm algorithm =
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
|
| -
|
| - // AES-CBC 128
|
| - ImportExportJwkSymmetricKey(
|
| - 128, algorithm,
|
| - blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
|
| - "A128CBC");
|
| -
|
| - // AES-CBC 256
|
| - ImportExportJwkSymmetricKey(256, algorithm, blink::WebCryptoKeyUsageDecrypt,
|
| - "A256CBC");
|
| -
|
| - // Large usage value
|
| - ImportExportJwkSymmetricKey(
|
| - 256, algorithm,
|
| - blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
|
| - blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
|
| - "A256CBC");
|
| -}
|
| -
|
| -// AES 192-bit is not allowed: http://crbug.com/381829
|
| -TEST(WebCryptoAesCbcTest, GenerateAesCbc192) {
|
| - blink::WebCryptoKey key;
|
| - Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192), true,
|
| - blink::WebCryptoKeyUsageEncrypt, &key);
|
| - ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status);
|
| -}
|
| -
|
| -// AES 192-bit is not allowed: http://crbug.com/381829
|
| -TEST(WebCryptoAesCbcTest, UnwrapAesCbc192) {
|
| - std::vector<uint8_t> wrapping_key_data(16, 0);
|
| - std::vector<uint8_t> wrapped_key = HexStringToBytes(
|
| - "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F");
|
| -
|
| - blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
|
| - wrapping_key_data, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
|
| - blink::WebCryptoKeyUsageUnwrapKey);
|
| -
|
| - blink::WebCryptoKey unwrapped_key;
|
| - ASSERT_EQ(
|
| - Status::ErrorAes192BitUnsupported(),
|
| - UnwrapKey(blink::WebCryptoKeyFormatRaw, CryptoData(wrapped_key),
|
| - wrapping_key, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true,
|
| - blink::WebCryptoKeyUsageEncrypt, &unwrapped_key));
|
| -}
|
| -
|
| -// Try importing an AES-CBC key with unsupported key usages using raw
|
| -// format. AES-CBC keys support the following usages:
|
| -// 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
|
| -TEST(WebCryptoAesCbcTest, ImportKeyBadUsage_Raw) {
|
| - const blink::WebCryptoAlgorithm algorithm =
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
|
| -
|
| - blink::WebCryptoKeyUsageMask bad_usages[] = {
|
| - blink::WebCryptoKeyUsageSign,
|
| - blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt,
|
| - blink::WebCryptoKeyUsageDeriveBits,
|
| - blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify,
|
| - };
|
| -
|
| - std::vector<uint8_t> key_bytes(16);
|
| -
|
| - for (size_t i = 0; i < arraysize(bad_usages); ++i) {
|
| - SCOPED_TRACE(i);
|
| -
|
| - blink::WebCryptoKey key;
|
| - ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_bytes),
|
| - algorithm, true, bad_usages[i], &key));
|
| - }
|
| -}
|
| -
|
| -// Generate an AES-CBC key with invalid usages. AES-CBC supports:
|
| -// 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
|
| -TEST(WebCryptoAesCbcTest, GenerateKeyBadUsages) {
|
| - blink::WebCryptoKeyUsageMask bad_usages[] = {
|
| - blink::WebCryptoKeyUsageSign,
|
| - blink::WebCryptoKeyUsageVerify,
|
| - blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify,
|
| - };
|
| -
|
| - for (size_t i = 0; i < arraysize(bad_usages); ++i) {
|
| - SCOPED_TRACE(i);
|
| -
|
| - blink::WebCryptoKey key;
|
| -
|
| - ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| - GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true,
|
| - bad_usages[i], &key));
|
| - }
|
| -}
|
| -
|
| -// Generate an AES-CBC key with no usages.
|
| -TEST(WebCryptoAesCbcTest, GenerateKeyEmptyUsages) {
|
| - blink::WebCryptoKey key;
|
| -
|
| - ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
|
| - GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true, 0, &key));
|
| -}
|
| -
|
| -// Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the
|
| -// key pair (using SPKI format for public key, PKCS8 format for private key).
|
| -// Then unwrap the wrapped key pair and verify that the key data is the same.
|
| -TEST(WebCryptoAesCbcTest, WrapUnwrapRoundtripSpkiPkcs8) {
|
| - if (!SupportsRsaPrivateKeyImport())
|
| - return;
|
| -
|
| - // Generate the wrapping key.
|
| - blink::WebCryptoKey wrapping_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true,
|
| - blink::WebCryptoKeyUsageWrapKey |
|
| - blink::WebCryptoKeyUsageUnwrapKey,
|
| - &wrapping_key));
|
| -
|
| - // Generate an RSA key pair to be wrapped.
|
| - const unsigned int modulus_length = 256;
|
| - const std::vector<uint8_t> public_exponent = HexStringToBytes("010001");
|
| -
|
| - blink::WebCryptoKey public_key;
|
| - blink::WebCryptoKey private_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| - blink::WebCryptoAlgorithmIdSha256,
|
| - modulus_length, public_exponent),
|
| - true, blink::WebCryptoKeyUsageSign, &public_key,
|
| - &private_key));
|
| -
|
| - // Export key pair as SPKI + PKCS8
|
| - std::vector<uint8_t> public_key_spki;
|
| - ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatSpki,
|
| - public_key, &public_key_spki));
|
| -
|
| - std::vector<uint8_t> private_key_pkcs8;
|
| - ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatPkcs8,
|
| - private_key, &private_key_pkcs8));
|
| -
|
| - // Wrap the key pair.
|
| - blink::WebCryptoAlgorithm wrap_algorithm =
|
| - CreateAesCbcAlgorithm(std::vector<uint8_t>(16, 0));
|
| -
|
| - std::vector<uint8_t> wrapped_public_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - WrapKey(blink::WebCryptoKeyFormatSpki, public_key, wrapping_key,
|
| - wrap_algorithm, &wrapped_public_key));
|
| -
|
| - std::vector<uint8_t> wrapped_private_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - WrapKey(blink::WebCryptoKeyFormatPkcs8, private_key, wrapping_key,
|
| - wrap_algorithm, &wrapped_private_key));
|
| -
|
| - // Unwrap the key pair.
|
| - blink::WebCryptoAlgorithm rsa_import_algorithm =
|
| - CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| - blink::WebCryptoAlgorithmIdSha256);
|
| -
|
| - blink::WebCryptoKey unwrapped_public_key;
|
| -
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - UnwrapKey(blink::WebCryptoKeyFormatSpki, CryptoData(wrapped_public_key),
|
| - wrapping_key, wrap_algorithm, rsa_import_algorithm, true,
|
| - blink::WebCryptoKeyUsageVerify, &unwrapped_public_key));
|
| -
|
| - blink::WebCryptoKey unwrapped_private_key;
|
| -
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - UnwrapKey(blink::WebCryptoKeyFormatPkcs8, CryptoData(wrapped_private_key),
|
| - wrapping_key, wrap_algorithm, rsa_import_algorithm, true,
|
| - blink::WebCryptoKeyUsageSign, &unwrapped_private_key));
|
| -
|
| - // Export unwrapped key pair as SPKI + PKCS8
|
| - std::vector<uint8_t> unwrapped_public_key_spki;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatSpki, unwrapped_public_key,
|
| - &unwrapped_public_key_spki));
|
| -
|
| - std::vector<uint8_t> unwrapped_private_key_pkcs8;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatPkcs8, unwrapped_private_key,
|
| - &unwrapped_private_key_pkcs8));
|
| -
|
| - EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);
|
| - EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);
|
| -
|
| - EXPECT_NE(public_key_spki, wrapped_public_key);
|
| - EXPECT_NE(private_key_pkcs8, wrapped_private_key);
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -} // namespace webcrypto
|
| -
|
| -} // namespace content
|
|
|
Chromium Code Reviews
Issue 1077273002:
html_viewer: Move webcrypto to a place where html_viewer can use it. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master