[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 1686 matching lines @@
   key_raw_hex_in =
       "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
   EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
                                  HexStringToBytes(key_raw_hex_in),
                                  algorithm,
                                  true,
                                  blink::WebCryptoKeyUsageWrapKey,
                                  &key));
 }
 
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptKnownAnswer)) {
+
+  // The following tests use test vectors from
+  // http://www.ietf.org/rfc/rfc3394.txt
+
+  struct TestCase {
+    const char* kek_hex;
+    const char* data_hex;
+    const char* ciphertext_hex;
+  };
+
+  const TestCase kTests[] = {
+    // 4.1 Wrap 128 bits of Key Data with a 128-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F",
+      "00112233445566778899AABBCCDDEEFF",
+      "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5"
+    },
+    // 4.2 Wrap 128 bits of Key Data with a 192-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F1011121314151617",
+      "00112233445566778899AABBCCDDEEFF",
+      "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D"
+    },
+    // 4.3 Wrap 128 bits of Key Data with a 256-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      "00112233445566778899AABBCCDDEEFF",
+      "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7"
+    },
+    // 4.4 Wrap 192 bits of Key Data with a 192-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F1011121314151617",
+      "00112233445566778899AABBCCDDEEFF0001020304050607",
+      "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2"
+    },
+    // 4.5 Wrap 192 bits of Key Data with a 256-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      "00112233445566778899AABBCCDDEEFF0001020304050607",
+      "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1"
+
+    },
+    // 4.6 Wrap 256 bits of Key Data with a 256-bit KEK
+    {
+      "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
+      "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F",
+      "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B"
+          "7A02DD21"
+    },
+  };
+
+  for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) {
+
+    SCOPED_TRACE(index);
+    const TestCase& test = kTests[index];
+    const blink::WebCryptoAlgorithm algorithm =
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+    // Import the key.
+    blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
+        test.kek_hex,
+        algorithm,

[Bryan Eyler, 2013/12/18 23:30:32]

Might be good to try different algorithms too, to exercise the issue I mentioned
about the algorithms matching.

[padolph, 2013/12/19 00:07:15]

Done.

+        blink::WebCryptoKeyUsageWrapKey);
+
+    // Verify the exported raw key is identical to the imported data.
+    blink::WebArrayBuffer raw_key;
+    EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
+    ExpectArrayBufferMatchesHex(test.kek_hex, raw_key);
+
+    // Encrypt the data and verify the result against the known answer.
+    blink::WebArrayBuffer output;
+    EXPECT_TRUE(EncryptInternal(algorithm,
+                                key,
+                                HexStringToBytes(test.data_hex),
+                                &output));
+    ExpectArrayBufferMatchesHex(test.ciphertext_hex, output);
+
+    // Decrypt the ciphertext and verify the result against the known input.
+    EXPECT_TRUE(DecryptInternal(algorithm,
+                                key,
+                                HexStringToBytes(test.ciphertext_hex),
+                                &output));
+    ExpectArrayBufferMatchesHex(test.data_hex, output);
+  }
+}
+
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptFailures)) {
+  const blink::WebCryptoAlgorithm algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+  blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
+      "000102030405060708090A0B0C0D0E0F",
+      algorithm,
+      blink::WebCryptoKeyUsageWrapKey);
+
+  // For encrypt, the input data size must be at least 16 bytes. Expect failure
+  // with a data size of 8 bytes, and success with 16.
+  blink::WebArrayBuffer output;
+  EXPECT_FALSE(EncryptInternal(
+      algorithm,
+      key,
+      HexStringToBytes("11f9ec1b249b2629"),
+      &output));
+  EXPECT_TRUE(EncryptInternal(
+      algorithm,
+      key,
+      HexStringToBytes("2139128461ed6d341dff4db94f60094f"),
+      &output));
+
+  // For encrypt, the input data size must be a multiple of 8 bytes. Expect
+  // failure with a data size of 17 bytes.
+  EXPECT_FALSE(EncryptInternal(
+      algorithm,
+      key,
+      HexStringToBytes("0248cb45ca808c8aacfad2b2c092c15745"),
+      &output));
+}
+
 }  // namespace content