Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(60)

Side by Side Diff: content/renderer/webcrypto/shared_crypto_unittest.cc

Issue 118623002: [webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: rebase and refactor Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/webcrypto/shared_crypto.h" 5 #include "content/renderer/webcrypto/shared_crypto.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 2047 matching lines...) Expand 10 before | Expand all | Expand 10 after
2058 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; 2058 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
2059 EXPECT_STATUS(Status::Error(), 2059 EXPECT_STATUS(Status::Error(),
2060 ImportKey(blink::WebCryptoKeyFormatRaw, 2060 ImportKey(blink::WebCryptoKeyFormatRaw,
2061 CryptoData(HexStringToBytes(key_raw_hex_in)), 2061 CryptoData(HexStringToBytes(key_raw_hex_in)),
2062 algorithm, 2062 algorithm,
2063 true, 2063 true,
2064 blink::WebCryptoKeyUsageWrapKey, 2064 blink::WebCryptoKeyUsageWrapKey,
2065 &key)); 2065 &key));
2066 } 2066 }
2067 2067
2068 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
2069 scoped_ptr<base::ListValue> tests;
2070 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2071
2072 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
2073 SCOPED_TRACE(test_index);
2074 base::DictionaryValue* test;
2075 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
2076 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2077 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
2078 const std::vector<uint8> test_ciphertext =
2079 GetBytesFromHexString(test, "ciphertext");
2080 const blink::WebCryptoAlgorithm wrapping_algorithm =
2081 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2082
2083 // Import the wrapping key.
2084 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2085 test_kek,
2086 wrapping_algorithm,
2087 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2088
2089 // Import the key to be wrapped.
2090 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2091 test_key,
2092 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2093 blink::WebCryptoKeyUsageEncrypt);
2094
2095 // Wrap the key and verify the ciphertext result against the known answer.
2096 blink::WebArrayBuffer wrapped_key;
2097 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw,
2098 wrapping_key,
2099 key,
2100 wrapping_algorithm,
2101 &wrapped_key));
2102 ExpectArrayBufferMatches(test_ciphertext, wrapped_key);
2103
2104 // Unwrap the known ciphertext to get a new test_key.
2105 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2106 ASSERT_STATUS_SUCCESS(
2107 Unwrapkey(blink::WebCryptoKeyFormatRaw,
2108 CryptoData(test_ciphertext),
2109 wrapping_key,
2110 wrapping_algorithm,
2111 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2112 true,
2113 blink::WebCryptoKeyUsageEncrypt,
2114 &unwrapped_key));
2115 EXPECT_FALSE(key.isNull());
2116 EXPECT_TRUE(key.handle());
2117 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
2118 EXPECT_EQ(
2119 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
2120 key.algorithm().id());
2121 EXPECT_EQ(true, key.extractable());
2122 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
2123
2124 // Export the new key and compare its raw bytes with the original known key.
2125 blink::WebArrayBuffer raw_key;
2126 EXPECT_STATUS_SUCCESS(
2127 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2128 ExpectArrayBufferMatches(test_key, raw_key);
2129 }
2130 }
2131
2132 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
2133 scoped_ptr<base::ListValue> tests;
2134 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2135 base::DictionaryValue* test;
2136 // Use 256 bits of data with a 256-bit KEK
2137 ASSERT_TRUE(tests->GetDictionary(5, &test));
2138 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2139 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
2140 const std::vector<uint8> test_ciphertext =
2141 GetBytesFromHexString(test, "ciphertext");
2142 const blink::WebCryptoAlgorithm wrapping_algorithm =
2143 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2144 const blink::WebCryptoAlgorithm key_algorithm =
2145 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
2146 // Import the wrapping key.
2147 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2148 test_kek,
2149 wrapping_algorithm,
2150 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2151 // Import the key to be wrapped.
2152 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2153 test_key,
2154 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2155 blink::WebCryptoKeyUsageEncrypt);
2156
2157 // Unwrap with null algorithm must fail.
2158 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2159 EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(),
2160 Unwrapkey(blink::WebCryptoKeyFormatRaw,
2161 CryptoData(test_ciphertext),
2162 wrapping_key,
2163 wrapping_algorithm,
2164 blink::WebCryptoAlgorithm::createNull(),
2165 true,
2166 blink::WebCryptoKeyUsageEncrypt,
2167 &unwrapped_key));
2168
2169 // Unwrap with wrapped data too small must fail.
2170 const std::vector<uint8> small_data(test_ciphertext.begin(),
2171 test_ciphertext.begin() + 23);
2172 EXPECT_STATUS(Status::ErrorDataTooSmall(),
2173 Unwrapkey(blink::WebCryptoKeyFormatRaw,
2174 CryptoData(small_data),
2175 wrapping_key,
2176 wrapping_algorithm,
2177 key_algorithm,
2178 true,
2179 blink::WebCryptoKeyUsageEncrypt,
2180 &unwrapped_key));
2181
2182 // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
2183 const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
2184 test_ciphertext.end() - 2);
2185 EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(),
2186 Unwrapkey(blink::WebCryptoKeyFormatRaw,
2187 CryptoData(unaligned_data),
2188 wrapping_key,
2189 wrapping_algorithm,
2190 key_algorithm,
2191 true,
2192 blink::WebCryptoKeyUsageEncrypt,
2193 &unwrapped_key));
2194 }
2195
2068 // TODO(eroman): 2196 // TODO(eroman):
2069 // * Test decryption when the tag length exceeds input size 2197 // * Test decryption when the tag length exceeds input size
2070 // * Test decryption with empty input 2198 // * Test decryption with empty input
2071 // * Test decryption with tag length of 0. 2199 // * Test decryption with tag length of 0.
2072 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { 2200 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
2073 // Some Linux test runners may not have a new enough version of NSS. 2201 // Some Linux test runners may not have a new enough version of NSS.
2074 if (!SupportsAesGcm()) { 2202 if (!SupportsAesGcm()) {
2075 LOG(WARNING) << "AES GCM not supported, skipping tests"; 2203 LOG(WARNING) << "AES GCM not supported, skipping tests";
2076 return; 2204 return;
2077 } 2205 }
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after
2181 test_cipher_text, 2309 test_cipher_text,
2182 test_authentication_tag, 2310 test_authentication_tag,
2183 &plain_text)); 2311 &plain_text));
2184 } 2312 }
2185 } 2313 }
2186 } 2314 }
2187 2315
2188 } // namespace webcrypto 2316 } // namespace webcrypto
2189 2317
2190 } // namespace content 2318 } // namespace content
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698