OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/shared_crypto.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 2002 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2013 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; | 2013 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
2014 EXPECT_STATUS(Status::Error(), | 2014 EXPECT_STATUS(Status::Error(), |
2015 ImportKey(blink::WebCryptoKeyFormatRaw, | 2015 ImportKey(blink::WebCryptoKeyFormatRaw, |
2016 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2016 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2017 algorithm, | 2017 algorithm, |
2018 true, | 2018 true, |
2019 blink::WebCryptoKeyUsageWrapKey, | 2019 blink::WebCryptoKeyUsageWrapKey, |
2020 &key)); | 2020 &key)); |
2021 } | 2021 } |
2022 | 2022 |
2023 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) { | |
2024 scoped_ptr<base::ListValue> tests; | |
2025 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); | |
2026 | |
2027 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | |
2028 SCOPED_TRACE(test_index); | |
2029 base::DictionaryValue* test; | |
2030 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | |
2031 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); | |
2032 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | |
2033 const std::vector<uint8> test_ciphertext = | |
2034 GetBytesFromHexString(test, "ciphertext"); | |
2035 const blink::WebCryptoAlgorithm wrapping_algorithm = | |
2036 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | |
2037 | |
2038 // Import the wrapping key. | |
2039 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | |
2040 test_kek, | |
2041 wrapping_algorithm, | |
2042 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | |
2043 | |
2044 // Import the key to be wrapped. | |
2045 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | |
2046 test_key, | |
2047 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
2048 blink::WebCryptoKeyUsageEncrypt); | |
2049 | |
2050 // Wrap the key and verify the ciphertext result against the known answer. | |
2051 blink::WebArrayBuffer wrapped_key; | |
2052 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw, | |
2053 wrapping_key, | |
2054 key, | |
2055 wrapping_algorithm, | |
2056 &wrapped_key)); | |
2057 ExpectArrayBufferMatches(test_ciphertext, wrapped_key); | |
2058 | |
2059 // Unwrap the known ciphertext to get a new test_key. | |
2060 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
2061 ASSERT_STATUS_SUCCESS( | |
2062 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2063 CryptoData(test_ciphertext), | |
2064 wrapping_key, | |
2065 wrapping_algorithm, | |
2066 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
2067 true, | |
2068 blink::WebCryptoKeyUsageEncrypt, | |
2069 &unwrapped_key)); | |
2070 EXPECT_FALSE(key.isNull()); | |
2071 EXPECT_TRUE(key.handle()); | |
2072 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
2073 EXPECT_EQ( | |
2074 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), | |
2075 key.algorithm().id()); | |
2076 EXPECT_EQ(true, key.extractable()); | |
2077 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | |
2078 | |
2079 // Export the new key and compare its raw bytes with the original known key. | |
2080 blink::WebArrayBuffer raw_key; | |
2081 EXPECT_STATUS_SUCCESS( | |
2082 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | |
2083 ExpectArrayBufferMatches(test_key, raw_key); | |
2084 } | |
2085 } | |
2086 | |
2087 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { | |
2088 scoped_ptr<base::ListValue> tests; | |
2089 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); | |
2090 base::DictionaryValue* test; | |
2091 // Use 256 bits of data with a 256-bit KEK | |
2092 ASSERT_TRUE(tests->GetDictionary(5, &test)); | |
2093 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); | |
2094 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | |
2095 const std::vector<uint8> test_ciphertext = | |
2096 GetBytesFromHexString(test, "ciphertext"); | |
2097 const blink::WebCryptoAlgorithm wrapping_algorithm = | |
2098 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | |
2099 const blink::WebCryptoAlgorithm key_algorithm = | |
2100 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | |
2101 // Import the wrapping key. | |
2102 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | |
2103 test_kek, | |
2104 wrapping_algorithm, | |
2105 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | |
2106 // Import the key to be wrapped. | |
2107 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | |
2108 test_key, | |
2109 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
2110 blink::WebCryptoKeyUsageEncrypt); | |
2111 | |
2112 // Unwrap with null algorithm must fail. | |
2113 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
2114 EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(), | |
2115 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2116 CryptoData(test_ciphertext), | |
2117 wrapping_key, | |
2118 wrapping_algorithm, | |
2119 blink::WebCryptoAlgorithm::createNull(), | |
2120 true, | |
2121 blink::WebCryptoKeyUsageEncrypt, | |
2122 &unwrapped_key)); | |
2123 | |
2124 // Unwrap with wrapped data too small must fail. | |
2125 const std::vector<uint8> small_data(test_ciphertext.begin(), | |
2126 test_ciphertext.begin() + 23); | |
2127 EXPECT_STATUS(Status::ErrorDataTooSmall(), | |
2128 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2129 CryptoData(small_data), | |
2130 wrapping_key, | |
2131 wrapping_algorithm, | |
2132 key_algorithm, | |
2133 true, | |
2134 blink::WebCryptoKeyUsageEncrypt, | |
2135 &unwrapped_key)); | |
2136 | |
2137 // Unwrap with wrapped data size not a multiple of 8 bytes must fail. | |
2138 const std::vector<uint8> unaligned_data(test_ciphertext.begin(), | |
2139 test_ciphertext.end() - 2); | |
2140 EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(), | |
2141 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2142 CryptoData(unaligned_data), | |
2143 wrapping_key, | |
2144 wrapping_algorithm, | |
2145 key_algorithm, | |
2146 true, | |
2147 blink::WebCryptoKeyUsageEncrypt, | |
2148 &unwrapped_key)); | |
2149 } | |
Ryan Sleevi
2014/03/01 02:40:13
Add a test for mutating the data, and ensuring tha
padolph
2014/03/01 03:38:28
Done.
| |
2150 | |
2023 // TODO(eroman): | 2151 // TODO(eroman): |
2024 // * Test decryption when the tag length exceeds input size | 2152 // * Test decryption when the tag length exceeds input size |
2025 // * Test decryption with empty input | 2153 // * Test decryption with empty input |
2026 // * Test decryption with tag length of 0. | 2154 // * Test decryption with tag length of 0. |
2027 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { | 2155 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
2028 // Some Linux test runners may not have a new enough version of NSS. | 2156 // Some Linux test runners may not have a new enough version of NSS. |
2029 if (!SupportsAesGcm()) { | 2157 if (!SupportsAesGcm()) { |
2030 LOG(WARNING) << "AES GCM not supported, skipping tests"; | 2158 LOG(WARNING) << "AES GCM not supported, skipping tests"; |
2031 return; | 2159 return; |
2032 } | 2160 } |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2136 test_cipher_text, | 2264 test_cipher_text, |
2137 test_authentication_tag, | 2265 test_authentication_tag, |
2138 &plain_text)); | 2266 &plain_text)); |
2139 } | 2267 } |
2140 } | 2268 } |
2141 } | 2269 } |
2142 | 2270 |
2143 } // namespace webcrypto | 2271 } // namespace webcrypto |
2144 | 2272 |
2145 } // namespace content | 2273 } // namespace content |
OLD | NEW |