[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS.

content/renderer/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 2002 matching lines @@
       "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
   EXPECT_STATUS(Status::Error(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes(key_raw_hex_in)),
                           algorithm,
                           true,
                           blink::WebCryptoKeyUsageWrapKey,
                           &key));
 }
 
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+
+  for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
+    SCOPED_TRACE(test_index);
+    base::DictionaryValue* test;
+    ASSERT_TRUE(tests->GetDictionary(test_index, &test));
+    const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+    const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
+    const std::vector<uint8> test_ciphertext =
+        GetBytesFromHexString(test, "ciphertext");
+    const blink::WebCryptoAlgorithm wrapping_algorithm =
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+    // Import the wrapping key.
+    blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+        test_kek,
+        wrapping_algorithm,
+        blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
+
+    // Import the key to be wrapped.
+    blink::WebCryptoKey key = ImportSecretKeyFromRaw(
+        test_key,
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+        blink::WebCryptoKeyUsageEncrypt);
+
+    // Wrap the key and verify the ciphertext result against the known answer.
+    blink::WebArrayBuffer wrapped_key;
+    ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw,
+                                  wrapping_key,
+                                  key,
+                                  wrapping_algorithm,
+                                  &wrapped_key));
+    ExpectArrayBufferMatches(test_ciphertext, wrapped_key);
+
+    // Unwrap the known ciphertext to get a new test_key.
+    blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+    ASSERT_STATUS_SUCCESS(
+        UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                  CryptoData(test_ciphertext),
+                  wrapping_key,
+                  wrapping_algorithm,
+                  webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                  true,
+                  blink::WebCryptoKeyUsageEncrypt,
+                  &unwrapped_key));
+    EXPECT_FALSE(key.isNull());
+    EXPECT_TRUE(key.handle());
+    EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+    EXPECT_EQ(
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
+        key.algorithm().id());
+    EXPECT_EQ(true, key.extractable());
+    EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+
+    // Export the new key and compare its raw bytes with the original known key.
+    blink::WebArrayBuffer raw_key;
+    EXPECT_STATUS_SUCCESS(
+        ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+    ExpectArrayBufferMatches(test_key, raw_key);
+  }
+}
+
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+  base::DictionaryValue* test;
+  // Use 256 bits of data with a 256-bit KEK
+  ASSERT_TRUE(tests->GetDictionary(5, &test));
+  const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+  const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
+  const std::vector<uint8> test_ciphertext =
+      GetBytesFromHexString(test, "ciphertext");
+  const blink::WebCryptoAlgorithm wrapping_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+  const blink::WebCryptoAlgorithm key_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  // Import the wrapping key.
+  blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+      test_kek,
+      wrapping_algorithm,
+      blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
+  // Import the key to be wrapped.
+  blink::WebCryptoKey key = ImportSecretKeyFromRaw(
+      test_key,
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+      blink::WebCryptoKeyUsageEncrypt);
+
+  // Unwrap with null algorithm must fail.
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(test_ciphertext),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          blink::WebCryptoAlgorithm::createNull(),
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+
+  // Unwrap with wrapped data too small must fail.
+  const std::vector<uint8> small_data(test_ciphertext.begin(),
+                                      test_ciphertext.begin() + 23);
+  EXPECT_STATUS(Status::ErrorDataTooSmall(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(small_data),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          key_algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+
+  // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
+  const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
+                                          test_ciphertext.end() - 2);
+  EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(unaligned_data),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          key_algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+}

[Ryan Sleevi, 2014/03/01 02:40:13]

Add a test for mutating the data, and ensuring that decryption of some known
answer fails / the key is different. AES-KW is supposed to prevent data from
being tweaked.

[padolph, 2014/03/01 03:38:28]

Done.

+
 // TODO(eroman):
 //   * Test decryption when the tag length exceeds input size
 //   * Test decryption with empty input
 //   * Test decryption with tag length of 0.
 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
   // Some Linux test runners may not have a new enough version of NSS.
   if (!SupportsAesGcm()) {
     LOG(WARNING) << "AES GCM not supported, skipping tests";
     return;
   }
@@ skipping 103 matching lines @@
                                         test_cipher_text,
                                         test_authentication_tag,
                                         &plain_text));
     }
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content