[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS.

content/renderer/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 127 matching lines @@
   return bytes;
 }
 
 void ExpectArrayBufferMatches(const std::vector<uint8>& expected,
                               const blink::WebArrayBuffer& actual) {
   EXPECT_EQ(
       base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
       base::HexEncode(actual.data(), actual.byteLength()));
 }
 
+void ExpectArrayBufferNotMatch(const std::vector<uint8>& expected,

[eroman, 2014/03/04 03:16:26]

For a future change, the right fix is to change this to return an ::Assertion...
 and just have the one flavor. It also helps with the line numbers then (since
failure line isn't reported as this function).

[padolph, 2014/03/04 17:20:07]

Done.

+                              const blink::WebArrayBuffer& actual) {
+  EXPECT_NE(
+      base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
+      base::HexEncode(actual.data(), actual.byteLength()));
+}
+
 void ExpectCryptoDataMatchesHex(const std::string& expected_hex,
                                 const CryptoData& actual) {
   EXPECT_STRCASEEQ(
       expected_hex.c_str(),
       base::HexEncode(actual.bytes(), actual.byte_length()).c_str());
 }
 
 void ExpectArrayBufferMatchesHex(const std::string& expected_hex,
                                  const blink::WebArrayBuffer& array_buffer) {
   return ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer));
@@ skipping 1855 matching lines @@
       "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
   EXPECT_STATUS(Status::Error(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes(key_raw_hex_in)),
                           algorithm,
                           true,
                           blink::WebCryptoKeyUsageWrapKey,
                           &key));
 }
 
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+
+  for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
+    SCOPED_TRACE(test_index);
+    base::DictionaryValue* test;
+    ASSERT_TRUE(tests->GetDictionary(test_index, &test));
+    const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+    const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
+    const std::vector<uint8> test_ciphertext =
+        GetBytesFromHexString(test, "ciphertext");
+    const blink::WebCryptoAlgorithm wrapping_algorithm =
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+    // Import the wrapping key.
+    blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+        test_kek,
+        wrapping_algorithm,
+        blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
+
+    // Import the key to be wrapped.
+    blink::WebCryptoKey key = ImportSecretKeyFromRaw(
+        test_key,
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+        blink::WebCryptoKeyUsageEncrypt);
+
+    // Wrap the key and verify the ciphertext result against the known answer.
+    blink::WebArrayBuffer wrapped_key;
+    ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw,
+                                  wrapping_key,
+                                  key,
+                                  wrapping_algorithm,
+                                  &wrapped_key));
+    ExpectArrayBufferMatches(test_ciphertext, wrapped_key);
+
+    // Unwrap the known ciphertext to get a new test_key.
+    blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+    ASSERT_STATUS_SUCCESS(
+        UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                  CryptoData(test_ciphertext),
+                  wrapping_key,
+                  wrapping_algorithm,
+                  webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                  true,
+                  blink::WebCryptoKeyUsageEncrypt,
+                  &unwrapped_key));
+    EXPECT_FALSE(key.isNull());
+    EXPECT_TRUE(key.handle());
+    EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+    EXPECT_EQ(
+        webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
+        key.algorithm().id());
+    EXPECT_EQ(true, key.extractable());
+    EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+
+    // Export the new key and compare its raw bytes with the original known key.
+    blink::WebArrayBuffer raw_key;
+    EXPECT_STATUS_SUCCESS(
+        ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+    ExpectArrayBufferMatches(test_key, raw_key);
+  }
+}
+
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+  base::DictionaryValue* test;
+  // Use 256 bits of data with a 256-bit KEK
+  ASSERT_TRUE(tests->GetDictionary(5, &test));
+  const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+  const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
+  const std::vector<uint8> test_ciphertext =
+      GetBytesFromHexString(test, "ciphertext");
+  const blink::WebCryptoAlgorithm wrapping_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+  const blink::WebCryptoAlgorithm key_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  // Import the wrapping key.
+  blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+      test_kek,
+      wrapping_algorithm,
+      blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
+  // Import the key to be wrapped.
+  blink::WebCryptoKey key = ImportSecretKeyFromRaw(
+      test_key,
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+      blink::WebCryptoKeyUsageEncrypt);
+
+  // Unwrap with null algorithm must fail.
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(test_ciphertext),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          blink::WebCryptoAlgorithm::createNull(),
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+
+  // Unwrap with wrapped data too small must fail.
+  const std::vector<uint8> small_data(test_ciphertext.begin(),
+                                      test_ciphertext.begin() + 23);
+  EXPECT_STATUS(Status::ErrorDataTooSmall(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(small_data),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          key_algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+
+  // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
+  const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
+                                          test_ciphertext.end() - 2);
+  EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(unaligned_data),
+                          wrapping_key,
+                          wrapping_algorithm,
+                          key_algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageEncrypt,
+                          &unwrapped_key));
+}
+
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) {
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+  base::DictionaryValue* test;
+  // Use 256 bits of data with a 256-bit KEK
+  ASSERT_TRUE(tests->GetDictionary(5, &test));
+  const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+  const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
+  const std::vector<uint8> test_ciphertext =
+      GetBytesFromHexString(test, "ciphertext");
+  const blink::WebCryptoAlgorithm wrapping_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+  // Import the wrapping key.
+  blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+      test_kek,
+      wrapping_algorithm,
+      blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
+
+  // Unwrap a corrupted version of the known ciphertext. Unwrap should pass but
+  // will produce a key that is different than the known original.
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(
+      UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                CryptoData(Corrupted(test_ciphertext)),
+                wrapping_key,
+                wrapping_algorithm,
+                webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                true,
+                blink::WebCryptoKeyUsageEncrypt,
+                &unwrapped_key));
+
+  // Export the new key and compare its raw bytes with the original known key.
+  // The comparison should fail.
+  blink::WebArrayBuffer raw_key;
+  EXPECT_STATUS_SUCCESS(
+      ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+  ExpectArrayBufferNotMatch(test_key, raw_key);
+}
+
 // TODO(eroman):
 //   * Test decryption when the tag length exceeds input size
 //   * Test decryption with empty input
 //   * Test decryption with tag length of 0.
 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
   // Some Linux test runners may not have a new enough version of NSS.
   if (!SupportsAesGcm()) {
     LOG(WARNING) << "AES GCM not supported, skipping tests";
     return;
   }
@@ skipping 103 matching lines @@
                                         test_cipher_text,
                                         test_authentication_tag,
                                         &plain_text));
     }
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content