Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc |
diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
index ba2e80a9dc10b9d6f3bd6ed3d3e08d54354f9b8c..010a7bed4fe8e0be3f115d584504b4eac92f7048 100644 |
--- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
+++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
@@ -2066,6 +2066,199 @@ TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { |
&key)); |
} |
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptKnownAnswer)) { |
+ |
+ // The following tests use test vectors from |
+ // http://www.ietf.org/rfc/rfc3394.txt |
+ |
+ struct TestCase { |
+ const char* kek_hex; |
+ const char* data_hex; |
+ const char* ciphertext_hex; |
+ }; |
+ |
+ //TODO(padolph): Move data out of this file. |
+ const TestCase kTests[] = { |
+ // 4.1 Wrap 128 bits of Key Data with a 128-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F", |
eroman
2014/02/26 23:40:22
With recent refactors I have been moving the test
|
+ "00112233445566778899AABBCCDDEEFF", |
+ "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5" |
+ }, |
+ // 4.2 Wrap 128 bits of Key Data with a 192-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F1011121314151617", |
+ "00112233445566778899AABBCCDDEEFF", |
+ "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D" |
+ }, |
+ // 4.3 Wrap 128 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF", |
+ "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7" |
+ }, |
+ // 4.4 Wrap 192 bits of Key Data with a 192-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F1011121314151617", |
+ "00112233445566778899AABBCCDDEEFF0001020304050607", |
+ "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2" |
+ }, |
+ // 4.5 Wrap 192 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF0001020304050607", |
+ "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1" |
+ |
+ }, |
+ // 4.6 Wrap 256 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F", |
+ "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B" |
+ "7A02DD21" |
+ }, |
+ }; |
+ |
+ for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) { |
eroman
2014/02/26 23:40:22
please rename test_index to match other places in
padolph
2014/02/28 23:28:40
Done.
|
+ |
+ SCOPED_TRACE(index); |
+ const TestCase& test = kTests[index]; |
+ const blink::WebCryptoAlgorithm algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ |
+ // Import the key. |
+ blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
+ HexStringToBytes(test.kek_hex), |
+ algorithm, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
+ |
+ // Verify the exported raw key is identical to the imported data. |
+ blink::WebArrayBuffer raw_key; |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ ExpectArrayBufferMatchesHex(test.kek_hex, raw_key); |
+ |
+ // Encrypt the data and verify the result against the known answer. |
+ blink::WebArrayBuffer output; |
+ EXPECT_STATUS_SUCCESS(EncryptInternal(algorithm, |
+ key, |
+ HexStringToBytes(test.data_hex), |
+ &output)); |
+ ExpectArrayBufferMatchesHex(test.ciphertext_hex, output); |
+ |
+ // Decrypt the ciphertext and verify the result against the known input. |
+ EXPECT_STATUS_SUCCESS(DecryptInternal(algorithm, |
+ key, |
+ HexStringToBytes(test.ciphertext_hex), |
+ &output)); |
+ ExpectArrayBufferMatchesHex(test.data_hex, output); |
+ } |
+} |
+ |
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptFailures)) { |
+ const blink::WebCryptoAlgorithm algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
+ HexStringToBytes("000102030405060708090A0B0C0D0E0F"), |
+ algorithm, |
+ blink::WebCryptoKeyUsageWrapKey); |
+ |
+ // For encrypt, the input data size must be at least 16 bytes. Expect failure |
+ // with a data size of 8 bytes, and success with 16. |
+ blink::WebArrayBuffer output; |
+ // TODO(padolph): Check for specific error? |
+ EXPECT_STATUS_ERROR(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("11f9ec1b249b2629"), |
+ &output)); |
+ EXPECT_STATUS_SUCCESS(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("2139128461ed6d341dff4db94f60094f"), |
+ &output)); |
+ |
+ // For encrypt, the input data size must be a multiple of 8 bytes. Expect |
+ // failure with a data size of 17 bytes. |
+ // TODO(padolph): Check for specific error? |
+ EXPECT_STATUS_ERROR(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("0248cb45ca808c8aacfad2b2c092c15745"), |
+ &output)); |
+} |
+ |
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptLargeData)) { |
+ const std::string large_data_hex = |
+ "308204be020100300d06092a864886f70d0101010500048204a8308204a4" |
+ "0201000282010100b3097277c6f9c16f7110441ccc00d8ec364d8b3eb1aa" |
+ "c3bca32a8877fe348a901a34c3b87917ba00e682caa7677e9e6b2fe2815c" |
+ "fb5ffd764b85a00ec6e2265693b2197fdcd832308b2b0ecd5069c8871161" |
+ "40f420c4050ba97157e93756ac1b8052b5ec6f2a846ab569afd6169465e1" |
+ "641bd1bc3542e4c56b4c925d89e8db6584f17fe10ac32d99d1858e08cf6e" |
+ "6c7ff000cff2147ce03941251a521f972da975d9a777ac4b8be34aad468c" |
+ "33422d7848fa0c24314d3f8872f1bbd86ea0d6a641351d8bbaeb075a080f" |
+ "6ee6749b39b02db5ee27d593bfe67c460435bb183ebb801ebd16d06f9f4a" |
+ "5043d44ba57e19dd993a50ef06a6783eba6cf58c55359449020301000102" |
+ "82010100931f9d481e6398f89a21b2c7334133011132b1cd68349abac61e" |
+ "aa9c687206b79a4167e08ce9d978e9f3ead29c32a9be0d5085dbc1da44af" |
+ "d429cfb8b4e89c76a2d24530146c38fa3932bdec2c3b7184c4dc7582e7f6" |
+ "0ceb636777c5772b2b2d424b35a2404be11acb4f3926a5d176d33befbc6f" |
+ "7c192763afe3f1971a4017213a165a13492f908ce62842fd3a0470dc4323" |
+ "b043466314e68d552843c18e7b17a3cd7bbabb511bb0df749690fd22a839" |
+ "32549abd601a2b003d5b0aa7da79f0903964a441d8104f1a4dda10fea67d" |
+ "0de925fe035345a2c6dd96af2ffd8ed7c5d31fac53d10ffc5d23126bcddf" |
+ "9c077e04a139329ff208f343365255241faf6c8102818100e3895040106b" |
+ "dd8d2e9db21051105690c92232db1d2b352558f1c7c7d2f13b6afe19c7b6" |
+ "05a111e03efac73f676ad86a03740de7dc5dff314cb600b7838b148343fb" |
+ "0f3a5dc682656b733fa8d747fe830932695ab390c65c21d57d5efd962215" |
+ "5713ffd4c1902ecc99475d4d3a7fe90744fdd226d8028752710677273362" |
+ "0f1102818100c96ef928fe52099d4e4fc2bb645cd8790830d19ef1171956" |
+ "48ab636b9b5c42549af7b737b099fc9604c3b3397abbd884f58e5f8a3e12" |
+ "8806ae29c81c64702de848995772bc96699c45d8ecf0ad4169c27d1bda51" |
+ "fbe70ce03f1a6c5bb731ab807b4f07d30ce98f1da73f7804c3ab48e007a1" |
+ "308024fa1db0d3bd30d207efa1b902818100a9749237a4033134fc0aa59a" |
+ "514501b342981d97e1d953f344928c5edd529b15cbb8176c10352cc2fd24" |
+ "774f590dd1aee2738407b1aeaf675fe20c169ff8ec85f612fbfc53ea8b22" |
+ "4d2bbfb556df5f44e78c8bb9e91161292c697abd4bce8c03a89e546176e6" |
+ "9273fd939080fb98574bfaadaddd0ff292256bd78cd5bd06c28102818053" |
+ "e328569f1b512fb6b656d5ada550ed8eb0ae0bb041bb66889affab87a6f3" |
+ "64c2a8d91f93277dde881b6c1f4af2c1e8154f76905eeb5ec4d1714b0a2f" |
+ "f5dbd879ab8a9498df571a22a8857c71dae50d7f06c374132114e6aac0f9" |
+ "5174c875b0eb296d8bc23bde432e2cab71e87f03b970d3fb1bd2ca6ae502" |
+ "392f04b9135dd902818045876edc196281cf5b1a33b677c0c521a3683fd2" |
+ "4ff7ef6a4f7934bdc9a91adf9b345b01a23e3c928b44a2f6549a77790d6a" |
+ "aaa6180530da566a4ade6c9625873bbb3261b203e1e5d2dd9e1fd17a4fa4" |
+ "01182dffc3b15d4af1661264a4380e1c48693377e668c4d18d1f3e9c5bd2" |
+ "513fa455369d54fd93d3f358ae8a5eae"; |
+ |
+ const blink::WebCryptoAlgorithm algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ |
+ // Import a wrapping key. |
+ blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
+ HexStringToBytes("000102030405060708090A0B0C0D0E0F"), |
+ algorithm, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
+ |
+ // Encrypt the large data. |
+ blink::WebArrayBuffer ciphertext; |
+ ASSERT_STATUS_SUCCESS(EncryptInternal(algorithm, |
+ key, |
+ HexStringToBytes(large_data_hex), |
+ &ciphertext)); |
+ |
+ // Decrypt the resulting ciphertext and verify against the input. |
+ blink::WebArrayBuffer plaintext; |
+ ASSERT_STATUS_SUCCESS(DecryptInternal( |
+ algorithm, |
+ key, |
+ reinterpret_cast<const unsigned char*>(ciphertext.data()), |
+ ciphertext.byteLength(), |
+ &plaintext)); |
+ ExpectArrayBufferMatchesHex(large_data_hex, plaintext); |
+} |
+ |
// TODO(eroman): |
// * Test decryption when the tag length exceeds input size |
// * Test decryption with empty input |