| Index: content/renderer/webcrypto/shared_crypto_unittest.cc
|
| diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| index 4933f631195e6b19ba15dd70d9166a5dfb222c14..95e70cd3b809dd76c08ab25e118c4d279c25732f 100644
|
| --- a/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| +++ b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| @@ -2065,6 +2065,134 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
|
| &key));
|
| }
|
|
|
| +TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
|
| + scoped_ptr<base::ListValue> tests;
|
| + ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
|
| +
|
| + for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
|
| + SCOPED_TRACE(test_index);
|
| + base::DictionaryValue* test;
|
| + ASSERT_TRUE(tests->GetDictionary(test_index, &test));
|
| + const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
|
| + const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
|
| + const std::vector<uint8> test_ciphertext =
|
| + GetBytesFromHexString(test, "ciphertext");
|
| + const blink::WebCryptoAlgorithm wrapping_algorithm =
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
|
| +
|
| + // Import the wrapping key.
|
| + blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
|
| + test_kek,
|
| + wrapping_algorithm,
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
|
| +
|
| + // Import the key to be wrapped.
|
| + blink::WebCryptoKey key = ImportSecretKeyFromRaw(
|
| + test_key,
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + blink::WebCryptoKeyUsageEncrypt);
|
| +
|
| + // Wrap the key and verify the ciphertext result against the known answer.
|
| + blink::WebArrayBuffer wrapped_key;
|
| + ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw,
|
| + wrapping_key,
|
| + key,
|
| + wrapping_algorithm,
|
| + &wrapped_key));
|
| + ExpectArrayBufferMatches(test_ciphertext, wrapped_key);
|
| +
|
| + // Unwrap the known ciphertext to get a new test_key.
|
| + blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
|
| + ASSERT_STATUS_SUCCESS(
|
| + Unwrapkey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(test_ciphertext),
|
| + wrapping_key,
|
| + wrapping_algorithm,
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &unwrapped_key));
|
| + EXPECT_FALSE(key.isNull());
|
| + EXPECT_TRUE(key.handle());
|
| + EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| + EXPECT_EQ(
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
|
| + key.algorithm().id());
|
| + EXPECT_EQ(true, key.extractable());
|
| + EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
| +
|
| + // Export the new key and compare its raw bytes with the original known key.
|
| + blink::WebArrayBuffer raw_key;
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
|
| + ExpectArrayBufferMatches(test_key, raw_key);
|
| + }
|
| +}
|
| +
|
| +TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
|
| + scoped_ptr<base::ListValue> tests;
|
| + ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
|
| + base::DictionaryValue* test;
|
| + // Use 256 bits of data with a 256-bit KEK
|
| + ASSERT_TRUE(tests->GetDictionary(5, &test));
|
| + const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
|
| + const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
|
| + const std::vector<uint8> test_ciphertext =
|
| + GetBytesFromHexString(test, "ciphertext");
|
| + const blink::WebCryptoAlgorithm wrapping_algorithm =
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
|
| + const blink::WebCryptoAlgorithm key_algorithm =
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
|
| + // Import the wrapping key.
|
| + blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
|
| + test_kek,
|
| + wrapping_algorithm,
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
|
| + // Import the key to be wrapped.
|
| + blink::WebCryptoKey key = ImportSecretKeyFromRaw(
|
| + test_key,
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + blink::WebCryptoKeyUsageEncrypt);
|
| +
|
| + // Unwrap with null algorithm must fail.
|
| + blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
|
| + EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(),
|
| + Unwrapkey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(test_ciphertext),
|
| + wrapping_key,
|
| + wrapping_algorithm,
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &unwrapped_key));
|
| +
|
| + // Unwrap with wrapped data too small must fail.
|
| + const std::vector<uint8> small_data(test_ciphertext.begin(),
|
| + test_ciphertext.begin() + 23);
|
| + EXPECT_STATUS(Status::ErrorDataTooSmall(),
|
| + Unwrapkey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(small_data),
|
| + wrapping_key,
|
| + wrapping_algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &unwrapped_key));
|
| +
|
| + // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
|
| + const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
|
| + test_ciphertext.end() - 2);
|
| + EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(),
|
| + Unwrapkey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(unaligned_data),
|
| + wrapping_key,
|
| + wrapping_algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &unwrapped_key));
|
| +}
|
| +
|
| // TODO(eroman):
|
| // * Test decryption when the tag length exceeds input size
|
| // * Test decryption with empty input
|
|
|
Chromium Code Reviews
Issue 118623002:
[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master