Index: content/renderer/webcrypto/shared_crypto_unittest.cc |
diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc |
index c02b8aa783158c7379972499a251f49444e24376..e9fdc9a9b12b65714087bacf158c0d65174ac70c 100644 |
--- a/content/renderer/webcrypto/shared_crypto_unittest.cc |
+++ b/content/renderer/webcrypto/shared_crypto_unittest.cc |
@@ -2020,6 +2020,134 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
&key)); |
} |
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) { |
+ scoped_ptr<base::ListValue> tests; |
+ ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); |
+ |
+ for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
+ SCOPED_TRACE(test_index); |
+ base::DictionaryValue* test; |
+ ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
+ const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); |
+ const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
+ const std::vector<uint8> test_ciphertext = |
+ GetBytesFromHexString(test, "ciphertext"); |
+ const blink::WebCryptoAlgorithm wrapping_algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ |
+ // Import the wrapping key. |
+ blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
+ test_kek, |
+ wrapping_algorithm, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
+ |
+ // Import the key to be wrapped. |
+ blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
+ test_key, |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ blink::WebCryptoKeyUsageEncrypt); |
+ |
+ // Wrap the key and verify the ciphertext result against the known answer. |
+ blink::WebArrayBuffer wrapped_key; |
+ ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw, |
+ wrapping_key, |
+ key, |
+ wrapping_algorithm, |
+ &wrapped_key)); |
+ ExpectArrayBufferMatches(test_ciphertext, wrapped_key); |
+ |
+ // Unwrap the known ciphertext to get a new test_key. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS( |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(test_ciphertext), |
+ wrapping_key, |
+ wrapping_algorithm, |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &unwrapped_key)); |
+ EXPECT_FALSE(key.isNull()); |
+ EXPECT_TRUE(key.handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
+ EXPECT_EQ( |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), |
+ key.algorithm().id()); |
+ EXPECT_EQ(true, key.extractable()); |
+ EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
+ |
+ // Export the new key and compare its raw bytes with the original known key. |
+ blink::WebArrayBuffer raw_key; |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
+ ExpectArrayBufferMatches(test_key, raw_key); |
+ } |
+} |
+ |
+TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { |
+ scoped_ptr<base::ListValue> tests; |
+ ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); |
+ base::DictionaryValue* test; |
+ // Use 256 bits of data with a 256-bit KEK |
+ ASSERT_TRUE(tests->GetDictionary(5, &test)); |
+ const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); |
+ const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
+ const std::vector<uint8> test_ciphertext = |
+ GetBytesFromHexString(test, "ciphertext"); |
+ const blink::WebCryptoAlgorithm wrapping_algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ const blink::WebCryptoAlgorithm key_algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
+ // Import the wrapping key. |
+ blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
+ test_kek, |
+ wrapping_algorithm, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
+ // Import the key to be wrapped. |
+ blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
+ test_key, |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ blink::WebCryptoKeyUsageEncrypt); |
+ |
+ // Unwrap with null algorithm must fail. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(), |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(test_ciphertext), |
+ wrapping_key, |
+ wrapping_algorithm, |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &unwrapped_key)); |
+ |
+ // Unwrap with wrapped data too small must fail. |
+ const std::vector<uint8> small_data(test_ciphertext.begin(), |
+ test_ciphertext.begin() + 23); |
+ EXPECT_STATUS(Status::ErrorDataTooSmall(), |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(small_data), |
+ wrapping_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &unwrapped_key)); |
+ |
+ // Unwrap with wrapped data size not a multiple of 8 bytes must fail. |
+ const std::vector<uint8> unaligned_data(test_ciphertext.begin(), |
+ test_ciphertext.end() - 2); |
+ EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(), |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(unaligned_data), |
+ wrapping_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &unwrapped_key)); |
+} |
Ryan Sleevi
2014/03/01 02:40:13
Add a test for mutating the data, and ensuring tha
padolph
2014/03/01 03:38:28
Done.
|
+ |
// TODO(eroman): |
// * Test decryption when the tag length exceeds input size |
// * Test decryption with empty input |