Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc |
diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
index cddcaa819cee3f084967056dcb060ad40253ab23..26d2d87b9efd021248100bdd5f5f9fbae6258142 100644 |
--- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
+++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
@@ -1807,4 +1807,122 @@ TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { |
&key)); |
} |
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptKnownAnswer)) { |
+ |
+ // The following tests use test vectors from |
+ // http://www.ietf.org/rfc/rfc3394.txt |
+ |
+ struct TestCase { |
+ const char* kek_hex; |
+ const char* data_hex; |
+ const char* ciphertext_hex; |
+ }; |
+ |
+ const TestCase kTests[] = { |
+ // 4.1 Wrap 128 bits of Key Data with a 128-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F", |
+ "00112233445566778899AABBCCDDEEFF", |
+ "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5" |
+ }, |
+ // 4.2 Wrap 128 bits of Key Data with a 192-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F1011121314151617", |
+ "00112233445566778899AABBCCDDEEFF", |
+ "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D" |
+ }, |
+ // 4.3 Wrap 128 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF", |
+ "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7" |
+ }, |
+ // 4.4 Wrap 192 bits of Key Data with a 192-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F1011121314151617", |
+ "00112233445566778899AABBCCDDEEFF0001020304050607", |
+ "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2" |
+ }, |
+ // 4.5 Wrap 192 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF0001020304050607", |
+ "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1" |
+ |
+ }, |
+ // 4.6 Wrap 256 bits of Key Data with a 256-bit KEK |
+ { |
+ "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F", |
+ "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F", |
+ "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B" |
+ "7A02DD21" |
+ }, |
+ }; |
+ |
+ for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) { |
+ |
+ SCOPED_TRACE(index); |
+ const TestCase& test = kTests[index]; |
+ const blink::WebCryptoAlgorithm algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ |
+ // Import the key. |
+ blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
+ test.kek_hex, |
+ algorithm, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
+ |
+ // Verify the exported raw key is identical to the imported data. |
+ blink::WebArrayBuffer raw_key; |
+ EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ ExpectArrayBufferMatchesHex(test.kek_hex, raw_key); |
+ |
+ // Encrypt the data and verify the result against the known answer. |
+ blink::WebArrayBuffer output; |
+ EXPECT_TRUE(EncryptInternal(algorithm, |
+ key, |
+ HexStringToBytes(test.data_hex), |
+ &output)); |
+ ExpectArrayBufferMatchesHex(test.ciphertext_hex, output); |
+ |
+ // Decrypt the ciphertext and verify the result against the known input. |
+ EXPECT_TRUE(DecryptInternal(algorithm, |
+ key, |
+ HexStringToBytes(test.ciphertext_hex), |
+ &output)); |
+ ExpectArrayBufferMatchesHex(test.data_hex, output); |
+ } |
+} |
+ |
+TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptFailures)) { |
+ const blink::WebCryptoAlgorithm algorithm = |
+ webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
+ blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
+ "000102030405060708090A0B0C0D0E0F", |
+ algorithm, |
+ blink::WebCryptoKeyUsageWrapKey); |
+ |
+ // For encrypt, the input data size must be at least 16 bytes. Expect failure |
+ // with a data size of 8 bytes, and success with 16. |
+ blink::WebArrayBuffer output; |
+ EXPECT_FALSE(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("11f9ec1b249b2629"), |
+ &output)); |
+ EXPECT_TRUE(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("2139128461ed6d341dff4db94f60094f"), |
+ &output)); |
+ |
+ // For encrypt, the input data size must be a multiple of 8 bytes. Expect |
+ // failure with a data size of 17 bytes. |
+ EXPECT_FALSE(EncryptInternal( |
+ algorithm, |
+ key, |
+ HexStringToBytes("0248cb45ca808c8aacfad2b2c092c15745"), |
+ &output)); |
+} |
+ |
} // namespace content |