| Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| index cddcaa819cee3f084967056dcb060ad40253ab23..26d2d87b9efd021248100bdd5f5f9fbae6258142 100644
|
| --- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| +++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| @@ -1807,4 +1807,122 @@ TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) {
|
| &key));
|
| }
|
|
|
| +TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptKnownAnswer)) {
|
| +
|
| + // The following tests use test vectors from
|
| + // http://www.ietf.org/rfc/rfc3394.txt
|
| +
|
| + struct TestCase {
|
| + const char* kek_hex;
|
| + const char* data_hex;
|
| + const char* ciphertext_hex;
|
| + };
|
| +
|
| + const TestCase kTests[] = {
|
| + // 4.1 Wrap 128 bits of Key Data with a 128-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F",
|
| + "00112233445566778899AABBCCDDEEFF",
|
| + "1FA68B0A8112B447AEF34BD8FB5A7B829D3E862371D2CFE5"
|
| + },
|
| + // 4.2 Wrap 128 bits of Key Data with a 192-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F1011121314151617",
|
| + "00112233445566778899AABBCCDDEEFF",
|
| + "96778B25AE6CA435F92B5B97C050AED2468AB8A17AD84E5D"
|
| + },
|
| + // 4.3 Wrap 128 bits of Key Data with a 256-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
|
| + "00112233445566778899AABBCCDDEEFF",
|
| + "64E8C3F9CE0F5BA263E9777905818A2A93C8191E7D6E8AE7"
|
| + },
|
| + // 4.4 Wrap 192 bits of Key Data with a 192-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F1011121314151617",
|
| + "00112233445566778899AABBCCDDEEFF0001020304050607",
|
| + "031D33264E15D33268F24EC260743EDCE1C6C7DDEE725A936BA814915C6762D2"
|
| + },
|
| + // 4.5 Wrap 192 bits of Key Data with a 256-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
|
| + "00112233445566778899AABBCCDDEEFF0001020304050607",
|
| + "A8F9BC1612C68B3FF6E6F4FBE30E71E4769C8B80A32CB8958CD5D17D6B254DA1"
|
| +
|
| + },
|
| + // 4.6 Wrap 256 bits of Key Data with a 256-bit KEK
|
| + {
|
| + "000102030405060708090A0B0C0D0E0F101112131415161718191A1B1C1D1E1F",
|
| + "00112233445566778899AABBCCDDEEFF000102030405060708090A0B0C0D0E0F",
|
| + "28C9F404C4B810F4CBCCB35CFB87F8263F5786E2D80ED326CBC7F0E71A99F43BFB988B9B"
|
| + "7A02DD21"
|
| + },
|
| + };
|
| +
|
| + for (size_t index = 0; index < ARRAYSIZE_UNSAFE(kTests); index++) {
|
| +
|
| + SCOPED_TRACE(index);
|
| + const TestCase& test = kTests[index];
|
| + const blink::WebCryptoAlgorithm algorithm =
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
|
| +
|
| + // Import the key.
|
| + blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
|
| + test.kek_hex,
|
| + algorithm,
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
|
| +
|
| + // Verify the exported raw key is identical to the imported data.
|
| + blink::WebArrayBuffer raw_key;
|
| + EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + ExpectArrayBufferMatchesHex(test.kek_hex, raw_key);
|
| +
|
| + // Encrypt the data and verify the result against the known answer.
|
| + blink::WebArrayBuffer output;
|
| + EXPECT_TRUE(EncryptInternal(algorithm,
|
| + key,
|
| + HexStringToBytes(test.data_hex),
|
| + &output));
|
| + ExpectArrayBufferMatchesHex(test.ciphertext_hex, output);
|
| +
|
| + // Decrypt the ciphertext and verify the result against the known input.
|
| + EXPECT_TRUE(DecryptInternal(algorithm,
|
| + key,
|
| + HexStringToBytes(test.ciphertext_hex),
|
| + &output));
|
| + ExpectArrayBufferMatchesHex(test.data_hex, output);
|
| + }
|
| +}
|
| +
|
| +TEST_F(WebCryptoImplTest, MAYBE(AesKwEncryptDecryptFailures)) {
|
| + const blink::WebCryptoAlgorithm algorithm =
|
| + webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
|
| + blink::WebCryptoKey key = ImportSecretKeyFromRawHexString(
|
| + "000102030405060708090A0B0C0D0E0F",
|
| + algorithm,
|
| + blink::WebCryptoKeyUsageWrapKey);
|
| +
|
| + // For encrypt, the input data size must be at least 16 bytes. Expect failure
|
| + // with a data size of 8 bytes, and success with 16.
|
| + blink::WebArrayBuffer output;
|
| + EXPECT_FALSE(EncryptInternal(
|
| + algorithm,
|
| + key,
|
| + HexStringToBytes("11f9ec1b249b2629"),
|
| + &output));
|
| + EXPECT_TRUE(EncryptInternal(
|
| + algorithm,
|
| + key,
|
| + HexStringToBytes("2139128461ed6d341dff4db94f60094f"),
|
| + &output));
|
| +
|
| + // For encrypt, the input data size must be a multiple of 8 bytes. Expect
|
| + // failure with a data size of 17 bytes.
|
| + EXPECT_FALSE(EncryptInternal(
|
| + algorithm,
|
| + key,
|
| + HexStringToBytes("0248cb45ca808c8aacfad2b2c092c15745"),
|
| + &output));
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 118623002:
[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master