| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "base/stl_util.h" | |
| 6 #include "components/webcrypto/algorithm_dispatch.h" | |
| 7 #include "components/webcrypto/crypto_data.h" | |
| 8 #include "components/webcrypto/status.h" | |
| 9 #include "components/webcrypto/test/test_helpers.h" | |
| 10 #include "components/webcrypto/webcrypto_util.h" | |
| 11 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 12 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
| 13 | |
| 14 namespace webcrypto { | |
| 15 | |
| 16 namespace { | |
| 17 | |
| 18 // Creates an AES-CBC algorithm. | |
| 19 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | |
| 20 const std::vector<uint8_t>& iv) { | |
| 21 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
| 22 blink::WebCryptoAlgorithmIdAesCbc, | |
| 23 new blink::WebCryptoAesCbcParams(vector_as_array(&iv), | |
| 24 static_cast<unsigned int>(iv.size()))); | |
| 25 } | |
| 26 | |
| 27 blink::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm( | |
| 28 unsigned short key_length_bits) { | |
| 29 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesCbc, | |
| 30 key_length_bits); | |
| 31 } | |
| 32 | |
| 33 blink::WebCryptoKey GetTestAesCbcKey() { | |
| 34 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; | |
| 35 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | |
| 36 HexStringToBytes(key_hex), | |
| 37 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
| 38 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | |
| 39 | |
| 40 // Verify exported raw key is identical to the imported data | |
| 41 std::vector<uint8_t> raw_key; | |
| 42 EXPECT_EQ(Status::Success(), | |
| 43 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | |
| 44 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); | |
| 45 return key; | |
| 46 } | |
| 47 | |
| 48 TEST(WebCryptoAesCbcTest, InputTooLarge) { | |
| 49 std::vector<uint8_t> output; | |
| 50 | |
| 51 std::vector<uint8_t> iv(16); | |
| 52 | |
| 53 // Give an input that is too large. It would cause integer overflow when | |
| 54 // narrowing the cicphertext size to an int, since OpenSSL operates on signed | |
| 55 // int lengths NOT unsigned. | |
| 56 // | |
| 57 // Pretend the input is large. Don't pass data pointer as NULL in case that | |
| 58 // is special cased; the implementation shouldn't actually dereference the | |
| 59 // data. | |
| 60 CryptoData input(&iv[0], INT_MAX - 3); | |
| 61 | |
| 62 EXPECT_EQ( | |
| 63 Status::ErrorDataTooLarge(), | |
| 64 Encrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output)); | |
| 65 EXPECT_EQ( | |
| 66 Status::ErrorDataTooLarge(), | |
| 67 Decrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output)); | |
| 68 } | |
| 69 | |
| 70 TEST(WebCryptoAesCbcTest, ExportKeyUnsupportedFormat) { | |
| 71 std::vector<uint8_t> output; | |
| 72 | |
| 73 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | |
| 74 // keys). | |
| 75 EXPECT_EQ( | |
| 76 Status::ErrorUnsupportedExportKeyFormat(), | |
| 77 ExportKey(blink::WebCryptoKeyFormatSpki, GetTestAesCbcKey(), &output)); | |
| 78 EXPECT_EQ( | |
| 79 Status::ErrorUnsupportedExportKeyFormat(), | |
| 80 ExportKey(blink::WebCryptoKeyFormatPkcs8, GetTestAesCbcKey(), &output)); | |
| 81 } | |
| 82 | |
| 83 // Tests importing of keys (in a variety of formats), errors during import, | |
| 84 // encryption, and decryption, using known answers. | |
| 85 TEST(WebCryptoAesCbcTest, KnownAnswerEncryptDecrypt) { | |
| 86 scoped_ptr<base::ListValue> tests; | |
| 87 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); | |
| 88 | |
| 89 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | |
| 90 SCOPED_TRACE(test_index); | |
| 91 base::DictionaryValue* test; | |
| 92 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | |
| 93 | |
| 94 blink::WebCryptoKeyFormat key_format = GetKeyFormatFromJsonTestCase(test); | |
| 95 std::vector<uint8_t> key_data = | |
| 96 GetKeyDataFromJsonTestCase(test, key_format); | |
| 97 std::string import_error = "Success"; | |
| 98 test->GetString("import_error", &import_error); | |
| 99 | |
| 100 // Import the key. | |
| 101 blink::WebCryptoKey key; | |
| 102 Status status = ImportKey( | |
| 103 key_format, CryptoData(key_data), | |
| 104 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true, | |
| 105 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
| 106 &key); | |
| 107 ASSERT_EQ(import_error, StatusToString(status)); | |
| 108 if (status.IsError()) | |
| 109 continue; | |
| 110 | |
| 111 // Test encryption. | |
| 112 if (test->HasKey("plain_text")) { | |
| 113 std::vector<uint8_t> test_plain_text = | |
| 114 GetBytesFromHexString(test, "plain_text"); | |
| 115 | |
| 116 std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv"); | |
| 117 | |
| 118 std::string encrypt_error = "Success"; | |
| 119 test->GetString("encrypt_error", &encrypt_error); | |
| 120 | |
| 121 std::vector<uint8_t> output; | |
| 122 status = Encrypt(CreateAesCbcAlgorithm(test_iv), key, | |
| 123 CryptoData(test_plain_text), &output); | |
| 124 ASSERT_EQ(encrypt_error, StatusToString(status)); | |
| 125 if (status.IsError()) | |
| 126 continue; | |
| 127 | |
| 128 std::vector<uint8_t> test_cipher_text = | |
| 129 GetBytesFromHexString(test, "cipher_text"); | |
| 130 | |
| 131 EXPECT_BYTES_EQ(test_cipher_text, output); | |
| 132 } | |
| 133 | |
| 134 // Test decryption. | |
| 135 if (test->HasKey("cipher_text")) { | |
| 136 std::vector<uint8_t> test_cipher_text = | |
| 137 GetBytesFromHexString(test, "cipher_text"); | |
| 138 | |
| 139 std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv"); | |
| 140 | |
| 141 std::string decrypt_error = "Success"; | |
| 142 test->GetString("decrypt_error", &decrypt_error); | |
| 143 | |
| 144 std::vector<uint8_t> output; | |
| 145 status = Decrypt(CreateAesCbcAlgorithm(test_iv), key, | |
| 146 CryptoData(test_cipher_text), &output); | |
| 147 ASSERT_EQ(decrypt_error, StatusToString(status)); | |
| 148 if (status.IsError()) | |
| 149 continue; | |
| 150 | |
| 151 std::vector<uint8_t> test_plain_text = | |
| 152 GetBytesFromHexString(test, "plain_text"); | |
| 153 | |
| 154 EXPECT_BYTES_EQ(test_plain_text, output); | |
| 155 } | |
| 156 } | |
| 157 } | |
| 158 | |
| 159 // TODO(eroman): Do this same test for AES-GCM, AES-KW, AES-CTR ? | |
| 160 TEST(WebCryptoAesCbcTest, GenerateKeyIsRandom) { | |
| 161 // Check key generation for each allowed key length. | |
| 162 std::vector<blink::WebCryptoAlgorithm> algorithm; | |
| 163 const unsigned short kKeyLength[] = {128, 256}; | |
| 164 for (size_t key_length_i = 0; key_length_i < arraysize(kKeyLength); | |
| 165 ++key_length_i) { | |
| 166 blink::WebCryptoKey key; | |
| 167 | |
| 168 std::vector<std::vector<uint8_t>> keys; | |
| 169 std::vector<uint8_t> key_bytes; | |
| 170 | |
| 171 // Generate a small sample of keys. | |
| 172 for (int j = 0; j < 16; ++j) { | |
| 173 ASSERT_EQ(Status::Success(), | |
| 174 GenerateSecretKey( | |
| 175 CreateAesCbcKeyGenAlgorithm(kKeyLength[key_length_i]), true, | |
| 176 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 177 EXPECT_TRUE(key.handle()); | |
| 178 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
| 179 ASSERT_EQ(Status::Success(), | |
| 180 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | |
| 181 EXPECT_EQ(key_bytes.size() * 8, | |
| 182 key.algorithm().aesParams()->lengthBits()); | |
| 183 keys.push_back(key_bytes); | |
| 184 } | |
| 185 // Ensure all entries in the key sample set are unique. This is a simplistic | |
| 186 // estimate of whether the generated keys appear random. | |
| 187 EXPECT_FALSE(CopiesExist(keys)); | |
| 188 } | |
| 189 } | |
| 190 | |
| 191 TEST(WebCryptoAesCbcTest, GenerateKeyBadLength) { | |
| 192 const unsigned short kKeyLen[] = {0, 127, 257}; | |
| 193 blink::WebCryptoKey key; | |
| 194 for (size_t i = 0; i < arraysize(kKeyLen); ++i) { | |
| 195 SCOPED_TRACE(i); | |
| 196 EXPECT_EQ(Status::ErrorGenerateAesKeyLength(), | |
| 197 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, | |
| 198 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 199 } | |
| 200 } | |
| 201 | |
| 202 TEST(WebCryptoAesCbcTest, ImportKeyEmptyUsage) { | |
| 203 blink::WebCryptoKey key; | |
| 204 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(), | |
| 205 ImportKey(blink::WebCryptoKeyFormatRaw, | |
| 206 CryptoData(std::vector<uint8_t>(16)), | |
| 207 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true, | |
| 208 0, &key)); | |
| 209 } | |
| 210 | |
| 211 // If key_ops is specified but empty, no key usages are allowed for the key. | |
| 212 TEST(WebCryptoAesCbcTest, ImportKeyJwkEmptyKeyOps) { | |
| 213 blink::WebCryptoKey key; | |
| 214 base::DictionaryValue dict; | |
| 215 dict.SetString("kty", "oct"); | |
| 216 dict.SetBoolean("ext", false); | |
| 217 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 218 dict.Set("key_ops", new base::ListValue); // Takes ownership. | |
| 219 | |
| 220 // The JWK does not contain encrypt usages. | |
| 221 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(), | |
| 222 ImportKeyJwkFromDict( | |
| 223 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 224 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 225 | |
| 226 // The JWK does not contain sign usage (nor is it applicable). | |
| 227 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(), | |
| 228 ImportKeyJwkFromDict( | |
| 229 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 230 blink::WebCryptoKeyUsageSign, &key)); | |
| 231 } | |
| 232 | |
| 233 // If key_ops is missing, then any key usages can be specified. | |
| 234 TEST(WebCryptoAesCbcTest, ImportKeyJwkNoKeyOps) { | |
| 235 blink::WebCryptoKey key; | |
| 236 base::DictionaryValue dict; | |
| 237 dict.SetString("kty", "oct"); | |
| 238 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 239 | |
| 240 EXPECT_EQ(Status::Success(), | |
| 241 ImportKeyJwkFromDict( | |
| 242 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 243 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 244 | |
| 245 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | |
| 246 | |
| 247 // The JWK does not contain sign usage (nor is it applicable). | |
| 248 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(), | |
| 249 ImportKeyJwkFromDict( | |
| 250 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 251 blink::WebCryptoKeyUsageVerify, &key)); | |
| 252 } | |
| 253 | |
| 254 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsEncryptDecrypt) { | |
| 255 blink::WebCryptoKey key; | |
| 256 base::DictionaryValue dict; | |
| 257 dict.SetString("kty", "oct"); | |
| 258 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 259 base::ListValue* key_ops = new base::ListValue; | |
| 260 dict.Set("key_ops", key_ops); // Takes ownership. | |
| 261 | |
| 262 key_ops->AppendString("encrypt"); | |
| 263 | |
| 264 EXPECT_EQ(Status::Success(), | |
| 265 ImportKeyJwkFromDict( | |
| 266 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 267 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 268 | |
| 269 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | |
| 270 | |
| 271 key_ops->AppendString("decrypt"); | |
| 272 | |
| 273 EXPECT_EQ(Status::Success(), | |
| 274 ImportKeyJwkFromDict( | |
| 275 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 276 blink::WebCryptoKeyUsageDecrypt, &key)); | |
| 277 | |
| 278 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages()); | |
| 279 | |
| 280 EXPECT_EQ( | |
| 281 Status::Success(), | |
| 282 ImportKeyJwkFromDict( | |
| 283 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 284 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, | |
| 285 &key)); | |
| 286 | |
| 287 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
| 288 key.usages()); | |
| 289 } | |
| 290 | |
| 291 // Test failure if input usage is NOT a strict subset of the JWK usage. | |
| 292 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsNotSuperset) { | |
| 293 blink::WebCryptoKey key; | |
| 294 base::DictionaryValue dict; | |
| 295 dict.SetString("kty", "oct"); | |
| 296 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 297 base::ListValue* key_ops = new base::ListValue; | |
| 298 dict.Set("key_ops", key_ops); // Takes ownership. | |
| 299 | |
| 300 key_ops->AppendString("encrypt"); | |
| 301 | |
| 302 EXPECT_EQ( | |
| 303 Status::ErrorJwkKeyopsInconsistent(), | |
| 304 ImportKeyJwkFromDict( | |
| 305 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 306 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
| 307 &key)); | |
| 308 } | |
| 309 | |
| 310 TEST(WebCryptoAesCbcTest, ImportKeyJwkUseEnc) { | |
| 311 blink::WebCryptoKey key; | |
| 312 base::DictionaryValue dict; | |
| 313 dict.SetString("kty", "oct"); | |
| 314 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 315 | |
| 316 // Test JWK composite use 'enc' usage | |
| 317 dict.SetString("alg", "A128CBC"); | |
| 318 dict.SetString("use", "enc"); | |
| 319 EXPECT_EQ( | |
| 320 Status::Success(), | |
| 321 ImportKeyJwkFromDict( | |
| 322 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 323 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | |
| 324 blink::WebCryptoKeyUsageWrapKey | | |
| 325 blink::WebCryptoKeyUsageUnwrapKey, | |
| 326 &key)); | |
| 327 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | |
| 328 blink::WebCryptoKeyUsageWrapKey | | |
| 329 blink::WebCryptoKeyUsageUnwrapKey, | |
| 330 key.usages()); | |
| 331 } | |
| 332 | |
| 333 TEST(WebCryptoAesCbcTest, ImportJwkInvalidJson) { | |
| 334 blink::WebCryptoKey key; | |
| 335 // Fail on empty JSON. | |
| 336 EXPECT_EQ( | |
| 337 Status::ErrorJwkNotDictionary(), | |
| 338 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(MakeJsonVector("")), | |
| 339 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 340 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 341 | |
| 342 // Fail on invalid JSON. | |
| 343 const std::vector<uint8_t> bad_json_vec = MakeJsonVector( | |
| 344 "{" | |
| 345 "\"kty\" : \"oct\"," | |
| 346 "\"alg\" : \"HS256\"," | |
| 347 "\"use\" : "); | |
| 348 EXPECT_EQ(Status::ErrorJwkNotDictionary(), | |
| 349 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(bad_json_vec), | |
| 350 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 351 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 352 } | |
| 353 | |
| 354 // Fail on inconsistent key_ops - asking for "encrypt" however JWK contains | |
| 355 // only "foo". | |
| 356 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsLacksUsages) { | |
| 357 blink::WebCryptoKey key; | |
| 358 | |
| 359 base::DictionaryValue dict; | |
| 360 dict.SetString("kty", "oct"); | |
| 361 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg"); | |
| 362 | |
| 363 base::ListValue* key_ops = new base::ListValue; | |
| 364 // Note: the following call makes dict assume ownership of key_ops. | |
| 365 dict.Set("key_ops", key_ops); | |
| 366 key_ops->AppendString("foo"); | |
| 367 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(), | |
| 368 ImportKeyJwkFromDict( | |
| 369 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false, | |
| 370 blink::WebCryptoKeyUsageEncrypt, &key)); | |
| 371 } | |
| 372 | |
| 373 TEST(WebCryptoAesCbcTest, ImportExportJwk) { | |
| 374 const blink::WebCryptoAlgorithm algorithm = | |
| 375 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | |
| 376 | |
| 377 // AES-CBC 128 | |
| 378 ImportExportJwkSymmetricKey( | |
| 379 128, algorithm, | |
| 380 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
| 381 "A128CBC"); | |
| 382 | |
| 383 // AES-CBC 256 | |
| 384 ImportExportJwkSymmetricKey(256, algorithm, blink::WebCryptoKeyUsageDecrypt, | |
| 385 "A256CBC"); | |
| 386 | |
| 387 // Large usage value | |
| 388 ImportExportJwkSymmetricKey( | |
| 389 256, algorithm, | |
| 390 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | |
| 391 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
| 392 "A256CBC"); | |
| 393 } | |
| 394 | |
| 395 // AES 192-bit is not allowed: http://crbug.com/381829 | |
| 396 TEST(WebCryptoAesCbcTest, GenerateAesCbc192) { | |
| 397 blink::WebCryptoKey key; | |
| 398 Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192), true, | |
| 399 blink::WebCryptoKeyUsageEncrypt, &key); | |
| 400 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status); | |
| 401 } | |
| 402 | |
| 403 // AES 192-bit is not allowed: http://crbug.com/381829 | |
| 404 TEST(WebCryptoAesCbcTest, UnwrapAesCbc192) { | |
| 405 std::vector<uint8_t> wrapping_key_data(16, 0); | |
| 406 std::vector<uint8_t> wrapped_key = HexStringToBytes( | |
| 407 "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F"); | |
| 408 | |
| 409 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | |
| 410 wrapping_key_data, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | |
| 411 blink::WebCryptoKeyUsageUnwrapKey); | |
| 412 | |
| 413 blink::WebCryptoKey unwrapped_key; | |
| 414 ASSERT_EQ( | |
| 415 Status::ErrorAes192BitUnsupported(), | |
| 416 UnwrapKey(blink::WebCryptoKeyFormatRaw, CryptoData(wrapped_key), | |
| 417 wrapping_key, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | |
| 418 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true, | |
| 419 blink::WebCryptoKeyUsageEncrypt, &unwrapped_key)); | |
| 420 } | |
| 421 | |
| 422 // Try importing an AES-CBC key with unsupported key usages using raw | |
| 423 // format. AES-CBC keys support the following usages: | |
| 424 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' | |
| 425 TEST(WebCryptoAesCbcTest, ImportKeyBadUsage_Raw) { | |
| 426 const blink::WebCryptoAlgorithm algorithm = | |
| 427 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | |
| 428 | |
| 429 blink::WebCryptoKeyUsageMask bad_usages[] = { | |
| 430 blink::WebCryptoKeyUsageSign, | |
| 431 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt, | |
| 432 blink::WebCryptoKeyUsageDeriveBits, | |
| 433 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify, | |
| 434 }; | |
| 435 | |
| 436 std::vector<uint8_t> key_bytes(16); | |
| 437 | |
| 438 for (size_t i = 0; i < arraysize(bad_usages); ++i) { | |
| 439 SCOPED_TRACE(i); | |
| 440 | |
| 441 blink::WebCryptoKey key; | |
| 442 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), | |
| 443 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_bytes), | |
| 444 algorithm, true, bad_usages[i], &key)); | |
| 445 } | |
| 446 } | |
| 447 | |
| 448 // Generate an AES-CBC key with invalid usages. AES-CBC supports: | |
| 449 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' | |
| 450 TEST(WebCryptoAesCbcTest, GenerateKeyBadUsages) { | |
| 451 blink::WebCryptoKeyUsageMask bad_usages[] = { | |
| 452 blink::WebCryptoKeyUsageSign, | |
| 453 blink::WebCryptoKeyUsageVerify, | |
| 454 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify, | |
| 455 }; | |
| 456 | |
| 457 for (size_t i = 0; i < arraysize(bad_usages); ++i) { | |
| 458 SCOPED_TRACE(i); | |
| 459 | |
| 460 blink::WebCryptoKey key; | |
| 461 | |
| 462 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), | |
| 463 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true, | |
| 464 bad_usages[i], &key)); | |
| 465 } | |
| 466 } | |
| 467 | |
| 468 // Generate an AES-CBC key with no usages. | |
| 469 TEST(WebCryptoAesCbcTest, GenerateKeyEmptyUsages) { | |
| 470 blink::WebCryptoKey key; | |
| 471 | |
| 472 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(), | |
| 473 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true, 0, &key)); | |
| 474 } | |
| 475 | |
| 476 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the | |
| 477 // key pair (using SPKI format for public key, PKCS8 format for private key). | |
| 478 // Then unwrap the wrapped key pair and verify that the key data is the same. | |
| 479 TEST(WebCryptoAesCbcTest, WrapUnwrapRoundtripSpkiPkcs8) { | |
| 480 // Generate the wrapping key. | |
| 481 blink::WebCryptoKey wrapping_key; | |
| 482 ASSERT_EQ(Status::Success(), | |
| 483 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true, | |
| 484 blink::WebCryptoKeyUsageWrapKey | | |
| 485 blink::WebCryptoKeyUsageUnwrapKey, | |
| 486 &wrapping_key)); | |
| 487 | |
| 488 // Generate an RSA key pair to be wrapped. | |
| 489 const unsigned int modulus_length = 256; | |
| 490 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | |
| 491 | |
| 492 blink::WebCryptoKey public_key; | |
| 493 blink::WebCryptoKey private_key; | |
| 494 ASSERT_EQ(Status::Success(), | |
| 495 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm( | |
| 496 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 497 blink::WebCryptoAlgorithmIdSha256, | |
| 498 modulus_length, public_exponent), | |
| 499 true, blink::WebCryptoKeyUsageSign, &public_key, | |
| 500 &private_key)); | |
| 501 | |
| 502 // Export key pair as SPKI + PKCS8 | |
| 503 std::vector<uint8_t> public_key_spki; | |
| 504 ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatSpki, | |
| 505 public_key, &public_key_spki)); | |
| 506 | |
| 507 std::vector<uint8_t> private_key_pkcs8; | |
| 508 ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatPkcs8, | |
| 509 private_key, &private_key_pkcs8)); | |
| 510 | |
| 511 // Wrap the key pair. | |
| 512 blink::WebCryptoAlgorithm wrap_algorithm = | |
| 513 CreateAesCbcAlgorithm(std::vector<uint8_t>(16, 0)); | |
| 514 | |
| 515 std::vector<uint8_t> wrapped_public_key; | |
| 516 ASSERT_EQ(Status::Success(), | |
| 517 WrapKey(blink::WebCryptoKeyFormatSpki, public_key, wrapping_key, | |
| 518 wrap_algorithm, &wrapped_public_key)); | |
| 519 | |
| 520 std::vector<uint8_t> wrapped_private_key; | |
| 521 ASSERT_EQ(Status::Success(), | |
| 522 WrapKey(blink::WebCryptoKeyFormatPkcs8, private_key, wrapping_key, | |
| 523 wrap_algorithm, &wrapped_private_key)); | |
| 524 | |
| 525 // Unwrap the key pair. | |
| 526 blink::WebCryptoAlgorithm rsa_import_algorithm = | |
| 527 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 528 blink::WebCryptoAlgorithmIdSha256); | |
| 529 | |
| 530 blink::WebCryptoKey unwrapped_public_key; | |
| 531 | |
| 532 ASSERT_EQ( | |
| 533 Status::Success(), | |
| 534 UnwrapKey(blink::WebCryptoKeyFormatSpki, CryptoData(wrapped_public_key), | |
| 535 wrapping_key, wrap_algorithm, rsa_import_algorithm, true, | |
| 536 blink::WebCryptoKeyUsageVerify, &unwrapped_public_key)); | |
| 537 | |
| 538 blink::WebCryptoKey unwrapped_private_key; | |
| 539 | |
| 540 ASSERT_EQ( | |
| 541 Status::Success(), | |
| 542 UnwrapKey(blink::WebCryptoKeyFormatPkcs8, CryptoData(wrapped_private_key), | |
| 543 wrapping_key, wrap_algorithm, rsa_import_algorithm, true, | |
| 544 blink::WebCryptoKeyUsageSign, &unwrapped_private_key)); | |
| 545 | |
| 546 // Export unwrapped key pair as SPKI + PKCS8 | |
| 547 std::vector<uint8_t> unwrapped_public_key_spki; | |
| 548 ASSERT_EQ(Status::Success(), | |
| 549 ExportKey(blink::WebCryptoKeyFormatSpki, unwrapped_public_key, | |
| 550 &unwrapped_public_key_spki)); | |
| 551 | |
| 552 std::vector<uint8_t> unwrapped_private_key_pkcs8; | |
| 553 ASSERT_EQ(Status::Success(), | |
| 554 ExportKey(blink::WebCryptoKeyFormatPkcs8, unwrapped_private_key, | |
| 555 &unwrapped_private_key_pkcs8)); | |
| 556 | |
| 557 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | |
| 558 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | |
| 559 | |
| 560 EXPECT_NE(public_key_spki, wrapped_public_key); | |
| 561 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | |
| 562 } | |
| 563 | |
| 564 } // namespace | |
| 565 | |
| 566 } // namespace webcrypto | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1304063015:
[refactor] Rename the webcrypto/openssl and webcrypto/test directories. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@jwk_refactor