| Index: components/webcrypto/test/hmac_unittest.cc
|
| diff --git a/components/webcrypto/test/hmac_unittest.cc b/components/webcrypto/test/hmac_unittest.cc
|
| deleted file mode 100644
|
| index cb2a7c5b8da7046ac1efa3d6c6dbdcec90b2d6e4..0000000000000000000000000000000000000000
|
| --- a/components/webcrypto/test/hmac_unittest.cc
|
| +++ /dev/null
|
| @@ -1,602 +0,0 @@
|
| -// Copyright 2014 The Chromium Authors. All rights reserved.
|
| -// Use of this source code is governed by a BSD-style license that can be
|
| -// found in the LICENSE file.
|
| -
|
| -#include "base/logging.h"
|
| -#include "base/stl_util.h"
|
| -#include "components/webcrypto/algorithm_dispatch.h"
|
| -#include "components/webcrypto/crypto_data.h"
|
| -#include "components/webcrypto/status.h"
|
| -#include "components/webcrypto/test/test_helpers.h"
|
| -#include "components/webcrypto/webcrypto_util.h"
|
| -#include "testing/gtest/include/gtest/gtest.h"
|
| -#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
|
| -#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
|
| -
|
| -namespace webcrypto {
|
| -
|
| -namespace {
|
| -
|
| -// Creates an HMAC algorithm whose parameters struct is compatible with key
|
| -// generation. It is an error to call this with a hash_id that is not a SHA*.
|
| -// The key_length_bits parameter is optional, with zero meaning unspecified.
|
| -blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmId hash_id,
|
| - unsigned int key_length_bits) {
|
| - DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
|
| - // key_length_bytes == 0 means unspecified
|
| - return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| - blink::WebCryptoAlgorithmIdHmac,
|
| - new blink::WebCryptoHmacKeyGenParams(
|
| - CreateAlgorithm(hash_id), (key_length_bits != 0), key_length_bits));
|
| -}
|
| -
|
| -blink::WebCryptoAlgorithm CreateHmacImportAlgorithmWithLength(
|
| - blink::WebCryptoAlgorithmId hash_id,
|
| - unsigned int length_bits) {
|
| - DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
|
| - return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| - blink::WebCryptoAlgorithmIdHmac,
|
| - new blink::WebCryptoHmacImportParams(CreateAlgorithm(hash_id), true,
|
| - length_bits));
|
| -}
|
| -
|
| -class WebCryptoHmacTest : public WebCryptoTestBase {};
|
| -
|
| -TEST_F(WebCryptoHmacTest, HMACSampleSets) {
|
| - scoped_ptr<base::ListValue> tests;
|
| - ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
|
| - for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
|
| - SCOPED_TRACE(test_index);
|
| - base::DictionaryValue* test;
|
| - ASSERT_TRUE(tests->GetDictionary(test_index, &test));
|
| -
|
| - blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
|
| - const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
|
| - const std::vector<uint8_t> test_message =
|
| - GetBytesFromHexString(test, "message");
|
| - const std::vector<uint8_t> test_mac = GetBytesFromHexString(test, "mac");
|
| -
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
|
| -
|
| - blink::WebCryptoAlgorithm import_algorithm =
|
| - CreateHmacImportAlgorithmNoLength(test_hash.id());
|
| -
|
| - blink::WebCryptoKey key = ImportSecretKeyFromRaw(
|
| - test_key, import_algorithm,
|
| - blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
|
| -
|
| - EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
|
| - EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
|
| -
|
| - // Verify exported raw key is identical to the imported data
|
| - std::vector<uint8_t> raw_key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_BYTES_EQ(test_key, raw_key);
|
| -
|
| - std::vector<uint8_t> output;
|
| -
|
| - ASSERT_EQ(Status::Success(),
|
| - Sign(algorithm, key, CryptoData(test_message), &output));
|
| -
|
| - EXPECT_BYTES_EQ(test_mac, output);
|
| -
|
| - bool signature_match = false;
|
| - EXPECT_EQ(Status::Success(),
|
| - Verify(algorithm, key, CryptoData(output),
|
| - CryptoData(test_message), &signature_match));
|
| - EXPECT_TRUE(signature_match);
|
| -
|
| - // Ensure truncated signature does not verify by passing one less byte.
|
| - EXPECT_EQ(Status::Success(),
|
| - Verify(algorithm, key,
|
| - CryptoData(vector_as_array(&output),
|
| - static_cast<unsigned int>(output.size()) - 1),
|
| - CryptoData(test_message), &signature_match));
|
| - EXPECT_FALSE(signature_match);
|
| -
|
| - // Ensure truncated signature does not verify by passing no bytes.
|
| - EXPECT_EQ(Status::Success(),
|
| - Verify(algorithm, key, CryptoData(), CryptoData(test_message),
|
| - &signature_match));
|
| - EXPECT_FALSE(signature_match);
|
| -
|
| - // Ensure extra long signature does not cause issues and fails.
|
| - const unsigned char kLongSignature[1024] = {0};
|
| - EXPECT_EQ(Status::Success(),
|
| - Verify(algorithm, key,
|
| - CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| - CryptoData(test_message), &signature_match));
|
| - EXPECT_FALSE(signature_match);
|
| - }
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, GenerateKeyIsRandom) {
|
| - // Generate a small sample of HMAC keys.
|
| - std::vector<std::vector<uint8_t>> keys;
|
| - for (int i = 0; i < 16; ++i) {
|
| - std::vector<uint8_t> key_bytes;
|
| - blink::WebCryptoKey key;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
|
| - EXPECT_FALSE(key.isNull());
|
| - EXPECT_TRUE(key.handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
|
| - key.algorithm().hmacParams()->hash().id());
|
| - EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
|
| -
|
| - std::vector<uint8_t> raw_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_EQ(64U, raw_key.size());
|
| - keys.push_back(raw_key);
|
| - }
|
| - // Ensure all entries in the key sample set are unique. This is a simplistic
|
| - // estimate of whether the generated keys appear random.
|
| - EXPECT_FALSE(CopiesExist(keys));
|
| -}
|
| -
|
| -// If the key length is not provided, then the block size is used.
|
| -TEST_F(WebCryptoHmacTest, GenerateKeyNoLengthSha1) {
|
| - blink::WebCryptoKey key;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
|
| - EXPECT_TRUE(key.handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
|
| - key.algorithm().hmacParams()->hash().id());
|
| - EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
|
| - std::vector<uint8_t> raw_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_EQ(64U, raw_key.size());
|
| -}
|
| -
|
| -// If the key length is not provided, then the block size is used.
|
| -TEST_F(WebCryptoHmacTest, GenerateKeyNoLengthSha512) {
|
| - blink::WebCryptoKey key;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
|
| - key.algorithm().hmacParams()->hash().id());
|
| - EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
|
| - std::vector<uint8_t> raw_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_EQ(128U, raw_key.size());
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, GenerateKeyEmptyUsage) {
|
| - blink::WebCryptoKey key;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
|
| - ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
|
| - GenerateSecretKey(algorithm, true, 0, &key));
|
| -}
|
| -
|
| -// Generate a 1 bit key. The exported key is 1 byte long, and 7 of the bits are
|
| -// guaranteed to be zero.
|
| -TEST_F(WebCryptoHmacTest, Generate1BitKey) {
|
| - blink::WebCryptoKey key;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 1);
|
| -
|
| - ASSERT_EQ(
|
| - Status::Success(),
|
| - GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
|
| - EXPECT_EQ(1u, key.algorithm().hmacParams()->lengthBits());
|
| -
|
| - std::vector<uint8_t> raw_key;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - ASSERT_EQ(1U, raw_key.size());
|
| -
|
| - EXPECT_FALSE(raw_key[0] & 0x7F);
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ImportKeyEmptyUsage) {
|
| - blink::WebCryptoKey key;
|
| - std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
|
| - EXPECT_EQ(Status::ErrorCreateKeyEmptyUsages(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw,
|
| - CryptoData(HexStringToBytes(key_raw_hex_in)),
|
| - CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha1),
|
| - true, 0, &key));
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ImportKeyJwkKeyOpsSignVerify) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| - base::ListValue* key_ops = new base::ListValue;
|
| - dict.Set("key_ops", key_ops); // Takes ownership.
|
| -
|
| - key_ops->AppendString("sign");
|
| -
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha256),
|
| - false, blink::WebCryptoKeyUsageSign, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
|
| -
|
| - key_ops->AppendString("verify");
|
| -
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha256),
|
| - false, blink::WebCryptoKeyUsageVerify, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
|
| -}
|
| -
|
| -// Test 'use' inconsistent with 'key_ops'.
|
| -TEST_F(WebCryptoHmacTest, ImportKeyJwkUseInconsisteWithKeyOps) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| - base::ListValue* key_ops = new base::ListValue;
|
| - dict.Set("key_ops", key_ops); // Takes ownership.
|
| -
|
| - dict.SetString("alg", "HS256");
|
| - dict.SetString("use", "sig");
|
| - key_ops->AppendString("sign");
|
| - key_ops->AppendString("verify");
|
| - key_ops->AppendString("encrypt");
|
| - EXPECT_EQ(
|
| - Status::ErrorJwkUseAndKeyopsInconsistent(),
|
| - ImportKeyJwkFromDict(
|
| - dict,
|
| - CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
|
| - false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
|
| - &key));
|
| -}
|
| -
|
| -// Test JWK composite 'sig' use
|
| -TEST_F(WebCryptoHmacTest, ImportKeyJwkUseSig) {
|
| - blink::WebCryptoKey key;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
|
| -
|
| - dict.SetString("use", "sig");
|
| - EXPECT_EQ(
|
| - Status::Success(),
|
| - ImportKeyJwkFromDict(
|
| - dict,
|
| - CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
|
| - false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
|
| - &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
|
| - key.usages());
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ImportJwkInputConsistency) {
|
| - // The Web Crypto spec says that if a JWK value is present, but is
|
| - // inconsistent with the input value, the operation must fail.
|
| -
|
| - // Consistency rules when JWK value is not present: Inputs should be used.
|
| - blink::WebCryptoKey key;
|
| - bool extractable = false;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
|
| - blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageVerify;
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| - std::vector<uint8_t> json_vec = MakeJsonVector(dict);
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - algorithm, extractable, usages, &key));
|
| - EXPECT_TRUE(key.handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| - EXPECT_EQ(extractable, key.extractable());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
|
| - key.algorithm().hmacParams()->hash().id());
|
| - EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
|
| - EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
|
| - key = blink::WebCryptoKey::createNull();
|
| -
|
| - // Consistency rules when JWK value exists: Fail if inconsistency is found.
|
| -
|
| - // Pass: All input values are consistent with the JWK values.
|
| - dict.Clear();
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("alg", "HS256");
|
| - dict.SetString("use", "sig");
|
| - dict.SetBoolean("ext", false);
|
| - dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| - json_vec = MakeJsonVector(dict);
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - algorithm, extractable, usages, &key));
|
| -
|
| - // Extractable cases:
|
| - // 1. input=T, JWK=F ==> fail (inconsistent)
|
| - // 4. input=F, JWK=F ==> pass, result extractable is F
|
| - // 2. input=T, JWK=T ==> pass, result extractable is T
|
| - // 3. input=F, JWK=T ==> pass, result extractable is F
|
| - EXPECT_EQ(Status::ErrorJwkExtInconsistent(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - algorithm, true, usages, &key));
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - algorithm, false, usages, &key));
|
| - EXPECT_FALSE(key.extractable());
|
| - dict.SetBoolean("ext", true);
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, algorithm, true, usages, &key));
|
| - EXPECT_TRUE(key.extractable());
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, algorithm, false, usages, &key));
|
| - EXPECT_FALSE(key.extractable());
|
| - dict.SetBoolean("ext", true); // restore previous value
|
| -
|
| - // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
|
| - // (HMAC SHA256).
|
| - dict.Clear();
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("alg", "HS256");
|
| - dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| - EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
|
| - ImportKeyJwkFromDict(
|
| - dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - extractable, blink::WebCryptoKeyUsageEncrypt, &key));
|
| - // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
|
| - EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - extractable, blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
|
| - // (HMAC SHA256).
|
| - EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha1),
|
| - extractable, usages, &key));
|
| -
|
| - // Pass: JWK alg missing but input algorithm specified: use input value
|
| - dict.Remove("alg", NULL);
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha256),
|
| - extractable, usages, &key));
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
|
| - dict.SetString("alg", "HS256");
|
| -
|
| - // Fail: Input usages (encrypt) is not a subset of the JWK value
|
| - // (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
|
| - EXPECT_EQ(
|
| - Status::ErrorCreateKeyBadUsages(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec), algorithm,
|
| - extractable, blink::WebCryptoKeyUsageEncrypt, &key));
|
| -
|
| - // Fail: Input usages (encrypt|sign|verify) is not a subset of the JWK
|
| - // value (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
|
| - usages = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
|
| - blink::WebCryptoKeyUsageVerify;
|
| - EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
|
| - algorithm, extractable, usages, &key));
|
| -
|
| - // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
|
| - // only certain alg values are permitted. For example, when kty = "RSA" alg
|
| - // must be of the RSA family, or when kty = "oct" alg must be symmetric
|
| - // algorithm.
|
| -
|
| - // TODO(padolph): key_ops consistency tests
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ImportJwkHappy) {
|
| - // This test verifies the happy path of JWK import, including the application
|
| - // of the imported key material.
|
| -
|
| - blink::WebCryptoKey key;
|
| - bool extractable = false;
|
| - blink::WebCryptoAlgorithm algorithm =
|
| - CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
|
| - blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
|
| -
|
| - // Import a symmetric key JWK and HMAC-SHA256 sign()
|
| - // Uses the first SHA256 test vector from the HMAC sample set above.
|
| -
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("alg", "HS256");
|
| - dict.SetString("use", "sig");
|
| - dict.SetBoolean("ext", false);
|
| - dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| -
|
| - ASSERT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, algorithm, extractable, usages, &key));
|
| -
|
| - EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
|
| - key.algorithm().hmacParams()->hash().id());
|
| -
|
| - const std::vector<uint8_t> message_raw = HexStringToBytes(
|
| - "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
|
| - "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
|
| - "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
|
| - "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
|
| -
|
| - std::vector<uint8_t> output;
|
| -
|
| - ASSERT_EQ(Status::Success(),
|
| - Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), key,
|
| - CryptoData(message_raw), &output));
|
| -
|
| - const std::string mac_raw =
|
| - "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
|
| -
|
| - EXPECT_BYTES_EQ_HEX(mac_raw, output);
|
| -
|
| - // TODO(padolph): Import an RSA public key JWK and use it
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ImportExportJwk) {
|
| - // HMAC SHA-1
|
| - ImportExportJwkSymmetricKey(
|
| - 256, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1),
|
| - blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS1");
|
| -
|
| - // HMAC SHA-384
|
| - ImportExportJwkSymmetricKey(
|
| - 384, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha384),
|
| - blink::WebCryptoKeyUsageSign, "HS384");
|
| -
|
| - // HMAC SHA-512
|
| - ImportExportJwkSymmetricKey(
|
| - 512, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512),
|
| - blink::WebCryptoKeyUsageVerify, "HS512");
|
| -}
|
| -
|
| -TEST_F(WebCryptoHmacTest, ExportJwkEmptyKey) {
|
| - blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
|
| -
|
| - // Importing empty HMAC key is no longer allowed. However such a key can be
|
| - // created via de-serialization.
|
| - blink::WebCryptoKey key;
|
| - ASSERT_TRUE(DeserializeKeyForClone(blink::WebCryptoKeyAlgorithm::createHmac(
|
| - blink::WebCryptoAlgorithmIdSha1, 0),
|
| - blink::WebCryptoKeyTypeSecret, true,
|
| - usages, CryptoData(), &key));
|
| -
|
| - // Export the key in JWK format and validate.
|
| - std::vector<uint8_t> json;
|
| - ASSERT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
|
| - EXPECT_TRUE(VerifySecretJwk(json, "HS1", "", usages));
|
| -
|
| - // Now try re-importing the JWK key.
|
| - key = blink::WebCryptoKey::createNull();
|
| - EXPECT_EQ(Status::ErrorHmacImportEmptyKey(),
|
| - ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json),
|
| - CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha1),
|
| - true, usages, &key));
|
| -}
|
| -
|
| -// Imports an HMAC key contaning no byte data.
|
| -TEST_F(WebCryptoHmacTest, ImportRawEmptyKey) {
|
| - const blink::WebCryptoAlgorithm import_algorithm =
|
| - CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1);
|
| -
|
| - blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
|
| - blink::WebCryptoKey key;
|
| -
|
| - ASSERT_EQ(Status::ErrorHmacImportEmptyKey(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(),
|
| - import_algorithm, true, usages, &key));
|
| -}
|
| -
|
| -// Imports an HMAC key contaning 1 byte data, however the length was set to 0.
|
| -TEST_F(WebCryptoHmacTest, ImportRawKeyWithZeroLength) {
|
| - const blink::WebCryptoAlgorithm import_algorithm =
|
| - CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
|
| -
|
| - blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
|
| - blink::WebCryptoKey key;
|
| -
|
| - std::vector<uint8_t> key_data(1);
|
| - ASSERT_EQ(Status::ErrorHmacImportBadLength(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_data),
|
| - import_algorithm, true, usages, &key));
|
| -}
|
| -
|
| -// Import a huge hmac key (UINT_MAX bytes). This will fail before actually
|
| -// reading the bytes, as the key is too large.
|
| -TEST_F(WebCryptoHmacTest, ImportRawKeyTooLarge) {
|
| - CryptoData big_data(NULL, UINT_MAX); // Invalid data of big length.
|
| -
|
| - blink::WebCryptoKey key;
|
| - EXPECT_EQ(Status::ErrorDataTooLarge(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(big_data),
|
| - CreateHmacImportAlgorithmNoLength(
|
| - blink::WebCryptoAlgorithmIdSha1),
|
| - true, blink::WebCryptoKeyUsageSign, &key));
|
| -}
|
| -
|
| -// Import an HMAC key with 120 bits of data, however request 128 bits worth.
|
| -TEST_F(WebCryptoHmacTest, ImportRawKeyLengthTooLarge) {
|
| - blink::WebCryptoKey key;
|
| - EXPECT_EQ(Status::ErrorHmacImportBadLength(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw,
|
| - CryptoData(std::vector<uint8_t>(15)),
|
| - CreateHmacImportAlgorithmWithLength(
|
| - blink::WebCryptoAlgorithmIdSha1, 128),
|
| - true, blink::WebCryptoKeyUsageSign, &key));
|
| -}
|
| -
|
| -// Import an HMAC key with 128 bits of data, however request 120 bits worth.
|
| -TEST_F(WebCryptoHmacTest, ImportRawKeyLengthTooSmall) {
|
| - blink::WebCryptoKey key;
|
| - EXPECT_EQ(Status::ErrorHmacImportBadLength(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw,
|
| - CryptoData(std::vector<uint8_t>(16)),
|
| - CreateHmacImportAlgorithmWithLength(
|
| - blink::WebCryptoAlgorithmIdSha1, 120),
|
| - true, blink::WebCryptoKeyUsageSign, &key));
|
| -}
|
| -
|
| -// Import an HMAC key with 16 bits of data and request a 12 bit key, using the
|
| -// "raw" format.
|
| -TEST_F(WebCryptoHmacTest, ImportRawKeyTruncation) {
|
| - const std::vector<uint8_t> data = HexStringToBytes("b1ff");
|
| -
|
| - blink::WebCryptoKey key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(data),
|
| - CreateHmacImportAlgorithmWithLength(
|
| - blink::WebCryptoAlgorithmIdSha1, 12),
|
| - true, blink::WebCryptoKeyUsageSign, &key));
|
| -
|
| - // On export the last 4 bits has been set to zero.
|
| - std::vector<uint8_t> raw_key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
|
| -}
|
| -
|
| -// The same test as above, but using the JWK format.
|
| -TEST_F(WebCryptoHmacTest, ImportJwkKeyTruncation) {
|
| - base::DictionaryValue dict;
|
| - dict.SetString("kty", "oct");
|
| - dict.SetString("k", "sf8"); // 0xB1FF
|
| -
|
| - blink::WebCryptoKey key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmWithLength(
|
| - blink::WebCryptoAlgorithmIdSha1, 12),
|
| - true, blink::WebCryptoKeyUsageSign, &key));
|
| -
|
| - // On export the last 4 bits has been set to zero.
|
| - std::vector<uint8_t> raw_key;
|
| - EXPECT_EQ(Status::Success(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| - EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
|
| -}
|
| -
|
| -} // namespace
|
| -
|
| -} // namespace webcrypto
|
|
|
Chromium Code Reviews
Issue 1304063015:
[refactor] Rename the webcrypto/openssl and webcrypto/test directories. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@jwk_refactor