| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/stl_util.h" | 5 #include "base/stl_util.h" |
| 6 #include "components/webcrypto/algorithm_dispatch.h" | 6 #include "components/webcrypto/algorithm_dispatch.h" |
| 7 #include "components/webcrypto/algorithms/test_helpers.h" | 7 #include "components/webcrypto/algorithms/test_helpers.h" |
| 8 #include "components/webcrypto/crypto_data.h" | 8 #include "components/webcrypto/crypto_data.h" |
| 9 #include "components/webcrypto/jwk.h" | 9 #include "components/webcrypto/jwk.h" |
| 10 #include "components/webcrypto/status.h" | 10 #include "components/webcrypto/status.h" |
| 11 #include "components/webcrypto/webcrypto_util.h" | 11 #include "components/webcrypto/webcrypto_util.h" |
| 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 14 | 14 |
| 15 namespace webcrypto { | 15 namespace webcrypto { |
| 16 | 16 |
| 17 namespace { | 17 namespace { |
| 18 | 18 |
| 19 bool SupportsEcdh() { | |
| 20 #if defined(USE_OPENSSL) | |
| 21 return true; | |
| 22 #else | |
| 23 LOG(ERROR) << "Skipping ECDH test because unsupported"; | |
| 24 return false; | |
| 25 #endif | |
| 26 } | |
| 27 | |
| 28 // TODO(eroman): Test passing an RSA public key instead of ECDH key. | 19 // TODO(eroman): Test passing an RSA public key instead of ECDH key. |
| 29 // TODO(eroman): Test passing an ECDSA public key | 20 // TODO(eroman): Test passing an ECDSA public key |
| 30 | 21 |
| 31 blink::WebCryptoAlgorithm CreateEcdhImportAlgorithm( | 22 blink::WebCryptoAlgorithm CreateEcdhImportAlgorithm( |
| 32 blink::WebCryptoNamedCurve named_curve) { | 23 blink::WebCryptoNamedCurve named_curve) { |
| 33 return CreateEcImportAlgorithm(blink::WebCryptoAlgorithmIdEcdh, named_curve); | 24 return CreateEcImportAlgorithm(blink::WebCryptoAlgorithmIdEcdh, named_curve); |
| 34 } | 25 } |
| 35 | 26 |
| 36 blink::WebCryptoAlgorithm CreateEcdhDeriveParams( | 27 blink::WebCryptoAlgorithm CreateEcdhDeriveParams( |
| 37 const blink::WebCryptoKey& public_key) { | 28 const blink::WebCryptoKey& public_key) { |
| (...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 76 CreateEcdhImportAlgorithm(curve), true, | 67 CreateEcdhImportAlgorithm(curve), true, |
| 77 blink::WebCryptoKeyUsageDeriveBits | blink::WebCryptoKeyUsageDeriveKey, | 68 blink::WebCryptoKeyUsageDeriveBits | blink::WebCryptoKeyUsageDeriveKey, |
| 78 private_key); | 69 private_key); |
| 79 EXPECT_EQ(expected_private_key_error, StatusToString(status)); | 70 EXPECT_EQ(expected_private_key_error, StatusToString(status)); |
| 80 return status.IsSuccess(); | 71 return status.IsSuccess(); |
| 81 } | 72 } |
| 82 | 73 |
| 83 class WebCryptoEcdhTest : public WebCryptoTestBase {}; | 74 class WebCryptoEcdhTest : public WebCryptoTestBase {}; |
| 84 | 75 |
| 85 TEST_F(WebCryptoEcdhTest, DeriveBitsKnownAnswer) { | 76 TEST_F(WebCryptoEcdhTest, DeriveBitsKnownAnswer) { |
| 86 if (!SupportsEcdh()) | |
| 87 return; | |
| 88 | |
| 89 scoped_ptr<base::ListValue> tests; | 77 scoped_ptr<base::ListValue> tests; |
| 90 ASSERT_TRUE(ReadJsonTestFileToList("ecdh.json", &tests)); | 78 ASSERT_TRUE(ReadJsonTestFileToList("ecdh.json", &tests)); |
| 91 | 79 |
| 92 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 80 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
| 93 SCOPED_TRACE(test_index); | 81 SCOPED_TRACE(test_index); |
| 94 | 82 |
| 95 const base::DictionaryValue* test; | 83 const base::DictionaryValue* test; |
| 96 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 84 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
| 97 | 85 |
| 98 // Import the keys. | 86 // Import the keys. |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 ImportKeysFromTest(test, public_key, private_key); | 137 ImportKeysFromTest(test, public_key, private_key); |
| 150 | 138 |
| 151 EXPECT_EQ(blink::WebCryptoNamedCurveP521, | 139 EXPECT_EQ(blink::WebCryptoNamedCurveP521, |
| 152 public_key->algorithm().ecParams()->namedCurve()); | 140 public_key->algorithm().ecParams()->namedCurve()); |
| 153 | 141 |
| 154 return ::testing::AssertionSuccess(); | 142 return ::testing::AssertionSuccess(); |
| 155 } | 143 } |
| 156 | 144 |
| 157 // Try deriving an AES key of length 129 bits. | 145 // Try deriving an AES key of length 129 bits. |
| 158 TEST_F(WebCryptoEcdhTest, DeriveKeyBadAesLength) { | 146 TEST_F(WebCryptoEcdhTest, DeriveKeyBadAesLength) { |
| 159 if (!SupportsEcdh()) | |
| 160 return; | |
| 161 | |
| 162 blink::WebCryptoKey public_key; | 147 blink::WebCryptoKey public_key; |
| 163 blink::WebCryptoKey base_key; | 148 blink::WebCryptoKey base_key; |
| 164 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 149 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 165 | 150 |
| 166 blink::WebCryptoKey derived_key; | 151 blink::WebCryptoKey derived_key; |
| 167 | 152 |
| 168 ASSERT_EQ(Status::ErrorGetAesKeyLength(), | 153 ASSERT_EQ(Status::ErrorGetAesKeyLength(), |
| 169 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 154 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
| 170 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 155 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
| 171 CreateAesGcmDerivedKeyParams(129), true, | 156 CreateAesGcmDerivedKeyParams(129), true, |
| 172 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 157 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
| 173 } | 158 } |
| 174 | 159 |
| 175 // Try deriving an AES key of length 192 bits. | 160 // Try deriving an AES key of length 192 bits. |
| 176 TEST_F(WebCryptoEcdhTest, DeriveKeyUnsupportedAesLength) { | 161 TEST_F(WebCryptoEcdhTest, DeriveKeyUnsupportedAesLength) { |
| 177 if (!SupportsEcdh()) | |
| 178 return; | |
| 179 | |
| 180 blink::WebCryptoKey public_key; | 162 blink::WebCryptoKey public_key; |
| 181 blink::WebCryptoKey base_key; | 163 blink::WebCryptoKey base_key; |
| 182 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 164 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 183 | 165 |
| 184 blink::WebCryptoKey derived_key; | 166 blink::WebCryptoKey derived_key; |
| 185 | 167 |
| 186 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), | 168 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), |
| 187 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 169 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
| 188 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 170 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
| 189 CreateAesGcmDerivedKeyParams(192), true, | 171 CreateAesGcmDerivedKeyParams(192), true, |
| 190 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 172 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
| 191 } | 173 } |
| 192 | 174 |
| 193 // Try deriving an HMAC key of length 0 bits. | 175 // Try deriving an HMAC key of length 0 bits. |
| 194 TEST_F(WebCryptoEcdhTest, DeriveKeyZeroLengthHmac) { | 176 TEST_F(WebCryptoEcdhTest, DeriveKeyZeroLengthHmac) { |
| 195 if (!SupportsEcdh()) | |
| 196 return; | |
| 197 | |
| 198 blink::WebCryptoKey public_key; | 177 blink::WebCryptoKey public_key; |
| 199 blink::WebCryptoKey base_key; | 178 blink::WebCryptoKey base_key; |
| 200 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 179 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 201 | 180 |
| 202 blink::WebCryptoKey derived_key; | 181 blink::WebCryptoKey derived_key; |
| 203 | 182 |
| 204 const blink::WebCryptoAlgorithm import_algorithm = | 183 const blink::WebCryptoAlgorithm import_algorithm = |
| 205 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 184 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
| 206 | 185 |
| 207 ASSERT_EQ(Status::ErrorGetHmacKeyLengthZero(), | 186 ASSERT_EQ(Status::ErrorGetHmacKeyLengthZero(), |
| 208 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 187 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
| 209 import_algorithm, import_algorithm, true, | 188 import_algorithm, import_algorithm, true, |
| 210 blink::WebCryptoKeyUsageSign, &derived_key)); | 189 blink::WebCryptoKeyUsageSign, &derived_key)); |
| 211 } | 190 } |
| 212 | 191 |
| 213 // Derive an HMAC key of length 19 bits. | 192 // Derive an HMAC key of length 19 bits. |
| 214 TEST_F(WebCryptoEcdhTest, DeriveKeyHmac19Bits) { | 193 TEST_F(WebCryptoEcdhTest, DeriveKeyHmac19Bits) { |
| 215 if (!SupportsEcdh()) | |
| 216 return; | |
| 217 | |
| 218 blink::WebCryptoKey public_key; | 194 blink::WebCryptoKey public_key; |
| 219 blink::WebCryptoKey base_key; | 195 blink::WebCryptoKey base_key; |
| 220 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 196 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 221 | 197 |
| 222 blink::WebCryptoKey derived_key; | 198 blink::WebCryptoKey derived_key; |
| 223 | 199 |
| 224 const blink::WebCryptoAlgorithm import_algorithm = | 200 const blink::WebCryptoAlgorithm import_algorithm = |
| 225 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 19); | 201 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 19); |
| 226 | 202 |
| 227 ASSERT_EQ(Status::Success(), | 203 ASSERT_EQ(Status::Success(), |
| (...skipping 10 matching lines...) Expand all Loading... |
| 238 std::vector<uint8_t> raw_key; | 214 std::vector<uint8_t> raw_key; |
| 239 EXPECT_EQ(Status::Success(), | 215 EXPECT_EQ(Status::Success(), |
| 240 ExportKey(blink::WebCryptoKeyFormatRaw, derived_key, &raw_key)); | 216 ExportKey(blink::WebCryptoKeyFormatRaw, derived_key, &raw_key)); |
| 241 EXPECT_EQ(3u, raw_key.size()); | 217 EXPECT_EQ(3u, raw_key.size()); |
| 242 // The last 7 bits of the key should be zero. | 218 // The last 7 bits of the key should be zero. |
| 243 EXPECT_EQ(0, raw_key[raw_key.size() - 1] & 0x1f); | 219 EXPECT_EQ(0, raw_key[raw_key.size() - 1] & 0x1f); |
| 244 } | 220 } |
| 245 | 221 |
| 246 // Derive an HMAC key with no specified length (just the hash of SHA-256). | 222 // Derive an HMAC key with no specified length (just the hash of SHA-256). |
| 247 TEST_F(WebCryptoEcdhTest, DeriveKeyHmacSha256NoLength) { | 223 TEST_F(WebCryptoEcdhTest, DeriveKeyHmacSha256NoLength) { |
| 248 if (!SupportsEcdh()) | |
| 249 return; | |
| 250 | |
| 251 blink::WebCryptoKey public_key; | 224 blink::WebCryptoKey public_key; |
| 252 blink::WebCryptoKey base_key; | 225 blink::WebCryptoKey base_key; |
| 253 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 226 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 254 | 227 |
| 255 blink::WebCryptoKey derived_key; | 228 blink::WebCryptoKey derived_key; |
| 256 | 229 |
| 257 const blink::WebCryptoAlgorithm import_algorithm = | 230 const blink::WebCryptoAlgorithm import_algorithm = |
| 258 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256); | 231 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256); |
| 259 | 232 |
| 260 ASSERT_EQ(Status::Success(), | 233 ASSERT_EQ(Status::Success(), |
| (...skipping 16 matching lines...) Expand all Loading... |
| 277 // Derive an HMAC key with no specified length (just the hash of SHA-512). | 250 // Derive an HMAC key with no specified length (just the hash of SHA-512). |
| 278 // | 251 // |
| 279 // This fails, because ECDH using P-521 can only generate 528 bits, however HMAC | 252 // This fails, because ECDH using P-521 can only generate 528 bits, however HMAC |
| 280 // SHA-512 requires 1024 bits. | 253 // SHA-512 requires 1024 bits. |
| 281 // | 254 // |
| 282 // In practice, authors won't be directly generating keys from key agreement | 255 // In practice, authors won't be directly generating keys from key agreement |
| 283 // schemes, as that is frequently insecure, and instead be using KDFs to expand | 256 // schemes, as that is frequently insecure, and instead be using KDFs to expand |
| 284 // and generate keys. For simplicity of testing, however, test using an HMAC | 257 // and generate keys. For simplicity of testing, however, test using an HMAC |
| 285 // key. | 258 // key. |
| 286 TEST_F(WebCryptoEcdhTest, DeriveKeyHmacSha512NoLength) { | 259 TEST_F(WebCryptoEcdhTest, DeriveKeyHmacSha512NoLength) { |
| 287 if (!SupportsEcdh()) | |
| 288 return; | |
| 289 | |
| 290 blink::WebCryptoKey public_key; | 260 blink::WebCryptoKey public_key; |
| 291 blink::WebCryptoKey base_key; | 261 blink::WebCryptoKey base_key; |
| 292 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 262 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 293 | 263 |
| 294 blink::WebCryptoKey derived_key; | 264 blink::WebCryptoKey derived_key; |
| 295 | 265 |
| 296 const blink::WebCryptoAlgorithm import_algorithm = | 266 const blink::WebCryptoAlgorithm import_algorithm = |
| 297 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512); | 267 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512); |
| 298 | 268 |
| 299 ASSERT_EQ(Status::ErrorEcdhLengthTooBig(528), | 269 ASSERT_EQ(Status::ErrorEcdhLengthTooBig(528), |
| 300 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 270 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
| 301 import_algorithm, import_algorithm, true, | 271 import_algorithm, import_algorithm, true, |
| 302 blink::WebCryptoKeyUsageSign, &derived_key)); | 272 blink::WebCryptoKeyUsageSign, &derived_key)); |
| 303 } | 273 } |
| 304 | 274 |
| 305 // Try deriving an AES key of length 128 bits. | 275 // Try deriving an AES key of length 128 bits. |
| 306 TEST_F(WebCryptoEcdhTest, DeriveKeyAes128) { | 276 TEST_F(WebCryptoEcdhTest, DeriveKeyAes128) { |
| 307 if (!SupportsEcdh()) | |
| 308 return; | |
| 309 | |
| 310 blink::WebCryptoKey public_key; | 277 blink::WebCryptoKey public_key; |
| 311 blink::WebCryptoKey base_key; | 278 blink::WebCryptoKey base_key; |
| 312 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); | 279 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
| 313 | 280 |
| 314 blink::WebCryptoKey derived_key; | 281 blink::WebCryptoKey derived_key; |
| 315 | 282 |
| 316 ASSERT_EQ(Status::Success(), | 283 ASSERT_EQ(Status::Success(), |
| 317 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 284 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
| 318 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 285 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
| 319 CreateAesGcmDerivedKeyParams(128), true, | 286 CreateAesGcmDerivedKeyParams(128), true, |
| 320 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 287 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
| 321 | 288 |
| 322 ASSERT_EQ(blink::WebCryptoAlgorithmIdAesGcm, derived_key.algorithm().id()); | 289 ASSERT_EQ(blink::WebCryptoAlgorithmIdAesGcm, derived_key.algorithm().id()); |
| 323 ASSERT_EQ(128, derived_key.algorithm().aesParams()->lengthBits()); | 290 ASSERT_EQ(128, derived_key.algorithm().aesParams()->lengthBits()); |
| 324 | 291 |
| 325 // Export the key and verify its contents. | 292 // Export the key and verify its contents. |
| 326 std::vector<uint8_t> raw_key; | 293 std::vector<uint8_t> raw_key; |
| 327 EXPECT_EQ(Status::Success(), | 294 EXPECT_EQ(Status::Success(), |
| 328 ExportKey(blink::WebCryptoKeyFormatRaw, derived_key, &raw_key)); | 295 ExportKey(blink::WebCryptoKeyFormatRaw, derived_key, &raw_key)); |
| 329 EXPECT_EQ(16u, raw_key.size()); | 296 EXPECT_EQ(16u, raw_key.size()); |
| 330 } | 297 } |
| 331 | 298 |
| 332 TEST_F(WebCryptoEcdhTest, ImportKeyEmptyUsage) { | 299 TEST_F(WebCryptoEcdhTest, ImportKeyEmptyUsage) { |
| 333 if (!SupportsEcdh()) | |
| 334 return; | |
| 335 | |
| 336 blink::WebCryptoKey key; | 300 blink::WebCryptoKey key; |
| 337 | 301 |
| 338 scoped_ptr<base::ListValue> tests; | 302 scoped_ptr<base::ListValue> tests; |
| 339 ASSERT_TRUE(ReadJsonTestFileToList("ecdh.json", &tests)); | 303 ASSERT_TRUE(ReadJsonTestFileToList("ecdh.json", &tests)); |
| 340 | 304 |
| 341 const base::DictionaryValue* test; | 305 const base::DictionaryValue* test; |
| 342 ASSERT_TRUE(tests->GetDictionary(0, &test)); | 306 ASSERT_TRUE(tests->GetDictionary(0, &test)); |
| 343 | 307 |
| 344 // Import the public key. | 308 // Import the public key. |
| 345 const base::DictionaryValue* public_key_json = NULL; | 309 const base::DictionaryValue* public_key_json = NULL; |
| (...skipping 12 matching lines...) Expand all Loading... |
| 358 curve = GetCurveNameFromDictionary(private_key_json); | 322 curve = GetCurveNameFromDictionary(private_key_json); |
| 359 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(), | 323 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(), |
| 360 ImportKey(blink::WebCryptoKeyFormatJwk, | 324 ImportKey(blink::WebCryptoKeyFormatJwk, |
| 361 CryptoData(MakeJsonVector(*private_key_json)), | 325 CryptoData(MakeJsonVector(*private_key_json)), |
| 362 CreateEcdhImportAlgorithm(curve), true, 0, &key)); | 326 CreateEcdhImportAlgorithm(curve), true, 0, &key)); |
| 363 } | 327 } |
| 364 | 328 |
| 365 } // namespace | 329 } // namespace |
| 366 | 330 |
| 367 } // namespace webcrypto | 331 } // namespace webcrypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1355923002:
[refactor] Misc post-NSS WebCrypto cleanups. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@util_split