| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 1213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1224 RestoreJwkOctDictionary(&dict); | 1224 RestoreJwkOctDictionary(&dict); |
| 1225 | 1225 |
| 1226 // Fail on bad b64 encoding for k. | 1226 // Fail on bad b64 encoding for k. |
| 1227 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); | 1227 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); |
| 1228 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( | 1228 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( |
| 1229 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1229 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
| 1230 RestoreJwkOctDictionary(&dict); | 1230 RestoreJwkOctDictionary(&dict); |
| 1231 | 1231 |
| 1232 // Fail on empty k. | 1232 // Fail on empty k. |
| 1233 dict.SetString("k", ""); | 1233 dict.SetString("k", ""); |
| 1234 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( | 1234 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
| 1235 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1235 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
| 1236 RestoreJwkOctDictionary(&dict); | 1236 RestoreJwkOctDictionary(&dict); |
| 1237 | 1237 |
| 1238 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg | 1238 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
| 1239 // value (128) for an AES key. | 1239 // value (128) for an AES key. |
| 1240 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); | 1240 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
| 1241 // TODO(eroman): This is failing for a different reason than the test | 1241 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
| 1242 // expects. | 1242 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
| 1243 EXPECT_STATUS(Status::Error(), ImportKeyJwk( | 1243 RestoreJwkOctDictionary(&dict); |
| 1244 |
| 1245 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
| 1246 // value (128) for an AES key. |
| 1247 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
| 1248 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
| 1244 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1249 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
| 1245 RestoreJwkOctDictionary(&dict); | 1250 RestoreJwkOctDictionary(&dict); |
| 1246 } | 1251 } |
| 1247 | 1252 |
| 1248 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) { | 1253 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) { |
| 1249 | 1254 |
| 1250 base::DictionaryValue dict; | 1255 base::DictionaryValue dict; |
| 1251 RestoreJwkRsaDictionary(&dict); | 1256 RestoreJwkRsaDictionary(&dict); |
| 1252 blink::WebCryptoAlgorithm algorithm = | 1257 blink::WebCryptoAlgorithm algorithm = |
| 1253 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1258 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| (...skipping 430 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1684 EXPECT_EQ(extractable, private_key.extractable()); | 1689 EXPECT_EQ(extractable, private_key.extractable()); |
| 1685 EXPECT_EQ(usage_mask, public_key.usages()); | 1690 EXPECT_EQ(usage_mask, public_key.usages()); |
| 1686 EXPECT_EQ(usage_mask, private_key.usages()); | 1691 EXPECT_EQ(usage_mask, private_key.usages()); |
| 1687 | 1692 |
| 1688 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 1693 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
| 1689 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1694 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
| 1690 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1695 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1691 modulus_length, | 1696 modulus_length, |
| 1692 public_exponent); | 1697 public_exponent); |
| 1693 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1698 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
| 1694 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1699 algorithm, false, usage_mask, &public_key, &private_key)); |
| 1695 EXPECT_FALSE(public_key.isNull()); | 1700 EXPECT_FALSE(public_key.isNull()); |
| 1696 EXPECT_FALSE(private_key.isNull()); | 1701 EXPECT_FALSE(private_key.isNull()); |
| 1697 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1702 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 1698 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1703 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 1704 // Even though "extractable" was set to false, the public key remains |
| 1705 // extractable. |
| 1699 EXPECT_EQ(true, public_key.extractable()); | 1706 EXPECT_EQ(true, public_key.extractable()); |
| 1700 EXPECT_EQ(extractable, private_key.extractable()); | 1707 EXPECT_EQ(false, private_key.extractable()); |
| 1701 EXPECT_EQ(usage_mask, public_key.usages()); | 1708 EXPECT_EQ(usage_mask, public_key.usages()); |
| 1702 EXPECT_EQ(usage_mask, private_key.usages()); | 1709 EXPECT_EQ(usage_mask, private_key.usages()); |
| 1703 | 1710 |
| 1704 // Fail SPKI export of private key. This is an ExportKey test, but do it here | 1711 // Exporting a private key as SPKI format doesn't make sense. However this |
| 1705 // since it is expensive to generate an RSA key pair and we already have a | 1712 // will first fail because the key is not extractable. |
| 1706 // private key here. | |
| 1707 blink::WebArrayBuffer output; | 1713 blink::WebArrayBuffer output; |
| 1708 // TODO(eroman): This test is failing for a different reason than expected by | |
| 1709 // the test. | |
| 1710 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal( | 1714 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal( |
| 1711 blink::WebCryptoKeyFormatSpki, private_key, &output)); | 1715 blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 1716 |
| 1717 // Re-generate an extractable private_key and try to export it as SPKI format. |
| 1718 // This should fail since spki is for public keys. |
| 1719 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
| 1720 algorithm, true, usage_mask, &public_key, &private_key)); |
| 1721 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKeyInternal( |
| 1722 blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 1712 } | 1723 } |
| 1713 | 1724 |
| 1714 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { | 1725 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { |
| 1715 // Import a key pair. | 1726 // Import a key pair. |
| 1716 blink::WebCryptoAlgorithm algorithm = | 1727 blink::WebCryptoAlgorithm algorithm = |
| 1717 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1728 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 1718 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1729 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 1719 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1730 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 1720 ImportRsaKeyPair( | 1731 ImportRsaKeyPair( |
| 1721 kPublicKeySpkiDerHex, | 1732 kPublicKeySpkiDerHex, |
| (...skipping 857 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2579 if (test_tag_size_bits == wrong_tag_size_bits) | 2590 if (test_tag_size_bits == wrong_tag_size_bits) |
| 2580 continue; | 2591 continue; |
| 2581 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, | 2592 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, |
| 2582 wrong_tag_size_bits, test_cipher_text, | 2593 wrong_tag_size_bits, test_cipher_text, |
| 2583 test_authentication_tag, &plain_text)); | 2594 test_authentication_tag, &plain_text)); |
| 2584 } | 2595 } |
| 2585 } | 2596 } |
| 2586 } | 2597 } |
| 2587 | 2598 |
| 2588 } // namespace content | 2599 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 141853006:
[webcrypto] Validate JWK import of AES keys: key length must match algorithm. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src