[webcrypto] Validate JWK import of AES keys: key length must match algorithm.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 1068 matching lines @@
   RestoreJwkOctDictionary(&dict);
 
   // Fail on bad b64 encoding for k.
   dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI=");
   EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on empty k.
   dict.SetString("k", "");
-  EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 
   // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
   // value (128) for an AES key.
   dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
-  // TODO(eroman): This is failing for a different reason than the test
-  //               expects.
-  EXPECT_STATUS(Status::Error(), ImportKeyJwk(
+  EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+
+  // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
+  // value (128) for an AES key.
+  dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
+  EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
       MakeJsonVector(dict), algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) {
 
   base::DictionaryValue dict;
   RestoreJwkRsaDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
@@ skipping 349 matching lines @@
   bool extractable = false;
   const blink::WebCryptoKeyUsageMask usage_mask = 0;
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
-  EXPECT_EQ(true, public_key.extractable());
+  EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Fail with bad modulus.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
   EXPECT_STATUS(Status::ErrorGenerateRsaZeroModulus(), GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
 
@@ skipping 35 matching lines @@
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
       modulus_length,
       exponent_with_leading_zeros);
   EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
-  EXPECT_EQ(true, public_key.extractable());
+  EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaOaep key generation.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
   EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
       algorithm, extractable, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
-  EXPECT_EQ(true, public_key.extractable());
+  EXPECT_TRUE(public_key.extractable());
   EXPECT_EQ(extractable, private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
   // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
   algorithm = webcrypto::CreateRsaKeyGenAlgorithm(
       blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
       modulus_length,
       public_exponent);
   EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
-      algorithm, extractable, usage_mask, &public_key, &private_key));
+      algorithm, false, usage_mask, &public_key, &private_key));
   EXPECT_FALSE(public_key.isNull());
   EXPECT_FALSE(private_key.isNull());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
-  EXPECT_EQ(true, public_key.extractable());
-  EXPECT_EQ(extractable, private_key.extractable());
+  // Even though "extractable" was set to false, the public key remains
+  // extractable.
+  EXPECT_TRUE(public_key.extractable());
+  EXPECT_FALSE(private_key.extractable());
   EXPECT_EQ(usage_mask, public_key.usages());
   EXPECT_EQ(usage_mask, private_key.usages());
 
-  // Fail SPKI export of private key. This is an ExportKey test, but do it here
-  // since it is expensive to generate an RSA key pair and we already have a
-  // private key here.
+  // Exporting a private key as SPKI format doesn't make sense. However this
+  // will first fail because the key is not extractable.
   blink::WebArrayBuffer output;
-  // TODO(eroman): This test is failing for a different reason than expected by
-  //               the test.
   EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal(
       blink::WebCryptoKeyFormatSpki, private_key, &output));
+
+  // Re-generate an extractable private_key and try to export it as SPKI format.
+  // This should fail since spki is for public keys.
+  EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal(
+      algorithm, true, usage_mask, &public_key, &private_key));
+  EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKeyInternal(
+      blink::WebCryptoKeyFormatSpki, private_key, &output));
 }
 
 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) {
   // Import a key pair.
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
   blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
   ImportRsaKeyPair(
       HexStringToBytes(kPublicKeySpkiDerHex),
@@ skipping 535 matching lines @@
       if (test_tag_size_bits == wrong_tag_size_bits)
         continue;
       EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data,
                                         wrong_tag_size_bits, test_cipher_text,
                                         test_authentication_tag, &plain_text));
     }
   }
 }
 
 }  // namespace content