OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
(...skipping 11 matching lines...) Expand all Loading... |
23 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 23 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
24 | 24 |
25 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 25 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
26 // the tests: http://crbug.com/267888 | 26 // the tests: http://crbug.com/267888 |
27 #if defined(USE_OPENSSL) | 27 #if defined(USE_OPENSSL) |
28 #define MAYBE(test_name) DISABLED_##test_name | 28 #define MAYBE(test_name) DISABLED_##test_name |
29 #else | 29 #else |
30 #define MAYBE(test_name) test_name | 30 #define MAYBE(test_name) test_name |
31 #endif | 31 #endif |
32 | 32 |
| 33 // Helper macros to verify the value of a Status. |
| 34 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) |
| 35 #define EXPECT_STATUS(expected, code) \ |
| 36 EXPECT_EQ(expected.ToString(), (code).ToString()) |
| 37 #define ASSERT_STATUS(expected, code) \ |
| 38 ASSERT_EQ(expected.ToString(), (code).ToString()) |
| 39 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) |
| 40 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) |
| 41 |
33 namespace content { | 42 namespace content { |
34 | 43 |
| 44 using webcrypto::Status; |
| 45 |
35 namespace { | 46 namespace { |
36 | 47 |
37 // Returns a slightly modified version of the input vector. | 48 // Returns a slightly modified version of the input vector. |
38 // | 49 // |
39 // - For non-empty inputs a single bit is inverted. | 50 // - For non-empty inputs a single bit is inverted. |
40 // - For empty inputs, a byte is added. | 51 // - For empty inputs, a byte is added. |
41 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { | 52 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { |
42 std::vector<uint8> corrupted_data(input); | 53 std::vector<uint8> corrupted_data(input); |
43 if (corrupted_data.empty()) | 54 if (corrupted_data.empty()) |
44 corrupted_data.push_back(0); | 55 corrupted_data.push_back(0); |
(...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
213 class WebCryptoImplTest : public testing::Test { | 224 class WebCryptoImplTest : public testing::Test { |
214 protected: | 225 protected: |
215 blink::WebCryptoKey ImportSecretKeyFromRawHexString( | 226 blink::WebCryptoKey ImportSecretKeyFromRawHexString( |
216 const std::string& key_hex, | 227 const std::string& key_hex, |
217 const blink::WebCryptoAlgorithm& algorithm, | 228 const blink::WebCryptoAlgorithm& algorithm, |
218 blink::WebCryptoKeyUsageMask usage) { | 229 blink::WebCryptoKeyUsageMask usage) { |
219 std::vector<uint8> key_raw = HexStringToBytes(key_hex); | 230 std::vector<uint8> key_raw = HexStringToBytes(key_hex); |
220 | 231 |
221 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 232 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
222 bool extractable = true; | 233 bool extractable = true; |
223 EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 234 EXPECT_STATUS_SUCCESS( |
224 webcrypto::Uint8VectorStart(key_raw), | 235 crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
225 key_raw.size(), | 236 webcrypto::Uint8VectorStart(key_raw), |
226 algorithm, | 237 key_raw.size(), |
227 extractable, | 238 algorithm, |
228 usage, | 239 extractable, |
229 &key)); | 240 usage, |
| 241 &key)); |
230 | 242 |
231 EXPECT_FALSE(key.isNull()); | 243 EXPECT_FALSE(key.isNull()); |
232 EXPECT_TRUE(key.handle()); | 244 EXPECT_TRUE(key.handle()); |
233 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 245 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
234 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 246 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
235 EXPECT_EQ(extractable, key.extractable()); | 247 EXPECT_EQ(extractable, key.extractable()); |
236 EXPECT_EQ(usage, key.usages()); | 248 EXPECT_EQ(usage, key.usages()); |
237 return key; | 249 return key; |
238 } | 250 } |
239 | 251 |
240 void ImportRsaKeyPair( | 252 void ImportRsaKeyPair( |
241 const std::string& spki_der_hex, | 253 const std::string& spki_der_hex, |
242 const std::string& pkcs8_der_hex, | 254 const std::string& pkcs8_der_hex, |
243 const blink::WebCryptoAlgorithm& algorithm, | 255 const blink::WebCryptoAlgorithm& algorithm, |
244 bool extractable, | 256 bool extractable, |
245 blink::WebCryptoKeyUsageMask usage_mask, | 257 blink::WebCryptoKeyUsageMask usage_mask, |
246 blink::WebCryptoKey* public_key, | 258 blink::WebCryptoKey* public_key, |
247 blink::WebCryptoKey* private_key) { | 259 blink::WebCryptoKey* private_key) { |
248 EXPECT_TRUE(ImportKeyInternal( | 260 EXPECT_STATUS_SUCCESS(ImportKeyInternal( |
249 blink::WebCryptoKeyFormatSpki, | 261 blink::WebCryptoKeyFormatSpki, |
250 HexStringToBytes(spki_der_hex), | 262 HexStringToBytes(spki_der_hex), |
251 algorithm, | 263 algorithm, |
252 true, | 264 true, |
253 usage_mask, | 265 usage_mask, |
254 public_key)); | 266 public_key)); |
255 EXPECT_FALSE(public_key->isNull()); | 267 EXPECT_FALSE(public_key->isNull()); |
256 EXPECT_TRUE(public_key->handle()); | 268 EXPECT_TRUE(public_key->handle()); |
257 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); | 269 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); |
258 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); | 270 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); |
259 EXPECT_EQ(extractable, extractable); | 271 EXPECT_EQ(extractable, extractable); |
260 EXPECT_EQ(usage_mask, public_key->usages()); | 272 EXPECT_EQ(usage_mask, public_key->usages()); |
261 | 273 |
262 EXPECT_TRUE(ImportKeyInternal( | 274 EXPECT_STATUS_SUCCESS(ImportKeyInternal( |
263 blink::WebCryptoKeyFormatPkcs8, | 275 blink::WebCryptoKeyFormatPkcs8, |
264 HexStringToBytes(pkcs8_der_hex), | 276 HexStringToBytes(pkcs8_der_hex), |
265 algorithm, | 277 algorithm, |
266 extractable, | 278 extractable, |
267 usage_mask, | 279 usage_mask, |
268 private_key)); | 280 private_key)); |
269 EXPECT_FALSE(private_key->isNull()); | 281 EXPECT_FALSE(private_key->isNull()); |
270 EXPECT_TRUE(private_key->handle()); | 282 EXPECT_TRUE(private_key->handle()); |
271 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); | 283 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); |
272 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); | 284 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); |
273 EXPECT_EQ(extractable, extractable); | 285 EXPECT_EQ(extractable, extractable); |
274 EXPECT_EQ(usage_mask, private_key->usages()); | 286 EXPECT_EQ(usage_mask, private_key->usages()); |
275 } | 287 } |
276 | 288 |
277 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a | 289 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
278 // runtime dependency. Test it by trying to import a key. | 290 // runtime dependency. Test it by trying to import a key. |
279 bool SupportsAesGcm() { | 291 bool SupportsAesGcm() { |
280 std::vector<uint8> key_raw(16, 0); | 292 std::vector<uint8> key_raw(16, 0); |
281 | 293 |
282 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 294 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
283 return crypto_.ImportKeyInternal( | 295 Status status = crypto_.ImportKeyInternal( |
284 blink::WebCryptoKeyFormatRaw, | 296 blink::WebCryptoKeyFormatRaw, |
285 webcrypto::Uint8VectorStart(key_raw), | 297 webcrypto::Uint8VectorStart(key_raw), |
286 key_raw.size(), | 298 key_raw.size(), |
287 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 299 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
288 true, | 300 true, |
289 blink::WebCryptoKeyUsageEncrypt, | 301 blink::WebCryptoKeyUsageEncrypt, |
290 &key); | 302 &key); |
| 303 |
| 304 if (status.IsError()) { |
| 305 EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString()); |
| 306 } |
| 307 return status.IsSuccess(); |
| 308 |
291 } | 309 } |
292 | 310 |
293 bool AesGcmEncrypt(const blink::WebCryptoKey& key, | 311 Status AesGcmEncrypt(const blink::WebCryptoKey& key, |
294 const std::vector<uint8>& iv, | 312 const std::vector<uint8>& iv, |
295 const std::vector<uint8>& additional_data, | 313 const std::vector<uint8>& additional_data, |
296 unsigned tag_length_bits, | 314 unsigned tag_length_bits, |
297 const std::vector<uint8>& plain_text, | 315 const std::vector<uint8>& plain_text, |
298 std::vector<uint8>* cipher_text, | 316 std::vector<uint8>* cipher_text, |
299 std::vector<uint8>* authentication_tag) { | 317 std::vector<uint8>* authentication_tag) { |
300 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( | 318 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
301 iv, additional_data, tag_length_bits); | 319 iv, additional_data, tag_length_bits); |
302 | 320 |
303 blink::WebArrayBuffer output; | 321 blink::WebArrayBuffer output; |
304 if (!EncryptInternal(algorithm, key, plain_text, &output)) | 322 Status status = EncryptInternal(algorithm, key, plain_text, &output); |
305 return false; | 323 if (status.IsError()) { |
| 324 return status; |
| 325 } |
306 | 326 |
307 if (output.byteLength() * 8 < tag_length_bits) { | 327 if (output.byteLength() * 8 < tag_length_bits) { |
308 EXPECT_TRUE(false); | 328 EXPECT_TRUE(false); |
309 return false; | 329 return Status::Error(); |
310 } | 330 } |
311 | 331 |
312 // The encryption result is cipher text with authentication tag appended. | 332 // The encryption result is cipher text with authentication tag appended. |
313 cipher_text->assign( | 333 cipher_text->assign( |
314 static_cast<uint8*>(output.data()), | 334 static_cast<uint8*>(output.data()), |
315 static_cast<uint8*>(output.data()) + | 335 static_cast<uint8*>(output.data()) + |
316 (output.byteLength() - tag_length_bits / 8)); | 336 (output.byteLength() - tag_length_bits / 8)); |
317 authentication_tag->assign( | 337 authentication_tag->assign( |
318 static_cast<uint8*>(output.data()) + cipher_text->size(), | 338 static_cast<uint8*>(output.data()) + cipher_text->size(), |
319 static_cast<uint8*>(output.data()) + output.byteLength()); | 339 static_cast<uint8*>(output.data()) + output.byteLength()); |
320 | 340 |
321 return true; | 341 return Status::Success(); |
322 } | 342 } |
323 | 343 |
324 bool AesGcmDecrypt(const blink::WebCryptoKey& key, | 344 Status AesGcmDecrypt(const blink::WebCryptoKey& key, |
325 const std::vector<uint8>& iv, | 345 const std::vector<uint8>& iv, |
326 const std::vector<uint8>& additional_data, | 346 const std::vector<uint8>& additional_data, |
327 unsigned tag_length_bits, | 347 unsigned tag_length_bits, |
328 const std::vector<uint8>& cipher_text, | 348 const std::vector<uint8>& cipher_text, |
329 const std::vector<uint8>& authentication_tag, | 349 const std::vector<uint8>& authentication_tag, |
330 blink::WebArrayBuffer* plain_text) { | 350 blink::WebArrayBuffer* plain_text) { |
331 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( | 351 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
332 iv, additional_data, tag_length_bits); | 352 iv, additional_data, tag_length_bits); |
333 | 353 |
334 // Join cipher text and authentication tag. | 354 // Join cipher text and authentication tag. |
335 std::vector<uint8> cipher_text_with_tag; | 355 std::vector<uint8> cipher_text_with_tag; |
336 cipher_text_with_tag.reserve( | 356 cipher_text_with_tag.reserve( |
337 cipher_text.size() + authentication_tag.size()); | 357 cipher_text.size() + authentication_tag.size()); |
338 cipher_text_with_tag.insert( | 358 cipher_text_with_tag.insert( |
339 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); | 359 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); |
340 cipher_text_with_tag.insert( | 360 cipher_text_with_tag.insert( |
341 cipher_text_with_tag.end(), authentication_tag.begin(), | 361 cipher_text_with_tag.end(), authentication_tag.begin(), |
342 authentication_tag.end()); | 362 authentication_tag.end()); |
343 | 363 |
344 return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text); | 364 return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text); |
345 } | 365 } |
346 | 366 |
347 // Forwarding methods to gain access to protected methods of | 367 // Forwarding methods to gain access to protected methods of |
348 // WebCryptoImpl. | 368 // WebCryptoImpl. |
349 | 369 |
350 bool DigestInternal( | 370 Status DigestInternal( |
351 const blink::WebCryptoAlgorithm& algorithm, | 371 const blink::WebCryptoAlgorithm& algorithm, |
352 const std::vector<uint8>& data, | 372 const std::vector<uint8>& data, |
353 blink::WebArrayBuffer* buffer) { | 373 blink::WebArrayBuffer* buffer) { |
354 return crypto_.DigestInternal( | 374 return crypto_.DigestInternal( |
355 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); | 375 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
356 } | 376 } |
357 | 377 |
358 bool GenerateKeyInternal( | 378 Status GenerateKeyInternal( |
359 const blink::WebCryptoAlgorithm& algorithm, | 379 const blink::WebCryptoAlgorithm& algorithm, |
360 blink::WebCryptoKey* key) { | 380 blink::WebCryptoKey* key) { |
361 bool extractable = true; | 381 bool extractable = true; |
362 blink::WebCryptoKeyUsageMask usage_mask = 0; | 382 blink::WebCryptoKeyUsageMask usage_mask = 0; |
363 return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key); | 383 return crypto_.GenerateKeyInternal( |
| 384 algorithm, extractable, usage_mask, key); |
364 } | 385 } |
365 | 386 |
366 bool GenerateKeyPairInternal( | 387 Status GenerateKeyPairInternal( |
367 const blink::WebCryptoAlgorithm& algorithm, | 388 const blink::WebCryptoAlgorithm& algorithm, |
368 bool extractable, | 389 bool extractable, |
369 blink::WebCryptoKeyUsageMask usage_mask, | 390 blink::WebCryptoKeyUsageMask usage_mask, |
370 blink::WebCryptoKey* public_key, | 391 blink::WebCryptoKey* public_key, |
371 blink::WebCryptoKey* private_key) { | 392 blink::WebCryptoKey* private_key) { |
372 return crypto_.GenerateKeyPairInternal( | 393 return crypto_.GenerateKeyPairInternal( |
373 algorithm, extractable, usage_mask, public_key, private_key); | 394 algorithm, extractable, usage_mask, public_key, private_key); |
374 } | 395 } |
375 | 396 |
376 bool ImportKeyInternal( | 397 Status ImportKeyInternal( |
377 blink::WebCryptoKeyFormat format, | 398 blink::WebCryptoKeyFormat format, |
378 const std::vector<uint8>& key_data, | 399 const std::vector<uint8>& key_data, |
379 const blink::WebCryptoAlgorithm& algorithm, | 400 const blink::WebCryptoAlgorithm& algorithm, |
380 bool extractable, | 401 bool extractable, |
381 blink::WebCryptoKeyUsageMask usage_mask, | 402 blink::WebCryptoKeyUsageMask usage_mask, |
382 blink::WebCryptoKey* key) { | 403 blink::WebCryptoKey* key) { |
383 return crypto_.ImportKeyInternal(format, | 404 return crypto_.ImportKeyInternal(format, |
384 webcrypto::Uint8VectorStart(key_data), | 405 webcrypto::Uint8VectorStart(key_data), |
385 key_data.size(), | 406 key_data.size(), |
386 algorithm, | 407 algorithm, |
387 extractable, | 408 extractable, |
388 usage_mask, | 409 usage_mask, |
389 key); | 410 key); |
390 } | 411 } |
391 | 412 |
392 bool ExportKeyInternal( | 413 Status ExportKeyInternal( |
393 blink::WebCryptoKeyFormat format, | 414 blink::WebCryptoKeyFormat format, |
394 const blink::WebCryptoKey& key, | 415 const blink::WebCryptoKey& key, |
395 blink::WebArrayBuffer* buffer) { | 416 blink::WebArrayBuffer* buffer) { |
396 return crypto_.ExportKeyInternal(format, key, buffer); | 417 return crypto_.ExportKeyInternal(format, key, buffer); |
397 } | 418 } |
398 | 419 |
399 bool SignInternal( | 420 Status SignInternal( |
400 const blink::WebCryptoAlgorithm& algorithm, | 421 const blink::WebCryptoAlgorithm& algorithm, |
401 const blink::WebCryptoKey& key, | 422 const blink::WebCryptoKey& key, |
402 const std::vector<uint8>& data, | 423 const std::vector<uint8>& data, |
403 blink::WebArrayBuffer* buffer) { | 424 blink::WebArrayBuffer* buffer) { |
404 return crypto_.SignInternal( | 425 return crypto_.SignInternal( |
405 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | 426 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
406 } | 427 } |
407 | 428 |
408 bool VerifySignatureInternal( | 429 Status VerifySignatureInternal( |
409 const blink::WebCryptoAlgorithm& algorithm, | 430 const blink::WebCryptoAlgorithm& algorithm, |
410 const blink::WebCryptoKey& key, | 431 const blink::WebCryptoKey& key, |
411 const unsigned char* signature, | 432 const unsigned char* signature, |
412 unsigned signature_size, | 433 unsigned signature_size, |
413 const std::vector<uint8>& data, | 434 const std::vector<uint8>& data, |
414 bool* signature_match) { | 435 bool* signature_match) { |
415 return crypto_.VerifySignatureInternal(algorithm, | 436 return crypto_.VerifySignatureInternal(algorithm, |
416 key, | 437 key, |
417 signature, | 438 signature, |
418 signature_size, | 439 signature_size, |
419 webcrypto::Uint8VectorStart(data), | 440 webcrypto::Uint8VectorStart(data), |
420 data.size(), | 441 data.size(), |
421 signature_match); | 442 signature_match); |
422 } | 443 } |
423 | 444 |
424 bool VerifySignatureInternal( | 445 Status VerifySignatureInternal( |
425 const blink::WebCryptoAlgorithm& algorithm, | 446 const blink::WebCryptoAlgorithm& algorithm, |
426 const blink::WebCryptoKey& key, | 447 const blink::WebCryptoKey& key, |
427 const std::vector<uint8>& signature, | 448 const std::vector<uint8>& signature, |
428 const std::vector<uint8>& data, | 449 const std::vector<uint8>& data, |
429 bool* signature_match) { | 450 bool* signature_match) { |
430 return crypto_.VerifySignatureInternal( | 451 return crypto_.VerifySignatureInternal( |
431 algorithm, | 452 algorithm, |
432 key, | 453 key, |
433 webcrypto::Uint8VectorStart(signature), | 454 webcrypto::Uint8VectorStart(signature), |
434 signature.size(), | 455 signature.size(), |
435 webcrypto::Uint8VectorStart(data), | 456 webcrypto::Uint8VectorStart(data), |
436 data.size(), | 457 data.size(), |
437 signature_match); | 458 signature_match); |
438 } | 459 } |
439 | 460 |
440 bool EncryptInternal( | 461 Status EncryptInternal( |
441 const blink::WebCryptoAlgorithm& algorithm, | 462 const blink::WebCryptoAlgorithm& algorithm, |
442 const blink::WebCryptoKey& key, | 463 const blink::WebCryptoKey& key, |
443 const unsigned char* data, | 464 const unsigned char* data, |
444 unsigned data_size, | 465 unsigned data_size, |
445 blink::WebArrayBuffer* buffer) { | 466 blink::WebArrayBuffer* buffer) { |
446 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); | 467 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); |
447 } | 468 } |
448 | 469 |
449 bool EncryptInternal( | 470 Status EncryptInternal( |
450 const blink::WebCryptoAlgorithm& algorithm, | 471 const blink::WebCryptoAlgorithm& algorithm, |
451 const blink::WebCryptoKey& key, | 472 const blink::WebCryptoKey& key, |
452 const std::vector<uint8>& data, | 473 const std::vector<uint8>& data, |
453 blink::WebArrayBuffer* buffer) { | 474 blink::WebArrayBuffer* buffer) { |
454 return crypto_.EncryptInternal( | 475 return crypto_.EncryptInternal( |
455 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | 476 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
456 } | 477 } |
457 | 478 |
458 bool DecryptInternal( | 479 Status DecryptInternal( |
459 const blink::WebCryptoAlgorithm& algorithm, | 480 const blink::WebCryptoAlgorithm& algorithm, |
460 const blink::WebCryptoKey& key, | 481 const blink::WebCryptoKey& key, |
461 const unsigned char* data, | 482 const unsigned char* data, |
462 unsigned data_size, | 483 unsigned data_size, |
463 blink::WebArrayBuffer* buffer) { | 484 blink::WebArrayBuffer* buffer) { |
464 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); | 485 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); |
465 } | 486 } |
466 | 487 |
467 bool DecryptInternal( | 488 Status DecryptInternal( |
468 const blink::WebCryptoAlgorithm& algorithm, | 489 const blink::WebCryptoAlgorithm& algorithm, |
469 const blink::WebCryptoKey& key, | 490 const blink::WebCryptoKey& key, |
470 const std::vector<uint8>& data, | 491 const std::vector<uint8>& data, |
471 blink::WebArrayBuffer* buffer) { | 492 blink::WebArrayBuffer* buffer) { |
472 return crypto_.DecryptInternal( | 493 return crypto_.DecryptInternal( |
473 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | 494 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
474 } | 495 } |
475 | 496 |
476 bool ImportKeyJwk( | 497 Status ImportKeyJwk( |
477 const std::vector<uint8>& key_data, | 498 const std::vector<uint8>& key_data, |
478 const blink::WebCryptoAlgorithm& algorithm, | 499 const blink::WebCryptoAlgorithm& algorithm, |
479 bool extractable, | 500 bool extractable, |
480 blink::WebCryptoKeyUsageMask usage_mask, | 501 blink::WebCryptoKeyUsageMask usage_mask, |
481 blink::WebCryptoKey* key) { | 502 blink::WebCryptoKey* key) { |
482 return crypto_.ImportKeyJwk(webcrypto::Uint8VectorStart(key_data), | 503 return crypto_.ImportKeyJwk(webcrypto::Uint8VectorStart(key_data), |
483 key_data.size(), | 504 key_data.size(), |
484 algorithm, | 505 algorithm, |
485 extractable, | 506 extractable, |
486 usage_mask, | 507 usage_mask, |
487 key); | 508 key); |
488 } | 509 } |
489 | 510 |
490 private: | 511 private: |
491 WebCryptoImpl crypto_; | 512 WebCryptoImpl crypto_; |
492 }; | 513 }; |
493 | 514 |
| 515 TEST_F(WebCryptoImplTest, StatusToString) { |
| 516 EXPECT_EQ("Success", Status::Success().ToString()); |
| 517 EXPECT_EQ("", Status::Error().ToString()); |
| 518 EXPECT_EQ("The requested operation is unsupported", |
| 519 Status::ErrorUnsupported().ToString()); |
| 520 } |
| 521 |
494 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 522 TEST_F(WebCryptoImplTest, DigestSampleSets) { |
495 // The results are stored here in hex format for readability. | 523 // The results are stored here in hex format for readability. |
496 // | 524 // |
497 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced | 525 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced |
498 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 | 526 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 |
499 // | 527 // |
500 // Results were generated using the command sha{1,224,256,384,512}sum. | 528 // Results were generated using the command sha{1,224,256,384,512}sum. |
501 struct TestCase { | 529 struct TestCase { |
502 blink::WebCryptoAlgorithmId algorithm; | 530 blink::WebCryptoAlgorithmId algorithm; |
503 const std::string hex_input; | 531 const std::string hex_input; |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
561 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | 589 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); |
562 ++test_index) { | 590 ++test_index) { |
563 SCOPED_TRACE(test_index); | 591 SCOPED_TRACE(test_index); |
564 const TestCase& test = kTests[test_index]; | 592 const TestCase& test = kTests[test_index]; |
565 | 593 |
566 blink::WebCryptoAlgorithm algorithm = | 594 blink::WebCryptoAlgorithm algorithm = |
567 webcrypto::CreateAlgorithm(test.algorithm); | 595 webcrypto::CreateAlgorithm(test.algorithm); |
568 std::vector<uint8> input = HexStringToBytes(test.hex_input); | 596 std::vector<uint8> input = HexStringToBytes(test.hex_input); |
569 | 597 |
570 blink::WebArrayBuffer output; | 598 blink::WebArrayBuffer output; |
571 ASSERT_TRUE(DigestInternal(algorithm, input, &output)); | 599 ASSERT_STATUS_SUCCESS(DigestInternal(algorithm, input, &output)); |
572 ExpectArrayBufferMatchesHex(test.hex_result, output); | 600 ExpectArrayBufferMatchesHex(test.hex_result, output); |
573 } | 601 } |
574 } | 602 } |
575 | 603 |
576 TEST_F(WebCryptoImplTest, HMACSampleSets) { | 604 TEST_F(WebCryptoImplTest, HMACSampleSets) { |
577 struct TestCase { | 605 struct TestCase { |
578 blink::WebCryptoAlgorithmId algorithm; | 606 blink::WebCryptoAlgorithmId algorithm; |
579 const char* key; | 607 const char* key; |
580 const char* message; | 608 const char* message; |
581 const char* mac; | 609 const char* mac; |
(...skipping 130 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
712 const TestCase& test = kTests[test_index]; | 740 const TestCase& test = kTests[test_index]; |
713 | 741 |
714 blink::WebCryptoAlgorithm algorithm = | 742 blink::WebCryptoAlgorithm algorithm = |
715 webcrypto::CreateHmacAlgorithmByHashId(test.algorithm); | 743 webcrypto::CreateHmacAlgorithmByHashId(test.algorithm); |
716 | 744 |
717 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 745 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
718 test.key, algorithm, blink::WebCryptoKeyUsageSign); | 746 test.key, algorithm, blink::WebCryptoKeyUsageSign); |
719 | 747 |
720 // Verify exported raw key is identical to the imported data | 748 // Verify exported raw key is identical to the imported data |
721 blink::WebArrayBuffer raw_key; | 749 blink::WebArrayBuffer raw_key; |
722 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 750 EXPECT_STATUS_SUCCESS( |
| 751 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
723 ExpectArrayBufferMatchesHex(test.key, raw_key); | 752 ExpectArrayBufferMatchesHex(test.key, raw_key); |
724 | 753 |
725 std::vector<uint8> message_raw = HexStringToBytes(test.message); | 754 std::vector<uint8> message_raw = HexStringToBytes(test.message); |
726 | 755 |
727 blink::WebArrayBuffer output; | 756 blink::WebArrayBuffer output; |
728 | 757 |
729 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); | 758 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, message_raw, &output)); |
730 | 759 |
731 ExpectArrayBufferMatchesHex(test.mac, output); | 760 ExpectArrayBufferMatchesHex(test.mac, output); |
732 | 761 |
733 bool signature_match = false; | 762 bool signature_match = false; |
734 EXPECT_TRUE(VerifySignatureInternal( | 763 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
735 algorithm, | 764 algorithm, |
736 key, | 765 key, |
737 static_cast<const unsigned char*>(output.data()), | 766 static_cast<const unsigned char*>(output.data()), |
738 output.byteLength(), | 767 output.byteLength(), |
739 message_raw, | 768 message_raw, |
740 &signature_match)); | 769 &signature_match)); |
741 EXPECT_TRUE(signature_match); | 770 EXPECT_TRUE(signature_match); |
742 | 771 |
743 // Ensure truncated signature does not verify by passing one less byte. | 772 // Ensure truncated signature does not verify by passing one less byte. |
744 EXPECT_TRUE(VerifySignatureInternal( | 773 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
745 algorithm, | 774 algorithm, |
746 key, | 775 key, |
747 static_cast<const unsigned char*>(output.data()), | 776 static_cast<const unsigned char*>(output.data()), |
748 output.byteLength() - 1, | 777 output.byteLength() - 1, |
749 message_raw, | 778 message_raw, |
750 &signature_match)); | 779 &signature_match)); |
751 EXPECT_FALSE(signature_match); | 780 EXPECT_FALSE(signature_match); |
752 | 781 |
753 // Ensure extra long signature does not cause issues and fails. | 782 // Ensure extra long signature does not cause issues and fails. |
754 const unsigned char kLongSignature[1024] = { 0 }; | 783 const unsigned char kLongSignature[1024] = { 0 }; |
755 EXPECT_TRUE(VerifySignatureInternal( | 784 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
756 algorithm, | 785 algorithm, |
757 key, | 786 key, |
758 kLongSignature, | 787 kLongSignature, |
759 sizeof(kLongSignature), | 788 sizeof(kLongSignature), |
760 message_raw, | 789 message_raw, |
761 &signature_match)); | 790 &signature_match)); |
762 EXPECT_FALSE(signature_match); | 791 EXPECT_FALSE(signature_match); |
763 } | 792 } |
764 } | 793 } |
765 | 794 |
766 TEST_F(WebCryptoImplTest, AesCbcFailures) { | 795 TEST_F(WebCryptoImplTest, AesCbcFailures) { |
767 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; | 796 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; |
768 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 797 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
769 key_hex, | 798 key_hex, |
770 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 799 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
771 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 800 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
772 | 801 |
773 // Verify exported raw key is identical to the imported data | 802 // Verify exported raw key is identical to the imported data |
774 blink::WebArrayBuffer raw_key; | 803 blink::WebArrayBuffer raw_key; |
775 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 804 EXPECT_STATUS_SUCCESS( |
| 805 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
776 ExpectArrayBufferMatchesHex(key_hex, raw_key); | 806 ExpectArrayBufferMatchesHex(key_hex, raw_key); |
777 | 807 |
778 blink::WebArrayBuffer output; | 808 blink::WebArrayBuffer output; |
779 | 809 |
780 // Use an invalid |iv| (fewer than 16 bytes) | 810 // Use an invalid |iv| (fewer than 16 bytes) |
781 { | 811 { |
782 std::vector<uint8> input(32); | 812 std::vector<uint8> input(32); |
783 std::vector<uint8> iv; | 813 std::vector<uint8> iv; |
784 EXPECT_FALSE(EncryptInternal( | 814 EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), EncryptInternal( |
785 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 815 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
786 EXPECT_FALSE(DecryptInternal( | 816 EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), DecryptInternal( |
787 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 817 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
788 } | 818 } |
789 | 819 |
790 // Use an invalid |iv| (more than 16 bytes) | 820 // Use an invalid |iv| (more than 16 bytes) |
791 { | 821 { |
792 std::vector<uint8> input(32); | 822 std::vector<uint8> input(32); |
793 std::vector<uint8> iv(17); | 823 std::vector<uint8> iv(17); |
794 EXPECT_FALSE(EncryptInternal( | 824 EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), EncryptInternal( |
795 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 825 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
796 EXPECT_FALSE(DecryptInternal( | 826 EXPECT_STATUS(Status::ErrorIncorrectSizedIv(), DecryptInternal( |
797 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 827 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
798 } | 828 } |
799 | 829 |
800 // Give an input that is too large (would cause integer overflow when | 830 // Give an input that is too large (would cause integer overflow when |
801 // narrowing to an int). | 831 // narrowing to an int). |
802 { | 832 { |
803 std::vector<uint8> iv(16); | 833 std::vector<uint8> iv(16); |
804 | 834 |
805 // Pretend the input is large. Don't pass data pointer as NULL in case that | 835 // Pretend the input is large. Don't pass data pointer as NULL in case that |
806 // is special cased; the implementation shouldn't actually dereference the | 836 // is special cased; the implementation shouldn't actually dereference the |
807 // data. | 837 // data. |
808 const unsigned char* input = &iv[0]; | 838 const unsigned char* input = &iv[0]; |
809 unsigned input_len = INT_MAX - 3; | 839 unsigned input_len = INT_MAX - 3; |
810 | 840 |
811 EXPECT_FALSE(EncryptInternal( | 841 EXPECT_STATUS(Status::ErrorDataTooBig(), EncryptInternal( |
812 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 842 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); |
813 EXPECT_FALSE(DecryptInternal( | 843 EXPECT_STATUS(Status::ErrorDataTooBig(), DecryptInternal( |
814 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 844 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); |
815 } | 845 } |
816 | 846 |
817 // Fail importing the key (too few bytes specified) | 847 // Fail importing the key (too few bytes specified) |
818 { | 848 { |
819 std::vector<uint8> key_raw(1); | 849 std::vector<uint8> key_raw(1); |
820 std::vector<uint8> iv(16); | 850 std::vector<uint8> iv(16); |
821 | 851 |
822 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 852 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
823 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 853 EXPECT_STATUS( |
824 key_raw, | 854 Status::Error(), |
825 webcrypto::CreateAesCbcAlgorithm(iv), | 855 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
826 true, | 856 key_raw, |
827 blink::WebCryptoKeyUsageEncrypt, | 857 webcrypto::CreateAesCbcAlgorithm(iv), |
828 &key)); | 858 true, |
| 859 blink::WebCryptoKeyUsageEncrypt, |
| 860 &key)); |
829 } | 861 } |
830 | 862 |
831 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | 863 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
832 // keys). | 864 // keys). |
833 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 865 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
834 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatPkcs8, key, &output)); | 866 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
| 867 EXPECT_STATUS(Status::ErrorUnsupported(), |
| 868 ExportKeyInternal(blink::WebCryptoKeyFormatPkcs8, key, &output)); |
835 } | 869 } |
836 | 870 |
837 TEST_F(WebCryptoImplTest, MAYBE(AesCbcSampleSets)) { | 871 TEST_F(WebCryptoImplTest, MAYBE(AesCbcSampleSets)) { |
838 struct TestCase { | 872 struct TestCase { |
839 const char* key; | 873 const char* key; |
840 const char* iv; | 874 const char* iv; |
841 const char* plain_text; | 875 const char* plain_text; |
842 const char* cipher_text; | 876 const char* cipher_text; |
843 }; | 877 }; |
844 | 878 |
(...skipping 71 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
916 SCOPED_TRACE(index); | 950 SCOPED_TRACE(index); |
917 const TestCase& test = kTests[index]; | 951 const TestCase& test = kTests[index]; |
918 | 952 |
919 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 953 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
920 test.key, | 954 test.key, |
921 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 955 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
922 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 956 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
923 | 957 |
924 // Verify exported raw key is identical to the imported data | 958 // Verify exported raw key is identical to the imported data |
925 blink::WebArrayBuffer raw_key; | 959 blink::WebArrayBuffer raw_key; |
926 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 960 EXPECT_STATUS_SUCCESS(ExportKeyInternal( |
| 961 blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
927 ExpectArrayBufferMatchesHex(test.key, raw_key); | 962 ExpectArrayBufferMatchesHex(test.key, raw_key); |
928 | 963 |
929 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); | 964 std::vector<uint8> plain_text = HexStringToBytes(test.plain_text); |
930 std::vector<uint8> iv = HexStringToBytes(test.iv); | 965 std::vector<uint8> iv = HexStringToBytes(test.iv); |
931 | 966 |
932 blink::WebArrayBuffer output; | 967 blink::WebArrayBuffer output; |
933 | 968 |
934 // Test encryption. | 969 // Test encryption. |
935 EXPECT_TRUE(EncryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), | 970 EXPECT_STATUS( |
936 key, | 971 Status::Success(), |
937 plain_text, | 972 EncryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
938 &output)); | 973 key, |
| 974 plain_text, |
| 975 &output)); |
939 ExpectArrayBufferMatchesHex(test.cipher_text, output); | 976 ExpectArrayBufferMatchesHex(test.cipher_text, output); |
940 | 977 |
941 // Test decryption. | 978 // Test decryption. |
942 std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text); | 979 std::vector<uint8> cipher_text = HexStringToBytes(test.cipher_text); |
943 EXPECT_TRUE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), | 980 EXPECT_STATUS( |
944 key, | 981 Status::Success(), |
945 cipher_text, | 982 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
946 &output)); | 983 key, |
| 984 cipher_text, |
| 985 &output)); |
947 ExpectArrayBufferMatchesHex(test.plain_text, output); | 986 ExpectArrayBufferMatchesHex(test.plain_text, output); |
948 | 987 |
949 const unsigned kAesCbcBlockSize = 16; | 988 const unsigned kAesCbcBlockSize = 16; |
950 | 989 |
951 // Decrypt with a padding error by stripping the last block. This also ends | 990 // Decrypt with a padding error by stripping the last block. This also ends |
952 // up testing decryption over empty cipher text. | 991 // up testing decryption over empty cipher text. |
953 if (cipher_text.size() >= kAesCbcBlockSize) { | 992 if (cipher_text.size() >= kAesCbcBlockSize) { |
954 EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), | 993 EXPECT_STATUS( |
955 key, | 994 Status::Error(), |
956 &cipher_text[0], | 995 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
957 cipher_text.size() - kAesCbcBlockSize, | 996 key, |
958 &output)); | 997 &cipher_text[0], |
| 998 cipher_text.size() - kAesCbcBlockSize, |
| 999 &output)); |
959 } | 1000 } |
960 | 1001 |
961 // Decrypt cipher text which is not a multiple of block size by stripping | 1002 // Decrypt cipher text which is not a multiple of block size by stripping |
962 // a few bytes off the cipher text. | 1003 // a few bytes off the cipher text. |
963 if (cipher_text.size() > 3) { | 1004 if (cipher_text.size() > 3) { |
964 EXPECT_FALSE(DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), | 1005 EXPECT_STATUS( |
965 key, | 1006 Status::Error(), |
966 &cipher_text[0], | 1007 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(iv), |
967 cipher_text.size() - 3, | 1008 key, |
968 &output)); | 1009 &cipher_text[0], |
| 1010 cipher_text.size() - 3, |
| 1011 &output)); |
969 } | 1012 } |
970 } | 1013 } |
971 } | 1014 } |
972 | 1015 |
973 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAes)) { | 1016 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAes)) { |
974 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each | 1017 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each |
975 // allowed key length. | 1018 // allowed key length. |
976 std::vector<blink::WebCryptoAlgorithm> algorithm; | 1019 std::vector<blink::WebCryptoAlgorithm> algorithm; |
977 const unsigned short kKeyLength[] = {128, 192, 256}; | 1020 const unsigned short kKeyLength[] = {128, 192, 256}; |
978 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { | 1021 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { |
979 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); | 1022 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); |
980 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); | 1023 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); |
981 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); | 1024 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); |
982 } | 1025 } |
983 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1026 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
984 std::vector<blink::WebArrayBuffer> keys; | 1027 std::vector<blink::WebArrayBuffer> keys; |
985 blink::WebArrayBuffer key_bytes; | 1028 blink::WebArrayBuffer key_bytes; |
986 for (size_t i = 0; i < algorithm.size(); ++i) { | 1029 for (size_t i = 0; i < algorithm.size(); ++i) { |
987 SCOPED_TRACE(i); | 1030 SCOPED_TRACE(i); |
988 // Generate a small sample of keys. | 1031 // Generate a small sample of keys. |
989 keys.clear(); | 1032 keys.clear(); |
990 for (int j = 0; j < 16; ++j) { | 1033 for (int j = 0; j < 16; ++j) { |
991 ASSERT_TRUE(GenerateKeyInternal(algorithm[i], &key)); | 1034 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm[i], &key)); |
992 EXPECT_TRUE(key.handle()); | 1035 EXPECT_TRUE(key.handle()); |
993 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1036 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
994 ASSERT_TRUE( | 1037 ASSERT_STATUS_SUCCESS( |
995 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | 1038 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); |
996 keys.push_back(key_bytes); | 1039 keys.push_back(key_bytes); |
997 } | 1040 } |
998 // Ensure all entries in the key sample set are unique. This is a simplistic | 1041 // Ensure all entries in the key sample set are unique. This is a simplistic |
999 // estimate of whether the generated keys appear random. | 1042 // estimate of whether the generated keys appear random. |
1000 EXPECT_FALSE(CopiesExist(keys)); | 1043 EXPECT_FALSE(CopiesExist(keys)); |
1001 } | 1044 } |
1002 } | 1045 } |
1003 | 1046 |
1004 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAesBadLength)) { | 1047 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAesBadLength)) { |
1005 const unsigned short kKeyLen[] = {0, 127, 257}; | 1048 const unsigned short kKeyLen[] = {0, 127, 257}; |
1006 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1049 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1007 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { | 1050 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { |
1008 SCOPED_TRACE(i); | 1051 SCOPED_TRACE(i); |
1009 EXPECT_FALSE(GenerateKeyInternal( | 1052 EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal( |
1010 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), &key)); | 1053 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), &key)); |
1011 EXPECT_FALSE(GenerateKeyInternal( | 1054 EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal( |
1012 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), &key)); | 1055 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), &key)); |
1013 EXPECT_FALSE(GenerateKeyInternal( | 1056 EXPECT_STATUS(Status::ErrorKeyLength(), GenerateKeyInternal( |
1014 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), &key)); | 1057 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), &key)); |
1015 } | 1058 } |
1016 } | 1059 } |
1017 | 1060 |
1018 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmac)) { | 1061 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmac)) { |
1019 // Generate a small sample of HMAC keys. | 1062 // Generate a small sample of HMAC keys. |
1020 std::vector<blink::WebArrayBuffer> keys; | 1063 std::vector<blink::WebArrayBuffer> keys; |
1021 for (int i = 0; i < 16; ++i) { | 1064 for (int i = 0; i < 16; ++i) { |
1022 blink::WebArrayBuffer key_bytes; | 1065 blink::WebArrayBuffer key_bytes; |
1023 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1066 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1024 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateHmacKeyGenAlgorithm( | 1067 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateHmacKeyGenAlgorithm( |
1025 blink::WebCryptoAlgorithmIdSha1, 64); | 1068 blink::WebCryptoAlgorithmIdSha1, 64); |
1026 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 1069 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); |
1027 EXPECT_FALSE(key.isNull()); | 1070 EXPECT_FALSE(key.isNull()); |
1028 EXPECT_TRUE(key.handle()); | 1071 EXPECT_TRUE(key.handle()); |
1029 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1072 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1030 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 1073 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
1031 | 1074 |
1032 blink::WebArrayBuffer raw_key; | 1075 blink::WebArrayBuffer raw_key; |
1033 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1076 ASSERT_STATUS_SUCCESS( |
| 1077 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1034 EXPECT_EQ(64U, raw_key.byteLength()); | 1078 EXPECT_EQ(64U, raw_key.byteLength()); |
1035 keys.push_back(raw_key); | 1079 keys.push_back(raw_key); |
1036 } | 1080 } |
1037 // Ensure all entries in the key sample set are unique. This is a simplistic | 1081 // Ensure all entries in the key sample set are unique. This is a simplistic |
1038 // estimate of whether the generated keys appear random. | 1082 // estimate of whether the generated keys appear random. |
1039 EXPECT_FALSE(CopiesExist(keys)); | 1083 EXPECT_FALSE(CopiesExist(keys)); |
1040 } | 1084 } |
1041 | 1085 |
1042 // If the key length is not provided, then the block size is used. | 1086 // If the key length is not provided, then the block size is used. |
1043 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmacNoLength)) { | 1087 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmacNoLength)) { |
1044 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1088 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1045 blink::WebCryptoAlgorithm algorithm = | 1089 blink::WebCryptoAlgorithm algorithm = |
1046 webcrypto::CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 1090 webcrypto::CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
1047 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 1091 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); |
1048 EXPECT_TRUE(key.handle()); | 1092 EXPECT_TRUE(key.handle()); |
1049 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1093 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1050 blink::WebArrayBuffer raw_key; | 1094 blink::WebArrayBuffer raw_key; |
1051 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1095 ASSERT_STATUS_SUCCESS( |
| 1096 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1052 EXPECT_EQ(64U, raw_key.byteLength()); | 1097 EXPECT_EQ(64U, raw_key.byteLength()); |
1053 | 1098 |
1054 // The block size for HMAC SHA-512 is larger. | 1099 // The block size for HMAC SHA-512 is larger. |
1055 algorithm = webcrypto::CreateHmacKeyGenAlgorithm( | 1100 algorithm = webcrypto::CreateHmacKeyGenAlgorithm( |
1056 blink::WebCryptoAlgorithmIdSha512, 0); | 1101 blink::WebCryptoAlgorithmIdSha512, 0); |
1057 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 1102 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); |
1058 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1103 ASSERT_STATUS_SUCCESS( |
| 1104 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1059 EXPECT_EQ(128U, raw_key.byteLength()); | 1105 EXPECT_EQ(128U, raw_key.byteLength()); |
1060 } | 1106 } |
1061 | 1107 |
1062 TEST_F(WebCryptoImplTest, MAYBE(ImportSecretKeyNoAlgorithm)) { | 1108 TEST_F(WebCryptoImplTest, MAYBE(ImportSecretKeyNoAlgorithm)) { |
1063 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1109 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1064 | 1110 |
1065 // This fails because the algorithm is null. | 1111 // This fails because the algorithm is null. |
1066 EXPECT_FALSE(ImportKeyInternal( | 1112 EXPECT_STATUS(Status::ErrorMissingAlgorithmRawKey(), ImportKeyInternal( |
1067 blink::WebCryptoKeyFormatRaw, | 1113 blink::WebCryptoKeyFormatRaw, |
1068 HexStringToBytes("00000000000000000000"), | 1114 HexStringToBytes("00000000000000000000"), |
1069 blink::WebCryptoAlgorithm::createNull(), | 1115 blink::WebCryptoAlgorithm::createNull(), |
1070 true, | 1116 true, |
1071 blink::WebCryptoKeyUsageEncrypt, | 1117 blink::WebCryptoKeyUsageEncrypt, |
1072 &key)); | 1118 &key)); |
1073 } | 1119 } |
1074 | 1120 |
1075 | 1121 |
1076 TEST_F(WebCryptoImplTest, ImportJwkFailures) { | 1122 TEST_F(WebCryptoImplTest, ImportJwkFailures) { |
1077 | 1123 |
1078 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1124 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1079 blink::WebCryptoAlgorithm algorithm = | 1125 blink::WebCryptoAlgorithm algorithm = |
1080 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1126 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
1081 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1127 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1082 | 1128 |
1083 // Baseline pass: each test below breaks a single item, so we start with a | 1129 // Baseline pass: each test below breaks a single item, so we start with a |
1084 // passing case to make sure each failure is caused by the isolated break. | 1130 // passing case to make sure each failure is caused by the isolated break. |
1085 // Each breaking subtest below resets the dictionary to this passing case when | 1131 // Each breaking subtest below resets the dictionary to this passing case when |
1086 // complete. | 1132 // complete. |
1087 base::DictionaryValue dict; | 1133 base::DictionaryValue dict; |
1088 RestoreJwkOctDictionary(&dict); | 1134 RestoreJwkOctDictionary(&dict); |
1089 EXPECT_TRUE(ImportKeyJwk( | 1135 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1090 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1136 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1091 | 1137 |
1092 // Fail on empty JSON. | 1138 // Fail on empty JSON. |
1093 EXPECT_FALSE(ImportKeyJwk( | 1139 EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyJwk( |
1094 MakeJsonVector(""), algorithm, false, usage_mask, &key)); | 1140 MakeJsonVector(""), algorithm, false, usage_mask, &key)); |
1095 | 1141 |
1096 // Fail on invalid JSON. | 1142 // Fail on invalid JSON. |
1097 const std::vector<uint8> bad_json_vec = MakeJsonVector( | 1143 const std::vector<uint8> bad_json_vec = MakeJsonVector( |
1098 "{" | 1144 "{" |
1099 "\"kty\" : \"oct\"," | 1145 "\"kty\" : \"oct\"," |
1100 "\"alg\" : \"HS256\"," | 1146 "\"alg\" : \"HS256\"," |
1101 "\"use\" : " | 1147 "\"use\" : " |
1102 ); | 1148 ); |
1103 EXPECT_FALSE(ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); | 1149 EXPECT_STATUS(Status::ErrorJwkNotDictionary(), |
| 1150 ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); |
1104 | 1151 |
1105 // Fail on JWK alg present but unrecognized. | 1152 // Fail on JWK alg present but unrecognized. |
1106 dict.SetString("alg", "A127CBC"); | 1153 dict.SetString("alg", "A127CBC"); |
1107 EXPECT_FALSE(ImportKeyJwk( | 1154 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk( |
1108 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1155 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1109 RestoreJwkOctDictionary(&dict); | 1156 RestoreJwkOctDictionary(&dict); |
1110 | 1157 |
1111 // Fail on both JWK and input algorithm missing. | 1158 // Fail on both JWK and input algorithm missing. |
1112 dict.Remove("alg", NULL); | 1159 dict.Remove("alg", NULL); |
1113 EXPECT_FALSE(ImportKeyJwk(MakeJsonVector(dict), | 1160 EXPECT_STATUS( |
1114 blink::WebCryptoAlgorithm::createNull(), | 1161 Status::ErrorJwkAlgorithmMissing(), |
1115 false, | 1162 ImportKeyJwk(MakeJsonVector(dict), |
1116 usage_mask, | 1163 blink::WebCryptoAlgorithm::createNull(), |
1117 &key)); | 1164 false, |
| 1165 usage_mask, |
| 1166 &key)); |
1118 RestoreJwkOctDictionary(&dict); | 1167 RestoreJwkOctDictionary(&dict); |
1119 | 1168 |
1120 // Fail on invalid kty. | 1169 // Fail on invalid kty. |
1121 dict.SetString("kty", "foo"); | 1170 dict.SetString("kty", "foo"); |
1122 EXPECT_FALSE(ImportKeyJwk( | 1171 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk( |
1123 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1172 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1124 RestoreJwkOctDictionary(&dict); | 1173 RestoreJwkOctDictionary(&dict); |
1125 | 1174 |
1126 // Fail on missing kty. | 1175 // Fail on missing kty. |
1127 dict.Remove("kty", NULL); | 1176 dict.Remove("kty", NULL); |
1128 EXPECT_FALSE(ImportKeyJwk( | 1177 EXPECT_STATUS(Status::ErrorJwkMissingKty(), ImportKeyJwk( |
1129 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1178 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1130 RestoreJwkOctDictionary(&dict); | 1179 RestoreJwkOctDictionary(&dict); |
1131 | 1180 |
1132 // Fail on invalid use. | 1181 // Fail on invalid use. |
1133 dict.SetString("use", "foo"); | 1182 dict.SetString("use", "foo"); |
1134 EXPECT_FALSE(ImportKeyJwk( | 1183 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk( |
1135 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1184 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1136 RestoreJwkOctDictionary(&dict); | 1185 RestoreJwkOctDictionary(&dict); |
1137 } | 1186 } |
1138 | 1187 |
1139 TEST_F(WebCryptoImplTest, ImportJwkOctFailures) { | 1188 TEST_F(WebCryptoImplTest, ImportJwkOctFailures) { |
1140 | 1189 |
1141 base::DictionaryValue dict; | 1190 base::DictionaryValue dict; |
1142 RestoreJwkOctDictionary(&dict); | 1191 RestoreJwkOctDictionary(&dict); |
1143 blink::WebCryptoAlgorithm algorithm = | 1192 blink::WebCryptoAlgorithm algorithm = |
1144 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1193 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
1145 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1194 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1146 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1195 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1147 | 1196 |
1148 // Baseline pass. | 1197 // Baseline pass. |
1149 EXPECT_TRUE(ImportKeyJwk( | 1198 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1150 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1199 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1151 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 1200 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
1152 EXPECT_FALSE(key.extractable()); | 1201 EXPECT_FALSE(key.extractable()); |
1153 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1202 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1154 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1203 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1155 | 1204 |
1156 // The following are specific failure cases for when kty = "oct". | 1205 // The following are specific failure cases for when kty = "oct". |
1157 | 1206 |
1158 // Fail on missing k. | 1207 // Fail on missing k. |
1159 dict.Remove("k", NULL); | 1208 dict.Remove("k", NULL); |
1160 EXPECT_FALSE(ImportKeyJwk( | 1209 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( |
1161 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1210 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1162 RestoreJwkOctDictionary(&dict); | 1211 RestoreJwkOctDictionary(&dict); |
1163 | 1212 |
1164 // Fail on bad b64 encoding for k. | 1213 // Fail on bad b64 encoding for k. |
1165 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); | 1214 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); |
1166 EXPECT_FALSE(ImportKeyJwk( | 1215 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( |
1167 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1216 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1168 RestoreJwkOctDictionary(&dict); | 1217 RestoreJwkOctDictionary(&dict); |
1169 | 1218 |
1170 // Fail on empty k. | 1219 // Fail on empty k. |
1171 dict.SetString("k", ""); | 1220 dict.SetString("k", ""); |
1172 EXPECT_FALSE(ImportKeyJwk( | 1221 EXPECT_STATUS(Status::ErrorJwkDecodeK(), ImportKeyJwk( |
1173 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1222 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1174 RestoreJwkOctDictionary(&dict); | 1223 RestoreJwkOctDictionary(&dict); |
1175 | 1224 |
1176 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg | 1225 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
1177 // value (128) for an AES key. | 1226 // value (128) for an AES key. |
1178 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); | 1227 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
1179 EXPECT_FALSE(ImportKeyJwk( | 1228 // TODO(eroman): This is failing for a different reason than the test |
| 1229 // expects. |
| 1230 EXPECT_STATUS(Status::Error(), ImportKeyJwk( |
1180 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1231 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1181 RestoreJwkOctDictionary(&dict); | 1232 RestoreJwkOctDictionary(&dict); |
1182 } | 1233 } |
1183 | 1234 |
1184 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) { | 1235 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) { |
1185 | 1236 |
1186 base::DictionaryValue dict; | 1237 base::DictionaryValue dict; |
1187 RestoreJwkRsaDictionary(&dict); | 1238 RestoreJwkRsaDictionary(&dict); |
1188 blink::WebCryptoAlgorithm algorithm = | 1239 blink::WebCryptoAlgorithm algorithm = |
1189 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1240 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1190 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1241 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1191 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1242 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1192 | 1243 |
1193 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) | 1244 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) |
1194 // entry, while an RSA private key must have those plus at least a "d" | 1245 // entry, while an RSA private key must have those plus at least a "d" |
1195 // (private exponent) entry. | 1246 // (private exponent) entry. |
1196 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, | 1247 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, |
1197 // section 6.3. | 1248 // section 6.3. |
1198 | 1249 |
1199 // Baseline pass. | 1250 // Baseline pass. |
1200 EXPECT_TRUE(ImportKeyJwk( | 1251 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1201 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1252 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1202 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 1253 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
1203 EXPECT_FALSE(key.extractable()); | 1254 EXPECT_FALSE(key.extractable()); |
1204 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1255 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1205 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1256 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1206 | 1257 |
1207 // The following are specific failure cases for when kty = "RSA". | 1258 // The following are specific failure cases for when kty = "RSA". |
1208 | 1259 |
1209 // Fail if either "n" or "e" is not present or malformed. | 1260 // Fail if either "n" or "e" is not present or malformed. |
1210 const std::string kKtyParmName[] = {"n", "e"}; | 1261 const std::string kKtyParmName[] = {"n", "e"}; |
1211 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { | 1262 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { |
1212 | 1263 |
1213 // Fail on missing parameter. | 1264 // Fail on missing parameter. |
1214 dict.Remove(kKtyParmName[idx], NULL); | 1265 dict.Remove(kKtyParmName[idx], NULL); |
1215 EXPECT_FALSE(ImportKeyJwk( | 1266 EXPECT_STATUS_ERROR(ImportKeyJwk( |
1216 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1267 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1217 RestoreJwkRsaDictionary(&dict); | 1268 RestoreJwkRsaDictionary(&dict); |
1218 | 1269 |
1219 // Fail on bad b64 parameter encoding. | 1270 // Fail on bad b64 parameter encoding. |
1220 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); | 1271 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); |
1221 EXPECT_FALSE(ImportKeyJwk( | 1272 EXPECT_STATUS_ERROR(ImportKeyJwk( |
1222 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1273 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1223 RestoreJwkRsaDictionary(&dict); | 1274 RestoreJwkRsaDictionary(&dict); |
1224 | 1275 |
1225 // Fail on empty parameter. | 1276 // Fail on empty parameter. |
1226 dict.SetString(kKtyParmName[idx], ""); | 1277 dict.SetString(kKtyParmName[idx], ""); |
1227 EXPECT_FALSE(ImportKeyJwk( | 1278 EXPECT_STATUS_ERROR(ImportKeyJwk( |
1228 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1279 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1229 RestoreJwkRsaDictionary(&dict); | 1280 RestoreJwkRsaDictionary(&dict); |
1230 } | 1281 } |
1231 | 1282 |
1232 // Fail if "d" parameter is present, implying the JWK is a private key, which | 1283 // Fail if "d" parameter is present, implying the JWK is a private key, which |
1233 // is not supported. | 1284 // is not supported. |
1234 dict.SetString("d", "Qk3f0Dsyt"); | 1285 dict.SetString("d", "Qk3f0Dsyt"); |
1235 EXPECT_FALSE(ImportKeyJwk( | 1286 EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), ImportKeyJwk( |
1236 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1287 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1237 RestoreJwkRsaDictionary(&dict); | 1288 RestoreJwkRsaDictionary(&dict); |
1238 } | 1289 } |
1239 | 1290 |
1240 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkInputConsistency)) { | 1291 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkInputConsistency)) { |
1241 // The Web Crypto spec says that if a JWK value is present, but is | 1292 // The Web Crypto spec says that if a JWK value is present, but is |
1242 // inconsistent with the input value, the operation must fail. | 1293 // inconsistent with the input value, the operation must fail. |
1243 | 1294 |
1244 // Consistency rules when JWK value is not present: Inputs should be used. | 1295 // Consistency rules when JWK value is not present: Inputs should be used. |
1245 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1296 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1246 bool extractable = false; | 1297 bool extractable = false; |
1247 blink::WebCryptoAlgorithm algorithm = | 1298 blink::WebCryptoAlgorithm algorithm = |
1248 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1299 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
1249 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; | 1300 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; |
1250 base::DictionaryValue dict; | 1301 base::DictionaryValue dict; |
1251 dict.SetString("kty", "oct"); | 1302 dict.SetString("kty", "oct"); |
1252 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1303 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1253 std::vector<uint8> json_vec = MakeJsonVector(dict); | 1304 std::vector<uint8> json_vec = MakeJsonVector(dict); |
1254 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | 1305 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
| 1306 json_vec, algorithm, extractable, usage_mask, &key)); |
1255 EXPECT_TRUE(key.handle()); | 1307 EXPECT_TRUE(key.handle()); |
1256 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1308 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1257 EXPECT_EQ(extractable, key.extractable()); | 1309 EXPECT_EQ(extractable, key.extractable()); |
1258 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 1310 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
1259 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 1311 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
1260 key.algorithm().hmacParams()->hash().id()); | 1312 key.algorithm().hmacParams()->hash().id()); |
1261 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); | 1313 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
1262 key = blink::WebCryptoKey::createNull(); | 1314 key = blink::WebCryptoKey::createNull(); |
1263 | 1315 |
1264 // Consistency rules when JWK value exists: Fail if inconsistency is found. | 1316 // Consistency rules when JWK value exists: Fail if inconsistency is found. |
1265 | 1317 |
1266 // Pass: All input values are consistent with the JWK values. | 1318 // Pass: All input values are consistent with the JWK values. |
1267 dict.Clear(); | 1319 dict.Clear(); |
1268 dict.SetString("kty", "oct"); | 1320 dict.SetString("kty", "oct"); |
1269 dict.SetString("alg", "HS256"); | 1321 dict.SetString("alg", "HS256"); |
1270 dict.SetString("use", "sig"); | 1322 dict.SetString("use", "sig"); |
1271 dict.SetBoolean("extractable", false); | 1323 dict.SetBoolean("extractable", false); |
1272 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1324 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1273 json_vec = MakeJsonVector(dict); | 1325 json_vec = MakeJsonVector(dict); |
1274 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | 1326 EXPECT_STATUS_SUCCESS( |
| 1327 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
1275 | 1328 |
1276 // Extractable cases: | 1329 // Extractable cases: |
1277 // 1. input=T, JWK=F ==> fail (inconsistent) | 1330 // 1. input=T, JWK=F ==> fail (inconsistent) |
1278 // 4. input=F, JWK=F ==> pass, result extractable is F | 1331 // 4. input=F, JWK=F ==> pass, result extractable is F |
1279 // 2. input=T, JWK=T ==> pass, result extractable is T | 1332 // 2. input=T, JWK=T ==> pass, result extractable is T |
1280 // 3. input=F, JWK=T ==> pass, result extractable is F | 1333 // 3. input=F, JWK=T ==> pass, result extractable is F |
1281 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); | 1334 EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(), |
1282 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | 1335 ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); |
| 1336 EXPECT_STATUS_SUCCESS( |
| 1337 ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
1283 EXPECT_FALSE(key.extractable()); | 1338 EXPECT_FALSE(key.extractable()); |
1284 dict.SetBoolean("extractable", true); | 1339 dict.SetBoolean("extractable", true); |
1285 EXPECT_TRUE( | 1340 EXPECT_STATUS_SUCCESS( |
1286 ImportKeyJwk(MakeJsonVector(dict), algorithm, true, usage_mask, &key)); | 1341 ImportKeyJwk(MakeJsonVector(dict), algorithm, true, usage_mask, &key)); |
1287 EXPECT_TRUE(key.extractable()); | 1342 EXPECT_TRUE(key.extractable()); |
1288 EXPECT_TRUE( | 1343 EXPECT_STATUS_SUCCESS( |
1289 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1344 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1290 EXPECT_FALSE(key.extractable()); | 1345 EXPECT_FALSE(key.extractable()); |
1291 dict.SetBoolean("extractable", true); // restore previous value | 1346 dict.SetBoolean("extractable", true); // restore previous value |
1292 | 1347 |
1293 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | 1348 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
1294 // (HMAC SHA256). | 1349 // (HMAC SHA256). |
1295 EXPECT_FALSE(ImportKeyJwk( | 1350 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
1296 json_vec, | 1351 json_vec, |
1297 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1352 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1298 extractable, | 1353 extractable, |
1299 usage_mask, | 1354 usage_mask, |
1300 &key)); | 1355 &key)); |
1301 | 1356 |
1302 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1357 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
1303 // (HMAC SHA256). | 1358 // (HMAC SHA256). |
1304 EXPECT_FALSE(ImportKeyJwk( | 1359 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
1305 json_vec, | 1360 json_vec, |
1306 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), | 1361 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), |
1307 extractable, | 1362 extractable, |
1308 usage_mask, | 1363 usage_mask, |
1309 &key)); | 1364 &key)); |
1310 | 1365 |
1311 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | 1366 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. |
1312 EXPECT_TRUE(ImportKeyJwk(json_vec, | 1367 EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec, |
1313 blink::WebCryptoAlgorithm::createNull(), | 1368 blink::WebCryptoAlgorithm::createNull(), |
1314 extractable, | 1369 extractable, |
1315 usage_mask, | 1370 usage_mask, |
1316 &key)); | 1371 &key)); |
1317 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1372 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1318 | 1373 |
1319 // Pass: JWK alg missing but input algorithm specified: use input value | 1374 // Pass: JWK alg missing but input algorithm specified: use input value |
1320 dict.Remove("alg", NULL); | 1375 dict.Remove("alg", NULL); |
1321 EXPECT_TRUE(ImportKeyJwk( | 1376 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1322 MakeJsonVector(dict), | 1377 MakeJsonVector(dict), |
1323 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), | 1378 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), |
1324 extractable, | 1379 extractable, |
1325 usage_mask, | 1380 usage_mask, |
1326 &key)); | 1381 &key)); |
1327 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1382 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1328 dict.SetString("alg", "HS256"); | 1383 dict.SetString("alg", "HS256"); |
1329 | 1384 |
1330 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | 1385 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
1331 // (sign|verify) | 1386 // (sign|verify) |
1332 EXPECT_FALSE(ImportKeyJwk( | 1387 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk( |
1333 json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); | 1388 json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); |
1334 | 1389 |
1335 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK | 1390 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
1336 // value (sign|verify) | 1391 // value (sign|verify) |
1337 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | | 1392 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | |
1338 blink::WebCryptoKeyUsageVerify; | 1393 blink::WebCryptoKeyUsageVerify; |
1339 EXPECT_FALSE( | 1394 EXPECT_STATUS( |
| 1395 Status::ErrorJwkUsageInconsistent(), |
1340 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | 1396 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
1341 usage_mask = blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
1342 | 1397 |
1343 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, | 1398 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, |
1344 // only certain alg values are permitted. For example, when kty = "RSA" alg | 1399 // only certain alg values are permitted. For example, when kty = "RSA" alg |
1345 // must be of the RSA family, or when kty = "oct" alg must be symmetric | 1400 // must be of the RSA family, or when kty = "oct" alg must be symmetric |
1346 // algorithm. | 1401 // algorithm. |
1347 } | 1402 } |
1348 | 1403 |
1349 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkHappy)) { | 1404 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkHappy)) { |
1350 | 1405 |
1351 // This test verifies the happy path of JWK import, including the application | 1406 // This test verifies the happy path of JWK import, including the application |
1352 // of the imported key material. | 1407 // of the imported key material. |
1353 | 1408 |
1354 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1409 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1355 bool extractable = false; | 1410 bool extractable = false; |
1356 blink::WebCryptoAlgorithm algorithm = | 1411 blink::WebCryptoAlgorithm algorithm = |
1357 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1412 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
1358 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; | 1413 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; |
1359 | 1414 |
1360 // Import a symmetric key JWK and HMAC-SHA256 sign() | 1415 // Import a symmetric key JWK and HMAC-SHA256 sign() |
1361 // Uses the first SHA256 test vector from the HMAC sample set above. | 1416 // Uses the first SHA256 test vector from the HMAC sample set above. |
1362 | 1417 |
1363 base::DictionaryValue dict; | 1418 base::DictionaryValue dict; |
1364 dict.SetString("kty", "oct"); | 1419 dict.SetString("kty", "oct"); |
1365 dict.SetString("alg", "HS256"); | 1420 dict.SetString("alg", "HS256"); |
1366 dict.SetString("use", "sig"); | 1421 dict.SetString("use", "sig"); |
1367 dict.SetBoolean("extractable", false); | 1422 dict.SetBoolean("extractable", false); |
1368 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1423 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1369 std::vector<uint8> json_vec = MakeJsonVector(dict); | 1424 std::vector<uint8> json_vec = MakeJsonVector(dict); |
1370 | 1425 |
1371 ASSERT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | 1426 ASSERT_STATUS_SUCCESS(ImportKeyJwk( |
| 1427 json_vec, algorithm, extractable, usage_mask, &key)); |
1372 | 1428 |
1373 const std::vector<uint8> message_raw = HexStringToBytes( | 1429 const std::vector<uint8> message_raw = HexStringToBytes( |
1374 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | 1430 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
1375 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | 1431 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
1376 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | 1432 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
1377 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | 1433 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
1378 | 1434 |
1379 blink::WebArrayBuffer output; | 1435 blink::WebArrayBuffer output; |
1380 | 1436 |
1381 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); | 1437 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, message_raw, &output)); |
1382 | 1438 |
1383 const std::string mac_raw = | 1439 const std::string mac_raw = |
1384 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1440 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1385 | 1441 |
1386 ExpectArrayBufferMatchesHex(mac_raw, output); | 1442 ExpectArrayBufferMatchesHex(mac_raw, output); |
1387 | 1443 |
1388 // TODO(padolph): Import an RSA public key JWK and use it | 1444 // TODO(padolph): Import an RSA public key JWK and use it |
1389 } | 1445 } |
1390 | 1446 |
1391 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) { | 1447 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) { |
1392 // Passing case: Import a valid RSA key in SPKI format. | 1448 // Passing case: Import a valid RSA key in SPKI format. |
1393 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1449 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1394 ASSERT_TRUE(ImportKeyInternal( | 1450 ASSERT_STATUS_SUCCESS(ImportKeyInternal( |
1395 blink::WebCryptoKeyFormatSpki, | 1451 blink::WebCryptoKeyFormatSpki, |
1396 HexStringToBytes(kPublicKeySpkiDerHex), | 1452 HexStringToBytes(kPublicKeySpkiDerHex), |
1397 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1453 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1398 true, | 1454 true, |
1399 blink::WebCryptoKeyUsageEncrypt, | 1455 blink::WebCryptoKeyUsageEncrypt, |
1400 &key)); | 1456 &key)); |
1401 EXPECT_TRUE(key.handle()); | 1457 EXPECT_TRUE(key.handle()); |
1402 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1458 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1403 EXPECT_TRUE(key.extractable()); | 1459 EXPECT_TRUE(key.extractable()); |
1404 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1460 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1405 | 1461 |
1406 // Failing case: Empty SPKI data | 1462 // Failing case: Empty SPKI data |
1407 EXPECT_FALSE(ImportKeyInternal( | 1463 EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyInternal( |
1408 blink::WebCryptoKeyFormatSpki, | 1464 blink::WebCryptoKeyFormatSpki, |
1409 std::vector<uint8>(), | 1465 std::vector<uint8>(), |
1410 blink::WebCryptoAlgorithm::createNull(), | 1466 blink::WebCryptoAlgorithm::createNull(), |
1411 true, | 1467 true, |
1412 blink::WebCryptoKeyUsageEncrypt, | 1468 blink::WebCryptoKeyUsageEncrypt, |
1413 &key)); | 1469 &key)); |
1414 | 1470 |
1415 // Failing case: Import RSA key with NULL input algorithm. This is not | 1471 // Failing case: Import RSA key with NULL input algorithm. This is not |
1416 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough | 1472 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough |
1417 // to map to a Web Crypto algorithm. | 1473 // to map to a Web Crypto algorithm. |
1418 EXPECT_FALSE(ImportKeyInternal( | 1474 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1419 blink::WebCryptoKeyFormatSpki, | 1475 blink::WebCryptoKeyFormatSpki, |
1420 HexStringToBytes(kPublicKeySpkiDerHex), | 1476 HexStringToBytes(kPublicKeySpkiDerHex), |
1421 blink::WebCryptoAlgorithm::createNull(), | 1477 blink::WebCryptoAlgorithm::createNull(), |
1422 true, | 1478 true, |
1423 blink::WebCryptoKeyUsageEncrypt, | 1479 blink::WebCryptoKeyUsageEncrypt, |
1424 &key)); | 1480 &key)); |
1425 | 1481 |
1426 // Failing case: Bad DER encoding. | 1482 // Failing case: Bad DER encoding. |
1427 EXPECT_FALSE(ImportKeyInternal( | 1483 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1428 blink::WebCryptoKeyFormatSpki, | 1484 blink::WebCryptoKeyFormatSpki, |
1429 HexStringToBytes("618333c4cb"), | 1485 HexStringToBytes("618333c4cb"), |
1430 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1486 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1431 true, | 1487 true, |
1432 blink::WebCryptoKeyUsageEncrypt, | 1488 blink::WebCryptoKeyUsageEncrypt, |
1433 &key)); | 1489 &key)); |
1434 | 1490 |
1435 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1491 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1436 EXPECT_FALSE(ImportKeyInternal( | 1492 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1437 blink::WebCryptoKeyFormatSpki, | 1493 blink::WebCryptoKeyFormatSpki, |
1438 HexStringToBytes(kPublicKeySpkiDerHex), | 1494 HexStringToBytes(kPublicKeySpkiDerHex), |
1439 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1495 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1440 true, | 1496 true, |
1441 blink::WebCryptoKeyUsageEncrypt, | 1497 blink::WebCryptoKeyUsageEncrypt, |
1442 &key)); | 1498 &key)); |
1443 | 1499 |
1444 // Passing case: Export a previously imported RSA public key in SPKI format | 1500 // Passing case: Export a previously imported RSA public key in SPKI format |
1445 // and compare to original data. | 1501 // and compare to original data. |
1446 blink::WebArrayBuffer output; | 1502 blink::WebArrayBuffer output; |
1447 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1503 ASSERT_STATUS_SUCCESS( |
| 1504 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
1448 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); | 1505 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); |
1449 | 1506 |
1450 // Failing case: Try to export a previously imported RSA public key in raw | 1507 // Failing case: Try to export a previously imported RSA public key in raw |
1451 // format (not allowed for a public key). | 1508 // format (not allowed for a public key). |
1452 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output)); | 1509 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
| 1510 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output)); |
1453 | 1511 |
1454 // Failing case: Try to export a non-extractable key | 1512 // Failing case: Try to export a non-extractable key |
1455 ASSERT_TRUE(ImportKeyInternal( | 1513 ASSERT_STATUS_SUCCESS(ImportKeyInternal( |
1456 blink::WebCryptoKeyFormatSpki, | 1514 blink::WebCryptoKeyFormatSpki, |
1457 HexStringToBytes(kPublicKeySpkiDerHex), | 1515 HexStringToBytes(kPublicKeySpkiDerHex), |
1458 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1516 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1459 false, | 1517 false, |
1460 blink::WebCryptoKeyUsageEncrypt, | 1518 blink::WebCryptoKeyUsageEncrypt, |
1461 &key)); | 1519 &key)); |
1462 EXPECT_TRUE(key.handle()); | 1520 EXPECT_TRUE(key.handle()); |
1463 EXPECT_FALSE(key.extractable()); | 1521 EXPECT_FALSE(key.extractable()); |
1464 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1522 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), |
| 1523 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
1465 } | 1524 } |
1466 | 1525 |
1467 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) { | 1526 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) { |
1468 // Passing case: Import a valid RSA key in PKCS#8 format. | 1527 // Passing case: Import a valid RSA key in PKCS#8 format. |
1469 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1528 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1470 ASSERT_TRUE(ImportKeyInternal( | 1529 ASSERT_STATUS_SUCCESS(ImportKeyInternal( |
1471 blink::WebCryptoKeyFormatPkcs8, | 1530 blink::WebCryptoKeyFormatPkcs8, |
1472 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1531 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1473 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1532 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1474 true, | 1533 true, |
1475 blink::WebCryptoKeyUsageSign, | 1534 blink::WebCryptoKeyUsageSign, |
1476 &key)); | 1535 &key)); |
1477 EXPECT_TRUE(key.handle()); | 1536 EXPECT_TRUE(key.handle()); |
1478 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1537 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
1479 EXPECT_TRUE(key.extractable()); | 1538 EXPECT_TRUE(key.extractable()); |
1480 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1539 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
1481 | 1540 |
1482 // Failing case: Empty PKCS#8 data | 1541 // Failing case: Empty PKCS#8 data |
1483 EXPECT_FALSE(ImportKeyInternal( | 1542 EXPECT_STATUS(Status::ErrorEmptyKeyData(), ImportKeyInternal( |
1484 blink::WebCryptoKeyFormatPkcs8, | 1543 blink::WebCryptoKeyFormatPkcs8, |
1485 std::vector<uint8>(), | 1544 std::vector<uint8>(), |
1486 blink::WebCryptoAlgorithm::createNull(), | 1545 blink::WebCryptoAlgorithm::createNull(), |
1487 true, | 1546 true, |
1488 blink::WebCryptoKeyUsageSign, | 1547 blink::WebCryptoKeyUsageSign, |
1489 &key)); | 1548 &key)); |
1490 | 1549 |
1491 // Failing case: Import RSA key with NULL input algorithm. This is not | 1550 // Failing case: Import RSA key with NULL input algorithm. This is not |
1492 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough | 1551 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough |
1493 // to map to a Web Crypto algorithm. | 1552 // to map to a Web Crypto algorithm. |
1494 EXPECT_FALSE(ImportKeyInternal( | 1553 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1495 blink::WebCryptoKeyFormatPkcs8, | 1554 blink::WebCryptoKeyFormatPkcs8, |
1496 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1555 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1497 blink::WebCryptoAlgorithm::createNull(), | 1556 blink::WebCryptoAlgorithm::createNull(), |
1498 true, | 1557 true, |
1499 blink::WebCryptoKeyUsageSign, | 1558 blink::WebCryptoKeyUsageSign, |
1500 &key)); | 1559 &key)); |
1501 | 1560 |
1502 // Failing case: Bad DER encoding. | 1561 // Failing case: Bad DER encoding. |
1503 EXPECT_FALSE(ImportKeyInternal( | 1562 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1504 blink::WebCryptoKeyFormatPkcs8, | 1563 blink::WebCryptoKeyFormatPkcs8, |
1505 HexStringToBytes("618333c4cb"), | 1564 HexStringToBytes("618333c4cb"), |
1506 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1565 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1507 true, | 1566 true, |
1508 blink::WebCryptoKeyUsageSign, | 1567 blink::WebCryptoKeyUsageSign, |
1509 &key)); | 1568 &key)); |
1510 | 1569 |
1511 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1570 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1512 EXPECT_FALSE(ImportKeyInternal( | 1571 EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
1513 blink::WebCryptoKeyFormatPkcs8, | 1572 blink::WebCryptoKeyFormatPkcs8, |
1514 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1573 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1515 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1574 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1516 true, | 1575 true, |
1517 blink::WebCryptoKeyUsageSign, | 1576 blink::WebCryptoKeyUsageSign, |
1518 &key)); | 1577 &key)); |
1519 } | 1578 } |
1520 | 1579 |
1521 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) { | 1580 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) { |
1522 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 1581 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
1523 | 1582 |
1524 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 1583 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
1525 const unsigned modulus_length = 256; | 1584 const unsigned modulus_length = 256; |
1526 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 1585 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
1527 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1586 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1528 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1587 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1529 modulus_length, | 1588 modulus_length, |
1530 public_exponent); | 1589 public_exponent); |
1531 bool extractable = false; | 1590 bool extractable = false; |
1532 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 1591 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
1533 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1592 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1534 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1593 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1535 EXPECT_TRUE(GenerateKeyPairInternal( | 1594 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
1536 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1595 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1537 EXPECT_FALSE(public_key.isNull()); | 1596 EXPECT_FALSE(public_key.isNull()); |
1538 EXPECT_FALSE(private_key.isNull()); | 1597 EXPECT_FALSE(private_key.isNull()); |
1539 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1598 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1540 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1599 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1541 EXPECT_EQ(true, public_key.extractable()); | 1600 EXPECT_EQ(true, public_key.extractable()); |
1542 EXPECT_EQ(extractable, private_key.extractable()); | 1601 EXPECT_EQ(extractable, private_key.extractable()); |
1543 EXPECT_EQ(usage_mask, public_key.usages()); | 1602 EXPECT_EQ(usage_mask, public_key.usages()); |
1544 EXPECT_EQ(usage_mask, private_key.usages()); | 1603 EXPECT_EQ(usage_mask, private_key.usages()); |
1545 | 1604 |
1546 // Fail with bad modulus. | 1605 // Fail with bad modulus. |
1547 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1606 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1548 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 1607 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
1549 EXPECT_FALSE(GenerateKeyPairInternal( | 1608 EXPECT_STATUS(Status::ErrorEmptyModulus(), GenerateKeyPairInternal( |
1550 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1609 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1551 | 1610 |
1552 // Fail with bad exponent: larger than unsigned long. | 1611 // Fail with bad exponent: larger than unsigned long. |
1553 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT | 1612 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT |
1554 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 1613 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
1555 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1614 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1556 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1615 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1557 modulus_length, | 1616 modulus_length, |
1558 long_exponent); | 1617 long_exponent); |
1559 EXPECT_FALSE(GenerateKeyPairInternal( | 1618 EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal( |
1560 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1619 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1561 | 1620 |
1562 // Fail with bad exponent: empty. | 1621 // Fail with bad exponent: empty. |
1563 const std::vector<uint8> empty_exponent; | 1622 const std::vector<uint8> empty_exponent; |
1564 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1623 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1565 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1624 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1566 modulus_length, | 1625 modulus_length, |
1567 empty_exponent); | 1626 empty_exponent); |
1568 EXPECT_FALSE(GenerateKeyPairInternal( | 1627 EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal( |
1569 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1628 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1570 | 1629 |
1571 // Fail with bad exponent: all zeros. | 1630 // Fail with bad exponent: all zeros. |
1572 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 1631 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
1573 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1632 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1574 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1633 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1575 modulus_length, | 1634 modulus_length, |
1576 exponent_with_leading_zeros); | 1635 exponent_with_leading_zeros); |
1577 EXPECT_FALSE(GenerateKeyPairInternal( | 1636 EXPECT_STATUS(Status::ErrorPublicExponent(), GenerateKeyPairInternal( |
1578 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1637 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1579 | 1638 |
1580 // Key generation success using exponent with leading zeros. | 1639 // Key generation success using exponent with leading zeros. |
1581 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 1640 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
1582 public_exponent.begin(), | 1641 public_exponent.begin(), |
1583 public_exponent.end()); | 1642 public_exponent.end()); |
1584 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1643 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1585 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1644 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1586 modulus_length, | 1645 modulus_length, |
1587 exponent_with_leading_zeros); | 1646 exponent_with_leading_zeros); |
1588 EXPECT_TRUE(GenerateKeyPairInternal( | 1647 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
1589 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1648 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1590 EXPECT_FALSE(public_key.isNull()); | 1649 EXPECT_FALSE(public_key.isNull()); |
1591 EXPECT_FALSE(private_key.isNull()); | 1650 EXPECT_FALSE(private_key.isNull()); |
1592 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1651 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1593 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1652 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1594 EXPECT_EQ(true, public_key.extractable()); | 1653 EXPECT_EQ(true, public_key.extractable()); |
1595 EXPECT_EQ(extractable, private_key.extractable()); | 1654 EXPECT_EQ(extractable, private_key.extractable()); |
1596 EXPECT_EQ(usage_mask, public_key.usages()); | 1655 EXPECT_EQ(usage_mask, public_key.usages()); |
1597 EXPECT_EQ(usage_mask, private_key.usages()); | 1656 EXPECT_EQ(usage_mask, private_key.usages()); |
1598 | 1657 |
1599 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 1658 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
1600 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1659 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1601 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 1660 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); |
1602 EXPECT_TRUE(GenerateKeyPairInternal( | 1661 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
1603 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1662 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1604 EXPECT_FALSE(public_key.isNull()); | 1663 EXPECT_FALSE(public_key.isNull()); |
1605 EXPECT_FALSE(private_key.isNull()); | 1664 EXPECT_FALSE(private_key.isNull()); |
1606 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1665 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1607 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1666 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1608 EXPECT_EQ(true, public_key.extractable()); | 1667 EXPECT_EQ(true, public_key.extractable()); |
1609 EXPECT_EQ(extractable, private_key.extractable()); | 1668 EXPECT_EQ(extractable, private_key.extractable()); |
1610 EXPECT_EQ(usage_mask, public_key.usages()); | 1669 EXPECT_EQ(usage_mask, public_key.usages()); |
1611 EXPECT_EQ(usage_mask, private_key.usages()); | 1670 EXPECT_EQ(usage_mask, private_key.usages()); |
1612 | 1671 |
1613 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 1672 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
1614 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1673 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1615 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1674 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1616 modulus_length, | 1675 modulus_length, |
1617 public_exponent); | 1676 public_exponent); |
1618 EXPECT_TRUE(GenerateKeyPairInternal( | 1677 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( |
1619 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1678 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1620 EXPECT_FALSE(public_key.isNull()); | 1679 EXPECT_FALSE(public_key.isNull()); |
1621 EXPECT_FALSE(private_key.isNull()); | 1680 EXPECT_FALSE(private_key.isNull()); |
1622 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1681 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1623 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1682 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1624 EXPECT_EQ(true, public_key.extractable()); | 1683 EXPECT_EQ(true, public_key.extractable()); |
1625 EXPECT_EQ(extractable, private_key.extractable()); | 1684 EXPECT_EQ(extractable, private_key.extractable()); |
1626 EXPECT_EQ(usage_mask, public_key.usages()); | 1685 EXPECT_EQ(usage_mask, public_key.usages()); |
1627 EXPECT_EQ(usage_mask, private_key.usages()); | 1686 EXPECT_EQ(usage_mask, private_key.usages()); |
1628 | 1687 |
1629 // Fail SPKI export of private key. This is an ExportKey test, but do it here | 1688 // Fail SPKI export of private key. This is an ExportKey test, but do it here |
1630 // since it is expensive to generate an RSA key pair and we already have a | 1689 // since it is expensive to generate an RSA key pair and we already have a |
1631 // private key here. | 1690 // private key here. |
1632 blink::WebArrayBuffer output; | 1691 blink::WebArrayBuffer output; |
1633 EXPECT_FALSE( | 1692 // TODO(eroman): This test is failing for a different reason than expected by |
1634 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 1693 // the test. |
| 1694 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal( |
| 1695 blink::WebCryptoKeyFormatSpki, private_key, &output)); |
1635 } | 1696 } |
1636 | 1697 |
1637 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { | 1698 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { |
1638 // Import a key pair. | 1699 // Import a key pair. |
1639 blink::WebCryptoAlgorithm algorithm = | 1700 blink::WebCryptoAlgorithm algorithm = |
1640 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1701 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1641 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1702 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1642 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1703 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1643 ImportRsaKeyPair( | 1704 ImportRsaKeyPair( |
1644 kPublicKeySpkiDerHex, | 1705 kPublicKeySpkiDerHex, |
(...skipping 19 matching lines...) Expand all Loading... |
1664 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1725 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1665 const char* const kTestDataHex[] = { | 1726 const char* const kTestDataHex[] = { |
1666 "ff", | 1727 "ff", |
1667 "0102030405060708090a0b0c0d0e0f", | 1728 "0102030405060708090a0b0c0d0e0f", |
1668 max_data_hex | 1729 max_data_hex |
1669 }; | 1730 }; |
1670 blink::WebArrayBuffer encrypted_data; | 1731 blink::WebArrayBuffer encrypted_data; |
1671 blink::WebArrayBuffer decrypted_data; | 1732 blink::WebArrayBuffer decrypted_data; |
1672 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | 1733 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
1673 SCOPED_TRACE(i); | 1734 SCOPED_TRACE(i); |
1674 ASSERT_TRUE(EncryptInternal( | 1735 EXPECT_STATUS_SUCCESS(EncryptInternal( |
1675 algorithm, | 1736 algorithm, |
1676 public_key, | 1737 public_key, |
1677 HexStringToBytes(kTestDataHex[i]), | 1738 HexStringToBytes(kTestDataHex[i]), |
1678 &encrypted_data)); | 1739 &encrypted_data)); |
1679 EXPECT_EQ(kModulusLength/8, encrypted_data.byteLength()); | 1740 EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength()); |
1680 ASSERT_TRUE(DecryptInternal( | 1741 ASSERT_STATUS_SUCCESS(DecryptInternal( |
1681 algorithm, | 1742 algorithm, |
1682 private_key, | 1743 private_key, |
1683 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1744 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1684 encrypted_data.byteLength(), | 1745 encrypted_data.byteLength(), |
1685 &decrypted_data)); | 1746 &decrypted_data)); |
1686 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); | 1747 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); |
1687 } | 1748 } |
1688 } | 1749 } |
1689 | 1750 |
1690 TEST_F(WebCryptoImplTest, MAYBE(RsaEsKnownAnswer)) { | 1751 TEST_F(WebCryptoImplTest, MAYBE(RsaEsKnownAnswer)) { |
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1763 rsa_pkcs8_der_hex, | 1824 rsa_pkcs8_der_hex, |
1764 algorithm, | 1825 algorithm, |
1765 false, | 1826 false, |
1766 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1827 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1767 &public_key, | 1828 &public_key, |
1768 &private_key); | 1829 &private_key); |
1769 | 1830 |
1770 // Decrypt the known-good ciphertext with the private key. As a check we must | 1831 // Decrypt the known-good ciphertext with the private key. As a check we must |
1771 // get the known original cleartext. | 1832 // get the known original cleartext. |
1772 blink::WebArrayBuffer decrypted_data; | 1833 blink::WebArrayBuffer decrypted_data; |
1773 ASSERT_TRUE(DecryptInternal( | 1834 ASSERT_STATUS_SUCCESS(DecryptInternal( |
1774 algorithm, | 1835 algorithm, |
1775 private_key, | 1836 private_key, |
1776 HexStringToBytes(ciphertext_hex), | 1837 HexStringToBytes(ciphertext_hex), |
1777 &decrypted_data)); | 1838 &decrypted_data)); |
1778 EXPECT_FALSE(decrypted_data.isNull()); | 1839 EXPECT_FALSE(decrypted_data.isNull()); |
1779 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); | 1840 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); |
1780 | 1841 |
1781 // Encrypt this decrypted data with the public key. | 1842 // Encrypt this decrypted data with the public key. |
1782 blink::WebArrayBuffer encrypted_data; | 1843 blink::WebArrayBuffer encrypted_data; |
1783 ASSERT_TRUE(EncryptInternal( | 1844 ASSERT_STATUS_SUCCESS(EncryptInternal( |
1784 algorithm, | 1845 algorithm, |
1785 public_key, | 1846 public_key, |
1786 reinterpret_cast<const unsigned char*>(decrypted_data.data()), | 1847 reinterpret_cast<const unsigned char*>(decrypted_data.data()), |
1787 decrypted_data.byteLength(), | 1848 decrypted_data.byteLength(), |
1788 &encrypted_data)); | 1849 &encrypted_data)); |
1789 EXPECT_EQ(128u, encrypted_data.byteLength()); | 1850 EXPECT_EQ(128u, encrypted_data.byteLength()); |
1790 | 1851 |
1791 // Finally, decrypt the newly encrypted result with the private key, and | 1852 // Finally, decrypt the newly encrypted result with the private key, and |
1792 // compare to the known original cleartext. | 1853 // compare to the known original cleartext. |
1793 decrypted_data.reset(); | 1854 decrypted_data.reset(); |
1794 ASSERT_TRUE(DecryptInternal( | 1855 ASSERT_STATUS_SUCCESS(DecryptInternal( |
1795 algorithm, | 1856 algorithm, |
1796 private_key, | 1857 private_key, |
1797 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1858 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1798 encrypted_data.byteLength(), | 1859 encrypted_data.byteLength(), |
1799 &decrypted_data)); | 1860 &decrypted_data)); |
1800 EXPECT_FALSE(decrypted_data.isNull()); | 1861 EXPECT_FALSE(decrypted_data.isNull()); |
1801 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); | 1862 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); |
1802 } | 1863 } |
1803 | 1864 |
1804 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) { | 1865 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) { |
1805 // Import a key pair. | 1866 // Import a key pair. |
1806 blink::WebCryptoAlgorithm algorithm = | 1867 blink::WebCryptoAlgorithm algorithm = |
1807 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1868 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1808 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1869 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1809 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1870 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1810 ImportRsaKeyPair( | 1871 ImportRsaKeyPair( |
1811 kPublicKeySpkiDerHex, | 1872 kPublicKeySpkiDerHex, |
1812 kPrivateKeyPkcs8DerHex, | 1873 kPrivateKeyPkcs8DerHex, |
1813 algorithm, | 1874 algorithm, |
1814 false, | 1875 false, |
1815 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1876 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1816 &public_key, | 1877 &public_key, |
1817 &private_key); | 1878 &private_key); |
1818 | 1879 |
1819 // Fail encrypt with a private key. | 1880 // Fail encrypt with a private key. |
1820 blink::WebArrayBuffer encrypted_data; | 1881 blink::WebArrayBuffer encrypted_data; |
1821 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 1882 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
1822 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 1883 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
1823 EXPECT_FALSE( | 1884 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1824 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); | 1885 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); |
1825 | 1886 |
1826 // Fail encrypt with empty message. | 1887 // Fail encrypt with empty message. |
1827 EXPECT_FALSE(EncryptInternal( | 1888 EXPECT_STATUS(Status::ErrorEmptyData(), EncryptInternal( |
1828 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); | 1889 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
1829 | 1890 |
1830 // Fail encrypt with message too large. RSAES can operate on messages up to | 1891 // Fail encrypt with message too large. RSAES can operate on messages up to |
1831 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1892 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
1832 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1893 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
1833 EXPECT_FALSE(EncryptInternal(algorithm, | 1894 EXPECT_STATUS( |
1834 public_key, | 1895 Status::ErrorDataTooBig(), |
1835 std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), | 1896 EncryptInternal(algorithm, |
1836 &encrypted_data)); | 1897 public_key, |
| 1898 std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), |
| 1899 &encrypted_data)); |
1837 | 1900 |
1838 // Generate encrypted data. | 1901 // Generate encrypted data. |
1839 EXPECT_TRUE( | 1902 EXPECT_STATUS(Status::Success(), |
1840 EncryptInternal(algorithm, public_key, message_hex, &encrypted_data)); | 1903 EncryptInternal(algorithm, public_key, message_hex, &encrypted_data)); |
1841 | 1904 |
1842 // Fail decrypt with a public key. | 1905 // Fail decrypt with a public key. |
1843 blink::WebArrayBuffer decrypted_data; | 1906 blink::WebArrayBuffer decrypted_data; |
1844 EXPECT_FALSE(DecryptInternal( | 1907 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), DecryptInternal( |
1845 algorithm, | 1908 algorithm, |
1846 public_key, | 1909 public_key, |
1847 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1910 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1848 encrypted_data.byteLength(), | 1911 encrypted_data.byteLength(), |
1849 &decrypted_data)); | 1912 &decrypted_data)); |
1850 | 1913 |
1851 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. | 1914 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. |
1852 std::vector<uint8> corrupted_data( | 1915 std::vector<uint8> corrupted_data( |
1853 static_cast<uint8*>(encrypted_data.data()), | 1916 static_cast<uint8*>(encrypted_data.data()), |
1854 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); | 1917 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); |
1855 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 1918 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
1856 EXPECT_FALSE( | 1919 EXPECT_STATUS(Status::Error(), |
1857 DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data)); | 1920 DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data)); |
1858 | 1921 |
1859 // TODO(padolph): Are there other specific data corruption scenarios to | 1922 // TODO(padolph): Are there other specific data corruption scenarios to |
1860 // consider? | 1923 // consider? |
1861 | 1924 |
1862 // Do a successful decrypt with good data just for confirmation. | 1925 // Do a successful decrypt with good data just for confirmation. |
1863 EXPECT_TRUE(DecryptInternal( | 1926 EXPECT_STATUS_SUCCESS(DecryptInternal( |
1864 algorithm, | 1927 algorithm, |
1865 private_key, | 1928 private_key, |
1866 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1929 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1867 encrypted_data.byteLength(), | 1930 encrypted_data.byteLength(), |
1868 &decrypted_data)); | 1931 &decrypted_data)); |
1869 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 1932 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
1870 } | 1933 } |
1871 | 1934 |
1872 TEST_F(WebCryptoImplTest, MAYBE(RsaSsaSignVerifyFailures)) { | 1935 TEST_F(WebCryptoImplTest, MAYBE(RsaSsaSignVerifyFailures)) { |
1873 // Import a key pair. | 1936 // Import a key pair. |
1874 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | 1937 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( |
1875 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1938 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1876 blink::WebCryptoAlgorithmIdSha1); | 1939 blink::WebCryptoAlgorithmIdSha1); |
1877 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1940 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1878 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1941 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1879 ImportRsaKeyPair( | 1942 ImportRsaKeyPair( |
1880 kPublicKeySpkiDerHex, | 1943 kPublicKeySpkiDerHex, |
1881 kPrivateKeyPkcs8DerHex, | 1944 kPrivateKeyPkcs8DerHex, |
1882 algorithm, | 1945 algorithm, |
1883 false, | 1946 false, |
1884 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 1947 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
1885 &public_key, | 1948 &public_key, |
1886 &private_key); | 1949 &private_key); |
1887 | 1950 |
1888 blink::WebArrayBuffer signature; | 1951 blink::WebArrayBuffer signature; |
1889 bool signature_match; | 1952 bool signature_match; |
1890 | 1953 |
1891 // Compute a signature. | 1954 // Compute a signature. |
1892 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | 1955 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
1893 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); | 1956 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, private_key, data, &signature)); |
1894 | 1957 |
1895 // Ensure truncated signature does not verify by passing one less byte. | 1958 // Ensure truncated signature does not verify by passing one less byte. |
1896 EXPECT_TRUE(VerifySignatureInternal( | 1959 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
1897 algorithm, | 1960 algorithm, |
1898 public_key, | 1961 public_key, |
1899 static_cast<const unsigned char*>(signature.data()), | 1962 static_cast<const unsigned char*>(signature.data()), |
1900 signature.byteLength() - 1, | 1963 signature.byteLength() - 1, |
1901 data, | 1964 data, |
1902 &signature_match)); | 1965 &signature_match)); |
1903 EXPECT_FALSE(signature_match); | 1966 EXPECT_FALSE(signature_match); |
1904 | 1967 |
1905 // Ensure corrupted signature does not verify. | 1968 // Ensure corrupted signature does not verify. |
1906 std::vector<uint8> corrupt_sig( | 1969 std::vector<uint8> corrupt_sig( |
1907 static_cast<uint8*>(signature.data()), | 1970 static_cast<uint8*>(signature.data()), |
1908 static_cast<uint8*>(signature.data()) + signature.byteLength()); | 1971 static_cast<uint8*>(signature.data()) + signature.byteLength()); |
1909 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | 1972 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
1910 EXPECT_TRUE(VerifySignatureInternal( | 1973 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
1911 algorithm, | 1974 algorithm, |
1912 public_key, | 1975 public_key, |
1913 webcrypto::Uint8VectorStart(corrupt_sig), | 1976 webcrypto::Uint8VectorStart(corrupt_sig), |
1914 corrupt_sig.size(), | 1977 corrupt_sig.size(), |
1915 data, | 1978 data, |
1916 &signature_match)); | 1979 &signature_match)); |
1917 EXPECT_FALSE(signature_match); | 1980 EXPECT_FALSE(signature_match); |
1918 | 1981 |
1919 // Ensure signatures that are greater than the modulus size fail. | 1982 // Ensure signatures that are greater than the modulus size fail. |
1920 const unsigned long_message_size_bytes = 1024; | 1983 const unsigned long_message_size_bytes = 1024; |
1921 DCHECK_GT(long_message_size_bytes, kModulusLength/8); | 1984 DCHECK_GT(long_message_size_bytes, kModulusLength/8); |
1922 const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; | 1985 const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; |
1923 EXPECT_TRUE(VerifySignatureInternal( | 1986 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
1924 algorithm, | 1987 algorithm, |
1925 public_key, | 1988 public_key, |
1926 kLongSignature, | 1989 kLongSignature, |
1927 sizeof(kLongSignature), | 1990 sizeof(kLongSignature), |
1928 data, | 1991 data, |
1929 &signature_match)); | 1992 &signature_match)); |
1930 EXPECT_FALSE(signature_match); | 1993 EXPECT_FALSE(signature_match); |
1931 | 1994 |
1932 // Ensure that verifying using a private key, rather than a public key, fails. | 1995 // Ensure that verifying using a private key, rather than a public key, fails. |
1933 EXPECT_FALSE(VerifySignatureInternal( | 1996 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignatureInternal( |
1934 algorithm, | 1997 algorithm, |
1935 private_key, | 1998 private_key, |
1936 static_cast<const unsigned char*>(signature.data()), | 1999 static_cast<const unsigned char*>(signature.data()), |
1937 signature.byteLength(), | 2000 signature.byteLength(), |
1938 data, | 2001 data, |
1939 &signature_match)); | 2002 &signature_match)); |
1940 | 2003 |
1941 // Ensure that signing using a public key, rather than a private key, fails. | 2004 // Ensure that signing using a public key, rather than a private key, fails. |
1942 EXPECT_FALSE(SignInternal(algorithm, public_key, data, &signature)); | 2005 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
| 2006 SignInternal(algorithm, public_key, data, &signature)); |
1943 | 2007 |
1944 // Ensure that signing and verifying with an incompatible algorithm fails. | 2008 // Ensure that signing and verifying with an incompatible algorithm fails. |
1945 algorithm = | 2009 algorithm = |
1946 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 2010 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1947 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); | 2011 EXPECT_STATUS(Status::ErrorUnsupported(), |
1948 EXPECT_FALSE(VerifySignatureInternal( | 2012 SignInternal(algorithm, private_key, data, &signature)); |
| 2013 EXPECT_STATUS(Status::ErrorUnsupported(), VerifySignatureInternal( |
1949 algorithm, | 2014 algorithm, |
1950 public_key, | 2015 public_key, |
1951 static_cast<const unsigned char*>(signature.data()), | 2016 static_cast<const unsigned char*>(signature.data()), |
1952 signature.byteLength(), | 2017 signature.byteLength(), |
1953 data, | 2018 data, |
1954 &signature_match)); | 2019 &signature_match)); |
1955 | 2020 |
1956 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash | 2021 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash |
1957 // based solely on the contents of the input signature data. In the Web Crypto | 2022 // based solely on the contents of the input signature data. In the Web Crypto |
1958 // implementation, the inner hash should be specified uniquely by the input | 2023 // implementation, the inner hash should be specified uniquely by the input |
1959 // algorithm parameter. To validate this behavior, call Verify with a computed | 2024 // algorithm parameter. To validate this behavior, call Verify with a computed |
1960 // signature that used one hash type (SHA-1), but pass in an algorithm with a | 2025 // signature that used one hash type (SHA-1), but pass in an algorithm with a |
1961 // different inner hash type (SHA-256). If the hash type is determined by the | 2026 // different inner hash type (SHA-256). If the hash type is determined by the |
1962 // signature itself (undesired), the verify will pass, while if the hash type | 2027 // signature itself (undesired), the verify will pass, while if the hash type |
1963 // is specified by the input algorithm (desired), the verify will fail. | 2028 // is specified by the input algorithm (desired), the verify will fail. |
1964 | 2029 |
1965 // Compute a signature using SHA-1 as the inner hash. | 2030 // Compute a signature using SHA-1 as the inner hash. |
1966 EXPECT_TRUE(SignInternal(CreateRsaAlgorithmWithInnerHash( | 2031 EXPECT_STATUS_SUCCESS(SignInternal(CreateRsaAlgorithmWithInnerHash( |
1967 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2032 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1968 blink::WebCryptoAlgorithmIdSha1), | 2033 blink::WebCryptoAlgorithmIdSha1), |
1969 private_key, | 2034 private_key, |
1970 data, | 2035 data, |
1971 &signature)); | 2036 &signature)); |
1972 | 2037 |
1973 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The | 2038 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The |
1974 // signature should not verify. | 2039 // signature should not verify. |
1975 // NOTE: public_key was produced by generateKey, and so its associated | 2040 // NOTE: public_key was produced by generateKey, and so its associated |
1976 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | 2041 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
1977 // it has no inner hash to conflict with the input algorithm. | 2042 // it has no inner hash to conflict with the input algorithm. |
1978 bool is_match; | 2043 bool is_match; |
1979 EXPECT_TRUE(VerifySignatureInternal( | 2044 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
1980 CreateRsaAlgorithmWithInnerHash( | 2045 CreateRsaAlgorithmWithInnerHash( |
1981 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2046 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1982 blink::WebCryptoAlgorithmIdSha256), | 2047 blink::WebCryptoAlgorithmIdSha256), |
1983 public_key, | 2048 public_key, |
1984 static_cast<const unsigned char*>(signature.data()), | 2049 static_cast<const unsigned char*>(signature.data()), |
1985 signature.byteLength(), | 2050 signature.byteLength(), |
1986 data, | 2051 data, |
1987 &is_match)); | 2052 &is_match)); |
1988 EXPECT_FALSE(is_match); | 2053 EXPECT_FALSE(is_match); |
1989 } | 2054 } |
(...skipping 212 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2202 &private_key); | 2267 &private_key); |
2203 | 2268 |
2204 // Validate the signatures are computed and verified as expected. | 2269 // Validate the signatures are computed and verified as expected. |
2205 blink::WebArrayBuffer signature; | 2270 blink::WebArrayBuffer signature; |
2206 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kTests); ++idx) { | 2271 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kTests); ++idx) { |
2207 SCOPED_TRACE(idx); | 2272 SCOPED_TRACE(idx); |
2208 const TestCase& test = kTests[idx]; | 2273 const TestCase& test = kTests[idx]; |
2209 const std::vector<uint8> message = HexStringToBytes(test.message_hex); | 2274 const std::vector<uint8> message = HexStringToBytes(test.message_hex); |
2210 | 2275 |
2211 signature.reset(); | 2276 signature.reset(); |
2212 ASSERT_TRUE(SignInternal(algorithm, private_key, message, &signature)); | 2277 ASSERT_STATUS_SUCCESS( |
| 2278 SignInternal(algorithm, private_key, message, &signature)); |
2213 ExpectArrayBufferMatchesHex(test.signature_hex, signature); | 2279 ExpectArrayBufferMatchesHex(test.signature_hex, signature); |
2214 | 2280 |
2215 bool is_match = false; | 2281 bool is_match = false; |
2216 ASSERT_TRUE(VerifySignatureInternal( | 2282 ASSERT_STATUS_SUCCESS(VerifySignatureInternal( |
2217 algorithm, | 2283 algorithm, |
2218 public_key, | 2284 public_key, |
2219 HexStringToBytes(test.signature_hex), | 2285 HexStringToBytes(test.signature_hex), |
2220 message, | 2286 message, |
2221 &is_match)); | 2287 &is_match)); |
2222 EXPECT_TRUE(is_match); | 2288 EXPECT_TRUE(is_match); |
2223 } | 2289 } |
2224 } | 2290 } |
2225 | 2291 |
2226 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { | 2292 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { |
2227 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2293 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
2228 blink::WebCryptoAlgorithm algorithm = | 2294 blink::WebCryptoAlgorithm algorithm = |
2229 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | 2295 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
2230 | 2296 |
2231 // Import a 128-bit Key Encryption Key (KEK) | 2297 // Import a 128-bit Key Encryption Key (KEK) |
2232 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; | 2298 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; |
2233 ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2299 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2234 HexStringToBytes(key_raw_hex_in), | 2300 HexStringToBytes(key_raw_hex_in), |
2235 algorithm, | 2301 algorithm, |
2236 true, | 2302 true, |
2237 blink::WebCryptoKeyUsageWrapKey, | 2303 blink::WebCryptoKeyUsageWrapKey, |
2238 &key)); | 2304 &key)); |
2239 blink::WebArrayBuffer key_raw_out; | 2305 blink::WebArrayBuffer key_raw_out; |
2240 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2306 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2241 key, | 2307 key, |
2242 &key_raw_out)); | 2308 &key_raw_out)); |
2243 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2309 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
2244 | 2310 |
2245 // Import a 192-bit KEK | 2311 // Import a 192-bit KEK |
2246 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; | 2312 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; |
2247 ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2313 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2248 HexStringToBytes(key_raw_hex_in), | 2314 HexStringToBytes(key_raw_hex_in), |
2249 algorithm, | 2315 algorithm, |
2250 true, | 2316 true, |
2251 blink::WebCryptoKeyUsageWrapKey, | 2317 blink::WebCryptoKeyUsageWrapKey, |
2252 &key)); | 2318 &key)); |
2253 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2319 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2254 key, | 2320 key, |
2255 &key_raw_out)); | 2321 &key_raw_out)); |
2256 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2322 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
2257 | 2323 |
2258 // Import a 256-bit Key Encryption Key (KEK) | 2324 // Import a 256-bit Key Encryption Key (KEK) |
2259 key_raw_hex_in = | 2325 key_raw_hex_in = |
2260 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; | 2326 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; |
2261 ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2327 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2262 HexStringToBytes(key_raw_hex_in), | 2328 HexStringToBytes(key_raw_hex_in), |
2263 algorithm, | 2329 algorithm, |
2264 true, | 2330 true, |
2265 blink::WebCryptoKeyUsageWrapKey, | 2331 blink::WebCryptoKeyUsageWrapKey, |
2266 &key)); | 2332 &key)); |
2267 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2333 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2268 key, | 2334 key, |
2269 &key_raw_out)); | 2335 &key_raw_out)); |
2270 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2336 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
2271 | 2337 |
2272 // Fail import of 0 length key | 2338 // Fail import of 0 length key |
2273 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2339 EXPECT_STATUS(Status::Error(), |
2274 HexStringToBytes(""), | 2340 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2275 algorithm, | 2341 HexStringToBytes(""), |
2276 true, | 2342 algorithm, |
2277 blink::WebCryptoKeyUsageWrapKey, | 2343 true, |
2278 &key)); | 2344 blink::WebCryptoKeyUsageWrapKey, |
| 2345 &key)); |
2279 | 2346 |
2280 // Fail import of 124-bit KEK | 2347 // Fail import of 124-bit KEK |
2281 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; | 2348 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; |
2282 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2349 EXPECT_STATUS(Status::Error(), |
2283 HexStringToBytes(key_raw_hex_in), | 2350 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2284 algorithm, | 2351 HexStringToBytes(key_raw_hex_in), |
2285 true, | 2352 algorithm, |
2286 blink::WebCryptoKeyUsageWrapKey, | 2353 true, |
2287 &key)); | 2354 blink::WebCryptoKeyUsageWrapKey, |
| 2355 &key)); |
2288 | 2356 |
2289 // Fail import of 200-bit KEK | 2357 // Fail import of 200-bit KEK |
2290 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; | 2358 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; |
2291 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2359 EXPECT_STATUS(Status::Error(), |
2292 HexStringToBytes(key_raw_hex_in), | 2360 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2293 algorithm, | 2361 HexStringToBytes(key_raw_hex_in), |
2294 true, | 2362 algorithm, |
2295 blink::WebCryptoKeyUsageWrapKey, | 2363 true, |
2296 &key)); | 2364 blink::WebCryptoKeyUsageWrapKey, |
| 2365 &key)); |
2297 | 2366 |
2298 // Fail import of 260-bit KEK | 2367 // Fail import of 260-bit KEK |
2299 key_raw_hex_in = | 2368 key_raw_hex_in = |
2300 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; | 2369 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
2301 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2370 EXPECT_STATUS(Status::Error(), |
2302 HexStringToBytes(key_raw_hex_in), | 2371 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
2303 algorithm, | 2372 HexStringToBytes(key_raw_hex_in), |
2304 true, | 2373 algorithm, |
2305 blink::WebCryptoKeyUsageWrapKey, | 2374 true, |
2306 &key)); | 2375 blink::WebCryptoKeyUsageWrapKey, |
| 2376 &key)); |
2307 } | 2377 } |
2308 | 2378 |
2309 // TODO(eroman): | 2379 // TODO(eroman): |
2310 // * Test decryption when the tag length exceeds input size | 2380 // * Test decryption when the tag length exceeds input size |
2311 // * Test decryption with empty input | 2381 // * Test decryption with empty input |
2312 // * Test decryption with tag length of 0. | 2382 // * Test decryption with tag length of 0. |
2313 TEST_F(WebCryptoImplTest, MAYBE(AesGcmSampleSets)) { | 2383 TEST_F(WebCryptoImplTest, MAYBE(AesGcmSampleSets)) { |
2314 // Some Linux test runners may not have a new enough version of NSS. | 2384 // Some Linux test runners may not have a new enough version of NSS. |
2315 if (!SupportsAesGcm()) { | 2385 if (!SupportsAesGcm()) { |
2316 LOG(WARNING) << "AES GCM not supported, skipping tests"; | 2386 LOG(WARNING) << "AES GCM not supported, skipping tests"; |
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2418 SCOPED_TRACE(index); | 2488 SCOPED_TRACE(index); |
2419 const TestCase& test = kTests[index]; | 2489 const TestCase& test = kTests[index]; |
2420 | 2490 |
2421 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 2491 blink::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
2422 test.key, | 2492 test.key, |
2423 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 2493 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
2424 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 2494 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
2425 | 2495 |
2426 // Verify exported raw key is identical to the imported data | 2496 // Verify exported raw key is identical to the imported data |
2427 blink::WebArrayBuffer raw_key; | 2497 blink::WebArrayBuffer raw_key; |
2428 EXPECT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 2498 EXPECT_STATUS_SUCCESS(ExportKeyInternal( |
| 2499 blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
2429 ExpectArrayBufferMatchesHex(test.key, raw_key); | 2500 ExpectArrayBufferMatchesHex(test.key, raw_key); |
2430 | 2501 |
2431 const std::vector<uint8> test_iv = HexStringToBytes(test.iv); | 2502 const std::vector<uint8> test_iv = HexStringToBytes(test.iv); |
2432 const std::vector<uint8> test_additional_data = | 2503 const std::vector<uint8> test_additional_data = |
2433 HexStringToBytes(test.additional_data); | 2504 HexStringToBytes(test.additional_data); |
2434 const std::vector<uint8> test_plain_text = | 2505 const std::vector<uint8> test_plain_text = |
2435 HexStringToBytes(test.plain_text); | 2506 HexStringToBytes(test.plain_text); |
2436 const std::vector<uint8> test_authentication_tag = | 2507 const std::vector<uint8> test_authentication_tag = |
2437 HexStringToBytes(test.authentication_tag); | 2508 HexStringToBytes(test.authentication_tag); |
2438 const unsigned test_tag_size_bits = test_authentication_tag.size() * 8; | 2509 const unsigned test_tag_size_bits = test_authentication_tag.size() * 8; |
2439 const std::vector<uint8> test_cipher_text = | 2510 const std::vector<uint8> test_cipher_text = |
2440 HexStringToBytes(test.cipher_text); | 2511 HexStringToBytes(test.cipher_text); |
2441 | 2512 |
2442 // Test encryption. | 2513 // Test encryption. |
2443 std::vector<uint8> cipher_text; | 2514 std::vector<uint8> cipher_text; |
2444 std::vector<uint8> authentication_tag; | 2515 std::vector<uint8> authentication_tag; |
2445 EXPECT_TRUE(AesGcmEncrypt(key, test_iv, test_additional_data, | 2516 EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data, |
2446 test_tag_size_bits, test_plain_text, | 2517 test_tag_size_bits, test_plain_text, |
2447 &cipher_text, &authentication_tag)); | 2518 &cipher_text, &authentication_tag)); |
2448 | 2519 |
2449 ExpectVectorMatchesHex(test.cipher_text, cipher_text); | 2520 ExpectVectorMatchesHex(test.cipher_text, cipher_text); |
2450 ExpectVectorMatchesHex(test.authentication_tag, authentication_tag); | 2521 ExpectVectorMatchesHex(test.authentication_tag, authentication_tag); |
2451 | 2522 |
2452 // Test decryption. | 2523 // Test decryption. |
2453 blink::WebArrayBuffer plain_text; | 2524 blink::WebArrayBuffer plain_text; |
2454 EXPECT_TRUE(AesGcmDecrypt(key, test_iv, test_additional_data, | 2525 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data, |
2455 test_tag_size_bits, test_cipher_text, | 2526 test_tag_size_bits, test_cipher_text, |
2456 test_authentication_tag, &plain_text)); | 2527 test_authentication_tag, &plain_text)); |
2457 ExpectArrayBufferMatchesHex(test.plain_text, plain_text); | 2528 ExpectArrayBufferMatchesHex(test.plain_text, plain_text); |
2458 | 2529 |
2459 // Decryption should fail if any of the inputs are tampered with. | 2530 // Decryption should fail if any of the inputs are tampered with. |
2460 EXPECT_FALSE(AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data, | 2531 EXPECT_STATUS(Status::Error(), |
2461 test_tag_size_bits, test_cipher_text, | 2532 AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data, |
2462 test_authentication_tag, &plain_text)); | 2533 test_tag_size_bits, test_cipher_text, |
2463 EXPECT_FALSE(AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data), | 2534 test_authentication_tag, &plain_text)); |
2464 test_tag_size_bits, test_cipher_text, | 2535 EXPECT_STATUS(Status::Error(), |
2465 test_authentication_tag, &plain_text)); | 2536 AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data), |
2466 EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data, | 2537 test_tag_size_bits, test_cipher_text, |
2467 test_tag_size_bits, Corrupted(test_cipher_text), | 2538 test_authentication_tag, &plain_text)); |
2468 test_authentication_tag, &plain_text)); | 2539 EXPECT_STATUS(Status::Error(), |
2469 EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data, | 2540 AesGcmDecrypt(key, test_iv, test_additional_data, |
2470 test_tag_size_bits, test_cipher_text, | 2541 test_tag_size_bits, Corrupted(test_cipher_text), |
2471 Corrupted(test_authentication_tag), | 2542 test_authentication_tag, &plain_text)); |
2472 &plain_text)); | 2543 EXPECT_STATUS(Status::Error(), |
| 2544 AesGcmDecrypt(key, test_iv, test_additional_data, |
| 2545 test_tag_size_bits, test_cipher_text, |
| 2546 Corrupted(test_authentication_tag), |
| 2547 &plain_text)); |
2473 | 2548 |
2474 // Try different incorrect tag lengths | 2549 // Try different incorrect tag lengths |
2475 uint8 kAlternateTagLengths[] = {8, 96, 120, 128, 160, 255}; | 2550 uint8 kAlternateTagLengths[] = {8, 96, 120, 128, 160, 255}; |
2476 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) { | 2551 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) { |
2477 unsigned wrong_tag_size_bits = kAlternateTagLengths[tag_i]; | 2552 unsigned wrong_tag_size_bits = kAlternateTagLengths[tag_i]; |
2478 if (test_tag_size_bits == wrong_tag_size_bits) | 2553 if (test_tag_size_bits == wrong_tag_size_bits) |
2479 continue; | 2554 continue; |
2480 EXPECT_FALSE(AesGcmDecrypt(key, test_iv, test_additional_data, | 2555 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, |
2481 wrong_tag_size_bits, test_cipher_text, | 2556 wrong_tag_size_bits, test_cipher_text, |
2482 test_authentication_tag, &plain_text)); | 2557 test_authentication_tag, &plain_text)); |
2483 } | 2558 } |
2484 } | 2559 } |
2485 } | 2560 } |
2486 | 2561 |
2487 } // namespace content | 2562 } // namespace content |
OLD | NEW |