OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
18 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
19 #include "base/values.h" | 19 #include "base/values.h" |
20 #include "content/public/common/content_paths.h" | 20 #include "content/public/common/content_paths.h" |
21 #include "content/public/renderer/content_renderer_client.h" | 21 #include "content/public/renderer/content_renderer_client.h" |
22 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 22 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
| 23 #include "content/renderer/webcrypto/crypto_data.h" |
23 #include "content/renderer/webcrypto/webcrypto_util.h" | 24 #include "content/renderer/webcrypto/webcrypto_util.h" |
24 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
25 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 29 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
29 #include "third_party/re2/re2/re2.h" | 30 #include "third_party/re2/re2/re2.h" |
30 | 31 |
31 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
32 // the tests: http://crbug.com/267888 | 33 // the tests: http://crbug.com/267888 |
33 #if defined(USE_OPENSSL) | 34 #if defined(USE_OPENSSL) |
34 #define MAYBE(test_name) DISABLED_##test_name | 35 #define MAYBE(test_name) DISABLED_##test_name |
35 #else | 36 #else |
36 #define MAYBE(test_name) test_name | 37 #define MAYBE(test_name) test_name |
37 #endif | 38 #endif |
38 | 39 |
39 // Helper macros to verify the value of a Status. | 40 // Helper macros to verify the value of a Status. |
40 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) | 41 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) |
41 #define EXPECT_STATUS(expected, code) \ | 42 #define EXPECT_STATUS(expected, code) \ |
42 EXPECT_EQ(expected.ToString(), (code).ToString()) | 43 EXPECT_EQ(expected.ToString(), (code).ToString()) |
43 #define ASSERT_STATUS(expected, code) \ | 44 #define ASSERT_STATUS(expected, code) \ |
44 ASSERT_EQ(expected.ToString(), (code).ToString()) | 45 ASSERT_EQ(expected.ToString(), (code).ToString()) |
45 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) | 46 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) |
46 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) | 47 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) |
47 | 48 |
48 namespace content { | 49 namespace content { |
49 | 50 |
50 using webcrypto::Status; | 51 namespace webcrypto { |
51 | 52 |
52 namespace { | 53 namespace { |
53 | 54 |
54 // Returns a slightly modified version of the input vector. | 55 // Returns a slightly modified version of the input vector. |
55 // | 56 // |
56 // - For non-empty inputs a single bit is inverted. | 57 // - For non-empty inputs a single bit is inverted. |
57 // - For empty inputs, a byte is added. | 58 // - For empty inputs, a byte is added. |
58 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { | 59 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { |
59 std::vector<uint8> corrupted_data(input); | 60 std::vector<uint8> corrupted_data(input); |
60 if (corrupted_data.empty()) | 61 if (corrupted_data.empty()) |
61 corrupted_data.push_back(0); | 62 corrupted_data.push_back(0); |
62 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 63 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
63 return corrupted_data; | 64 return corrupted_data; |
64 } | 65 } |
65 | 66 |
66 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 67 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
67 std::vector<uint8> bytes; | 68 std::vector<uint8> bytes; |
68 base::HexStringToBytes(hex, &bytes); | 69 base::HexStringToBytes(hex, &bytes); |
69 return bytes; | 70 return bytes; |
70 } | 71 } |
71 | 72 |
72 void ExpectArrayBufferMatches(const std::vector<uint8>& expected, | 73 void ExpectCryptoDataMatches(const CryptoData& expected, |
73 const blink::WebArrayBuffer& actual) { | 74 const CryptoData& actual) { |
74 EXPECT_EQ( | 75 EXPECT_EQ(base::HexEncode(expected.bytes(), expected.byte_length()), |
75 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | 76 base::HexEncode(actual.bytes(), actual.byte_length())); |
76 base::HexEncode(actual.data(), actual.byteLength())); | |
77 } | 77 } |
78 | 78 |
79 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 79 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, |
80 const blink::WebArrayBuffer& array_buffer) { | 80 const CryptoData& actual) { |
81 EXPECT_STRCASEEQ( | 81 EXPECT_STRCASEEQ( |
82 expected_hex.c_str(), | 82 expected_hex.c_str(), |
83 base::HexEncode(array_buffer.data(), array_buffer.byteLength()).c_str()); | 83 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); |
84 } | |
85 | |
86 void ExpectVectorMatches(const std::vector<uint8>& expected, | |
87 const std::vector<uint8>& actual) { | |
88 EXPECT_EQ( | |
89 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | |
90 base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size())); | |
91 } | 84 } |
92 | 85 |
93 std::vector<uint8> MakeJsonVector(const std::string& json_string) { | 86 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
94 return std::vector<uint8>(json_string.begin(), json_string.end()); | 87 return std::vector<uint8>(json_string.begin(), json_string.end()); |
95 } | 88 } |
96 | 89 |
97 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { | 90 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
98 std::string json; | 91 std::string json; |
99 base::JSONWriter::Write(&dict, &json); | 92 base::JSONWriter::Write(&dict, &json); |
100 return MakeJsonVector(json); | 93 return MakeJsonVector(json); |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
191 } kDigestNameToId[] = { | 184 } kDigestNameToId[] = { |
192 {"sha-1", blink::WebCryptoAlgorithmIdSha1}, | 185 {"sha-1", blink::WebCryptoAlgorithmIdSha1}, |
193 {"sha-224", blink::WebCryptoAlgorithmIdSha224}, | 186 {"sha-224", blink::WebCryptoAlgorithmIdSha224}, |
194 {"sha-256", blink::WebCryptoAlgorithmIdSha256}, | 187 {"sha-256", blink::WebCryptoAlgorithmIdSha256}, |
195 {"sha-384", blink::WebCryptoAlgorithmIdSha384}, | 188 {"sha-384", blink::WebCryptoAlgorithmIdSha384}, |
196 {"sha-512", blink::WebCryptoAlgorithmIdSha512}, | 189 {"sha-512", blink::WebCryptoAlgorithmIdSha512}, |
197 }; | 190 }; |
198 | 191 |
199 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { | 192 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { |
200 if (kDigestNameToId[i].name == algorithm_name) | 193 if (kDigestNameToId[i].name == algorithm_name) |
201 return webcrypto::CreateAlgorithm(kDigestNameToId[i].id); | 194 return CreateAlgorithm(kDigestNameToId[i].id); |
202 } | 195 } |
203 | 196 |
204 return blink::WebCryptoAlgorithm::createNull(); | 197 return blink::WebCryptoAlgorithm::createNull(); |
205 } | 198 } |
206 | 199 |
207 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON | 200 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON |
208 // dictionary to a good state | 201 // dictionary to a good state |
209 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { | 202 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { |
210 dict->Clear(); | 203 dict->Clear(); |
211 dict->SetString("kty", "oct"); | 204 dict->SetString("kty", "oct"); |
212 dict->SetString("alg", "A128CBC"); | 205 dict->SetString("alg", "A128CBC"); |
213 dict->SetString("use", "enc"); | 206 dict->SetString("use", "enc"); |
214 dict->SetBoolean("extractable", false); | 207 dict->SetBoolean("extractable", false); |
215 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 208 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
216 } | 209 } |
217 | 210 |
218 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm( | 211 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm( |
219 const std::vector<uint8>& iv, | 212 const std::vector<uint8>& iv, |
220 const std::vector<uint8>& additional_data, | 213 const std::vector<uint8>& additional_data, |
221 unsigned int tag_length_bits) { | 214 unsigned int tag_length_bits) { |
222 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 215 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
223 blink::WebCryptoAlgorithmIdAesGcm, | 216 blink::WebCryptoAlgorithmIdAesGcm, |
224 new blink::WebCryptoAesGcmParams( | 217 new blink::WebCryptoAesGcmParams( |
225 webcrypto::Uint8VectorStart(iv), iv.size(), | 218 Uint8VectorStart(iv), iv.size(), |
226 true, | 219 true, |
227 webcrypto::Uint8VectorStart(additional_data), | 220 Uint8VectorStart(additional_data), |
228 additional_data.size(), | 221 additional_data.size(), |
229 true, tag_length_bits)); | 222 true, tag_length_bits)); |
230 } | 223 } |
231 | 224 |
232 // Helper for ImportJwkRsaFailures. Restores the JWK JSON | 225 // Helper for ImportJwkRsaFailures. Restores the JWK JSON |
233 // dictionary to a good state | 226 // dictionary to a good state |
234 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { | 227 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { |
235 dict->Clear(); | 228 dict->Clear(); |
236 dict->SetString("kty", "RSA"); | 229 dict->SetString("kty", "RSA"); |
237 dict->SetString("alg", "RSA1_5"); | 230 dict->SetString("alg", "RSA1_5"); |
238 dict->SetString("use", "enc"); | 231 dict->SetString("use", "enc"); |
239 dict->SetBoolean("extractable", false); | 232 dict->SetBoolean("extractable", false); |
240 dict->SetString("n", | 233 dict->SetString("n", |
241 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 234 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
242 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 235 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
243 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 236 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
244 dict->SetString("e", "AQAB"); | 237 dict->SetString("e", "AQAB"); |
245 } | 238 } |
246 | 239 |
247 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( | 240 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( |
248 blink::WebCryptoAlgorithmId algorithm_id, | 241 blink::WebCryptoAlgorithmId algorithm_id, |
249 blink::WebCryptoAlgorithmId hash_id) { | 242 blink::WebCryptoAlgorithmId hash_id) { |
250 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 243 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
251 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 244 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
252 DCHECK(webcrypto::IsHashAlgorithm(hash_id)); | 245 DCHECK(IsHashAlgorithm(hash_id)); |
253 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 246 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
254 algorithm_id, | 247 algorithm_id, |
255 new blink::WebCryptoRsaSsaParams(webcrypto::CreateAlgorithm(hash_id))); | 248 new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); |
256 } | 249 } |
257 | 250 |
258 // Determines if two ArrayBuffers have identical content. | 251 // Determines if two ArrayBuffers have identical content. |
259 bool ArrayBuffersEqual( | 252 bool ArrayBuffersEqual( |
260 const blink::WebArrayBuffer& a, | 253 const blink::WebArrayBuffer& a, |
261 const blink::WebArrayBuffer& b) { | 254 const blink::WebArrayBuffer& b) { |
262 return a.byteLength() == b.byteLength() && | 255 return a.byteLength() == b.byteLength() && |
263 memcmp(a.data(), b.data(), a.byteLength()) == 0; | 256 memcmp(a.data(), b.data(), a.byteLength()) == 0; |
264 } | 257 } |
265 | 258 |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
328 "3fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc72" | 321 "3fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc72" |
329 "3e6963364a1f9425452b269a6799fd024028fa13938655be1f8a159cbaca" | 322 "3e6963364a1f9425452b269a6799fd024028fa13938655be1f8a159cbaca" |
330 "5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8d" | 323 "5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8d" |
331 "d3ede2448328f385d81b30e8e43b2fffa02786197902401a8b38f398fa71" | 324 "d3ede2448328f385d81b30e8e43b2fffa02786197902401a8b38f398fa71" |
332 "2049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd" | 325 "2049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd" |
333 "48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729024027" | 326 "48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729024027" |
334 "156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319" | 327 "156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319" |
335 "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24" | 328 "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24" |
336 "a79f4d"; | 329 "a79f4d"; |
337 | 330 |
| 331 class SharedCryptoTest : public testing::Test { |
| 332 protected: |
| 333 virtual void SetUp() OVERRIDE { |
| 334 Init(); |
| 335 } |
| 336 }; |
| 337 |
| 338 blink::WebCryptoKey ImportSecretKeyFromRaw( |
| 339 const std::vector<uint8>& key_raw, |
| 340 const blink::WebCryptoAlgorithm& algorithm, |
| 341 blink::WebCryptoKeyUsageMask usage) { |
| 342 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 343 bool extractable = true; |
| 344 EXPECT_STATUS_SUCCESS( |
| 345 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 346 key_raw, |
| 347 algorithm, |
| 348 extractable, |
| 349 usage, |
| 350 &key)); |
| 351 |
| 352 EXPECT_FALSE(key.isNull()); |
| 353 EXPECT_TRUE(key.handle()); |
| 354 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
| 355 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
| 356 EXPECT_EQ(extractable, key.extractable()); |
| 357 EXPECT_EQ(usage, key.usages()); |
| 358 return key; |
| 359 } |
| 360 |
| 361 void ImportRsaKeyPair( |
| 362 const std::vector<uint8>& spki_der, |
| 363 const std::vector<uint8>& pkcs8_der, |
| 364 const blink::WebCryptoAlgorithm& algorithm, |
| 365 bool extractable, |
| 366 blink::WebCryptoKeyUsageMask usage_mask, |
| 367 blink::WebCryptoKey* public_key, |
| 368 blink::WebCryptoKey* private_key) { |
| 369 EXPECT_STATUS_SUCCESS(ImportKey( |
| 370 blink::WebCryptoKeyFormatSpki, |
| 371 spki_der, |
| 372 algorithm, |
| 373 true, |
| 374 usage_mask, |
| 375 public_key)); |
| 376 EXPECT_FALSE(public_key->isNull()); |
| 377 EXPECT_TRUE(public_key->handle()); |
| 378 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); |
| 379 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); |
| 380 EXPECT_EQ(extractable, extractable); |
| 381 EXPECT_EQ(usage_mask, public_key->usages()); |
| 382 |
| 383 EXPECT_STATUS_SUCCESS(ImportKey( |
| 384 blink::WebCryptoKeyFormatPkcs8, |
| 385 pkcs8_der, |
| 386 algorithm, |
| 387 extractable, |
| 388 usage_mask, |
| 389 private_key)); |
| 390 EXPECT_FALSE(private_key->isNull()); |
| 391 EXPECT_TRUE(private_key->handle()); |
| 392 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); |
| 393 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); |
| 394 EXPECT_EQ(extractable, extractable); |
| 395 EXPECT_EQ(usage_mask, private_key->usages()); |
| 396 } |
| 397 |
| 398 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
| 399 // runtime dependency. Test it by trying to import a key. |
| 400 bool SupportsAesGcm() { |
| 401 std::vector<uint8> key_raw(16, 0); |
| 402 |
| 403 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 404 Status status = ImportKey( |
| 405 blink::WebCryptoKeyFormatRaw, |
| 406 key_raw, |
| 407 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
| 408 true, |
| 409 blink::WebCryptoKeyUsageEncrypt, |
| 410 &key); |
| 411 |
| 412 if (status.IsError()) |
| 413 EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString()); |
| 414 return status.IsSuccess(); |
| 415 } |
| 416 |
| 417 Status AesGcmEncrypt(const blink::WebCryptoKey& key, |
| 418 const std::vector<uint8>& iv, |
| 419 const std::vector<uint8>& additional_data, |
| 420 unsigned int tag_length_bits, |
| 421 const std::vector<uint8>& plain_text, |
| 422 std::vector<uint8>* cipher_text, |
| 423 std::vector<uint8>* authentication_tag) { |
| 424 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
| 425 iv, additional_data, tag_length_bits); |
| 426 |
| 427 blink::WebArrayBuffer output; |
| 428 Status status = Encrypt(algorithm, key, plain_text, &output); |
| 429 if (status.IsError()) |
| 430 return status; |
| 431 |
| 432 if (output.byteLength() * 8 < tag_length_bits) { |
| 433 EXPECT_TRUE(false); |
| 434 return Status::Error(); |
| 435 } |
| 436 |
| 437 // The encryption result is cipher text with authentication tag appended. |
| 438 cipher_text->assign( |
| 439 static_cast<uint8*>(output.data()), |
| 440 static_cast<uint8*>(output.data()) + |
| 441 (output.byteLength() - tag_length_bits / 8)); |
| 442 authentication_tag->assign( |
| 443 static_cast<uint8*>(output.data()) + cipher_text->size(), |
| 444 static_cast<uint8*>(output.data()) + output.byteLength()); |
| 445 |
| 446 return Status::Success(); |
| 447 } |
| 448 |
| 449 Status AesGcmDecrypt(const blink::WebCryptoKey& key, |
| 450 const std::vector<uint8>& iv, |
| 451 const std::vector<uint8>& additional_data, |
| 452 unsigned int tag_length_bits, |
| 453 const std::vector<uint8>& cipher_text, |
| 454 const std::vector<uint8>& authentication_tag, |
| 455 blink::WebArrayBuffer* plain_text) { |
| 456 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
| 457 iv, additional_data, tag_length_bits); |
| 458 |
| 459 // Join cipher text and authentication tag. |
| 460 std::vector<uint8> cipher_text_with_tag; |
| 461 cipher_text_with_tag.reserve( |
| 462 cipher_text.size() + authentication_tag.size()); |
| 463 cipher_text_with_tag.insert( |
| 464 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); |
| 465 cipher_text_with_tag.insert( |
| 466 cipher_text_with_tag.end(), authentication_tag.begin(), |
| 467 authentication_tag.end()); |
| 468 |
| 469 return Decrypt(algorithm, key, cipher_text_with_tag, plain_text); |
| 470 } |
| 471 |
338 } // namespace | 472 } // namespace |
339 | 473 |
340 class WebCryptoImplTest : public testing::Test { | 474 TEST_F(SharedCryptoTest, StatusToString) { |
341 protected: | |
342 blink::WebCryptoKey ImportSecretKeyFromRaw( | |
343 const std::vector<uint8>& key_raw, | |
344 const blink::WebCryptoAlgorithm& algorithm, | |
345 blink::WebCryptoKeyUsageMask usage) { | |
346 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
347 bool extractable = true; | |
348 EXPECT_STATUS_SUCCESS( | |
349 crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | |
350 webcrypto::Uint8VectorStart(key_raw), | |
351 key_raw.size(), | |
352 algorithm, | |
353 extractable, | |
354 usage, | |
355 &key)); | |
356 | |
357 EXPECT_FALSE(key.isNull()); | |
358 EXPECT_TRUE(key.handle()); | |
359 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
360 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | |
361 EXPECT_EQ(extractable, key.extractable()); | |
362 EXPECT_EQ(usage, key.usages()); | |
363 return key; | |
364 } | |
365 | |
366 void ImportRsaKeyPair( | |
367 const std::vector<uint8>& spki_der, | |
368 const std::vector<uint8>& pkcs8_der, | |
369 const blink::WebCryptoAlgorithm& algorithm, | |
370 bool extractable, | |
371 blink::WebCryptoKeyUsageMask usage_mask, | |
372 blink::WebCryptoKey* public_key, | |
373 blink::WebCryptoKey* private_key) { | |
374 EXPECT_STATUS_SUCCESS(ImportKeyInternal( | |
375 blink::WebCryptoKeyFormatSpki, | |
376 spki_der, | |
377 algorithm, | |
378 true, | |
379 usage_mask, | |
380 public_key)); | |
381 EXPECT_FALSE(public_key->isNull()); | |
382 EXPECT_TRUE(public_key->handle()); | |
383 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); | |
384 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); | |
385 EXPECT_EQ(extractable, extractable); | |
386 EXPECT_EQ(usage_mask, public_key->usages()); | |
387 | |
388 EXPECT_STATUS_SUCCESS(ImportKeyInternal( | |
389 blink::WebCryptoKeyFormatPkcs8, | |
390 pkcs8_der, | |
391 algorithm, | |
392 extractable, | |
393 usage_mask, | |
394 private_key)); | |
395 EXPECT_FALSE(private_key->isNull()); | |
396 EXPECT_TRUE(private_key->handle()); | |
397 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); | |
398 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); | |
399 EXPECT_EQ(extractable, extractable); | |
400 EXPECT_EQ(usage_mask, private_key->usages()); | |
401 } | |
402 | |
403 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a | |
404 // runtime dependency. Test it by trying to import a key. | |
405 bool SupportsAesGcm() { | |
406 std::vector<uint8> key_raw(16, 0); | |
407 | |
408 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
409 Status status = crypto_.ImportKeyInternal( | |
410 blink::WebCryptoKeyFormatRaw, | |
411 webcrypto::Uint8VectorStart(key_raw), | |
412 key_raw.size(), | |
413 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | |
414 true, | |
415 blink::WebCryptoKeyUsageEncrypt, | |
416 &key); | |
417 | |
418 if (status.IsError()) | |
419 EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString()); | |
420 return status.IsSuccess(); | |
421 | |
422 } | |
423 | |
424 Status AesGcmEncrypt(const blink::WebCryptoKey& key, | |
425 const std::vector<uint8>& iv, | |
426 const std::vector<uint8>& additional_data, | |
427 unsigned int tag_length_bits, | |
428 const std::vector<uint8>& plain_text, | |
429 std::vector<uint8>* cipher_text, | |
430 std::vector<uint8>* authentication_tag) { | |
431 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( | |
432 iv, additional_data, tag_length_bits); | |
433 | |
434 blink::WebArrayBuffer output; | |
435 Status status = EncryptInternal(algorithm, key, plain_text, &output); | |
436 if (status.IsError()) | |
437 return status; | |
438 | |
439 if (output.byteLength() * 8 < tag_length_bits) { | |
440 EXPECT_TRUE(false); | |
441 return Status::Error(); | |
442 } | |
443 | |
444 // The encryption result is cipher text with authentication tag appended. | |
445 cipher_text->assign( | |
446 static_cast<uint8*>(output.data()), | |
447 static_cast<uint8*>(output.data()) + | |
448 (output.byteLength() - tag_length_bits / 8)); | |
449 authentication_tag->assign( | |
450 static_cast<uint8*>(output.data()) + cipher_text->size(), | |
451 static_cast<uint8*>(output.data()) + output.byteLength()); | |
452 | |
453 return Status::Success(); | |
454 } | |
455 | |
456 Status AesGcmDecrypt(const blink::WebCryptoKey& key, | |
457 const std::vector<uint8>& iv, | |
458 const std::vector<uint8>& additional_data, | |
459 unsigned int tag_length_bits, | |
460 const std::vector<uint8>& cipher_text, | |
461 const std::vector<uint8>& authentication_tag, | |
462 blink::WebArrayBuffer* plain_text) { | |
463 blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( | |
464 iv, additional_data, tag_length_bits); | |
465 | |
466 // Join cipher text and authentication tag. | |
467 std::vector<uint8> cipher_text_with_tag; | |
468 cipher_text_with_tag.reserve( | |
469 cipher_text.size() + authentication_tag.size()); | |
470 cipher_text_with_tag.insert( | |
471 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); | |
472 cipher_text_with_tag.insert( | |
473 cipher_text_with_tag.end(), authentication_tag.begin(), | |
474 authentication_tag.end()); | |
475 | |
476 return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text); | |
477 } | |
478 | |
479 // Forwarding methods to gain access to protected methods of | |
480 // WebCryptoImpl. | |
481 | |
482 Status DigestInternal( | |
483 const blink::WebCryptoAlgorithm& algorithm, | |
484 const std::vector<uint8>& data, | |
485 blink::WebArrayBuffer* buffer) { | |
486 return crypto_.DigestInternal( | |
487 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); | |
488 } | |
489 | |
490 Status GenerateKeyInternal( | |
491 const blink::WebCryptoAlgorithm& algorithm, | |
492 blink::WebCryptoKey* key) { | |
493 bool extractable = true; | |
494 blink::WebCryptoKeyUsageMask usage_mask = 0; | |
495 return crypto_.GenerateSecretKeyInternal( | |
496 algorithm, extractable, usage_mask, key); | |
497 } | |
498 | |
499 Status GenerateKeyPairInternal( | |
500 const blink::WebCryptoAlgorithm& algorithm, | |
501 bool extractable, | |
502 blink::WebCryptoKeyUsageMask usage_mask, | |
503 blink::WebCryptoKey* public_key, | |
504 blink::WebCryptoKey* private_key) { | |
505 return crypto_.GenerateKeyPairInternal( | |
506 algorithm, extractable, usage_mask, public_key, private_key); | |
507 } | |
508 | |
509 Status ImportKeyInternal( | |
510 blink::WebCryptoKeyFormat format, | |
511 const std::vector<uint8>& key_data, | |
512 const blink::WebCryptoAlgorithm& algorithm, | |
513 bool extractable, | |
514 blink::WebCryptoKeyUsageMask usage_mask, | |
515 blink::WebCryptoKey* key) { | |
516 return crypto_.ImportKeyInternal(format, | |
517 webcrypto::Uint8VectorStart(key_data), | |
518 key_data.size(), | |
519 algorithm, | |
520 extractable, | |
521 usage_mask, | |
522 key); | |
523 } | |
524 | |
525 Status ExportKeyInternal( | |
526 blink::WebCryptoKeyFormat format, | |
527 const blink::WebCryptoKey& key, | |
528 blink::WebArrayBuffer* buffer) { | |
529 return crypto_.ExportKeyInternal(format, key, buffer); | |
530 } | |
531 | |
532 Status SignInternal( | |
533 const blink::WebCryptoAlgorithm& algorithm, | |
534 const blink::WebCryptoKey& key, | |
535 const std::vector<uint8>& data, | |
536 blink::WebArrayBuffer* buffer) { | |
537 return crypto_.SignInternal( | |
538 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | |
539 } | |
540 | |
541 Status VerifySignatureInternal( | |
542 const blink::WebCryptoAlgorithm& algorithm, | |
543 const blink::WebCryptoKey& key, | |
544 const unsigned char* signature, | |
545 unsigned int signature_size, | |
546 const std::vector<uint8>& data, | |
547 bool* signature_match) { | |
548 return crypto_.VerifySignatureInternal(algorithm, | |
549 key, | |
550 signature, | |
551 signature_size, | |
552 webcrypto::Uint8VectorStart(data), | |
553 data.size(), | |
554 signature_match); | |
555 } | |
556 | |
557 Status VerifySignatureInternal( | |
558 const blink::WebCryptoAlgorithm& algorithm, | |
559 const blink::WebCryptoKey& key, | |
560 const std::vector<uint8>& signature, | |
561 const std::vector<uint8>& data, | |
562 bool* signature_match) { | |
563 return crypto_.VerifySignatureInternal( | |
564 algorithm, | |
565 key, | |
566 webcrypto::Uint8VectorStart(signature), | |
567 signature.size(), | |
568 webcrypto::Uint8VectorStart(data), | |
569 data.size(), | |
570 signature_match); | |
571 } | |
572 | |
573 Status EncryptInternal( | |
574 const blink::WebCryptoAlgorithm& algorithm, | |
575 const blink::WebCryptoKey& key, | |
576 const unsigned char* data, | |
577 unsigned int data_size, | |
578 blink::WebArrayBuffer* buffer) { | |
579 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); | |
580 } | |
581 | |
582 Status EncryptInternal( | |
583 const blink::WebCryptoAlgorithm& algorithm, | |
584 const blink::WebCryptoKey& key, | |
585 const std::vector<uint8>& data, | |
586 blink::WebArrayBuffer* buffer) { | |
587 return crypto_.EncryptInternal( | |
588 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | |
589 } | |
590 | |
591 Status DecryptInternal( | |
592 const blink::WebCryptoAlgorithm& algorithm, | |
593 const blink::WebCryptoKey& key, | |
594 const unsigned char* data, | |
595 unsigned int data_size, | |
596 blink::WebArrayBuffer* buffer) { | |
597 return crypto_.DecryptInternal(algorithm, key, data, data_size, buffer); | |
598 } | |
599 | |
600 Status DecryptInternal( | |
601 const blink::WebCryptoAlgorithm& algorithm, | |
602 const blink::WebCryptoKey& key, | |
603 const std::vector<uint8>& data, | |
604 blink::WebArrayBuffer* buffer) { | |
605 return crypto_.DecryptInternal( | |
606 algorithm, key, webcrypto::Uint8VectorStart(data), data.size(), buffer); | |
607 } | |
608 | |
609 Status ImportKeyJwk( | |
610 const std::vector<uint8>& key_data, | |
611 const blink::WebCryptoAlgorithm& algorithm, | |
612 bool extractable, | |
613 blink::WebCryptoKeyUsageMask usage_mask, | |
614 blink::WebCryptoKey* key) { | |
615 return crypto_.ImportKeyJwk(webcrypto::Uint8VectorStart(key_data), | |
616 key_data.size(), | |
617 algorithm, | |
618 extractable, | |
619 usage_mask, | |
620 key); | |
621 } | |
622 | |
623 private: | |
624 WebCryptoImpl crypto_; | |
625 }; | |
626 | |
627 TEST_F(WebCryptoImplTest, StatusToString) { | |
628 EXPECT_EQ("Success", Status::Success().ToString()); | 475 EXPECT_EQ("Success", Status::Success().ToString()); |
629 EXPECT_EQ("", Status::Error().ToString()); | 476 EXPECT_EQ("", Status::Error().ToString()); |
630 EXPECT_EQ("The requested operation is unsupported", | 477 EXPECT_EQ("The requested operation is unsupported", |
631 Status::ErrorUnsupported().ToString()); | 478 Status::ErrorUnsupported().ToString()); |
632 EXPECT_EQ("The required JWK property \"kty\" was missing", | 479 EXPECT_EQ("The required JWK property \"kty\" was missing", |
633 Status::ErrorJwkPropertyMissing("kty").ToString()); | 480 Status::ErrorJwkPropertyMissing("kty").ToString()); |
634 EXPECT_EQ("The JWK property \"kty\" must be a string", | 481 EXPECT_EQ("The JWK property \"kty\" must be a string", |
635 Status::ErrorJwkPropertyWrongType("kty", "string").ToString()); | 482 Status::ErrorJwkPropertyWrongType("kty", "string").ToString()); |
636 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", | 483 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", |
637 Status::ErrorJwkBase64Decode("n").ToString()); | 484 Status::ErrorJwkBase64Decode("n").ToString()); |
638 } | 485 } |
639 | 486 |
640 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 487 TEST_F(SharedCryptoTest, DigestSampleSets) { |
641 scoped_ptr<base::ListValue> tests; | 488 scoped_ptr<base::ListValue> tests; |
642 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); | 489 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); |
643 | 490 |
644 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 491 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
645 SCOPED_TRACE(test_index); | 492 SCOPED_TRACE(test_index); |
646 base::DictionaryValue* test; | 493 base::DictionaryValue* test; |
647 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 494 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
648 | 495 |
649 blink::WebCryptoAlgorithm test_algorithm = | 496 blink::WebCryptoAlgorithm test_algorithm = |
650 GetDigestAlgorithm(test, "algorithm"); | 497 GetDigestAlgorithm(test, "algorithm"); |
651 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); | 498 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); |
652 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); | 499 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); |
653 | 500 |
654 blink::WebArrayBuffer output; | 501 blink::WebArrayBuffer output; |
655 ASSERT_STATUS_SUCCESS(DigestInternal(test_algorithm, test_input, &output)); | 502 ASSERT_STATUS_SUCCESS(Digest(test_algorithm, test_input, &output)); |
656 ExpectArrayBufferMatches(test_output, output); | 503 ExpectCryptoDataMatches(test_output, output); |
657 } | 504 } |
658 } | 505 } |
659 | 506 |
660 TEST_F(WebCryptoImplTest, HMACSampleSets) { | 507 TEST_F(SharedCryptoTest, HMACSampleSets) { |
661 scoped_ptr<base::ListValue> tests; | 508 scoped_ptr<base::ListValue> tests; |
662 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); | 509 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); |
663 | 510 |
664 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 511 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
665 SCOPED_TRACE(test_index); | 512 SCOPED_TRACE(test_index); |
666 base::DictionaryValue* test; | 513 base::DictionaryValue* test; |
667 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 514 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
668 | 515 |
669 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); | 516 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); |
670 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 517 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
671 const std::vector<uint8> test_message = | 518 const std::vector<uint8> test_message = |
672 GetBytesFromHexString(test, "message"); | 519 GetBytesFromHexString(test, "message"); |
673 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); | 520 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); |
674 | 521 |
675 blink::WebCryptoAlgorithm algorithm = | 522 blink::WebCryptoAlgorithm algorithm = |
676 webcrypto::CreateHmacAlgorithmByHashId(test_hash.id()); | 523 CreateHmacAlgorithmByHashId(test_hash.id()); |
677 | 524 |
678 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 525 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
679 test_key, algorithm, blink::WebCryptoKeyUsageSign); | 526 test_key, |
| 527 algorithm, |
| 528 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); |
680 | 529 |
681 // Verify exported raw key is identical to the imported data | 530 // Verify exported raw key is identical to the imported data |
682 blink::WebArrayBuffer raw_key; | 531 blink::WebArrayBuffer raw_key; |
683 EXPECT_STATUS_SUCCESS( | 532 EXPECT_STATUS_SUCCESS( |
684 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 533 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
685 ExpectArrayBufferMatches(test_key, raw_key); | 534 ExpectCryptoDataMatches(test_key, raw_key); |
686 | 535 |
687 blink::WebArrayBuffer output; | 536 blink::WebArrayBuffer output; |
688 | 537 |
689 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, test_message, &output)); | 538 ASSERT_STATUS_SUCCESS(Sign(algorithm, key, test_message, &output)); |
690 | 539 |
691 ExpectArrayBufferMatches(test_mac, output); | 540 ExpectCryptoDataMatches(test_mac, output); |
692 | 541 |
693 bool signature_match = false; | 542 bool signature_match = false; |
694 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 543 EXPECT_STATUS_SUCCESS(VerifySignature( |
695 algorithm, | 544 algorithm, |
696 key, | 545 key, |
697 static_cast<const unsigned char*>(output.data()), | 546 output, |
698 output.byteLength(), | |
699 test_message, | 547 test_message, |
700 &signature_match)); | 548 &signature_match)); |
701 EXPECT_TRUE(signature_match); | 549 EXPECT_TRUE(signature_match); |
702 | 550 |
703 // Ensure truncated signature does not verify by passing one less byte. | 551 // Ensure truncated signature does not verify by passing one less byte. |
704 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 552 EXPECT_STATUS_SUCCESS(VerifySignature( |
705 algorithm, | 553 algorithm, |
706 key, | 554 key, |
707 static_cast<const unsigned char*>(output.data()), | 555 CryptoData(static_cast<const unsigned char*>(output.data()), |
708 output.byteLength() - 1, | 556 output.byteLength() - 1), |
709 test_message, | 557 test_message, |
710 &signature_match)); | 558 &signature_match)); |
711 EXPECT_FALSE(signature_match); | 559 EXPECT_FALSE(signature_match); |
712 | 560 |
713 // Ensure truncated signature does not verify by passing no bytes. | 561 // Ensure truncated signature does not verify by passing no bytes. |
714 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 562 EXPECT_STATUS_SUCCESS(VerifySignature( |
715 algorithm, | 563 algorithm, |
716 key, | 564 key, |
717 NULL, | 565 CryptoData(), |
718 0, | |
719 test_message, | 566 test_message, |
720 &signature_match)); | 567 &signature_match)); |
721 EXPECT_FALSE(signature_match); | 568 EXPECT_FALSE(signature_match); |
722 | 569 |
723 // Ensure extra long signature does not cause issues and fails. | 570 // Ensure extra long signature does not cause issues and fails. |
724 const unsigned char kLongSignature[1024] = { 0 }; | 571 const unsigned char kLongSignature[1024] = { 0 }; |
725 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 572 EXPECT_STATUS_SUCCESS(VerifySignature( |
726 algorithm, | 573 algorithm, |
727 key, | 574 key, |
728 kLongSignature, | 575 CryptoData(kLongSignature, sizeof(kLongSignature)), |
729 sizeof(kLongSignature), | |
730 test_message, | 576 test_message, |
731 &signature_match)); | 577 &signature_match)); |
732 EXPECT_FALSE(signature_match); | 578 EXPECT_FALSE(signature_match); |
733 } | 579 } |
734 } | 580 } |
735 | 581 |
736 TEST_F(WebCryptoImplTest, AesCbcFailures) { | 582 TEST_F(SharedCryptoTest, AesCbcFailures) { |
737 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; | 583 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; |
738 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 584 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
739 HexStringToBytes(key_hex), | 585 HexStringToBytes(key_hex), |
740 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 586 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
741 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 587 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
742 | 588 |
743 // Verify exported raw key is identical to the imported data | 589 // Verify exported raw key is identical to the imported data |
744 blink::WebArrayBuffer raw_key; | 590 blink::WebArrayBuffer raw_key; |
745 EXPECT_STATUS_SUCCESS( | 591 EXPECT_STATUS_SUCCESS( |
746 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 592 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
747 ExpectArrayBufferMatchesHex(key_hex, raw_key); | 593 ExpectCryptoDataMatchesHex(key_hex, raw_key); |
748 | 594 |
749 blink::WebArrayBuffer output; | 595 blink::WebArrayBuffer output; |
750 | 596 |
751 // Use an invalid |iv| (fewer than 16 bytes) | 597 // Use an invalid |iv| (fewer than 16 bytes) |
752 { | 598 { |
753 std::vector<uint8> input(32); | 599 std::vector<uint8> input(32); |
754 std::vector<uint8> iv; | 600 std::vector<uint8> iv; |
755 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal( | 601 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), Encrypt( |
756 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 602 CreateAesCbcAlgorithm(iv), key, input, &output)); |
757 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal( | 603 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), Decrypt( |
758 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 604 CreateAesCbcAlgorithm(iv), key, input, &output)); |
759 } | 605 } |
760 | 606 |
761 // Use an invalid |iv| (more than 16 bytes) | 607 // Use an invalid |iv| (more than 16 bytes) |
762 { | 608 { |
763 std::vector<uint8> input(32); | 609 std::vector<uint8> input(32); |
764 std::vector<uint8> iv(17); | 610 std::vector<uint8> iv(17); |
765 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal( | 611 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), Encrypt( |
766 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 612 CreateAesCbcAlgorithm(iv), key, input, &output)); |
767 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal( | 613 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), Decrypt( |
768 webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); | 614 CreateAesCbcAlgorithm(iv), key, input, &output)); |
769 } | 615 } |
770 | 616 |
771 // Give an input that is too large (would cause integer overflow when | 617 // Give an input that is too large (would cause integer overflow when |
772 // narrowing to an int). | 618 // narrowing to an int). |
773 { | 619 { |
774 std::vector<uint8> iv(16); | 620 std::vector<uint8> iv(16); |
775 | 621 |
776 // Pretend the input is large. Don't pass data pointer as NULL in case that | 622 // Pretend the input is large. Don't pass data pointer as NULL in case that |
777 // is special cased; the implementation shouldn't actually dereference the | 623 // is special cased; the implementation shouldn't actually dereference the |
778 // data. | 624 // data. |
779 const unsigned char* input = &iv[0]; | 625 CryptoData input(&iv[0], INT_MAX - 3); |
780 unsigned int input_len = INT_MAX - 3; | |
781 | 626 |
782 EXPECT_STATUS(Status::ErrorDataTooLarge(), EncryptInternal( | 627 EXPECT_STATUS(Status::ErrorDataTooLarge(), Encrypt( |
783 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 628 CreateAesCbcAlgorithm(iv), key, input, &output)); |
784 EXPECT_STATUS(Status::ErrorDataTooLarge(), DecryptInternal( | 629 EXPECT_STATUS(Status::ErrorDataTooLarge(), Decrypt( |
785 webcrypto::CreateAesCbcAlgorithm(iv), key, input, input_len, &output)); | 630 CreateAesCbcAlgorithm(iv), key, input, &output)); |
786 } | 631 } |
787 | 632 |
788 // Fail importing the key (too few bytes specified) | 633 // Fail importing the key (too few bytes specified) |
789 { | 634 { |
790 std::vector<uint8> key_raw(1); | 635 std::vector<uint8> key_raw(1); |
791 std::vector<uint8> iv(16); | 636 std::vector<uint8> iv(16); |
792 | 637 |
793 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 638 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
794 EXPECT_STATUS( | 639 EXPECT_STATUS( |
795 Status::Error(), | 640 Status::Error(), |
796 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 641 ImportKey(blink::WebCryptoKeyFormatRaw, |
797 key_raw, | 642 key_raw, |
798 webcrypto::CreateAesCbcAlgorithm(iv), | 643 CreateAesCbcAlgorithm(iv), |
799 true, | 644 true, |
800 blink::WebCryptoKeyUsageEncrypt, | 645 blink::WebCryptoKeyUsageEncrypt, |
801 &key)); | 646 &key)); |
802 } | 647 } |
803 | 648 |
804 // TODO(eroman): Enable for OpenSSL once implemented. | |
805 #if !defined(USE_OPENSSL) | |
806 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | 649 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
807 // keys). | 650 // keys). |
808 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 651 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
809 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 652 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
810 EXPECT_STATUS(Status::ErrorUnsupported(), | 653 EXPECT_STATUS(Status::ErrorUnsupported(), |
811 ExportKeyInternal(blink::WebCryptoKeyFormatPkcs8, key, &output)); | 654 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); |
812 #endif | |
813 } | 655 } |
814 | 656 |
815 TEST_F(WebCryptoImplTest, MAYBE(AesCbcSampleSets)) { | 657 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { |
816 scoped_ptr<base::ListValue> tests; | 658 scoped_ptr<base::ListValue> tests; |
817 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); | 659 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); |
818 | 660 |
819 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 661 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
820 SCOPED_TRACE(test_index); | 662 SCOPED_TRACE(test_index); |
821 base::DictionaryValue* test; | 663 base::DictionaryValue* test; |
822 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 664 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
823 | 665 |
824 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 666 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
825 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); | 667 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); |
826 std::vector<uint8> test_plain_text = | 668 std::vector<uint8> test_plain_text = |
827 GetBytesFromHexString(test, "plain_text"); | 669 GetBytesFromHexString(test, "plain_text"); |
828 std::vector<uint8> test_cipher_text = | 670 std::vector<uint8> test_cipher_text = |
829 GetBytesFromHexString(test, "cipher_text"); | 671 GetBytesFromHexString(test, "cipher_text"); |
830 | 672 |
831 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 673 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
832 test_key, | 674 test_key, |
833 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 675 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
834 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 676 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
835 | 677 |
836 // Verify exported raw key is identical to the imported data | 678 // Verify exported raw key is identical to the imported data |
837 blink::WebArrayBuffer raw_key; | 679 blink::WebArrayBuffer raw_key; |
838 EXPECT_STATUS_SUCCESS(ExportKeyInternal( | 680 EXPECT_STATUS_SUCCESS(ExportKey( |
839 blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 681 blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
840 ExpectArrayBufferMatches(test_key, raw_key); | 682 ExpectCryptoDataMatches(test_key, raw_key); |
841 | 683 |
842 blink::WebArrayBuffer output; | 684 blink::WebArrayBuffer output; |
843 | 685 |
844 // Test encryption. | 686 // Test encryption. |
845 EXPECT_STATUS( | 687 EXPECT_STATUS( |
846 Status::Success(), | 688 Status::Success(), |
847 EncryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), | 689 Encrypt(CreateAesCbcAlgorithm(test_iv), |
848 key, | 690 key, |
849 test_plain_text, | 691 test_plain_text, |
850 &output)); | 692 &output)); |
851 ExpectArrayBufferMatches(test_cipher_text, output); | 693 ExpectCryptoDataMatches(test_cipher_text, output); |
852 | 694 |
853 // Test decryption. | 695 // Test decryption. |
854 EXPECT_STATUS( | 696 EXPECT_STATUS( |
855 Status::Success(), | 697 Status::Success(), |
856 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), | 698 Decrypt(CreateAesCbcAlgorithm(test_iv), |
857 key, | 699 key, |
858 test_cipher_text, | 700 test_cipher_text, |
859 &output)); | 701 &output)); |
860 ExpectArrayBufferMatches(test_plain_text, output); | 702 ExpectCryptoDataMatches(test_plain_text, output); |
861 | 703 |
862 const unsigned int kAesCbcBlockSize = 16; | 704 const unsigned int kAesCbcBlockSize = 16; |
863 | 705 |
864 // Decrypt with a padding error by stripping the last block. This also ends | 706 // Decrypt with a padding error by stripping the last block. This also ends |
865 // up testing decryption over empty cipher text. | 707 // up testing decryption over empty cipher text. |
866 if (test_cipher_text.size() >= kAesCbcBlockSize) { | 708 if (test_cipher_text.size() >= kAesCbcBlockSize) { |
867 EXPECT_STATUS( | 709 EXPECT_STATUS( |
868 Status::Error(), | 710 Status::Error(), |
869 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), | 711 Decrypt(CreateAesCbcAlgorithm(test_iv), |
870 key, | 712 key, |
871 &test_cipher_text[0], | 713 CryptoData( |
872 test_cipher_text.size() - kAesCbcBlockSize, | 714 &test_cipher_text[0], |
873 &output)); | 715 test_cipher_text.size() - kAesCbcBlockSize), |
| 716 &output)); |
874 } | 717 } |
875 | 718 |
876 // Decrypt cipher text which is not a multiple of block size by stripping | 719 // Decrypt cipher text which is not a multiple of block size by stripping |
877 // a few bytes off the cipher text. | 720 // a few bytes off the cipher text. |
878 if (test_cipher_text.size() > 3) { | 721 if (test_cipher_text.size() > 3) { |
879 EXPECT_STATUS( | 722 EXPECT_STATUS( |
880 Status::Error(), | 723 Status::Error(), |
881 DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), | 724 Decrypt(CreateAesCbcAlgorithm(test_iv), |
882 key, | 725 key, |
883 &test_cipher_text[0], | 726 CryptoData(&test_cipher_text[0], |
884 test_cipher_text.size() - 3, | 727 test_cipher_text.size() - 3), |
885 &output)); | 728 &output)); |
886 } | 729 } |
887 } | 730 } |
888 } | 731 } |
889 | 732 |
890 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAes)) { | 733 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { |
891 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each | 734 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each |
892 // allowed key length. | 735 // allowed key length. |
893 std::vector<blink::WebCryptoAlgorithm> algorithm; | 736 std::vector<blink::WebCryptoAlgorithm> algorithm; |
894 const unsigned short kKeyLength[] = {128, 192, 256}; | 737 const unsigned short kKeyLength[] = {128, 192, 256}; |
895 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { | 738 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { |
896 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); | 739 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); |
897 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); | 740 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); |
898 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); | 741 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); |
899 } | 742 } |
900 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 743 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
901 std::vector<blink::WebArrayBuffer> keys; | 744 std::vector<blink::WebArrayBuffer> keys; |
902 blink::WebArrayBuffer key_bytes; | 745 blink::WebArrayBuffer key_bytes; |
903 for (size_t i = 0; i < algorithm.size(); ++i) { | 746 for (size_t i = 0; i < algorithm.size(); ++i) { |
904 SCOPED_TRACE(i); | 747 SCOPED_TRACE(i); |
905 // Generate a small sample of keys. | 748 // Generate a small sample of keys. |
906 keys.clear(); | 749 keys.clear(); |
907 for (int j = 0; j < 16; ++j) { | 750 for (int j = 0; j < 16; ++j) { |
908 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm[i], &key)); | 751 ASSERT_STATUS_SUCCESS(GenerateSecretKey( |
| 752 algorithm[i], true, 0, &key)); |
909 EXPECT_TRUE(key.handle()); | 753 EXPECT_TRUE(key.handle()); |
910 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 754 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
911 ASSERT_STATUS_SUCCESS( | 755 ASSERT_STATUS_SUCCESS( |
912 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | 756 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); |
913 keys.push_back(key_bytes); | 757 keys.push_back(key_bytes); |
914 } | 758 } |
915 // Ensure all entries in the key sample set are unique. This is a simplistic | 759 // Ensure all entries in the key sample set are unique. This is a simplistic |
916 // estimate of whether the generated keys appear random. | 760 // estimate of whether the generated keys appear random. |
917 EXPECT_FALSE(CopiesExist(keys)); | 761 EXPECT_FALSE(CopiesExist(keys)); |
918 } | 762 } |
919 } | 763 } |
920 | 764 |
921 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyAesBadLength)) { | 765 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { |
922 const unsigned short kKeyLen[] = {0, 127, 257}; | 766 const unsigned short kKeyLen[] = {0, 127, 257}; |
923 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 767 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
924 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { | 768 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { |
925 SCOPED_TRACE(i); | 769 SCOPED_TRACE(i); |
926 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateKeyInternal( | 770 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
927 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), &key)); | 771 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
928 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateKeyInternal( | 772 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
929 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), &key)); | 773 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
930 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateKeyInternal( | 774 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
931 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), &key)); | 775 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
932 } | 776 } |
933 } | 777 } |
934 | 778 |
935 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmac)) { | 779 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { |
936 // Generate a small sample of HMAC keys. | 780 // Generate a small sample of HMAC keys. |
937 std::vector<blink::WebArrayBuffer> keys; | 781 std::vector<blink::WebArrayBuffer> keys; |
938 for (int i = 0; i < 16; ++i) { | 782 for (int i = 0; i < 16; ++i) { |
939 blink::WebArrayBuffer key_bytes; | 783 blink::WebArrayBuffer key_bytes; |
940 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 784 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
941 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateHmacKeyGenAlgorithm( | 785 blink::WebCryptoAlgorithm algorithm = CreateHmacKeyGenAlgorithm( |
942 blink::WebCryptoAlgorithmIdSha1, 64); | 786 blink::WebCryptoAlgorithmIdSha1, 64); |
943 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); | 787 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
944 EXPECT_FALSE(key.isNull()); | 788 EXPECT_FALSE(key.isNull()); |
945 EXPECT_TRUE(key.handle()); | 789 EXPECT_TRUE(key.handle()); |
946 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 790 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
947 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 791 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
948 | 792 |
949 blink::WebArrayBuffer raw_key; | 793 blink::WebArrayBuffer raw_key; |
950 ASSERT_STATUS_SUCCESS( | 794 ASSERT_STATUS_SUCCESS( |
951 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 795 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
952 EXPECT_EQ(64U, raw_key.byteLength()); | 796 EXPECT_EQ(64U, raw_key.byteLength()); |
953 keys.push_back(raw_key); | 797 keys.push_back(raw_key); |
954 } | 798 } |
955 // Ensure all entries in the key sample set are unique. This is a simplistic | 799 // Ensure all entries in the key sample set are unique. This is a simplistic |
956 // estimate of whether the generated keys appear random. | 800 // estimate of whether the generated keys appear random. |
957 EXPECT_FALSE(CopiesExist(keys)); | 801 EXPECT_FALSE(CopiesExist(keys)); |
958 } | 802 } |
959 | 803 |
960 // If the key length is not provided, then the block size is used. | 804 // If the key length is not provided, then the block size is used. |
961 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyHmacNoLength)) { | 805 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { |
962 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 806 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
963 blink::WebCryptoAlgorithm algorithm = | 807 blink::WebCryptoAlgorithm algorithm = |
964 webcrypto::CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 808 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
965 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); | 809 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
966 EXPECT_TRUE(key.handle()); | 810 EXPECT_TRUE(key.handle()); |
967 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 811 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
968 blink::WebArrayBuffer raw_key; | 812 blink::WebArrayBuffer raw_key; |
969 ASSERT_STATUS_SUCCESS( | 813 ASSERT_STATUS_SUCCESS( |
970 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 814 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
971 EXPECT_EQ(64U, raw_key.byteLength()); | 815 EXPECT_EQ(64U, raw_key.byteLength()); |
972 | 816 |
973 // The block size for HMAC SHA-512 is larger. | 817 // The block size for HMAC SHA-512 is larger. |
974 algorithm = webcrypto::CreateHmacKeyGenAlgorithm( | 818 algorithm = CreateHmacKeyGenAlgorithm( |
975 blink::WebCryptoAlgorithmIdSha512, 0); | 819 blink::WebCryptoAlgorithmIdSha512, 0); |
976 ASSERT_STATUS_SUCCESS(GenerateKeyInternal(algorithm, &key)); | 820 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
977 ASSERT_STATUS_SUCCESS( | 821 ASSERT_STATUS_SUCCESS( |
978 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 822 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
979 EXPECT_EQ(128U, raw_key.byteLength()); | 823 EXPECT_EQ(128U, raw_key.byteLength()); |
980 } | 824 } |
981 | 825 |
982 TEST_F(WebCryptoImplTest, MAYBE(ImportSecretKeyNoAlgorithm)) { | 826 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { |
983 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 827 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
984 | 828 |
985 // This fails because the algorithm is null. | 829 // This fails because the algorithm is null. |
986 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), ImportKeyInternal( | 830 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), ImportKey( |
987 blink::WebCryptoKeyFormatRaw, | 831 blink::WebCryptoKeyFormatRaw, |
988 HexStringToBytes("00000000000000000000"), | 832 HexStringToBytes("00000000000000000000"), |
989 blink::WebCryptoAlgorithm::createNull(), | 833 blink::WebCryptoAlgorithm::createNull(), |
990 true, | 834 true, |
991 blink::WebCryptoKeyUsageEncrypt, | 835 blink::WebCryptoKeyUsageEncrypt, |
992 &key)); | 836 &key)); |
993 } | 837 } |
994 | 838 |
995 | 839 TEST_F(SharedCryptoTest, ImportJwkFailures) { |
996 TEST_F(WebCryptoImplTest, ImportJwkFailures) { | |
997 | 840 |
998 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 841 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
999 blink::WebCryptoAlgorithm algorithm = | 842 blink::WebCryptoAlgorithm algorithm = |
1000 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 843 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
1001 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 844 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1002 | 845 |
1003 // Baseline pass: each test below breaks a single item, so we start with a | 846 // Baseline pass: each test below breaks a single item, so we start with a |
1004 // passing case to make sure each failure is caused by the isolated break. | 847 // passing case to make sure each failure is caused by the isolated break. |
1005 // Each breaking subtest below resets the dictionary to this passing case when | 848 // Each breaking subtest below resets the dictionary to this passing case when |
1006 // complete. | 849 // complete. |
1007 base::DictionaryValue dict; | 850 base::DictionaryValue dict; |
1008 RestoreJwkOctDictionary(&dict); | 851 RestoreJwkOctDictionary(&dict); |
1009 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 852 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1010 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 853 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
(...skipping 16 matching lines...) Expand all Loading... |
1027 dict.SetString("alg", "A127CBC"); | 870 dict.SetString("alg", "A127CBC"); |
1028 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk( | 871 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk( |
1029 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 872 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1030 RestoreJwkOctDictionary(&dict); | 873 RestoreJwkOctDictionary(&dict); |
1031 | 874 |
1032 // Fail on both JWK and input algorithm missing. | 875 // Fail on both JWK and input algorithm missing. |
1033 dict.Remove("alg", NULL); | 876 dict.Remove("alg", NULL); |
1034 EXPECT_STATUS( | 877 EXPECT_STATUS( |
1035 Status::ErrorJwkAlgorithmMissing(), | 878 Status::ErrorJwkAlgorithmMissing(), |
1036 ImportKeyJwk(MakeJsonVector(dict), | 879 ImportKeyJwk(MakeJsonVector(dict), |
1037 blink::WebCryptoAlgorithm::createNull(), | 880 blink::WebCryptoAlgorithm::createNull(), |
1038 false, | 881 false, |
1039 usage_mask, | 882 usage_mask, |
1040 &key)); | 883 &key)); |
1041 RestoreJwkOctDictionary(&dict); | 884 RestoreJwkOctDictionary(&dict); |
1042 | 885 |
1043 // Fail on invalid kty. | 886 // Fail on invalid kty. |
1044 dict.SetString("kty", "foo"); | 887 dict.SetString("kty", "foo"); |
1045 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk( | 888 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk( |
1046 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 889 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1047 RestoreJwkOctDictionary(&dict); | 890 RestoreJwkOctDictionary(&dict); |
1048 | 891 |
1049 // Fail on missing kty. | 892 // Fail on missing kty. |
1050 dict.Remove("kty", NULL); | 893 dict.Remove("kty", NULL); |
1051 EXPECT_STATUS( | 894 EXPECT_STATUS( |
1052 Status::ErrorJwkPropertyMissing("kty"), | 895 Status::ErrorJwkPropertyMissing("kty"), |
1053 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 896 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, |
| 897 &key)); |
1054 RestoreJwkOctDictionary(&dict); | 898 RestoreJwkOctDictionary(&dict); |
1055 | 899 |
1056 // Fail on kty wrong type. | 900 // Fail on kty wrong type. |
1057 dict.SetDouble("kty", 0.1); | 901 dict.SetDouble("kty", 0.1); |
1058 EXPECT_STATUS( | 902 EXPECT_STATUS( |
1059 Status::ErrorJwkPropertyWrongType("kty", "string"), | 903 Status::ErrorJwkPropertyWrongType("kty", "string"), |
1060 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 904 ImportKeyJwk( |
| 905 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1061 RestoreJwkOctDictionary(&dict); | 906 RestoreJwkOctDictionary(&dict); |
1062 | 907 |
1063 // Fail on invalid use. | 908 // Fail on invalid use. |
1064 dict.SetString("use", "foo"); | 909 dict.SetString("use", "foo"); |
1065 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk( | 910 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk( |
1066 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 911 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1067 RestoreJwkOctDictionary(&dict); | 912 RestoreJwkOctDictionary(&dict); |
1068 | 913 |
1069 // Fail on invalid use (wrong type). | 914 // Fail on invalid use (wrong type). |
1070 dict.SetBoolean("use", true); | 915 dict.SetBoolean("use", true); |
1071 EXPECT_STATUS( | 916 EXPECT_STATUS( |
1072 Status::ErrorJwkPropertyWrongType("use", "string"), | 917 Status::ErrorJwkPropertyWrongType("use", "string"), |
1073 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 918 ImportKeyJwk( |
| 919 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1074 RestoreJwkOctDictionary(&dict); | 920 RestoreJwkOctDictionary(&dict); |
1075 | 921 |
1076 // Fail on invalid extractable (wrong type). | 922 // Fail on invalid extractable (wrong type). |
1077 dict.SetInteger("extractable", 0); | 923 dict.SetInteger("extractable", 0); |
1078 EXPECT_STATUS( | 924 EXPECT_STATUS( |
1079 Status::ErrorJwkPropertyWrongType("extractable", "boolean"), | 925 Status::ErrorJwkPropertyWrongType("extractable", "boolean"), |
1080 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 926 ImportKeyJwk( |
| 927 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1081 RestoreJwkOctDictionary(&dict); | 928 RestoreJwkOctDictionary(&dict); |
1082 } | 929 } |
1083 | 930 |
1084 TEST_F(WebCryptoImplTest, ImportJwkOctFailures) { | 931 TEST_F(SharedCryptoTest, ImportJwkOctFailures) { |
1085 | 932 |
1086 base::DictionaryValue dict; | 933 base::DictionaryValue dict; |
1087 RestoreJwkOctDictionary(&dict); | 934 RestoreJwkOctDictionary(&dict); |
1088 blink::WebCryptoAlgorithm algorithm = | 935 blink::WebCryptoAlgorithm algorithm = |
1089 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 936 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
1090 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 937 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1091 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 938 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1092 | 939 |
1093 // Baseline pass. | 940 // Baseline pass. |
1094 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 941 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1095 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 942 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1096 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 943 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
1097 EXPECT_FALSE(key.extractable()); | 944 EXPECT_FALSE(key.extractable()); |
1098 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 945 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1099 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 946 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1100 | 947 |
1101 // The following are specific failure cases for when kty = "oct". | 948 // The following are specific failure cases for when kty = "oct". |
1102 | 949 |
1103 // Fail on missing k. | 950 // Fail on missing k. |
1104 dict.Remove("k", NULL); | 951 dict.Remove("k", NULL); |
1105 EXPECT_STATUS( | 952 EXPECT_STATUS( |
1106 Status::ErrorJwkPropertyMissing("k"), | 953 Status::ErrorJwkPropertyMissing("k"), |
1107 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 954 ImportKeyJwk( |
| 955 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1108 RestoreJwkOctDictionary(&dict); | 956 RestoreJwkOctDictionary(&dict); |
1109 | 957 |
1110 // Fail on bad b64 encoding for k. | 958 // Fail on bad b64 encoding for k. |
1111 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); | 959 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); |
1112 EXPECT_STATUS( | 960 EXPECT_STATUS( |
1113 Status::ErrorJwkBase64Decode("k"), | 961 Status::ErrorJwkBase64Decode("k"), |
1114 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 962 ImportKeyJwk( |
| 963 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1115 RestoreJwkOctDictionary(&dict); | 964 RestoreJwkOctDictionary(&dict); |
1116 | 965 |
1117 // Fail on empty k. | 966 // Fail on empty k. |
1118 dict.SetString("k", ""); | 967 dict.SetString("k", ""); |
1119 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( | 968 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
1120 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 969 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1121 RestoreJwkOctDictionary(&dict); | 970 RestoreJwkOctDictionary(&dict); |
1122 | 971 |
1123 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg | 972 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
1124 // value (128) for an AES key. | 973 // value (128) for an AES key. |
1125 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); | 974 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
1126 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( | 975 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
1127 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 976 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1128 RestoreJwkOctDictionary(&dict); | 977 RestoreJwkOctDictionary(&dict); |
1129 | 978 |
1130 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg | 979 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
1131 // value (128) for an AES key. | 980 // value (128) for an AES key. |
1132 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); | 981 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
1133 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( | 982 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
1134 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 983 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1135 RestoreJwkOctDictionary(&dict); | 984 RestoreJwkOctDictionary(&dict); |
1136 } | 985 } |
1137 | 986 |
1138 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkRsaFailures)) { | 987 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
1139 | 988 |
1140 base::DictionaryValue dict; | 989 base::DictionaryValue dict; |
1141 RestoreJwkRsaDictionary(&dict); | 990 RestoreJwkRsaDictionary(&dict); |
1142 blink::WebCryptoAlgorithm algorithm = | 991 blink::WebCryptoAlgorithm algorithm = |
1143 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 992 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1144 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 993 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1145 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 994 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1146 | 995 |
1147 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) | 996 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) |
1148 // entry, while an RSA private key must have those plus at least a "d" | 997 // entry, while an RSA private key must have those plus at least a "d" |
1149 // (private exponent) entry. | 998 // (private exponent) entry. |
1150 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, | 999 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, |
1151 // section 6.3. | 1000 // section 6.3. |
1152 | 1001 |
1153 // Baseline pass. | 1002 // Baseline pass. |
(...skipping 25 matching lines...) Expand all Loading... |
1179 // Fail on empty parameter. | 1028 // Fail on empty parameter. |
1180 dict.SetString(kKtyParmName[idx], ""); | 1029 dict.SetString(kKtyParmName[idx], ""); |
1181 EXPECT_STATUS_ERROR(ImportKeyJwk( | 1030 EXPECT_STATUS_ERROR(ImportKeyJwk( |
1182 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1031 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1183 RestoreJwkRsaDictionary(&dict); | 1032 RestoreJwkRsaDictionary(&dict); |
1184 } | 1033 } |
1185 | 1034 |
1186 // Fail if "d" parameter is present, implying the JWK is a private key, which | 1035 // Fail if "d" parameter is present, implying the JWK is a private key, which |
1187 // is not supported. | 1036 // is not supported. |
1188 dict.SetString("d", "Qk3f0Dsyt"); | 1037 dict.SetString("d", "Qk3f0Dsyt"); |
1189 EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), ImportKeyJwk( | 1038 EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), |
1190 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1039 ImportKeyJwk(MakeJsonVector(dict), |
| 1040 algorithm, |
| 1041 false, |
| 1042 usage_mask, |
| 1043 &key)); |
1191 RestoreJwkRsaDictionary(&dict); | 1044 RestoreJwkRsaDictionary(&dict); |
1192 } | 1045 } |
1193 | 1046 |
1194 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkInputConsistency)) { | 1047 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
1195 // The Web Crypto spec says that if a JWK value is present, but is | 1048 // The Web Crypto spec says that if a JWK value is present, but is |
1196 // inconsistent with the input value, the operation must fail. | 1049 // inconsistent with the input value, the operation must fail. |
1197 | 1050 |
1198 // Consistency rules when JWK value is not present: Inputs should be used. | 1051 // Consistency rules when JWK value is not present: Inputs should be used. |
1199 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1052 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1200 bool extractable = false; | 1053 bool extractable = false; |
1201 blink::WebCryptoAlgorithm algorithm = | 1054 blink::WebCryptoAlgorithm algorithm = |
1202 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1055 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
1203 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; | 1056 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; |
1204 base::DictionaryValue dict; | 1057 base::DictionaryValue dict; |
1205 dict.SetString("kty", "oct"); | 1058 dict.SetString("kty", "oct"); |
1206 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1059 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1207 std::vector<uint8> json_vec = MakeJsonVector(dict); | 1060 std::vector<uint8> json_vec = MakeJsonVector(dict); |
1208 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 1061 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1209 json_vec, algorithm, extractable, usage_mask, &key)); | 1062 json_vec, algorithm, extractable, usage_mask, &key)); |
1210 EXPECT_TRUE(key.handle()); | 1063 EXPECT_TRUE(key.handle()); |
1211 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1064 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1212 EXPECT_EQ(extractable, key.extractable()); | 1065 EXPECT_EQ(extractable, key.extractable()); |
(...skipping 20 matching lines...) Expand all Loading... |
1233 // 1. input=T, JWK=F ==> fail (inconsistent) | 1086 // 1. input=T, JWK=F ==> fail (inconsistent) |
1234 // 4. input=F, JWK=F ==> pass, result extractable is F | 1087 // 4. input=F, JWK=F ==> pass, result extractable is F |
1235 // 2. input=T, JWK=T ==> pass, result extractable is T | 1088 // 2. input=T, JWK=T ==> pass, result extractable is T |
1236 // 3. input=F, JWK=T ==> pass, result extractable is F | 1089 // 3. input=F, JWK=T ==> pass, result extractable is F |
1237 EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(), | 1090 EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(), |
1238 ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); | 1091 ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); |
1239 EXPECT_STATUS_SUCCESS( | 1092 EXPECT_STATUS_SUCCESS( |
1240 ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | 1093 ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
1241 EXPECT_FALSE(key.extractable()); | 1094 EXPECT_FALSE(key.extractable()); |
1242 dict.SetBoolean("extractable", true); | 1095 dict.SetBoolean("extractable", true); |
1243 EXPECT_STATUS_SUCCESS( | 1096 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1244 ImportKeyJwk(MakeJsonVector(dict), algorithm, true, usage_mask, &key)); | 1097 MakeJsonVector(dict), algorithm, true, usage_mask, &key)); |
1245 EXPECT_TRUE(key.extractable()); | 1098 EXPECT_TRUE(key.extractable()); |
1246 EXPECT_STATUS_SUCCESS( | 1099 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1247 ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); | 1100 MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
1248 EXPECT_FALSE(key.extractable()); | 1101 EXPECT_FALSE(key.extractable()); |
1249 dict.SetBoolean("extractable", true); // restore previous value | 1102 dict.SetBoolean("extractable", true); // restore previous value |
1250 | 1103 |
1251 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | 1104 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
1252 // (HMAC SHA256). | 1105 // (HMAC SHA256). |
1253 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( | 1106 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
1254 json_vec, | 1107 json_vec, |
1255 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1108 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1256 extractable, | 1109 extractable, |
1257 usage_mask, | 1110 usage_mask, |
1258 &key)); | 1111 &key)); |
1259 | 1112 |
1260 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1113 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
1261 // (HMAC SHA256). | 1114 // (HMAC SHA256). |
1262 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( | 1115 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
1263 json_vec, | 1116 json_vec, |
1264 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), | 1117 CreateHmacAlgorithmByHashId( |
| 1118 blink::WebCryptoAlgorithmIdSha1), |
1265 extractable, | 1119 extractable, |
1266 usage_mask, | 1120 usage_mask, |
1267 &key)); | 1121 &key)); |
1268 | 1122 |
1269 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | 1123 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. |
1270 EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec, | 1124 EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec, |
1271 blink::WebCryptoAlgorithm::createNull(), | 1125 blink::WebCryptoAlgorithm::createNull(), |
1272 extractable, | 1126 extractable, |
1273 usage_mask, | 1127 usage_mask, |
1274 &key)); | 1128 &key)); |
1275 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1129 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1276 | 1130 |
1277 // Pass: JWK alg missing but input algorithm specified: use input value | 1131 // Pass: JWK alg missing but input algorithm specified: use input value |
1278 dict.Remove("alg", NULL); | 1132 dict.Remove("alg", NULL); |
1279 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 1133 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1280 MakeJsonVector(dict), | 1134 MakeJsonVector(dict), |
1281 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), | 1135 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), |
1282 extractable, | 1136 extractable, |
1283 usage_mask, | 1137 usage_mask, |
1284 &key)); | 1138 &key)); |
1285 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1139 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1286 dict.SetString("alg", "HS256"); | 1140 dict.SetString("alg", "HS256"); |
1287 | 1141 |
1288 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | 1142 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
1289 // (sign|verify) | 1143 // (sign|verify) |
1290 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk( | 1144 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk( |
1291 json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); | 1145 json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); |
1292 | 1146 |
1293 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK | 1147 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
1294 // value (sign|verify) | 1148 // value (sign|verify) |
1295 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | | 1149 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | |
1296 blink::WebCryptoKeyUsageVerify; | 1150 blink::WebCryptoKeyUsageVerify; |
1297 EXPECT_STATUS( | 1151 EXPECT_STATUS( |
1298 Status::ErrorJwkUsageInconsistent(), | 1152 Status::ErrorJwkUsageInconsistent(), |
1299 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | 1153 ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
1300 | 1154 |
1301 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, | 1155 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, |
1302 // only certain alg values are permitted. For example, when kty = "RSA" alg | 1156 // only certain alg values are permitted. For example, when kty = "RSA" alg |
1303 // must be of the RSA family, or when kty = "oct" alg must be symmetric | 1157 // must be of the RSA family, or when kty = "oct" alg must be symmetric |
1304 // algorithm. | 1158 // algorithm. |
1305 } | 1159 } |
1306 | 1160 |
1307 TEST_F(WebCryptoImplTest, MAYBE(ImportJwkHappy)) { | 1161 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { |
1308 | 1162 |
1309 // This test verifies the happy path of JWK import, including the application | 1163 // This test verifies the happy path of JWK import, including the application |
1310 // of the imported key material. | 1164 // of the imported key material. |
1311 | 1165 |
1312 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1166 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1313 bool extractable = false; | 1167 bool extractable = false; |
1314 blink::WebCryptoAlgorithm algorithm = | 1168 blink::WebCryptoAlgorithm algorithm = |
1315 webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1169 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); |
1316 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; | 1170 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; |
1317 | 1171 |
1318 // Import a symmetric key JWK and HMAC-SHA256 sign() | 1172 // Import a symmetric key JWK and HMAC-SHA256 sign() |
1319 // Uses the first SHA256 test vector from the HMAC sample set above. | 1173 // Uses the first SHA256 test vector from the HMAC sample set above. |
1320 | 1174 |
1321 base::DictionaryValue dict; | 1175 base::DictionaryValue dict; |
1322 dict.SetString("kty", "oct"); | 1176 dict.SetString("kty", "oct"); |
1323 dict.SetString("alg", "HS256"); | 1177 dict.SetString("alg", "HS256"); |
1324 dict.SetString("use", "sig"); | 1178 dict.SetString("use", "sig"); |
1325 dict.SetBoolean("extractable", false); | 1179 dict.SetBoolean("extractable", false); |
1326 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1180 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1327 std::vector<uint8> json_vec = MakeJsonVector(dict); | 1181 std::vector<uint8> json_vec = MakeJsonVector(dict); |
1328 | 1182 |
1329 ASSERT_STATUS_SUCCESS(ImportKeyJwk( | 1183 ASSERT_STATUS_SUCCESS(ImportKeyJwk( |
1330 json_vec, algorithm, extractable, usage_mask, &key)); | 1184 json_vec, algorithm, extractable, usage_mask, &key)); |
1331 | 1185 |
1332 const std::vector<uint8> message_raw = HexStringToBytes( | 1186 const std::vector<uint8> message_raw = HexStringToBytes( |
1333 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | 1187 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
1334 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | 1188 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
1335 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | 1189 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
1336 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | 1190 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
1337 | 1191 |
1338 blink::WebArrayBuffer output; | 1192 blink::WebArrayBuffer output; |
1339 | 1193 |
1340 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, key, message_raw, &output)); | 1194 ASSERT_STATUS_SUCCESS(Sign(algorithm, key, message_raw, &output)); |
1341 | 1195 |
1342 const std::string mac_raw = | 1196 const std::string mac_raw = |
1343 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1197 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1344 | 1198 |
1345 ExpectArrayBufferMatchesHex(mac_raw, output); | 1199 ExpectCryptoDataMatchesHex(mac_raw, output); |
1346 | 1200 |
1347 // TODO(padolph): Import an RSA public key JWK and use it | 1201 // TODO(padolph): Import an RSA public key JWK and use it |
1348 } | 1202 } |
1349 | 1203 |
1350 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) { | 1204 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
1351 // Passing case: Import a valid RSA key in SPKI format. | 1205 // Passing case: Import a valid RSA key in SPKI format. |
1352 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1206 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1353 ASSERT_STATUS_SUCCESS(ImportKeyInternal( | 1207 ASSERT_STATUS_SUCCESS(ImportKey( |
1354 blink::WebCryptoKeyFormatSpki, | 1208 blink::WebCryptoKeyFormatSpki, |
1355 HexStringToBytes(kPublicKeySpkiDerHex), | 1209 HexStringToBytes(kPublicKeySpkiDerHex), |
1356 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1210 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1357 true, | 1211 true, |
1358 blink::WebCryptoKeyUsageEncrypt, | 1212 blink::WebCryptoKeyUsageEncrypt, |
1359 &key)); | 1213 &key)); |
1360 EXPECT_TRUE(key.handle()); | 1214 EXPECT_TRUE(key.handle()); |
1361 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1215 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1362 EXPECT_TRUE(key.extractable()); | 1216 EXPECT_TRUE(key.extractable()); |
1363 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1217 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1364 | 1218 |
1365 // Failing case: Empty SPKI data | 1219 // Failing case: Empty SPKI data |
1366 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal( | 1220 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKey( |
1367 blink::WebCryptoKeyFormatSpki, | 1221 blink::WebCryptoKeyFormatSpki, |
1368 std::vector<uint8>(), | 1222 CryptoData(), |
1369 blink::WebCryptoAlgorithm::createNull(), | 1223 blink::WebCryptoAlgorithm::createNull(), |
1370 true, | 1224 true, |
1371 blink::WebCryptoKeyUsageEncrypt, | 1225 blink::WebCryptoKeyUsageEncrypt, |
1372 &key)); | 1226 &key)); |
1373 | 1227 |
1374 // Failing case: Import RSA key with NULL input algorithm. This is not | 1228 // Failing case: Import RSA key with NULL input algorithm. This is not |
1375 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough | 1229 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough |
1376 // to map to a Web Crypto algorithm. | 1230 // to map to a Web Crypto algorithm. |
1377 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1231 EXPECT_STATUS(Status::Error(), ImportKey( |
1378 blink::WebCryptoKeyFormatSpki, | 1232 blink::WebCryptoKeyFormatSpki, |
1379 HexStringToBytes(kPublicKeySpkiDerHex), | 1233 HexStringToBytes(kPublicKeySpkiDerHex), |
1380 blink::WebCryptoAlgorithm::createNull(), | 1234 blink::WebCryptoAlgorithm::createNull(), |
1381 true, | 1235 true, |
1382 blink::WebCryptoKeyUsageEncrypt, | 1236 blink::WebCryptoKeyUsageEncrypt, |
1383 &key)); | 1237 &key)); |
1384 | 1238 |
1385 // Failing case: Bad DER encoding. | 1239 // Failing case: Bad DER encoding. |
1386 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1240 EXPECT_STATUS(Status::Error(), ImportKey( |
1387 blink::WebCryptoKeyFormatSpki, | 1241 blink::WebCryptoKeyFormatSpki, |
1388 HexStringToBytes("618333c4cb"), | 1242 HexStringToBytes("618333c4cb"), |
1389 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1243 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1390 true, | 1244 true, |
1391 blink::WebCryptoKeyUsageEncrypt, | 1245 blink::WebCryptoKeyUsageEncrypt, |
1392 &key)); | 1246 &key)); |
1393 | 1247 |
1394 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1248 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1395 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1249 EXPECT_STATUS(Status::Error(), ImportKey( |
1396 blink::WebCryptoKeyFormatSpki, | 1250 blink::WebCryptoKeyFormatSpki, |
1397 HexStringToBytes(kPublicKeySpkiDerHex), | 1251 HexStringToBytes(kPublicKeySpkiDerHex), |
1398 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1252 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1399 true, | 1253 true, |
1400 blink::WebCryptoKeyUsageEncrypt, | 1254 blink::WebCryptoKeyUsageEncrypt, |
1401 &key)); | 1255 &key)); |
1402 | 1256 |
1403 // Passing case: Export a previously imported RSA public key in SPKI format | 1257 // Passing case: Export a previously imported RSA public key in SPKI format |
1404 // and compare to original data. | 1258 // and compare to original data. |
1405 blink::WebArrayBuffer output; | 1259 blink::WebArrayBuffer output; |
1406 ASSERT_STATUS_SUCCESS( | 1260 ASSERT_STATUS_SUCCESS( |
1407 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1261 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
1408 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); | 1262 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, output); |
1409 | 1263 |
1410 // Failing case: Try to export a previously imported RSA public key in raw | 1264 // Failing case: Try to export a previously imported RSA public key in raw |
1411 // format (not allowed for a public key). | 1265 // format (not allowed for a public key). |
1412 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 1266 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1413 ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output)); | 1267 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
1414 | 1268 |
1415 // Failing case: Try to export a non-extractable key | 1269 // Failing case: Try to export a non-extractable key |
1416 ASSERT_STATUS_SUCCESS(ImportKeyInternal( | 1270 ASSERT_STATUS_SUCCESS(ImportKey( |
1417 blink::WebCryptoKeyFormatSpki, | 1271 blink::WebCryptoKeyFormatSpki, |
1418 HexStringToBytes(kPublicKeySpkiDerHex), | 1272 HexStringToBytes(kPublicKeySpkiDerHex), |
1419 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1273 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1420 false, | 1274 false, |
1421 blink::WebCryptoKeyUsageEncrypt, | 1275 blink::WebCryptoKeyUsageEncrypt, |
1422 &key)); | 1276 &key)); |
1423 EXPECT_TRUE(key.handle()); | 1277 EXPECT_TRUE(key.handle()); |
1424 EXPECT_FALSE(key.extractable()); | 1278 EXPECT_FALSE(key.extractable()); |
1425 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), | 1279 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), |
1426 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1280 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
1427 } | 1281 } |
1428 | 1282 |
1429 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) { | 1283 TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) { |
1430 // Passing case: Import a valid RSA key in PKCS#8 format. | 1284 // Passing case: Import a valid RSA key in PKCS#8 format. |
1431 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1285 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1432 ASSERT_STATUS_SUCCESS(ImportKeyInternal( | 1286 ASSERT_STATUS_SUCCESS(ImportKey( |
1433 blink::WebCryptoKeyFormatPkcs8, | 1287 blink::WebCryptoKeyFormatPkcs8, |
1434 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1288 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1435 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1289 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1436 true, | 1290 true, |
1437 blink::WebCryptoKeyUsageSign, | 1291 blink::WebCryptoKeyUsageSign, |
1438 &key)); | 1292 &key)); |
1439 EXPECT_TRUE(key.handle()); | 1293 EXPECT_TRUE(key.handle()); |
1440 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1294 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
1441 EXPECT_TRUE(key.extractable()); | 1295 EXPECT_TRUE(key.extractable()); |
1442 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1296 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
1443 | 1297 |
1444 // Failing case: Empty PKCS#8 data | 1298 // Failing case: Empty PKCS#8 data |
1445 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal( | 1299 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKey( |
1446 blink::WebCryptoKeyFormatPkcs8, | 1300 blink::WebCryptoKeyFormatPkcs8, |
1447 std::vector<uint8>(), | 1301 std::vector<uint8>(), |
1448 blink::WebCryptoAlgorithm::createNull(), | 1302 blink::WebCryptoAlgorithm::createNull(), |
1449 true, | 1303 true, |
1450 blink::WebCryptoKeyUsageSign, | 1304 blink::WebCryptoKeyUsageSign, |
1451 &key)); | 1305 &key)); |
1452 | 1306 |
1453 // Failing case: Import RSA key with NULL input algorithm. This is not | 1307 // Failing case: Import RSA key with NULL input algorithm. This is not |
1454 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough | 1308 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough |
1455 // to map to a Web Crypto algorithm. | 1309 // to map to a Web Crypto algorithm. |
1456 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1310 EXPECT_STATUS(Status::Error(), ImportKey( |
1457 blink::WebCryptoKeyFormatPkcs8, | 1311 blink::WebCryptoKeyFormatPkcs8, |
1458 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1312 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1459 blink::WebCryptoAlgorithm::createNull(), | 1313 blink::WebCryptoAlgorithm::createNull(), |
1460 true, | 1314 true, |
1461 blink::WebCryptoKeyUsageSign, | 1315 blink::WebCryptoKeyUsageSign, |
1462 &key)); | 1316 &key)); |
1463 | 1317 |
1464 // Failing case: Bad DER encoding. | 1318 // Failing case: Bad DER encoding. |
1465 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1319 EXPECT_STATUS(Status::Error(), ImportKey( |
1466 blink::WebCryptoKeyFormatPkcs8, | 1320 blink::WebCryptoKeyFormatPkcs8, |
1467 HexStringToBytes("618333c4cb"), | 1321 HexStringToBytes("618333c4cb"), |
1468 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1322 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1469 true, | 1323 true, |
1470 blink::WebCryptoKeyUsageSign, | 1324 blink::WebCryptoKeyUsageSign, |
1471 &key)); | 1325 &key)); |
1472 | 1326 |
1473 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1327 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1474 EXPECT_STATUS(Status::Error(), ImportKeyInternal( | 1328 EXPECT_STATUS(Status::Error(), ImportKey( |
1475 blink::WebCryptoKeyFormatPkcs8, | 1329 blink::WebCryptoKeyFormatPkcs8, |
1476 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1330 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1477 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1331 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1478 true, | 1332 true, |
1479 blink::WebCryptoKeyUsageSign, | 1333 blink::WebCryptoKeyUsageSign, |
1480 &key)); | 1334 &key)); |
1481 } | 1335 } |
1482 | 1336 |
1483 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) { | 1337 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
1484 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 1338 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
1485 | 1339 |
1486 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 1340 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
1487 const unsigned int modulus_length = 256; | 1341 const unsigned int modulus_length = 256; |
1488 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 1342 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
1489 blink::WebCryptoAlgorithm algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1343 blink::WebCryptoAlgorithm algorithm = CreateRsaKeyGenAlgorithm( |
1490 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1344 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1491 modulus_length, | 1345 modulus_length, |
1492 public_exponent); | 1346 public_exponent); |
1493 bool extractable = false; | 1347 bool extractable = false; |
1494 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 1348 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
1495 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1349 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1496 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1350 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1497 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1351 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1498 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1352 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1499 EXPECT_FALSE(public_key.isNull()); | 1353 EXPECT_FALSE(public_key.isNull()); |
1500 EXPECT_FALSE(private_key.isNull()); | 1354 EXPECT_FALSE(private_key.isNull()); |
1501 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1355 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1502 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1356 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1503 EXPECT_TRUE(public_key.extractable()); | 1357 EXPECT_TRUE(public_key.extractable()); |
1504 EXPECT_EQ(extractable, private_key.extractable()); | 1358 EXPECT_EQ(extractable, private_key.extractable()); |
1505 EXPECT_EQ(usage_mask, public_key.usages()); | 1359 EXPECT_EQ(usage_mask, public_key.usages()); |
1506 EXPECT_EQ(usage_mask, private_key.usages()); | 1360 EXPECT_EQ(usage_mask, private_key.usages()); |
1507 | 1361 |
1508 // Fail with bad modulus. | 1362 // Fail with bad modulus. |
1509 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1363 algorithm = CreateRsaKeyGenAlgorithm( |
1510 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 1364 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
1511 EXPECT_STATUS(Status::ErrorGenerateRsaZeroModulus(), GenerateKeyPairInternal( | 1365 EXPECT_STATUS(Status::ErrorGenerateRsaZeroModulus(), GenerateKeyPair( |
1512 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1366 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1513 | 1367 |
1514 // Fail with bad exponent: larger than unsigned long. | 1368 // Fail with bad exponent: larger than unsigned long. |
1515 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT | 1369 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT |
1516 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 1370 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
1517 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1371 algorithm = CreateRsaKeyGenAlgorithm( |
1518 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1372 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1519 modulus_length, | 1373 modulus_length, |
1520 long_exponent); | 1374 long_exponent); |
1521 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), | 1375 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
1522 GenerateKeyPairInternal(algorithm, extractable, usage_mask, &public_key, | 1376 GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
1523 &private_key)); | 1377 &private_key)); |
1524 | 1378 |
1525 // Fail with bad exponent: empty. | 1379 // Fail with bad exponent: empty. |
1526 const std::vector<uint8> empty_exponent; | 1380 const std::vector<uint8> empty_exponent; |
1527 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1381 algorithm = CreateRsaKeyGenAlgorithm( |
1528 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1382 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1529 modulus_length, | 1383 modulus_length, |
1530 empty_exponent); | 1384 empty_exponent); |
1531 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), | 1385 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
1532 GenerateKeyPairInternal(algorithm, extractable, usage_mask, &public_key, | 1386 GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
1533 &private_key)); | 1387 &private_key)); |
1534 | 1388 |
1535 // Fail with bad exponent: all zeros. | 1389 // Fail with bad exponent: all zeros. |
1536 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 1390 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
1537 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1391 algorithm = CreateRsaKeyGenAlgorithm( |
1538 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1392 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1539 modulus_length, | 1393 modulus_length, |
1540 exponent_with_leading_zeros); | 1394 exponent_with_leading_zeros); |
1541 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), | 1395 EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
1542 GenerateKeyPairInternal(algorithm, extractable, usage_mask, &public_key, | 1396 GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
1543 &private_key)); | 1397 &private_key)); |
1544 | 1398 |
1545 // Key generation success using exponent with leading zeros. | 1399 // Key generation success using exponent with leading zeros. |
1546 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 1400 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
1547 public_exponent.begin(), | 1401 public_exponent.begin(), |
1548 public_exponent.end()); | 1402 public_exponent.end()); |
1549 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1403 algorithm = CreateRsaKeyGenAlgorithm( |
1550 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1404 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1551 modulus_length, | 1405 modulus_length, |
1552 exponent_with_leading_zeros); | 1406 exponent_with_leading_zeros); |
1553 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1407 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1554 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1408 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1555 EXPECT_FALSE(public_key.isNull()); | 1409 EXPECT_FALSE(public_key.isNull()); |
1556 EXPECT_FALSE(private_key.isNull()); | 1410 EXPECT_FALSE(private_key.isNull()); |
1557 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1411 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1558 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1412 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1559 EXPECT_TRUE(public_key.extractable()); | 1413 EXPECT_TRUE(public_key.extractable()); |
1560 EXPECT_EQ(extractable, private_key.extractable()); | 1414 EXPECT_EQ(extractable, private_key.extractable()); |
1561 EXPECT_EQ(usage_mask, public_key.usages()); | 1415 EXPECT_EQ(usage_mask, public_key.usages()); |
1562 EXPECT_EQ(usage_mask, private_key.usages()); | 1416 EXPECT_EQ(usage_mask, private_key.usages()); |
1563 | 1417 |
1564 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 1418 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
1565 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1419 algorithm = CreateRsaKeyGenAlgorithm( |
1566 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 1420 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); |
1567 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1421 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1568 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1422 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1569 EXPECT_FALSE(public_key.isNull()); | 1423 EXPECT_FALSE(public_key.isNull()); |
1570 EXPECT_FALSE(private_key.isNull()); | 1424 EXPECT_FALSE(private_key.isNull()); |
1571 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1425 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1572 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1426 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1573 EXPECT_TRUE(public_key.extractable()); | 1427 EXPECT_TRUE(public_key.extractable()); |
1574 EXPECT_EQ(extractable, private_key.extractable()); | 1428 EXPECT_EQ(extractable, private_key.extractable()); |
1575 EXPECT_EQ(usage_mask, public_key.usages()); | 1429 EXPECT_EQ(usage_mask, public_key.usages()); |
1576 EXPECT_EQ(usage_mask, private_key.usages()); | 1430 EXPECT_EQ(usage_mask, private_key.usages()); |
1577 | 1431 |
1578 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 1432 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
1579 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1433 algorithm = CreateRsaKeyGenAlgorithm( |
1580 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1434 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1581 modulus_length, | 1435 modulus_length, |
1582 public_exponent); | 1436 public_exponent); |
1583 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1437 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1584 algorithm, false, usage_mask, &public_key, &private_key)); | 1438 algorithm, false, usage_mask, &public_key, &private_key)); |
1585 EXPECT_FALSE(public_key.isNull()); | 1439 EXPECT_FALSE(public_key.isNull()); |
1586 EXPECT_FALSE(private_key.isNull()); | 1440 EXPECT_FALSE(private_key.isNull()); |
1587 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1441 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1588 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1442 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1589 // Even though "extractable" was set to false, the public key remains | 1443 // Even though "extractable" was set to false, the public key remains |
1590 // extractable. | 1444 // extractable. |
1591 EXPECT_TRUE(public_key.extractable()); | 1445 EXPECT_TRUE(public_key.extractable()); |
1592 EXPECT_FALSE(private_key.extractable()); | 1446 EXPECT_FALSE(private_key.extractable()); |
1593 EXPECT_EQ(usage_mask, public_key.usages()); | 1447 EXPECT_EQ(usage_mask, public_key.usages()); |
1594 EXPECT_EQ(usage_mask, private_key.usages()); | 1448 EXPECT_EQ(usage_mask, private_key.usages()); |
1595 | 1449 |
1596 // Exporting a private key as SPKI format doesn't make sense. However this | 1450 // Exporting a private key as SPKI format doesn't make sense. However this |
1597 // will first fail because the key is not extractable. | 1451 // will first fail because the key is not extractable. |
1598 blink::WebArrayBuffer output; | 1452 blink::WebArrayBuffer output; |
1599 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKeyInternal( | 1453 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKey( |
1600 blink::WebCryptoKeyFormatSpki, private_key, &output)); | 1454 blink::WebCryptoKeyFormatSpki, private_key, &output)); |
1601 | 1455 |
1602 // Re-generate an extractable private_key and try to export it as SPKI format. | 1456 // Re-generate an extractable private_key and try to export it as SPKI format. |
1603 // This should fail since spki is for public keys. | 1457 // This should fail since spki is for public keys. |
1604 EXPECT_STATUS_SUCCESS(GenerateKeyPairInternal( | 1458 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1605 algorithm, true, usage_mask, &public_key, &private_key)); | 1459 algorithm, true, usage_mask, &public_key, &private_key)); |
1606 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKeyInternal( | 1460 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKey( |
1607 blink::WebCryptoKeyFormatSpki, private_key, &output)); | 1461 blink::WebCryptoKeyFormatSpki, private_key, &output)); |
1608 } | 1462 } |
1609 | 1463 |
1610 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { | 1464 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { |
1611 // Import a key pair. | 1465 // Import a key pair. |
1612 blink::WebCryptoAlgorithm algorithm = | 1466 blink::WebCryptoAlgorithm algorithm = |
1613 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1467 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1614 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1468 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1615 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1469 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1616 ImportRsaKeyPair( | 1470 ImportRsaKeyPair( |
1617 HexStringToBytes(kPublicKeySpkiDerHex), | 1471 HexStringToBytes(kPublicKeySpkiDerHex), |
1618 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1472 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1619 algorithm, | 1473 algorithm, |
1620 false, | 1474 false, |
1621 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1475 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1622 &public_key, | 1476 &public_key, |
1623 &private_key); | 1477 &private_key); |
1624 | 1478 |
1625 // Make a maximum-length data message. RSAES can operate on messages up to | 1479 // Make a maximum-length data message. RSAES can operate on messages up to |
1626 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1480 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
1627 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1481 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
1628 // There are two hex chars for each byte. | 1482 // There are two hex chars for each byte. |
1629 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; | 1483 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; |
1630 char max_data_hex[kMsgHexSize+1]; | 1484 char max_data_hex[kMsgHexSize+1]; |
1631 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | 1485 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
1632 max_data_hex[kMsgHexSize] = '\0'; | 1486 max_data_hex[kMsgHexSize] = '\0'; |
1633 | 1487 |
1634 // Verify encrypt / decrypt round trip on a few messages. Note that RSA | 1488 // Verify encrypt / decrypt round trip on a few messages. Note that RSA |
1635 // encryption does not support empty input. | 1489 // encryption does not support empty input. |
1636 algorithm = | 1490 algorithm = |
1637 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1491 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1638 const char* const kTestDataHex[] = { | 1492 const char* const kTestDataHex[] = { |
1639 "ff", | 1493 "ff", |
1640 "0102030405060708090a0b0c0d0e0f", | 1494 "0102030405060708090a0b0c0d0e0f", |
1641 max_data_hex | 1495 max_data_hex |
1642 }; | 1496 }; |
1643 blink::WebArrayBuffer encrypted_data; | 1497 blink::WebArrayBuffer encrypted_data; |
1644 blink::WebArrayBuffer decrypted_data; | 1498 blink::WebArrayBuffer decrypted_data; |
1645 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | 1499 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
1646 SCOPED_TRACE(i); | 1500 SCOPED_TRACE(i); |
1647 EXPECT_STATUS_SUCCESS(EncryptInternal( | 1501 EXPECT_STATUS_SUCCESS(Encrypt( |
1648 algorithm, | 1502 algorithm, |
1649 public_key, | 1503 public_key, |
1650 HexStringToBytes(kTestDataHex[i]), | 1504 HexStringToBytes(kTestDataHex[i]), |
1651 &encrypted_data)); | 1505 &encrypted_data)); |
1652 EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength()); | 1506 EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength()); |
1653 ASSERT_STATUS_SUCCESS(DecryptInternal( | 1507 ASSERT_STATUS_SUCCESS(Decrypt( |
1654 algorithm, | 1508 algorithm, |
1655 private_key, | 1509 private_key, |
1656 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1510 encrypted_data, |
1657 encrypted_data.byteLength(), | |
1658 &decrypted_data)); | 1511 &decrypted_data)); |
1659 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); | 1512 ExpectCryptoDataMatchesHex(kTestDataHex[i], decrypted_data); |
1660 } | 1513 } |
1661 } | 1514 } |
1662 | 1515 |
1663 TEST_F(WebCryptoImplTest, MAYBE(RsaEsKnownAnswer)) { | 1516 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { |
1664 scoped_ptr<base::Value> json; | 1517 scoped_ptr<base::Value> json; |
1665 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); | 1518 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
1666 base::DictionaryValue* test = NULL; | 1519 base::DictionaryValue* test = NULL; |
1667 ASSERT_TRUE(json->GetAsDictionary(&test)); | 1520 ASSERT_TRUE(json->GetAsDictionary(&test)); |
1668 | 1521 |
1669 // Because the random data in PKCS1.5 padding makes the encryption output non- | 1522 // Because the random data in PKCS1.5 padding makes the encryption output non- |
1670 // deterministic, we cannot easily do a typical known-answer test for RSA | 1523 // deterministic, we cannot easily do a typical known-answer test for RSA |
1671 // encryption / decryption. Instead we will take a known-good encrypted | 1524 // encryption / decryption. Instead we will take a known-good encrypted |
1672 // message, decrypt it, re-encrypt it, then decrypt again, verifying that the | 1525 // message, decrypt it, re-encrypt it, then decrypt again, verifying that the |
1673 // original known cleartext is the result. | 1526 // original known cleartext is the result. |
1674 | 1527 |
1675 const std::vector<uint8> rsa_spki_der = | 1528 const std::vector<uint8> rsa_spki_der = |
1676 GetBytesFromHexString(test, "rsa_spki_der"); | 1529 GetBytesFromHexString(test, "rsa_spki_der"); |
1677 | 1530 |
1678 const std::vector<uint8> rsa_pkcs8_der = | 1531 const std::vector<uint8> rsa_pkcs8_der = |
1679 GetBytesFromHexString(test, "rsa_pkcs8_der"); | 1532 GetBytesFromHexString(test, "rsa_pkcs8_der"); |
1680 const std::vector<uint8> ciphertext = | 1533 const std::vector<uint8> ciphertext = |
1681 GetBytesFromHexString(test, "ciphertext"); | 1534 GetBytesFromHexString(test, "ciphertext"); |
1682 const std::vector<uint8> cleartext = | 1535 const std::vector<uint8> cleartext = |
1683 GetBytesFromHexString(test, "cleartext"); | 1536 GetBytesFromHexString(test, "cleartext"); |
1684 | 1537 |
1685 // Import the key pair. | 1538 // Import the key pair. |
1686 blink::WebCryptoAlgorithm algorithm = | 1539 blink::WebCryptoAlgorithm algorithm = |
1687 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1540 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1688 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1541 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1689 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1542 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1690 ImportRsaKeyPair( | 1543 ImportRsaKeyPair( |
1691 rsa_spki_der, | 1544 rsa_spki_der, |
1692 rsa_pkcs8_der, | 1545 rsa_pkcs8_der, |
1693 algorithm, | 1546 algorithm, |
1694 false, | 1547 false, |
1695 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1548 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1696 &public_key, | 1549 &public_key, |
1697 &private_key); | 1550 &private_key); |
1698 | 1551 |
1699 // Decrypt the known-good ciphertext with the private key. As a check we must | 1552 // Decrypt the known-good ciphertext with the private key. As a check we must |
1700 // get the known original cleartext. | 1553 // get the known original cleartext. |
1701 blink::WebArrayBuffer decrypted_data; | 1554 blink::WebArrayBuffer decrypted_data; |
1702 ASSERT_STATUS_SUCCESS(DecryptInternal( | 1555 ASSERT_STATUS_SUCCESS(Decrypt( |
1703 algorithm, | 1556 algorithm, |
1704 private_key, | 1557 private_key, |
1705 ciphertext, | 1558 ciphertext, |
1706 &decrypted_data)); | 1559 &decrypted_data)); |
1707 EXPECT_FALSE(decrypted_data.isNull()); | 1560 EXPECT_FALSE(decrypted_data.isNull()); |
1708 ExpectArrayBufferMatches(cleartext, decrypted_data); | 1561 ExpectCryptoDataMatches(cleartext, decrypted_data); |
1709 | 1562 |
1710 // Encrypt this decrypted data with the public key. | 1563 // Encrypt this decrypted data with the public key. |
1711 blink::WebArrayBuffer encrypted_data; | 1564 blink::WebArrayBuffer encrypted_data; |
1712 ASSERT_STATUS_SUCCESS(EncryptInternal( | 1565 ASSERT_STATUS_SUCCESS(Encrypt( |
1713 algorithm, | 1566 algorithm, |
1714 public_key, | 1567 public_key, |
1715 reinterpret_cast<const unsigned char*>(decrypted_data.data()), | 1568 decrypted_data, |
1716 decrypted_data.byteLength(), | |
1717 &encrypted_data)); | 1569 &encrypted_data)); |
1718 EXPECT_EQ(128u, encrypted_data.byteLength()); | 1570 EXPECT_EQ(128u, encrypted_data.byteLength()); |
1719 | 1571 |
1720 // Finally, decrypt the newly encrypted result with the private key, and | 1572 // Finally, decrypt the newly encrypted result with the private key, and |
1721 // compare to the known original cleartext. | 1573 // compare to the known original cleartext. |
1722 decrypted_data.reset(); | 1574 decrypted_data.reset(); |
1723 ASSERT_STATUS_SUCCESS(DecryptInternal( | 1575 ASSERT_STATUS_SUCCESS(Decrypt( |
1724 algorithm, | 1576 algorithm, |
1725 private_key, | 1577 private_key, |
1726 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1578 encrypted_data, |
1727 encrypted_data.byteLength(), | |
1728 &decrypted_data)); | 1579 &decrypted_data)); |
1729 EXPECT_FALSE(decrypted_data.isNull()); | 1580 EXPECT_FALSE(decrypted_data.isNull()); |
1730 ExpectArrayBufferMatches(cleartext, decrypted_data); | 1581 ExpectCryptoDataMatches(cleartext, decrypted_data); |
1731 } | 1582 } |
1732 | 1583 |
1733 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) { | 1584 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { |
1734 // Import a key pair. | 1585 // Import a key pair. |
1735 blink::WebCryptoAlgorithm algorithm = | 1586 blink::WebCryptoAlgorithm algorithm = |
1736 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1587 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1737 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1588 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1738 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1589 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1739 ImportRsaKeyPair( | 1590 ImportRsaKeyPair( |
1740 HexStringToBytes(kPublicKeySpkiDerHex), | 1591 HexStringToBytes(kPublicKeySpkiDerHex), |
1741 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1592 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1742 algorithm, | 1593 algorithm, |
1743 false, | 1594 false, |
1744 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1595 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1745 &public_key, | 1596 &public_key, |
1746 &private_key); | 1597 &private_key); |
1747 | 1598 |
1748 // Fail encrypt with a private key. | 1599 // Fail encrypt with a private key. |
1749 blink::WebArrayBuffer encrypted_data; | 1600 blink::WebArrayBuffer encrypted_data; |
1750 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 1601 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
1751 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 1602 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
1752 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 1603 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1753 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); | 1604 Encrypt(algorithm, private_key, message_hex, &encrypted_data)); |
1754 | 1605 |
1755 // Fail encrypt with empty message. | 1606 // Fail encrypt with empty message. |
1756 EXPECT_STATUS(Status::Error(), EncryptInternal( | 1607 EXPECT_STATUS(Status::Error(), Encrypt( |
1757 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); | 1608 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
1758 | 1609 |
1759 // Fail encrypt with message too large. RSAES can operate on messages up to | 1610 // Fail encrypt with message too large. RSAES can operate on messages up to |
1760 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1611 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
1761 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1612 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
1762 EXPECT_STATUS( | 1613 EXPECT_STATUS( |
1763 Status::ErrorDataTooLarge(), | 1614 Status::ErrorDataTooLarge(), |
1764 EncryptInternal(algorithm, | 1615 Encrypt(algorithm, |
1765 public_key, | 1616 public_key, |
1766 std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), | 1617 std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), |
1767 &encrypted_data)); | 1618 &encrypted_data)); |
1768 | 1619 |
1769 // Generate encrypted data. | 1620 // Generate encrypted data. |
1770 EXPECT_STATUS(Status::Success(), | 1621 EXPECT_STATUS(Status::Success(), |
1771 EncryptInternal(algorithm, public_key, message_hex, &encrypted_data)); | 1622 Encrypt(algorithm, public_key, message_hex, &encrypted_data)); |
1772 | 1623 |
1773 // Fail decrypt with a public key. | 1624 // Fail decrypt with a public key. |
1774 blink::WebArrayBuffer decrypted_data; | 1625 blink::WebArrayBuffer decrypted_data; |
1775 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), DecryptInternal( | 1626 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), Decrypt( |
1776 algorithm, | 1627 algorithm, |
1777 public_key, | 1628 public_key, |
1778 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1629 encrypted_data, |
1779 encrypted_data.byteLength(), | |
1780 &decrypted_data)); | 1630 &decrypted_data)); |
1781 | 1631 |
1782 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. | 1632 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. |
1783 std::vector<uint8> corrupted_data( | 1633 std::vector<uint8> corrupted_data( |
1784 static_cast<uint8*>(encrypted_data.data()), | 1634 static_cast<uint8*>(encrypted_data.data()), |
1785 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); | 1635 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); |
1786 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 1636 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
1787 EXPECT_STATUS(Status::Error(), | 1637 EXPECT_STATUS(Status::Error(), |
1788 DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data)); | 1638 Decrypt(algorithm, private_key, corrupted_data, &decrypted_data)); |
1789 | 1639 |
1790 // TODO(padolph): Are there other specific data corruption scenarios to | 1640 // TODO(padolph): Are there other specific data corruption scenarios to |
1791 // consider? | 1641 // consider? |
1792 | 1642 |
1793 // Do a successful decrypt with good data just for confirmation. | 1643 // Do a successful decrypt with good data just for confirmation. |
1794 EXPECT_STATUS_SUCCESS(DecryptInternal( | 1644 EXPECT_STATUS_SUCCESS(Decrypt( |
1795 algorithm, | 1645 algorithm, |
1796 private_key, | 1646 private_key, |
1797 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1647 encrypted_data, |
1798 encrypted_data.byteLength(), | |
1799 &decrypted_data)); | 1648 &decrypted_data)); |
1800 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 1649 ExpectCryptoDataMatchesHex(message_hex_str, decrypted_data); |
1801 } | 1650 } |
1802 | 1651 |
1803 TEST_F(WebCryptoImplTest, MAYBE(RsaSsaSignVerifyFailures)) { | 1652 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
1804 // Import a key pair. | 1653 // Import a key pair. |
1805 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | 1654 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( |
1806 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1655 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1807 blink::WebCryptoAlgorithmIdSha1); | 1656 blink::WebCryptoAlgorithmIdSha1); |
1808 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1657 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1809 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1658 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1810 ImportRsaKeyPair( | 1659 ImportRsaKeyPair( |
1811 HexStringToBytes(kPublicKeySpkiDerHex), | 1660 HexStringToBytes(kPublicKeySpkiDerHex), |
1812 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1661 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1813 algorithm, | 1662 algorithm, |
1814 false, | 1663 false, |
1815 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 1664 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
1816 &public_key, | 1665 &public_key, |
1817 &private_key); | 1666 &private_key); |
1818 | 1667 |
1819 blink::WebArrayBuffer signature; | 1668 blink::WebArrayBuffer signature; |
1820 bool signature_match; | 1669 bool signature_match; |
1821 | 1670 |
1822 // Compute a signature. | 1671 // Compute a signature. |
1823 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | 1672 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
1824 ASSERT_STATUS_SUCCESS(SignInternal(algorithm, private_key, data, &signature)); | 1673 ASSERT_STATUS_SUCCESS(Sign(algorithm, private_key, data, &signature)); |
1825 | 1674 |
1826 // Ensure truncated signature does not verify by passing one less byte. | 1675 // Ensure truncated signature does not verify by passing one less byte. |
1827 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 1676 EXPECT_STATUS_SUCCESS(VerifySignature( |
1828 algorithm, | 1677 algorithm, |
1829 public_key, | 1678 public_key, |
1830 static_cast<const unsigned char*>(signature.data()), | 1679 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()), |
1831 signature.byteLength() - 1, | 1680 signature.byteLength() - 1), |
1832 data, | 1681 data, |
1833 &signature_match)); | 1682 &signature_match)); |
1834 EXPECT_FALSE(signature_match); | 1683 EXPECT_FALSE(signature_match); |
1835 | 1684 |
1836 // Ensure truncated signature does not verify by passing no bytes. | 1685 // Ensure truncated signature does not verify by passing no bytes. |
1837 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 1686 EXPECT_STATUS_SUCCESS(VerifySignature( |
1838 algorithm, | 1687 algorithm, |
1839 public_key, | 1688 public_key, |
1840 NULL, | 1689 CryptoData(), |
1841 0, | |
1842 data, | 1690 data, |
1843 &signature_match)); | 1691 &signature_match)); |
1844 EXPECT_FALSE(signature_match); | 1692 EXPECT_FALSE(signature_match); |
1845 | 1693 |
1846 // Ensure corrupted signature does not verify. | 1694 // Ensure corrupted signature does not verify. |
1847 std::vector<uint8> corrupt_sig( | 1695 std::vector<uint8> corrupt_sig( |
1848 static_cast<uint8*>(signature.data()), | 1696 static_cast<uint8*>(signature.data()), |
1849 static_cast<uint8*>(signature.data()) + signature.byteLength()); | 1697 static_cast<uint8*>(signature.data()) + signature.byteLength()); |
1850 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | 1698 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
1851 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 1699 EXPECT_STATUS_SUCCESS(VerifySignature( |
1852 algorithm, | 1700 algorithm, |
1853 public_key, | 1701 public_key, |
1854 webcrypto::Uint8VectorStart(corrupt_sig), | 1702 corrupt_sig, |
1855 corrupt_sig.size(), | |
1856 data, | 1703 data, |
1857 &signature_match)); | 1704 &signature_match)); |
1858 EXPECT_FALSE(signature_match); | 1705 EXPECT_FALSE(signature_match); |
1859 | 1706 |
1860 // Ensure signatures that are greater than the modulus size fail. | 1707 // Ensure signatures that are greater than the modulus size fail. |
1861 const unsigned int long_message_size_bytes = 1024; | 1708 const unsigned int long_message_size_bytes = 1024; |
1862 DCHECK_GT(long_message_size_bytes, kModulusLength/8); | 1709 DCHECK_GT(long_message_size_bytes, kModulusLength/8); |
1863 const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; | 1710 const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; |
1864 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 1711 EXPECT_STATUS_SUCCESS(VerifySignature( |
1865 algorithm, | 1712 algorithm, |
1866 public_key, | 1713 public_key, |
1867 kLongSignature, | 1714 CryptoData(kLongSignature, sizeof(kLongSignature)), |
1868 sizeof(kLongSignature), | |
1869 data, | 1715 data, |
1870 &signature_match)); | 1716 &signature_match)); |
1871 EXPECT_FALSE(signature_match); | 1717 EXPECT_FALSE(signature_match); |
1872 | 1718 |
1873 // Ensure that verifying using a private key, rather than a public key, fails. | 1719 // Ensure that verifying using a private key, rather than a public key, fails. |
1874 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignatureInternal( | 1720 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignature( |
1875 algorithm, | 1721 algorithm, |
1876 private_key, | 1722 private_key, |
1877 static_cast<const unsigned char*>(signature.data()), | 1723 signature, data, |
1878 signature.byteLength(), | |
1879 data, | |
1880 &signature_match)); | 1724 &signature_match)); |
1881 | 1725 |
1882 // Ensure that signing using a public key, rather than a private key, fails. | 1726 // Ensure that signing using a public key, rather than a private key, fails. |
1883 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 1727 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1884 SignInternal(algorithm, public_key, data, &signature)); | 1728 Sign(algorithm, public_key, data, &signature)); |
1885 | 1729 |
1886 // Ensure that signing and verifying with an incompatible algorithm fails. | 1730 // Ensure that signing and verifying with an incompatible algorithm fails. |
1887 algorithm = | 1731 algorithm = |
1888 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1732 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1889 EXPECT_STATUS(Status::ErrorUnsupported(), | 1733 EXPECT_STATUS(Status::ErrorKeyAlgorithmMismatch(), |
1890 SignInternal(algorithm, private_key, data, &signature)); | 1734 Sign(algorithm, private_key, data, &signature)); |
1891 EXPECT_STATUS(Status::ErrorUnsupported(), VerifySignatureInternal( | 1735 EXPECT_STATUS(Status::ErrorKeyAlgorithmMismatch(), VerifySignature( |
1892 algorithm, | 1736 algorithm, public_key, signature, data, &signature_match)); |
1893 public_key, | |
1894 static_cast<const unsigned char*>(signature.data()), | |
1895 signature.byteLength(), | |
1896 data, | |
1897 &signature_match)); | |
1898 | 1737 |
1899 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash | 1738 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash |
1900 // based solely on the contents of the input signature data. In the Web Crypto | 1739 // based solely on the contents of the input signature data. In the Web Crypto |
1901 // implementation, the inner hash should be specified uniquely by the input | 1740 // implementation, the inner hash should be specified uniquely by the input |
1902 // algorithm parameter. To validate this behavior, call Verify with a computed | 1741 // algorithm parameter. To validate this behavior, call Verify with a computed |
1903 // signature that used one hash type (SHA-1), but pass in an algorithm with a | 1742 // signature that used one hash type (SHA-1), but pass in an algorithm with a |
1904 // different inner hash type (SHA-256). If the hash type is determined by the | 1743 // different inner hash type (SHA-256). If the hash type is determined by the |
1905 // signature itself (undesired), the verify will pass, while if the hash type | 1744 // signature itself (undesired), the verify will pass, while if the hash type |
1906 // is specified by the input algorithm (desired), the verify will fail. | 1745 // is specified by the input algorithm (desired), the verify will fail. |
1907 | 1746 |
1908 // Compute a signature using SHA-1 as the inner hash. | 1747 // Compute a signature using SHA-1 as the inner hash. |
1909 EXPECT_STATUS_SUCCESS(SignInternal(CreateRsaAlgorithmWithInnerHash( | 1748 EXPECT_STATUS_SUCCESS(Sign(CreateRsaAlgorithmWithInnerHash( |
1910 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1749 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1911 blink::WebCryptoAlgorithmIdSha1), | 1750 blink::WebCryptoAlgorithmIdSha1), |
1912 private_key, | 1751 private_key, |
1913 data, | 1752 data, |
1914 &signature)); | 1753 &signature)); |
1915 | 1754 |
1916 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The | 1755 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The |
1917 // signature should not verify. | 1756 // signature should not verify. |
1918 // NOTE: public_key was produced by generateKey, and so its associated | 1757 // NOTE: public_key was produced by generateKey, and so its associated |
1919 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | 1758 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
1920 // it has no inner hash to conflict with the input algorithm. | 1759 // it has no inner hash to conflict with the input algorithm. |
1921 bool is_match; | 1760 bool is_match; |
1922 EXPECT_STATUS_SUCCESS(VerifySignatureInternal( | 1761 EXPECT_STATUS_SUCCESS(VerifySignature( |
1923 CreateRsaAlgorithmWithInnerHash( | 1762 CreateRsaAlgorithmWithInnerHash( |
1924 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1763 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1925 blink::WebCryptoAlgorithmIdSha256), | 1764 blink::WebCryptoAlgorithmIdSha256), |
1926 public_key, | 1765 public_key, |
1927 static_cast<const unsigned char*>(signature.data()), | 1766 signature, |
1928 signature.byteLength(), | |
1929 data, | 1767 data, |
1930 &is_match)); | 1768 &is_match)); |
1931 EXPECT_FALSE(is_match); | 1769 EXPECT_FALSE(is_match); |
1932 } | 1770 } |
1933 | 1771 |
1934 TEST_F(WebCryptoImplTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 1772 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
1935 scoped_ptr<base::ListValue> tests; | 1773 scoped_ptr<base::ListValue> tests; |
1936 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 1774 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
1937 | 1775 |
1938 // Import the key pair. | 1776 // Import the key pair. |
1939 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | 1777 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( |
1940 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1778 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1941 blink::WebCryptoAlgorithmIdSha1); | 1779 blink::WebCryptoAlgorithmIdSha1); |
1942 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1780 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1943 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1781 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1944 ImportRsaKeyPair( | 1782 ImportRsaKeyPair( |
(...skipping 13 matching lines...) Expand all Loading... |
1958 base::DictionaryValue* test; | 1796 base::DictionaryValue* test; |
1959 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 1797 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
1960 | 1798 |
1961 std::vector<uint8> test_message = | 1799 std::vector<uint8> test_message = |
1962 GetBytesFromHexString(test, "message_hex"); | 1800 GetBytesFromHexString(test, "message_hex"); |
1963 std::vector<uint8> test_signature = | 1801 std::vector<uint8> test_signature = |
1964 GetBytesFromHexString(test, "signature_hex"); | 1802 GetBytesFromHexString(test, "signature_hex"); |
1965 | 1803 |
1966 signature.reset(); | 1804 signature.reset(); |
1967 ASSERT_STATUS_SUCCESS( | 1805 ASSERT_STATUS_SUCCESS( |
1968 SignInternal(algorithm, private_key, test_message, &signature)); | 1806 Sign(algorithm, private_key, test_message, &signature)); |
1969 ExpectArrayBufferMatches(test_signature, signature); | 1807 ExpectCryptoDataMatches(test_signature, signature); |
1970 | 1808 |
1971 bool is_match = false; | 1809 bool is_match = false; |
1972 ASSERT_STATUS_SUCCESS(VerifySignatureInternal( | 1810 ASSERT_STATUS_SUCCESS(VerifySignature( |
1973 algorithm, | 1811 algorithm, |
1974 public_key, | 1812 public_key, |
1975 test_signature, | 1813 test_signature, |
1976 test_message, | 1814 test_message, |
1977 &is_match)); | 1815 &is_match)); |
1978 EXPECT_TRUE(is_match); | 1816 EXPECT_TRUE(is_match); |
1979 } | 1817 } |
1980 } | 1818 } |
1981 | 1819 |
1982 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { | 1820 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
1983 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1821 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1984 blink::WebCryptoAlgorithm algorithm = | 1822 blink::WebCryptoAlgorithm algorithm = |
1985 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | 1823 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
1986 | 1824 |
1987 // Import a 128-bit Key Encryption Key (KEK) | 1825 // Import a 128-bit Key Encryption Key (KEK) |
1988 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; | 1826 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; |
1989 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1827 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
1990 HexStringToBytes(key_raw_hex_in), | 1828 HexStringToBytes(key_raw_hex_in), |
1991 algorithm, | 1829 algorithm, |
1992 true, | 1830 true, |
1993 blink::WebCryptoKeyUsageWrapKey, | 1831 blink::WebCryptoKeyUsageWrapKey, |
1994 &key)); | 1832 &key)); |
1995 blink::WebArrayBuffer key_raw_out; | 1833 blink::WebArrayBuffer key_raw_out; |
1996 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1834 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
1997 key, | 1835 key, |
1998 &key_raw_out)); | 1836 &key_raw_out)); |
1999 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 1837 ExpectCryptoDataMatchesHex(key_raw_hex_in, key_raw_out); |
2000 | 1838 |
2001 // Import a 192-bit KEK | 1839 // Import a 192-bit KEK |
2002 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; | 1840 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; |
2003 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1841 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
2004 HexStringToBytes(key_raw_hex_in), | 1842 HexStringToBytes(key_raw_hex_in), |
2005 algorithm, | 1843 algorithm, |
2006 true, | 1844 true, |
2007 blink::WebCryptoKeyUsageWrapKey, | 1845 blink::WebCryptoKeyUsageWrapKey, |
2008 &key)); | 1846 &key)); |
2009 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1847 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
2010 key, | 1848 key, |
2011 &key_raw_out)); | 1849 &key_raw_out)); |
2012 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 1850 ExpectCryptoDataMatchesHex(key_raw_hex_in, key_raw_out); |
2013 | 1851 |
2014 // Import a 256-bit Key Encryption Key (KEK) | 1852 // Import a 256-bit Key Encryption Key (KEK) |
2015 key_raw_hex_in = | 1853 key_raw_hex_in = |
2016 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; | 1854 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; |
2017 ASSERT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1855 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
2018 HexStringToBytes(key_raw_hex_in), | 1856 HexStringToBytes(key_raw_hex_in), |
2019 algorithm, | 1857 algorithm, |
2020 true, | 1858 true, |
2021 blink::WebCryptoKeyUsageWrapKey, | 1859 blink::WebCryptoKeyUsageWrapKey, |
2022 &key)); | 1860 &key)); |
2023 EXPECT_STATUS_SUCCESS(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1861 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
2024 key, | 1862 key, |
2025 &key_raw_out)); | 1863 &key_raw_out)); |
2026 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 1864 ExpectCryptoDataMatchesHex(key_raw_hex_in, key_raw_out); |
2027 | 1865 |
2028 // Fail import of 0 length key | 1866 // Fail import of 0 length key |
2029 EXPECT_STATUS(Status::Error(), | 1867 EXPECT_STATUS(Status::Error(), |
2030 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1868 ImportKey(blink::WebCryptoKeyFormatRaw, |
2031 HexStringToBytes(""), | 1869 HexStringToBytes(""), |
2032 algorithm, | 1870 algorithm, |
2033 true, | 1871 true, |
2034 blink::WebCryptoKeyUsageWrapKey, | 1872 blink::WebCryptoKeyUsageWrapKey, |
2035 &key)); | 1873 &key)); |
2036 | 1874 |
2037 // Fail import of 124-bit KEK | 1875 // Fail import of 124-bit KEK |
2038 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; | 1876 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; |
2039 EXPECT_STATUS(Status::Error(), | 1877 EXPECT_STATUS(Status::Error(), |
2040 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1878 ImportKey(blink::WebCryptoKeyFormatRaw, |
2041 HexStringToBytes(key_raw_hex_in), | 1879 HexStringToBytes(key_raw_hex_in), |
2042 algorithm, | 1880 algorithm, |
2043 true, | 1881 true, |
2044 blink::WebCryptoKeyUsageWrapKey, | 1882 blink::WebCryptoKeyUsageWrapKey, |
2045 &key)); | 1883 &key)); |
2046 | 1884 |
2047 // Fail import of 200-bit KEK | 1885 // Fail import of 200-bit KEK |
2048 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; | 1886 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; |
2049 EXPECT_STATUS(Status::Error(), | 1887 EXPECT_STATUS(Status::Error(), |
2050 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1888 ImportKey(blink::WebCryptoKeyFormatRaw, |
2051 HexStringToBytes(key_raw_hex_in), | 1889 HexStringToBytes(key_raw_hex_in), |
2052 algorithm, | 1890 algorithm, |
2053 true, | 1891 true, |
2054 blink::WebCryptoKeyUsageWrapKey, | 1892 blink::WebCryptoKeyUsageWrapKey, |
2055 &key)); | 1893 &key)); |
2056 | 1894 |
2057 // Fail import of 260-bit KEK | 1895 // Fail import of 260-bit KEK |
2058 key_raw_hex_in = | 1896 key_raw_hex_in = |
2059 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; | 1897 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
2060 EXPECT_STATUS(Status::Error(), | 1898 EXPECT_STATUS(Status::Error(), |
2061 ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 1899 ImportKey(blink::WebCryptoKeyFormatRaw, |
2062 HexStringToBytes(key_raw_hex_in), | 1900 HexStringToBytes(key_raw_hex_in), |
2063 algorithm, | 1901 algorithm, |
2064 true, | 1902 true, |
2065 blink::WebCryptoKeyUsageWrapKey, | 1903 blink::WebCryptoKeyUsageWrapKey, |
2066 &key)); | 1904 &key)); |
2067 } | 1905 } |
2068 | 1906 |
2069 // TODO(eroman): | 1907 // TODO(eroman): |
2070 // * Test decryption when the tag length exceeds input size | 1908 // * Test decryption when the tag length exceeds input size |
2071 // * Test decryption with empty input | 1909 // * Test decryption with empty input |
2072 // * Test decryption with tag length of 0. | 1910 // * Test decryption with tag length of 0. |
2073 TEST_F(WebCryptoImplTest, MAYBE(AesGcmSampleSets)) { | 1911 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
2074 // Some Linux test runners may not have a new enough version of NSS. | 1912 // Some Linux test runners may not have a new enough version of NSS. |
2075 if (!SupportsAesGcm()) { | 1913 if (!SupportsAesGcm()) { |
2076 LOG(WARNING) << "AES GCM not supported, skipping tests"; | 1914 LOG(WARNING) << "AES GCM not supported, skipping tests"; |
2077 return; | 1915 return; |
2078 } | 1916 } |
2079 | 1917 |
2080 scoped_ptr<base::ListValue> tests; | 1918 scoped_ptr<base::ListValue> tests; |
2081 ASSERT_TRUE(ReadJsonTestFileToList("aes_gcm.json", &tests)); | 1919 ASSERT_TRUE(ReadJsonTestFileToList("aes_gcm.json", &tests)); |
2082 | 1920 |
2083 // Note that WebCrypto appends the authentication tag to the ciphertext. | 1921 // Note that WebCrypto appends the authentication tag to the ciphertext. |
2084 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 1922 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
2085 SCOPED_TRACE(test_index); | 1923 SCOPED_TRACE(test_index); |
2086 base::DictionaryValue* test; | 1924 base::DictionaryValue* test; |
2087 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 1925 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
2088 | 1926 |
2089 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 1927 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
2090 const std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); | 1928 const std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); |
2091 const std::vector<uint8> test_additional_data = | 1929 const std::vector<uint8> test_additional_data = |
2092 GetBytesFromHexString(test, "additional_data"); | 1930 GetBytesFromHexString(test, "additional_data"); |
2093 const std::vector<uint8> test_plain_text = | 1931 const std::vector<uint8> test_plain_text = |
2094 GetBytesFromHexString(test, "plain_text"); | 1932 GetBytesFromHexString(test, "plain_text"); |
2095 const std::vector<uint8> test_authentication_tag = | 1933 const std::vector<uint8> test_authentication_tag = |
2096 GetBytesFromHexString(test, "authentication_tag"); | 1934 GetBytesFromHexString(test, "authentication_tag"); |
2097 const unsigned int test_tag_size_bits = test_authentication_tag.size() * 8; | 1935 const unsigned int test_tag_size_bits = test_authentication_tag.size() * 8; |
2098 const std::vector<uint8> test_cipher_text = | 1936 const std::vector<uint8> test_cipher_text = |
2099 GetBytesFromHexString(test, "cipher_text"); | 1937 GetBytesFromHexString(test, "cipher_text"); |
2100 | 1938 |
2101 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 1939 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
2102 test_key, | 1940 test_key, |
2103 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 1941 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
2104 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 1942 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
2105 | 1943 |
2106 // Verify exported raw key is identical to the imported data | 1944 // Verify exported raw key is identical to the imported data |
2107 blink::WebArrayBuffer raw_key; | 1945 blink::WebArrayBuffer raw_key; |
2108 EXPECT_STATUS_SUCCESS(ExportKeyInternal( | 1946 EXPECT_STATUS_SUCCESS(ExportKey( |
2109 blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1947 blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
2110 | 1948 |
2111 ExpectArrayBufferMatches(test_key, raw_key); | 1949 ExpectCryptoDataMatches(test_key, raw_key); |
2112 | 1950 |
2113 // Test encryption. | 1951 // Test encryption. |
2114 std::vector<uint8> cipher_text; | 1952 std::vector<uint8> cipher_text; |
2115 std::vector<uint8> authentication_tag; | 1953 std::vector<uint8> authentication_tag; |
2116 EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data, | 1954 EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data, |
2117 test_tag_size_bits, test_plain_text, | 1955 test_tag_size_bits, test_plain_text, |
2118 &cipher_text, &authentication_tag)); | 1956 &cipher_text, &authentication_tag)); |
2119 | 1957 |
2120 ExpectVectorMatches(test_cipher_text, cipher_text); | 1958 ExpectCryptoDataMatches(test_cipher_text, cipher_text); |
2121 ExpectVectorMatches(test_authentication_tag, authentication_tag); | 1959 ExpectCryptoDataMatches(test_authentication_tag, authentication_tag); |
2122 | 1960 |
2123 // Test decryption. | 1961 // Test decryption. |
2124 blink::WebArrayBuffer plain_text; | 1962 blink::WebArrayBuffer plain_text; |
2125 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data, | 1963 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data, |
2126 test_tag_size_bits, test_cipher_text, | 1964 test_tag_size_bits, test_cipher_text, |
2127 test_authentication_tag, &plain_text)); | 1965 test_authentication_tag, &plain_text)); |
2128 ExpectArrayBufferMatches(test_plain_text, plain_text); | 1966 ExpectCryptoDataMatches(test_plain_text, plain_text); |
2129 | 1967 |
2130 // Decryption should fail if any of the inputs are tampered with. | 1968 // Decryption should fail if any of the inputs are tampered with. |
2131 EXPECT_STATUS(Status::Error(), | 1969 EXPECT_STATUS(Status::Error(), |
2132 AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data, | 1970 AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data, |
2133 test_tag_size_bits, test_cipher_text, | 1971 test_tag_size_bits, test_cipher_text, |
2134 test_authentication_tag, &plain_text)); | 1972 test_authentication_tag, &plain_text)); |
2135 EXPECT_STATUS(Status::Error(), | 1973 EXPECT_STATUS(Status::Error(), |
2136 AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data), | 1974 AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data), |
2137 test_tag_size_bits, test_cipher_text, | 1975 test_tag_size_bits, test_cipher_text, |
2138 test_authentication_tag, &plain_text)); | 1976 test_authentication_tag, &plain_text)); |
(...skipping 13 matching lines...) Expand all Loading... |
2152 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i]; | 1990 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i]; |
2153 if (test_tag_size_bits == wrong_tag_size_bits) | 1991 if (test_tag_size_bits == wrong_tag_size_bits) |
2154 continue; | 1992 continue; |
2155 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, | 1993 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, |
2156 wrong_tag_size_bits, test_cipher_text, | 1994 wrong_tag_size_bits, test_cipher_text, |
2157 test_authentication_tag, &plain_text)); | 1995 test_authentication_tag, &plain_text)); |
2158 } | 1996 } |
2159 } | 1997 } |
2160 } | 1998 } |
2161 | 1999 |
| 2000 } // namespace webcrypto |
2162 } // namespace content | 2001 } // namespace content |
OLD | NEW |