| Index: content/renderer/webcrypto/shared_crypto_unittest.cc
|
| diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| index 8f280e17dbddb50b1fb45347e106ddbf29bcaa49..f0288977e42c3183360a8db15c817a0e561ea45b 100644
|
| --- a/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| +++ b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| @@ -40,9 +40,9 @@
|
| // Helper macros to verify the value of a Status.
|
| #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
|
| #define EXPECT_STATUS(expected, code) \
|
| - EXPECT_EQ(expected.ToString(), (code).ToString())
|
| + EXPECT_EQ(expected.ToString(), (code).ToString())
|
| #define ASSERT_STATUS(expected, code) \
|
| - ASSERT_EQ(expected.ToString(), (code).ToString())
|
| + ASSERT_EQ(expected.ToString(), (code).ToString())
|
| #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
|
| #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
|
|
|
| @@ -107,9 +107,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
|
|
|
| // Reads a file in "src/content/test/data/webcrypto" to a base::Value.
|
| // The file must be JSON, however it can also include C++ style comments.
|
| -::testing::AssertionResult ReadJsonTestFile(
|
| - const char* test_file_name,
|
| - scoped_ptr<base::Value>* value) {
|
| +::testing::AssertionResult ReadJsonTestFile(const char* test_file_name,
|
| + scoped_ptr<base::Value>* value) {
|
| base::FilePath test_data_dir;
|
| if (!PathService::Get(DIR_TEST_DATA, &test_data_dir))
|
| return ::testing::AssertionFailure() << "Couldn't retrieve test dir";
|
| @@ -119,8 +118,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
|
|
|
| std::string file_contents;
|
| if (!base::ReadFileToString(file_path, &file_contents)) {
|
| - return ::testing::AssertionFailure() << "Couldn't read test file: "
|
| - << file_path.value();
|
| + return ::testing::AssertionFailure()
|
| + << "Couldn't read test file: " << file_path.value();
|
| }
|
|
|
| // Strip C++ style comments out of the "json" file, otherwise it cannot be
|
| @@ -130,8 +129,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
|
| // Parse the JSON to a dictionary.
|
| value->reset(base::JSONReader::Read(file_contents));
|
| if (!value->get()) {
|
| - return ::testing::AssertionFailure() << "Couldn't parse test file JSON: "
|
| - << file_path.value();
|
| + return ::testing::AssertionFailure()
|
| + << "Couldn't parse test file JSON: " << file_path.value();
|
| }
|
|
|
| return ::testing::AssertionSuccess();
|
| @@ -163,9 +162,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
|
| // string as a hex encoded string and converts it to a bytes list.
|
| //
|
| // Returns empty vector on failure.
|
| -std::vector<uint8> GetBytesFromHexString(
|
| - base::DictionaryValue* dict,
|
| - const char* property_name) {
|
| +std::vector<uint8> GetBytesFromHexString(base::DictionaryValue* dict,
|
| + const char* property_name) {
|
| std::string hex_string;
|
| if (!dict->GetString(property_name, &hex_string)) {
|
| EXPECT_TRUE(false) << "Couldn't get string property: " << property_name;
|
| @@ -177,9 +175,8 @@ std::vector<uint8> GetBytesFromHexString(
|
|
|
| // Reads a string property with path "property_name" and converts it to a
|
| // WebCryptoAlgorith. Returns null algorithm on failure.
|
| -blink::WebCryptoAlgorithm GetDigestAlgorithm(
|
| - base::DictionaryValue* dict,
|
| - const char* property_name) {
|
| +blink::WebCryptoAlgorithm GetDigestAlgorithm(base::DictionaryValue* dict,
|
| + const char* property_name) {
|
| std::string algorithm_name;
|
| if (!dict->GetString(property_name, &algorithm_name)) {
|
| EXPECT_TRUE(false) << "Couldn't get string property: " << property_name;
|
| @@ -189,13 +186,11 @@ blink::WebCryptoAlgorithm GetDigestAlgorithm(
|
| struct {
|
| const char* name;
|
| blink::WebCryptoAlgorithmId id;
|
| - } kDigestNameToId[] = {
|
| - {"sha-1", blink::WebCryptoAlgorithmIdSha1},
|
| - {"sha-224", blink::WebCryptoAlgorithmIdSha224},
|
| - {"sha-256", blink::WebCryptoAlgorithmIdSha256},
|
| - {"sha-384", blink::WebCryptoAlgorithmIdSha384},
|
| - {"sha-512", blink::WebCryptoAlgorithmIdSha512},
|
| - };
|
| + } kDigestNameToId[] = {{"sha-1", blink::WebCryptoAlgorithmIdSha1},
|
| + {"sha-224", blink::WebCryptoAlgorithmIdSha224},
|
| + {"sha-256", blink::WebCryptoAlgorithmIdSha256},
|
| + {"sha-384", blink::WebCryptoAlgorithmIdSha384},
|
| + {"sha-512", blink::WebCryptoAlgorithmIdSha512}, };
|
|
|
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) {
|
| if (kDigestNameToId[i].name == algorithm_name)
|
| @@ -222,12 +217,13 @@ blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
|
| unsigned int tag_length_bits) {
|
| return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| blink::WebCryptoAlgorithmIdAesGcm,
|
| - new blink::WebCryptoAesGcmParams(
|
| - Uint8VectorStart(iv), iv.size(),
|
| - true,
|
| - Uint8VectorStart(additional_data),
|
| - additional_data.size(),
|
| - true, tag_length_bits));
|
| + new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
|
| + iv.size(),
|
| + true,
|
| + Uint8VectorStart(additional_data),
|
| + additional_data.size(),
|
| + true,
|
| + tag_length_bits));
|
| }
|
|
|
| // Helper for ImportJwkRsaFailures. Restores the JWK JSON
|
| @@ -238,7 +234,8 @@ void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
|
| dict->SetString("alg", "RSA1_5");
|
| dict->SetString("use", "enc");
|
| dict->SetBoolean("extractable", false);
|
| - dict->SetString("n",
|
| + dict->SetString(
|
| + "n",
|
| "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
|
| "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
|
| "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
|
| @@ -252,14 +249,12 @@ blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash(
|
| algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
|
| DCHECK(IsHashAlgorithm(hash_id));
|
| return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| - algorithm_id,
|
| - new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
|
| + algorithm_id, new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id)));
|
| }
|
|
|
| // Determines if two ArrayBuffers have identical content.
|
| -bool ArrayBuffersEqual(
|
| - const blink::WebArrayBuffer& a,
|
| - const blink::WebArrayBuffer& b) {
|
| +bool ArrayBuffersEqual(const blink::WebArrayBuffer& a,
|
| + const blink::WebArrayBuffer& b) {
|
| return a.byteLength() == b.byteLength() &&
|
| memcmp(a.data(), b.data(), a.byteLength()) == 0;
|
| }
|
| @@ -338,9 +333,7 @@ const char* const kPrivateKeyPkcs8DerHex =
|
|
|
| class SharedCryptoTest : public testing::Test {
|
| protected:
|
| - virtual void SetUp() OVERRIDE {
|
| - Init();
|
| - }
|
| + virtual void SetUp() OVERRIDE { Init(); }
|
| };
|
|
|
| // Wrappers to pass vector<> in place of CryptoData.
|
| @@ -351,8 +344,8 @@ Status ImportKeyInternal(blink::WebCryptoKeyFormat format,
|
| bool extractable,
|
| blink::WebCryptoKeyUsageMask usage_mask,
|
| blink::WebCryptoKey* key) {
|
| - return ImportKey(format, CryptoData(key_data), algorithm, extractable,
|
| - usage_mask, key);
|
| + return ImportKey(
|
| + format, CryptoData(key_data), algorithm, extractable, usage_mask, key);
|
| }
|
|
|
| Status EncryptInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| @@ -369,198 +362,174 @@ Status DecryptInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| return Decrypt(algorithm, key, CryptoData(data), buffer);
|
| }
|
|
|
| +blink::WebCryptoKey ImportSecretKeyFromRaw(
|
| + const std::vector<uint8>& key_raw,
|
| + const blink::WebCryptoAlgorithm& algorithm,
|
| + blink::WebCryptoKeyUsageMask usage) {
|
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| + bool extractable = true;
|
| + EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + key_raw,
|
| + algorithm,
|
| + extractable,
|
| + usage,
|
| + &key));
|
|
|
| - // TODO: de-indent.
|
| - blink::WebCryptoKey ImportSecretKeyFromRaw(
|
| - const std::vector<uint8>& key_raw,
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - blink::WebCryptoKeyUsageMask usage) {
|
| - blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| - bool extractable = true;
|
| - EXPECT_STATUS_SUCCESS(
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - key_raw,
|
| - algorithm,
|
| - extractable,
|
| - usage,
|
| - &key));
|
| -
|
| - EXPECT_FALSE(key.isNull());
|
| - EXPECT_TRUE(key.handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| - EXPECT_EQ(algorithm.id(), key.algorithm().id());
|
| - EXPECT_EQ(extractable, key.extractable());
|
| - EXPECT_EQ(usage, key.usages());
|
| - return key;
|
| - }
|
| -
|
| - void ImportRsaKeyPair(
|
| - const std::vector<uint8>& spki_der,
|
| - const std::vector<uint8>& pkcs8_der,
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* public_key,
|
| - blink::WebCryptoKey* private_key) {
|
| - EXPECT_STATUS_SUCCESS(ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatSpki,
|
| - spki_der,
|
| - algorithm,
|
| - true,
|
| - usage_mask,
|
| - public_key));
|
| - EXPECT_FALSE(public_key->isNull());
|
| - EXPECT_TRUE(public_key->handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
|
| - EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
|
| - EXPECT_EQ(extractable, extractable);
|
| - EXPECT_EQ(usage_mask, public_key->usages());
|
| -
|
| - EXPECT_STATUS_SUCCESS(ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatPkcs8,
|
| - pkcs8_der,
|
| - algorithm,
|
| - extractable,
|
| - usage_mask,
|
| - private_key));
|
| - EXPECT_FALSE(private_key->isNull());
|
| - EXPECT_TRUE(private_key->handle());
|
| - EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
|
| - EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
|
| - EXPECT_EQ(extractable, extractable);
|
| - EXPECT_EQ(usage_mask, private_key->usages());
|
| - }
|
| -
|
| - // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
|
| - // runtime dependency. Test it by trying to import a key.
|
| - bool SupportsAesGcm() {
|
| - std::vector<uint8> key_raw(16, 0);
|
| + EXPECT_FALSE(key.isNull());
|
| + EXPECT_TRUE(key.handle());
|
| + EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| + EXPECT_EQ(algorithm.id(), key.algorithm().id());
|
| + EXPECT_EQ(extractable, key.extractable());
|
| + EXPECT_EQ(usage, key.usages());
|
| + return key;
|
| +}
|
|
|
| - blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| - Status status = ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatRaw,
|
| - key_raw,
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key);
|
| +void ImportRsaKeyPair(const std::vector<uint8>& spki_der,
|
| + const std::vector<uint8>& pkcs8_der,
|
| + const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* public_key,
|
| + blink::WebCryptoKey* private_key) {
|
| + EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatSpki,
|
| + spki_der,
|
| + algorithm,
|
| + true,
|
| + usage_mask,
|
| + public_key));
|
| + EXPECT_FALSE(public_key->isNull());
|
| + EXPECT_TRUE(public_key->handle());
|
| + EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
|
| + EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
|
| + EXPECT_EQ(extractable, extractable);
|
| + EXPECT_EQ(usage_mask, public_key->usages());
|
| +
|
| + EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8,
|
| + pkcs8_der,
|
| + algorithm,
|
| + extractable,
|
| + usage_mask,
|
| + private_key));
|
| + EXPECT_FALSE(private_key->isNull());
|
| + EXPECT_TRUE(private_key->handle());
|
| + EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
|
| + EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
|
| + EXPECT_EQ(extractable, extractable);
|
| + EXPECT_EQ(usage_mask, private_key->usages());
|
| +}
|
|
|
| - if (status.IsError())
|
| - EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());
|
| - return status.IsSuccess();
|
| - }
|
| +// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
|
| +// runtime dependency. Test it by trying to import a key.
|
| +bool SupportsAesGcm() {
|
| + std::vector<uint8> key_raw(16, 0);
|
|
|
| - Status AesGcmEncrypt(const blink::WebCryptoKey& key,
|
| - const std::vector<uint8>& iv,
|
| - const std::vector<uint8>& additional_data,
|
| - unsigned int tag_length_bits,
|
| - const std::vector<uint8>& plain_text,
|
| - std::vector<uint8>* cipher_text,
|
| - std::vector<uint8>* authentication_tag) {
|
| - blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm(
|
| - iv, additional_data, tag_length_bits);
|
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| + Status status =
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + key_raw,
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key);
|
|
|
| - blink::WebArrayBuffer output;
|
| - Status status = EncryptInternal(algorithm, key, plain_text, &output);
|
| - if (status.IsError())
|
| - return status;
|
| + if (status.IsError())
|
| + EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());
|
| + return status.IsSuccess();
|
| +}
|
|
|
| - if (output.byteLength() * 8 < tag_length_bits) {
|
| - EXPECT_TRUE(false);
|
| - return Status::Error();
|
| - }
|
| +Status AesGcmEncrypt(const blink::WebCryptoKey& key,
|
| + const std::vector<uint8>& iv,
|
| + const std::vector<uint8>& additional_data,
|
| + unsigned int tag_length_bits,
|
| + const std::vector<uint8>& plain_text,
|
| + std::vector<uint8>* cipher_text,
|
| + std::vector<uint8>* authentication_tag) {
|
| + blink::WebCryptoAlgorithm algorithm =
|
| + CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
|
|
|
| - // The encryption result is cipher text with authentication tag appended.
|
| - cipher_text->assign(
|
| - static_cast<uint8*>(output.data()),
|
| - static_cast<uint8*>(output.data()) +
|
| - (output.byteLength() - tag_length_bits / 8));
|
| - authentication_tag->assign(
|
| - static_cast<uint8*>(output.data()) + cipher_text->size(),
|
| - static_cast<uint8*>(output.data()) + output.byteLength());
|
| + blink::WebArrayBuffer output;
|
| + Status status = EncryptInternal(algorithm, key, plain_text, &output);
|
| + if (status.IsError())
|
| + return status;
|
|
|
| - return Status::Success();
|
| + if (output.byteLength() * 8 < tag_length_bits) {
|
| + EXPECT_TRUE(false);
|
| + return Status::Error();
|
| }
|
|
|
| - Status AesGcmDecrypt(const blink::WebCryptoKey& key,
|
| - const std::vector<uint8>& iv,
|
| - const std::vector<uint8>& additional_data,
|
| - unsigned int tag_length_bits,
|
| - const std::vector<uint8>& cipher_text,
|
| - const std::vector<uint8>& authentication_tag,
|
| - blink::WebArrayBuffer* plain_text) {
|
| - blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm(
|
| - iv, additional_data, tag_length_bits);
|
| -
|
| - // Join cipher text and authentication tag.
|
| - std::vector<uint8> cipher_text_with_tag;
|
| - cipher_text_with_tag.reserve(
|
| - cipher_text.size() + authentication_tag.size());
|
| - cipher_text_with_tag.insert(
|
| - cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
|
| - cipher_text_with_tag.insert(
|
| - cipher_text_with_tag.end(), authentication_tag.begin(),
|
| - authentication_tag.end());
|
| -
|
| - return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text);
|
| - }
|
| + // The encryption result is cipher text with authentication tag appended.
|
| + cipher_text->assign(static_cast<uint8*>(output.data()),
|
| + static_cast<uint8*>(output.data()) +
|
| + (output.byteLength() - tag_length_bits / 8));
|
| + authentication_tag->assign(
|
| + static_cast<uint8*>(output.data()) + cipher_text->size(),
|
| + static_cast<uint8*>(output.data()) + output.byteLength());
|
|
|
| - // Helpers to pass vector<> in place of CryptoData.
|
| - Status DigestInternal(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - const std::vector<uint8>& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| - return Digest(algorithm, CryptoData(data), buffer);
|
| - }
|
| + return Status::Success();
|
| +}
|
|
|
| - Status SignInternal(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - const blink::WebCryptoKey& key,
|
| - const std::vector<uint8>& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| - return Sign(algorithm, key, CryptoData(data), buffer);
|
| - }
|
| +Status AesGcmDecrypt(const blink::WebCryptoKey& key,
|
| + const std::vector<uint8>& iv,
|
| + const std::vector<uint8>& additional_data,
|
| + unsigned int tag_length_bits,
|
| + const std::vector<uint8>& cipher_text,
|
| + const std::vector<uint8>& authentication_tag,
|
| + blink::WebArrayBuffer* plain_text) {
|
| + blink::WebCryptoAlgorithm algorithm =
|
| + CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
|
| +
|
| + // Join cipher text and authentication tag.
|
| + std::vector<uint8> cipher_text_with_tag;
|
| + cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size());
|
| + cipher_text_with_tag.insert(
|
| + cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
|
| + cipher_text_with_tag.insert(cipher_text_with_tag.end(),
|
| + authentication_tag.begin(),
|
| + authentication_tag.end());
|
| +
|
| + return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text);
|
| +}
|
|
|
| - Status VerifySignatureInternal(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - const blink::WebCryptoKey& key,
|
| - const CryptoData& signature,
|
| - const std::vector<uint8>& data,
|
| - bool* signature_match) {
|
| - return VerifySignature(algorithm,
|
| - key,
|
| - signature,
|
| - CryptoData(data),
|
| - signature_match);
|
| - }
|
| +// Helpers to pass vector<> in place of CryptoData.
|
| +Status DigestInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| + const std::vector<uint8>& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| + return Digest(algorithm, CryptoData(data), buffer);
|
| +}
|
|
|
| +Status SignInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| + const blink::WebCryptoKey& key,
|
| + const std::vector<uint8>& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| + return Sign(algorithm, key, CryptoData(data), buffer);
|
| +}
|
|
|
| - Status VerifySignatureInternal(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - const blink::WebCryptoKey& key,
|
| - const std::vector<uint8>& signature,
|
| - const std::vector<uint8>& data,
|
| - bool* signature_match) {
|
| - return VerifySignature(
|
| - algorithm,
|
| - key,
|
| - CryptoData(signature),
|
| - CryptoData(data),
|
| - signature_match);
|
| - }
|
| +Status VerifySignatureInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| + const blink::WebCryptoKey& key,
|
| + const CryptoData& signature,
|
| + const std::vector<uint8>& data,
|
| + bool* signature_match) {
|
| + return VerifySignature(
|
| + algorithm, key, signature, CryptoData(data), signature_match);
|
| +}
|
|
|
| - Status ImportKeyJwk(
|
| - const std::vector<uint8>& key_data,
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* key) {
|
| - return ImportKeyJwk(CryptoData(key_data),
|
| - algorithm,
|
| - extractable,
|
| - usage_mask,
|
| - key);
|
| - }
|
| +Status VerifySignatureInternal(const blink::WebCryptoAlgorithm& algorithm,
|
| + const blink::WebCryptoKey& key,
|
| + const std::vector<uint8>& signature,
|
| + const std::vector<uint8>& data,
|
| + bool* signature_match) {
|
| + return VerifySignature(
|
| + algorithm, key, CryptoData(signature), CryptoData(data), signature_match);
|
| +}
|
| +
|
| +Status ImportKeyJwk(const std::vector<uint8>& key_data,
|
| + const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) {
|
| + return ImportKeyJwk(
|
| + CryptoData(key_data), algorithm, extractable, usage_mask, key);
|
| +}
|
|
|
| } // namespace
|
|
|
| @@ -633,12 +602,11 @@ TEST_F(SharedCryptoTest, HMACSampleSets) {
|
| ExpectArrayBufferMatches(test_mac, output);
|
|
|
| bool signature_match = false;
|
| - EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - algorithm,
|
| - key,
|
| - CryptoData(output),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + EXPECT_STATUS_SUCCESS(VerifySignature(algorithm,
|
| + key,
|
| + CryptoData(output),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_TRUE(signature_match);
|
|
|
| // Ensure truncated signature does not verify by passing one less byte.
|
| @@ -652,22 +620,21 @@ TEST_F(SharedCryptoTest, HMACSampleSets) {
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure truncated signature does not verify by passing no bytes.
|
| - EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - algorithm,
|
| - key,
|
| - CryptoData(),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + EXPECT_STATUS_SUCCESS(VerifySignature(algorithm,
|
| + key,
|
| + CryptoData(),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure extra long signature does not cause issues and fails.
|
| - const unsigned char kLongSignature[1024] = { 0 };
|
| - EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - algorithm,
|
| - key,
|
| - CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + const unsigned char kLongSignature[1024] = {0};
|
| + EXPECT_STATUS_SUCCESS(
|
| + VerifySignature(algorithm,
|
| + key,
|
| + CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
| }
|
| }
|
| @@ -681,8 +648,7 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
|
|
|
| // Verify exported raw key is identical to the imported data
|
| blink::WebArrayBuffer raw_key;
|
| - EXPECT_STATUS_SUCCESS(
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| ExpectArrayBufferMatchesHex(key_hex, raw_key);
|
|
|
| blink::WebArrayBuffer output;
|
| @@ -691,20 +657,28 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
|
| {
|
| std::vector<uint8> input(32);
|
| std::vector<uint8> iv;
|
| - EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal(
|
| - webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| - EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal(
|
| - webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(
|
| + Status::ErrorIncorrectSizeAesCbcIv(),
|
| + EncryptInternal(
|
| + webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(
|
| + Status::ErrorIncorrectSizeAesCbcIv(),
|
| + DecryptInternal(
|
| + webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| }
|
|
|
| // Use an invalid |iv| (more than 16 bytes)
|
| {
|
| std::vector<uint8> input(32);
|
| std::vector<uint8> iv(17);
|
| - EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal(
|
| - webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| - EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal(
|
| - webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(
|
| + Status::ErrorIncorrectSizeAesCbcIv(),
|
| + EncryptInternal(
|
| + webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(
|
| + Status::ErrorIncorrectSizeAesCbcIv(),
|
| + DecryptInternal(
|
| + webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output));
|
| }
|
|
|
| // Give an input that is too large (would cause integer overflow when
|
| @@ -717,10 +691,10 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
|
| // data.
|
| CryptoData input(&iv[0], INT_MAX - 3);
|
|
|
| - EXPECT_STATUS(Status::ErrorDataTooLarge(), Encrypt(
|
| - CreateAesCbcAlgorithm(iv), key, input, &output));
|
| - EXPECT_STATUS(Status::ErrorDataTooLarge(), Decrypt(
|
| - CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(Status::ErrorDataTooLarge(),
|
| + Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
|
| + EXPECT_STATUS(Status::ErrorDataTooLarge(),
|
| + Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
|
| }
|
|
|
| // Fail importing the key (too few bytes specified)
|
| @@ -729,22 +703,21 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
|
| std::vector<uint8> iv(16);
|
|
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| - EXPECT_STATUS(
|
| - Status::Error(),
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - key_raw,
|
| - CreateAesCbcAlgorithm(iv),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(Status::Error(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + key_raw,
|
| + CreateAesCbcAlgorithm(iv),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| }
|
|
|
| // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
|
| // keys).
|
| EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| - ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| + ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| EXPECT_STATUS(Status::ErrorUnsupported(),
|
| - ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
|
| + ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
|
| @@ -770,28 +743,26 @@ TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
|
|
|
| // Verify exported raw key is identical to the imported data
|
| blink::WebArrayBuffer raw_key;
|
| - EXPECT_STATUS_SUCCESS(ExportKey(
|
| - blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| ExpectArrayBufferMatches(test_key, raw_key);
|
|
|
| blink::WebArrayBuffer output;
|
|
|
| // Test encryption.
|
| - EXPECT_STATUS(
|
| - Status::Success(),
|
| - EncryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv),
|
| - key,
|
| - test_plain_text,
|
| - &output));
|
| + EXPECT_STATUS(Status::Success(),
|
| + EncryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv),
|
| + key,
|
| + test_plain_text,
|
| + &output));
|
| ExpectArrayBufferMatches(test_cipher_text, output);
|
|
|
| // Test decryption.
|
| - EXPECT_STATUS(
|
| - Status::Success(),
|
| - DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv),
|
| - key,
|
| - test_cipher_text,
|
| - &output));
|
| + EXPECT_STATUS(Status::Success(),
|
| + DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv),
|
| + key,
|
| + test_cipher_text,
|
| + &output));
|
| ExpectArrayBufferMatches(test_plain_text, output);
|
|
|
| const unsigned int kAesCbcBlockSize = 16;
|
| @@ -815,8 +786,7 @@ TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
|
| Status::Error(),
|
| Decrypt(CreateAesCbcAlgorithm(test_iv),
|
| key,
|
| - CryptoData(&test_cipher_text[0],
|
| - test_cipher_text.size() - 3),
|
| + CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3),
|
| &output));
|
| }
|
| }
|
| @@ -840,8 +810,7 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
|
| // Generate a small sample of keys.
|
| keys.clear();
|
| for (int j = 0; j < 16; ++j) {
|
| - ASSERT_STATUS_SUCCESS(GenerateSecretKey(
|
| - algorithm[i], true, 0, &key));
|
| + ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key));
|
| EXPECT_TRUE(key.handle());
|
| EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| ASSERT_STATUS_SUCCESS(
|
| @@ -859,12 +828,15 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
|
| SCOPED_TRACE(i);
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey(
|
| - CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey(
|
| - CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey(
|
| - CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| + EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
|
| + GenerateSecretKey(
|
| + CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| + EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
|
| + GenerateSecretKey(
|
| + CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| + EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
|
| + GenerateSecretKey(
|
| + CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
|
| }
|
| }
|
|
|
| @@ -874,8 +846,8 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) {
|
| for (int i = 0; i < 16; ++i) {
|
| blink::WebArrayBuffer key_bytes;
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| - blink::WebCryptoAlgorithm algorithm = CreateHmacKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdSha1, 64);
|
| + blink::WebCryptoAlgorithm algorithm =
|
| + CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64);
|
| ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
|
| EXPECT_FALSE(key.isNull());
|
| EXPECT_TRUE(key.handle());
|
| @@ -902,16 +874,13 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) {
|
| EXPECT_TRUE(key.handle());
|
| EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| blink::WebArrayBuffer raw_key;
|
| - ASSERT_STATUS_SUCCESS(
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| EXPECT_EQ(64U, raw_key.byteLength());
|
|
|
| // The block size for HMAC SHA-512 is larger.
|
| - algorithm = CreateHmacKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdSha512, 0);
|
| + algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
|
| ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key));
|
| - ASSERT_STATUS_SUCCESS(
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| EXPECT_EQ(128U, raw_key.byteLength());
|
| }
|
|
|
| @@ -919,13 +888,13 @@ TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) {
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
|
|
| // This fails because the algorithm is null.
|
| - EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatRaw,
|
| - HexStringToBytes("00000000000000000000"),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + HexStringToBytes("00000000000000000000"),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, ImportJwkFailures) {
|
| @@ -941,44 +910,45 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) {
|
| // complete.
|
| base::DictionaryValue dict;
|
| RestoreJwkOctDictionary(&dict);
|
| - EXPECT_STATUS_SUCCESS(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
|
|
| // Fail on empty JSON.
|
| - EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyJwk(
|
| - MakeJsonVector(""), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorImportEmptyKeyData(),
|
| + ImportKeyJwk(MakeJsonVector(""), algorithm, false, usage_mask, &key));
|
|
|
| // Fail on invalid JSON.
|
| const std::vector<uint8> bad_json_vec = MakeJsonVector(
|
| "{"
|
| - "\"kty\" : \"oct\","
|
| - "\"alg\" : \"HS256\","
|
| - "\"use\" : "
|
| - );
|
| + "\"kty\" : \"oct\","
|
| + "\"alg\" : \"HS256\","
|
| + "\"use\" : ");
|
| EXPECT_STATUS(Status::ErrorJwkNotDictionary(),
|
| - ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key));
|
| + ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key));
|
|
|
| // Fail on JWK alg present but unrecognized.
|
| dict.SetString("alg", "A127CBC");
|
| - EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkUnrecognizedAlgorithm(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on both JWK and input algorithm missing.
|
| dict.Remove("alg", NULL);
|
| - EXPECT_STATUS(
|
| - Status::ErrorJwkAlgorithmMissing(),
|
| - ImportKeyJwk(MakeJsonVector(dict),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - false,
|
| - usage_mask,
|
| - &key));
|
| + EXPECT_STATUS(Status::ErrorJwkAlgorithmMissing(),
|
| + ImportKeyJwk(MakeJsonVector(dict),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + false,
|
| + usage_mask,
|
| + &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on invalid kty.
|
| dict.SetString("kty", "foo");
|
| - EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkUnrecognizedKty(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on missing kty.
|
| @@ -997,8 +967,9 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) {
|
|
|
| // Fail on invalid use.
|
| dict.SetString("use", "foo");
|
| - EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkUnrecognizedUsage(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on invalid use (wrong type).
|
| @@ -1026,8 +997,8 @@ TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
|
|
| // Baseline pass.
|
| - EXPECT_STATUS_SUCCESS(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| EXPECT_EQ(algorithm.id(), key.algorithm().id());
|
| EXPECT_FALSE(key.extractable());
|
| EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
| @@ -1051,22 +1022,25 @@ TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
|
|
|
| // Fail on empty k.
|
| dict.SetString("k", "");
|
| - EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkIncorrectKeyLength(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
|
| // value (128) for an AES key.
|
| dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
|
| - EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkIncorrectKeyLength(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
|
| // value (128) for an AES key.
|
| dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
|
| - EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkIncorrectKeyLength(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
| }
|
|
|
| @@ -1086,8 +1060,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
|
| // section 6.3.
|
|
|
| // Baseline pass.
|
| - EXPECT_STATUS_SUCCESS(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| EXPECT_EQ(algorithm.id(), key.algorithm().id());
|
| EXPECT_FALSE(key.extractable());
|
| EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
| @@ -1101,28 +1075,29 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
|
|
|
| // Fail on missing parameter.
|
| dict.Remove(kKtyParmName[idx], NULL);
|
| - EXPECT_STATUS_ERROR(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_ERROR(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkRsaDictionary(&dict);
|
|
|
| // Fail on bad b64 parameter encoding.
|
| dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
|
| - EXPECT_STATUS_ERROR(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_ERROR(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkRsaDictionary(&dict);
|
|
|
| // Fail on empty parameter.
|
| dict.SetString(kKtyParmName[idx], "");
|
| - EXPECT_STATUS_ERROR(ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS_ERROR(
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkRsaDictionary(&dict);
|
| }
|
|
|
| // Fail if "d" parameter is present, implying the JWK is a private key, which
|
| // is not supported.
|
| dict.SetString("d", "Qk3f0Dsyt");
|
| - EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), ImportKeyJwk(
|
| - MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkRsaPrivateKeyUnsupported(),
|
| + ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key));
|
| RestoreJwkRsaDictionary(&dict);
|
| }
|
|
|
| @@ -1140,8 +1115,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
|
| dict.SetString("kty", "oct");
|
| dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| std::vector<uint8> json_vec = MakeJsonVector(dict);
|
| - EXPECT_STATUS_SUCCESS(ImportKeyJwk(
|
| - json_vec, algorithm, extractable, usage_mask, &key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
|
| EXPECT_TRUE(key.handle());
|
| EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| EXPECT_EQ(extractable, key.extractable());
|
| @@ -1170,7 +1145,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
|
| // 2. input=T, JWK=T ==> pass, result extractable is T
|
| // 3. input=F, JWK=T ==> pass, result extractable is F
|
| EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(),
|
| - ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key));
|
| + ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key));
|
| EXPECT_STATUS_SUCCESS(
|
| ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
|
| EXPECT_FALSE(key.extractable());
|
| @@ -1185,28 +1160,29 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
|
|
|
| // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
|
| // (HMAC SHA256).
|
| - EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk(
|
| - json_vec,
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - extractable,
|
| - usage_mask,
|
| - &key));
|
| + EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(),
|
| + ImportKeyJwk(json_vec,
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + extractable,
|
| + usage_mask,
|
| + &key));
|
|
|
| // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
|
| // (HMAC SHA256).
|
| - EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk(
|
| - json_vec,
|
| - CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1),
|
| - extractable,
|
| - usage_mask,
|
| - &key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorJwkAlgorithmInconsistent(),
|
| + ImportKeyJwk(json_vec,
|
| + CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1),
|
| + extractable,
|
| + usage_mask,
|
| + &key));
|
|
|
| // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value.
|
| EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec,
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - extractable,
|
| - usage_mask,
|
| - &key));
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + extractable,
|
| + usage_mask,
|
| + &key));
|
| EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
|
|
|
| // Pass: JWK alg missing but input algorithm specified: use input value
|
| @@ -1222,8 +1198,12 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
|
|
|
| // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
|
| // (sign|verify)
|
| - EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk(
|
| - json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key));
|
| + EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(),
|
| + ImportKeyJwk(json_vec,
|
| + algorithm,
|
| + extractable,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
|
|
| // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
|
| // value (sign|verify)
|
| @@ -1261,8 +1241,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
|
| dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| std::vector<uint8> json_vec = MakeJsonVector(dict);
|
|
|
| - ASSERT_STATUS_SUCCESS(ImportKeyJwk(
|
| - json_vec, algorithm, extractable, usage_mask, &key));
|
| + ASSERT_STATUS_SUCCESS(
|
| + ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
|
|
|
| const std::vector<uint8> message_raw = HexStringToBytes(
|
| "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
|
| @@ -1298,54 +1278,55 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
|
| EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
|
|
|
| // Failing case: Empty SPKI data
|
| - EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatSpki,
|
| - std::vector<uint8>(),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatSpki,
|
| + std::vector<uint8>(),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
|
|
| // Failing case: Import RSA key with NULL input algorithm. This is not
|
| // allowed because the SPKI ASN.1 format for RSA keys is not specific enough
|
| // to map to a Web Crypto algorithm.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatSpki,
|
| - HexStringToBytes(kPublicKeySpkiDerHex),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(Status::Error(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(kPublicKeySpkiDerHex),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
|
|
| // Failing case: Bad DER encoding.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatSpki,
|
| - HexStringToBytes("618333c4cb"),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(Status::Error(),
|
| + ImportKeyInternal(
|
| + blink::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes("618333c4cb"),
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
|
|
| // Failing case: Import RSA key but provide an inconsistent input algorithm.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatSpki,
|
| - HexStringToBytes(kPublicKeySpkiDerHex),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - true,
|
| - blink::WebCryptoKeyUsageEncrypt,
|
| - &key));
|
| + EXPECT_STATUS(
|
| + Status::Error(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(kPublicKeySpkiDerHex),
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
|
|
| // Passing case: Export a previously imported RSA public key in SPKI format
|
| // and compare to original data.
|
| blink::WebArrayBuffer output;
|
| - ASSERT_STATUS_SUCCESS(
|
| - ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| + ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output);
|
|
|
| // Failing case: Try to export a previously imported RSA public key in raw
|
| // format (not allowed for a public key).
|
| EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| - ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
|
|
|
| // Failing case: Try to export a non-extractable key
|
| ASSERT_STATUS_SUCCESS(ImportKeyInternal(
|
| @@ -1358,7 +1339,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
|
| EXPECT_TRUE(key.handle());
|
| EXPECT_FALSE(key.extractable());
|
| EXPECT_STATUS(Status::ErrorKeyNotExtractable(),
|
| - ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| + ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) {
|
| @@ -1377,42 +1358,44 @@ TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) {
|
| EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
|
|
|
| // Failing case: Empty PKCS#8 data
|
| - EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatPkcs8,
|
| - std::vector<uint8>(),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - true,
|
| - blink::WebCryptoKeyUsageSign,
|
| - &key));
|
| + EXPECT_STATUS(Status::ErrorImportEmptyKeyData(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8,
|
| + std::vector<uint8>(),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
|
|
| // Failing case: Import RSA key with NULL input algorithm. This is not
|
| // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough
|
| // to map to a Web Crypto algorithm.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatPkcs8,
|
| - HexStringToBytes(kPrivateKeyPkcs8DerHex),
|
| - blink::WebCryptoAlgorithm::createNull(),
|
| - true,
|
| - blink::WebCryptoKeyUsageSign,
|
| - &key));
|
| + EXPECT_STATUS(Status::Error(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8,
|
| + HexStringToBytes(kPrivateKeyPkcs8DerHex),
|
| + blink::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
|
|
| // Failing case: Bad DER encoding.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatPkcs8,
|
| - HexStringToBytes("618333c4cb"),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
|
| - true,
|
| - blink::WebCryptoKeyUsageSign,
|
| - &key));
|
| + EXPECT_STATUS(Status::Error(),
|
| + ImportKeyInternal(
|
| + blink::WebCryptoKeyFormatPkcs8,
|
| + HexStringToBytes("618333c4cb"),
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
|
|
| // Failing case: Import RSA key but provide an inconsistent input algorithm.
|
| - EXPECT_STATUS(Status::Error(), ImportKeyInternal(
|
| - blink::WebCryptoKeyFormatPkcs8,
|
| - HexStringToBytes(kPrivateKeyPkcs8DerHex),
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| - true,
|
| - blink::WebCryptoKeyUsageSign,
|
| - &key));
|
| + EXPECT_STATUS(
|
| + Status::Error(),
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8,
|
| + HexStringToBytes(kPrivateKeyPkcs8DerHex),
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
|
| @@ -1421,10 +1404,10 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
|
| // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
|
| const unsigned int modulus_length = 256;
|
| const std::vector<uint8> public_exponent = HexStringToBytes("010001");
|
| - blink::WebCryptoAlgorithm algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| - modulus_length,
|
| - public_exponent);
|
| + blink::WebCryptoAlgorithm algorithm =
|
| + CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| + modulus_length,
|
| + public_exponent);
|
| bool extractable = false;
|
| const blink::WebCryptoKeyUsageMask usage_mask = 0;
|
| blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
|
| @@ -1443,48 +1426,51 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
|
| // Fail with bad modulus.
|
| algorithm = CreateRsaKeyGenAlgorithm(
|
| blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
|
| - EXPECT_STATUS(Status::ErrorGenerateRsaZeroModulus(), GenerateKeyPair(
|
| - algorithm, extractable, usage_mask, &public_key, &private_key));
|
| + EXPECT_STATUS(
|
| + Status::ErrorGenerateRsaZeroModulus(),
|
| + GenerateKeyPair(
|
| + algorithm, extractable, usage_mask, &public_key, &private_key));
|
|
|
| // Fail with bad exponent: larger than unsigned long.
|
| unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT
|
| const std::vector<uint8> long_exponent(exponent_length, 0x01);
|
| algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| - modulus_length,
|
| - long_exponent);
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(),
|
| - GenerateKeyPair(algorithm, extractable, usage_mask, &public_key,
|
| - &private_key));
|
| + blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent);
|
| + EXPECT_STATUS(
|
| + Status::ErrorGenerateKeyPublicExponent(),
|
| + GenerateKeyPair(
|
| + algorithm, extractable, usage_mask, &public_key, &private_key));
|
|
|
| // Fail with bad exponent: empty.
|
| const std::vector<uint8> empty_exponent;
|
| - algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| - modulus_length,
|
| - empty_exponent);
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(),
|
| - GenerateKeyPair(algorithm, extractable, usage_mask, &public_key,
|
| - &private_key));
|
| + algorithm =
|
| + CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| + modulus_length,
|
| + empty_exponent);
|
| + EXPECT_STATUS(
|
| + Status::ErrorGenerateKeyPublicExponent(),
|
| + GenerateKeyPair(
|
| + algorithm, extractable, usage_mask, &public_key, &private_key));
|
|
|
| // Fail with bad exponent: all zeros.
|
| std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
|
| - algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| - modulus_length,
|
| - exponent_with_leading_zeros);
|
| - EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(),
|
| - GenerateKeyPair(algorithm, extractable, usage_mask, &public_key,
|
| - &private_key));
|
| + algorithm =
|
| + CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| + modulus_length,
|
| + exponent_with_leading_zeros);
|
| + EXPECT_STATUS(
|
| + Status::ErrorGenerateKeyPublicExponent(),
|
| + GenerateKeyPair(
|
| + algorithm, extractable, usage_mask, &public_key, &private_key));
|
|
|
| // Key generation success using exponent with leading zeros.
|
| exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
|
| public_exponent.begin(),
|
| public_exponent.end());
|
| - algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| - modulus_length,
|
| - exponent_with_leading_zeros);
|
| + algorithm =
|
| + CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| + modulus_length,
|
| + exponent_with_leading_zeros);
|
| EXPECT_STATUS_SUCCESS(GenerateKeyPair(
|
| algorithm, extractable, usage_mask, &public_key, &private_key));
|
| EXPECT_FALSE(public_key.isNull());
|
| @@ -1511,12 +1497,12 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
|
| EXPECT_EQ(usage_mask, private_key.usages());
|
|
|
| // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
|
| - algorithm = CreateRsaKeyGenAlgorithm(
|
| - blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| - modulus_length,
|
| - public_exponent);
|
| - EXPECT_STATUS_SUCCESS(GenerateKeyPair(
|
| - algorithm, false, usage_mask, &public_key, &private_key));
|
| + algorithm =
|
| + CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| + modulus_length,
|
| + public_exponent);
|
| + EXPECT_STATUS_SUCCESS(
|
| + GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key));
|
| EXPECT_FALSE(public_key.isNull());
|
| EXPECT_FALSE(private_key.isNull());
|
| EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
|
| @@ -1531,15 +1517,15 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
|
| // Exporting a private key as SPKI format doesn't make sense. However this
|
| // will first fail because the key is not extractable.
|
| blink::WebArrayBuffer output;
|
| - EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKey(
|
| - blink::WebCryptoKeyFormatSpki, private_key, &output));
|
| + EXPECT_STATUS(Status::ErrorKeyNotExtractable(),
|
| + ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
|
|
|
| // Re-generate an extractable private_key and try to export it as SPKI format.
|
| // This should fail since spki is for public keys.
|
| - EXPECT_STATUS_SUCCESS(GenerateKeyPair(
|
| - algorithm, true, usage_mask, &public_key, &private_key));
|
| - EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKey(
|
| - blink::WebCryptoKeyFormatSpki, private_key, &output));
|
| + EXPECT_STATUS_SUCCESS(
|
| + GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key));
|
| + EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| + ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) {
|
| @@ -1562,34 +1548,26 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) {
|
| const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11;
|
| // There are two hex chars for each byte.
|
| const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2;
|
| - char max_data_hex[kMsgHexSize+1];
|
| + char max_data_hex[kMsgHexSize + 1];
|
| std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a');
|
| max_data_hex[kMsgHexSize] = '\0';
|
|
|
| // Verify encrypt / decrypt round trip on a few messages. Note that RSA
|
| // encryption does not support empty input.
|
| - algorithm =
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| - const char* const kTestDataHex[] = {
|
| - "ff",
|
| - "0102030405060708090a0b0c0d0e0f",
|
| - max_data_hex
|
| - };
|
| + algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| + const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f",
|
| + max_data_hex};
|
| blink::WebArrayBuffer encrypted_data;
|
| blink::WebArrayBuffer decrypted_data;
|
| for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) {
|
| SCOPED_TRACE(i);
|
| - EXPECT_STATUS_SUCCESS(EncryptInternal(
|
| - algorithm,
|
| - public_key,
|
| - HexStringToBytes(kTestDataHex[i]),
|
| - &encrypted_data));
|
| + EXPECT_STATUS_SUCCESS(EncryptInternal(algorithm,
|
| + public_key,
|
| + HexStringToBytes(kTestDataHex[i]),
|
| + &encrypted_data));
|
| EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength());
|
| ASSERT_STATUS_SUCCESS(Decrypt(
|
| - algorithm,
|
| - private_key,
|
| - CryptoData(encrypted_data),
|
| - &decrypted_data));
|
| + algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
|
| ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data);
|
| }
|
| }
|
| @@ -1613,8 +1591,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) {
|
| GetBytesFromHexString(test, "rsa_pkcs8_der");
|
| const std::vector<uint8> ciphertext =
|
| GetBytesFromHexString(test, "ciphertext");
|
| - const std::vector<uint8> cleartext =
|
| - GetBytesFromHexString(test, "cleartext");
|
| + const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext");
|
|
|
| // Import the key pair.
|
| blink::WebCryptoAlgorithm algorithm =
|
| @@ -1633,31 +1610,22 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) {
|
| // Decrypt the known-good ciphertext with the private key. As a check we must
|
| // get the known original cleartext.
|
| blink::WebArrayBuffer decrypted_data;
|
| - ASSERT_STATUS_SUCCESS(DecryptInternal(
|
| - algorithm,
|
| - private_key,
|
| - ciphertext,
|
| - &decrypted_data));
|
| + ASSERT_STATUS_SUCCESS(
|
| + DecryptInternal(algorithm, private_key, ciphertext, &decrypted_data));
|
| EXPECT_FALSE(decrypted_data.isNull());
|
| ExpectArrayBufferMatches(cleartext, decrypted_data);
|
|
|
| // Encrypt this decrypted data with the public key.
|
| blink::WebArrayBuffer encrypted_data;
|
| ASSERT_STATUS_SUCCESS(Encrypt(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(decrypted_data),
|
| - &encrypted_data));
|
| + algorithm, public_key, CryptoData(decrypted_data), &encrypted_data));
|
| EXPECT_EQ(128u, encrypted_data.byteLength());
|
|
|
| // Finally, decrypt the newly encrypted result with the private key, and
|
| // compare to the known original cleartext.
|
| decrypted_data.reset();
|
| ASSERT_STATUS_SUCCESS(Decrypt(
|
| - algorithm,
|
| - private_key,
|
| - CryptoData(encrypted_data),
|
| - &decrypted_data));
|
| + algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
|
| EXPECT_FALSE(decrypted_data.isNull());
|
| ExpectArrayBufferMatches(cleartext, decrypted_data);
|
| }
|
| @@ -1681,41 +1649,44 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) {
|
| blink::WebArrayBuffer encrypted_data;
|
| const std::string message_hex_str("0102030405060708090a0b0c0d0e0f");
|
| const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str));
|
| - EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| + EXPECT_STATUS(
|
| + Status::ErrorUnexpectedKeyType(),
|
| EncryptInternal(algorithm, private_key, message_hex, &encrypted_data));
|
|
|
| // Fail encrypt with empty message.
|
| - EXPECT_STATUS(Status::Error(), EncryptInternal(
|
| - algorithm, public_key, std::vector<uint8>(), &encrypted_data));
|
| + EXPECT_STATUS(
|
| + Status::Error(),
|
| + EncryptInternal(
|
| + algorithm, public_key, std::vector<uint8>(), &encrypted_data));
|
|
|
| // Fail encrypt with message too large. RSAES can operate on messages up to
|
| // length of k - 11 bytes, where k is the octet length of the RSA modulus.
|
| const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11;
|
| - EXPECT_STATUS(
|
| - Status::ErrorDataTooLarge(),
|
| - EncryptInternal(algorithm,
|
| - public_key,
|
| - std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'),
|
| - &encrypted_data));
|
| + EXPECT_STATUS(Status::ErrorDataTooLarge(),
|
| + EncryptInternal(algorithm,
|
| + public_key,
|
| + std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'),
|
| + &encrypted_data));
|
|
|
| // Generate encrypted data.
|
| - EXPECT_STATUS(Status::Success(),
|
| + EXPECT_STATUS(
|
| + Status::Success(),
|
| EncryptInternal(algorithm, public_key, message_hex, &encrypted_data));
|
|
|
| // Fail decrypt with a public key.
|
| blink::WebArrayBuffer decrypted_data;
|
| - EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), Decrypt(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(encrypted_data),
|
| - &decrypted_data));
|
| + EXPECT_STATUS(
|
| + Status::ErrorUnexpectedKeyType(),
|
| + Decrypt(
|
| + algorithm, public_key, CryptoData(encrypted_data), &decrypted_data));
|
|
|
| // Corrupt encrypted data; ensure decrypt fails because padding was disrupted.
|
| std::vector<uint8> corrupted_data(
|
| static_cast<uint8*>(encrypted_data.data()),
|
| static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength());
|
| corrupted_data[corrupted_data.size() / 2] ^= 0x01;
|
| - EXPECT_STATUS(Status::Error(),
|
| + EXPECT_STATUS(
|
| + Status::Error(),
|
| DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data));
|
|
|
| // TODO(padolph): Are there other specific data corruption scenarios to
|
| @@ -1723,10 +1694,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) {
|
|
|
| // Do a successful decrypt with good data just for confirmation.
|
| EXPECT_STATUS_SUCCESS(Decrypt(
|
| - algorithm,
|
| - private_key,
|
| - CryptoData(encrypted_data),
|
| - &decrypted_data));
|
| + algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
|
| ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
|
| }
|
|
|
| @@ -1765,11 +1733,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
|
|
| // Ensure truncated signature does not verify by passing no bytes.
|
| EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + algorithm, public_key, CryptoData(), CryptoData(data), &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure corrupted signature does not verify.
|
| @@ -1778,45 +1742,43 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| static_cast<uint8*>(signature.data()) + signature.byteLength());
|
| corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
|
| EXPECT_STATUS_SUCCESS(VerifySignatureInternal(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(corrupt_sig),
|
| - data,
|
| - &signature_match));
|
| + algorithm, public_key, CryptoData(corrupt_sig), data, &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure signatures that are greater than the modulus size fail.
|
| const unsigned int long_message_size_bytes = 1024;
|
| - DCHECK_GT(long_message_size_bytes, kModulusLength/8);
|
| - const unsigned char kLongSignature[long_message_size_bytes] = { 0 };
|
| - EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + DCHECK_GT(long_message_size_bytes, kModulusLength / 8);
|
| + const unsigned char kLongSignature[long_message_size_bytes] = {0};
|
| + EXPECT_STATUS_SUCCESS(
|
| + VerifySignature(algorithm,
|
| + public_key,
|
| + CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| + CryptoData(data),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure that verifying using a private key, rather than a public key, fails.
|
| - EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignature(
|
| - algorithm,
|
| - private_key,
|
| - CryptoData(signature),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| + VerifySignature(algorithm,
|
| + private_key,
|
| + CryptoData(signature),
|
| + CryptoData(data),
|
| + &signature_match));
|
|
|
| // Ensure that signing using a public key, rather than a private key, fails.
|
| EXPECT_STATUS(Status::ErrorUnexpectedKeyType(),
|
| - SignInternal(algorithm, public_key, data, &signature));
|
| + SignInternal(algorithm, public_key, data, &signature));
|
|
|
| // Ensure that signing and verifying with an incompatible algorithm fails.
|
| - algorithm =
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| + algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| EXPECT_STATUS(Status::ErrorUnexpected(),
|
| - SignInternal(algorithm, private_key, data, &signature));
|
| - EXPECT_STATUS(Status::ErrorUnexpected(), VerifySignature(
|
| - algorithm, public_key, CryptoData(signature), CryptoData(data),
|
| - &signature_match));
|
| + SignInternal(algorithm, private_key, data, &signature));
|
| + EXPECT_STATUS(Status::ErrorUnexpected(),
|
| + VerifySignature(algorithm,
|
| + public_key,
|
| + CryptoData(signature),
|
| + CryptoData(data),
|
| + &signature_match));
|
|
|
| // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
|
| // based solely on the contents of the input signature data. In the Web Crypto
|
| @@ -1828,12 +1790,13 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| // is specified by the input algorithm (desired), the verify will fail.
|
|
|
| // Compute a signature using SHA-1 as the inner hash.
|
| - EXPECT_STATUS_SUCCESS(SignInternal(CreateRsaAlgorithmWithInnerHash(
|
| - blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| - blink::WebCryptoAlgorithmIdSha1),
|
| - private_key,
|
| - data,
|
| - &signature));
|
| + EXPECT_STATUS_SUCCESS(
|
| + SignInternal(CreateRsaAlgorithmWithInnerHash(
|
| + blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| + blink::WebCryptoAlgorithmIdSha1),
|
| + private_key,
|
| + data,
|
| + &signature));
|
|
|
| // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
|
| // signature should not verify.
|
| @@ -1841,14 +1804,14 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
|
| // it has no inner hash to conflict with the input algorithm.
|
| bool is_match;
|
| - EXPECT_STATUS_SUCCESS(VerifySignature(
|
| - CreateRsaAlgorithmWithInnerHash(
|
| - blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| - blink::WebCryptoAlgorithmIdSha256),
|
| - public_key,
|
| - CryptoData(signature),
|
| - CryptoData(data),
|
| - &is_match));
|
| + EXPECT_STATUS_SUCCESS(
|
| + VerifySignature(CreateRsaAlgorithmWithInnerHash(
|
| + blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
|
| + blink::WebCryptoAlgorithmIdSha256),
|
| + public_key,
|
| + CryptoData(signature),
|
| + CryptoData(data),
|
| + &is_match));
|
| EXPECT_FALSE(is_match);
|
| }
|
|
|
| @@ -1891,11 +1854,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
|
|
|
| bool is_match = false;
|
| ASSERT_STATUS_SUCCESS(VerifySignatureInternal(
|
| - algorithm,
|
| - public_key,
|
| - test_signature,
|
| - test_message,
|
| - &is_match));
|
| + algorithm, public_key, test_signature, test_message, &is_match));
|
| EXPECT_TRUE(is_match);
|
| }
|
| }
|
| @@ -1914,9 +1873,8 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
|
| blink::WebCryptoKeyUsageWrapKey,
|
| &key));
|
| blink::WebArrayBuffer key_raw_out;
|
| - EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw,
|
| - key,
|
| - &key_raw_out));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
|
| ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
|
|
|
| // Import a 192-bit KEK
|
| @@ -1927,9 +1885,8 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
|
| true,
|
| blink::WebCryptoKeyUsageWrapKey,
|
| &key));
|
| - EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw,
|
| - key,
|
| - &key_raw_out));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
|
| ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
|
|
|
| // Import a 256-bit Key Encryption Key (KEK)
|
| @@ -1941,50 +1898,49 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
|
| true,
|
| blink::WebCryptoKeyUsageWrapKey,
|
| &key));
|
| - EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw,
|
| - key,
|
| - &key_raw_out));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
|
| ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
|
|
|
| // Fail import of 0 length key
|
| EXPECT_STATUS(Status::Error(),
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - HexStringToBytes(""),
|
| - algorithm,
|
| - true,
|
| - blink::WebCryptoKeyUsageWrapKey,
|
| - &key));
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + HexStringToBytes(""),
|
| + algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageWrapKey,
|
| + &key));
|
|
|
| // Fail import of 124-bit KEK
|
| key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb";
|
| EXPECT_STATUS(Status::Error(),
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - HexStringToBytes(key_raw_hex_in),
|
| - algorithm,
|
| - true,
|
| - blink::WebCryptoKeyUsageWrapKey,
|
| - &key));
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + HexStringToBytes(key_raw_hex_in),
|
| + algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageWrapKey,
|
| + &key));
|
|
|
| // Fail import of 200-bit KEK
|
| key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e";
|
| EXPECT_STATUS(Status::Error(),
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - HexStringToBytes(key_raw_hex_in),
|
| - algorithm,
|
| - true,
|
| - blink::WebCryptoKeyUsageWrapKey,
|
| - &key));
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + HexStringToBytes(key_raw_hex_in),
|
| + algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageWrapKey,
|
| + &key));
|
|
|
| // Fail import of 260-bit KEK
|
| key_raw_hex_in =
|
| "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
|
| EXPECT_STATUS(Status::Error(),
|
| - ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| - HexStringToBytes(key_raw_hex_in),
|
| - algorithm,
|
| - true,
|
| - blink::WebCryptoKeyUsageWrapKey,
|
| - &key));
|
| + ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + HexStringToBytes(key_raw_hex_in),
|
| + algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageWrapKey,
|
| + &key));
|
| }
|
|
|
| // TODO(eroman):
|
| @@ -2026,46 +1982,69 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
|
|
|
| // Verify exported raw key is identical to the imported data
|
| blink::WebArrayBuffer raw_key;
|
| - EXPECT_STATUS_SUCCESS(ExportKey(
|
| - blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
|
|
|
| ExpectArrayBufferMatches(test_key, raw_key);
|
|
|
| // Test encryption.
|
| std::vector<uint8> cipher_text;
|
| std::vector<uint8> authentication_tag;
|
| - EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data,
|
| - test_tag_size_bits, test_plain_text,
|
| - &cipher_text, &authentication_tag));
|
| + EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key,
|
| + test_iv,
|
| + test_additional_data,
|
| + test_tag_size_bits,
|
| + test_plain_text,
|
| + &cipher_text,
|
| + &authentication_tag));
|
|
|
| ExpectVectorMatches(test_cipher_text, cipher_text);
|
| ExpectVectorMatches(test_authentication_tag, authentication_tag);
|
|
|
| // Test decryption.
|
| blink::WebArrayBuffer plain_text;
|
| - EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data,
|
| - test_tag_size_bits, test_cipher_text,
|
| - test_authentication_tag, &plain_text));
|
| + EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key,
|
| + test_iv,
|
| + test_additional_data,
|
| + test_tag_size_bits,
|
| + test_cipher_text,
|
| + test_authentication_tag,
|
| + &plain_text));
|
| ExpectArrayBufferMatches(test_plain_text, plain_text);
|
|
|
| // Decryption should fail if any of the inputs are tampered with.
|
| EXPECT_STATUS(Status::Error(),
|
| - AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data,
|
| - test_tag_size_bits, test_cipher_text,
|
| - test_authentication_tag, &plain_text));
|
| + AesGcmDecrypt(key,
|
| + Corrupted(test_iv),
|
| + test_additional_data,
|
| + test_tag_size_bits,
|
| + test_cipher_text,
|
| + test_authentication_tag,
|
| + &plain_text));
|
| EXPECT_STATUS(Status::Error(),
|
| - AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data),
|
| - test_tag_size_bits, test_cipher_text,
|
| - test_authentication_tag, &plain_text));
|
| + AesGcmDecrypt(key,
|
| + test_iv,
|
| + Corrupted(test_additional_data),
|
| + test_tag_size_bits,
|
| + test_cipher_text,
|
| + test_authentication_tag,
|
| + &plain_text));
|
| EXPECT_STATUS(Status::Error(),
|
| - AesGcmDecrypt(key, test_iv, test_additional_data,
|
| - test_tag_size_bits, Corrupted(test_cipher_text),
|
| - test_authentication_tag, &plain_text));
|
| + AesGcmDecrypt(key,
|
| + test_iv,
|
| + test_additional_data,
|
| + test_tag_size_bits,
|
| + Corrupted(test_cipher_text),
|
| + test_authentication_tag,
|
| + &plain_text));
|
| EXPECT_STATUS(Status::Error(),
|
| - AesGcmDecrypt(key, test_iv, test_additional_data,
|
| - test_tag_size_bits, test_cipher_text,
|
| - Corrupted(test_authentication_tag),
|
| - &plain_text));
|
| + AesGcmDecrypt(key,
|
| + test_iv,
|
| + test_additional_data,
|
| + test_tag_size_bits,
|
| + test_cipher_text,
|
| + Corrupted(test_authentication_tag),
|
| + &plain_text));
|
|
|
| // Try different incorrect tag lengths
|
| uint8 kAlternateTagLengths[] = {8, 96, 120, 128, 160, 255};
|
| @@ -2073,9 +2052,13 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
|
| unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i];
|
| if (test_tag_size_bits == wrong_tag_size_bits)
|
| continue;
|
| - EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data,
|
| - wrong_tag_size_bits, test_cipher_text,
|
| - test_authentication_tag, &plain_text));
|
| + EXPECT_STATUS_ERROR(AesGcmDecrypt(key,
|
| + test_iv,
|
| + test_additional_data,
|
| + wrong_tag_size_bits,
|
| + test_cipher_text,
|
| + test_authentication_tag,
|
| + &plain_text));
|
| }
|
| }
|
| }
|
|
|
Chromium Code Reviews
Issue 171503006:
[style] Run webcrypto files through clang-format. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src