Index: content/renderer/webcrypto/shared_crypto_unittest.cc |
diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc |
index 8f280e17dbddb50b1fb45347e106ddbf29bcaa49..f0288977e42c3183360a8db15c817a0e561ea45b 100644 |
--- a/content/renderer/webcrypto/shared_crypto_unittest.cc |
+++ b/content/renderer/webcrypto/shared_crypto_unittest.cc |
@@ -40,9 +40,9 @@ |
// Helper macros to verify the value of a Status. |
#define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) |
#define EXPECT_STATUS(expected, code) \ |
- EXPECT_EQ(expected.ToString(), (code).ToString()) |
+ EXPECT_EQ(expected.ToString(), (code).ToString()) |
#define ASSERT_STATUS(expected, code) \ |
- ASSERT_EQ(expected.ToString(), (code).ToString()) |
+ ASSERT_EQ(expected.ToString(), (code).ToString()) |
#define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) |
#define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) |
@@ -107,9 +107,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
// Reads a file in "src/content/test/data/webcrypto" to a base::Value. |
// The file must be JSON, however it can also include C++ style comments. |
-::testing::AssertionResult ReadJsonTestFile( |
- const char* test_file_name, |
- scoped_ptr<base::Value>* value) { |
+::testing::AssertionResult ReadJsonTestFile(const char* test_file_name, |
+ scoped_ptr<base::Value>* value) { |
base::FilePath test_data_dir; |
if (!PathService::Get(DIR_TEST_DATA, &test_data_dir)) |
return ::testing::AssertionFailure() << "Couldn't retrieve test dir"; |
@@ -119,8 +118,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
std::string file_contents; |
if (!base::ReadFileToString(file_path, &file_contents)) { |
- return ::testing::AssertionFailure() << "Couldn't read test file: " |
- << file_path.value(); |
+ return ::testing::AssertionFailure() |
+ << "Couldn't read test file: " << file_path.value(); |
} |
// Strip C++ style comments out of the "json" file, otherwise it cannot be |
@@ -130,8 +129,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
// Parse the JSON to a dictionary. |
value->reset(base::JSONReader::Read(file_contents)); |
if (!value->get()) { |
- return ::testing::AssertionFailure() << "Couldn't parse test file JSON: " |
- << file_path.value(); |
+ return ::testing::AssertionFailure() |
+ << "Couldn't parse test file JSON: " << file_path.value(); |
} |
return ::testing::AssertionSuccess(); |
@@ -163,9 +162,8 @@ std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
// string as a hex encoded string and converts it to a bytes list. |
// |
// Returns empty vector on failure. |
-std::vector<uint8> GetBytesFromHexString( |
- base::DictionaryValue* dict, |
- const char* property_name) { |
+std::vector<uint8> GetBytesFromHexString(base::DictionaryValue* dict, |
+ const char* property_name) { |
std::string hex_string; |
if (!dict->GetString(property_name, &hex_string)) { |
EXPECT_TRUE(false) << "Couldn't get string property: " << property_name; |
@@ -177,9 +175,8 @@ std::vector<uint8> GetBytesFromHexString( |
// Reads a string property with path "property_name" and converts it to a |
// WebCryptoAlgorith. Returns null algorithm on failure. |
-blink::WebCryptoAlgorithm GetDigestAlgorithm( |
- base::DictionaryValue* dict, |
- const char* property_name) { |
+blink::WebCryptoAlgorithm GetDigestAlgorithm(base::DictionaryValue* dict, |
+ const char* property_name) { |
std::string algorithm_name; |
if (!dict->GetString(property_name, &algorithm_name)) { |
EXPECT_TRUE(false) << "Couldn't get string property: " << property_name; |
@@ -189,13 +186,11 @@ blink::WebCryptoAlgorithm GetDigestAlgorithm( |
struct { |
const char* name; |
blink::WebCryptoAlgorithmId id; |
- } kDigestNameToId[] = { |
- {"sha-1", blink::WebCryptoAlgorithmIdSha1}, |
- {"sha-224", blink::WebCryptoAlgorithmIdSha224}, |
- {"sha-256", blink::WebCryptoAlgorithmIdSha256}, |
- {"sha-384", blink::WebCryptoAlgorithmIdSha384}, |
- {"sha-512", blink::WebCryptoAlgorithmIdSha512}, |
- }; |
+ } kDigestNameToId[] = {{"sha-1", blink::WebCryptoAlgorithmIdSha1}, |
+ {"sha-224", blink::WebCryptoAlgorithmIdSha224}, |
+ {"sha-256", blink::WebCryptoAlgorithmIdSha256}, |
+ {"sha-384", blink::WebCryptoAlgorithmIdSha384}, |
+ {"sha-512", blink::WebCryptoAlgorithmIdSha512}, }; |
for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { |
if (kDigestNameToId[i].name == algorithm_name) |
@@ -222,12 +217,13 @@ blink::WebCryptoAlgorithm CreateAesGcmAlgorithm( |
unsigned int tag_length_bits) { |
return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
blink::WebCryptoAlgorithmIdAesGcm, |
- new blink::WebCryptoAesGcmParams( |
- Uint8VectorStart(iv), iv.size(), |
- true, |
- Uint8VectorStart(additional_data), |
- additional_data.size(), |
- true, tag_length_bits)); |
+ new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv), |
+ iv.size(), |
+ true, |
+ Uint8VectorStart(additional_data), |
+ additional_data.size(), |
+ true, |
+ tag_length_bits)); |
} |
// Helper for ImportJwkRsaFailures. Restores the JWK JSON |
@@ -238,7 +234,8 @@ void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { |
dict->SetString("alg", "RSA1_5"); |
dict->SetString("use", "enc"); |
dict->SetBoolean("extractable", false); |
- dict->SetString("n", |
+ dict->SetString( |
+ "n", |
"qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
"p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
"e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
@@ -252,14 +249,12 @@ blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( |
algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
DCHECK(IsHashAlgorithm(hash_id)); |
return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
- algorithm_id, |
- new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); |
+ algorithm_id, new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); |
} |
// Determines if two ArrayBuffers have identical content. |
-bool ArrayBuffersEqual( |
- const blink::WebArrayBuffer& a, |
- const blink::WebArrayBuffer& b) { |
+bool ArrayBuffersEqual(const blink::WebArrayBuffer& a, |
+ const blink::WebArrayBuffer& b) { |
return a.byteLength() == b.byteLength() && |
memcmp(a.data(), b.data(), a.byteLength()) == 0; |
} |
@@ -338,9 +333,7 @@ const char* const kPrivateKeyPkcs8DerHex = |
class SharedCryptoTest : public testing::Test { |
protected: |
- virtual void SetUp() OVERRIDE { |
- Init(); |
- } |
+ virtual void SetUp() OVERRIDE { Init(); } |
}; |
// Wrappers to pass vector<> in place of CryptoData. |
@@ -351,8 +344,8 @@ Status ImportKeyInternal(blink::WebCryptoKeyFormat format, |
bool extractable, |
blink::WebCryptoKeyUsageMask usage_mask, |
blink::WebCryptoKey* key) { |
- return ImportKey(format, CryptoData(key_data), algorithm, extractable, |
- usage_mask, key); |
+ return ImportKey( |
+ format, CryptoData(key_data), algorithm, extractable, usage_mask, key); |
} |
Status EncryptInternal(const blink::WebCryptoAlgorithm& algorithm, |
@@ -369,198 +362,174 @@ Status DecryptInternal(const blink::WebCryptoAlgorithm& algorithm, |
return Decrypt(algorithm, key, CryptoData(data), buffer); |
} |
+blink::WebCryptoKey ImportSecretKeyFromRaw( |
+ const std::vector<uint8>& key_raw, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ blink::WebCryptoKeyUsageMask usage) { |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ bool extractable = true; |
+ EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ key_raw, |
+ algorithm, |
+ extractable, |
+ usage, |
+ &key)); |
- // TODO: de-indent. |
- blink::WebCryptoKey ImportSecretKeyFromRaw( |
- const std::vector<uint8>& key_raw, |
- const blink::WebCryptoAlgorithm& algorithm, |
- blink::WebCryptoKeyUsageMask usage) { |
- blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
- bool extractable = true; |
- EXPECT_STATUS_SUCCESS( |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- key_raw, |
- algorithm, |
- extractable, |
- usage, |
- &key)); |
- |
- EXPECT_FALSE(key.isNull()); |
- EXPECT_TRUE(key.handle()); |
- EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
- EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
- EXPECT_EQ(extractable, key.extractable()); |
- EXPECT_EQ(usage, key.usages()); |
- return key; |
- } |
- |
- void ImportRsaKeyPair( |
- const std::vector<uint8>& spki_der, |
- const std::vector<uint8>& pkcs8_der, |
- const blink::WebCryptoAlgorithm& algorithm, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- blink::WebCryptoKey* public_key, |
- blink::WebCryptoKey* private_key) { |
- EXPECT_STATUS_SUCCESS(ImportKeyInternal( |
- blink::WebCryptoKeyFormatSpki, |
- spki_der, |
- algorithm, |
- true, |
- usage_mask, |
- public_key)); |
- EXPECT_FALSE(public_key->isNull()); |
- EXPECT_TRUE(public_key->handle()); |
- EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); |
- EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); |
- EXPECT_EQ(extractable, extractable); |
- EXPECT_EQ(usage_mask, public_key->usages()); |
- |
- EXPECT_STATUS_SUCCESS(ImportKeyInternal( |
- blink::WebCryptoKeyFormatPkcs8, |
- pkcs8_der, |
- algorithm, |
- extractable, |
- usage_mask, |
- private_key)); |
- EXPECT_FALSE(private_key->isNull()); |
- EXPECT_TRUE(private_key->handle()); |
- EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); |
- EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); |
- EXPECT_EQ(extractable, extractable); |
- EXPECT_EQ(usage_mask, private_key->usages()); |
- } |
- |
- // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
- // runtime dependency. Test it by trying to import a key. |
- bool SupportsAesGcm() { |
- std::vector<uint8> key_raw(16, 0); |
+ EXPECT_FALSE(key.isNull()); |
+ EXPECT_TRUE(key.handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
+ EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
+ EXPECT_EQ(extractable, key.extractable()); |
+ EXPECT_EQ(usage, key.usages()); |
+ return key; |
+} |
- blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
- Status status = ImportKeyInternal( |
- blink::WebCryptoKeyFormatRaw, |
- key_raw, |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key); |
+void ImportRsaKeyPair(const std::vector<uint8>& spki_der, |
+ const std::vector<uint8>& pkcs8_der, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* public_key, |
+ blink::WebCryptoKey* private_key) { |
+ EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatSpki, |
+ spki_der, |
+ algorithm, |
+ true, |
+ usage_mask, |
+ public_key)); |
+ EXPECT_FALSE(public_key->isNull()); |
+ EXPECT_TRUE(public_key->handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); |
+ EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); |
+ EXPECT_EQ(extractable, extractable); |
+ EXPECT_EQ(usage_mask, public_key->usages()); |
+ |
+ EXPECT_STATUS_SUCCESS(ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8, |
+ pkcs8_der, |
+ algorithm, |
+ extractable, |
+ usage_mask, |
+ private_key)); |
+ EXPECT_FALSE(private_key->isNull()); |
+ EXPECT_TRUE(private_key->handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); |
+ EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); |
+ EXPECT_EQ(extractable, extractable); |
+ EXPECT_EQ(usage_mask, private_key->usages()); |
+} |
- if (status.IsError()) |
- EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString()); |
- return status.IsSuccess(); |
- } |
+// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
+// runtime dependency. Test it by trying to import a key. |
+bool SupportsAesGcm() { |
+ std::vector<uint8> key_raw(16, 0); |
- Status AesGcmEncrypt(const blink::WebCryptoKey& key, |
- const std::vector<uint8>& iv, |
- const std::vector<uint8>& additional_data, |
- unsigned int tag_length_bits, |
- const std::vector<uint8>& plain_text, |
- std::vector<uint8>* cipher_text, |
- std::vector<uint8>* authentication_tag) { |
- blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
- iv, additional_data, tag_length_bits); |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ Status status = |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ key_raw, |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key); |
- blink::WebArrayBuffer output; |
- Status status = EncryptInternal(algorithm, key, plain_text, &output); |
- if (status.IsError()) |
- return status; |
+ if (status.IsError()) |
+ EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString()); |
+ return status.IsSuccess(); |
+} |
- if (output.byteLength() * 8 < tag_length_bits) { |
- EXPECT_TRUE(false); |
- return Status::Error(); |
- } |
+Status AesGcmEncrypt(const blink::WebCryptoKey& key, |
+ const std::vector<uint8>& iv, |
+ const std::vector<uint8>& additional_data, |
+ unsigned int tag_length_bits, |
+ const std::vector<uint8>& plain_text, |
+ std::vector<uint8>* cipher_text, |
+ std::vector<uint8>* authentication_tag) { |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); |
- // The encryption result is cipher text with authentication tag appended. |
- cipher_text->assign( |
- static_cast<uint8*>(output.data()), |
- static_cast<uint8*>(output.data()) + |
- (output.byteLength() - tag_length_bits / 8)); |
- authentication_tag->assign( |
- static_cast<uint8*>(output.data()) + cipher_text->size(), |
- static_cast<uint8*>(output.data()) + output.byteLength()); |
+ blink::WebArrayBuffer output; |
+ Status status = EncryptInternal(algorithm, key, plain_text, &output); |
+ if (status.IsError()) |
+ return status; |
- return Status::Success(); |
+ if (output.byteLength() * 8 < tag_length_bits) { |
+ EXPECT_TRUE(false); |
+ return Status::Error(); |
} |
- Status AesGcmDecrypt(const blink::WebCryptoKey& key, |
- const std::vector<uint8>& iv, |
- const std::vector<uint8>& additional_data, |
- unsigned int tag_length_bits, |
- const std::vector<uint8>& cipher_text, |
- const std::vector<uint8>& authentication_tag, |
- blink::WebArrayBuffer* plain_text) { |
- blink::WebCryptoAlgorithm algorithm = CreateAesGcmAlgorithm( |
- iv, additional_data, tag_length_bits); |
- |
- // Join cipher text and authentication tag. |
- std::vector<uint8> cipher_text_with_tag; |
- cipher_text_with_tag.reserve( |
- cipher_text.size() + authentication_tag.size()); |
- cipher_text_with_tag.insert( |
- cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); |
- cipher_text_with_tag.insert( |
- cipher_text_with_tag.end(), authentication_tag.begin(), |
- authentication_tag.end()); |
- |
- return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text); |
- } |
+ // The encryption result is cipher text with authentication tag appended. |
+ cipher_text->assign(static_cast<uint8*>(output.data()), |
+ static_cast<uint8*>(output.data()) + |
+ (output.byteLength() - tag_length_bits / 8)); |
+ authentication_tag->assign( |
+ static_cast<uint8*>(output.data()) + cipher_text->size(), |
+ static_cast<uint8*>(output.data()) + output.byteLength()); |
- // Helpers to pass vector<> in place of CryptoData. |
- Status DigestInternal( |
- const blink::WebCryptoAlgorithm& algorithm, |
- const std::vector<uint8>& data, |
- blink::WebArrayBuffer* buffer) { |
- return Digest(algorithm, CryptoData(data), buffer); |
- } |
+ return Status::Success(); |
+} |
- Status SignInternal( |
- const blink::WebCryptoAlgorithm& algorithm, |
- const blink::WebCryptoKey& key, |
- const std::vector<uint8>& data, |
- blink::WebArrayBuffer* buffer) { |
- return Sign(algorithm, key, CryptoData(data), buffer); |
- } |
+Status AesGcmDecrypt(const blink::WebCryptoKey& key, |
+ const std::vector<uint8>& iv, |
+ const std::vector<uint8>& additional_data, |
+ unsigned int tag_length_bits, |
+ const std::vector<uint8>& cipher_text, |
+ const std::vector<uint8>& authentication_tag, |
+ blink::WebArrayBuffer* plain_text) { |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); |
+ |
+ // Join cipher text and authentication tag. |
+ std::vector<uint8> cipher_text_with_tag; |
+ cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size()); |
+ cipher_text_with_tag.insert( |
+ cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); |
+ cipher_text_with_tag.insert(cipher_text_with_tag.end(), |
+ authentication_tag.begin(), |
+ authentication_tag.end()); |
+ |
+ return DecryptInternal(algorithm, key, cipher_text_with_tag, plain_text); |
+} |
- Status VerifySignatureInternal( |
- const blink::WebCryptoAlgorithm& algorithm, |
- const blink::WebCryptoKey& key, |
- const CryptoData& signature, |
- const std::vector<uint8>& data, |
- bool* signature_match) { |
- return VerifySignature(algorithm, |
- key, |
- signature, |
- CryptoData(data), |
- signature_match); |
- } |
+// Helpers to pass vector<> in place of CryptoData. |
+Status DigestInternal(const blink::WebCryptoAlgorithm& algorithm, |
+ const std::vector<uint8>& data, |
+ blink::WebArrayBuffer* buffer) { |
+ return Digest(algorithm, CryptoData(data), buffer); |
+} |
+Status SignInternal(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const std::vector<uint8>& data, |
+ blink::WebArrayBuffer* buffer) { |
+ return Sign(algorithm, key, CryptoData(data), buffer); |
+} |
- Status VerifySignatureInternal( |
- const blink::WebCryptoAlgorithm& algorithm, |
- const blink::WebCryptoKey& key, |
- const std::vector<uint8>& signature, |
- const std::vector<uint8>& data, |
- bool* signature_match) { |
- return VerifySignature( |
- algorithm, |
- key, |
- CryptoData(signature), |
- CryptoData(data), |
- signature_match); |
- } |
+Status VerifySignatureInternal(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& signature, |
+ const std::vector<uint8>& data, |
+ bool* signature_match) { |
+ return VerifySignature( |
+ algorithm, key, signature, CryptoData(data), signature_match); |
+} |
- Status ImportKeyJwk( |
- const std::vector<uint8>& key_data, |
- const blink::WebCryptoAlgorithm& algorithm, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- blink::WebCryptoKey* key) { |
- return ImportKeyJwk(CryptoData(key_data), |
- algorithm, |
- extractable, |
- usage_mask, |
- key); |
- } |
+Status VerifySignatureInternal(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const std::vector<uint8>& signature, |
+ const std::vector<uint8>& data, |
+ bool* signature_match) { |
+ return VerifySignature( |
+ algorithm, key, CryptoData(signature), CryptoData(data), signature_match); |
+} |
+ |
+Status ImportKeyJwk(const std::vector<uint8>& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) { |
+ return ImportKeyJwk( |
+ CryptoData(key_data), algorithm, extractable, usage_mask, key); |
+} |
} // namespace |
@@ -633,12 +602,11 @@ TEST_F(SharedCryptoTest, HMACSampleSets) { |
ExpectArrayBufferMatches(test_mac, output); |
bool signature_match = false; |
- EXPECT_STATUS_SUCCESS(VerifySignature( |
- algorithm, |
- key, |
- CryptoData(output), |
- CryptoData(test_message), |
- &signature_match)); |
+ EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, |
+ key, |
+ CryptoData(output), |
+ CryptoData(test_message), |
+ &signature_match)); |
EXPECT_TRUE(signature_match); |
// Ensure truncated signature does not verify by passing one less byte. |
@@ -652,22 +620,21 @@ TEST_F(SharedCryptoTest, HMACSampleSets) { |
EXPECT_FALSE(signature_match); |
// Ensure truncated signature does not verify by passing no bytes. |
- EXPECT_STATUS_SUCCESS(VerifySignature( |
- algorithm, |
- key, |
- CryptoData(), |
- CryptoData(test_message), |
- &signature_match)); |
+ EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, |
+ key, |
+ CryptoData(), |
+ CryptoData(test_message), |
+ &signature_match)); |
EXPECT_FALSE(signature_match); |
// Ensure extra long signature does not cause issues and fails. |
- const unsigned char kLongSignature[1024] = { 0 }; |
- EXPECT_STATUS_SUCCESS(VerifySignature( |
- algorithm, |
- key, |
- CryptoData(kLongSignature, sizeof(kLongSignature)), |
- CryptoData(test_message), |
- &signature_match)); |
+ const unsigned char kLongSignature[1024] = {0}; |
+ EXPECT_STATUS_SUCCESS( |
+ VerifySignature(algorithm, |
+ key, |
+ CryptoData(kLongSignature, sizeof(kLongSignature)), |
+ CryptoData(test_message), |
+ &signature_match)); |
EXPECT_FALSE(signature_match); |
} |
} |
@@ -681,8 +648,7 @@ TEST_F(SharedCryptoTest, AesCbcFailures) { |
// Verify exported raw key is identical to the imported data |
blink::WebArrayBuffer raw_key; |
- EXPECT_STATUS_SUCCESS( |
- ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
ExpectArrayBufferMatchesHex(key_hex, raw_key); |
blink::WebArrayBuffer output; |
@@ -691,20 +657,28 @@ TEST_F(SharedCryptoTest, AesCbcFailures) { |
{ |
std::vector<uint8> input(32); |
std::vector<uint8> iv; |
- EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal( |
- webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
- EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal( |
- webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS( |
+ Status::ErrorIncorrectSizeAesCbcIv(), |
+ EncryptInternal( |
+ webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS( |
+ Status::ErrorIncorrectSizeAesCbcIv(), |
+ DecryptInternal( |
+ webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
} |
// Use an invalid |iv| (more than 16 bytes) |
{ |
std::vector<uint8> input(32); |
std::vector<uint8> iv(17); |
- EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), EncryptInternal( |
- webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
- EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), DecryptInternal( |
- webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS( |
+ Status::ErrorIncorrectSizeAesCbcIv(), |
+ EncryptInternal( |
+ webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS( |
+ Status::ErrorIncorrectSizeAesCbcIv(), |
+ DecryptInternal( |
+ webcrypto::CreateAesCbcAlgorithm(iv), key, input, &output)); |
} |
// Give an input that is too large (would cause integer overflow when |
@@ -717,10 +691,10 @@ TEST_F(SharedCryptoTest, AesCbcFailures) { |
// data. |
CryptoData input(&iv[0], INT_MAX - 3); |
- EXPECT_STATUS(Status::ErrorDataTooLarge(), Encrypt( |
- CreateAesCbcAlgorithm(iv), key, input, &output)); |
- EXPECT_STATUS(Status::ErrorDataTooLarge(), Decrypt( |
- CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); |
} |
// Fail importing the key (too few bytes specified) |
@@ -729,22 +703,21 @@ TEST_F(SharedCryptoTest, AesCbcFailures) { |
std::vector<uint8> iv(16); |
blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
- EXPECT_STATUS( |
- Status::Error(), |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- key_raw, |
- CreateAesCbcAlgorithm(iv), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS(Status::Error(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ key_raw, |
+ CreateAesCbcAlgorithm(iv), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
} |
// Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
// keys). |
EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
- ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
+ ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
EXPECT_STATUS(Status::ErrorUnsupported(), |
- ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); |
+ ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); |
} |
TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { |
@@ -770,28 +743,26 @@ TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { |
// Verify exported raw key is identical to the imported data |
blink::WebArrayBuffer raw_key; |
- EXPECT_STATUS_SUCCESS(ExportKey( |
- blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
ExpectArrayBufferMatches(test_key, raw_key); |
blink::WebArrayBuffer output; |
// Test encryption. |
- EXPECT_STATUS( |
- Status::Success(), |
- EncryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), |
- key, |
- test_plain_text, |
- &output)); |
+ EXPECT_STATUS(Status::Success(), |
+ EncryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), |
+ key, |
+ test_plain_text, |
+ &output)); |
ExpectArrayBufferMatches(test_cipher_text, output); |
// Test decryption. |
- EXPECT_STATUS( |
- Status::Success(), |
- DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), |
- key, |
- test_cipher_text, |
- &output)); |
+ EXPECT_STATUS(Status::Success(), |
+ DecryptInternal(webcrypto::CreateAesCbcAlgorithm(test_iv), |
+ key, |
+ test_cipher_text, |
+ &output)); |
ExpectArrayBufferMatches(test_plain_text, output); |
const unsigned int kAesCbcBlockSize = 16; |
@@ -815,8 +786,7 @@ TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { |
Status::Error(), |
Decrypt(CreateAesCbcAlgorithm(test_iv), |
key, |
- CryptoData(&test_cipher_text[0], |
- test_cipher_text.size() - 3), |
+ CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3), |
&output)); |
} |
} |
@@ -840,8 +810,7 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { |
// Generate a small sample of keys. |
keys.clear(); |
for (int j = 0; j < 16; ++j) { |
- ASSERT_STATUS_SUCCESS(GenerateSecretKey( |
- algorithm[i], true, 0, &key)); |
+ ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key)); |
EXPECT_TRUE(key.handle()); |
EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
ASSERT_STATUS_SUCCESS( |
@@ -859,12 +828,15 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { |
blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { |
SCOPED_TRACE(i); |
- EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
- CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
- EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
- CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
- EXPECT_STATUS(Status::ErrorGenerateKeyLength(), GenerateSecretKey( |
- CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
+ EXPECT_STATUS(Status::ErrorGenerateKeyLength(), |
+ GenerateSecretKey( |
+ CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
+ EXPECT_STATUS(Status::ErrorGenerateKeyLength(), |
+ GenerateSecretKey( |
+ CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
+ EXPECT_STATUS(Status::ErrorGenerateKeyLength(), |
+ GenerateSecretKey( |
+ CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
} |
} |
@@ -874,8 +846,8 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { |
for (int i = 0; i < 16; ++i) { |
blink::WebArrayBuffer key_bytes; |
blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
- blink::WebCryptoAlgorithm algorithm = CreateHmacKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdSha1, 64); |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64); |
ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
EXPECT_FALSE(key.isNull()); |
EXPECT_TRUE(key.handle()); |
@@ -902,16 +874,13 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { |
EXPECT_TRUE(key.handle()); |
EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
blink::WebArrayBuffer raw_key; |
- ASSERT_STATUS_SUCCESS( |
- ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
EXPECT_EQ(64U, raw_key.byteLength()); |
// The block size for HMAC SHA-512 is larger. |
- algorithm = CreateHmacKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdSha512, 0); |
+ algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); |
ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
- ASSERT_STATUS_SUCCESS( |
- ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
EXPECT_EQ(128U, raw_key.byteLength()); |
} |
@@ -919,13 +888,13 @@ TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { |
blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
// This fails because the algorithm is null. |
- EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatRaw, |
- HexStringToBytes("00000000000000000000"), |
- blink::WebCryptoAlgorithm::createNull(), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ HexStringToBytes("00000000000000000000"), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
} |
TEST_F(SharedCryptoTest, ImportJwkFailures) { |
@@ -941,44 +910,45 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) { |
// complete. |
base::DictionaryValue dict; |
RestoreJwkOctDictionary(&dict); |
- EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
// Fail on empty JSON. |
- EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyJwk( |
- MakeJsonVector(""), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorImportEmptyKeyData(), |
+ ImportKeyJwk(MakeJsonVector(""), algorithm, false, usage_mask, &key)); |
// Fail on invalid JSON. |
const std::vector<uint8> bad_json_vec = MakeJsonVector( |
"{" |
- "\"kty\" : \"oct\"," |
- "\"alg\" : \"HS256\"," |
- "\"use\" : " |
- ); |
+ "\"kty\" : \"oct\"," |
+ "\"alg\" : \"HS256\"," |
+ "\"use\" : "); |
EXPECT_STATUS(Status::ErrorJwkNotDictionary(), |
- ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); |
+ ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); |
// Fail on JWK alg present but unrecognized. |
dict.SetString("alg", "A127CBC"); |
- EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkUnrecognizedAlgorithm(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on both JWK and input algorithm missing. |
dict.Remove("alg", NULL); |
- EXPECT_STATUS( |
- Status::ErrorJwkAlgorithmMissing(), |
- ImportKeyJwk(MakeJsonVector(dict), |
- blink::WebCryptoAlgorithm::createNull(), |
- false, |
- usage_mask, |
- &key)); |
+ EXPECT_STATUS(Status::ErrorJwkAlgorithmMissing(), |
+ ImportKeyJwk(MakeJsonVector(dict), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ false, |
+ usage_mask, |
+ &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on invalid kty. |
dict.SetString("kty", "foo"); |
- EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkUnrecognizedKty(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on missing kty. |
@@ -997,8 +967,9 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) { |
// Fail on invalid use. |
dict.SetString("use", "foo"); |
- EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkUnrecognizedUsage(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on invalid use (wrong type). |
@@ -1026,8 +997,8 @@ TEST_F(SharedCryptoTest, ImportJwkOctFailures) { |
blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
// Baseline pass. |
- EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
EXPECT_FALSE(key.extractable()); |
EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
@@ -1051,22 +1022,25 @@ TEST_F(SharedCryptoTest, ImportJwkOctFailures) { |
// Fail on empty k. |
dict.SetString("k", ""); |
- EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkIncorrectKeyLength(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
// value (128) for an AES key. |
dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
- EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkIncorrectKeyLength(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
// Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
// value (128) for an AES key. |
dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
- EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkIncorrectKeyLength(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkOctDictionary(&dict); |
} |
@@ -1086,8 +1060,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
// section 6.3. |
// Baseline pass. |
- EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
EXPECT_FALSE(key.extractable()); |
EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
@@ -1101,28 +1075,29 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
// Fail on missing parameter. |
dict.Remove(kKtyParmName[idx], NULL); |
- EXPECT_STATUS_ERROR(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_ERROR( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkRsaDictionary(&dict); |
// Fail on bad b64 parameter encoding. |
dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); |
- EXPECT_STATUS_ERROR(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_ERROR( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkRsaDictionary(&dict); |
// Fail on empty parameter. |
dict.SetString(kKtyParmName[idx], ""); |
- EXPECT_STATUS_ERROR(ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS_ERROR( |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkRsaDictionary(&dict); |
} |
// Fail if "d" parameter is present, implying the JWK is a private key, which |
// is not supported. |
dict.SetString("d", "Qk3f0Dsyt"); |
- EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), ImportKeyJwk( |
- MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkRsaPrivateKeyUnsupported(), |
+ ImportKeyJwk(MakeJsonVector(dict), algorithm, false, usage_mask, &key)); |
RestoreJwkRsaDictionary(&dict); |
} |
@@ -1140,8 +1115,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
dict.SetString("kty", "oct"); |
dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
std::vector<uint8> json_vec = MakeJsonVector(dict); |
- EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
- json_vec, algorithm, extractable, usage_mask, &key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
EXPECT_TRUE(key.handle()); |
EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
EXPECT_EQ(extractable, key.extractable()); |
@@ -1170,7 +1145,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
// 2. input=T, JWK=T ==> pass, result extractable is T |
// 3. input=F, JWK=T ==> pass, result extractable is F |
EXPECT_STATUS(Status::ErrorJwkExtractableInconsistent(), |
- ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); |
+ ImportKeyJwk(json_vec, algorithm, true, usage_mask, &key)); |
EXPECT_STATUS_SUCCESS( |
ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); |
EXPECT_FALSE(key.extractable()); |
@@ -1185,28 +1160,29 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
// Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
// (HMAC SHA256). |
- EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
- json_vec, |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
- extractable, |
- usage_mask, |
- &key)); |
+ EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), |
+ ImportKeyJwk(json_vec, |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ extractable, |
+ usage_mask, |
+ &key)); |
// Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
// (HMAC SHA256). |
- EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), ImportKeyJwk( |
- json_vec, |
- CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), |
- extractable, |
- usage_mask, |
- &key)); |
+ EXPECT_STATUS( |
+ Status::ErrorJwkAlgorithmInconsistent(), |
+ ImportKeyJwk(json_vec, |
+ CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), |
+ extractable, |
+ usage_mask, |
+ &key)); |
// Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. |
EXPECT_STATUS_SUCCESS(ImportKeyJwk(json_vec, |
- blink::WebCryptoAlgorithm::createNull(), |
- extractable, |
- usage_mask, |
- &key)); |
+ blink::WebCryptoAlgorithm::createNull(), |
+ extractable, |
+ usage_mask, |
+ &key)); |
EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
// Pass: JWK alg missing but input algorithm specified: use input value |
@@ -1222,8 +1198,12 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
// Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
// (sign|verify) |
- EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), ImportKeyJwk( |
- json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key)); |
+ EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), |
+ ImportKeyJwk(json_vec, |
+ algorithm, |
+ extractable, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
// Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
// value (sign|verify) |
@@ -1261,8 +1241,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { |
dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
std::vector<uint8> json_vec = MakeJsonVector(dict); |
- ASSERT_STATUS_SUCCESS(ImportKeyJwk( |
- json_vec, algorithm, extractable, usage_mask, &key)); |
+ ASSERT_STATUS_SUCCESS( |
+ ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); |
const std::vector<uint8> message_raw = HexStringToBytes( |
"b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
@@ -1298,54 +1278,55 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
// Failing case: Empty SPKI data |
- EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatSpki, |
- std::vector<uint8>(), |
- blink::WebCryptoAlgorithm::createNull(), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatSpki, |
+ std::vector<uint8>(), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
// Failing case: Import RSA key with NULL input algorithm. This is not |
// allowed because the SPKI ASN.1 format for RSA keys is not specific enough |
// to map to a Web Crypto algorithm. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatSpki, |
- HexStringToBytes(kPublicKeySpkiDerHex), |
- blink::WebCryptoAlgorithm::createNull(), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS(Status::Error(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatSpki, |
+ HexStringToBytes(kPublicKeySpkiDerHex), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
// Failing case: Bad DER encoding. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatSpki, |
- HexStringToBytes("618333c4cb"), |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS(Status::Error(), |
+ ImportKeyInternal( |
+ blink::WebCryptoKeyFormatSpki, |
+ HexStringToBytes("618333c4cb"), |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
// Failing case: Import RSA key but provide an inconsistent input algorithm. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatSpki, |
- HexStringToBytes(kPublicKeySpkiDerHex), |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
- true, |
- blink::WebCryptoKeyUsageEncrypt, |
- &key)); |
+ EXPECT_STATUS( |
+ Status::Error(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatSpki, |
+ HexStringToBytes(kPublicKeySpkiDerHex), |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ true, |
+ blink::WebCryptoKeyUsageEncrypt, |
+ &key)); |
// Passing case: Export a previously imported RSA public key in SPKI format |
// and compare to original data. |
blink::WebArrayBuffer output; |
- ASSERT_STATUS_SUCCESS( |
- ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
+ ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); |
// Failing case: Try to export a previously imported RSA public key in raw |
// format (not allowed for a public key). |
EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
- ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
// Failing case: Try to export a non-extractable key |
ASSERT_STATUS_SUCCESS(ImportKeyInternal( |
@@ -1358,7 +1339,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
EXPECT_TRUE(key.handle()); |
EXPECT_FALSE(key.extractable()); |
EXPECT_STATUS(Status::ErrorKeyNotExtractable(), |
- ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
+ ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
} |
TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) { |
@@ -1377,42 +1358,44 @@ TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) { |
EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
// Failing case: Empty PKCS#8 data |
- EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatPkcs8, |
- std::vector<uint8>(), |
- blink::WebCryptoAlgorithm::createNull(), |
- true, |
- blink::WebCryptoKeyUsageSign, |
- &key)); |
+ EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8, |
+ std::vector<uint8>(), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
// Failing case: Import RSA key with NULL input algorithm. This is not |
// allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough |
// to map to a Web Crypto algorithm. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatPkcs8, |
- HexStringToBytes(kPrivateKeyPkcs8DerHex), |
- blink::WebCryptoAlgorithm::createNull(), |
- true, |
- blink::WebCryptoKeyUsageSign, |
- &key)); |
+ EXPECT_STATUS(Status::Error(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8, |
+ HexStringToBytes(kPrivateKeyPkcs8DerHex), |
+ blink::WebCryptoAlgorithm::createNull(), |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
// Failing case: Bad DER encoding. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatPkcs8, |
- HexStringToBytes("618333c4cb"), |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
- true, |
- blink::WebCryptoKeyUsageSign, |
- &key)); |
+ EXPECT_STATUS(Status::Error(), |
+ ImportKeyInternal( |
+ blink::WebCryptoKeyFormatPkcs8, |
+ HexStringToBytes("618333c4cb"), |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
// Failing case: Import RSA key but provide an inconsistent input algorithm. |
- EXPECT_STATUS(Status::Error(), ImportKeyInternal( |
- blink::WebCryptoKeyFormatPkcs8, |
- HexStringToBytes(kPrivateKeyPkcs8DerHex), |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
- true, |
- blink::WebCryptoKeyUsageSign, |
- &key)); |
+ EXPECT_STATUS( |
+ Status::Error(), |
+ ImportKeyInternal(blink::WebCryptoKeyFormatPkcs8, |
+ HexStringToBytes(kPrivateKeyPkcs8DerHex), |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
} |
TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
@@ -1421,10 +1404,10 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
// Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
const unsigned int modulus_length = 256; |
const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
- blink::WebCryptoAlgorithm algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
- modulus_length, |
- public_exponent); |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
+ modulus_length, |
+ public_exponent); |
bool extractable = false; |
const blink::WebCryptoKeyUsageMask usage_mask = 0; |
blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
@@ -1443,48 +1426,51 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
// Fail with bad modulus. |
algorithm = CreateRsaKeyGenAlgorithm( |
blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
- EXPECT_STATUS(Status::ErrorGenerateRsaZeroModulus(), GenerateKeyPair( |
- algorithm, extractable, usage_mask, &public_key, &private_key)); |
+ EXPECT_STATUS( |
+ Status::ErrorGenerateRsaZeroModulus(), |
+ GenerateKeyPair( |
+ algorithm, extractable, usage_mask, &public_key, &private_key)); |
// Fail with bad exponent: larger than unsigned long. |
unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT |
const std::vector<uint8> long_exponent(exponent_length, 0x01); |
algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
- modulus_length, |
- long_exponent); |
- EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
- GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
- &private_key)); |
+ blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); |
+ EXPECT_STATUS( |
+ Status::ErrorGenerateKeyPublicExponent(), |
+ GenerateKeyPair( |
+ algorithm, extractable, usage_mask, &public_key, &private_key)); |
// Fail with bad exponent: empty. |
const std::vector<uint8> empty_exponent; |
- algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
- modulus_length, |
- empty_exponent); |
- EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
- GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
- &private_key)); |
+ algorithm = |
+ CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
+ modulus_length, |
+ empty_exponent); |
+ EXPECT_STATUS( |
+ Status::ErrorGenerateKeyPublicExponent(), |
+ GenerateKeyPair( |
+ algorithm, extractable, usage_mask, &public_key, &private_key)); |
// Fail with bad exponent: all zeros. |
std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
- algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
- modulus_length, |
- exponent_with_leading_zeros); |
- EXPECT_STATUS(Status::ErrorGenerateKeyPublicExponent(), |
- GenerateKeyPair(algorithm, extractable, usage_mask, &public_key, |
- &private_key)); |
+ algorithm = |
+ CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
+ modulus_length, |
+ exponent_with_leading_zeros); |
+ EXPECT_STATUS( |
+ Status::ErrorGenerateKeyPublicExponent(), |
+ GenerateKeyPair( |
+ algorithm, extractable, usage_mask, &public_key, &private_key)); |
// Key generation success using exponent with leading zeros. |
exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
public_exponent.begin(), |
public_exponent.end()); |
- algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
- modulus_length, |
- exponent_with_leading_zeros); |
+ algorithm = |
+ CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
+ modulus_length, |
+ exponent_with_leading_zeros); |
EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
algorithm, extractable, usage_mask, &public_key, &private_key)); |
EXPECT_FALSE(public_key.isNull()); |
@@ -1511,12 +1497,12 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
EXPECT_EQ(usage_mask, private_key.usages()); |
// Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
- algorithm = CreateRsaKeyGenAlgorithm( |
- blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
- modulus_length, |
- public_exponent); |
- EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
- algorithm, false, usage_mask, &public_key, &private_key)); |
+ algorithm = |
+ CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
+ modulus_length, |
+ public_exponent); |
+ EXPECT_STATUS_SUCCESS( |
+ GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); |
EXPECT_FALSE(public_key.isNull()); |
EXPECT_FALSE(private_key.isNull()); |
EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
@@ -1531,15 +1517,15 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
// Exporting a private key as SPKI format doesn't make sense. However this |
// will first fail because the key is not extractable. |
blink::WebArrayBuffer output; |
- EXPECT_STATUS(Status::ErrorKeyNotExtractable(), ExportKey( |
- blink::WebCryptoKeyFormatSpki, private_key, &output)); |
+ EXPECT_STATUS(Status::ErrorKeyNotExtractable(), |
+ ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
// Re-generate an extractable private_key and try to export it as SPKI format. |
// This should fail since spki is for public keys. |
- EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
- algorithm, true, usage_mask, &public_key, &private_key)); |
- EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), ExportKey( |
- blink::WebCryptoKeyFormatSpki, private_key, &output)); |
+ EXPECT_STATUS_SUCCESS( |
+ GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); |
+ EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
+ ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
} |
TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { |
@@ -1562,34 +1548,26 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { |
const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
// There are two hex chars for each byte. |
const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; |
- char max_data_hex[kMsgHexSize+1]; |
+ char max_data_hex[kMsgHexSize + 1]; |
std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
max_data_hex[kMsgHexSize] = '\0'; |
// Verify encrypt / decrypt round trip on a few messages. Note that RSA |
// encryption does not support empty input. |
- algorithm = |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
- const char* const kTestDataHex[] = { |
- "ff", |
- "0102030405060708090a0b0c0d0e0f", |
- max_data_hex |
- }; |
+ algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", |
+ max_data_hex}; |
blink::WebArrayBuffer encrypted_data; |
blink::WebArrayBuffer decrypted_data; |
for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
SCOPED_TRACE(i); |
- EXPECT_STATUS_SUCCESS(EncryptInternal( |
- algorithm, |
- public_key, |
- HexStringToBytes(kTestDataHex[i]), |
- &encrypted_data)); |
+ EXPECT_STATUS_SUCCESS(EncryptInternal(algorithm, |
+ public_key, |
+ HexStringToBytes(kTestDataHex[i]), |
+ &encrypted_data)); |
EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength()); |
ASSERT_STATUS_SUCCESS(Decrypt( |
- algorithm, |
- private_key, |
- CryptoData(encrypted_data), |
- &decrypted_data)); |
+ algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); |
} |
} |
@@ -1613,8 +1591,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { |
GetBytesFromHexString(test, "rsa_pkcs8_der"); |
const std::vector<uint8> ciphertext = |
GetBytesFromHexString(test, "ciphertext"); |
- const std::vector<uint8> cleartext = |
- GetBytesFromHexString(test, "cleartext"); |
+ const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); |
// Import the key pair. |
blink::WebCryptoAlgorithm algorithm = |
@@ -1633,31 +1610,22 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { |
// Decrypt the known-good ciphertext with the private key. As a check we must |
// get the known original cleartext. |
blink::WebArrayBuffer decrypted_data; |
- ASSERT_STATUS_SUCCESS(DecryptInternal( |
- algorithm, |
- private_key, |
- ciphertext, |
- &decrypted_data)); |
+ ASSERT_STATUS_SUCCESS( |
+ DecryptInternal(algorithm, private_key, ciphertext, &decrypted_data)); |
EXPECT_FALSE(decrypted_data.isNull()); |
ExpectArrayBufferMatches(cleartext, decrypted_data); |
// Encrypt this decrypted data with the public key. |
blink::WebArrayBuffer encrypted_data; |
ASSERT_STATUS_SUCCESS(Encrypt( |
- algorithm, |
- public_key, |
- CryptoData(decrypted_data), |
- &encrypted_data)); |
+ algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); |
EXPECT_EQ(128u, encrypted_data.byteLength()); |
// Finally, decrypt the newly encrypted result with the private key, and |
// compare to the known original cleartext. |
decrypted_data.reset(); |
ASSERT_STATUS_SUCCESS(Decrypt( |
- algorithm, |
- private_key, |
- CryptoData(encrypted_data), |
- &decrypted_data)); |
+ algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
EXPECT_FALSE(decrypted_data.isNull()); |
ExpectArrayBufferMatches(cleartext, decrypted_data); |
} |
@@ -1681,41 +1649,44 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { |
blink::WebArrayBuffer encrypted_data; |
const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
- EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
+ EXPECT_STATUS( |
+ Status::ErrorUnexpectedKeyType(), |
EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); |
// Fail encrypt with empty message. |
- EXPECT_STATUS(Status::Error(), EncryptInternal( |
- algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
+ EXPECT_STATUS( |
+ Status::Error(), |
+ EncryptInternal( |
+ algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
// Fail encrypt with message too large. RSAES can operate on messages up to |
// length of k - 11 bytes, where k is the octet length of the RSA modulus. |
const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
- EXPECT_STATUS( |
- Status::ErrorDataTooLarge(), |
- EncryptInternal(algorithm, |
- public_key, |
- std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), |
- &encrypted_data)); |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ EncryptInternal(algorithm, |
+ public_key, |
+ std::vector<uint8>(kMaxMsgSizeBytes + 1, '0'), |
+ &encrypted_data)); |
// Generate encrypted data. |
- EXPECT_STATUS(Status::Success(), |
+ EXPECT_STATUS( |
+ Status::Success(), |
EncryptInternal(algorithm, public_key, message_hex, &encrypted_data)); |
// Fail decrypt with a public key. |
blink::WebArrayBuffer decrypted_data; |
- EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), Decrypt( |
- algorithm, |
- public_key, |
- CryptoData(encrypted_data), |
- &decrypted_data)); |
+ EXPECT_STATUS( |
+ Status::ErrorUnexpectedKeyType(), |
+ Decrypt( |
+ algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); |
// Corrupt encrypted data; ensure decrypt fails because padding was disrupted. |
std::vector<uint8> corrupted_data( |
static_cast<uint8*>(encrypted_data.data()), |
static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); |
corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
- EXPECT_STATUS(Status::Error(), |
+ EXPECT_STATUS( |
+ Status::Error(), |
DecryptInternal(algorithm, private_key, corrupted_data, &decrypted_data)); |
// TODO(padolph): Are there other specific data corruption scenarios to |
@@ -1723,10 +1694,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { |
// Do a successful decrypt with good data just for confirmation. |
EXPECT_STATUS_SUCCESS(Decrypt( |
- algorithm, |
- private_key, |
- CryptoData(encrypted_data), |
- &decrypted_data)); |
+ algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
} |
@@ -1765,11 +1733,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
// Ensure truncated signature does not verify by passing no bytes. |
EXPECT_STATUS_SUCCESS(VerifySignature( |
- algorithm, |
- public_key, |
- CryptoData(), |
- CryptoData(data), |
- &signature_match)); |
+ algorithm, public_key, CryptoData(), CryptoData(data), &signature_match)); |
EXPECT_FALSE(signature_match); |
// Ensure corrupted signature does not verify. |
@@ -1778,45 +1742,43 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
static_cast<uint8*>(signature.data()) + signature.byteLength()); |
corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
EXPECT_STATUS_SUCCESS(VerifySignatureInternal( |
- algorithm, |
- public_key, |
- CryptoData(corrupt_sig), |
- data, |
- &signature_match)); |
+ algorithm, public_key, CryptoData(corrupt_sig), data, &signature_match)); |
EXPECT_FALSE(signature_match); |
// Ensure signatures that are greater than the modulus size fail. |
const unsigned int long_message_size_bytes = 1024; |
- DCHECK_GT(long_message_size_bytes, kModulusLength/8); |
- const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; |
- EXPECT_STATUS_SUCCESS(VerifySignature( |
- algorithm, |
- public_key, |
- CryptoData(kLongSignature, sizeof(kLongSignature)), |
- CryptoData(data), |
- &signature_match)); |
+ DCHECK_GT(long_message_size_bytes, kModulusLength / 8); |
+ const unsigned char kLongSignature[long_message_size_bytes] = {0}; |
+ EXPECT_STATUS_SUCCESS( |
+ VerifySignature(algorithm, |
+ public_key, |
+ CryptoData(kLongSignature, sizeof(kLongSignature)), |
+ CryptoData(data), |
+ &signature_match)); |
EXPECT_FALSE(signature_match); |
// Ensure that verifying using a private key, rather than a public key, fails. |
- EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), VerifySignature( |
- algorithm, |
- private_key, |
- CryptoData(signature), |
- CryptoData(data), |
- &signature_match)); |
+ EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
+ VerifySignature(algorithm, |
+ private_key, |
+ CryptoData(signature), |
+ CryptoData(data), |
+ &signature_match)); |
// Ensure that signing using a public key, rather than a private key, fails. |
EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
- SignInternal(algorithm, public_key, data, &signature)); |
+ SignInternal(algorithm, public_key, data, &signature)); |
// Ensure that signing and verifying with an incompatible algorithm fails. |
- algorithm = |
- CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
EXPECT_STATUS(Status::ErrorUnexpected(), |
- SignInternal(algorithm, private_key, data, &signature)); |
- EXPECT_STATUS(Status::ErrorUnexpected(), VerifySignature( |
- algorithm, public_key, CryptoData(signature), CryptoData(data), |
- &signature_match)); |
+ SignInternal(algorithm, private_key, data, &signature)); |
+ EXPECT_STATUS(Status::ErrorUnexpected(), |
+ VerifySignature(algorithm, |
+ public_key, |
+ CryptoData(signature), |
+ CryptoData(data), |
+ &signature_match)); |
// Some crypto libraries (NSS) can automatically select the RSA SSA inner hash |
// based solely on the contents of the input signature data. In the Web Crypto |
@@ -1828,12 +1790,13 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
// is specified by the input algorithm (desired), the verify will fail. |
// Compute a signature using SHA-1 as the inner hash. |
- EXPECT_STATUS_SUCCESS(SignInternal(CreateRsaAlgorithmWithInnerHash( |
- blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
- blink::WebCryptoAlgorithmIdSha1), |
- private_key, |
- data, |
- &signature)); |
+ EXPECT_STATUS_SUCCESS( |
+ SignInternal(CreateRsaAlgorithmWithInnerHash( |
+ blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
+ blink::WebCryptoAlgorithmIdSha1), |
+ private_key, |
+ data, |
+ &signature)); |
// Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The |
// signature should not verify. |
@@ -1841,14 +1804,14 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
// algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
// it has no inner hash to conflict with the input algorithm. |
bool is_match; |
- EXPECT_STATUS_SUCCESS(VerifySignature( |
- CreateRsaAlgorithmWithInnerHash( |
- blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
- blink::WebCryptoAlgorithmIdSha256), |
- public_key, |
- CryptoData(signature), |
- CryptoData(data), |
- &is_match)); |
+ EXPECT_STATUS_SUCCESS( |
+ VerifySignature(CreateRsaAlgorithmWithInnerHash( |
+ blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
+ blink::WebCryptoAlgorithmIdSha256), |
+ public_key, |
+ CryptoData(signature), |
+ CryptoData(data), |
+ &is_match)); |
EXPECT_FALSE(is_match); |
} |
@@ -1891,11 +1854,7 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
bool is_match = false; |
ASSERT_STATUS_SUCCESS(VerifySignatureInternal( |
- algorithm, |
- public_key, |
- test_signature, |
- test_message, |
- &is_match)); |
+ algorithm, public_key, test_signature, test_message, &is_match)); |
EXPECT_TRUE(is_match); |
} |
} |
@@ -1914,9 +1873,8 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
blink::WebCryptoKeyUsageWrapKey, |
&key)); |
blink::WebArrayBuffer key_raw_out; |
- EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
- key, |
- &key_raw_out)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
// Import a 192-bit KEK |
@@ -1927,9 +1885,8 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
true, |
blink::WebCryptoKeyUsageWrapKey, |
&key)); |
- EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
- key, |
- &key_raw_out)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
// Import a 256-bit Key Encryption Key (KEK) |
@@ -1941,50 +1898,49 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
true, |
blink::WebCryptoKeyUsageWrapKey, |
&key)); |
- EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, |
- key, |
- &key_raw_out)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
// Fail import of 0 length key |
EXPECT_STATUS(Status::Error(), |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- HexStringToBytes(""), |
- algorithm, |
- true, |
- blink::WebCryptoKeyUsageWrapKey, |
- &key)); |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ HexStringToBytes(""), |
+ algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageWrapKey, |
+ &key)); |
// Fail import of 124-bit KEK |
key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; |
EXPECT_STATUS(Status::Error(), |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- HexStringToBytes(key_raw_hex_in), |
- algorithm, |
- true, |
- blink::WebCryptoKeyUsageWrapKey, |
- &key)); |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ HexStringToBytes(key_raw_hex_in), |
+ algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageWrapKey, |
+ &key)); |
// Fail import of 200-bit KEK |
key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; |
EXPECT_STATUS(Status::Error(), |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- HexStringToBytes(key_raw_hex_in), |
- algorithm, |
- true, |
- blink::WebCryptoKeyUsageWrapKey, |
- &key)); |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ HexStringToBytes(key_raw_hex_in), |
+ algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageWrapKey, |
+ &key)); |
// Fail import of 260-bit KEK |
key_raw_hex_in = |
"72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
EXPECT_STATUS(Status::Error(), |
- ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
- HexStringToBytes(key_raw_hex_in), |
- algorithm, |
- true, |
- blink::WebCryptoKeyUsageWrapKey, |
- &key)); |
+ ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
+ HexStringToBytes(key_raw_hex_in), |
+ algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageWrapKey, |
+ &key)); |
} |
// TODO(eroman): |
@@ -2026,46 +1982,69 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
// Verify exported raw key is identical to the imported data |
blink::WebArrayBuffer raw_key; |
- EXPECT_STATUS_SUCCESS(ExportKey( |
- blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
ExpectArrayBufferMatches(test_key, raw_key); |
// Test encryption. |
std::vector<uint8> cipher_text; |
std::vector<uint8> authentication_tag; |
- EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, test_iv, test_additional_data, |
- test_tag_size_bits, test_plain_text, |
- &cipher_text, &authentication_tag)); |
+ EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, |
+ test_iv, |
+ test_additional_data, |
+ test_tag_size_bits, |
+ test_plain_text, |
+ &cipher_text, |
+ &authentication_tag)); |
ExpectVectorMatches(test_cipher_text, cipher_text); |
ExpectVectorMatches(test_authentication_tag, authentication_tag); |
// Test decryption. |
blink::WebArrayBuffer plain_text; |
- EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, test_iv, test_additional_data, |
- test_tag_size_bits, test_cipher_text, |
- test_authentication_tag, &plain_text)); |
+ EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, |
+ test_iv, |
+ test_additional_data, |
+ test_tag_size_bits, |
+ test_cipher_text, |
+ test_authentication_tag, |
+ &plain_text)); |
ExpectArrayBufferMatches(test_plain_text, plain_text); |
// Decryption should fail if any of the inputs are tampered with. |
EXPECT_STATUS(Status::Error(), |
- AesGcmDecrypt(key, Corrupted(test_iv), test_additional_data, |
- test_tag_size_bits, test_cipher_text, |
- test_authentication_tag, &plain_text)); |
+ AesGcmDecrypt(key, |
+ Corrupted(test_iv), |
+ test_additional_data, |
+ test_tag_size_bits, |
+ test_cipher_text, |
+ test_authentication_tag, |
+ &plain_text)); |
EXPECT_STATUS(Status::Error(), |
- AesGcmDecrypt(key, test_iv, Corrupted(test_additional_data), |
- test_tag_size_bits, test_cipher_text, |
- test_authentication_tag, &plain_text)); |
+ AesGcmDecrypt(key, |
+ test_iv, |
+ Corrupted(test_additional_data), |
+ test_tag_size_bits, |
+ test_cipher_text, |
+ test_authentication_tag, |
+ &plain_text)); |
EXPECT_STATUS(Status::Error(), |
- AesGcmDecrypt(key, test_iv, test_additional_data, |
- test_tag_size_bits, Corrupted(test_cipher_text), |
- test_authentication_tag, &plain_text)); |
+ AesGcmDecrypt(key, |
+ test_iv, |
+ test_additional_data, |
+ test_tag_size_bits, |
+ Corrupted(test_cipher_text), |
+ test_authentication_tag, |
+ &plain_text)); |
EXPECT_STATUS(Status::Error(), |
- AesGcmDecrypt(key, test_iv, test_additional_data, |
- test_tag_size_bits, test_cipher_text, |
- Corrupted(test_authentication_tag), |
- &plain_text)); |
+ AesGcmDecrypt(key, |
+ test_iv, |
+ test_additional_data, |
+ test_tag_size_bits, |
+ test_cipher_text, |
+ Corrupted(test_authentication_tag), |
+ &plain_text)); |
// Try different incorrect tag lengths |
uint8 kAlternateTagLengths[] = {8, 96, 120, 128, 160, 255}; |
@@ -2073,9 +2052,13 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i]; |
if (test_tag_size_bits == wrong_tag_size_bits) |
continue; |
- EXPECT_STATUS_ERROR(AesGcmDecrypt(key, test_iv, test_additional_data, |
- wrong_tag_size_bits, test_cipher_text, |
- test_authentication_tag, &plain_text)); |
+ EXPECT_STATUS_ERROR(AesGcmDecrypt(key, |
+ test_iv, |
+ test_additional_data, |
+ wrong_tag_size_bits, |
+ test_cipher_text, |
+ test_authentication_tag, |
+ &plain_text)); |
} |
} |
} |