OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/shared_crypto.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
18 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
19 #include "base/values.h" | 19 #include "base/values.h" |
20 #include "content/public/common/content_paths.h" | 20 #include "content/public/common/content_paths.h" |
21 #include "content/public/renderer/content_renderer_client.h" | 21 #include "content/public/renderer/content_renderer_client.h" |
22 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 22 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
23 #include "content/renderer/webcrypto/crypto_data.h" | 23 #include "content/renderer/webcrypto/crypto_data.h" |
24 #include "content/renderer/webcrypto/webcrypto_util.h" | 24 #include "content/renderer/webcrypto/webcrypto_util.h" |
25 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
28 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
30 #endif | |
28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 31 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
29 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 32 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
30 #include "third_party/re2/re2/re2.h" | 33 #include "third_party/re2/re2/re2.h" |
31 | 34 |
32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 35 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
33 // the tests: http://crbug.com/267888 | 36 // the tests: http://crbug.com/267888 |
34 #if defined(USE_OPENSSL) | 37 #if defined(USE_OPENSSL) |
35 #define MAYBE(test_name) DISABLED_##test_name | 38 #define MAYBE(test_name) DISABLED_##test_name |
36 #else | 39 #else |
37 #define MAYBE(test_name) test_name | 40 #define MAYBE(test_name) test_name |
38 #endif | 41 #endif |
39 | 42 |
40 // Helper macros to verify the value of a Status. | 43 // Helper macros to verify the value of a Status. |
41 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) | 44 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) |
42 #define EXPECT_STATUS(expected, code) \ | 45 #define EXPECT_STATUS(expected, code) \ |
43 EXPECT_EQ(expected.ToString(), (code).ToString()) | 46 EXPECT_EQ(expected.ToString(), (code).ToString()) |
44 #define ASSERT_STATUS(expected, code) \ | 47 #define ASSERT_STATUS(expected, code) \ |
45 ASSERT_EQ(expected.ToString(), (code).ToString()) | 48 ASSERT_EQ(expected.ToString(), (code).ToString()) |
46 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) | 49 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) |
47 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) | 50 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) |
48 | 51 |
49 namespace content { | 52 namespace content { |
50 | 53 |
51 namespace webcrypto { | 54 namespace webcrypto { |
52 | 55 |
53 namespace { | 56 namespace { |
54 | 57 |
58 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( | |
59 blink::WebCryptoAlgorithmId algorithm_id, | |
60 unsigned int modulus_length, | |
61 const std::vector<uint8>& public_exponent) { | |
62 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id); | |
63 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
64 algorithm_id, | |
65 new blink::WebCryptoRsaKeyGenParams( | |
66 modulus_length, | |
67 webcrypto::Uint8VectorStart(public_exponent), | |
68 public_exponent.size())); | |
69 } | |
70 | |
71 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( | |
72 blink::WebCryptoAlgorithmId algorithm_id, | |
73 const blink::WebCryptoAlgorithmId hash_id, | |
74 unsigned int modulus_length, | |
75 const std::vector<uint8>& public_exponent) { | |
76 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
77 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | |
78 DCHECK(IsHashAlgorithm(hash_id)); | |
79 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
80 algorithm_id, | |
81 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
82 new blink::WebCryptoRsaHashedKeyGenParams( | |
83 CreateAlgorithm(hash_id), | |
84 #else | |
85 new blink::WebCryptoRsaKeyGenParams( | |
86 #endif | |
87 modulus_length, | |
88 webcrypto::Uint8VectorStart(public_exponent), | |
89 public_exponent.size())); | |
90 } | |
91 | |
92 // Creates an AES-CBC algorithm. | |
93 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(const std::vector<uint8>& iv) { | |
94 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
95 blink::WebCryptoAlgorithmIdAesCbc, | |
96 new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size())); | |
97 } | |
98 | |
99 // Creates and AES-GCM algorithm. | |
100 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm( | |
101 const std::vector<uint8>& iv, | |
102 const std::vector<uint8>& additional_data, | |
103 unsigned int tag_length_bits) { | |
104 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
105 blink::WebCryptoAlgorithmIdAesGcm, | |
106 new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv), | |
107 iv.size(), | |
108 true, | |
109 Uint8VectorStart(additional_data), | |
110 additional_data.size(), | |
111 true, | |
112 tag_length_bits)); | |
113 } | |
114 | |
115 // Creates an HMAC algorithm whose parameters struct is compatible with key | |
116 // generation. It is an error to call this with a hash_id that is not a SHA*. | |
117 // The key_length_bytes parameter is optional, with zero meaning unspecified. | |
118 blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm( | |
119 blink::WebCryptoAlgorithmId hash_id, | |
120 unsigned int key_length_bytes) { | |
121 DCHECK(IsHashAlgorithm(hash_id)); | |
122 // key_length_bytes == 0 means unspecified | |
123 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
124 blink::WebCryptoAlgorithmIdHmac, | |
125 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
126 new blink::WebCryptoHmacKeyGenParams( | |
127 #else | |
128 new blink::WebCryptoHmacKeyParams( | |
129 #endif | |
130 CreateAlgorithm(hash_id), (key_length_bytes != 0), key_length_bytes)); | |
131 } | |
132 | |
55 // Returns a slightly modified version of the input vector. | 133 // Returns a slightly modified version of the input vector. |
56 // | 134 // |
57 // - For non-empty inputs a single bit is inverted. | 135 // - For non-empty inputs a single bit is inverted. |
58 // - For empty inputs, a byte is added. | 136 // - For empty inputs, a byte is added. |
59 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { | 137 std::vector<uint8> Corrupted(const std::vector<uint8>& input) { |
60 std::vector<uint8> corrupted_data(input); | 138 std::vector<uint8> corrupted_data(input); |
61 if (corrupted_data.empty()) | 139 if (corrupted_data.empty()) |
62 corrupted_data.push_back(0); | 140 corrupted_data.push_back(0); |
63 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 141 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
64 return corrupted_data; | 142 return corrupted_data; |
65 } | 143 } |
66 | 144 |
67 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 145 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
68 std::vector<uint8> bytes; | 146 std::vector<uint8> bytes; |
69 base::HexStringToBytes(hex, &bytes); | 147 base::HexStringToBytes(hex, &bytes); |
70 return bytes; | 148 return bytes; |
71 } | 149 } |
72 | 150 |
151 void ExpectCryptDataMatches(const CryptoData& expected, | |
152 const CryptoData& actual) { | |
153 EXPECT_EQ(base::HexEncode(expected.bytes(), expected.byte_length()), | |
154 base::HexEncode(actual.bytes(), actual.byte_length())); | |
155 } | |
156 | |
73 void ExpectArrayBufferMatches(const std::vector<uint8>& expected, | 157 void ExpectArrayBufferMatches(const std::vector<uint8>& expected, |
74 const blink::WebArrayBuffer& actual) { | 158 const blink::WebArrayBuffer& actual) { |
75 EXPECT_EQ( | 159 return ExpectCryptDataMatches(CryptoData(expected), CryptoData(actual)); |
76 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | 160 } |
77 base::HexEncode(actual.data(), actual.byteLength())); | 161 |
Ryan Sleevi
2014/02/25 22:26:26
Can you avoid making (good-but-unrelated) changes
eroman
2014/02/25 23:26:47
Removed the CryptoData changes in unittest file.
A
| |
162 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, | |
163 const CryptoData& actual) { | |
164 EXPECT_STRCASEEQ( | |
165 expected_hex.c_str(), | |
166 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); | |
78 } | 167 } |
79 | 168 |
80 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 169 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, |
81 const blink::WebArrayBuffer& array_buffer) { | 170 const blink::WebArrayBuffer& array_buffer) { |
82 EXPECT_STRCASEEQ( | 171 return ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer)); |
83 expected_hex.c_str(), | |
84 base::HexEncode(array_buffer.data(), array_buffer.byteLength()).c_str()); | |
85 } | 172 } |
86 | 173 |
87 void ExpectVectorMatches(const std::vector<uint8>& expected, | 174 void ExpectVectorMatches(const std::vector<uint8>& expected, |
88 const std::vector<uint8>& actual) { | 175 const std::vector<uint8>& actual) { |
89 EXPECT_EQ( | 176 return ExpectCryptDataMatches(CryptoData(expected), CryptoData(actual)); |
90 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | |
91 base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size())); | |
92 } | 177 } |
93 | 178 |
94 std::vector<uint8> MakeJsonVector(const std::string& json_string) { | 179 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
95 return std::vector<uint8>(json_string.begin(), json_string.end()); | 180 return std::vector<uint8>(json_string.begin(), json_string.end()); |
96 } | 181 } |
97 | 182 |
98 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { | 183 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
99 std::string json; | 184 std::string json; |
100 base::JSONWriter::Write(&dict, &json); | 185 base::JSONWriter::Write(&dict, &json); |
101 return MakeJsonVector(json); | 186 return MakeJsonVector(json); |
(...skipping 102 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
204 // dictionary to a good state | 289 // dictionary to a good state |
205 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { | 290 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { |
206 dict->Clear(); | 291 dict->Clear(); |
207 dict->SetString("kty", "oct"); | 292 dict->SetString("kty", "oct"); |
208 dict->SetString("alg", "A128CBC"); | 293 dict->SetString("alg", "A128CBC"); |
209 dict->SetString("use", "enc"); | 294 dict->SetString("use", "enc"); |
210 dict->SetBoolean("extractable", false); | 295 dict->SetBoolean("extractable", false); |
211 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 296 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
212 } | 297 } |
213 | 298 |
214 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm( | |
215 const std::vector<uint8>& iv, | |
216 const std::vector<uint8>& additional_data, | |
217 unsigned int tag_length_bits) { | |
218 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
219 blink::WebCryptoAlgorithmIdAesGcm, | |
220 new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv), | |
221 iv.size(), | |
222 true, | |
223 Uint8VectorStart(additional_data), | |
224 additional_data.size(), | |
225 true, | |
226 tag_length_bits)); | |
227 } | |
228 | |
229 // Helper for ImportJwkRsaFailures. Restores the JWK JSON | 299 // Helper for ImportJwkRsaFailures. Restores the JWK JSON |
230 // dictionary to a good state | 300 // dictionary to a good state |
231 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { | 301 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { |
232 dict->Clear(); | 302 dict->Clear(); |
233 dict->SetString("kty", "RSA"); | 303 dict->SetString("kty", "RSA"); |
234 dict->SetString("alg", "RSA1_5"); | 304 dict->SetString("alg", "RSA1_5"); |
235 dict->SetString("use", "enc"); | 305 dict->SetString("use", "enc"); |
236 dict->SetBoolean("extractable", false); | 306 dict->SetBoolean("extractable", false); |
237 dict->SetString( | 307 dict->SetString( |
238 "n", | 308 "n", |
239 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 309 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
240 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 310 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
241 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 311 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
242 dict->SetString("e", "AQAB"); | 312 dict->SetString("e", "AQAB"); |
243 } | 313 } |
244 | 314 |
245 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( | 315 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( |
246 blink::WebCryptoAlgorithmId algorithm_id, | 316 blink::WebCryptoAlgorithmId algorithm_id, |
247 blink::WebCryptoAlgorithmId hash_id) { | 317 blink::WebCryptoAlgorithmId hash_id) { |
248 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 318 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
249 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 319 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
250 DCHECK(IsHashAlgorithm(hash_id)); | 320 DCHECK(IsHashAlgorithm(hash_id)); |
251 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 321 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
252 algorithm_id, new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); | 322 algorithm_id, |
323 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
324 new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); | |
325 #else | |
326 // Good enough for the tests. | |
327 new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); | |
328 #endif | |
253 } | 329 } |
254 | 330 |
255 // Determines if two ArrayBuffers have identical content. | 331 // Determines if two ArrayBuffers have identical content. |
256 bool ArrayBuffersEqual(const blink::WebArrayBuffer& a, | 332 bool ArrayBuffersEqual(const blink::WebArrayBuffer& a, |
257 const blink::WebArrayBuffer& b) { | 333 const blink::WebArrayBuffer& b) { |
258 return a.byteLength() == b.byteLength() && | 334 return a.byteLength() == b.byteLength() && |
259 memcmp(a.data(), b.data(), a.byteLength()) == 0; | 335 memcmp(a.data(), b.data(), a.byteLength()) == 0; |
260 } | 336 } |
261 | 337 |
262 // Given a vector of WebArrayBuffers, determines if there are any copies. | 338 // Given a vector of WebArrayBuffers, determines if there are any copies. |
(...skipping 257 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
520 base::DictionaryValue* test; | 596 base::DictionaryValue* test; |
521 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 597 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
522 | 598 |
523 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); | 599 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); |
524 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 600 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
525 const std::vector<uint8> test_message = | 601 const std::vector<uint8> test_message = |
526 GetBytesFromHexString(test, "message"); | 602 GetBytesFromHexString(test, "message"); |
527 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); | 603 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); |
528 | 604 |
529 blink::WebCryptoAlgorithm algorithm = | 605 blink::WebCryptoAlgorithm algorithm = |
530 CreateHmacAlgorithmByHashId(test_hash.id()); | 606 CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac); |
607 | |
608 blink::WebCryptoAlgorithm importAlgorithm = | |
609 CreateHmacImportAlgorithm(test_hash.id()); | |
531 | 610 |
532 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 611 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
533 test_key, | 612 test_key, |
534 algorithm, | 613 importAlgorithm, |
535 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); | 614 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); |
536 | 615 |
616 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
617 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id()); | |
618 #endif | |
619 | |
537 // Verify exported raw key is identical to the imported data | 620 // Verify exported raw key is identical to the imported data |
538 blink::WebArrayBuffer raw_key; | 621 blink::WebArrayBuffer raw_key; |
539 EXPECT_STATUS_SUCCESS( | 622 EXPECT_STATUS_SUCCESS( |
540 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 623 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
541 ExpectArrayBufferMatches(test_key, raw_key); | 624 ExpectArrayBufferMatches(test_key, raw_key); |
542 | 625 |
543 blink::WebArrayBuffer output; | 626 blink::WebArrayBuffer output; |
544 | 627 |
545 ASSERT_STATUS_SUCCESS( | 628 ASSERT_STATUS_SUCCESS( |
546 Sign(algorithm, key, CryptoData(test_message), &output)); | 629 Sign(algorithm, key, CryptoData(test_message), &output)); |
(...skipping 137 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
684 std::vector<uint8> test_plain_text = | 767 std::vector<uint8> test_plain_text = |
685 GetBytesFromHexString(test, "plain_text"); | 768 GetBytesFromHexString(test, "plain_text"); |
686 std::vector<uint8> test_cipher_text = | 769 std::vector<uint8> test_cipher_text = |
687 GetBytesFromHexString(test, "cipher_text"); | 770 GetBytesFromHexString(test, "cipher_text"); |
688 | 771 |
689 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 772 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
690 test_key, | 773 test_key, |
691 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 774 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
692 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 775 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
693 | 776 |
777 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
778 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits()); | |
779 #endif | |
780 | |
694 // Verify exported raw key is identical to the imported data | 781 // Verify exported raw key is identical to the imported data |
695 blink::WebArrayBuffer raw_key; | 782 blink::WebArrayBuffer raw_key; |
696 EXPECT_STATUS_SUCCESS( | 783 EXPECT_STATUS_SUCCESS( |
697 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 784 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
698 ExpectArrayBufferMatches(test_key, raw_key); | 785 ExpectArrayBufferMatches(test_key, raw_key); |
699 | 786 |
700 blink::WebArrayBuffer output; | 787 blink::WebArrayBuffer output; |
701 | 788 |
702 // Test encryption. | 789 // Test encryption. |
703 EXPECT_STATUS(Status::Success(), | 790 EXPECT_STATUS(Status::Success(), |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
758 for (size_t i = 0; i < algorithm.size(); ++i) { | 845 for (size_t i = 0; i < algorithm.size(); ++i) { |
759 SCOPED_TRACE(i); | 846 SCOPED_TRACE(i); |
760 // Generate a small sample of keys. | 847 // Generate a small sample of keys. |
761 keys.clear(); | 848 keys.clear(); |
762 for (int j = 0; j < 16; ++j) { | 849 for (int j = 0; j < 16; ++j) { |
763 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key)); | 850 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key)); |
764 EXPECT_TRUE(key.handle()); | 851 EXPECT_TRUE(key.handle()); |
765 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 852 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
766 ASSERT_STATUS_SUCCESS( | 853 ASSERT_STATUS_SUCCESS( |
767 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | 854 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); |
855 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
856 EXPECT_EQ(key_bytes.byteLength() * 8, | |
857 key.algorithm().aesParams()->lengthBits()); | |
858 #endif | |
768 keys.push_back(key_bytes); | 859 keys.push_back(key_bytes); |
769 } | 860 } |
770 // Ensure all entries in the key sample set are unique. This is a simplistic | 861 // Ensure all entries in the key sample set are unique. This is a simplistic |
771 // estimate of whether the generated keys appear random. | 862 // estimate of whether the generated keys appear random. |
772 EXPECT_FALSE(CopiesExist(keys)); | 863 EXPECT_FALSE(CopiesExist(keys)); |
773 } | 864 } |
774 } | 865 } |
775 | 866 |
776 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { | 867 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { |
777 const unsigned short kKeyLen[] = {0, 127, 257}; | 868 const unsigned short kKeyLen[] = {0, 127, 257}; |
(...skipping 18 matching lines...) Expand all Loading... | |
796 for (int i = 0; i < 16; ++i) { | 887 for (int i = 0; i < 16; ++i) { |
797 blink::WebArrayBuffer key_bytes; | 888 blink::WebArrayBuffer key_bytes; |
798 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 889 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
799 blink::WebCryptoAlgorithm algorithm = | 890 blink::WebCryptoAlgorithm algorithm = |
800 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64); | 891 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 64); |
801 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); | 892 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
802 EXPECT_FALSE(key.isNull()); | 893 EXPECT_FALSE(key.isNull()); |
803 EXPECT_TRUE(key.handle()); | 894 EXPECT_TRUE(key.handle()); |
804 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 895 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
805 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 896 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
897 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
898 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | |
Ryan Sleevi
2014/02/25 22:26:26
Why are you testing this, rather than algorithm li
eroman
2014/02/25 23:26:47
Unless you feel strongly about this will leave as
| |
899 key.algorithm().hmacParams()->hash().id()); | |
900 #endif | |
806 | 901 |
807 blink::WebArrayBuffer raw_key; | 902 blink::WebArrayBuffer raw_key; |
808 ASSERT_STATUS_SUCCESS( | 903 ASSERT_STATUS_SUCCESS( |
809 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 904 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
810 EXPECT_EQ(64U, raw_key.byteLength()); | 905 EXPECT_EQ(64U, raw_key.byteLength()); |
811 keys.push_back(raw_key); | 906 keys.push_back(raw_key); |
812 } | 907 } |
813 // Ensure all entries in the key sample set are unique. This is a simplistic | 908 // Ensure all entries in the key sample set are unique. This is a simplistic |
814 // estimate of whether the generated keys appear random. | 909 // estimate of whether the generated keys appear random. |
815 EXPECT_FALSE(CopiesExist(keys)); | 910 EXPECT_FALSE(CopiesExist(keys)); |
816 } | 911 } |
817 | 912 |
818 // If the key length is not provided, then the block size is used. | 913 // If the key length is not provided, then the block size is used. |
819 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { | 914 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { |
820 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 915 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
821 blink::WebCryptoAlgorithm algorithm = | 916 blink::WebCryptoAlgorithm algorithm = |
822 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 917 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
823 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); | 918 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
824 EXPECT_TRUE(key.handle()); | 919 EXPECT_TRUE(key.handle()); |
825 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 920 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
826 blink::WebArrayBuffer raw_key; | 921 blink::WebArrayBuffer raw_key; |
827 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 922 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
828 EXPECT_EQ(64U, raw_key.byteLength()); | 923 EXPECT_EQ(64U, raw_key.byteLength()); |
829 | 924 |
830 // The block size for HMAC SHA-512 is larger. | 925 // The block size for HMAC SHA-512 is larger. |
831 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); | 926 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); |
832 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); | 927 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
928 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
929 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, | |
930 key.algorithm().hmacParams()->hash().id()); | |
Ryan Sleevi
2014/02/25 22:26:26
Ditto
| |
931 #endif | |
833 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 932 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
834 EXPECT_EQ(128U, raw_key.byteLength()); | 933 EXPECT_EQ(128U, raw_key.byteLength()); |
835 } | 934 } |
836 | 935 |
837 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { | 936 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { |
838 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 937 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
839 | 938 |
840 // This fails because the algorithm is null. | 939 // This fails because the algorithm is null. |
841 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), | 940 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), |
842 ImportKey(blink::WebCryptoKeyFormatRaw, | 941 ImportKey(blink::WebCryptoKeyFormatRaw, |
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1042 } | 1141 } |
1043 | 1142 |
1044 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { | 1143 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { |
1045 // The Web Crypto spec says that if a JWK value is present, but is | 1144 // The Web Crypto spec says that if a JWK value is present, but is |
1046 // inconsistent with the input value, the operation must fail. | 1145 // inconsistent with the input value, the operation must fail. |
1047 | 1146 |
1048 // Consistency rules when JWK value is not present: Inputs should be used. | 1147 // Consistency rules when JWK value is not present: Inputs should be used. |
1049 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1148 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1050 bool extractable = false; | 1149 bool extractable = false; |
1051 blink::WebCryptoAlgorithm algorithm = | 1150 blink::WebCryptoAlgorithm algorithm = |
1052 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1151 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
1053 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; | 1152 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; |
1054 base::DictionaryValue dict; | 1153 base::DictionaryValue dict; |
1055 dict.SetString("kty", "oct"); | 1154 dict.SetString("kty", "oct"); |
1056 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1155 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1057 std::vector<uint8> json_vec = MakeJsonVector(dict); | 1156 std::vector<uint8> json_vec = MakeJsonVector(dict); |
1058 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 1157 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1059 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); | 1158 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); |
1060 EXPECT_TRUE(key.handle()); | 1159 EXPECT_TRUE(key.handle()); |
1061 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1160 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1062 EXPECT_EQ(extractable, key.extractable()); | 1161 EXPECT_EQ(extractable, key.extractable()); |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1106 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1205 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1107 extractable, | 1206 extractable, |
1108 usage_mask, | 1207 usage_mask, |
1109 &key)); | 1208 &key)); |
1110 | 1209 |
1111 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1210 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
1112 // (HMAC SHA256). | 1211 // (HMAC SHA256). |
1113 EXPECT_STATUS( | 1212 EXPECT_STATUS( |
1114 Status::ErrorJwkAlgorithmInconsistent(), | 1213 Status::ErrorJwkAlgorithmInconsistent(), |
1115 ImportKeyJwk(CryptoData(json_vec), | 1214 ImportKeyJwk(CryptoData(json_vec), |
1116 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha1), | 1215 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), |
1117 extractable, | 1216 extractable, |
1118 usage_mask, | 1217 usage_mask, |
1119 &key)); | 1218 &key)); |
1120 | 1219 |
1121 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | 1220 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. |
1122 EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec), | 1221 EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec), |
1123 blink::WebCryptoAlgorithm::createNull(), | 1222 blink::WebCryptoAlgorithm::createNull(), |
1124 extractable, | 1223 extractable, |
1125 usage_mask, | 1224 usage_mask, |
1126 &key)); | 1225 &key)); |
1127 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1226 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1128 | 1227 |
1129 // Pass: JWK alg missing but input algorithm specified: use input value | 1228 // Pass: JWK alg missing but input algorithm specified: use input value |
1130 dict.Remove("alg", NULL); | 1229 dict.Remove("alg", NULL); |
1131 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | 1230 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( |
1132 dict, | 1231 dict, |
1133 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256), | 1232 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), |
1134 extractable, | 1233 extractable, |
1135 usage_mask, | 1234 usage_mask, |
1136 &key)); | 1235 &key)); |
1137 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1236 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1138 dict.SetString("alg", "HS256"); | 1237 dict.SetString("alg", "HS256"); |
1139 | 1238 |
1140 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | 1239 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
1141 // (sign|verify) | 1240 // (sign|verify) |
1142 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), | 1241 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), |
1143 ImportKeyJwk(CryptoData(json_vec), | 1242 ImportKeyJwk(CryptoData(json_vec), |
(...skipping 18 matching lines...) Expand all Loading... | |
1162 } | 1261 } |
1163 | 1262 |
1164 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { | 1263 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { |
1165 | 1264 |
1166 // This test verifies the happy path of JWK import, including the application | 1265 // This test verifies the happy path of JWK import, including the application |
1167 // of the imported key material. | 1266 // of the imported key material. |
1168 | 1267 |
1169 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1268 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1170 bool extractable = false; | 1269 bool extractable = false; |
1171 blink::WebCryptoAlgorithm algorithm = | 1270 blink::WebCryptoAlgorithm algorithm = |
1172 CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256); | 1271 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
1173 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; | 1272 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; |
1174 | 1273 |
1175 // Import a symmetric key JWK and HMAC-SHA256 sign() | 1274 // Import a symmetric key JWK and HMAC-SHA256 sign() |
1176 // Uses the first SHA256 test vector from the HMAC sample set above. | 1275 // Uses the first SHA256 test vector from the HMAC sample set above. |
1177 | 1276 |
1178 base::DictionaryValue dict; | 1277 base::DictionaryValue dict; |
1179 dict.SetString("kty", "oct"); | 1278 dict.SetString("kty", "oct"); |
1180 dict.SetString("alg", "HS256"); | 1279 dict.SetString("alg", "HS256"); |
1181 dict.SetString("use", "sig"); | 1280 dict.SetString("use", "sig"); |
1182 dict.SetBoolean("extractable", false); | 1281 dict.SetBoolean("extractable", false); |
1183 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1282 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1184 | 1283 |
1185 ASSERT_STATUS_SUCCESS( | 1284 ASSERT_STATUS_SUCCESS( |
1186 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); | 1285 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); |
1187 | 1286 |
1287 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1288 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
Ryan Sleevi
2014/02/25 22:26:26
ditto
| |
1289 key.algorithm().hmacParams()->hash().id()); | |
1290 #endif | |
1291 | |
1188 const std::vector<uint8> message_raw = HexStringToBytes( | 1292 const std::vector<uint8> message_raw = HexStringToBytes( |
1189 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | 1293 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
1190 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | 1294 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
1191 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | 1295 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
1192 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | 1296 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
1193 | 1297 |
1194 blink::WebArrayBuffer output; | 1298 blink::WebArrayBuffer output; |
1195 | 1299 |
1196 ASSERT_STATUS_SUCCESS(Sign(algorithm, key, CryptoData(message_raw), &output)); | 1300 ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), |
1301 key, | |
1302 CryptoData(message_raw), | |
1303 &output)); | |
1197 | 1304 |
1198 const std::string mac_raw = | 1305 const std::string mac_raw = |
1199 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1306 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1200 | 1307 |
1201 ExpectArrayBufferMatchesHex(mac_raw, output); | 1308 ExpectArrayBufferMatchesHex(mac_raw, output); |
1202 | 1309 |
1203 // TODO(padolph): Import an RSA public key JWK and use it | 1310 // TODO(padolph): Import an RSA public key JWK and use it |
1204 } | 1311 } |
1205 | 1312 |
1206 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1313 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
1207 // Passing case: Import a valid RSA key in SPKI format. | 1314 // Passing case: Import a valid RSA key in SPKI format. |
1208 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1315 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1209 ASSERT_STATUS_SUCCESS( | 1316 ASSERT_STATUS_SUCCESS( |
1210 ImportKey(blink::WebCryptoKeyFormatSpki, | 1317 ImportKey(blink::WebCryptoKeyFormatSpki, |
1211 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1318 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1212 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1319 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1213 true, | 1320 true, |
1214 blink::WebCryptoKeyUsageEncrypt, | 1321 blink::WebCryptoKeyUsageEncrypt, |
1215 &key)); | 1322 &key)); |
1216 EXPECT_TRUE(key.handle()); | 1323 EXPECT_TRUE(key.handle()); |
1217 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1324 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1218 EXPECT_TRUE(key.extractable()); | 1325 EXPECT_TRUE(key.extractable()); |
1219 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1326 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1327 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1328 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); | |
1329 ExpectCryptoDataMatchesHex( | |
1330 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | |
1331 #endif | |
1220 | 1332 |
1221 // Failing case: Empty SPKI data | 1333 // Failing case: Empty SPKI data |
1222 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1334 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
1223 ImportKey(blink::WebCryptoKeyFormatSpki, | 1335 ImportKey(blink::WebCryptoKeyFormatSpki, |
1224 CryptoData(std::vector<uint8>()), | 1336 CryptoData(std::vector<uint8>()), |
1225 blink::WebCryptoAlgorithm::createNull(), | 1337 blink::WebCryptoAlgorithm::createNull(), |
1226 true, | 1338 true, |
1227 blink::WebCryptoKeyUsageEncrypt, | 1339 blink::WebCryptoKeyUsageEncrypt, |
1228 &key)); | 1340 &key)); |
1229 | 1341 |
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1261 // and compare to original data. | 1373 // and compare to original data. |
1262 blink::WebArrayBuffer output; | 1374 blink::WebArrayBuffer output; |
1263 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 1375 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
1264 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); | 1376 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); |
1265 | 1377 |
1266 // Failing case: Try to export a previously imported RSA public key in raw | 1378 // Failing case: Try to export a previously imported RSA public key in raw |
1267 // format (not allowed for a public key). | 1379 // format (not allowed for a public key). |
1268 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 1380 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1269 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); | 1381 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
1270 | 1382 |
1271 // Failing case: Try to export a non-extractable key | 1383 // Try to export a non-extractable public key - should work, public keys are |
1384 // always extractable | |
1272 ASSERT_STATUS_SUCCESS( | 1385 ASSERT_STATUS_SUCCESS( |
1273 ImportKey(blink::WebCryptoKeyFormatSpki, | 1386 ImportKey(blink::WebCryptoKeyFormatSpki, |
1274 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1387 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1275 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1388 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1276 false, | 1389 false, |
1277 blink::WebCryptoKeyUsageEncrypt, | 1390 blink::WebCryptoKeyUsageEncrypt, |
1278 &key)); | 1391 &key)); |
1279 EXPECT_TRUE(key.handle()); | 1392 EXPECT_TRUE(key.handle()); |
1280 EXPECT_FALSE(key.extractable()); | 1393 EXPECT_TRUE(key.extractable()); |
1281 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), | 1394 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
1282 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | |
1283 } | 1395 } |
1284 | 1396 |
1285 TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) { | 1397 TEST_F(SharedCryptoTest, MAYBE(ImportPkcs8)) { |
1286 // Passing case: Import a valid RSA key in PKCS#8 format. | 1398 // Passing case: Import a valid RSA key in PKCS#8 format. |
1287 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1399 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1288 ASSERT_STATUS_SUCCESS( | 1400 ASSERT_STATUS_SUCCESS(ImportKey( |
1289 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1401 blink::WebCryptoKeyFormatPkcs8, |
1290 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 1402 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
1291 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1403 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1292 true, | 1404 blink::WebCryptoAlgorithmIdSha1), |
1293 blink::WebCryptoKeyUsageSign, | 1405 true, |
1294 &key)); | 1406 blink::WebCryptoKeyUsageSign, |
1407 &key)); | |
1295 EXPECT_TRUE(key.handle()); | 1408 EXPECT_TRUE(key.handle()); |
1296 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1409 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
1297 EXPECT_TRUE(key.extractable()); | 1410 EXPECT_TRUE(key.extractable()); |
1298 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1411 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
1412 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1413 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | |
1414 key.algorithm().rsaHashedParams()->hash().id()); | |
1415 EXPECT_EQ(kModulusLength, | |
1416 key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
1417 ExpectCryptoDataMatchesHex( | |
1418 "010001", | |
1419 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); | |
1420 #endif | |
1299 | 1421 |
1300 // Failing case: Empty PKCS#8 data | 1422 // Failing case: Empty PKCS#8 data |
1301 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1423 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
1302 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1424 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
1303 CryptoData(std::vector<uint8>()), | 1425 CryptoData(std::vector<uint8>()), |
1304 blink::WebCryptoAlgorithm::createNull(), | 1426 blink::WebCryptoAlgorithm::createNull(), |
1305 true, | 1427 true, |
1306 blink::WebCryptoKeyUsageSign, | 1428 blink::WebCryptoKeyUsageSign, |
1307 &key)); | 1429 &key)); |
1308 | 1430 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1344 const unsigned int modulus_length = 256; | 1466 const unsigned int modulus_length = 256; |
1345 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 1467 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
1346 blink::WebCryptoAlgorithm algorithm = | 1468 blink::WebCryptoAlgorithm algorithm = |
1347 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1469 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1348 modulus_length, | 1470 modulus_length, |
1349 public_exponent); | 1471 public_exponent); |
1350 bool extractable = false; | 1472 bool extractable = false; |
1351 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 1473 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
1352 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1474 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1353 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1475 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1354 EXPECT_STATUS_SUCCESS(GenerateKeyPair( | 1476 ASSERT_STATUS_SUCCESS(GenerateKeyPair( |
1355 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1477 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1356 EXPECT_FALSE(public_key.isNull()); | 1478 EXPECT_FALSE(public_key.isNull()); |
1357 EXPECT_FALSE(private_key.isNull()); | 1479 EXPECT_FALSE(private_key.isNull()); |
1358 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1480 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1359 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1481 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1360 EXPECT_TRUE(public_key.extractable()); | 1482 EXPECT_TRUE(public_key.extractable()); |
1361 EXPECT_EQ(extractable, private_key.extractable()); | 1483 EXPECT_EQ(extractable, private_key.extractable()); |
1362 EXPECT_EQ(usage_mask, public_key.usages()); | 1484 EXPECT_EQ(usage_mask, public_key.usages()); |
1363 EXPECT_EQ(usage_mask, private_key.usages()); | 1485 EXPECT_EQ(usage_mask, private_key.usages()); |
1364 | 1486 |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1415 EXPECT_FALSE(public_key.isNull()); | 1537 EXPECT_FALSE(public_key.isNull()); |
1416 EXPECT_FALSE(private_key.isNull()); | 1538 EXPECT_FALSE(private_key.isNull()); |
1417 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1539 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1418 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1540 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1419 EXPECT_TRUE(public_key.extractable()); | 1541 EXPECT_TRUE(public_key.extractable()); |
1420 EXPECT_EQ(extractable, private_key.extractable()); | 1542 EXPECT_EQ(extractable, private_key.extractable()); |
1421 EXPECT_EQ(usage_mask, public_key.usages()); | 1543 EXPECT_EQ(usage_mask, public_key.usages()); |
1422 EXPECT_EQ(usage_mask, private_key.usages()); | 1544 EXPECT_EQ(usage_mask, private_key.usages()); |
1423 | 1545 |
1424 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 1546 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
1425 algorithm = CreateRsaKeyGenAlgorithm( | 1547 algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, |
1426 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 1548 blink::WebCryptoAlgorithmIdSha256, |
1549 modulus_length, | |
1550 public_exponent); | |
1427 EXPECT_STATUS_SUCCESS(GenerateKeyPair( | 1551 EXPECT_STATUS_SUCCESS(GenerateKeyPair( |
1428 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1552 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1429 EXPECT_FALSE(public_key.isNull()); | 1553 EXPECT_FALSE(public_key.isNull()); |
1430 EXPECT_FALSE(private_key.isNull()); | 1554 EXPECT_FALSE(private_key.isNull()); |
1431 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1555 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1432 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1556 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1557 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1558 EXPECT_EQ(modulus_length, | |
1559 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
1560 EXPECT_EQ(modulus_length, | |
1561 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
1562 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
1563 public_key.algorithm().rsaHashedParams()->hash().id()); | |
1564 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
Ryan Sleevi
2014/02/25 22:26:26
why not |algorithm| here as well?
| |
1565 private_key.algorithm().rsaHashedParams()->hash().id()); | |
1566 #endif | |
1433 EXPECT_TRUE(public_key.extractable()); | 1567 EXPECT_TRUE(public_key.extractable()); |
1434 EXPECT_EQ(extractable, private_key.extractable()); | 1568 EXPECT_EQ(extractable, private_key.extractable()); |
1435 EXPECT_EQ(usage_mask, public_key.usages()); | 1569 EXPECT_EQ(usage_mask, public_key.usages()); |
1436 EXPECT_EQ(usage_mask, private_key.usages()); | 1570 EXPECT_EQ(usage_mask, private_key.usages()); |
1437 | 1571 |
1438 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 1572 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
1439 algorithm = | 1573 algorithm = |
1440 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1574 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1441 modulus_length, | 1575 blink::WebCryptoAlgorithmIdSha1, |
1442 public_exponent); | 1576 modulus_length, |
1577 public_exponent); | |
1443 EXPECT_STATUS_SUCCESS( | 1578 EXPECT_STATUS_SUCCESS( |
1444 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); | 1579 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); |
1445 EXPECT_FALSE(public_key.isNull()); | 1580 EXPECT_FALSE(public_key.isNull()); |
1446 EXPECT_FALSE(private_key.isNull()); | 1581 EXPECT_FALSE(private_key.isNull()); |
1447 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 1582 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
1448 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 1583 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
1584 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1585 EXPECT_EQ(modulus_length, | |
1586 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
1587 EXPECT_EQ(modulus_length, | |
1588 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
1589 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | |
1590 public_key.algorithm().rsaHashedParams()->hash().id()); | |
1591 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | |
Ryan Sleevi
2014/02/25 22:26:26
ditto
| |
1592 private_key.algorithm().rsaHashedParams()->hash().id()); | |
1593 #endif | |
1449 // Even though "extractable" was set to false, the public key remains | 1594 // Even though "extractable" was set to false, the public key remains |
1450 // extractable. | 1595 // extractable. |
1451 EXPECT_TRUE(public_key.extractable()); | 1596 EXPECT_TRUE(public_key.extractable()); |
1452 EXPECT_FALSE(private_key.extractable()); | 1597 EXPECT_FALSE(private_key.extractable()); |
1453 EXPECT_EQ(usage_mask, public_key.usages()); | 1598 EXPECT_EQ(usage_mask, public_key.usages()); |
1454 EXPECT_EQ(usage_mask, private_key.usages()); | 1599 EXPECT_EQ(usage_mask, private_key.usages()); |
1455 | 1600 |
1456 // Exporting a private key as SPKI format doesn't make sense. However this | 1601 // Exporting a private key as SPKI format doesn't make sense. However this |
1457 // will first fail because the key is not extractable. | 1602 // will first fail because the key is not extractable. |
1458 blink::WebArrayBuffer output; | 1603 blink::WebArrayBuffer output; |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1636 // consider? | 1781 // consider? |
1637 | 1782 |
1638 // Do a successful decrypt with good data just for confirmation. | 1783 // Do a successful decrypt with good data just for confirmation. |
1639 EXPECT_STATUS_SUCCESS(Decrypt( | 1784 EXPECT_STATUS_SUCCESS(Decrypt( |
1640 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | 1785 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
1641 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 1786 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
1642 } | 1787 } |
1643 | 1788 |
1644 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 1789 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
1645 // Import a key pair. | 1790 // Import a key pair. |
1646 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | 1791 blink::WebCryptoKeyUsageMask usage_mask = |
1647 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1792 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
1648 blink::WebCryptoAlgorithmIdSha1); | 1793 blink::WebCryptoAlgorithm importAlgorithm = |
1794 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
1795 blink::WebCryptoAlgorithmIdSha1); | |
1649 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1796 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1650 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1797 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1651 ImportRsaKeyPair( | 1798 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
1652 HexStringToBytes(kPublicKeySpkiDerHex), | 1799 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1653 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1800 importAlgorithm, |
1654 algorithm, | 1801 false, |
1655 false, | 1802 usage_mask, |
1656 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 1803 &public_key, |
1657 &public_key, | 1804 &private_key); |
1658 &private_key); | 1805 |
1806 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1807 blink::WebCryptoAlgorithm algorithm = | |
1808 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | |
1809 #else | |
1810 blink::WebCryptoAlgorithm algorithm = importAlgorithm; | |
1811 #endif | |
1659 | 1812 |
1660 blink::WebArrayBuffer signature; | 1813 blink::WebArrayBuffer signature; |
1661 bool signature_match; | 1814 bool signature_match; |
1662 | 1815 |
1663 // Compute a signature. | 1816 // Compute a signature. |
1664 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | 1817 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
1665 ASSERT_STATUS_SUCCESS( | 1818 ASSERT_STATUS_SUCCESS( |
1666 Sign(algorithm, private_key, CryptoData(data), &signature)); | 1819 Sign(algorithm, private_key, CryptoData(data), &signature)); |
1667 | 1820 |
1668 // Ensure truncated signature does not verify by passing one less byte. | 1821 // Ensure truncated signature does not verify by passing one less byte. |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1711 CryptoData(signature), | 1864 CryptoData(signature), |
1712 CryptoData(data), | 1865 CryptoData(data), |
1713 &signature_match)); | 1866 &signature_match)); |
1714 | 1867 |
1715 // Ensure that signing using a public key, rather than a private key, fails. | 1868 // Ensure that signing using a public key, rather than a private key, fails. |
1716 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), | 1869 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
1717 Sign(algorithm, public_key, CryptoData(data), &signature)); | 1870 Sign(algorithm, public_key, CryptoData(data), &signature)); |
1718 | 1871 |
1719 // Ensure that signing and verifying with an incompatible algorithm fails. | 1872 // Ensure that signing and verifying with an incompatible algorithm fails. |
1720 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1873 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1874 | |
1721 EXPECT_STATUS(Status::ErrorUnexpected(), | 1875 EXPECT_STATUS(Status::ErrorUnexpected(), |
1722 Sign(algorithm, private_key, CryptoData(data), &signature)); | 1876 Sign(algorithm, private_key, CryptoData(data), &signature)); |
1723 EXPECT_STATUS(Status::ErrorUnexpected(), | 1877 EXPECT_STATUS(Status::ErrorUnexpected(), |
1724 VerifySignature(algorithm, | 1878 VerifySignature(algorithm, |
1725 public_key, | 1879 public_key, |
1726 CryptoData(signature), | 1880 CryptoData(signature), |
1727 CryptoData(data), | 1881 CryptoData(data), |
1728 &signature_match)); | 1882 &signature_match)); |
1729 | 1883 |
1884 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1730 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash | 1885 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash |
1731 // based solely on the contents of the input signature data. In the Web Crypto | 1886 // based solely on the contents of the input signature data. In the Web Crypto |
1732 // implementation, the inner hash should be specified uniquely by the input | 1887 // implementation, the inner hash should be specified uniquely by the key |
1733 // algorithm parameter. To validate this behavior, call Verify with a computed | 1888 // algorithm parameter. To validate this behavior, call Verify with a computed |
1734 // signature that used one hash type (SHA-1), but pass in an algorithm with a | 1889 // signature that used one hash type (SHA-1), but pass in a key with a |
1735 // different inner hash type (SHA-256). If the hash type is determined by the | 1890 // different inner hash type (SHA-256). If the hash type is determined by the |
1736 // signature itself (undesired), the verify will pass, while if the hash type | 1891 // signature itself (undesired), the verify will pass, while if the hash type |
1737 // is specified by the input algorithm (desired), the verify will fail. | 1892 // is specified by the key algorithm (desired), the verify will fail. |
1738 | 1893 |
1739 // Compute a signature using SHA-1 as the inner hash. | 1894 // Compute a signature using SHA-1 as the inner hash. |
1740 EXPECT_STATUS_SUCCESS(Sign(CreateRsaAlgorithmWithInnerHash( | 1895 EXPECT_STATUS_SUCCESS( |
1741 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1896 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1742 blink::WebCryptoAlgorithmIdSha1), | 1897 private_key, |
1743 private_key, | 1898 CryptoData(data), |
1744 CryptoData(data), | 1899 &signature)); |
1745 &signature)); | 1900 |
1901 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); | |
1902 EXPECT_STATUS_SUCCESS(ImportKey( | |
1903 blink::WebCryptoKeyFormatSpki, | |
1904 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | |
1905 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
1906 blink::WebCryptoAlgorithmIdSha256), | |
1907 true, | |
1908 usage_mask, | |
1909 &public_key_256)); | |
1746 | 1910 |
1747 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The | 1911 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The |
1748 // signature should not verify. | 1912 // signature should not verify. |
1749 // NOTE: public_key was produced by generateKey, and so its associated | 1913 // NOTE: public_key was produced by generateKey, and so its associated |
1750 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | 1914 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
1751 // it has no inner hash to conflict with the input algorithm. | 1915 // it has no inner hash to conflict with the input algorithm. |
1916 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | |
1917 private_key.algorithm().rsaHashedParams()->hash().id()); | |
1918 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
1919 public_key_256.algorithm().rsaHashedParams()->hash().id()); | |
1920 | |
1752 bool is_match; | 1921 bool is_match; |
1753 EXPECT_STATUS_SUCCESS( | 1922 EXPECT_STATUS_SUCCESS(VerifySignature( |
1754 VerifySignature(CreateRsaAlgorithmWithInnerHash( | 1923 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1755 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1924 public_key_256, |
1756 blink::WebCryptoAlgorithmIdSha256), | 1925 CryptoData(signature), |
1757 public_key, | 1926 CryptoData(data), |
1758 CryptoData(signature), | 1927 &is_match)); |
1759 CryptoData(data), | |
1760 &is_match)); | |
1761 EXPECT_FALSE(is_match); | 1928 EXPECT_FALSE(is_match); |
1929 #endif | |
1762 } | 1930 } |
1763 | 1931 |
1764 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 1932 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
1765 scoped_ptr<base::ListValue> tests; | 1933 scoped_ptr<base::ListValue> tests; |
1766 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 1934 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
1767 | 1935 |
1768 // Import the key pair. | 1936 // Import the key pair. |
1769 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | 1937 blink::WebCryptoAlgorithm importAlgorithm = |
1770 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1938 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1771 blink::WebCryptoAlgorithmIdSha1); | 1939 blink::WebCryptoAlgorithmIdSha1); |
1772 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1940 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1773 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1941 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1774 ImportRsaKeyPair( | 1942 ImportRsaKeyPair( |
1775 HexStringToBytes(kPublicKeySpkiDerHex), | 1943 HexStringToBytes(kPublicKeySpkiDerHex), |
1776 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1944 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1777 algorithm, | 1945 importAlgorithm, |
1778 false, | 1946 false, |
1779 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 1947 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
1780 &public_key, | 1948 &public_key, |
1781 &private_key); | 1949 &private_key); |
1782 | 1950 |
1951 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM | |
1952 blink::WebCryptoAlgorithm algorithm = | |
1953 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | |
1954 #else | |
1955 const blink::WebCryptoAlgorithm& algorithm = importAlgorithm; | |
1956 #endif | |
1957 | |
1783 // Validate the signatures are computed and verified as expected. | 1958 // Validate the signatures are computed and verified as expected. |
1784 blink::WebArrayBuffer signature; | 1959 blink::WebArrayBuffer signature; |
1785 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 1960 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
1786 SCOPED_TRACE(test_index); | 1961 SCOPED_TRACE(test_index); |
1787 | 1962 |
1788 base::DictionaryValue* test; | 1963 base::DictionaryValue* test; |
1789 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 1964 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
1790 | 1965 |
1791 std::vector<uint8> test_message = | 1966 std::vector<uint8> test_message = |
1792 GetBytesFromHexString(test, "message_hex"); | 1967 GetBytesFromHexString(test, "message_hex"); |
(...skipping 215 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2008 test_cipher_text, | 2183 test_cipher_text, |
2009 test_authentication_tag, | 2184 test_authentication_tag, |
2010 &plain_text)); | 2185 &plain_text)); |
2011 } | 2186 } |
2012 } | 2187 } |
2013 } | 2188 } |
2014 | 2189 |
2015 } // namespace webcrypto | 2190 } // namespace webcrypto |
2016 | 2191 |
2017 } // namespace content | 2192 } // namespace content |
OLD | NEW |