[webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 33 matching lines @@
   ASSERT_EQ(expected.ToString(), (code).ToString())
 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
+// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
+// runtime dependency. Test it by trying to import a key.
+// TODO(padolph): Consider caching the result of the import key test.
+bool SupportsAesGcm() {
+  std::vector<uint8> key_raw(16, 0);
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
+                            CryptoData(key_raw),
+                            CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
+                            true,
+                            blink::WebCryptoKeyUsageEncrypt,
+                            &key);
+
+  if (status.IsError())
+    EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());

[eroman, 2014/03/13 22:31:13]

[optional] update this to use EXPECT_STATUS()

[padolph, 2014/03/13 22:39:34]

Done.

+  return status.IsSuccess();
+}
+
 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
     unsigned int modulus_length,
     const std::vector<uint8>& public_exponent) {
   DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       algorithm_id,
       new blink::WebCryptoRsaKeyGenParams(
           modulus_length,
           webcrypto::Uint8VectorStart(public_exponent),
@@ skipping 22 matching lines @@
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesCbc,
       new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size()));
 }
 
 // Creates and AES-GCM algorithm.
 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
     const std::vector<uint8>& iv,
     const std::vector<uint8>& additional_data,
     unsigned int tag_length_bits) {
+  DCHECK(SupportsAesGcm());

[eroman, 2014/03/13 22:31:13]

Instead of DCHECK() please use EXPECT_TRUE(). DCHECK() is only run for debug
builds, whereas EXPECT_TRUE() will give useful log messages for all builds.

[padolph, 2014/03/13 22:39:34]

Done.

   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesGcm,
       new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
                                        iv.size(),
                                        true,
                                        Uint8VectorStart(additional_data),
                                        additional_data.size(),
                                        true,
                                        tag_length_bits));
 }
@@ skipping 230 matching lines @@
 }
 
 blink::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm(
     unsigned short key_length_bits) {
   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesCbc,
                                   key_length_bits);
 }
 
 blink::WebCryptoAlgorithm CreateAesGcmKeyGenAlgorithm(
     unsigned short key_length_bits) {
+  DCHECK(SupportsAesGcm());

[eroman, 2014/03/13 22:31:13]

ditto

[padolph, 2014/03/13 22:39:34]

Done.

   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm,
                                   key_length_bits);
 }
 
 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm(
     unsigned short key_length_bits) {
   return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw,
                                   key_length_bits);
 }
 
@@ skipping 87 matching lines @@
                                   usage_mask,
                                   private_key));
   EXPECT_FALSE(private_key->isNull());
   EXPECT_TRUE(private_key->handle());
   EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
   EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
   EXPECT_EQ(extractable, extractable);
   EXPECT_EQ(usage_mask, private_key->usages());
 }
 
-// TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
-// runtime dependency. Test it by trying to import a key.
-bool SupportsAesGcm() {
-  std::vector<uint8> key_raw(16, 0);
-
-  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
-  Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
-                            CryptoData(key_raw),
-                            CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
-                            true,
-                            blink::WebCryptoKeyUsageEncrypt,
-                            &key);
-
-  if (status.IsError())
-    EXPECT_EQ(Status::ErrorUnsupported().ToString(), status.ToString());
-  return status.IsSuccess();
-}
-
 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
                      const std::vector<uint8>& iv,
                      const std::vector<uint8>& additional_data,
                      unsigned int tag_length_bits,
                      const std::vector<uint8>& plain_text,
                      std::vector<uint8>* cipher_text,
                      std::vector<uint8>* authentication_tag) {
+  DCHECK(SupportsAesGcm());
   blink::WebCryptoAlgorithm algorithm =
       CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
 
   blink::WebArrayBuffer output;
   Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
   if (status.IsError())
     return status;
 
   if (output.byteLength() * 8 < tag_length_bits) {
     EXPECT_TRUE(false);
@@ skipping 11 matching lines @@
   return Status::Success();
 }
 
 Status AesGcmDecrypt(const blink::WebCryptoKey& key,
                      const std::vector<uint8>& iv,
                      const std::vector<uint8>& additional_data,
                      unsigned int tag_length_bits,
                      const std::vector<uint8>& cipher_text,
                      const std::vector<uint8>& authentication_tag,
                      blink::WebArrayBuffer* plain_text) {
+  DCHECK(SupportsAesGcm());
   blink::WebCryptoAlgorithm algorithm =
       CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
 
   // Join cipher text and authentication tag.
   std::vector<uint8> cipher_text_with_tag;
   cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size());
   cipher_text_with_tag.insert(
       cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end());
   cipher_text_with_tag.insert(cipher_text_with_tag.end(),
                               authentication_tag.begin(),
                               authentication_tag.end());
 
   return Decrypt(algorithm, key, CryptoData(cipher_text_with_tag), plain_text);
 }
 
 Status ImportKeyJwkFromDict(const base::DictionaryValue& dict,
                             const blink::WebCryptoAlgorithm& algorithm,
                             bool extractable,
                             blink::WebCryptoKeyUsageMask usage_mask,
                             blink::WebCryptoKey* key) {
   return ImportKeyJwk(CryptoData(MakeJsonVector(dict)),
                       algorithm,
                       extractable,
                       usage_mask,
                       key);
 }
 
 }  // namespace
 
+TEST_F(SharedCryptoTest, CheckAesGcm) {
+    if (!SupportsAesGcm()) {
+      LOG(WARNING) << "AES GCM not supported on this platform, so some tests "
+          "will be skipped. Consider upgrading local NSS libraries";
+      return;
+    }
+}
+
 TEST_F(SharedCryptoTest, StatusToString) {
   EXPECT_EQ("Success", Status::Success().ToString());
   EXPECT_EQ("", Status::Error().ToString());
   EXPECT_EQ("The requested operation is unsupported",
             Status::ErrorUnsupported().ToString());
   EXPECT_EQ("The required JWK property \"kty\" was missing",
             Status::ErrorJwkPropertyMissing("kty").ToString());
   EXPECT_EQ("The JWK property \"kty\" must be a string",
             Status::ErrorJwkPropertyWrongType("kty", "string").ToString());
   EXPECT_EQ("The JWK property \"n\" could not be base64 decoded",
@@ skipping 259 matching lines @@
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
   // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
   // allowed key length.
   std::vector<blink::WebCryptoAlgorithm> algorithm;
   const unsigned short kKeyLength[] = {128, 192, 256};
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
     algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
-    algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
     algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
+    if (SupportsAesGcm())

[eroman, 2014/03/13 22:31:13]

Interesting. So generating AES-GCM key works without GCM support, however import
doesn't.

Yuck! I look forward to when Chromium has moved off NSS alltogether and we can
rely on a particular version of OpenSSL :(

[padolph, 2014/03/13 22:39:34]

Yes, appears so. Strange.
Hmm. Something tells me I might be working on project for a long time. :-)

+      algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
   }
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   std::vector<blink::WebArrayBuffer> keys;
   blink::WebArrayBuffer key_bytes;
   for (size_t i = 0; i < algorithm.size(); ++i) {
     SCOPED_TRACE(i);
     // Generate a small sample of keys.
     keys.clear();
     for (int j = 0; j < 16; ++j) {
       ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key));
@@ skipping 14 matching lines @@
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
   const unsigned short kKeyLen[] = {0, 127, 257};
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
     SCOPED_TRACE(i);
     EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
                   GenerateSecretKey(
                       CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
     EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
                   GenerateSecretKey(
-                      CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
-    EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
-                  GenerateSecretKey(
                       CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
+    if (SupportsAesGcm()) {
+      EXPECT_STATUS(Status::ErrorGenerateKeyLength(),
+          GenerateSecretKey(
+              CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
+    }
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) {
   // Generate a small sample of HMAC keys.
   std::vector<blink::WebArrayBuffer> keys;
   for (int i = 0; i < 16; ++i) {
     blink::WebArrayBuffer key_bytes;
     blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
     blink::WebCryptoAlgorithm algorithm =
@@ skipping 45 matching lines @@
   EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes("00000000000000000000")),
                           blink::WebCryptoAlgorithm::createNull(),
                           true,
                           blink::WebCryptoKeyUsageEncrypt,
                           &key));
 }
 
 TEST_F(SharedCryptoTest, ImportJwkFailures) {
-
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
 
   // Baseline pass: each test below breaks a single item, so we start with a
   // passing case to make sure each failure is caused by the isolated break.
   // Each breaking subtest below resets the dictionary to this passing case when
   // complete.
   base::DictionaryValue dict;
@@ skipping 65 matching lines @@
   RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid extractable (wrong type).
   dict.SetInteger("extractable", 0);
   EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("extractable", "boolean"),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
-
   base::DictionaryValue dict;
   RestoreJwkOctDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // Baseline pass.
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
@@ skipping 31 matching lines @@
 
   // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
   // value (128) for an AES key.
   dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
   EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(),
                 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   RestoreJwkOctDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
-
   base::DictionaryValue dict;
   RestoreJwkRsaDictionary(&dict);
   blink::WebCryptoAlgorithm algorithm =
       CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
   // entry, while an RSA private key must have those plus at least a "d"
   // (private exponent) entry.
   // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
   // section 6.3.
 
   // Baseline pass.
   EXPECT_STATUS_SUCCESS(
       ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
   EXPECT_EQ(algorithm.id(), key.algorithm().id());
   EXPECT_FALSE(key.extractable());
   EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
   EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
 
   // The following are specific failure cases for when kty = "RSA".
 
   // Fail if either "n" or "e" is not present or malformed.
   const std::string kKtyParmName[] = {"n", "e"};
   for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
-
     // Fail on missing parameter.
     dict.Remove(kKtyParmName[idx], NULL);
     EXPECT_STATUS_ERROR(
         ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on bad b64 parameter encoding.
     dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
     EXPECT_STATUS_ERROR(
         ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
@@ skipping 128 matching lines @@
       ImportKeyJwk(
           CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
 
   // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
   // only certain alg values are permitted. For example, when kty = "RSA" alg
   // must be of the RSA family, or when kty = "oct" alg must be symmetric
   // algorithm.
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) {
-
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign;
 
   // Import a symmetric key JWK and HMAC-SHA256 sign()
@@ skipping 1225 matching lines @@
                           wrapping_algorithm,
                           key_algorithm,
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &unwrapped_key));
 }
 
 }  // namespace webcrypto
 
 }  // namespace content