OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
18 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
19 #include "base/values.h" | 19 #include "base/strings/string_util.h" |
20 #include "content/child/webcrypto/crypto_data.h" | 20 #include "content/child/webcrypto/crypto_data.h" |
21 #include "content/child/webcrypto/webcrypto_util.h" | 21 #include "content/child/webcrypto/webcrypto_util.h" |
22 #include "content/public/common/content_paths.h" | 22 #include "content/public/common/content_paths.h" |
23 #include "testing/gtest/include/gtest/gtest.h" | 23 #include "testing/gtest/include/gtest/gtest.h" |
24 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 24 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
25 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 25 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
27 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
28 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 28 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
29 #include "third_party/re2/re2/re2.h" | 29 #include "third_party/re2/re2/re2.h" |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
147 | 147 |
148 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, | 148 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, |
149 const CryptoData& actual) { | 149 const CryptoData& actual) { |
150 EXPECT_STRCASEEQ( | 150 EXPECT_STRCASEEQ( |
151 expected_hex.c_str(), | 151 expected_hex.c_str(), |
152 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); | 152 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); |
153 } | 153 } |
154 | 154 |
155 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 155 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, |
156 const blink::WebArrayBuffer& array_buffer) { | 156 const blink::WebArrayBuffer& array_buffer) { |
157 return ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer)); | 157 ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer)); |
158 } | 158 } |
159 | 159 |
160 void ExpectVectorMatches(const std::vector<uint8>& expected, | 160 void ExpectVectorMatches(const std::vector<uint8>& expected, |
161 const std::vector<uint8>& actual) { | 161 const std::vector<uint8>& actual) { |
162 EXPECT_EQ( | 162 EXPECT_EQ( |
163 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | 163 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), |
164 base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size())); | 164 base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size())); |
165 } | 165 } |
166 | 166 |
167 std::vector<uint8> MakeJsonVector(const std::string& json_string) { | 167 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
(...skipping 105 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
273 return blink::WebCryptoAlgorithm::createNull(); | 273 return blink::WebCryptoAlgorithm::createNull(); |
274 } | 274 } |
275 | 275 |
276 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON | 276 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON |
277 // dictionary to a good state | 277 // dictionary to a good state |
278 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { | 278 void RestoreJwkOctDictionary(base::DictionaryValue* dict) { |
279 dict->Clear(); | 279 dict->Clear(); |
280 dict->SetString("kty", "oct"); | 280 dict->SetString("kty", "oct"); |
281 dict->SetString("alg", "A128CBC"); | 281 dict->SetString("alg", "A128CBC"); |
282 dict->SetString("use", "enc"); | 282 dict->SetString("use", "enc"); |
283 dict->SetBoolean("extractable", false); | 283 dict->SetBoolean("ext", false); |
284 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 284 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
285 } | 285 } |
286 | 286 |
287 // Helper for ImportJwkRsaFailures. Restores the JWK JSON | 287 // Helper for ImportJwkRsaFailures. Restores the JWK JSON |
288 // dictionary to a good state | 288 // dictionary to a good state |
289 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { | 289 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { |
290 dict->Clear(); | 290 dict->Clear(); |
291 dict->SetString("kty", "RSA"); | 291 dict->SetString("kty", "RSA"); |
292 dict->SetString("alg", "RSA1_5"); | 292 dict->SetString("alg", "RSA1_5"); |
293 dict->SetString("use", "enc"); | 293 dict->SetString("use", "enc"); |
294 dict->SetBoolean("extractable", false); | 294 dict->SetBoolean("ext", false); |
295 dict->SetString( | 295 dict->SetString( |
296 "n", | 296 "n", |
297 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 297 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
298 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 298 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
299 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 299 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
300 dict->SetString("e", "AQAB"); | 300 dict->SetString("e", "AQAB"); |
301 } | 301 } |
302 | 302 |
303 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( | 303 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( |
304 blink::WebCryptoAlgorithmId algorithm_id, | 304 blink::WebCryptoAlgorithmId algorithm_id, |
(...skipping 222 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
527 bool extractable, | 527 bool extractable, |
528 blink::WebCryptoKeyUsageMask usage_mask, | 528 blink::WebCryptoKeyUsageMask usage_mask, |
529 blink::WebCryptoKey* key) { | 529 blink::WebCryptoKey* key) { |
530 return ImportKeyJwk(CryptoData(MakeJsonVector(dict)), | 530 return ImportKeyJwk(CryptoData(MakeJsonVector(dict)), |
531 algorithm, | 531 algorithm, |
532 extractable, | 532 extractable, |
533 usage_mask, | 533 usage_mask, |
534 key); | 534 key); |
535 } | 535 } |
536 | 536 |
537 // Parses an ArrayBuffer of JSON into a dictionary. | |
538 scoped_ptr<base::DictionaryValue> GetJwkDictionary( | |
539 const blink::WebArrayBuffer& json) { | |
540 base::StringPiece json_string(reinterpret_cast<const char*>(json.data()), | |
541 json.byteLength()); | |
542 base::Value* value = base::JSONReader::Read(json_string); | |
543 EXPECT_TRUE(value); | |
544 base::DictionaryValue* dict_value = NULL; | |
545 value->GetAsDictionary(&dict_value); | |
546 return scoped_ptr<base::DictionaryValue>(dict_value); | |
547 } | |
548 | |
549 // Verifies that the JSON in the input ArrayBuffer contains the provided | |
550 // expected values. Exact matches are required on the fields examined. | |
551 ::testing::AssertionResult VerifySymmetricJwk( | |
552 const blink::WebArrayBuffer& json, | |
553 const std::string& alg_expected, | |
554 const std::string& k_expected_hex, | |
555 blink::WebCryptoKeyUsageMask use_mask_expected) { | |
556 | |
557 scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json); | |
558 if (!dict.get() || dict->empty()) | |
559 return ::testing::AssertionFailure() << "JSON parsing failed"; | |
560 | |
561 // ---- kty | |
562 std::string value_string; | |
563 if (!dict->GetString("kty", &value_string)) | |
564 return ::testing::AssertionFailure() << "Missing 'kty'"; | |
565 if (value_string != "oct") | |
566 return ::testing::AssertionFailure() | |
567 << "Expected 'kty' to be 'oct' but found " << value_string; | |
568 | |
569 // ---- alg | |
570 if (!dict->GetString("alg", &value_string)) | |
571 return ::testing::AssertionFailure() << "Missing 'alg'"; | |
572 if (value_string != alg_expected) | |
573 return ::testing::AssertionFailure() << "Expected 'alg' to be " | |
574 << alg_expected << " but found " | |
575 << value_string; | |
576 | |
577 // ---- k | |
578 if (!dict->GetString("k", &value_string)) | |
579 return ::testing::AssertionFailure() << "Missing 'k'"; | |
580 std::string k_value; | |
581 if (!webcrypto::Base64DecodeUrlSafe(value_string, &k_value)) | |
582 return ::testing::AssertionFailure() << "Base64DecodeUrlSafe(k) failed"; | |
583 if (!LowerCaseEqualsASCII(base::HexEncode(k_value.data(), k_value.size()), | |
584 k_expected_hex.c_str())) { | |
585 return ::testing::AssertionFailure() << "Expected 'k' to be " | |
586 << k_expected_hex | |
587 << " but found something different"; | |
588 } | |
589 // ---- ext | |
590 // always expect ext == true in this case | |
591 bool ext_value; | |
592 if (!dict->GetBoolean("ext", &ext_value)) | |
593 return ::testing::AssertionFailure() << "Missing 'ext'"; | |
594 if (!ext_value) | |
595 return ::testing::AssertionFailure() | |
596 << "Expected 'ext' to be true but found false"; | |
597 | |
598 // ---- key_ops | |
599 base::ListValue* key_ops; | |
600 if (!dict->GetList("key_ops", &key_ops)) | |
601 return ::testing::AssertionFailure() << "Missing 'key_ops'"; | |
602 blink::WebCryptoKeyUsageMask key_ops_mask = 0; | |
603 Status status = GetWebCryptoUsagesFromJwkKeyOps(key_ops, &key_ops_mask); | |
604 if (status.IsError()) | |
605 return ::testing::AssertionFailure() << "Failure extracting 'key_ops'"; | |
606 if (key_ops_mask != use_mask_expected) | |
607 return ::testing::AssertionFailure() | |
608 << "Expected 'key_ops' mask to be " << use_mask_expected | |
609 << " but found " << key_ops_mask << " (" << value_string << ")"; | |
610 | |
611 return ::testing::AssertionSuccess(); | |
612 } | |
613 | |
537 } // namespace | 614 } // namespace |
538 | 615 |
539 TEST_F(SharedCryptoTest, StatusToString) { | 616 TEST_F(SharedCryptoTest, StatusToString) { |
540 EXPECT_EQ("Success", Status::Success().ToString()); | 617 EXPECT_EQ("Success", Status::Success().ToString()); |
541 EXPECT_EQ("", Status::Error().ToString()); | 618 EXPECT_EQ("", Status::Error().ToString()); |
542 EXPECT_EQ("The requested operation is unsupported", | 619 EXPECT_EQ("The requested operation is unsupported", |
543 Status::ErrorUnsupported().ToString()); | 620 Status::ErrorUnsupported().ToString()); |
544 EXPECT_EQ("The required JWK property \"kty\" was missing", | 621 EXPECT_EQ("The required JWK property \"kty\" was missing", |
545 Status::ErrorJwkPropertyMissing("kty").ToString()); | 622 Status::ErrorJwkPropertyMissing("kty").ToString()); |
546 EXPECT_EQ("The JWK property \"kty\" must be a string", | 623 EXPECT_EQ("The JWK property \"kty\" must be a string", |
(...skipping 19 matching lines...) Expand all Loading... | |
566 blink::WebArrayBuffer output; | 643 blink::WebArrayBuffer output; |
567 ASSERT_STATUS_SUCCESS( | 644 ASSERT_STATUS_SUCCESS( |
568 Digest(test_algorithm, CryptoData(test_input), &output)); | 645 Digest(test_algorithm, CryptoData(test_input), &output)); |
569 EXPECT_TRUE(ArrayBufferMatches(test_output, output)); | 646 EXPECT_TRUE(ArrayBufferMatches(test_output, output)); |
570 } | 647 } |
571 } | 648 } |
572 | 649 |
573 TEST_F(SharedCryptoTest, HMACSampleSets) { | 650 TEST_F(SharedCryptoTest, HMACSampleSets) { |
574 scoped_ptr<base::ListValue> tests; | 651 scoped_ptr<base::ListValue> tests; |
575 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); | 652 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); |
576 | 653 // TODO(padolph): Missing known answer tests for HMAC SHA224, SHA384, and |
654 // SHA512. | |
577 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 655 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
578 SCOPED_TRACE(test_index); | 656 SCOPED_TRACE(test_index); |
579 base::DictionaryValue* test; | 657 base::DictionaryValue* test; |
580 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 658 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
581 | 659 |
582 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); | 660 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash"); |
583 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 661 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
584 const std::vector<uint8> test_message = | 662 const std::vector<uint8> test_message = |
585 GetBytesFromHexString(test, "message"); | 663 GetBytesFromHexString(test, "message"); |
586 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); | 664 const std::vector<uint8> test_mac = GetBytesFromHexString(test, "mac"); |
(...skipping 325 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
912 // This fails because the algorithm is null. | 990 // This fails because the algorithm is null. |
913 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), | 991 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), |
914 ImportKey(blink::WebCryptoKeyFormatRaw, | 992 ImportKey(blink::WebCryptoKeyFormatRaw, |
915 CryptoData(HexStringToBytes("00000000000000000000")), | 993 CryptoData(HexStringToBytes("00000000000000000000")), |
916 blink::WebCryptoAlgorithm::createNull(), | 994 blink::WebCryptoAlgorithm::createNull(), |
917 true, | 995 true, |
918 blink::WebCryptoKeyUsageEncrypt, | 996 blink::WebCryptoKeyUsageEncrypt, |
919 &key)); | 997 &key)); |
920 } | 998 } |
921 | 999 |
1000 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) { | |
1001 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
1002 base::DictionaryValue dict; | |
1003 dict.SetString("kty", "oct"); | |
1004 dict.SetBoolean("ext", false); | |
1005 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | |
1006 const blink::WebCryptoAlgorithm aes_cbc_algorithm = | |
1007 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | |
1008 const blink::WebCryptoAlgorithm hmac_algorithm = | |
1009 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | |
1010 const blink::WebCryptoAlgorithm aes_kw_algorithm = | |
1011 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | |
1012 | |
1013 // Test null usage. | |
1014 base::ListValue* key_ops = new base::ListValue; | |
1015 // Note: the following call makes dict assume ownership of key_ops. | |
1016 dict.Set("key_ops", key_ops); | |
1017 EXPECT_STATUS_SUCCESS( | |
1018 ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key)); | |
1019 EXPECT_EQ(0, key.usages()); | |
1020 | |
1021 // Test each key_ops value translates to the correct Web Crypto value. | |
1022 struct TestCase { | |
1023 const char* jwk_key_op; | |
1024 const char* jwk_alg; | |
1025 const blink::WebCryptoAlgorithm algorithm; | |
1026 const blink::WebCryptoKeyUsage usage; | |
1027 }; | |
1028 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. | |
1029 const TestCase test_case[] = { | |
1030 {"encrypt", "A128CBC", aes_cbc_algorithm, | |
1031 blink::WebCryptoKeyUsageEncrypt}, | |
1032 {"decrypt", "A128CBC", aes_cbc_algorithm, | |
1033 blink::WebCryptoKeyUsageDecrypt}, | |
1034 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, | |
1035 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, | |
1036 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, | |
1037 {"unwrapKey", "A128KW", aes_kw_algorithm, | |
1038 blink::WebCryptoKeyUsageUnwrapKey}, | |
1039 {"deriveKey", "HS256", hmac_algorithm, | |
1040 blink::WebCryptoKeyUsageDeriveKey}}; | |
1041 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(test_case); ++i) { | |
eroman
2014/03/10 21:55:34
consider calling this test_index for consistency.
padolph
2014/03/11 01:27:53
Done.
| |
1042 SCOPED_TRACE(i); | |
1043 dict.SetString("alg", test_case[i].jwk_alg); | |
1044 key_ops->Clear(); | |
1045 key_ops->AppendString(test_case[i].jwk_key_op); | |
1046 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | |
1047 dict, test_case[i].algorithm, false, test_case[i].usage, &key)); | |
1048 EXPECT_EQ(test_case[i].usage, key.usages()); | |
1049 } | |
1050 | |
1051 // Test discrete multiple usages. | |
1052 dict.SetString("alg", "A128CBC"); | |
1053 key_ops->Clear(); | |
1054 key_ops->AppendString("encrypt"); | |
1055 key_ops->AppendString("decrypt"); | |
1056 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | |
1057 dict, | |
1058 aes_cbc_algorithm, | |
1059 false, | |
1060 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, | |
1061 &key)); | |
1062 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, | |
1063 key.usages()); | |
1064 | |
1065 // Test constrained key usage (input usage is a subset of JWK usage). | |
1066 key_ops->Clear(); | |
1067 key_ops->AppendString("encrypt"); | |
1068 key_ops->AppendString("decrypt"); | |
1069 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | |
1070 dict, aes_cbc_algorithm, false, blink::WebCryptoKeyUsageDecrypt, &key)); | |
1071 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages()); | |
1072 | |
1073 // Test failure if input usage is NOT a strict subset of the JWK usage. | |
1074 key_ops->Clear(); | |
1075 key_ops->AppendString("encrypt"); | |
1076 EXPECT_STATUS(Status::ErrorJwkKeyopsInconsistent(), | |
1077 ImportKeyJwkFromDict(dict, | |
1078 aes_cbc_algorithm, | |
1079 false, | |
1080 blink::WebCryptoKeyUsageEncrypt | | |
1081 blink::WebCryptoKeyUsageDecrypt, | |
1082 &key)); | |
1083 | |
1084 // Test 'use' inconsistent with 'key_ops'. | |
1085 dict.SetString("alg", "HS256"); | |
1086 dict.SetString("use", "sig"); | |
1087 key_ops->AppendString("sign"); | |
1088 key_ops->AppendString("verify"); | |
1089 key_ops->AppendString("encrypt"); | |
1090 EXPECT_STATUS(Status::ErrorJwkUseAndKeyopsInconsistent(), | |
1091 ImportKeyJwkFromDict(dict, | |
1092 hmac_algorithm, | |
1093 false, | |
1094 blink::WebCryptoKeyUsageSign | | |
1095 blink::WebCryptoKeyUsageVerify, | |
1096 &key)); | |
1097 | |
1098 // Test JWK composite 'sig' use | |
1099 dict.Remove("key_ops", NULL); | |
1100 dict.SetString("use", "sig"); | |
1101 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | |
1102 dict, | |
1103 hmac_algorithm, | |
1104 false, | |
1105 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | |
1106 &key)); | |
1107 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | |
1108 key.usages()); | |
1109 | |
1110 // Test JWK composite use 'enc' usage | |
1111 dict.SetString("alg", "A128CBC"); | |
1112 dict.SetString("use", "enc"); | |
1113 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | |
1114 dict, | |
1115 aes_cbc_algorithm, | |
1116 false, | |
1117 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | |
1118 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey | | |
1119 blink::WebCryptoKeyUsageDeriveKey, | |
1120 &key)); | |
1121 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | |
1122 blink::WebCryptoKeyUsageWrapKey | | |
1123 blink::WebCryptoKeyUsageUnwrapKey | | |
1124 blink::WebCryptoKeyUsageDeriveKey, | |
1125 key.usages()); | |
1126 } | |
1127 | |
922 TEST_F(SharedCryptoTest, ImportJwkFailures) { | 1128 TEST_F(SharedCryptoTest, ImportJwkFailures) { |
923 | 1129 |
924 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1130 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
925 blink::WebCryptoAlgorithm algorithm = | 1131 blink::WebCryptoAlgorithm algorithm = |
926 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1132 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
927 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1133 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
928 | 1134 |
929 // Baseline pass: each test below breaks a single item, so we start with a | 1135 // Baseline pass: each test below breaks a single item, so we start with a |
930 // passing case to make sure each failure is caused by the isolated break. | 1136 // passing case to make sure each failure is caused by the isolated break. |
931 // Each breaking subtest below resets the dictionary to this passing case when | 1137 // Each breaking subtest below resets the dictionary to this passing case when |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
981 RestoreJwkOctDictionary(&dict); | 1187 RestoreJwkOctDictionary(&dict); |
982 | 1188 |
983 // Fail on kty wrong type. | 1189 // Fail on kty wrong type. |
984 dict.SetDouble("kty", 0.1); | 1190 dict.SetDouble("kty", 0.1); |
985 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"), | 1191 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"), |
986 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1192 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
987 RestoreJwkOctDictionary(&dict); | 1193 RestoreJwkOctDictionary(&dict); |
988 | 1194 |
989 // Fail on invalid use. | 1195 // Fail on invalid use. |
990 dict.SetString("use", "foo"); | 1196 dict.SetString("use", "foo"); |
991 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUsage(), | 1197 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUse(), |
992 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1198 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
993 RestoreJwkOctDictionary(&dict); | 1199 RestoreJwkOctDictionary(&dict); |
994 | 1200 |
995 // Fail on invalid use (wrong type). | 1201 // Fail on invalid use (wrong type). |
996 dict.SetBoolean("use", true); | 1202 dict.SetBoolean("use", true); |
997 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"), | 1203 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"), |
998 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1204 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
999 RestoreJwkOctDictionary(&dict); | 1205 RestoreJwkOctDictionary(&dict); |
1000 | 1206 |
1001 // Fail on invalid extractable (wrong type). | 1207 // Fail on invalid extractable (wrong type). |
1002 dict.SetInteger("extractable", 0); | 1208 dict.SetInteger("ext", 0); |
1003 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("extractable", "boolean"), | 1209 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("ext", "boolean"), |
1210 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | |
1211 RestoreJwkOctDictionary(&dict); | |
1212 | |
1213 // Fail on invalid key_ops (wrong type). | |
1214 dict.SetBoolean("key_ops", true); | |
1215 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("key_ops", "list"), | |
1216 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | |
1217 RestoreJwkOctDictionary(&dict); | |
1218 | |
1219 // Fail on invalid key_ops (wrong element value). | |
1220 base::ListValue* key_ops = new base::ListValue; | |
1221 // Note: the following call makes dict assume ownership of key_ops. | |
1222 dict.Set("key_ops", key_ops); | |
1223 key_ops->AppendString("foo"); | |
1224 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKeyop(), | |
1004 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1225 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
1005 RestoreJwkOctDictionary(&dict); | 1226 RestoreJwkOctDictionary(&dict); |
1006 } | 1227 } |
1007 | 1228 |
1008 TEST_F(SharedCryptoTest, ImportJwkOctFailures) { | 1229 TEST_F(SharedCryptoTest, ImportJwkOctFailures) { |
1009 | 1230 |
1010 base::DictionaryValue dict; | 1231 base::DictionaryValue dict; |
1011 RestoreJwkOctDictionary(&dict); | 1232 RestoreJwkOctDictionary(&dict); |
1012 blink::WebCryptoAlgorithm algorithm = | 1233 blink::WebCryptoAlgorithm algorithm = |
1013 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1234 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
(...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1138 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); | 1359 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
1139 key = blink::WebCryptoKey::createNull(); | 1360 key = blink::WebCryptoKey::createNull(); |
1140 | 1361 |
1141 // Consistency rules when JWK value exists: Fail if inconsistency is found. | 1362 // Consistency rules when JWK value exists: Fail if inconsistency is found. |
1142 | 1363 |
1143 // Pass: All input values are consistent with the JWK values. | 1364 // Pass: All input values are consistent with the JWK values. |
1144 dict.Clear(); | 1365 dict.Clear(); |
1145 dict.SetString("kty", "oct"); | 1366 dict.SetString("kty", "oct"); |
1146 dict.SetString("alg", "HS256"); | 1367 dict.SetString("alg", "HS256"); |
1147 dict.SetString("use", "sig"); | 1368 dict.SetString("use", "sig"); |
1148 dict.SetBoolean("extractable", false); | 1369 dict.SetBoolean("ext", false); |
1149 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1370 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1150 json_vec = MakeJsonVector(dict); | 1371 json_vec = MakeJsonVector(dict); |
1151 EXPECT_STATUS_SUCCESS(ImportKeyJwk( | 1372 EXPECT_STATUS_SUCCESS(ImportKeyJwk( |
1152 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); | 1373 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); |
1153 | 1374 |
1154 // Extractable cases: | 1375 // Extractable cases: |
1155 // 1. input=T, JWK=F ==> fail (inconsistent) | 1376 // 1. input=T, JWK=F ==> fail (inconsistent) |
1156 // 4. input=F, JWK=F ==> pass, result extractable is F | 1377 // 4. input=F, JWK=F ==> pass, result extractable is F |
1157 // 2. input=T, JWK=T ==> pass, result extractable is T | 1378 // 2. input=T, JWK=T ==> pass, result extractable is T |
1158 // 3. input=F, JWK=T ==> pass, result extractable is F | 1379 // 3. input=F, JWK=T ==> pass, result extractable is F |
1159 EXPECT_STATUS( | 1380 EXPECT_STATUS( |
1160 Status::ErrorJwkExtractableInconsistent(), | 1381 Status::ErrorJwkExtInconsistent(), |
1161 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key)); | 1382 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key)); |
1162 EXPECT_STATUS_SUCCESS( | 1383 EXPECT_STATUS_SUCCESS( |
1163 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key)); | 1384 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key)); |
1164 EXPECT_FALSE(key.extractable()); | 1385 EXPECT_FALSE(key.extractable()); |
1165 dict.SetBoolean("extractable", true); | 1386 dict.SetBoolean("ext", true); |
1166 EXPECT_STATUS_SUCCESS( | 1387 EXPECT_STATUS_SUCCESS( |
1167 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); | 1388 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); |
1168 EXPECT_TRUE(key.extractable()); | 1389 EXPECT_TRUE(key.extractable()); |
1169 EXPECT_STATUS_SUCCESS( | 1390 EXPECT_STATUS_SUCCESS( |
1170 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1391 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
1171 EXPECT_FALSE(key.extractable()); | 1392 EXPECT_FALSE(key.extractable()); |
1172 dict.SetBoolean("extractable", true); // restore previous value | 1393 dict.SetBoolean("ext", true); // restore previous value |
1173 | 1394 |
1174 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | 1395 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
1175 // (HMAC SHA256). | 1396 // (HMAC SHA256). |
1176 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), | 1397 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), |
1177 ImportKeyJwk(CryptoData(json_vec), | 1398 ImportKeyJwk(CryptoData(json_vec), |
1178 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1399 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1179 extractable, | 1400 extractable, |
1180 usage_mask, | 1401 usage_mask, |
1181 &key)); | 1402 &key)); |
1182 | 1403 |
(...skipping 21 matching lines...) Expand all Loading... | |
1204 dict, | 1425 dict, |
1205 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), | 1426 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), |
1206 extractable, | 1427 extractable, |
1207 usage_mask, | 1428 usage_mask, |
1208 &key)); | 1429 &key)); |
1209 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1430 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1210 dict.SetString("alg", "HS256"); | 1431 dict.SetString("alg", "HS256"); |
1211 | 1432 |
1212 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | 1433 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
1213 // (sign|verify) | 1434 // (sign|verify) |
1214 EXPECT_STATUS(Status::ErrorJwkUsageInconsistent(), | 1435 EXPECT_STATUS(Status::ErrorJwkUseInconsistent(), |
1215 ImportKeyJwk(CryptoData(json_vec), | 1436 ImportKeyJwk(CryptoData(json_vec), |
1216 algorithm, | 1437 algorithm, |
1217 extractable, | 1438 extractable, |
1218 blink::WebCryptoKeyUsageEncrypt, | 1439 blink::WebCryptoKeyUsageEncrypt, |
1219 &key)); | 1440 &key)); |
1220 | 1441 |
1221 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK | 1442 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
1222 // value (sign|verify) | 1443 // value (sign|verify) |
1223 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | | 1444 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | |
1224 blink::WebCryptoKeyUsageVerify; | 1445 blink::WebCryptoKeyUsageVerify; |
1225 EXPECT_STATUS( | 1446 EXPECT_STATUS( |
1226 Status::ErrorJwkUsageInconsistent(), | 1447 Status::ErrorJwkUseInconsistent(), |
1227 ImportKeyJwk( | 1448 ImportKeyJwk( |
1228 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); | 1449 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); |
1229 | 1450 |
1230 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, | 1451 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, |
1231 // only certain alg values are permitted. For example, when kty = "RSA" alg | 1452 // only certain alg values are permitted. For example, when kty = "RSA" alg |
1232 // must be of the RSA family, or when kty = "oct" alg must be symmetric | 1453 // must be of the RSA family, or when kty = "oct" alg must be symmetric |
1233 // algorithm. | 1454 // algorithm. |
1455 | |
1456 // TODO(padolph): key_ops consistency tests | |
1234 } | 1457 } |
1235 | 1458 |
1236 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { | 1459 TEST_F(SharedCryptoTest, MAYBE(ImportJwkHappy)) { |
1237 | 1460 |
1238 // This test verifies the happy path of JWK import, including the application | 1461 // This test verifies the happy path of JWK import, including the application |
1239 // of the imported key material. | 1462 // of the imported key material. |
1240 | 1463 |
1241 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1464 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1242 bool extractable = false; | 1465 bool extractable = false; |
1243 blink::WebCryptoAlgorithm algorithm = | 1466 blink::WebCryptoAlgorithm algorithm = |
1244 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | 1467 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
1245 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; | 1468 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageSign; |
1246 | 1469 |
1247 // Import a symmetric key JWK and HMAC-SHA256 sign() | 1470 // Import a symmetric key JWK and HMAC-SHA256 sign() |
1248 // Uses the first SHA256 test vector from the HMAC sample set above. | 1471 // Uses the first SHA256 test vector from the HMAC sample set above. |
1249 | 1472 |
1250 base::DictionaryValue dict; | 1473 base::DictionaryValue dict; |
1251 dict.SetString("kty", "oct"); | 1474 dict.SetString("kty", "oct"); |
1252 dict.SetString("alg", "HS256"); | 1475 dict.SetString("alg", "HS256"); |
1253 dict.SetString("use", "sig"); | 1476 dict.SetString("use", "sig"); |
1254 dict.SetBoolean("extractable", false); | 1477 dict.SetBoolean("ext", false); |
1255 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | 1478 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
1256 | 1479 |
1257 ASSERT_STATUS_SUCCESS( | 1480 ASSERT_STATUS_SUCCESS( |
1258 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); | 1481 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); |
1259 | 1482 |
1260 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 1483 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
1261 key.algorithm().hmacParams()->hash().id()); | 1484 key.algorithm().hmacParams()->hash().id()); |
1262 | 1485 |
1263 const std::vector<uint8> message_raw = HexStringToBytes( | 1486 const std::vector<uint8> message_raw = HexStringToBytes( |
1264 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | 1487 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
1265 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | 1488 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
1266 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | 1489 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
1267 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | 1490 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
1268 | 1491 |
1269 blink::WebArrayBuffer output; | 1492 blink::WebArrayBuffer output; |
1270 | 1493 |
1271 ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), | 1494 ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), |
1272 key, | 1495 key, |
1273 CryptoData(message_raw), | 1496 CryptoData(message_raw), |
1274 &output)); | 1497 &output)); |
1275 | 1498 |
1276 const std::string mac_raw = | 1499 const std::string mac_raw = |
1277 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1500 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1278 | 1501 |
1279 ExpectArrayBufferMatchesHex(mac_raw, output); | 1502 ExpectArrayBufferMatchesHex(mac_raw, output); |
1280 | 1503 |
1281 // TODO(padolph): Import an RSA public key JWK and use it | 1504 // TODO(padolph): Import an RSA public key JWK and use it |
1282 } | 1505 } |
1283 | 1506 |
1507 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) { | |
1508 // Raw keys are generated by openssl: | |
1509 // % openssl rand -hex <key length bytes> | |
1510 const char* const key_hex_128 = "3f1e7cd4f6f8543f6b1e16002e688623"; | |
1511 const char* const key_hex_192 = | |
1512 "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243"; | |
1513 const char* const key_hex_256 = | |
1514 "bd08286b81a74783fd1ccf46b7e05af84ee25ae021210074159e0c4d9d907692"; | |
1515 const char* const key_hex_384 = | |
1516 "a22c5441c8b185602283d64c7221de1d0951e706bfc09539435ec0e0ed614e1d406623f2" | |
1517 "b31d31819fec30993380dd82"; | |
1518 const char* const key_hex_512 = | |
1519 "5834f639000d4cf82de124fbfd26fb88d463e99f839a76ba41ac88967c80a3f61e1239a4" | |
1520 "52e573dba0750e988152988576efd75b8d0229b7aca2ada2afd392ee"; | |
1521 const blink::WebCryptoAlgorithm aes_cbc_alg = | |
1522 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | |
1523 const blink::WebCryptoAlgorithm aes_gcm_alg = | |
1524 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm); | |
1525 const blink::WebCryptoAlgorithm aes_kw_alg = | |
1526 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | |
1527 const blink::WebCryptoAlgorithm hmac_sha_1_alg = | |
1528 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1); | |
1529 const blink::WebCryptoAlgorithm hmac_sha_224_alg = | |
1530 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha224); | |
1531 const blink::WebCryptoAlgorithm hmac_sha_256_alg = | |
1532 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | |
1533 const blink::WebCryptoAlgorithm hmac_sha_384_alg = | |
1534 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha384); | |
1535 const blink::WebCryptoAlgorithm hmac_sha_512_alg = | |
1536 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha512); | |
1537 | |
1538 struct TestCase { | |
1539 const char* const key_hex; | |
1540 const blink::WebCryptoAlgorithm algorithm; | |
1541 const blink::WebCryptoKeyUsageMask usage; | |
1542 const char* const jwk_alg; | |
1543 }; | |
1544 | |
1545 // TODO(padolph): Test AES-CTR JWK export, once AES-CTR import works. | |
1546 const TestCase kTests[] = { | |
1547 // AES-CBC 128 | |
1548 {key_hex_128, aes_cbc_alg, | |
1549 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
1550 "A128CBC"}, | |
1551 // AES-CBC 192 | |
1552 {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"}, | |
1553 // AES-CBC 256 | |
1554 {key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"}, | |
1555 // AES-GCM 128 | |
1556 {key_hex_128, aes_gcm_alg, | |
1557 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
1558 "A128GCM"}, | |
1559 // AES-CGM 192 | |
1560 {key_hex_192, aes_gcm_alg, blink::WebCryptoKeyUsageEncrypt, "A192GCM"}, | |
1561 // AES-GCM 256 | |
1562 {key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"}, | |
1563 // AES-KW 128 | |
1564 {key_hex_128, aes_kw_alg, | |
1565 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
1566 "A128KW"}, | |
1567 // AES-KW 192 | |
1568 {key_hex_192, aes_kw_alg, | |
1569 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
1570 "A192KW"}, | |
1571 // AES-KW 256 | |
1572 {key_hex_256, aes_kw_alg, | |
1573 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
1574 "A256KW"}, | |
1575 // HMAC SHA-1 | |
1576 {key_hex_256, hmac_sha_1_alg, | |
1577 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS1"}, | |
1578 // HMAC SHA-224 | |
1579 {key_hex_256, hmac_sha_224_alg, | |
1580 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS224"}, | |
1581 // HMAC SHA-384 | |
1582 {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"}, | |
1583 // HMAC SHA-512 | |
1584 {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"}, | |
1585 // Large usage value | |
1586 {key_hex_256, aes_cbc_alg, | |
1587 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | |
1588 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
1589 "A256CBC"}, | |
1590 // Zero usage value | |
1591 {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, }; | |
1592 | |
1593 // Round-trip import/export each key. | |
1594 | |
1595 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
1596 blink::WebArrayBuffer json; | |
1597 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | |
1598 ++test_index) { | |
1599 SCOPED_TRACE(test_index); | |
1600 const TestCase& test = kTests[test_index]; | |
1601 | |
1602 // Import a raw key. | |
1603 key = ImportSecretKeyFromRaw( | |
1604 HexStringToBytes(test.key_hex), test.algorithm, test.usage); | |
1605 | |
1606 // Export the key in JWK format and validate. | |
1607 ASSERT_STATUS_SUCCESS(ExportKeyJwk(key, &json)); | |
1608 EXPECT_TRUE( | |
1609 VerifySymmetricJwk(json, test.jwk_alg, test.key_hex, test.usage)); | |
1610 | |
1611 // Import the JWK-formatted key. | |
1612 ASSERT_STATUS_SUCCESS( | |
1613 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key)); | |
1614 EXPECT_TRUE(key.handle()); | |
1615 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
1616 EXPECT_EQ(test.algorithm.id(), key.algorithm().id()); | |
1617 EXPECT_EQ(true, key.extractable()); | |
1618 EXPECT_EQ(test.usage, key.usages()); | |
1619 | |
1620 // Export the key in raw format and compare to the original. | |
1621 blink::WebArrayBuffer key_raw_out; | |
1622 ASSERT_STATUS_SUCCESS( | |
1623 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | |
1624 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out); | |
1625 } | |
1626 } | |
1627 | |
1284 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1628 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
1285 // Passing case: Import a valid RSA key in SPKI format. | 1629 // Passing case: Import a valid RSA key in SPKI format. |
1286 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1630 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1287 ASSERT_STATUS_SUCCESS( | 1631 ASSERT_STATUS_SUCCESS( |
1288 ImportKey(blink::WebCryptoKeyFormatSpki, | 1632 ImportKey(blink::WebCryptoKeyFormatSpki, |
1289 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1633 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1290 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1634 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1291 true, | 1635 true, |
1292 blink::WebCryptoKeyUsageEncrypt, | 1636 blink::WebCryptoKeyUsageEncrypt, |
1293 &key)); | 1637 &key)); |
(...skipping 1010 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2304 test_cipher_text, | 2648 test_cipher_text, |
2305 test_authentication_tag, | 2649 test_authentication_tag, |
2306 &plain_text)); | 2650 &plain_text)); |
2307 } | 2651 } |
2308 } | 2652 } |
2309 } | 2653 } |
2310 | 2654 |
2311 } // namespace webcrypto | 2655 } // namespace webcrypto |
2312 | 2656 |
2313 } // namespace content | 2657 } // namespace content |
OLD | NEW |