| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 344 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 355 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm( | 355 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm( |
| 356 unsigned short key_length_bits) { | 356 unsigned short key_length_bits) { |
| 357 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw, | 357 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw, |
| 358 key_length_bits); | 358 key_length_bits); |
| 359 } | 359 } |
| 360 | 360 |
| 361 // The following key pair is comprised of the SPKI (public key) and PKCS#8 | 361 // The following key pair is comprised of the SPKI (public key) and PKCS#8 |
| 362 // (private key) representations of the key pair provided in Example 1 of the | 362 // (private key) representations of the key pair provided in Example 1 of the |
| 363 // NIST test vectors at | 363 // NIST test vectors at |
| 364 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt | 364 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt |
| 365 const unsigned int kModulusLength = 1024; | 365 const unsigned int kModulusLengthBits = 1024; |
| 366 const char* const kPublicKeySpkiDerHex = | 366 const char* const kPublicKeySpkiDerHex = |
| 367 "30819f300d06092a864886f70d010101050003818d0030818902818100a5" | 367 "30819f300d06092a864886f70d010101050003818d0030818902818100a5" |
| 368 "6e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad9" | 368 "6e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad9" |
| 369 "91d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfc" | 369 "91d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfc" |
| 370 "e0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e" | 370 "e0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e" |
| 371 "6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cf" | 371 "6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cf" |
| 372 "fb2249bd9a21370203010001"; | 372 "fb2249bd9a21370203010001"; |
| 373 const char* const kPrivateKeyPkcs8DerHex = | 373 const char* const kPrivateKeyPkcs8DerHex = |
| 374 "30820275020100300d06092a864886f70d01010105000482025f3082025b" | 374 "30820275020100300d06092a864886f70d01010105000482025f3082025b" |
| 375 "02010002818100a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52" | 375 "02010002818100a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52" |
| (...skipping 916 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1292 ImportKey(blink::WebCryptoKeyFormatSpki, | 1292 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1293 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1293 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 1294 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1294 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| 1295 true, | 1295 true, |
| 1296 blink::WebCryptoKeyUsageEncrypt, | 1296 blink::WebCryptoKeyUsageEncrypt, |
| 1297 &key)); | 1297 &key)); |
| 1298 EXPECT_TRUE(key.handle()); | 1298 EXPECT_TRUE(key.handle()); |
| 1299 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1299 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
| 1300 EXPECT_TRUE(key.extractable()); | 1300 EXPECT_TRUE(key.extractable()); |
| 1301 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1301 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
| 1302 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); | 1302 EXPECT_EQ(kModulusLengthBits, |
| 1303 key.algorithm().rsaParams()->modulusLengthBits()); |
| 1303 ExpectCryptoDataMatchesHex( | 1304 ExpectCryptoDataMatchesHex( |
| 1304 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | 1305 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); |
| 1305 | 1306 |
| 1306 // Failing case: Empty SPKI data | 1307 // Failing case: Empty SPKI data |
| 1307 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1308 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
| 1308 ImportKey(blink::WebCryptoKeyFormatSpki, | 1309 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1309 CryptoData(std::vector<uint8>()), | 1310 CryptoData(std::vector<uint8>()), |
| 1310 blink::WebCryptoAlgorithm::createNull(), | 1311 blink::WebCryptoAlgorithm::createNull(), |
| 1311 true, | 1312 true, |
| 1312 blink::WebCryptoKeyUsageEncrypt, | 1313 blink::WebCryptoKeyUsageEncrypt, |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1377 blink::WebCryptoAlgorithmIdSha1), | 1378 blink::WebCryptoAlgorithmIdSha1), |
| 1378 true, | 1379 true, |
| 1379 blink::WebCryptoKeyUsageSign, | 1380 blink::WebCryptoKeyUsageSign, |
| 1380 &key)); | 1381 &key)); |
| 1381 EXPECT_TRUE(key.handle()); | 1382 EXPECT_TRUE(key.handle()); |
| 1382 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1383 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
| 1383 EXPECT_TRUE(key.extractable()); | 1384 EXPECT_TRUE(key.extractable()); |
| 1384 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1385 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
| 1385 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 1386 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 1386 key.algorithm().rsaHashedParams()->hash().id()); | 1387 key.algorithm().rsaHashedParams()->hash().id()); |
| 1387 EXPECT_EQ(kModulusLength, | 1388 EXPECT_EQ(kModulusLengthBits, |
| 1388 key.algorithm().rsaHashedParams()->modulusLengthBits()); | 1389 key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 1389 ExpectCryptoDataMatchesHex( | 1390 ExpectCryptoDataMatchesHex( |
| 1390 "010001", | 1391 "010001", |
| 1391 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); | 1392 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); |
| 1392 | 1393 |
| 1393 // Failing case: Empty PKCS#8 data | 1394 // Failing case: Empty PKCS#8 data |
| 1394 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1395 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
| 1395 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1396 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 1396 CryptoData(std::vector<uint8>()), | 1397 CryptoData(std::vector<uint8>()), |
| 1397 blink::WebCryptoAlgorithm::createNull(), | 1398 blink::WebCryptoAlgorithm::createNull(), |
| (...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1589 HexStringToBytes(kPublicKeySpkiDerHex), | 1590 HexStringToBytes(kPublicKeySpkiDerHex), |
| 1590 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 1591 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
| 1591 algorithm, | 1592 algorithm, |
| 1592 false, | 1593 false, |
| 1593 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1594 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 1594 &public_key, | 1595 &public_key, |
| 1595 &private_key); | 1596 &private_key); |
| 1596 | 1597 |
| 1597 // Make a maximum-length data message. RSAES can operate on messages up to | 1598 // Make a maximum-length data message. RSAES can operate on messages up to |
| 1598 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1599 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
| 1599 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1600 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; |
| 1600 // There are two hex chars for each byte. | 1601 // There are two hex chars for each byte. |
| 1601 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; | 1602 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; |
| 1602 char max_data_hex[kMsgHexSize + 1]; | 1603 char max_data_hex[kMsgHexSize + 1]; |
| 1603 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | 1604 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
| 1604 max_data_hex[kMsgHexSize] = '\0'; | 1605 max_data_hex[kMsgHexSize] = '\0'; |
| 1605 | 1606 |
| 1606 // Verify encrypt / decrypt round trip on a few messages. Note that RSA | 1607 // Verify encrypt / decrypt round trip on a few messages. Note that RSA |
| 1607 // encryption does not support empty input. | 1608 // encryption does not support empty input. |
| 1608 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1609 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 1609 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", | 1610 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", |
| 1610 max_data_hex}; | 1611 max_data_hex}; |
| 1611 blink::WebArrayBuffer encrypted_data; | 1612 blink::WebArrayBuffer encrypted_data; |
| 1612 blink::WebArrayBuffer decrypted_data; | 1613 blink::WebArrayBuffer decrypted_data; |
| 1613 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | 1614 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
| 1614 SCOPED_TRACE(i); | 1615 SCOPED_TRACE(i); |
| 1615 EXPECT_STATUS_SUCCESS(Encrypt(algorithm, | 1616 EXPECT_STATUS_SUCCESS(Encrypt(algorithm, |
| 1616 public_key, | 1617 public_key, |
| 1617 CryptoData(HexStringToBytes(kTestDataHex[i])), | 1618 CryptoData(HexStringToBytes(kTestDataHex[i])), |
| 1618 &encrypted_data)); | 1619 &encrypted_data)); |
| 1619 EXPECT_EQ(kModulusLength / 8, encrypted_data.byteLength()); | 1620 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength()); |
| 1620 ASSERT_STATUS_SUCCESS(Decrypt( | 1621 ASSERT_STATUS_SUCCESS(Decrypt( |
| 1621 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | 1622 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
| 1622 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); | 1623 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); |
| 1623 } | 1624 } |
| 1624 } | 1625 } |
| 1625 | 1626 |
| 1626 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { | 1627 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { |
| 1627 scoped_ptr<base::Value> json; | 1628 scoped_ptr<base::Value> json; |
| 1628 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); | 1629 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
| 1629 base::DictionaryValue* test = NULL; | 1630 base::DictionaryValue* test = NULL; |
| (...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1707 | 1708 |
| 1708 // Fail encrypt with empty message. | 1709 // Fail encrypt with empty message. |
| 1709 EXPECT_STATUS(Status::Error(), | 1710 EXPECT_STATUS(Status::Error(), |
| 1710 Encrypt(algorithm, | 1711 Encrypt(algorithm, |
| 1711 public_key, | 1712 public_key, |
| 1712 CryptoData(std::vector<uint8>()), | 1713 CryptoData(std::vector<uint8>()), |
| 1713 &encrypted_data)); | 1714 &encrypted_data)); |
| 1714 | 1715 |
| 1715 // Fail encrypt with message too large. RSAES can operate on messages up to | 1716 // Fail encrypt with message too large. RSAES can operate on messages up to |
| 1716 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1717 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
| 1717 const unsigned int kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1718 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; |
| 1718 EXPECT_STATUS( | 1719 EXPECT_STATUS( |
| 1719 Status::ErrorDataTooLarge(), | 1720 Status::ErrorDataTooLarge(), |
| 1720 Encrypt(algorithm, | 1721 Encrypt(algorithm, |
| 1721 public_key, | 1722 public_key, |
| 1722 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), | 1723 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), |
| 1723 &encrypted_data)); | 1724 &encrypted_data)); |
| 1724 | 1725 |
| 1725 // Generate encrypted data. | 1726 // Generate encrypted data. |
| 1726 EXPECT_STATUS( | 1727 EXPECT_STATUS( |
| 1727 Status::Success(), | 1728 Status::Success(), |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1803 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | 1804 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
| 1804 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, | 1805 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, |
| 1805 public_key, | 1806 public_key, |
| 1806 CryptoData(corrupt_sig), | 1807 CryptoData(corrupt_sig), |
| 1807 CryptoData(data), | 1808 CryptoData(data), |
| 1808 &signature_match)); | 1809 &signature_match)); |
| 1809 EXPECT_FALSE(signature_match); | 1810 EXPECT_FALSE(signature_match); |
| 1810 | 1811 |
| 1811 // Ensure signatures that are greater than the modulus size fail. | 1812 // Ensure signatures that are greater than the modulus size fail. |
| 1812 const unsigned int long_message_size_bytes = 1024; | 1813 const unsigned int long_message_size_bytes = 1024; |
| 1813 DCHECK_GT(long_message_size_bytes, kModulusLength / 8); | 1814 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); |
| 1814 const unsigned char kLongSignature[long_message_size_bytes] = {0}; | 1815 const unsigned char kLongSignature[long_message_size_bytes] = {0}; |
| 1815 EXPECT_STATUS_SUCCESS( | 1816 EXPECT_STATUS_SUCCESS( |
| 1816 VerifySignature(algorithm, | 1817 VerifySignature(algorithm, |
| 1817 public_key, | 1818 public_key, |
| 1818 CryptoData(kLongSignature, sizeof(kLongSignature)), | 1819 CryptoData(kLongSignature, sizeof(kLongSignature)), |
| 1819 CryptoData(data), | 1820 CryptoData(data), |
| 1820 &signature_match)); | 1821 &signature_match)); |
| 1821 EXPECT_FALSE(signature_match); | 1822 EXPECT_FALSE(signature_match); |
| 1822 | 1823 |
| 1823 // Ensure that verifying using a private key, rather than a public key, fails. | 1824 // Ensure that verifying using a private key, rather than a public key, fails. |
| (...skipping 475 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2299 test_iv, | 2300 test_iv, |
| 2300 test_additional_data, | 2301 test_additional_data, |
| 2301 wrong_tag_size_bits, | 2302 wrong_tag_size_bits, |
| 2302 test_cipher_text, | 2303 test_cipher_text, |
| 2303 test_authentication_tag, | 2304 test_authentication_tag, |
| 2304 &plain_text)); | 2305 &plain_text)); |
| 2305 } | 2306 } |
| 2306 } | 2307 } |
| 2307 } | 2308 } |
| 2308 | 2309 |
| 2310 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { |
| 2311 scoped_ptr<base::Value> json; |
| 2312 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
| 2313 base::DictionaryValue* test = NULL; |
| 2314 ASSERT_TRUE(json->GetAsDictionary(&test)); |
| 2315 const std::vector<uint8> rsa_spki_der = |
| 2316 GetBytesFromHexString(test, "rsa_spki_der"); |
| 2317 const std::vector<uint8> rsa_pkcs8_der = |
| 2318 GetBytesFromHexString(test, "rsa_pkcs8_der"); |
| 2319 const std::vector<uint8> ciphertext = |
| 2320 GetBytesFromHexString(test, "ciphertext"); |
| 2321 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); |
| 2322 blink::WebCryptoAlgorithm key_algorithm = |
| 2323 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
| 2324 |
| 2325 // Import the RSA key pair. |
| 2326 blink::WebCryptoAlgorithm algorithm = |
| 2327 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 2328 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2329 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2330 ImportRsaKeyPair( |
| 2331 rsa_spki_der, |
| 2332 rsa_pkcs8_der, |
| 2333 algorithm, |
| 2334 false, |
| 2335 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 2336 &public_key, |
| 2337 &private_key); |
| 2338 |
| 2339 // Import the symmetric key. |
| 2340 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2341 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2342 CryptoData(cleartext), |
| 2343 key_algorithm, |
| 2344 true, |
| 2345 blink::WebCryptoKeyUsageSign, |
| 2346 &key)); |
| 2347 |
| 2348 // Wrap the symmetric key with raw format. |
| 2349 blink::WebArrayBuffer wrapped_key; |
| 2350 ASSERT_STATUS_SUCCESS(WrapKey( |
| 2351 blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); |
| 2352 |
| 2353 // Unwrap the wrapped key. |
| 2354 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
| 2355 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2356 CryptoData(wrapped_key), |
| 2357 private_key, |
| 2358 algorithm, |
| 2359 key_algorithm, |
| 2360 true, |
| 2361 blink::WebCryptoKeyUsageSign, |
| 2362 &unwrapped_key)); |
| 2363 EXPECT_FALSE(key.isNull()); |
| 2364 EXPECT_TRUE(key.handle()); |
| 2365 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
| 2366 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); |
| 2367 EXPECT_EQ(true, key.extractable()); |
| 2368 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
| 2369 |
| 2370 // Export the new key and compare its raw bytes with the original known data. |
| 2371 blink::WebArrayBuffer raw_key; |
| 2372 EXPECT_STATUS_SUCCESS( |
| 2373 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
| 2374 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); |
| 2375 |
| 2376 // Unwrap the known wrapped key and compare to the known cleartext. |
| 2377 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2378 CryptoData(ciphertext), |
| 2379 private_key, |
| 2380 algorithm, |
| 2381 key_algorithm, |
| 2382 true, |
| 2383 blink::WebCryptoKeyUsageSign, |
| 2384 &unwrapped_key)); |
| 2385 EXPECT_STATUS_SUCCESS( |
| 2386 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
| 2387 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); |
| 2388 } |
| 2389 |
| 2390 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { |
| 2391 const std::vector<uint8> data(64, 0); |
| 2392 blink::WebCryptoAlgorithm key_algorithm = |
| 2393 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
| 2394 |
| 2395 // Import the RSA key pair. |
| 2396 blink::WebCryptoAlgorithm wrapping_algorithm = |
| 2397 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 2398 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2399 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2400 ImportRsaKeyPair( |
| 2401 HexStringToBytes(kPublicKeySpkiDerHex), |
| 2402 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
| 2403 wrapping_algorithm, |
| 2404 false, |
| 2405 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 2406 &public_key, |
| 2407 &private_key); |
| 2408 |
| 2409 // Import the symmetric key. |
| 2410 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2411 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2412 CryptoData(data), |
| 2413 key_algorithm, |
| 2414 true, |
| 2415 blink::WebCryptoKeyUsageSign, |
| 2416 &key)); |
| 2417 |
| 2418 // Wrapping with a private key should fail. |
| 2419 blink::WebArrayBuffer wrapped_key; |
| 2420 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
| 2421 WrapKey(blink::WebCryptoKeyFormatRaw, |
| 2422 private_key, |
| 2423 key, |
| 2424 wrapping_algorithm, |
| 2425 &wrapped_key)); |
| 2426 |
| 2427 // Wrapping a key whose raw keying material is too large for the wrapping key |
| 2428 // should fail. |
| 2429 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet |
| 2430 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a |
| 2431 // big piece of data here that fails both of these criteria, so it can be used |
| 2432 // for both wrap and unwrap negative tests below. |
| 2433 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0); |
| 2434 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); |
| 2435 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2436 CryptoData(big_data), |
| 2437 key_algorithm, |
| 2438 true, |
| 2439 blink::WebCryptoKeyUsageSign, |
| 2440 &big_key)); |
| 2441 EXPECT_STATUS(Status::ErrorDataTooLarge(), |
| 2442 WrapKey(blink::WebCryptoKeyFormatRaw, |
| 2443 public_key, |
| 2444 big_key, |
| 2445 wrapping_algorithm, |
| 2446 &wrapped_key)); |
| 2447 |
| 2448 // Unwrapping with a public key should fail. |
| 2449 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
| 2450 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), |
| 2451 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2452 CryptoData(data), |
| 2453 public_key, |
| 2454 wrapping_algorithm, |
| 2455 key_algorithm, |
| 2456 true, |
| 2457 blink::WebCryptoKeyUsageSign, |
| 2458 &unwrapped_key)); |
| 2459 |
| 2460 // Unwrapping empty data should fail. |
| 2461 const std::vector<uint8> emtpy_data; |
| 2462 EXPECT_STATUS(Status::ErrorDataTooSmall(), |
| 2463 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2464 CryptoData(emtpy_data), |
| 2465 private_key, |
| 2466 wrapping_algorithm, |
| 2467 key_algorithm, |
| 2468 true, |
| 2469 blink::WebCryptoKeyUsageSign, |
| 2470 &unwrapped_key)); |
| 2471 |
| 2472 // Unwapping data too large for the wrapping key should fail. |
| 2473 EXPECT_STATUS(Status::ErrorDataTooLarge(), |
| 2474 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2475 CryptoData(big_data), |
| 2476 private_key, |
| 2477 wrapping_algorithm, |
| 2478 key_algorithm, |
| 2479 true, |
| 2480 blink::WebCryptoKeyUsageSign, |
| 2481 &unwrapped_key)); |
| 2482 } |
| 2483 |
| 2309 } // namespace webcrypto | 2484 } // namespace webcrypto |
| 2310 | 2485 |
| 2311 } // namespace content | 2486 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 188363002:
[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wcAesKw_nss1