| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/shared_crypto.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 128 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 139 } | 139 } |
| 140 | 140 |
| 141 void ExpectArrayBufferMatches(const std::vector<uint8>& expected, | 141 void ExpectArrayBufferMatches(const std::vector<uint8>& expected, |
| 142 const blink::WebArrayBuffer& actual) { | 142 const blink::WebArrayBuffer& actual) { |
| 143 EXPECT_EQ( | 143 EXPECT_EQ( |
| 144 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | 144 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), |
| 145 base::HexEncode(actual.data(), actual.byteLength())); | 145 base::HexEncode(actual.data(), actual.byteLength())); |
| 146 } | 146 } |
| 147 | 147 |
| 148 void ExpectArrayBufferNotMatch(const std::vector<uint8>& expected, | 148 void ExpectArrayBufferNotMatch(const std::vector<uint8>& expected, |
| 149 const blink::WebArrayBuffer& actual) { | 149 const blink::WebArrayBuffer& actual) { |
| 150 EXPECT_NE( | 150 EXPECT_NE( |
| 151 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | 151 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), |
| 152 base::HexEncode(actual.data(), actual.byteLength())); | 152 base::HexEncode(actual.data(), actual.byteLength())); |
| 153 } | 153 } |
| 154 | 154 |
| 155 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, | 155 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, |
| 156 const CryptoData& actual) { | 156 const CryptoData& actual) { |
| 157 EXPECT_STRCASEEQ( | 157 EXPECT_STRCASEEQ( |
| 158 expected_hex.c_str(), | 158 expected_hex.c_str(), |
| 159 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); | 159 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); |
| (...skipping 2148 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2308 test_iv, | 2308 test_iv, |
| 2309 test_additional_data, | 2309 test_additional_data, |
| 2310 wrong_tag_size_bits, | 2310 wrong_tag_size_bits, |
| 2311 test_cipher_text, | 2311 test_cipher_text, |
| 2312 test_authentication_tag, | 2312 test_authentication_tag, |
| 2313 &plain_text)); | 2313 &plain_text)); |
| 2314 } | 2314 } |
| 2315 } | 2315 } |
| 2316 } | 2316 } |
| 2317 | 2317 |
| 2318 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { |
| 2319 scoped_ptr<base::Value> json; |
| 2320 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
| 2321 base::DictionaryValue* test = NULL; |
| 2322 ASSERT_TRUE(json->GetAsDictionary(&test)); |
| 2323 const std::vector<uint8> rsa_spki_der = |
| 2324 GetBytesFromHexString(test, "rsa_spki_der"); |
| 2325 const std::vector<uint8> rsa_pkcs8_der = |
| 2326 GetBytesFromHexString(test, "rsa_pkcs8_der"); |
| 2327 const std::vector<uint8> ciphertext = |
| 2328 GetBytesFromHexString(test, "ciphertext"); |
| 2329 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); |
| 2330 blink::WebCryptoAlgorithm key_algorithm = |
| 2331 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
| 2332 |
| 2333 // Import the RSA key pair. |
| 2334 blink::WebCryptoAlgorithm algorithm = |
| 2335 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 2336 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2337 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2338 ImportRsaKeyPair( |
| 2339 rsa_spki_der, |
| 2340 rsa_pkcs8_der, |
| 2341 algorithm, |
| 2342 false, |
| 2343 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 2344 &public_key, |
| 2345 &private_key); |
| 2346 |
| 2347 // Import the symmetric key. |
| 2348 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2349 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2350 CryptoData(cleartext), |
| 2351 key_algorithm, |
| 2352 true, |
| 2353 blink::WebCryptoKeyUsageSign, |
| 2354 &key)); |
| 2355 |
| 2356 // Wrap the symmetric key with raw format. |
| 2357 blink::WebArrayBuffer wrapped_key; |
| 2358 ASSERT_STATUS_SUCCESS(WrapKey( |
| 2359 blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); |
| 2360 |
| 2361 // Unwrap the wrapped key. |
| 2362 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
| 2363 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2364 CryptoData(wrapped_key), |
| 2365 private_key, |
| 2366 algorithm, |
| 2367 key_algorithm, |
| 2368 true, |
| 2369 blink::WebCryptoKeyUsageSign, |
| 2370 &unwrapped_key)); |
| 2371 EXPECT_FALSE(key.isNull()); |
| 2372 EXPECT_TRUE(key.handle()); |
| 2373 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
| 2374 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); |
| 2375 EXPECT_EQ(true, key.extractable()); |
| 2376 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
| 2377 |
| 2378 // Export the new key and compare its raw bytes with the original known data. |
| 2379 blink::WebArrayBuffer raw_key; |
| 2380 EXPECT_STATUS_SUCCESS( |
| 2381 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
| 2382 ExpectArrayBufferMatches(cleartext, raw_key); |
| 2383 |
| 2384 // Unwrap the known wrapped key and compare to the known cleartext. |
| 2385 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2386 CryptoData(ciphertext), |
| 2387 private_key, |
| 2388 algorithm, |
| 2389 key_algorithm, |
| 2390 true, |
| 2391 blink::WebCryptoKeyUsageSign, |
| 2392 &unwrapped_key)); |
| 2393 EXPECT_STATUS_SUCCESS( |
| 2394 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
| 2395 ExpectArrayBufferMatches(cleartext, raw_key); |
| 2396 } |
| 2397 |
| 2398 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { |
| 2399 const std::vector<uint8> data(64, 0); |
| 2400 blink::WebCryptoAlgorithm key_algorithm = |
| 2401 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
| 2402 |
| 2403 // Import the RSA key pair. |
| 2404 blink::WebCryptoAlgorithm wrapping_algorithm = |
| 2405 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 2406 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2407 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2408 ImportRsaKeyPair( |
| 2409 HexStringToBytes(kPublicKeySpkiDerHex), |
| 2410 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
| 2411 wrapping_algorithm, |
| 2412 false, |
| 2413 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 2414 &public_key, |
| 2415 &private_key); |
| 2416 |
| 2417 // Import the symmetric key. |
| 2418 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2419 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2420 CryptoData(data), |
| 2421 key_algorithm, |
| 2422 true, |
| 2423 blink::WebCryptoKeyUsageSign, |
| 2424 &key)); |
| 2425 |
| 2426 // Wrapping with a private key should fail. |
| 2427 blink::WebArrayBuffer wrapped_key; |
| 2428 EXPECT_STATUS_ERROR(WrapKey(blink::WebCryptoKeyFormatRaw, |
| 2429 private_key, |
| 2430 key, |
| 2431 wrapping_algorithm, |
| 2432 &wrapped_key)); |
| 2433 |
| 2434 // Wrapping a key whose raw keying material is too large for the wrapping key |
| 2435 // should fail. |
| 2436 // The max allowed data size for RSA wrapping is the modulus length - 11 |
| 2437 // bytes. |
| 2438 const std::vector<uint8> big_data(kModulusLength, 0); |
| 2439 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); |
| 2440 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
| 2441 CryptoData(big_data), |
| 2442 key_algorithm, |
| 2443 true, |
| 2444 blink::WebCryptoKeyUsageSign, |
| 2445 &big_key)); |
| 2446 EXPECT_STATUS(Status::ErrorDataTooLarge(), |
| 2447 WrapKey(blink::WebCryptoKeyFormatRaw, |
| 2448 public_key, |
| 2449 big_key, |
| 2450 wrapping_algorithm, |
| 2451 &wrapped_key)); |
| 2452 |
| 2453 // Unwrapping with a public key should fail. |
| 2454 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
| 2455 EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2456 CryptoData(data), |
| 2457 public_key, |
| 2458 wrapping_algorithm, |
| 2459 key_algorithm, |
| 2460 true, |
| 2461 blink::WebCryptoKeyUsageSign, |
| 2462 &unwrapped_key)); |
| 2463 |
| 2464 // Unwrapping empty data should fail. |
| 2465 const std::vector<uint8> emtpy_data; |
| 2466 EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2467 CryptoData(emtpy_data), |
| 2468 private_key, |
| 2469 wrapping_algorithm, |
| 2470 key_algorithm, |
| 2471 true, |
| 2472 blink::WebCryptoKeyUsageSign, |
| 2473 &unwrapped_key)); |
| 2474 |
| 2475 // Unwapping data too large for the wrapping key should fail. |
| 2476 EXPECT_STATUS(Status::ErrorDataTooLarge(), |
| 2477 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2478 CryptoData(big_data), |
| 2479 private_key, |
| 2480 wrapping_algorithm, |
| 2481 key_algorithm, |
| 2482 true, |
| 2483 blink::WebCryptoKeyUsageSign, |
| 2484 &unwrapped_key)); |
| 2485 } |
| 2486 |
| 2318 } // namespace webcrypto | 2487 } // namespace webcrypto |
| 2319 | 2488 |
| 2320 } // namespace content | 2489 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 188363002:
[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wcAesKw_nss1