| Index: content/renderer/webcrypto/shared_crypto_unittest.cc
|
| diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| index 9cb03463207025e413c56bd23bc90f08c240a667..4b58b9b1ad081a779dbf79d26c18a9cc4f99633e 100644
|
| --- a/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| +++ b/content/renderer/webcrypto/shared_crypto_unittest.cc
|
| @@ -146,7 +146,7 @@ void ExpectArrayBufferMatches(const std::vector<uint8>& expected,
|
| }
|
|
|
| void ExpectArrayBufferNotMatch(const std::vector<uint8>& expected,
|
| - const blink::WebArrayBuffer& actual) {
|
| + const blink::WebArrayBuffer& actual) {
|
| EXPECT_NE(
|
| base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()),
|
| base::HexEncode(actual.data(), actual.byteLength()));
|
| @@ -2315,6 +2315,175 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
|
| }
|
| }
|
|
|
| +TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) {
|
| + scoped_ptr<base::Value> json;
|
| + ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
|
| + base::DictionaryValue* test = NULL;
|
| + ASSERT_TRUE(json->GetAsDictionary(&test));
|
| + const std::vector<uint8> rsa_spki_der =
|
| + GetBytesFromHexString(test, "rsa_spki_der");
|
| + const std::vector<uint8> rsa_pkcs8_der =
|
| + GetBytesFromHexString(test, "rsa_pkcs8_der");
|
| + const std::vector<uint8> ciphertext =
|
| + GetBytesFromHexString(test, "ciphertext");
|
| + const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext");
|
| + blink::WebCryptoAlgorithm key_algorithm =
|
| + CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
|
| +
|
| + // Import the RSA key pair.
|
| + blink::WebCryptoAlgorithm algorithm =
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| + blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
|
| + blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
|
| + ImportRsaKeyPair(
|
| + rsa_spki_der,
|
| + rsa_pkcs8_der,
|
| + algorithm,
|
| + false,
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
|
| + &public_key,
|
| + &private_key);
|
| +
|
| + // Import the symmetric key.
|
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| + ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(cleartext),
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
| +
|
| + // Wrap the symmetric key with raw format.
|
| + blink::WebArrayBuffer wrapped_key;
|
| + ASSERT_STATUS_SUCCESS(WrapKey(
|
| + blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key));
|
| +
|
| + // Unwrap the wrapped key.
|
| + blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
|
| + ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(wrapped_key),
|
| + private_key,
|
| + algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &unwrapped_key));
|
| + EXPECT_FALSE(key.isNull());
|
| + EXPECT_TRUE(key.handle());
|
| + EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
|
| + EXPECT_EQ(key_algorithm.id(), key.algorithm().id());
|
| + EXPECT_EQ(true, key.extractable());
|
| + EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
|
| +
|
| + // Export the new key and compare its raw bytes with the original known data.
|
| + blink::WebArrayBuffer raw_key;
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
|
| + ExpectArrayBufferMatches(cleartext, raw_key);
|
| +
|
| + // Unwrap the known wrapped key and compare to the known cleartext.
|
| + ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(ciphertext),
|
| + private_key,
|
| + algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &unwrapped_key));
|
| + EXPECT_STATUS_SUCCESS(
|
| + ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
|
| + ExpectArrayBufferMatches(cleartext, raw_key);
|
| +}
|
| +
|
| +TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) {
|
| + const std::vector<uint8> data(64, 0);
|
| + blink::WebCryptoAlgorithm key_algorithm =
|
| + CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
|
| +
|
| + // Import the RSA key pair.
|
| + blink::WebCryptoAlgorithm wrapping_algorithm =
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
|
| + blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
|
| + blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
|
| + ImportRsaKeyPair(
|
| + HexStringToBytes(kPublicKeySpkiDerHex),
|
| + HexStringToBytes(kPrivateKeyPkcs8DerHex),
|
| + wrapping_algorithm,
|
| + false,
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
|
| + &public_key,
|
| + &private_key);
|
| +
|
| + // Import the symmetric key.
|
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| + ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(data),
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &key));
|
| +
|
| + // Wrapping with a private key should fail.
|
| + blink::WebArrayBuffer wrapped_key;
|
| + EXPECT_STATUS_ERROR(WrapKey(blink::WebCryptoKeyFormatRaw,
|
| + private_key,
|
| + key,
|
| + wrapping_algorithm,
|
| + &wrapped_key));
|
| +
|
| + // Wrapping a key whose raw keying material is too large for the wrapping key
|
| + // should fail.
|
| + // The max allowed data size for RSA wrapping is the modulus length - 11
|
| + // bytes.
|
| + const std::vector<uint8> big_data(kModulusLength, 0);
|
| + blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull();
|
| + ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(big_data),
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &big_key));
|
| + EXPECT_STATUS(Status::ErrorDataTooLarge(),
|
| + WrapKey(blink::WebCryptoKeyFormatRaw,
|
| + public_key,
|
| + big_key,
|
| + wrapping_algorithm,
|
| + &wrapped_key));
|
| +
|
| + // Unwrapping with a public key should fail.
|
| + blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
|
| + EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(data),
|
| + public_key,
|
| + wrapping_algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &unwrapped_key));
|
| +
|
| + // Unwrapping empty data should fail.
|
| + const std::vector<uint8> emtpy_data;
|
| + EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(emtpy_data),
|
| + private_key,
|
| + wrapping_algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &unwrapped_key));
|
| +
|
| + // Unwapping data too large for the wrapping key should fail.
|
| + EXPECT_STATUS(Status::ErrorDataTooLarge(),
|
| + UnwrapKey(blink::WebCryptoKeyFormatRaw,
|
| + CryptoData(big_data),
|
| + private_key,
|
| + wrapping_algorithm,
|
| + key_algorithm,
|
| + true,
|
| + blink::WebCryptoKeyUsageSign,
|
| + &unwrapped_key));
|
| +}
|
| +
|
| } // namespace webcrypto
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 188363002:
[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wcAesKw_nss1