Index: content/renderer/webcrypto/shared_crypto_unittest.cc |
diff --git a/content/renderer/webcrypto/shared_crypto_unittest.cc b/content/renderer/webcrypto/shared_crypto_unittest.cc |
index 9cb03463207025e413c56bd23bc90f08c240a667..4b58b9b1ad081a779dbf79d26c18a9cc4f99633e 100644 |
--- a/content/renderer/webcrypto/shared_crypto_unittest.cc |
+++ b/content/renderer/webcrypto/shared_crypto_unittest.cc |
@@ -146,7 +146,7 @@ void ExpectArrayBufferMatches(const std::vector<uint8>& expected, |
} |
void ExpectArrayBufferNotMatch(const std::vector<uint8>& expected, |
- const blink::WebArrayBuffer& actual) { |
+ const blink::WebArrayBuffer& actual) { |
EXPECT_NE( |
base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), |
base::HexEncode(actual.data(), actual.byteLength())); |
@@ -2315,6 +2315,175 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
} |
} |
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { |
+ scoped_ptr<base::Value> json; |
+ ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
+ base::DictionaryValue* test = NULL; |
+ ASSERT_TRUE(json->GetAsDictionary(&test)); |
+ const std::vector<uint8> rsa_spki_der = |
+ GetBytesFromHexString(test, "rsa_spki_der"); |
+ const std::vector<uint8> rsa_pkcs8_der = |
+ GetBytesFromHexString(test, "rsa_pkcs8_der"); |
+ const std::vector<uint8> ciphertext = |
+ GetBytesFromHexString(test, "ciphertext"); |
+ const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); |
+ blink::WebCryptoAlgorithm key_algorithm = |
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
+ |
+ // Import the RSA key pair. |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
+ blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
+ ImportRsaKeyPair( |
+ rsa_spki_der, |
+ rsa_pkcs8_der, |
+ algorithm, |
+ false, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
+ &public_key, |
+ &private_key); |
+ |
+ // Import the symmetric key. |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(cleartext), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
+ |
+ // Wrap the symmetric key with raw format. |
+ blink::WebArrayBuffer wrapped_key; |
+ ASSERT_STATUS_SUCCESS(WrapKey( |
+ blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); |
+ |
+ // Unwrap the wrapped key. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(wrapped_key), |
+ private_key, |
+ algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ EXPECT_FALSE(key.isNull()); |
+ EXPECT_TRUE(key.handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
+ EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); |
+ EXPECT_EQ(true, key.extractable()); |
+ EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
+ |
+ // Export the new key and compare its raw bytes with the original known data. |
+ blink::WebArrayBuffer raw_key; |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
+ ExpectArrayBufferMatches(cleartext, raw_key); |
+ |
+ // Unwrap the known wrapped key and compare to the known cleartext. |
+ ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(ciphertext), |
+ private_key, |
+ algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
+ ExpectArrayBufferMatches(cleartext, raw_key); |
+} |
+ |
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { |
+ const std::vector<uint8> data(64, 0); |
+ blink::WebCryptoAlgorithm key_algorithm = |
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
+ |
+ // Import the RSA key pair. |
+ blink::WebCryptoAlgorithm wrapping_algorithm = |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
+ blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
+ ImportRsaKeyPair( |
+ HexStringToBytes(kPublicKeySpkiDerHex), |
+ HexStringToBytes(kPrivateKeyPkcs8DerHex), |
+ wrapping_algorithm, |
+ false, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
+ &public_key, |
+ &private_key); |
+ |
+ // Import the symmetric key. |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(data), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
+ |
+ // Wrapping with a private key should fail. |
+ blink::WebArrayBuffer wrapped_key; |
+ EXPECT_STATUS_ERROR(WrapKey(blink::WebCryptoKeyFormatRaw, |
+ private_key, |
+ key, |
+ wrapping_algorithm, |
+ &wrapped_key)); |
+ |
+ // Wrapping a key whose raw keying material is too large for the wrapping key |
+ // should fail. |
+ // The max allowed data size for RSA wrapping is the modulus length - 11 |
+ // bytes. |
+ const std::vector<uint8> big_data(kModulusLength, 0); |
+ blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(big_data), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &big_key)); |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ WrapKey(blink::WebCryptoKeyFormatRaw, |
+ public_key, |
+ big_key, |
+ wrapping_algorithm, |
+ &wrapped_key)); |
+ |
+ // Unwrapping with a public key should fail. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(data), |
+ public_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ |
+ // Unwrapping empty data should fail. |
+ const std::vector<uint8> emtpy_data; |
+ EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(emtpy_data), |
+ private_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ |
+ // Unwapping data too large for the wrapping key should fail. |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(big_data), |
+ private_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+} |
+ |
} // namespace webcrypto |
} // namespace content |