[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS.

content/child/webcrypto/shared_crypto_unittest.cc

Index: content/child/webcrypto/shared_crypto_unittest.cc
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
index c21289ee940446212a5e7258791e113fcc0da479..b0960ca9170a1065b0be38c3b3fc480716575d38 100644
--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -2308,6 +2308,175 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
   }
 }
 
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) {
+  scoped_ptr<base::Value> json;
+  ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
+  base::DictionaryValue* test = NULL;
+  ASSERT_TRUE(json->GetAsDictionary(&test));
+  const std::vector<uint8> rsa_spki_der =
+      GetBytesFromHexString(test, "rsa_spki_der");
+  const std::vector<uint8> rsa_pkcs8_der =
+      GetBytesFromHexString(test, "rsa_pkcs8_der");
+  const std::vector<uint8> ciphertext =
+      GetBytesFromHexString(test, "ciphertext");
+  const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext");
+  blink::WebCryptoAlgorithm key_algorithm =
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+
+  // Import the RSA key pair.
+  blink::WebCryptoAlgorithm algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+  blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
+  blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
+  ImportRsaKeyPair(
+      rsa_spki_der,
+      rsa_pkcs8_der,
+      algorithm,
+      false,
+      blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+      &public_key,
+      &private_key);
+
+  // Import the symmetric key.
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
+                                  CryptoData(cleartext),
+                                  key_algorithm,
+                                  true,
+                                  blink::WebCryptoKeyUsageSign,
+                                  &key));
+
+  // Wrap the symmetric key with raw format.
+  blink::WebArrayBuffer wrapped_key;
+  ASSERT_STATUS_SUCCESS(WrapKey(
+      blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key));
+
+  // Unwrap the wrapped key.
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                                  CryptoData(wrapped_key),
+                                  private_key,
+                                  algorithm,
+                                  key_algorithm,
+                                  true,
+                                  blink::WebCryptoKeyUsageSign,
+                                  &unwrapped_key));
+  EXPECT_FALSE(key.isNull());
+  EXPECT_TRUE(key.handle());
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+  EXPECT_EQ(key_algorithm.id(), key.algorithm().id());
+  EXPECT_EQ(true, key.extractable());
+  EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
+
+  // Export the new key and compare its raw bytes with the original known data.
+  blink::WebArrayBuffer raw_key;
+  EXPECT_STATUS_SUCCESS(
+      ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+  EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
+
+  // Unwrap the known wrapped key and compare to the known cleartext.
+  ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                                  CryptoData(ciphertext),
+                                  private_key,
+                                  algorithm,
+                                  key_algorithm,
+                                  true,
+                                  blink::WebCryptoKeyUsageSign,
+                                  &unwrapped_key));
+  EXPECT_STATUS_SUCCESS(
+      ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+  EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
+}
+
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) {
+  const std::vector<uint8> data(64, 0);
+  blink::WebCryptoAlgorithm key_algorithm =
+      CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
+
+  // Import the RSA key pair.
+  blink::WebCryptoAlgorithm wrapping_algorithm =
+      CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+  blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
+  blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
+  ImportRsaKeyPair(
+      HexStringToBytes(kPublicKeySpkiDerHex),
+      HexStringToBytes(kPrivateKeyPkcs8DerHex),
+      wrapping_algorithm,
+      false,
+      blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
+      &public_key,
+      &private_key);
+
+  // Import the symmetric key.
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
+                                  CryptoData(data),
+                                  key_algorithm,
+                                  true,
+                                  blink::WebCryptoKeyUsageSign,
+                                  &key));
+
+  // Wrapping with a private key should fail.
+  blink::WebArrayBuffer wrapped_key;
+  EXPECT_STATUS_ERROR(WrapKey(blink::WebCryptoKeyFormatRaw,

[eroman, 2014/03/10 21:35:57]

Can you change the assertion to be the specific error it returns?

[padolph, 2014/03/10 23:50:01]

Done.

+                              private_key,
+                              key,
+                              wrapping_algorithm,
+                              &wrapped_key));
+
+  // Wrapping a key whose raw keying material is too large for the wrapping key
+  // should fail.
+  // The max allowed data size for RSA wrapping is the modulus length - 11
+  // bytes.
+  const std::vector<uint8> big_data(kModulusLength, 0);

[eroman, 2014/03/10 21:35:57]

This is a bit confusing --> kModulusLength is a bit length. Certainly the test
is still correct (the data is larger than modulus length - 11), but this reads
funny.

I think it would be better to test an input size of kModulusLength/8.

I think it would also be a good idea to rename kModulusLength to
kModulusLengthBits to make this more clear.

[padolph, 2014/03/10 23:50:01]

Oops, sorry. Fixed.

+  blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw,
+                                  CryptoData(big_data),
+                                  key_algorithm,
+                                  true,
+                                  blink::WebCryptoKeyUsageSign,
+                                  &big_key));
+  EXPECT_STATUS(Status::ErrorDataTooLarge(),
+                WrapKey(blink::WebCryptoKeyFormatRaw,
+                        public_key,
+                        big_key,
+                        wrapping_algorithm,
+                        &wrapped_key));
+
+  // Unwrapping with a public key should fail.
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw,

[eroman, 2014/03/10 21:35:57]

Same comment, can this test the exact error message?

In other words, use EXPECT_STATUS().

I originally added EXPECT_STATUS_ERROR() because of an AES-GCM test where there
was a lot going on in a loop and I couldn't enter the exact expectation. I don't
want it used elsewhere unless necessary.

The error messages are a user visible output from these functions, so important
to test them exactly. And in fact in a spec update last week (which I haven't
incorporated yet), errors are now defined and returned in the reject() handler
of the Promise.

[padolph, 2014/03/10 23:50:01]

Done.

+                                CryptoData(data),
+                                public_key,
+                                wrapping_algorithm,
+                                key_algorithm,
+                                true,
+                                blink::WebCryptoKeyUsageSign,
+                                &unwrapped_key));
+
+  // Unwrapping empty data should fail.
+  const std::vector<uint8> emtpy_data;
+  EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw,

[eroman, 2014/03/10 21:35:57]

Ditto.

[padolph, 2014/03/10 23:50:01]

Done.

+                                CryptoData(emtpy_data),
+                                private_key,
+                                wrapping_algorithm,
+                                key_algorithm,
+                                true,
+                                blink::WebCryptoKeyUsageSign,
+                                &unwrapped_key));
+
+  // Unwapping data too large for the wrapping key should fail.
+  EXPECT_STATUS(Status::ErrorDataTooLarge(),
+                UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                          CryptoData(big_data),
+                          private_key,
+                          wrapping_algorithm,
+                          key_algorithm,
+                          true,
+                          blink::WebCryptoKeyUsageSign,
+                          &unwrapped_key));
+}
+
 }  // namespace webcrypto
 
 }  // namespace content