Index: content/child/webcrypto/shared_crypto_unittest.cc |
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc |
index c21289ee940446212a5e7258791e113fcc0da479..b0960ca9170a1065b0be38c3b3fc480716575d38 100644 |
--- a/content/child/webcrypto/shared_crypto_unittest.cc |
+++ b/content/child/webcrypto/shared_crypto_unittest.cc |
@@ -2308,6 +2308,175 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
} |
} |
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { |
+ scoped_ptr<base::Value> json; |
+ ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
+ base::DictionaryValue* test = NULL; |
+ ASSERT_TRUE(json->GetAsDictionary(&test)); |
+ const std::vector<uint8> rsa_spki_der = |
+ GetBytesFromHexString(test, "rsa_spki_der"); |
+ const std::vector<uint8> rsa_pkcs8_der = |
+ GetBytesFromHexString(test, "rsa_pkcs8_der"); |
+ const std::vector<uint8> ciphertext = |
+ GetBytesFromHexString(test, "ciphertext"); |
+ const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); |
+ blink::WebCryptoAlgorithm key_algorithm = |
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
+ |
+ // Import the RSA key pair. |
+ blink::WebCryptoAlgorithm algorithm = |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
+ blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
+ ImportRsaKeyPair( |
+ rsa_spki_der, |
+ rsa_pkcs8_der, |
+ algorithm, |
+ false, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
+ &public_key, |
+ &private_key); |
+ |
+ // Import the symmetric key. |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(cleartext), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
+ |
+ // Wrap the symmetric key with raw format. |
+ blink::WebArrayBuffer wrapped_key; |
+ ASSERT_STATUS_SUCCESS(WrapKey( |
+ blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); |
+ |
+ // Unwrap the wrapped key. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(wrapped_key), |
+ private_key, |
+ algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ EXPECT_FALSE(key.isNull()); |
+ EXPECT_TRUE(key.handle()); |
+ EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
+ EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); |
+ EXPECT_EQ(true, key.extractable()); |
+ EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
+ |
+ // Export the new key and compare its raw bytes with the original known data. |
+ blink::WebArrayBuffer raw_key; |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
+ EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); |
+ |
+ // Unwrap the known wrapped key and compare to the known cleartext. |
+ ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(ciphertext), |
+ private_key, |
+ algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ EXPECT_STATUS_SUCCESS( |
+ ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
+ EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); |
+} |
+ |
+TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { |
+ const std::vector<uint8> data(64, 0); |
+ blink::WebCryptoAlgorithm key_algorithm = |
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
+ |
+ // Import the RSA key pair. |
+ blink::WebCryptoAlgorithm wrapping_algorithm = |
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
+ blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
+ blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
+ ImportRsaKeyPair( |
+ HexStringToBytes(kPublicKeySpkiDerHex), |
+ HexStringToBytes(kPrivateKeyPkcs8DerHex), |
+ wrapping_algorithm, |
+ false, |
+ blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
+ &public_key, |
+ &private_key); |
+ |
+ // Import the symmetric key. |
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(data), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &key)); |
+ |
+ // Wrapping with a private key should fail. |
+ blink::WebArrayBuffer wrapped_key; |
+ EXPECT_STATUS_ERROR(WrapKey(blink::WebCryptoKeyFormatRaw, |
eroman
2014/03/10 21:35:57
Can you change the assertion to be the specific er
padolph
2014/03/10 23:50:01
Done.
|
+ private_key, |
+ key, |
+ wrapping_algorithm, |
+ &wrapped_key)); |
+ |
+ // Wrapping a key whose raw keying material is too large for the wrapping key |
+ // should fail. |
+ // The max allowed data size for RSA wrapping is the modulus length - 11 |
+ // bytes. |
+ const std::vector<uint8> big_data(kModulusLength, 0); |
eroman
2014/03/10 21:35:57
This is a bit confusing --> kModulusLength is a bi
padolph
2014/03/10 23:50:01
Oops, sorry. Fixed.
|
+ blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); |
+ ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(big_data), |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &big_key)); |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ WrapKey(blink::WebCryptoKeyFormatRaw, |
+ public_key, |
+ big_key, |
+ wrapping_algorithm, |
+ &wrapped_key)); |
+ |
+ // Unwrapping with a public key should fail. |
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
+ EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
eroman
2014/03/10 21:35:57
Same comment, can this test the exact error messag
padolph
2014/03/10 23:50:01
Done.
|
+ CryptoData(data), |
+ public_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ |
+ // Unwrapping empty data should fail. |
+ const std::vector<uint8> emtpy_data; |
+ EXPECT_STATUS_ERROR(UnwrapKey(blink::WebCryptoKeyFormatRaw, |
eroman
2014/03/10 21:35:57
Ditto.
padolph
2014/03/10 23:50:01
Done.
|
+ CryptoData(emtpy_data), |
+ private_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+ |
+ // Unwapping data too large for the wrapping key should fail. |
+ EXPECT_STATUS(Status::ErrorDataTooLarge(), |
+ UnwrapKey(blink::WebCryptoKeyFormatRaw, |
+ CryptoData(big_data), |
+ private_key, |
+ wrapping_algorithm, |
+ key_algorithm, |
+ true, |
+ blink::WebCryptoKeyUsageSign, |
+ &unwrapped_key)); |
+} |
+ |
} // namespace webcrypto |
} // namespace content |