[webcrypto] Add JWK symmetric key AES-KW unwrap for NSS.

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 2352 matching lines @@
       "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
   EXPECT_STATUS(Status::Error(),
                 ImportKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(HexStringToBytes(key_raw_hex_in)),
                           algorithm,
                           true,
                           blink::WebCryptoKeyUsageWrapKey,
                           &key));
 }
 
+TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) {
+  // This test exercises the code path common to all unwrap operations.
+  scoped_ptr<base::ListValue> tests;
+  ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
+  base::DictionaryValue* test;
+  ASSERT_TRUE(tests->GetDictionary(0, &test));
+  const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
+  const std::vector<uint8> test_ciphertext =
+      GetBytesFromHexString(test, "ciphertext");
+
+  // Using a key that does not have unwrapKey usage should fail.
+  blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw(
+      test_kek,
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
+      blink::WebCryptoKeyUsageDecrypt);  // <-- should be UnwrapKey
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  EXPECT_STATUS(
+      Status::ErrorUnexpected(),
+      UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                CryptoData(test_ciphertext),
+                bad_wrapping_key,
+                webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
+                webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                true,
+                blink::WebCryptoKeyUsageEncrypt,
+                &unwrapped_key));
+
+  // Using a wrapping algorithm that does not match the wrapping key algorithm
+  // should fail.
+  blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+      test_kek,
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
+      blink::WebCryptoKeyUsageUnwrapKey);
+  EXPECT_STATUS(
+      Status::ErrorUnexpected(),
+      UnwrapKey(blink::WebCryptoKeyFormatRaw,
+                CryptoData(test_ciphertext),
+                wrapping_key,
+                webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+                true,
+                blink::WebCryptoKeyUsageEncrypt,
+                &unwrapped_key));
+}
+
 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
   scoped_ptr<base::ListValue> tests;
   ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
 
   for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
     SCOPED_TRACE(test_index);
     base::DictionaryValue* test;
     ASSERT_TRUE(tests->GetDictionary(test_index, &test));
     const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
     const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
@@ skipping 142 matching lines @@
       UnwrapKey(blink::WebCryptoKeyFormatRaw,
                 CryptoData(Corrupted(test_ciphertext)),
                 wrapping_key,
                 wrapping_algorithm,
                 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                 true,
                 blink::WebCryptoKeyUsageEncrypt,
                 &unwrapped_key));
 }
 
+TEST_F(SharedCryptoTest, MAYBE(AesKwJwkSymkeyUnwrapKnownData)) {
+  // The following data lists a known HMAC SHA-256 key, then a JWK
+  // representation of this key which was encrypted ("wrapped") using AES-KW and
+  // the following wrapping key.
+  // For reference, the intermediate clear JWK is
+  // {"alg":"HS256","ext":true,"k":<b64urlKey>,"key_ops":["verify"],"kty":"oct"}
+  // (Not shown is space padding to ensure the cleartext meets the size
+  // requirements of the AES-KW algorithm.)
+  const std::vector<uint8> key_data = HexStringToBytes(
+      "000102030405060708090A0B0C0D0E0F000102030405060708090A0B0C0D0E0F");
+  const std::vector<uint8> wrapped_key_data = HexStringToBytes(
+      "14E6380B35FDC5B72E1994764B6CB7BFDD64E7832894356AAEE6C3768FC3D0F115E6B0"
+      "6729756225F999AA99FDF81FD6A359F1576D3D23DE6CB69C3937054EB497AC1E8C38D5"
+      "5E01B9783A20C8D930020932CF25926103002213D0FC37279888154FEBCEDF31832158"
+      "97938C5CFE5B10B4254D0C399F39D0");
+  const std::vector<uint8> wrapping_key_data =
+      HexStringToBytes("000102030405060708090A0B0C0D0E0F");
+  const blink::WebCryptoAlgorithm wrapping_algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
+
+  // Import the wrapping key.
+  blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
+      wrapping_key_data, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey);
+
+  // Unwrap the known wrapped key data to produce a new key
+  blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+  ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatJwk,
+                                  CryptoData(wrapped_key_data),
+                                  wrapping_key,
+                                  wrapping_algorithm,
+                                  blink::WebCryptoAlgorithm::createNull(),
+                                  true,
+                                  blink::WebCryptoKeyUsageVerify,
+                                  &unwrapped_key));
+
+  // Validate the new key's attributes.
+  EXPECT_FALSE(unwrapped_key.isNull());
+  EXPECT_TRUE(unwrapped_key.handle());
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id());
+  EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
+            unwrapped_key.algorithm().hmacParams()->hash().id());
+  EXPECT_EQ(true, unwrapped_key.extractable());
+  EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages());
+
+  // Export the new key's raw data and compare to the known original.
+  blink::WebArrayBuffer raw_key;
+  EXPECT_STATUS_SUCCESS(
+      ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
+  EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key));
+}
+
 // TODO(eroman):
 //   * Test decryption when the tag length exceeds input size
 //   * Test decryption with empty input
 //   * Test decryption with tag length of 0.
 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
   // Some Linux test runners may not have a new enough version of NSS.
   if (!SupportsAesGcm()) {
     LOG(WARNING) << "AES GCM not supported, skipping tests";
     return;
   }
@@ skipping 262 matching lines @@
   EXPECT_STATUS(Status::ErrorDataTooSmall(),
                 UnwrapKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(emtpy_data),
                           private_key,
                           wrapping_algorithm,
                           key_algorithm,
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &unwrapped_key));
 
-  // Unwapping data too large for the wrapping key should fail.
+  // Unwrapping data too large for the wrapping key should fail.
   EXPECT_STATUS(Status::ErrorDataTooLarge(),
                 UnwrapKey(blink::WebCryptoKeyFormatRaw,
                           CryptoData(big_data),
                           private_key,
                           wrapping_algorithm,
                           key_algorithm,
                           true,
                           blink::WebCryptoKeyUsageSign,
                           &unwrapped_key));
 }
 
 }  // namespace webcrypto
 
 }  // namespace content