| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 892 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 903 | 903 |
| 904 // The block size for HMAC SHA-512 is larger. | 904 // The block size for HMAC SHA-512 is larger. |
| 905 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); | 905 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); |
| 906 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); | 906 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
| 907 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, | 907 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, |
| 908 key.algorithm().hmacParams()->hash().id()); | 908 key.algorithm().hmacParams()->hash().id()); |
| 909 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 909 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
| 910 EXPECT_EQ(128U, raw_key.byteLength()); | 910 EXPECT_EQ(128U, raw_key.byteLength()); |
| 911 } | 911 } |
| 912 | 912 |
| 913 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { | |
| 914 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
| 915 | |
| 916 // This fails because the algorithm is null. | |
| 917 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), | |
| 918 ImportKey(blink::WebCryptoKeyFormatRaw, | |
| 919 CryptoData(HexStringToBytes("00000000000000000000")), | |
| 920 blink::WebCryptoAlgorithm::createNull(), | |
| 921 true, | |
| 922 blink::WebCryptoKeyUsageEncrypt, | |
| 923 &key)); | |
| 924 } | |
| 925 | |
| 926 TEST_F(SharedCryptoTest, ImportJwkFailures) { | 913 TEST_F(SharedCryptoTest, ImportJwkFailures) { |
| 927 | 914 |
| 928 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 915 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 929 blink::WebCryptoAlgorithm algorithm = | 916 blink::WebCryptoAlgorithm algorithm = |
| 930 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 917 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
| 931 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 918 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
| 932 | 919 |
| 933 // Baseline pass: each test below breaks a single item, so we start with a | 920 // Baseline pass: each test below breaks a single item, so we start with a |
| 934 // passing case to make sure each failure is caused by the isolated break. | 921 // passing case to make sure each failure is caused by the isolated break. |
| 935 // Each breaking subtest below resets the dictionary to this passing case when | 922 // Each breaking subtest below resets the dictionary to this passing case when |
| (...skipping 19 matching lines...) Expand all Loading... |
| 955 Status::ErrorJwkNotDictionary(), | 942 Status::ErrorJwkNotDictionary(), |
| 956 ImportKeyJwk( | 943 ImportKeyJwk( |
| 957 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); | 944 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); |
| 958 | 945 |
| 959 // Fail on JWK alg present but unrecognized. | 946 // Fail on JWK alg present but unrecognized. |
| 960 dict.SetString("alg", "A127CBC"); | 947 dict.SetString("alg", "A127CBC"); |
| 961 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), | 948 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), |
| 962 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 949 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 963 RestoreJwkOctDictionary(&dict); | 950 RestoreJwkOctDictionary(&dict); |
| 964 | 951 |
| 965 // Fail on both JWK and input algorithm missing. | |
| 966 dict.Remove("alg", NULL); | |
| 967 EXPECT_STATUS(Status::ErrorJwkAlgorithmMissing(), | |
| 968 ImportKeyJwkFromDict(dict, | |
| 969 blink::WebCryptoAlgorithm::createNull(), | |
| 970 false, | |
| 971 usage_mask, | |
| 972 &key)); | |
| 973 RestoreJwkOctDictionary(&dict); | |
| 974 | |
| 975 // Fail on invalid kty. | 952 // Fail on invalid kty. |
| 976 dict.SetString("kty", "foo"); | 953 dict.SetString("kty", "foo"); |
| 977 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), | 954 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), |
| 978 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 955 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 979 RestoreJwkOctDictionary(&dict); | 956 RestoreJwkOctDictionary(&dict); |
| 980 | 957 |
| 981 // Fail on missing kty. | 958 // Fail on missing kty. |
| 982 dict.Remove("kty", NULL); | 959 dict.Remove("kty", NULL); |
| 983 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), | 960 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), |
| 984 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 961 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| (...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1187 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1164 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
| 1188 // (HMAC SHA256). | 1165 // (HMAC SHA256). |
| 1189 EXPECT_STATUS( | 1166 EXPECT_STATUS( |
| 1190 Status::ErrorJwkAlgorithmInconsistent(), | 1167 Status::ErrorJwkAlgorithmInconsistent(), |
| 1191 ImportKeyJwk(CryptoData(json_vec), | 1168 ImportKeyJwk(CryptoData(json_vec), |
| 1192 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), | 1169 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), |
| 1193 extractable, | 1170 extractable, |
| 1194 usage_mask, | 1171 usage_mask, |
| 1195 &key)); | 1172 &key)); |
| 1196 | 1173 |
| 1197 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | |
| 1198 EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec), | |
| 1199 blink::WebCryptoAlgorithm::createNull(), | |
| 1200 extractable, | |
| 1201 usage_mask, | |
| 1202 &key)); | |
| 1203 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | |
| 1204 | |
| 1205 // Pass: JWK alg missing but input algorithm specified: use input value | 1174 // Pass: JWK alg missing but input algorithm specified: use input value |
| 1206 dict.Remove("alg", NULL); | 1175 dict.Remove("alg", NULL); |
| 1207 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | 1176 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( |
| 1208 dict, | 1177 dict, |
| 1209 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), | 1178 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), |
| 1210 extractable, | 1179 extractable, |
| 1211 usage_mask, | 1180 usage_mask, |
| 1212 &key)); | 1181 &key)); |
| 1213 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1182 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
| 1214 dict.SetString("alg", "HS256"); | 1183 dict.SetString("alg", "HS256"); |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1297 &key)); | 1266 &key)); |
| 1298 EXPECT_TRUE(key.handle()); | 1267 EXPECT_TRUE(key.handle()); |
| 1299 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1268 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
| 1300 EXPECT_TRUE(key.extractable()); | 1269 EXPECT_TRUE(key.extractable()); |
| 1301 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1270 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
| 1302 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); | 1271 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); |
| 1303 ExpectCryptoDataMatchesHex( | 1272 ExpectCryptoDataMatchesHex( |
| 1304 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | 1273 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); |
| 1305 | 1274 |
| 1306 // Failing case: Empty SPKI data | 1275 // Failing case: Empty SPKI data |
| 1307 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1276 EXPECT_STATUS( |
| 1308 ImportKey(blink::WebCryptoKeyFormatSpki, | 1277 Status::ErrorImportEmptyKeyData(), |
| 1309 CryptoData(std::vector<uint8>()), | 1278 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1310 blink::WebCryptoAlgorithm::createNull(), | 1279 CryptoData(std::vector<uint8>()), |
| 1311 true, | 1280 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| 1312 blink::WebCryptoKeyUsageEncrypt, | 1281 true, |
| 1313 &key)); | 1282 blink::WebCryptoKeyUsageEncrypt, |
| 1314 | 1283 &key)); |
| 1315 // Failing case: Import RSA key with NULL input algorithm. This is not | |
| 1316 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough | |
| 1317 // to map to a Web Crypto algorithm. | |
| 1318 EXPECT_STATUS(Status::Error(), | |
| 1319 ImportKey(blink::WebCryptoKeyFormatSpki, | |
| 1320 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | |
| 1321 blink::WebCryptoAlgorithm::createNull(), | |
| 1322 true, | |
| 1323 blink::WebCryptoKeyUsageEncrypt, | |
| 1324 &key)); | |
| 1325 | 1284 |
| 1326 // Failing case: Bad DER encoding. | 1285 // Failing case: Bad DER encoding. |
| 1327 EXPECT_STATUS( | 1286 EXPECT_STATUS( |
| 1328 Status::Error(), | 1287 Status::Error(), |
| 1329 ImportKey(blink::WebCryptoKeyFormatSpki, | 1288 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1330 CryptoData(HexStringToBytes("618333c4cb")), | 1289 CryptoData(HexStringToBytes("618333c4cb")), |
| 1331 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1290 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| 1332 true, | 1291 true, |
| 1333 blink::WebCryptoKeyUsageEncrypt, | 1292 blink::WebCryptoKeyUsageEncrypt, |
| 1334 &key)); | 1293 &key)); |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1387 EXPECT_EQ(kModulusLength, | 1346 EXPECT_EQ(kModulusLength, |
| 1388 key.algorithm().rsaHashedParams()->modulusLengthBits()); | 1347 key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 1389 ExpectCryptoDataMatchesHex( | 1348 ExpectCryptoDataMatchesHex( |
| 1390 "010001", | 1349 "010001", |
| 1391 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); | 1350 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); |
| 1392 | 1351 |
| 1393 // Failing case: Empty PKCS#8 data | 1352 // Failing case: Empty PKCS#8 data |
| 1394 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1353 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
| 1395 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1354 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 1396 CryptoData(std::vector<uint8>()), | 1355 CryptoData(std::vector<uint8>()), |
| 1397 blink::WebCryptoAlgorithm::createNull(), | 1356 CreateRsaHashedImportAlgorithm( |
| 1357 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1358 blink::WebCryptoAlgorithmIdSha1), |
| 1398 true, | 1359 true, |
| 1399 blink::WebCryptoKeyUsageSign, | 1360 blink::WebCryptoKeyUsageSign, |
| 1400 &key)); | 1361 &key)); |
| 1401 | |
| 1402 // Failing case: Import RSA key with NULL input algorithm. This is not | |
| 1403 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough | |
| 1404 // to map to a Web Crypto algorithm. | |
| 1405 EXPECT_STATUS(Status::Error(), | |
| 1406 ImportKey(blink::WebCryptoKeyFormatPkcs8, | |
| 1407 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | |
| 1408 blink::WebCryptoAlgorithm::createNull(), | |
| 1409 true, | |
| 1410 blink::WebCryptoKeyUsageSign, | |
| 1411 &key)); | |
| 1412 | 1362 |
| 1413 // Failing case: Bad DER encoding. | 1363 // Failing case: Bad DER encoding. |
| 1414 EXPECT_STATUS( | 1364 EXPECT_STATUS( |
| 1415 Status::Error(), | 1365 Status::Error(), |
| 1416 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1366 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 1417 CryptoData(HexStringToBytes("618333c4cb")), | 1367 CryptoData(HexStringToBytes("618333c4cb")), |
| 1418 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1368 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 1419 true, | 1369 true, |
| 1420 blink::WebCryptoKeyUsageSign, | 1370 blink::WebCryptoKeyUsageSign, |
| 1421 &key)); | 1371 &key)); |
| (...skipping 684 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2106 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | 2056 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
| 2107 test_kek, | 2057 test_kek, |
| 2108 wrapping_algorithm, | 2058 wrapping_algorithm, |
| 2109 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | 2059 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
| 2110 // Import the key to be wrapped. | 2060 // Import the key to be wrapped. |
| 2111 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 2061 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
| 2112 test_key, | 2062 test_key, |
| 2113 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2063 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 2114 blink::WebCryptoKeyUsageEncrypt); | 2064 blink::WebCryptoKeyUsageEncrypt); |
| 2115 | 2065 |
| 2116 // Unwrap with null algorithm must fail. | |
| 2117 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
| 2118 EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(), | |
| 2119 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
| 2120 CryptoData(test_ciphertext), | |
| 2121 wrapping_key, | |
| 2122 wrapping_algorithm, | |
| 2123 blink::WebCryptoAlgorithm::createNull(), | |
| 2124 true, | |
| 2125 blink::WebCryptoKeyUsageEncrypt, | |
| 2126 &unwrapped_key)); | |
| 2127 | |
| 2128 // Unwrap with wrapped data too small must fail. | 2066 // Unwrap with wrapped data too small must fail. |
| 2129 const std::vector<uint8> small_data(test_ciphertext.begin(), | 2067 const std::vector<uint8> small_data(test_ciphertext.begin(), |
| 2130 test_ciphertext.begin() + 23); | 2068 test_ciphertext.begin() + 23); |
| 2069 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
| 2131 EXPECT_STATUS(Status::ErrorDataTooSmall(), | 2070 EXPECT_STATUS(Status::ErrorDataTooSmall(), |
| 2132 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 2071 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 2133 CryptoData(small_data), | 2072 CryptoData(small_data), |
| 2134 wrapping_key, | 2073 wrapping_key, |
| 2135 wrapping_algorithm, | 2074 wrapping_algorithm, |
| 2136 key_algorithm, | 2075 key_algorithm, |
| 2137 true, | 2076 true, |
| 2138 blink::WebCryptoKeyUsageEncrypt, | 2077 blink::WebCryptoKeyUsageEncrypt, |
| 2139 &unwrapped_key)); | 2078 &unwrapped_key)); |
| 2140 | 2079 |
| (...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2302 test_cipher_text, | 2241 test_cipher_text, |
| 2303 test_authentication_tag, | 2242 test_authentication_tag, |
| 2304 &plain_text)); | 2243 &plain_text)); |
| 2305 } | 2244 } |
| 2306 } | 2245 } |
| 2307 } | 2246 } |
| 2308 | 2247 |
| 2309 } // namespace webcrypto | 2248 } // namespace webcrypto |
| 2310 | 2249 |
| 2311 } // namespace content | 2250 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 197223007:
[webcrypto] Remove support for null import algorithms. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src