OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 892 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
903 | 903 |
904 // The block size for HMAC SHA-512 is larger. | 904 // The block size for HMAC SHA-512 is larger. |
905 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); | 905 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); |
906 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); | 906 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); |
907 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, | 907 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, |
908 key.algorithm().hmacParams()->hash().id()); | 908 key.algorithm().hmacParams()->hash().id()); |
909 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 909 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
910 EXPECT_EQ(128U, raw_key.byteLength()); | 910 EXPECT_EQ(128U, raw_key.byteLength()); |
911 } | 911 } |
912 | 912 |
913 TEST_F(SharedCryptoTest, MAYBE(ImportSecretKeyNoAlgorithm)) { | |
914 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
915 | |
916 // This fails because the algorithm is null. | |
917 EXPECT_STATUS(Status::ErrorMissingAlgorithmImportRawKey(), | |
918 ImportKey(blink::WebCryptoKeyFormatRaw, | |
919 CryptoData(HexStringToBytes("00000000000000000000")), | |
920 blink::WebCryptoAlgorithm::createNull(), | |
921 true, | |
922 blink::WebCryptoKeyUsageEncrypt, | |
923 &key)); | |
924 } | |
925 | |
926 TEST_F(SharedCryptoTest, ImportJwkFailures) { | 913 TEST_F(SharedCryptoTest, ImportJwkFailures) { |
927 | 914 |
928 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 915 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
929 blink::WebCryptoAlgorithm algorithm = | 916 blink::WebCryptoAlgorithm algorithm = |
930 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 917 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
931 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 918 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
932 | 919 |
933 // Baseline pass: each test below breaks a single item, so we start with a | 920 // Baseline pass: each test below breaks a single item, so we start with a |
934 // passing case to make sure each failure is caused by the isolated break. | 921 // passing case to make sure each failure is caused by the isolated break. |
935 // Each breaking subtest below resets the dictionary to this passing case when | 922 // Each breaking subtest below resets the dictionary to this passing case when |
(...skipping 19 matching lines...) Expand all Loading... |
955 Status::ErrorJwkNotDictionary(), | 942 Status::ErrorJwkNotDictionary(), |
956 ImportKeyJwk( | 943 ImportKeyJwk( |
957 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); | 944 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); |
958 | 945 |
959 // Fail on JWK alg present but unrecognized. | 946 // Fail on JWK alg present but unrecognized. |
960 dict.SetString("alg", "A127CBC"); | 947 dict.SetString("alg", "A127CBC"); |
961 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), | 948 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), |
962 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 949 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
963 RestoreJwkOctDictionary(&dict); | 950 RestoreJwkOctDictionary(&dict); |
964 | 951 |
965 // Fail on both JWK and input algorithm missing. | |
966 dict.Remove("alg", NULL); | |
967 EXPECT_STATUS(Status::ErrorJwkAlgorithmMissing(), | |
968 ImportKeyJwkFromDict(dict, | |
969 blink::WebCryptoAlgorithm::createNull(), | |
970 false, | |
971 usage_mask, | |
972 &key)); | |
973 RestoreJwkOctDictionary(&dict); | |
974 | |
975 // Fail on invalid kty. | 952 // Fail on invalid kty. |
976 dict.SetString("kty", "foo"); | 953 dict.SetString("kty", "foo"); |
977 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), | 954 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), |
978 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 955 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
979 RestoreJwkOctDictionary(&dict); | 956 RestoreJwkOctDictionary(&dict); |
980 | 957 |
981 // Fail on missing kty. | 958 // Fail on missing kty. |
982 dict.Remove("kty", NULL); | 959 dict.Remove("kty", NULL); |
983 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), | 960 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), |
984 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 961 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
(...skipping 202 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1187 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1164 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
1188 // (HMAC SHA256). | 1165 // (HMAC SHA256). |
1189 EXPECT_STATUS( | 1166 EXPECT_STATUS( |
1190 Status::ErrorJwkAlgorithmInconsistent(), | 1167 Status::ErrorJwkAlgorithmInconsistent(), |
1191 ImportKeyJwk(CryptoData(json_vec), | 1168 ImportKeyJwk(CryptoData(json_vec), |
1192 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), | 1169 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), |
1193 extractable, | 1170 extractable, |
1194 usage_mask, | 1171 usage_mask, |
1195 &key)); | 1172 &key)); |
1196 | 1173 |
1197 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | |
1198 EXPECT_STATUS_SUCCESS(ImportKeyJwk(CryptoData(json_vec), | |
1199 blink::WebCryptoAlgorithm::createNull(), | |
1200 extractable, | |
1201 usage_mask, | |
1202 &key)); | |
1203 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | |
1204 | |
1205 // Pass: JWK alg missing but input algorithm specified: use input value | 1174 // Pass: JWK alg missing but input algorithm specified: use input value |
1206 dict.Remove("alg", NULL); | 1175 dict.Remove("alg", NULL); |
1207 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( | 1176 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( |
1208 dict, | 1177 dict, |
1209 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), | 1178 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), |
1210 extractable, | 1179 extractable, |
1211 usage_mask, | 1180 usage_mask, |
1212 &key)); | 1181 &key)); |
1213 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1182 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1214 dict.SetString("alg", "HS256"); | 1183 dict.SetString("alg", "HS256"); |
(...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1297 &key)); | 1266 &key)); |
1298 EXPECT_TRUE(key.handle()); | 1267 EXPECT_TRUE(key.handle()); |
1299 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1268 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1300 EXPECT_TRUE(key.extractable()); | 1269 EXPECT_TRUE(key.extractable()); |
1301 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1270 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1302 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); | 1271 EXPECT_EQ(kModulusLength, key.algorithm().rsaParams()->modulusLengthBits()); |
1303 ExpectCryptoDataMatchesHex( | 1272 ExpectCryptoDataMatchesHex( |
1304 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | 1273 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); |
1305 | 1274 |
1306 // Failing case: Empty SPKI data | 1275 // Failing case: Empty SPKI data |
1307 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1276 EXPECT_STATUS( |
1308 ImportKey(blink::WebCryptoKeyFormatSpki, | 1277 Status::ErrorImportEmptyKeyData(), |
1309 CryptoData(std::vector<uint8>()), | 1278 ImportKey(blink::WebCryptoKeyFormatSpki, |
1310 blink::WebCryptoAlgorithm::createNull(), | 1279 CryptoData(std::vector<uint8>()), |
1311 true, | 1280 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1312 blink::WebCryptoKeyUsageEncrypt, | 1281 true, |
1313 &key)); | 1282 blink::WebCryptoKeyUsageEncrypt, |
1314 | 1283 &key)); |
1315 // Failing case: Import RSA key with NULL input algorithm. This is not | |
1316 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough | |
1317 // to map to a Web Crypto algorithm. | |
1318 EXPECT_STATUS(Status::Error(), | |
1319 ImportKey(blink::WebCryptoKeyFormatSpki, | |
1320 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | |
1321 blink::WebCryptoAlgorithm::createNull(), | |
1322 true, | |
1323 blink::WebCryptoKeyUsageEncrypt, | |
1324 &key)); | |
1325 | 1284 |
1326 // Failing case: Bad DER encoding. | 1285 // Failing case: Bad DER encoding. |
1327 EXPECT_STATUS( | 1286 EXPECT_STATUS( |
1328 Status::Error(), | 1287 Status::Error(), |
1329 ImportKey(blink::WebCryptoKeyFormatSpki, | 1288 ImportKey(blink::WebCryptoKeyFormatSpki, |
1330 CryptoData(HexStringToBytes("618333c4cb")), | 1289 CryptoData(HexStringToBytes("618333c4cb")), |
1331 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1290 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1332 true, | 1291 true, |
1333 blink::WebCryptoKeyUsageEncrypt, | 1292 blink::WebCryptoKeyUsageEncrypt, |
1334 &key)); | 1293 &key)); |
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1387 EXPECT_EQ(kModulusLength, | 1346 EXPECT_EQ(kModulusLength, |
1388 key.algorithm().rsaHashedParams()->modulusLengthBits()); | 1347 key.algorithm().rsaHashedParams()->modulusLengthBits()); |
1389 ExpectCryptoDataMatchesHex( | 1348 ExpectCryptoDataMatchesHex( |
1390 "010001", | 1349 "010001", |
1391 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); | 1350 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); |
1392 | 1351 |
1393 // Failing case: Empty PKCS#8 data | 1352 // Failing case: Empty PKCS#8 data |
1394 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), | 1353 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), |
1395 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1354 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
1396 CryptoData(std::vector<uint8>()), | 1355 CryptoData(std::vector<uint8>()), |
1397 blink::WebCryptoAlgorithm::createNull(), | 1356 CreateRsaHashedImportAlgorithm( |
| 1357 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1358 blink::WebCryptoAlgorithmIdSha1), |
1398 true, | 1359 true, |
1399 blink::WebCryptoKeyUsageSign, | 1360 blink::WebCryptoKeyUsageSign, |
1400 &key)); | 1361 &key)); |
1401 | |
1402 // Failing case: Import RSA key with NULL input algorithm. This is not | |
1403 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough | |
1404 // to map to a Web Crypto algorithm. | |
1405 EXPECT_STATUS(Status::Error(), | |
1406 ImportKey(blink::WebCryptoKeyFormatPkcs8, | |
1407 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | |
1408 blink::WebCryptoAlgorithm::createNull(), | |
1409 true, | |
1410 blink::WebCryptoKeyUsageSign, | |
1411 &key)); | |
1412 | 1362 |
1413 // Failing case: Bad DER encoding. | 1363 // Failing case: Bad DER encoding. |
1414 EXPECT_STATUS( | 1364 EXPECT_STATUS( |
1415 Status::Error(), | 1365 Status::Error(), |
1416 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1366 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
1417 CryptoData(HexStringToBytes("618333c4cb")), | 1367 CryptoData(HexStringToBytes("618333c4cb")), |
1418 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1368 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1419 true, | 1369 true, |
1420 blink::WebCryptoKeyUsageSign, | 1370 blink::WebCryptoKeyUsageSign, |
1421 &key)); | 1371 &key)); |
(...skipping 684 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2106 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | 2056 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
2107 test_kek, | 2057 test_kek, |
2108 wrapping_algorithm, | 2058 wrapping_algorithm, |
2109 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | 2059 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
2110 // Import the key to be wrapped. | 2060 // Import the key to be wrapped. |
2111 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 2061 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
2112 test_key, | 2062 test_key, |
2113 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2063 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2114 blink::WebCryptoKeyUsageEncrypt); | 2064 blink::WebCryptoKeyUsageEncrypt); |
2115 | 2065 |
2116 // Unwrap with null algorithm must fail. | |
2117 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
2118 EXPECT_STATUS(Status::ErrorMissingAlgorithmUnwrapRawKey(), | |
2119 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2120 CryptoData(test_ciphertext), | |
2121 wrapping_key, | |
2122 wrapping_algorithm, | |
2123 blink::WebCryptoAlgorithm::createNull(), | |
2124 true, | |
2125 blink::WebCryptoKeyUsageEncrypt, | |
2126 &unwrapped_key)); | |
2127 | |
2128 // Unwrap with wrapped data too small must fail. | 2066 // Unwrap with wrapped data too small must fail. |
2129 const std::vector<uint8> small_data(test_ciphertext.begin(), | 2067 const std::vector<uint8> small_data(test_ciphertext.begin(), |
2130 test_ciphertext.begin() + 23); | 2068 test_ciphertext.begin() + 23); |
| 2069 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
2131 EXPECT_STATUS(Status::ErrorDataTooSmall(), | 2070 EXPECT_STATUS(Status::ErrorDataTooSmall(), |
2132 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 2071 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
2133 CryptoData(small_data), | 2072 CryptoData(small_data), |
2134 wrapping_key, | 2073 wrapping_key, |
2135 wrapping_algorithm, | 2074 wrapping_algorithm, |
2136 key_algorithm, | 2075 key_algorithm, |
2137 true, | 2076 true, |
2138 blink::WebCryptoKeyUsageEncrypt, | 2077 blink::WebCryptoKeyUsageEncrypt, |
2139 &unwrapped_key)); | 2078 &unwrapped_key)); |
2140 | 2079 |
(...skipping 161 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2302 test_cipher_text, | 2241 test_cipher_text, |
2303 test_authentication_tag, | 2242 test_authentication_tag, |
2304 &plain_text)); | 2243 &plain_text)); |
2305 } | 2244 } |
2306 } | 2245 } |
2307 } | 2246 } |
2308 | 2247 |
2309 } // namespace webcrypto | 2248 } // namespace webcrypto |
2310 | 2249 |
2311 } // namespace content | 2250 } // namespace content |
OLD | NEW |