content/renderer/webcrypto_impl_unittest.cc - Issue 23569007: WebCrypto: Implement importKey() and sign() for HMAC in NSS

Side by Side Diff: content/renderer/webcrypto_impl_unittest.cc

Issue 23569007: WebCrypto: Implement importKey() and sign() for HMAC in NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "webcrypto_impl.h"	5 #include "webcrypto_impl.h"

6	6

7 #include "base/basictypes.h"	7 #include "base/basictypes.h"

8 #include "base/logging.h"	8 #include "base/logging.h"

9 #include "base/memory/ref_counted.h"	9 #include "base/memory/ref_counted.h"

10 #include "base/strings/string_number_conversions.h"	10 #include "base/strings/string_number_conversions.h"

11 #include "content/public/renderer/content_renderer_client.h"	11 #include "content/public/renderer/content_renderer_client.h"

12 #include "content/renderer/renderer_webkitplatformsupport_impl.h"	12 #include "content/renderer/renderer_webkitplatformsupport_impl.h"

13 #include "content/renderer/webcrypto_impl.h"	13 #include "content/renderer/webcrypto_impl.h"

14 #include "testing/gtest/include/gtest/gtest.h"	14 #include "testing/gtest/include/gtest/gtest.h"

15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"	15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"

16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"	16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"

	17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"

17	18

18 namespace content {	19 namespace content {

19	20

20 const WebKit::WebCryptoAlgorithmId kAlgorithmIds[] = {	21 const WebKit::WebCryptoAlgorithmId kAlgorithmIds[] = {

21 WebKit::WebCryptoAlgorithmIdSha1,	22 WebKit::WebCryptoAlgorithmIdSha1,

22 WebKit::WebCryptoAlgorithmIdSha224,	23 WebKit::WebCryptoAlgorithmIdSha224,

23 WebKit::WebCryptoAlgorithmIdSha256,	24 WebKit::WebCryptoAlgorithmIdSha256,

24 WebKit::WebCryptoAlgorithmIdSha384,	25 WebKit::WebCryptoAlgorithmIdSha384,

25 WebKit::WebCryptoAlgorithmIdSha512	26 WebKit::WebCryptoAlgorithmIdSha512

26 };	27 };

(...skipping 83 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
110	111

111 // Ignore case, it's checking the hex value.	112 // Ignore case, it's checking the hex value.

112 EXPECT_STRCASEEQ(	113 EXPECT_STRCASEEQ(

113 input_set[set_index].hex_result[id_index],	114 input_set[set_index].hex_result[id_index],

114 base::HexEncode(	115 base::HexEncode(

115 array_buffer.data(), array_buffer.byteLength()).c_str());	116 array_buffer.data(), array_buffer.byteLength()).c_str());

116 }	117 }

117 }	118 }

118 }	119 }

119	120

	121 TEST_F(WebCryptoImplTest, HMACSampleSets) {

	122 struct input_set_struct {

	123 WebKit::WebCryptoAlgorithmId algorithm;

	124 const char* key;

	125 const char* msg;

	126 const char* mac;

	127 } input_set[] = {

	128 // For this data, see http://csrc.nist.gov/groups/STM/cavp/index.html#07
	eroman 2013/09/05 01:57:51 I suggest additionally having a test for the "empt I suggest additionally having a test for the "empty" data case. Just cuz it can sometimes be a bit different. Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > I suggest additionally having a test for the "empty" data case. Just cuz it can > sometimes be a bit different. Done.
	129 // Download:

	130 // http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmactestvectors.zip

	131 // L=20 set 45

	132 {

	133 WebKit::WebCryptoAlgorithmIdSha1,

	134 "59785928d72516e31272",

	135 "a3ce8899df1022e8d2d539b47bf0e309c66f84095e21438ec355bf119ce5fdcb4e73a619c df36f25b369d8c38ff419997f0c59830108223606e31223483fd39edeaa4d3f0d21198862d239c9f d26074130ff6c86493f5227ab895c8f244bd42c7afce5d147a20a590798c68e708e964902d124dad ecdbda9dbd0051ed710e9bf",
	eroman 2013/09/05 01:57:51 regarding comment on line length: I think it is fi regarding comment on line length: I think it is fine for test data, and I wouldn't worry about it too much. To be on the safe side, you could always break it up to fit on 80 character lines tho since it is easy enough. i.e use C's auto-line joiner for string literals (whatever it is called) "Yo dawg, this string is long" can be broken up as: "Yo dawg, " "this string is long" Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > regarding comment on line length: I think it is fine for test data, and I > wouldn't worry about it too much. To be on the safe side, you could always break > it up to fit on 80 character lines tho since it is easy enough. > > i.e use C's auto-line joiner for string literals (whatever it is called) > > "Yo dawg, this string is long" can be broken up as: > > "Yo dawg, " > "this string is long" Done.
	136 "3c8162589aafaee024fc9a5ca50dd2336fe3eb28",

	137 },

	138 // L=20 set 299

	139 {

	140 WebKit::WebCryptoAlgorithmIdSha1,

	141 "ceb9aedf8d6efcf0ae52bea0fa99a9e26ae81bacea0cff4d5eecf201e3bca3c3577480621 b818fd717ba99d6ff958ea3d59b2527b019c343bb199e648090225867d994607962f5866aa62930d 75b58f6",

	142 "99958aa459604657c7bf6e4cdfcc8785f0abf06ffe636b5b64ecd931bd8a456305592421f c28dbcccb8a82acea2be8e54161d7a78e0399a6067ebaca3f2510274dc9f92f2c8ae4265eec13d7d 42e9f8612d7bc258f913ecb5a3a5c610339b49fb90e9037b02d684fc60da835657cb24eab352750c 8b463b1a8494660d36c3ab2",

	143 "4ac41ab89f625c60125ed65ffa958c6b490ea670",

	144 },

	145 // L=32, set 30

	146 {

	147 WebKit::WebCryptoAlgorithmIdSha256,

	148 "9779d9120642797f1747025d5b22b7ac607cab08e1758f2f3a46c8be1e25c53b8c6a8f58f fefa176",

	149 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a92d e3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92d1b0ae933c65e b06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f22a003b8ab8de54f6ded0e3 ab9245fa79568451dfa258e",

	150 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b",

	151 },

	152 // L=32, set 224

	153 {

	154 WebKit::WebCryptoAlgorithmIdSha256,

	155 "4b7ab133efe99e02fc89a28409ee187d579e774f4cba6fc223e13504e3511bef8d4f638b9 aca55d4a43b8fbd64cf9d74dcc8c9e8d52034898c70264ea911a3fd70813fa73b083371289b",

	156 "138efc832c64513d11b9873c6fd4d8a65dbf367092a826ddd587d141b401580b798c69025 ad510cff05fcfbceb6cf0bb03201aaa32e423d5200925bddfadd418d8e30e18050eb4f0618eb9959 d9f78c1157d4b3e02cd5961f138afd57459939917d9144c95d8e6a94c8f6d4eef3418c17b1ef0b46 c2a7188305d9811dccb3d99",

	157 "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b",

	158 },

	159 };

	160

	161 for (size_t index = 0; index < arraysize(input_set); index++) {

	162 WebKit::WebCryptoAlgorithm hash_algorithm(

	163 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(

	164 input_set[index].algorithm, "HASH", NULL));
	eroman 2013/09/05 01:57:51 Remove the "HASH" parameter. I am in the process o Remove the "HASH" parameter. I am in the process of getting rid of that from the Blink API (https://codereview.chromium.org/23672024/) since it was annoying to pass in the unit tests like this :) Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > Remove the "HASH" parameter. I am in the process of getting rid of that from the > Blink API (https://codereview.chromium.org/23672024/) since it was annoying to > pass in the unit tests like this :) Done.
	165

	166 scoped_ptr<WebKit::WebCryptoHmacKeyParams> key_params(
	eroman 2013/09/05 01:57:51 Use a WebCryptoHmacParams instead of a WebCryptoH Use a WebCryptoHmacParams instead of a WebCryptoHmacKeyParams. Things should work fine with either, however to simulate how the code will be getting called, better to use the HmacParams (HmacKeyParams is only used for generateKey). You can tell this by looking at the operations table here: https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#hmac Notice how the input to importKey has "Parameters" of HmacParams. The Blink side of the code which does algorithm parameter normalization will guarantee that the Chromium code only gets called with the expected parameter type. Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > Use a WebCryptoHmacParams instead of a WebCryptoHmacKeyParams. > > Things should work fine with either, however to simulate how the code will be > getting called, better to use the HmacParams (HmacKeyParams is only used for > generateKey). > > You can tell this by looking at the operations table here: > > https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#hmac > > Notice how the input to importKey has "Parameters" of HmacParams. The Blink side > of the code which does algorithm parameter normalization will guarantee that the > Chromium code only gets called with the expected parameter type. Done.
	167 new WebKit::WebCryptoHmacKeyParams(hash_algorithm, false, 0));

	168

	169 WebKit::WebCryptoAlgorithm hmac_key_algorithm(

	170 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(

	171 WebKit::WebCryptoAlgorithmIdHmac, "HMAC", key_params.release()));
	eroman 2013/09/05 01:57:51 Ditto. Remove the "HMAC" string, no longer needed. Ditto. Remove the "HMAC" string, no longer needed. Yay Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > Ditto. Remove the "HMAC" string, no longer needed. Yay Done.
	172

	173 WebKit::WebCryptoKeyHandle* handle;
	eroman 2013/09/05 01:57:51 This is being leaked. That is why I would like th This is being leaked. That is why I would like the internal* methods to use scoped_ptr<>, so it is very clear how the ownership of the returned pointer works :) Bryan Eyler 2013/09/06 01:27:51 Made into scoped_ptr. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > This is being leaked. > > That is why I would like the internal* methods to use scoped_ptr<>, so it is > very clear how the ownership of the returned pointer works :) Made into scoped_ptr.
	174

	175 std::vector<uint8> key_raw;

	176 base::HexStringToBytes(input_set[index].key, &key_raw);

	177

	178 WebCryptoImpl crypto;

	179

	180 crypto.importKeyInternal(

	181 WebKit::WebCryptoKeyFormatRaw,

	182 &key_raw.front(),
	eroman 2013/09/05 01:57:51 It is more typical in chromium code to use .data() It is more typical in chromium code to use .data() Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > It is more typical in chromium code to use .data() Done.
	183 key_raw.size(),

	184 hmac_key_algorithm,

	185 false,

	186 WebKit::WebCryptoKeyUsageSign,

	187 &handle);

	188

	189 std::vector<uint8> msg_raw;

	190 base::HexStringToBytes(input_set[index].msg, &msg_raw);

	191

	192 scoped_ptr<WebKit::WebCryptoHmacParams> sign_params(

	193 new WebKit::WebCryptoHmacParams(hash_algorithm));
	eroman 2013/09/05 01:57:51 Optional: creating the WebCryptoAlgorithm for test Optional: creating the WebCryptoAlgorithm for tests is clumsy enough, that I suggest extracting that code to helpers. For example: WebCryptoAlgorithm sup_dawg = HmacAlgorithm(WebCryptoAlgorithmIdSha1); And another extractable method that might be useful for the pre-existing digest tests: WebCryptoAlgorithm magnets = ShaAlgorithm(256) (OK, maybe using an integer parameter is crazy, but just spitballing some ideas) Bryan Eyler 2013/09/06 01:27:51 This duplication is actually a result of the mista Show quoted text On 2013/09/05 01:57:51, eroman wrote: > Optional: creating the WebCryptoAlgorithm for tests is clumsy enough, that I > suggest extracting that code to helpers. For example: > > WebCryptoAlgorithm sup_dawg = HmacAlgorithm(WebCryptoAlgorithmIdSha1); > > And another extractable method that might be useful for the pre-existing digest > tests: > WebCryptoAlgorithm magnets = ShaAlgorithm(256) > > (OK, maybe using an integer parameter is crazy, but just spitballing some ideas) This duplication is actually a result of the mistake above where I was using HmacKeyParams instead of HmacParams. I've removed this code and unified the algorithm used. Should I break it out only if it's necessary in the future?
	194

	195 WebKit::WebCryptoAlgorithm hmac_algorithm(

	196 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(

	197 WebKit::WebCryptoAlgorithmIdHmac, "HMAC", sign_params.release()));
	eroman 2013/09/05 01:57:51 remove "HMAC" remove "HMAC" Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > remove "HMAC" Done.
	198

	199 WebKit::WebArrayBuffer array_buffer;

	200

	201 crypto.signInternal(

	202 hmac_algorithm,

	203 handle,

	204 &msg_raw.front(),
	eroman 2013/09/05 01:57:51 msg_raw.data() is more concise in my opinion. msg_raw.data() is more concise in my opinion. Bryan Eyler 2013/09/06 01:27:51 Done. Show quoted text On 2013/09/05 01:57:51, eroman wrote: > msg_raw.data() is more concise in my opinion. Done.
	205 msg_raw.size(),

	206 &array_buffer);

	207

	208 // Ignore case, it's checking the hex value.

	209 EXPECT_STRCASEEQ(

	210 input_set[index].mac,

	211 base::HexEncode(

	212 array_buffer.data(), array_buffer.byteLength()).c_str());

	213 }

	214 }

	215

120 } // namespace content	216 } // namespace content

OLD	NEW

« content/renderer/webcrypto_impl_nss.cc ('K') | « content/renderer/webcrypto_impl_openssl.cc ('k') | no next file » | no next file with comments »