WebCrypto: Implement importKey() and sign() for HMAC in NSS

content/renderer/webcrypto_impl_unittest.cc

Index: content/renderer/webcrypto_impl_unittest.cc
diff --git a/content/renderer/webcrypto_impl_unittest.cc b/content/renderer/webcrypto_impl_unittest.cc
index df4b062bf8abaa7f8b5480f21caa05c05c4cd0c3..d93fcb91c32f97238f9df068e330dbf86244bac0 100644
--- a/content/renderer/webcrypto_impl_unittest.cc
+++ b/content/renderer/webcrypto_impl_unittest.cc
@@ -14,6 +14,7 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace content {
 
@@ -35,7 +36,7 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
   // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03
   struct {
     const char* input;
-    size_t input_length;
+    unsigned input_length;
     const char* hex_result[arraysize(kAlgorithmIds)];
   } input_set[] = {
     {
@@ -102,11 +103,13 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
       WebKit::WebArrayBuffer array_buffer;
 
       WebCryptoImpl crypto;
-      crypto.DigestInternal(
-          algorithm,
-          reinterpret_cast<const unsigned char*>(input_set[set_index].input),
-          input_set[set_index].input_length,
-          &array_buffer);
+      EXPECT_TRUE(
+          crypto.DigestInternal(
+              algorithm,
+              reinterpret_cast<const unsigned char*>(
+                  input_set[set_index].input),
+              input_set[set_index].input_length,
+              &array_buffer));
 
       // Ignore case, it's checking the hex value.
       EXPECT_STRCASEEQ(
@@ -117,4 +120,140 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
   }
 }
 
+TEST_F(WebCryptoImplTest, HMACSampleSets) {
+  struct {
+    WebKit::WebCryptoAlgorithmId algorithm;
+    const char* key;
+    const char* msg;

[Ryan Sleevi, 2013/09/12 22:01:56]

naming nit: msg -> message

http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml?showone=Genera...

[Bryan Eyler, 2013/09/12 23:09:56]

Done.

+    const char* mac;
+  } input_set[] = {
+    // Empty sets.  Result generated via OpenSSL commandline tool.  These
+    // particular results are also posted on the Wikipedia page examples:
+    // http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      "",
+      "",
+      // openssl dgst -sha1 -hmac "" < /dev/null
+      "fbdb1d1b18aa6c08324b7d64b71fb76370690e1d",
+    },
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      "",
+      "",
+      // openssl dgst -sha256 -hmac "" < /dev/null
+      "b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad",
+    },
+    // For this data, see http://csrc.nist.gov/groups/STM/cavp/index.html#07
+    // Download:
+    // http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmactestvectors.zip
+    // L=20 set 45
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      "59785928d72516e31272",
+      "a3ce8899df1022e8d2d539b47bf0e309c66f84095e21438ec355bf119ce5fdcb4e73a6"
+      "19cdf36f25b369d8c38ff419997f0c59830108223606e31223483fd39edeaa4d3f0d21"
+      "198862d239c9fd26074130ff6c86493f5227ab895c8f244bd42c7afce5d147a20a5907"
+      "98c68e708e964902d124dadecdbda9dbd0051ed710e9bf",
+      "3c8162589aafaee024fc9a5ca50dd2336fe3eb28",

[Ryan Sleevi, 2013/09/12 22:01:56]

From a readability, it's very difficult to note the commas versus the extended
continuations.

At the cost of duplication, I would suggest adding explicit comments

// key
// message
// mac

[Bryan Eyler, 2013/09/12 23:09:56]

Done.

+    },
+    // L=20 set 299
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      "ceb9aedf8d6efcf0ae52bea0fa99a9e26ae81bacea0cff4d5eecf201e3bca3c3577480"
+      "621b818fd717ba99d6ff958ea3d59b2527b019c343bb199e648090225867d994607962"
+      "f5866aa62930d75b58f6",
+      "99958aa459604657c7bf6e4cdfcc8785f0abf06ffe636b5b64ecd931bd8a4563055924"
+      "21fc28dbcccb8a82acea2be8e54161d7a78e0399a6067ebaca3f2510274dc9f92f2c8a"
+      "e4265eec13d7d42e9f8612d7bc258f913ecb5a3a5c610339b49fb90e9037b02d684fc6"
+      "0da835657cb24eab352750c8b463b1a8494660d36c3ab2",
+      "4ac41ab89f625c60125ed65ffa958c6b490ea670",
+    },
+    // L=32, set 30
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      "9779d9120642797f1747025d5b22b7ac607cab08e1758f2f3a46c8be1e25c53b8c6a8f"
+      "58ffefa176",
+      "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
+      "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
+      "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
+      "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e",
+      "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b",
+    },
+    // L=32, set 224
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      "4b7ab133efe99e02fc89a28409ee187d579e774f4cba6fc223e13504e3511bef8d4f63"
+      "8b9aca55d4a43b8fbd64cf9d74dcc8c9e8d52034898c70264ea911a3fd70813fa73b08"
+      "3371289b",
+      "138efc832c64513d11b9873c6fd4d8a65dbf367092a826ddd587d141b401580b798c69"
+      "025ad510cff05fcfbceb6cf0bb03201aaa32e423d5200925bddfadd418d8e30e18050e"
+      "b4f0618eb9959d9f78c1157d4b3e02cd5961f138afd57459939917d9144c95d8e6a94c"
+      "8f6d4eef3418c17b1ef0b46c2a7188305d9811dccb3d99",
+      "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b",
+    },
+  };
+
+  for (size_t index = 0; index < ARRAYSIZE_UNSAFE(input_set); index++) {

[Ryan Sleevi, 2013/09/12 22:01:56]

In general, I have a preference for seeing parameterized tests, since they allow
you to see more information about exactly what test is failing and (with the use
of a PrintTo overload) provide pretty-printing of outputs.

That said, if a loop is appropriate here long term, please make sure to add a
SCOPED_TRACE() to the iteration to make sure that the failure reasons are clear
- otherwise, it will be a pain to debug.

See
https://code.google.com/p/googletest/wiki/V1_6_AdvancedGuide#Using_Assertions...

[Bryan Eyler, 2013/09/12 23:09:56]

Done, and added to digest tests as well.

+    WebKit::WebCryptoAlgorithm hash_algorithm(
+        WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+            input_set[index].algorithm, NULL));
+
+    scoped_ptr<WebKit::WebCryptoHmacParams> hmac_params(
+        new WebKit::WebCryptoHmacParams(hash_algorithm));
+
+    WebKit::WebCryptoAlgorithm hmac_algorithm(
+        WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+            WebKit::WebCryptoAlgorithmIdHmac, hmac_params.release()));
+
+    WebKit::WebCryptoKeyType type;
+    scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+
+    std::vector<uint8> key_raw;
+    base::HexStringToBytes(input_set[index].key, &key_raw);
+
+    WebCryptoImpl crypto;
+
+    EXPECT_TRUE(
+        crypto.ImportKeyInternal(
+            WebKit::WebCryptoKeyFormatRaw,
+            key_raw.data(),
+            key_raw.size(),
+            hmac_algorithm,
+            WebKit::WebCryptoKeyUsageSign,
+            &handle,
+            &type));
+
+    EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, type);
+    ASSERT_TRUE(handle.get());
+
+    WebKit::WebCryptoKey crypto_key =
+        WebKit::WebCryptoKey::create(
+            handle.release(),
+            type,
+            false,
+            hmac_algorithm,
+            WebKit::WebCryptoKeyUsageSign);
+
+    std::vector<uint8> msg_raw;

[Ryan Sleevi, 2013/09/12 22:01:56]

naming nit: msg -> message

[Bryan Eyler, 2013/09/12 23:09:56]

Done.

+    base::HexStringToBytes(input_set[index].msg, &msg_raw);
+
+    WebKit::WebArrayBuffer array_buffer;
+
+    EXPECT_TRUE(
+        crypto.SignInternal(
+            hmac_algorithm,
+            crypto_key,
+            msg_raw.data(),
+            msg_raw.size(),
+            &array_buffer));
+
+    // Ignore case, it's checking the hex value.
+    EXPECT_STRCASEEQ(
+        input_set[index].mac,
+        base::HexEncode(
+            array_buffer.data(), array_buffer.byteLength()).c_str());
+  }
+}
+
 }  // namespace content