Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(77)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 243433006: [webcrypto] Set the error type for failures. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase Created 6 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/shared_crypto.h" 5 #include "content/child/webcrypto/shared_crypto.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/file_util.h" 12 #include "base/file_util.h"
13 #include "base/json/json_reader.h" 13 #include "base/json/json_reader.h"
14 #include "base/json/json_writer.h" 14 #include "base/json/json_writer.h"
15 #include "base/logging.h" 15 #include "base/logging.h"
16 #include "base/memory/ref_counted.h" 16 #include "base/memory/ref_counted.h"
17 #include "base/path_service.h" 17 #include "base/path_service.h"
18 #include "base/strings/string_number_conversions.h" 18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h" 19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
20 #include "content/child/webcrypto/crypto_data.h" 21 #include "content/child/webcrypto/crypto_data.h"
21 #include "content/child/webcrypto/status.h" 22 #include "content/child/webcrypto/status.h"
22 #include "content/child/webcrypto/webcrypto_util.h" 23 #include "content/child/webcrypto/webcrypto_util.h"
23 #include "content/public/common/content_paths.h" 24 #include "content/public/common/content_paths.h"
24 #include "testing/gtest/include/gtest/gtest.h" 25 #include "testing/gtest/include/gtest/gtest.h"
25 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" 26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" 28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" 29 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" 30 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
30 #include "third_party/re2/re2/re2.h" 31 #include "third_party/re2/re2/re2.h"
31 32
32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of 33 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
33 // the tests: http://crbug.com/267888 34 // the tests: http://crbug.com/267888
34 #if defined(USE_OPENSSL) 35 #if defined(USE_OPENSSL)
35 #define MAYBE(test_name) DISABLED_##test_name 36 #define MAYBE(test_name) DISABLED_##test_name
36 #else 37 #else
37 #define MAYBE(test_name) test_name 38 #define MAYBE(test_name) test_name
38 #endif 39 #endif
39 40
40 // Helper macros to verify the value of a Status.
41 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
42 #define EXPECT_STATUS(expected, code) \
43 EXPECT_EQ(expected.ToString(), (code).ToString())
44 #define ASSERT_STATUS(expected, code) \
45 ASSERT_EQ(expected.ToString(), (code).ToString())
46 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
47 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
48
49 namespace content { 41 namespace content {
50 42
51 namespace webcrypto { 43 namespace webcrypto {
52 44
45 void PrintTo(const Status& status, ::std::ostream* os) {
46 if (status.IsSuccess())
47 *os << "Success";
48 else
49 *os << "Error type: " << status.error_type()
50 << " Error details: " << status.error_details();
51 }
52
53 bool operator==(const content::webcrypto::Status& a,
54 const content::webcrypto::Status& b) {
55 if (a.IsSuccess() != b.IsSuccess())
56 return false;
57 if (a.IsSuccess())
58 return true;
59 return a.error_type() == b.error_type() &&
60 a.error_details() == b.error_details();
61 }
62
63 bool operator!=(const content::webcrypto::Status& a,
64 const content::webcrypto::Status& b) {
65 return !(a == b);
66 }
67
53 namespace { 68 namespace {
54 69
55 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a 70 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
56 // runtime dependency. Test it by trying to import a key. 71 // runtime dependency. Test it by trying to import a key.
57 // TODO(padolph): Consider caching the result of the import key test. 72 // TODO(padolph): Consider caching the result of the import key test.
58 bool SupportsAesGcm() { 73 bool SupportsAesGcm() {
59 std::vector<uint8> key_raw(16, 0); 74 std::vector<uint8> key_raw(16, 0);
60 75
61 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 76 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
62 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, 77 Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
63 CryptoData(key_raw), 78 CryptoData(key_raw),
64 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), 79 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
65 true, 80 true,
66 blink::WebCryptoKeyUsageEncrypt, 81 blink::WebCryptoKeyUsageEncrypt,
67 &key); 82 &key);
68 83
69 if (status.IsError()) 84 if (status.IsError())
70 EXPECT_STATUS(Status::ErrorUnsupported(), status); 85 EXPECT_EQ(Status::ErrorUnsupported(), status);
71 return status.IsSuccess(); 86 return status.IsSuccess();
72 } 87 }
73 88
74 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( 89 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
75 blink::WebCryptoAlgorithmId algorithm_id, 90 blink::WebCryptoAlgorithmId algorithm_id,
76 unsigned int modulus_length, 91 unsigned int modulus_length,
77 const std::vector<uint8>& public_exponent) { 92 const std::vector<uint8>& public_exponent) {
78 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id); 93 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
79 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( 94 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
80 algorithm_id, 95 algorithm_id,
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after
273 const char* property_name) { 288 const char* property_name) {
274 std::string algorithm_name; 289 std::string algorithm_name;
275 if (!dict->GetString(property_name, &algorithm_name)) { 290 if (!dict->GetString(property_name, &algorithm_name)) {
276 EXPECT_TRUE(false) << "Couldn't get string property: " << property_name; 291 EXPECT_TRUE(false) << "Couldn't get string property: " << property_name;
277 return blink::WebCryptoAlgorithm::createNull(); 292 return blink::WebCryptoAlgorithm::createNull();
278 } 293 }
279 294
280 struct { 295 struct {
281 const char* name; 296 const char* name;
282 blink::WebCryptoAlgorithmId id; 297 blink::WebCryptoAlgorithmId id;
283 } kDigestNameToId[] = {{"sha-1", blink::WebCryptoAlgorithmIdSha1}, 298 } kDigestNameToId[] = {
284 {"sha-256", blink::WebCryptoAlgorithmIdSha256}, 299 {"sha-1", blink::WebCryptoAlgorithmIdSha1},
285 {"sha-384", blink::WebCryptoAlgorithmIdSha384}, 300 {"sha-256", blink::WebCryptoAlgorithmIdSha256},
286 {"sha-512", blink::WebCryptoAlgorithmIdSha512}, }; 301 {"sha-384", blink::WebCryptoAlgorithmIdSha384},
302 {"sha-512", blink::WebCryptoAlgorithmIdSha512},
303 };
Ryan Sleevi 2014/04/25 23:08:52 I for one welcome my new clang-formatting overlord
eroman 2014/04/25 23:40:31 This was the result of having run clang-format on
287 304
288 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { 305 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) {
289 if (kDigestNameToId[i].name == algorithm_name) 306 if (kDigestNameToId[i].name == algorithm_name)
290 return CreateAlgorithm(kDigestNameToId[i].id); 307 return CreateAlgorithm(kDigestNameToId[i].id);
291 } 308 }
292 309
293 return blink::WebCryptoAlgorithm::createNull(); 310 return blink::WebCryptoAlgorithm::createNull();
294 } 311 }
295 312
296 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON 313 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON
(...skipping 107 matching lines...) Expand 10 before | Expand all | Expand 10 after
404 protected: 421 protected:
405 virtual void SetUp() OVERRIDE { Init(); } 422 virtual void SetUp() OVERRIDE { Init(); }
406 }; 423 };
407 424
408 blink::WebCryptoKey ImportSecretKeyFromRaw( 425 blink::WebCryptoKey ImportSecretKeyFromRaw(
409 const std::vector<uint8>& key_raw, 426 const std::vector<uint8>& key_raw,
410 const blink::WebCryptoAlgorithm& algorithm, 427 const blink::WebCryptoAlgorithm& algorithm,
411 blink::WebCryptoKeyUsageMask usage) { 428 blink::WebCryptoKeyUsageMask usage) {
412 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 429 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
413 bool extractable = true; 430 bool extractable = true;
414 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 431 EXPECT_EQ(Status::Success(),
415 CryptoData(key_raw), 432 ImportKey(blink::WebCryptoKeyFormatRaw,
416 algorithm, 433 CryptoData(key_raw),
417 extractable, 434 algorithm,
418 usage, 435 extractable,
419 &key)); 436 usage,
437 &key));
420 438
421 EXPECT_FALSE(key.isNull()); 439 EXPECT_FALSE(key.isNull());
422 EXPECT_TRUE(key.handle()); 440 EXPECT_TRUE(key.handle());
423 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 441 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
424 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 442 EXPECT_EQ(algorithm.id(), key.algorithm().id());
425 EXPECT_EQ(extractable, key.extractable()); 443 EXPECT_EQ(extractable, key.extractable());
426 EXPECT_EQ(usage, key.usages()); 444 EXPECT_EQ(usage, key.usages());
427 return key; 445 return key;
428 } 446 }
429 447
430 void ImportRsaKeyPair(const std::vector<uint8>& spki_der, 448 void ImportRsaKeyPair(const std::vector<uint8>& spki_der,
431 const std::vector<uint8>& pkcs8_der, 449 const std::vector<uint8>& pkcs8_der,
432 const blink::WebCryptoAlgorithm& algorithm, 450 const blink::WebCryptoAlgorithm& algorithm,
433 bool extractable, 451 bool extractable,
434 blink::WebCryptoKeyUsageMask usage_mask, 452 blink::WebCryptoKeyUsageMask usage_mask,
435 blink::WebCryptoKey* public_key, 453 blink::WebCryptoKey* public_key,
436 blink::WebCryptoKey* private_key) { 454 blink::WebCryptoKey* private_key) {
437 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatSpki, 455 EXPECT_EQ(Status::Success(),
438 CryptoData(spki_der), 456 ImportKey(blink::WebCryptoKeyFormatSpki,
439 algorithm, 457 CryptoData(spki_der),
440 true, 458 algorithm,
441 usage_mask, 459 true,
442 public_key)); 460 usage_mask,
461 public_key));
443 EXPECT_FALSE(public_key->isNull()); 462 EXPECT_FALSE(public_key->isNull());
444 EXPECT_TRUE(public_key->handle()); 463 EXPECT_TRUE(public_key->handle());
445 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); 464 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
446 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); 465 EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
447 EXPECT_EQ(extractable, extractable); 466 EXPECT_EQ(extractable, extractable);
448 EXPECT_EQ(usage_mask, public_key->usages()); 467 EXPECT_EQ(usage_mask, public_key->usages());
449 468
450 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatPkcs8, 469 EXPECT_EQ(Status::Success(),
451 CryptoData(pkcs8_der), 470 ImportKey(blink::WebCryptoKeyFormatPkcs8,
452 algorithm, 471 CryptoData(pkcs8_der),
453 extractable, 472 algorithm,
454 usage_mask, 473 extractable,
455 private_key)); 474 usage_mask,
475 private_key));
456 EXPECT_FALSE(private_key->isNull()); 476 EXPECT_FALSE(private_key->isNull());
457 EXPECT_TRUE(private_key->handle()); 477 EXPECT_TRUE(private_key->handle());
458 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); 478 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
459 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); 479 EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
460 EXPECT_EQ(extractable, extractable); 480 EXPECT_EQ(extractable, extractable);
461 EXPECT_EQ(usage_mask, private_key->usages()); 481 EXPECT_EQ(usage_mask, private_key->usages());
462 } 482 }
463 483
464 Status AesGcmEncrypt(const blink::WebCryptoKey& key, 484 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
465 const std::vector<uint8>& iv, 485 const std::vector<uint8>& iv,
466 const std::vector<uint8>& additional_data, 486 const std::vector<uint8>& additional_data,
467 unsigned int tag_length_bits, 487 unsigned int tag_length_bits,
468 const std::vector<uint8>& plain_text, 488 const std::vector<uint8>& plain_text,
469 std::vector<uint8>* cipher_text, 489 std::vector<uint8>* cipher_text,
470 std::vector<uint8>* authentication_tag) { 490 std::vector<uint8>* authentication_tag) {
471 EXPECT_TRUE(SupportsAesGcm()); 491 EXPECT_TRUE(SupportsAesGcm());
472 blink::WebCryptoAlgorithm algorithm = 492 blink::WebCryptoAlgorithm algorithm =
473 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); 493 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
474 494
475 blink::WebArrayBuffer output; 495 blink::WebArrayBuffer output;
476 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); 496 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
477 if (status.IsError()) 497 if (status.IsError())
478 return status; 498 return status;
479 499
480 if (output.byteLength() * 8 < tag_length_bits) { 500 if (output.byteLength() * 8 < tag_length_bits) {
481 EXPECT_TRUE(false); 501 EXPECT_TRUE(false);
482 return Status::Error(); 502 return Status::OperationError();
483 } 503 }
484 504
485 // The encryption result is cipher text with authentication tag appended. 505 // The encryption result is cipher text with authentication tag appended.
486 cipher_text->assign(static_cast<uint8*>(output.data()), 506 cipher_text->assign(static_cast<uint8*>(output.data()),
487 static_cast<uint8*>(output.data()) + 507 static_cast<uint8*>(output.data()) +
488 (output.byteLength() - tag_length_bits / 8)); 508 (output.byteLength() - tag_length_bits / 8));
489 authentication_tag->assign( 509 authentication_tag->assign(
490 static_cast<uint8*>(output.data()) + cipher_text->size(), 510 static_cast<uint8*>(output.data()) + cipher_text->size(),
491 static_cast<uint8*>(output.data()) + output.byteLength()); 511 static_cast<uint8*>(output.data()) + output.byteLength());
492 512
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 return scoped_ptr<base::DictionaryValue>(dict_value); 573 return scoped_ptr<base::DictionaryValue>(dict_value);
554 } 574 }
555 575
556 // Verifies the input dictionary contains the expected values. Exact matches are 576 // Verifies the input dictionary contains the expected values. Exact matches are
557 // required on the fields examined. 577 // required on the fields examined.
558 ::testing::AssertionResult VerifyJwk( 578 ::testing::AssertionResult VerifyJwk(
559 const scoped_ptr<base::DictionaryValue>& dict, 579 const scoped_ptr<base::DictionaryValue>& dict,
560 const std::string& kty_expected, 580 const std::string& kty_expected,
561 const std::string& alg_expected, 581 const std::string& alg_expected,
562 blink::WebCryptoKeyUsageMask use_mask_expected) { 582 blink::WebCryptoKeyUsageMask use_mask_expected) {
563
564 // ---- kty 583 // ---- kty
565 std::string value_string; 584 std::string value_string;
566 if (!dict->GetString("kty", &value_string)) 585 if (!dict->GetString("kty", &value_string))
567 return ::testing::AssertionFailure() << "Missing 'kty'"; 586 return ::testing::AssertionFailure() << "Missing 'kty'";
568 if (value_string != kty_expected) 587 if (value_string != kty_expected)
569 return ::testing::AssertionFailure() << "Expected 'kty' to be " 588 return ::testing::AssertionFailure() << "Expected 'kty' to be "
570 << kty_expected << "but found " 589 << kty_expected << "but found "
571 << value_string; 590 << value_string;
572 591
573 // ---- alg 592 // ---- alg
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
675 } // namespace 694 } // namespace
676 695
677 TEST_F(SharedCryptoTest, CheckAesGcm) { 696 TEST_F(SharedCryptoTest, CheckAesGcm) {
678 if (!SupportsAesGcm()) { 697 if (!SupportsAesGcm()) {
679 LOG(WARNING) << "AES GCM not supported on this platform, so some tests " 698 LOG(WARNING) << "AES GCM not supported on this platform, so some tests "
680 "will be skipped. Consider upgrading local NSS libraries"; 699 "will be skipped. Consider upgrading local NSS libraries";
681 return; 700 return;
682 } 701 }
683 } 702 }
684 703
685 TEST_F(SharedCryptoTest, StatusToString) { 704 // Tests a couple error objects against their expected hard coded values, as
Ryan Sleevi 2014/04/25 23:08:52 nit: grammar // Tests several error objects (a c
eroman 2014/04/25 23:40:31 Done.
686 EXPECT_EQ("Success", Status::Success().ToString()); 705 // well as ensuring that comparison of Status objects works as intended
687 EXPECT_EQ("", Status::Error().ToString()); 706 // (comparison should take into account both the error message, as well as the
688 EXPECT_EQ("The requested operation is unsupported", 707 // error type).
Ryan Sleevi 2014/04/25 23:08:52 s/error message/error details/, since that's what
eroman 2014/04/25 23:40:31 Done.
689 Status::ErrorUnsupported().ToString()); 708 TEST_F(SharedCryptoTest, Status) {
709 // Even though the error message is the same, these should not be considered
710 // the same by the tests because the error type is different.
711 EXPECT_NE(Status::DataError(), Status::OperationError());
712 EXPECT_NE(Status::Success(), Status::OperationError());
713
714 EXPECT_EQ(Status::Success(), Status::Success());
715 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("kty", "string"),
716 Status::ErrorJwkPropertyWrongType("kty", "string"));
717
718 Status status = Status::Success();
719
720 EXPECT_EQ(false, status.IsError());
721 EXPECT_EQ("", status.error_details());
722
723 status = Status::OperationError();
724 EXPECT_EQ(true, status.IsError());
725 EXPECT_EQ("", status.error_details());
726 EXPECT_EQ(blink::WebCryptoErrorTypeOperation, status.error_type());
727
728 status = Status::DataError();
729 EXPECT_EQ(true, status.IsError());
730 EXPECT_EQ("", status.error_details());
731 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
732
733 status = Status::ErrorUnsupported();
734 EXPECT_EQ(true, status.IsError());
735 EXPECT_EQ("The requested operation is unsupported", status.error_details());
736 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type());
737
738 status = Status::ErrorJwkPropertyMissing("kty");
739 EXPECT_EQ(true, status.IsError());
690 EXPECT_EQ("The required JWK property \"kty\" was missing", 740 EXPECT_EQ("The required JWK property \"kty\" was missing",
691 Status::ErrorJwkPropertyMissing("kty").ToString()); 741 status.error_details());
742 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
743
744 status = Status::ErrorJwkPropertyWrongType("kty", "string");
745 EXPECT_EQ(true, status.IsError());
692 EXPECT_EQ("The JWK property \"kty\" must be a string", 746 EXPECT_EQ("The JWK property \"kty\" must be a string",
693 Status::ErrorJwkPropertyWrongType("kty", "string").ToString()); 747 status.error_details());
748 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
749
750 status = Status::ErrorJwkBase64Decode("n");
751 EXPECT_EQ(true, status.IsError());
694 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", 752 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded",
695 Status::ErrorJwkBase64Decode("n").ToString()); 753 status.error_details());
754 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
696 } 755 }
697 756
698 TEST_F(SharedCryptoTest, DigestSampleSets) { 757 TEST_F(SharedCryptoTest, DigestSampleSets) {
699 scoped_ptr<base::ListValue> tests; 758 scoped_ptr<base::ListValue> tests;
700 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); 759 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests));
701 760
702 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 761 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
703 SCOPED_TRACE(test_index); 762 SCOPED_TRACE(test_index);
704 base::DictionaryValue* test; 763 base::DictionaryValue* test;
705 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 764 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
706 765
707 blink::WebCryptoAlgorithm test_algorithm = 766 blink::WebCryptoAlgorithm test_algorithm =
708 GetDigestAlgorithm(test, "algorithm"); 767 GetDigestAlgorithm(test, "algorithm");
709 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); 768 std::vector<uint8> test_input = GetBytesFromHexString(test, "input");
710 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); 769 std::vector<uint8> test_output = GetBytesFromHexString(test, "output");
711 770
712 blink::WebArrayBuffer output; 771 blink::WebArrayBuffer output;
713 ASSERT_STATUS_SUCCESS( 772 ASSERT_EQ(Status::Success(),
714 Digest(test_algorithm, CryptoData(test_input), &output)); 773 Digest(test_algorithm, CryptoData(test_input), &output));
715 EXPECT_TRUE(ArrayBufferMatches(test_output, output)); 774 EXPECT_TRUE(ArrayBufferMatches(test_output, output));
716 } 775 }
717 } 776 }
718 777
719 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) { 778 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) {
720 scoped_ptr<base::ListValue> tests; 779 scoped_ptr<base::ListValue> tests;
721 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); 780 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests));
722 781
723 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 782 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
724 SCOPED_TRACE(test_index); 783 SCOPED_TRACE(test_index);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
778 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 837 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
779 test_key, 838 test_key,
780 importAlgorithm, 839 importAlgorithm,
781 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); 840 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
782 841
783 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id()); 842 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
784 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits()); 843 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
785 844
786 // Verify exported raw key is identical to the imported data 845 // Verify exported raw key is identical to the imported data
787 blink::WebArrayBuffer raw_key; 846 blink::WebArrayBuffer raw_key;
788 EXPECT_STATUS_SUCCESS( 847 EXPECT_EQ(Status::Success(),
789 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 848 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
790 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 849 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
791 850
792 blink::WebArrayBuffer output; 851 blink::WebArrayBuffer output;
793 852
794 ASSERT_STATUS_SUCCESS( 853 ASSERT_EQ(Status::Success(),
795 Sign(algorithm, key, CryptoData(test_message), &output)); 854 Sign(algorithm, key, CryptoData(test_message), &output));
796 855
797 EXPECT_TRUE(ArrayBufferMatches(test_mac, output)); 856 EXPECT_TRUE(ArrayBufferMatches(test_mac, output));
798 857
799 bool signature_match = false; 858 bool signature_match = false;
800 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 859 EXPECT_EQ(Status::Success(),
801 key, 860 VerifySignature(algorithm,
802 CryptoData(output), 861 key,
803 CryptoData(test_message), 862 CryptoData(output),
804 &signature_match)); 863 CryptoData(test_message),
864 &signature_match));
805 EXPECT_TRUE(signature_match); 865 EXPECT_TRUE(signature_match);
806 866
807 // Ensure truncated signature does not verify by passing one less byte. 867 // Ensure truncated signature does not verify by passing one less byte.
808 EXPECT_STATUS_SUCCESS(VerifySignature( 868 EXPECT_EQ(Status::Success(),
809 algorithm, 869 VerifySignature(
810 key, 870 algorithm,
811 CryptoData(static_cast<const unsigned char*>(output.data()), 871 key,
812 output.byteLength() - 1), 872 CryptoData(static_cast<const unsigned char*>(output.data()),
813 CryptoData(test_message), 873 output.byteLength() - 1),
814 &signature_match)); 874 CryptoData(test_message),
875 &signature_match));
815 EXPECT_FALSE(signature_match); 876 EXPECT_FALSE(signature_match);
816 877
817 // Ensure truncated signature does not verify by passing no bytes. 878 // Ensure truncated signature does not verify by passing no bytes.
818 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 879 EXPECT_EQ(Status::Success(),
819 key, 880 VerifySignature(algorithm,
820 CryptoData(), 881 key,
821 CryptoData(test_message), 882 CryptoData(),
822 &signature_match)); 883 CryptoData(test_message),
884 &signature_match));
823 EXPECT_FALSE(signature_match); 885 EXPECT_FALSE(signature_match);
824 886
825 // Ensure extra long signature does not cause issues and fails. 887 // Ensure extra long signature does not cause issues and fails.
826 const unsigned char kLongSignature[1024] = {0}; 888 const unsigned char kLongSignature[1024] = {0};
827 EXPECT_STATUS_SUCCESS( 889 EXPECT_EQ(
890 Status::Success(),
828 VerifySignature(algorithm, 891 VerifySignature(algorithm,
829 key, 892 key,
830 CryptoData(kLongSignature, sizeof(kLongSignature)), 893 CryptoData(kLongSignature, sizeof(kLongSignature)),
831 CryptoData(test_message), 894 CryptoData(test_message),
832 &signature_match)); 895 &signature_match));
833 EXPECT_FALSE(signature_match); 896 EXPECT_FALSE(signature_match);
834 } 897 }
835 } 898 }
836 899
837 TEST_F(SharedCryptoTest, AesCbcFailures) { 900 TEST_F(SharedCryptoTest, AesCbcFailures) {
838 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; 901 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
839 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 902 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
840 HexStringToBytes(key_hex), 903 HexStringToBytes(key_hex),
841 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 904 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
842 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 905 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
843 906
844 // Verify exported raw key is identical to the imported data 907 // Verify exported raw key is identical to the imported data
845 blink::WebArrayBuffer raw_key; 908 blink::WebArrayBuffer raw_key;
846 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 909 EXPECT_EQ(Status::Success(),
910 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
847 ExpectArrayBufferMatchesHex(key_hex, raw_key); 911 ExpectArrayBufferMatchesHex(key_hex, raw_key);
848 912
849 blink::WebArrayBuffer output; 913 blink::WebArrayBuffer output;
850 914
851 // Use an invalid |iv| (fewer than 16 bytes) 915 // Use an invalid |iv| (fewer than 16 bytes)
852 { 916 {
853 std::vector<uint8> input(32); 917 std::vector<uint8> input(32);
854 std::vector<uint8> iv; 918 std::vector<uint8> iv;
855 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 919 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
856 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), 920 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv),
857 key, 921 key,
858 CryptoData(input), 922 CryptoData(input),
859 &output)); 923 &output));
860 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 924 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
861 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv), 925 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv),
862 key, 926 key,
863 CryptoData(input), 927 CryptoData(input),
864 &output)); 928 &output));
865 } 929 }
866 930
867 // Use an invalid |iv| (more than 16 bytes) 931 // Use an invalid |iv| (more than 16 bytes)
868 { 932 {
869 std::vector<uint8> input(32); 933 std::vector<uint8> input(32);
870 std::vector<uint8> iv(17); 934 std::vector<uint8> iv(17);
871 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 935 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
872 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), 936 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv),
873 key, 937 key,
874 CryptoData(input), 938 CryptoData(input),
875 &output)); 939 &output));
876 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 940 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
877 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv), 941 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv),
878 key, 942 key,
879 CryptoData(input), 943 CryptoData(input),
880 &output)); 944 &output));
881 } 945 }
882 946
883 // Give an input that is too large (would cause integer overflow when 947 // Give an input that is too large (would cause integer overflow when
884 // narrowing to an int). 948 // narrowing to an int).
885 { 949 {
886 std::vector<uint8> iv(16); 950 std::vector<uint8> iv(16);
887 951
888 // Pretend the input is large. Don't pass data pointer as NULL in case that 952 // Pretend the input is large. Don't pass data pointer as NULL in case that
889 // is special cased; the implementation shouldn't actually dereference the 953 // is special cased; the implementation shouldn't actually dereference the
890 // data. 954 // data.
891 CryptoData input(&iv[0], INT_MAX - 3); 955 CryptoData input(&iv[0], INT_MAX - 3);
892 956
893 EXPECT_STATUS(Status::ErrorDataTooLarge(), 957 EXPECT_EQ(Status::ErrorDataTooLarge(),
894 Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); 958 Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
895 EXPECT_STATUS(Status::ErrorDataTooLarge(), 959 EXPECT_EQ(Status::ErrorDataTooLarge(),
896 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); 960 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
897 } 961 }
898 962
899 // Fail importing the key (too few bytes specified) 963 // Fail importing the key (too few bytes specified)
900 { 964 {
901 std::vector<uint8> key_raw(1); 965 std::vector<uint8> key_raw(1);
902 std::vector<uint8> iv(16); 966 std::vector<uint8> iv(16);
903 967
904 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 968 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
905 EXPECT_STATUS(Status::Error(), 969 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
906 ImportKey(blink::WebCryptoKeyFormatRaw, 970 ImportKey(blink::WebCryptoKeyFormatRaw,
907 CryptoData(key_raw), 971 CryptoData(key_raw),
908 CreateAesCbcAlgorithm(iv), 972 CreateAesCbcAlgorithm(iv),
909 true, 973 true,
910 blink::WebCryptoKeyUsageEncrypt, 974 blink::WebCryptoKeyUsageEncrypt,
911 &key)); 975 &key));
912 } 976 }
913 977
914 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret 978 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
915 // keys). 979 // keys).
916 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 980 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
917 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 981 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
918 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 982 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
919 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); 983 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
920 } 984 }
921 985
922 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { 986 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
923 scoped_ptr<base::ListValue> tests; 987 scoped_ptr<base::ListValue> tests;
924 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); 988 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
925 989
926 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 990 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
927 SCOPED_TRACE(test_index); 991 SCOPED_TRACE(test_index);
928 base::DictionaryValue* test; 992 base::DictionaryValue* test;
929 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 993 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
930 994
931 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); 995 std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
932 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); 996 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv");
933 std::vector<uint8> test_plain_text = 997 std::vector<uint8> test_plain_text =
934 GetBytesFromHexString(test, "plain_text"); 998 GetBytesFromHexString(test, "plain_text");
935 std::vector<uint8> test_cipher_text = 999 std::vector<uint8> test_cipher_text =
936 GetBytesFromHexString(test, "cipher_text"); 1000 GetBytesFromHexString(test, "cipher_text");
937 1001
938 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 1002 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
939 test_key, 1003 test_key,
940 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1004 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
941 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 1005 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
942 1006
943 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits()); 1007 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits());
944 1008
945 // Verify exported raw key is identical to the imported data 1009 // Verify exported raw key is identical to the imported data
946 blink::WebArrayBuffer raw_key; 1010 blink::WebArrayBuffer raw_key;
947 EXPECT_STATUS_SUCCESS( 1011 EXPECT_EQ(Status::Success(),
948 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1012 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
949 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 1013 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
950 1014
951 blink::WebArrayBuffer output; 1015 blink::WebArrayBuffer output;
952 1016
953 // Test encryption. 1017 // Test encryption.
954 EXPECT_STATUS(Status::Success(), 1018 EXPECT_EQ(Status::Success(),
955 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), 1019 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv),
956 key, 1020 key,
957 CryptoData(test_plain_text), 1021 CryptoData(test_plain_text),
958 &output)); 1022 &output));
959 EXPECT_TRUE(ArrayBufferMatches(test_cipher_text, output)); 1023 EXPECT_TRUE(ArrayBufferMatches(test_cipher_text, output));
960 1024
961 // Test decryption. 1025 // Test decryption.
962 EXPECT_STATUS(Status::Success(), 1026 EXPECT_EQ(Status::Success(),
963 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), 1027 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv),
964 key, 1028 key,
965 CryptoData(test_cipher_text), 1029 CryptoData(test_cipher_text),
966 &output)); 1030 &output));
967 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output)); 1031 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output));
968 1032
969 const unsigned int kAesCbcBlockSize = 16; 1033 const unsigned int kAesCbcBlockSize = 16;
970 1034
971 // Decrypt with a padding error by stripping the last block. This also ends 1035 // Decrypt with a padding error by stripping the last block. This also ends
972 // up testing decryption over empty cipher text. 1036 // up testing decryption over empty cipher text.
973 if (test_cipher_text.size() >= kAesCbcBlockSize) { 1037 if (test_cipher_text.size() >= kAesCbcBlockSize) {
974 EXPECT_STATUS( 1038 EXPECT_EQ(Status::OperationError(),
975 Status::Error(), 1039 Decrypt(CreateAesCbcAlgorithm(test_iv),
976 Decrypt(CreateAesCbcAlgorithm(test_iv), 1040 key,
977 key, 1041 CryptoData(&test_cipher_text[0],
978 CryptoData(&test_cipher_text[0], 1042 test_cipher_text.size() - kAesCbcBlockSize),
979 test_cipher_text.size() - kAesCbcBlockSize), 1043 &output));
980 &output));
981 } 1044 }
982 1045
983 // Decrypt cipher text which is not a multiple of block size by stripping 1046 // Decrypt cipher text which is not a multiple of block size by stripping
984 // a few bytes off the cipher text. 1047 // a few bytes off the cipher text.
985 if (test_cipher_text.size() > 3) { 1048 if (test_cipher_text.size() > 3) {
986 EXPECT_STATUS( 1049 EXPECT_EQ(
987 Status::Error(), 1050 Status::OperationError(),
988 Decrypt(CreateAesCbcAlgorithm(test_iv), 1051 Decrypt(CreateAesCbcAlgorithm(test_iv),
989 key, 1052 key,
990 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3), 1053 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3),
991 &output)); 1054 &output));
992 } 1055 }
993 } 1056 }
994 } 1057 }
995 1058
996 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { 1059 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
997 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each 1060 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
998 // allowed key length. 1061 // allowed key length.
999 std::vector<blink::WebCryptoAlgorithm> algorithm; 1062 std::vector<blink::WebCryptoAlgorithm> algorithm;
1000 const unsigned short kKeyLength[] = {128, 192, 256}; 1063 const unsigned short kKeyLength[] = {128, 192, 256};
1001 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { 1064 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
1002 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); 1065 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
1003 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); 1066 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
1004 if (SupportsAesGcm()) 1067 if (SupportsAesGcm())
1005 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); 1068 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
1006 } 1069 }
1007 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1070 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1008 std::vector<blink::WebArrayBuffer> keys; 1071 std::vector<blink::WebArrayBuffer> keys;
1009 blink::WebArrayBuffer key_bytes; 1072 blink::WebArrayBuffer key_bytes;
1010 for (size_t i = 0; i < algorithm.size(); ++i) { 1073 for (size_t i = 0; i < algorithm.size(); ++i) {
1011 SCOPED_TRACE(i); 1074 SCOPED_TRACE(i);
1012 // Generate a small sample of keys. 1075 // Generate a small sample of keys.
1013 keys.clear(); 1076 keys.clear();
1014 for (int j = 0; j < 16; ++j) { 1077 for (int j = 0; j < 16; ++j) {
1015 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key)); 1078 ASSERT_EQ(Status::Success(),
1079 GenerateSecretKey(algorithm[i], true, 0, &key));
1016 EXPECT_TRUE(key.handle()); 1080 EXPECT_TRUE(key.handle());
1017 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1081 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1018 ASSERT_STATUS_SUCCESS( 1082 ASSERT_EQ(Status::Success(),
1019 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); 1083 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
1020 EXPECT_EQ(key_bytes.byteLength() * 8, 1084 EXPECT_EQ(key_bytes.byteLength() * 8,
1021 key.algorithm().aesParams()->lengthBits()); 1085 key.algorithm().aesParams()->lengthBits());
1022 keys.push_back(key_bytes); 1086 keys.push_back(key_bytes);
1023 } 1087 }
1024 // Ensure all entries in the key sample set are unique. This is a simplistic 1088 // Ensure all entries in the key sample set are unique. This is a simplistic
1025 // estimate of whether the generated keys appear random. 1089 // estimate of whether the generated keys appear random.
1026 EXPECT_FALSE(CopiesExist(keys)); 1090 EXPECT_FALSE(CopiesExist(keys));
1027 } 1091 }
1028 } 1092 }
1029 1093
1030 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { 1094 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
1031 const unsigned short kKeyLen[] = {0, 127, 257}; 1095 const unsigned short kKeyLen[] = {0, 127, 257};
1032 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1096 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1033 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { 1097 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
1034 SCOPED_TRACE(i); 1098 SCOPED_TRACE(i);
1035 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), 1099 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1036 GenerateSecretKey( 1100 GenerateSecretKey(
1037 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); 1101 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1038 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), 1102 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1039 GenerateSecretKey( 1103 GenerateSecretKey(
1040 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); 1104 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1041 if (SupportsAesGcm()) { 1105 if (SupportsAesGcm()) {
1042 EXPECT_STATUS( 1106 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1043 Status::ErrorGenerateKeyLength(), 1107 GenerateSecretKey(
1044 GenerateSecretKey( 1108 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1045 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1046 } 1109 }
1047 } 1110 }
1048 } 1111 }
1049 1112
1050 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { 1113 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) {
1051 // Generate a small sample of HMAC keys. 1114 // Generate a small sample of HMAC keys.
1052 std::vector<blink::WebArrayBuffer> keys; 1115 std::vector<blink::WebArrayBuffer> keys;
1053 for (int i = 0; i < 16; ++i) { 1116 for (int i = 0; i < 16; ++i) {
1054 blink::WebArrayBuffer key_bytes; 1117 blink::WebArrayBuffer key_bytes;
1055 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1118 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1056 blink::WebCryptoAlgorithm algorithm = 1119 blink::WebCryptoAlgorithm algorithm =
1057 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512); 1120 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
1058 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1121 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1059 EXPECT_FALSE(key.isNull()); 1122 EXPECT_FALSE(key.isNull());
1060 EXPECT_TRUE(key.handle()); 1123 EXPECT_TRUE(key.handle());
1061 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1124 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1062 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1125 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1063 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1126 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1064 key.algorithm().hmacParams()->hash().id()); 1127 key.algorithm().hmacParams()->hash().id());
1065 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); 1128 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
1066 1129
1067 blink::WebArrayBuffer raw_key; 1130 blink::WebArrayBuffer raw_key;
1068 ASSERT_STATUS_SUCCESS( 1131 ASSERT_EQ(Status::Success(),
1069 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1132 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1070 EXPECT_EQ(64U, raw_key.byteLength()); 1133 EXPECT_EQ(64U, raw_key.byteLength());
1071 keys.push_back(raw_key); 1134 keys.push_back(raw_key);
1072 } 1135 }
1073 // Ensure all entries in the key sample set are unique. This is a simplistic 1136 // Ensure all entries in the key sample set are unique. This is a simplistic
1074 // estimate of whether the generated keys appear random. 1137 // estimate of whether the generated keys appear random.
1075 EXPECT_FALSE(CopiesExist(keys)); 1138 EXPECT_FALSE(CopiesExist(keys));
1076 } 1139 }
1077 1140
1078 // If the key length is not provided, then the block size is used. 1141 // If the key length is not provided, then the block size is used.
1079 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { 1142 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) {
1080 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1143 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1081 blink::WebCryptoAlgorithm algorithm = 1144 blink::WebCryptoAlgorithm algorithm =
1082 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); 1145 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
1083 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1146 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1084 EXPECT_TRUE(key.handle()); 1147 EXPECT_TRUE(key.handle());
1085 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1148 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1086 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1149 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1087 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1150 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1088 key.algorithm().hmacParams()->hash().id()); 1151 key.algorithm().hmacParams()->hash().id());
1089 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); 1152 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
1090 blink::WebArrayBuffer raw_key; 1153 blink::WebArrayBuffer raw_key;
1091 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1154 ASSERT_EQ(Status::Success(),
1155 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1092 EXPECT_EQ(64U, raw_key.byteLength()); 1156 EXPECT_EQ(64U, raw_key.byteLength());
1093 1157
1094 // The block size for HMAC SHA-512 is larger. 1158 // The block size for HMAC SHA-512 is larger.
1095 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); 1159 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
1096 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1160 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1097 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1161 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1098 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, 1162 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
1099 key.algorithm().hmacParams()->hash().id()); 1163 key.algorithm().hmacParams()->hash().id());
1100 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits()); 1164 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
1101 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1165 ASSERT_EQ(Status::Success(),
1166 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1102 EXPECT_EQ(128U, raw_key.byteLength()); 1167 EXPECT_EQ(128U, raw_key.byteLength());
1103 } 1168 }
1104 1169
1105 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) { 1170 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) {
1106 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1171 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1107 base::DictionaryValue dict; 1172 base::DictionaryValue dict;
1108 dict.SetString("kty", "oct"); 1173 dict.SetString("kty", "oct");
1109 dict.SetBoolean("ext", false); 1174 dict.SetBoolean("ext", false);
1110 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); 1175 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
1111 const blink::WebCryptoAlgorithm aes_cbc_algorithm = 1176 const blink::WebCryptoAlgorithm aes_cbc_algorithm =
1112 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1177 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1113 const blink::WebCryptoAlgorithm hmac_algorithm = 1178 const blink::WebCryptoAlgorithm hmac_algorithm =
1114 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 1179 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
1115 const blink::WebCryptoAlgorithm aes_kw_algorithm = 1180 const blink::WebCryptoAlgorithm aes_kw_algorithm =
1116 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 1181 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
1117 1182
1118 // Test null usage. 1183 // Test null usage.
1119 base::ListValue* key_ops = new base::ListValue; 1184 base::ListValue* key_ops = new base::ListValue;
1120 // Note: the following call makes dict assume ownership of key_ops. 1185 // Note: the following call makes dict assume ownership of key_ops.
1121 dict.Set("key_ops", key_ops); 1186 dict.Set("key_ops", key_ops);
1122 EXPECT_STATUS_SUCCESS( 1187 EXPECT_EQ(Status::Success(),
1123 ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key)); 1188 ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key));
1124 EXPECT_EQ(0, key.usages()); 1189 EXPECT_EQ(0, key.usages());
1125 1190
1126 // Test each key_ops value translates to the correct Web Crypto value. 1191 // Test each key_ops value translates to the correct Web Crypto value.
1127 struct TestCase { 1192 struct TestCase {
1128 const char* jwk_key_op; 1193 const char* jwk_key_op;
1129 const char* jwk_alg; 1194 const char* jwk_alg;
1130 const blink::WebCryptoAlgorithm algorithm; 1195 const blink::WebCryptoAlgorithm algorithm;
1131 const blink::WebCryptoKeyUsage usage; 1196 const blink::WebCryptoKeyUsage usage;
1132 }; 1197 };
1133 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. 1198 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported.
1134 const TestCase test_case[] = { 1199 const TestCase test_case[] = {
1135 {"encrypt", "A128CBC", aes_cbc_algorithm, 1200 {"encrypt", "A128CBC", aes_cbc_algorithm,
1136 blink::WebCryptoKeyUsageEncrypt}, 1201 blink::WebCryptoKeyUsageEncrypt},
1137 {"decrypt", "A128CBC", aes_cbc_algorithm, 1202 {"decrypt", "A128CBC", aes_cbc_algorithm,
1138 blink::WebCryptoKeyUsageDecrypt}, 1203 blink::WebCryptoKeyUsageDecrypt},
1139 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, 1204 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign},
1140 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, 1205 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify},
1141 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, 1206 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey},
1142 {"unwrapKey", "A128KW", aes_kw_algorithm, 1207 {"unwrapKey", "A128KW", aes_kw_algorithm,
1143 blink::WebCryptoKeyUsageUnwrapKey}, 1208 blink::WebCryptoKeyUsageUnwrapKey},
1144 {"deriveKey", "HS256", hmac_algorithm, 1209 {"deriveKey", "HS256", hmac_algorithm,
1145 blink::WebCryptoKeyUsageDeriveKey}}; 1210 blink::WebCryptoKeyUsageDeriveKey}};
1146 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case); 1211 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case);
1147 ++test_index) { 1212 ++test_index) {
1148 SCOPED_TRACE(test_index); 1213 SCOPED_TRACE(test_index);
1149 dict.SetString("alg", test_case[test_index].jwk_alg); 1214 dict.SetString("alg", test_case[test_index].jwk_alg);
1150 key_ops->Clear(); 1215 key_ops->Clear();
1151 key_ops->AppendString(test_case[test_index].jwk_key_op); 1216 key_ops->AppendString(test_case[test_index].jwk_key_op);
1152 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(dict, 1217 EXPECT_EQ(Status::Success(),
1153 test_case[test_index].algorithm, 1218 ImportKeyJwkFromDict(dict,
1154 false, 1219 test_case[test_index].algorithm,
1155 test_case[test_index].usage, 1220 false,
1156 &key)); 1221 test_case[test_index].usage,
1222 &key));
1157 EXPECT_EQ(test_case[test_index].usage, key.usages()); 1223 EXPECT_EQ(test_case[test_index].usage, key.usages());
1158 } 1224 }
1159 1225
1160 // Test discrete multiple usages. 1226 // Test discrete multiple usages.
1161 dict.SetString("alg", "A128CBC"); 1227 dict.SetString("alg", "A128CBC");
1162 key_ops->Clear(); 1228 key_ops->Clear();
1163 key_ops->AppendString("encrypt"); 1229 key_ops->AppendString("encrypt");
1164 key_ops->AppendString("decrypt"); 1230 key_ops->AppendString("decrypt");
1165 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1231 EXPECT_EQ(Status::Success(),
1166 dict, 1232 ImportKeyJwkFromDict(dict,
1167 aes_cbc_algorithm, 1233 aes_cbc_algorithm,
1168 false, 1234 false,
1169 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, 1235 blink::WebCryptoKeyUsageDecrypt |
1170 &key)); 1236 blink::WebCryptoKeyUsageEncrypt,
1237 &key));
1171 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, 1238 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
1172 key.usages()); 1239 key.usages());
1173 1240
1174 // Test constrained key usage (input usage is a subset of JWK usage). 1241 // Test constrained key usage (input usage is a subset of JWK usage).
1175 key_ops->Clear(); 1242 key_ops->Clear();
1176 key_ops->AppendString("encrypt"); 1243 key_ops->AppendString("encrypt");
1177 key_ops->AppendString("decrypt"); 1244 key_ops->AppendString("decrypt");
1178 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1245 EXPECT_EQ(Status::Success(),
1179 dict, aes_cbc_algorithm, false, blink::WebCryptoKeyUsageDecrypt, &key)); 1246 ImportKeyJwkFromDict(dict,
1247 aes_cbc_algorithm,
1248 false,
1249 blink::WebCryptoKeyUsageDecrypt,
1250 &key));
1180 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages()); 1251 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
1181 1252
1182 // Test failure if input usage is NOT a strict subset of the JWK usage. 1253 // Test failure if input usage is NOT a strict subset of the JWK usage.
1183 key_ops->Clear(); 1254 key_ops->Clear();
1184 key_ops->AppendString("encrypt"); 1255 key_ops->AppendString("encrypt");
1185 EXPECT_STATUS(Status::ErrorJwkKeyopsInconsistent(), 1256 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
1186 ImportKeyJwkFromDict(dict, 1257 ImportKeyJwkFromDict(dict,
1187 aes_cbc_algorithm, 1258 aes_cbc_algorithm,
1188 false, 1259 false,
1189 blink::WebCryptoKeyUsageEncrypt | 1260 blink::WebCryptoKeyUsageEncrypt |
1190 blink::WebCryptoKeyUsageDecrypt, 1261 blink::WebCryptoKeyUsageDecrypt,
1191 &key)); 1262 &key));
1192 1263
1193 // Test 'use' inconsistent with 'key_ops'. 1264 // Test 'use' inconsistent with 'key_ops'.
1194 dict.SetString("alg", "HS256"); 1265 dict.SetString("alg", "HS256");
1195 dict.SetString("use", "sig"); 1266 dict.SetString("use", "sig");
1196 key_ops->AppendString("sign"); 1267 key_ops->AppendString("sign");
1197 key_ops->AppendString("verify"); 1268 key_ops->AppendString("verify");
1198 key_ops->AppendString("encrypt"); 1269 key_ops->AppendString("encrypt");
1199 EXPECT_STATUS(Status::ErrorJwkUseAndKeyopsInconsistent(), 1270 EXPECT_EQ(Status::ErrorJwkUseAndKeyopsInconsistent(),
1200 ImportKeyJwkFromDict(dict, 1271 ImportKeyJwkFromDict(
1201 hmac_algorithm, 1272 dict,
1202 false, 1273 hmac_algorithm,
1203 blink::WebCryptoKeyUsageSign | 1274 false,
1204 blink::WebCryptoKeyUsageVerify, 1275 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1205 &key)); 1276 &key));
1206 1277
1207 // Test JWK composite 'sig' use 1278 // Test JWK composite 'sig' use
1208 dict.Remove("key_ops", NULL); 1279 dict.Remove("key_ops", NULL);
1209 dict.SetString("use", "sig"); 1280 dict.SetString("use", "sig");
1210 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1281 EXPECT_EQ(Status::Success(),
1211 dict, 1282 ImportKeyJwkFromDict(
1212 hmac_algorithm, 1283 dict,
1213 false, 1284 hmac_algorithm,
1214 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, 1285 false,
1215 &key)); 1286 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1287 &key));
1216 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, 1288 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1217 key.usages()); 1289 key.usages());
1218 1290
1219 // Test JWK composite use 'enc' usage 1291 // Test JWK composite use 'enc' usage
1220 dict.SetString("alg", "A128CBC"); 1292 dict.SetString("alg", "A128CBC");
1221 dict.SetString("use", "enc"); 1293 dict.SetString("use", "enc");
1222 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1294 EXPECT_EQ(Status::Success(),
1223 dict, 1295 ImportKeyJwkFromDict(dict,
1224 aes_cbc_algorithm, 1296 aes_cbc_algorithm,
1225 false, 1297 false,
1226 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | 1298 blink::WebCryptoKeyUsageDecrypt |
1227 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey | 1299 blink::WebCryptoKeyUsageEncrypt |
1228 blink::WebCryptoKeyUsageDeriveKey, 1300 blink::WebCryptoKeyUsageWrapKey |
1229 &key)); 1301 blink::WebCryptoKeyUsageUnwrapKey |
1302 blink::WebCryptoKeyUsageDeriveKey,
1303 &key));
1230 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | 1304 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
1231 blink::WebCryptoKeyUsageWrapKey | 1305 blink::WebCryptoKeyUsageWrapKey |
1232 blink::WebCryptoKeyUsageUnwrapKey | 1306 blink::WebCryptoKeyUsageUnwrapKey |
1233 blink::WebCryptoKeyUsageDeriveKey, 1307 blink::WebCryptoKeyUsageDeriveKey,
1234 key.usages()); 1308 key.usages());
1235 } 1309 }
1236 1310
1237 TEST_F(SharedCryptoTest, ImportJwkFailures) { 1311 TEST_F(SharedCryptoTest, ImportJwkFailures) {
1238 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1312 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1239 blink::WebCryptoAlgorithm algorithm = 1313 blink::WebCryptoAlgorithm algorithm =
1240 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1314 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1241 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1315 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1242 1316
1243 // Baseline pass: each test below breaks a single item, so we start with a 1317 // Baseline pass: each test below breaks a single item, so we start with a
1244 // passing case to make sure each failure is caused by the isolated break. 1318 // passing case to make sure each failure is caused by the isolated break.
1245 // Each breaking subtest below resets the dictionary to this passing case when 1319 // Each breaking subtest below resets the dictionary to this passing case when
1246 // complete. 1320 // complete.
1247 base::DictionaryValue dict; 1321 base::DictionaryValue dict;
1248 RestoreJwkOctDictionary(&dict); 1322 RestoreJwkOctDictionary(&dict);
1249 EXPECT_STATUS_SUCCESS( 1323 EXPECT_EQ(Status::Success(),
1250 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1324 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1251 1325
1252 // Fail on empty JSON. 1326 // Fail on empty JSON.
1253 EXPECT_STATUS( 1327 EXPECT_EQ(
1254 Status::ErrorImportEmptyKeyData(), 1328 Status::ErrorImportEmptyKeyData(),
1255 ImportKeyJwk( 1329 ImportKeyJwk(
1256 CryptoData(MakeJsonVector("")), algorithm, false, usage_mask, &key)); 1330 CryptoData(MakeJsonVector("")), algorithm, false, usage_mask, &key));
1257 1331
1258 // Fail on invalid JSON. 1332 // Fail on invalid JSON.
1259 const std::vector<uint8> bad_json_vec = MakeJsonVector( 1333 const std::vector<uint8> bad_json_vec = MakeJsonVector(
1260 "{" 1334 "{"
1261 "\"kty\" : \"oct\"," 1335 "\"kty\" : \"oct\","
1262 "\"alg\" : \"HS256\"," 1336 "\"alg\" : \"HS256\","
1263 "\"use\" : "); 1337 "\"use\" : ");
1264 EXPECT_STATUS( 1338 EXPECT_EQ(Status::ErrorJwkNotDictionary(),
1265 Status::ErrorJwkNotDictionary(), 1339 ImportKeyJwk(
1266 ImportKeyJwk( 1340 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
1267 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
1268 1341
1269 // Fail on JWK alg present but unrecognized. 1342 // Fail on JWK alg present but unrecognized.
1270 dict.SetString("alg", "A127CBC"); 1343 dict.SetString("alg", "A127CBC");
1271 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), 1344 EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(),
1272 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1345 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1273 RestoreJwkOctDictionary(&dict); 1346 RestoreJwkOctDictionary(&dict);
1274 1347
1275 // Fail on invalid kty. 1348 // Fail on invalid kty.
1276 dict.SetString("kty", "foo"); 1349 dict.SetString("kty", "foo");
1277 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), 1350 EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
1278 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1351 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1279 RestoreJwkOctDictionary(&dict); 1352 RestoreJwkOctDictionary(&dict);
1280 1353
1281 // Fail on missing kty. 1354 // Fail on missing kty.
1282 dict.Remove("kty", NULL); 1355 dict.Remove("kty", NULL);
1283 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), 1356 EXPECT_EQ(Status::ErrorJwkPropertyMissing("kty"),
1284 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1357 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1285 RestoreJwkOctDictionary(&dict); 1358 RestoreJwkOctDictionary(&dict);
1286 1359
1287 // Fail on kty wrong type. 1360 // Fail on kty wrong type.
1288 dict.SetDouble("kty", 0.1); 1361 dict.SetDouble("kty", 0.1);
1289 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"), 1362 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("kty", "string"),
1290 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1363 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1291 RestoreJwkOctDictionary(&dict); 1364 RestoreJwkOctDictionary(&dict);
1292 1365
1293 // Fail on invalid use. 1366 // Fail on invalid use.
1294 dict.SetString("use", "foo"); 1367 dict.SetString("use", "foo");
1295 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUse(), 1368 EXPECT_EQ(Status::ErrorJwkUnrecognizedUse(),
1296 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1369 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1297 RestoreJwkOctDictionary(&dict); 1370 RestoreJwkOctDictionary(&dict);
1298 1371
1299 // Fail on invalid use (wrong type). 1372 // Fail on invalid use (wrong type).
1300 dict.SetBoolean("use", true); 1373 dict.SetBoolean("use", true);
1301 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"), 1374 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("use", "string"),
1302 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1375 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1303 RestoreJwkOctDictionary(&dict); 1376 RestoreJwkOctDictionary(&dict);
1304 1377
1305 // Fail on invalid extractable (wrong type). 1378 // Fail on invalid extractable (wrong type).
1306 dict.SetInteger("ext", 0); 1379 dict.SetInteger("ext", 0);
1307 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("ext", "boolean"), 1380 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("ext", "boolean"),
1308 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1381 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1309 RestoreJwkOctDictionary(&dict); 1382 RestoreJwkOctDictionary(&dict);
1310 1383
1311 // Fail on invalid key_ops (wrong type). 1384 // Fail on invalid key_ops (wrong type).
1312 dict.SetBoolean("key_ops", true); 1385 dict.SetBoolean("key_ops", true);
1313 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("key_ops", "list"), 1386 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("key_ops", "list"),
1314 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1387 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1315 RestoreJwkOctDictionary(&dict); 1388 RestoreJwkOctDictionary(&dict);
1316 1389
1317 // Fail on invalid key_ops (wrong element value). 1390 // Fail on invalid key_ops (wrong element value).
1318 base::ListValue* key_ops = new base::ListValue; 1391 base::ListValue* key_ops = new base::ListValue;
1319 // Note: the following call makes dict assume ownership of key_ops. 1392 // Note: the following call makes dict assume ownership of key_ops.
1320 dict.Set("key_ops", key_ops); 1393 dict.Set("key_ops", key_ops);
1321 key_ops->AppendString("foo"); 1394 key_ops->AppendString("foo");
1322 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKeyop(), 1395 EXPECT_EQ(Status::ErrorJwkUnrecognizedKeyop(),
1323 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1396 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1324 RestoreJwkOctDictionary(&dict); 1397 RestoreJwkOctDictionary(&dict);
1325 } 1398 }
1326 1399
1327 TEST_F(SharedCryptoTest, ImportJwkOctFailures) { 1400 TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
1328 base::DictionaryValue dict; 1401 base::DictionaryValue dict;
1329 RestoreJwkOctDictionary(&dict); 1402 RestoreJwkOctDictionary(&dict);
1330 blink::WebCryptoAlgorithm algorithm = 1403 blink::WebCryptoAlgorithm algorithm =
1331 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1404 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1332 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1405 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1333 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1406 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1334 1407
1335 // Baseline pass. 1408 // Baseline pass.
1336 EXPECT_STATUS_SUCCESS( 1409 EXPECT_EQ(Status::Success(),
1337 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1410 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1338 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 1411 EXPECT_EQ(algorithm.id(), key.algorithm().id());
1339 EXPECT_FALSE(key.extractable()); 1412 EXPECT_FALSE(key.extractable());
1340 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1413 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1341 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1414 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1342 1415
1343 // The following are specific failure cases for when kty = "oct". 1416 // The following are specific failure cases for when kty = "oct".
1344 1417
1345 // Fail on missing k. 1418 // Fail on missing k.
1346 dict.Remove("k", NULL); 1419 dict.Remove("k", NULL);
1347 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("k"), 1420 EXPECT_EQ(Status::ErrorJwkPropertyMissing("k"),
1348 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1421 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1349 RestoreJwkOctDictionary(&dict); 1422 RestoreJwkOctDictionary(&dict);
1350 1423
1351 // Fail on bad b64 encoding for k. 1424 // Fail on bad b64 encoding for k.
1352 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); 1425 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI=");
1353 EXPECT_STATUS(Status::ErrorJwkBase64Decode("k"), 1426 EXPECT_EQ(Status::ErrorJwkBase64Decode("k"),
1354 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1427 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1355 RestoreJwkOctDictionary(&dict); 1428 RestoreJwkOctDictionary(&dict);
1356 1429
1357 // Fail on empty k. 1430 // Fail on empty k.
1358 dict.SetString("k", ""); 1431 dict.SetString("k", "");
1359 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1432 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1360 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1433 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1361 RestoreJwkOctDictionary(&dict); 1434 RestoreJwkOctDictionary(&dict);
1362 1435
1363 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg 1436 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
1364 // value (128) for an AES key. 1437 // value (128) for an AES key.
1365 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); 1438 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
1366 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1439 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1367 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1440 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1368 RestoreJwkOctDictionary(&dict); 1441 RestoreJwkOctDictionary(&dict);
1369 1442
1370 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg 1443 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
1371 // value (128) for an AES key. 1444 // value (128) for an AES key.
1372 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); 1445 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
1373 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1446 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1374 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1447 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1375 RestoreJwkOctDictionary(&dict); 1448 RestoreJwkOctDictionary(&dict);
1376 } 1449 }
1377 1450
1378 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { 1451 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) {
1379 // This test uses kPublicKeySpkiDerHex as the RSA key. The data below 1452 // This test uses kPublicKeySpkiDerHex as the RSA key. The data below
1380 // represents the modulus and public exponent extracted from this SPKI blob. 1453 // represents the modulus and public exponent extracted from this SPKI blob.
1381 // These values appear explicitly in the JWK rendering of the key. 1454 // These values appear explicitly in the JWK rendering of the key.
1382 const std::string n_hex = 1455 const std::string n_hex =
1383 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056" 1456 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056"
1384 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B" 1457 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
1416 blink::WebCryptoAlgorithmIdSha512), 1489 blink::WebCryptoAlgorithmIdSha512),
1417 blink::WebCryptoKeyUsageSign, "RS512"}}; 1490 blink::WebCryptoKeyUsageSign, "RS512"}};
1418 1491
1419 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); 1492 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
1420 ++test_index) { 1493 ++test_index) {
1421 SCOPED_TRACE(test_index); 1494 SCOPED_TRACE(test_index);
1422 const TestCase& test = kTests[test_index]; 1495 const TestCase& test = kTests[test_index];
1423 1496
1424 // Import the spki to create a public key 1497 // Import the spki to create a public key
1425 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 1498 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
1426 ASSERT_STATUS_SUCCESS( 1499 ASSERT_EQ(Status::Success(),
1427 ImportKey(blink::WebCryptoKeyFormatSpki, 1500 ImportKey(blink::WebCryptoKeyFormatSpki,
1428 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1501 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1429 test.algorithm, 1502 test.algorithm,
1430 true, 1503 true,
1431 test.usage, 1504 test.usage,
1432 &public_key)); 1505 &public_key));
1433 1506
1434 // Export the public key as JWK and verify its contents 1507 // Export the public key as JWK and verify its contents
1435 blink::WebArrayBuffer jwk; 1508 blink::WebArrayBuffer jwk;
1436 ASSERT_STATUS_SUCCESS( 1509 ASSERT_EQ(Status::Success(),
1437 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk)); 1510 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk));
1438 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage)); 1511 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage));
1439 1512
1440 // Import the JWK back in to create a new key 1513 // Import the JWK back in to create a new key
1441 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); 1514 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull();
1442 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1515 EXPECT_EQ(
1443 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); 1516 Status::Success(),
1517 ImportKeyJwk(
1518 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2));
1444 EXPECT_TRUE(public_key2.handle()); 1519 EXPECT_TRUE(public_key2.handle());
1445 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); 1520 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type());
1446 EXPECT_EQ(true, public_key2.extractable()); 1521 EXPECT_EQ(true, public_key2.extractable());
1447 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); 1522 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id());
1448 1523
1449 // Export the new key as spki and compare to the original. 1524 // Export the new key as spki and compare to the original.
1450 blink::WebArrayBuffer spki; 1525 blink::WebArrayBuffer spki;
1451 ASSERT_STATUS_SUCCESS( 1526 ASSERT_EQ(Status::Success(),
1452 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); 1527 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki));
1453 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, CryptoData(spki)); 1528 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, CryptoData(spki));
1454 } 1529 }
1455 } 1530 }
1456 1531
1457 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { 1532 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
1458 base::DictionaryValue dict; 1533 base::DictionaryValue dict;
1459 RestoreJwkRsaDictionary(&dict); 1534 RestoreJwkRsaDictionary(&dict);
1460 blink::WebCryptoAlgorithm algorithm = 1535 blink::WebCryptoAlgorithm algorithm =
1461 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 1536 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
1462 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1537 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1463 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1538 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1464 1539
1465 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) 1540 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
1466 // entry, while an RSA private key must have those plus at least a "d" 1541 // entry, while an RSA private key must have those plus at least a "d"
1467 // (private exponent) entry. 1542 // (private exponent) entry.
1468 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, 1543 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
1469 // section 6.3. 1544 // section 6.3.
1470 1545
1471 // Baseline pass. 1546 // Baseline pass.
1472 EXPECT_STATUS_SUCCESS( 1547 EXPECT_EQ(Status::Success(),
1473 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1548 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1474 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 1549 EXPECT_EQ(algorithm.id(), key.algorithm().id());
1475 EXPECT_FALSE(key.extractable()); 1550 EXPECT_FALSE(key.extractable());
1476 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1551 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1477 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); 1552 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
1478 1553
1479 // The following are specific failure cases for when kty = "RSA". 1554 // The following are specific failure cases for when kty = "RSA".
1480 1555
1481 // Fail if either "n" or "e" is not present or malformed. 1556 // Fail if either "n" or "e" is not present or malformed.
1482 const std::string kKtyParmName[] = {"n", "e"}; 1557 const std::string kKtyParmName[] = {"n", "e"};
1483 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { 1558 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
1484 // Fail on missing parameter. 1559 // Fail on missing parameter.
1485 dict.Remove(kKtyParmName[idx], NULL); 1560 dict.Remove(kKtyParmName[idx], NULL);
1486 EXPECT_STATUS_ERROR( 1561 EXPECT_NE(Status::Success(),
1487 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1562 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1488 RestoreJwkRsaDictionary(&dict); 1563 RestoreJwkRsaDictionary(&dict);
1489 1564
1490 // Fail on bad b64 parameter encoding. 1565 // Fail on bad b64 parameter encoding.
1491 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); 1566 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
1492 EXPECT_STATUS_ERROR( 1567 EXPECT_NE(Status::Success(),
1493 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1568 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1494 RestoreJwkRsaDictionary(&dict); 1569 RestoreJwkRsaDictionary(&dict);
1495 1570
1496 // Fail on empty parameter. 1571 // Fail on empty parameter.
1497 dict.SetString(kKtyParmName[idx], ""); 1572 dict.SetString(kKtyParmName[idx], "");
1498 EXPECT_STATUS_ERROR( 1573 EXPECT_NE(Status::Success(),
1499 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1574 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1500 RestoreJwkRsaDictionary(&dict); 1575 RestoreJwkRsaDictionary(&dict);
1501 } 1576 }
1502 1577
1503 // Fail if "d" parameter is present, implying the JWK is a private key, which 1578 // Fail if "d" parameter is present, implying the JWK is a private key, which
1504 // is not supported. 1579 // is not supported.
1505 dict.SetString("d", "Qk3f0Dsyt"); 1580 dict.SetString("d", "Qk3f0Dsyt");
1506 EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), 1581 EXPECT_EQ(Status::ErrorJwkRsaPrivateKeyUnsupported(),
1507 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1582 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1508 RestoreJwkRsaDictionary(&dict); 1583 RestoreJwkRsaDictionary(&dict);
1509 } 1584 }
1510 1585
1511 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { 1586 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
1512 // The Web Crypto spec says that if a JWK value is present, but is 1587 // The Web Crypto spec says that if a JWK value is present, but is
1513 // inconsistent with the input value, the operation must fail. 1588 // inconsistent with the input value, the operation must fail.
1514 1589
1515 // Consistency rules when JWK value is not present: Inputs should be used. 1590 // Consistency rules when JWK value is not present: Inputs should be used.
1516 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1591 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1517 bool extractable = false; 1592 bool extractable = false;
1518 blink::WebCryptoAlgorithm algorithm = 1593 blink::WebCryptoAlgorithm algorithm =
1519 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 1594 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
1520 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; 1595 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
1521 base::DictionaryValue dict; 1596 base::DictionaryValue dict;
1522 dict.SetString("kty", "oct"); 1597 dict.SetString("kty", "oct");
1523 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1598 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1524 std::vector<uint8> json_vec = MakeJsonVector(dict); 1599 std::vector<uint8> json_vec = MakeJsonVector(dict);
1525 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1600 EXPECT_EQ(
1526 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1601 Status::Success(),
1602 ImportKeyJwk(
1603 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1527 EXPECT_TRUE(key.handle()); 1604 EXPECT_TRUE(key.handle());
1528 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1605 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1529 EXPECT_EQ(extractable, key.extractable()); 1606 EXPECT_EQ(extractable, key.extractable());
1530 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1607 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1531 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 1608 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
1532 key.algorithm().hmacParams()->hash().id()); 1609 key.algorithm().hmacParams()->hash().id());
1533 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits()); 1610 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
1534 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); 1611 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
1535 key = blink::WebCryptoKey::createNull(); 1612 key = blink::WebCryptoKey::createNull();
1536 1613
1537 // Consistency rules when JWK value exists: Fail if inconsistency is found. 1614 // Consistency rules when JWK value exists: Fail if inconsistency is found.
1538 1615
1539 // Pass: All input values are consistent with the JWK values. 1616 // Pass: All input values are consistent with the JWK values.
1540 dict.Clear(); 1617 dict.Clear();
1541 dict.SetString("kty", "oct"); 1618 dict.SetString("kty", "oct");
1542 dict.SetString("alg", "HS256"); 1619 dict.SetString("alg", "HS256");
1543 dict.SetString("use", "sig"); 1620 dict.SetString("use", "sig");
1544 dict.SetBoolean("ext", false); 1621 dict.SetBoolean("ext", false);
1545 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1622 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1546 json_vec = MakeJsonVector(dict); 1623 json_vec = MakeJsonVector(dict);
1547 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1624 EXPECT_EQ(
1548 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1625 Status::Success(),
1626 ImportKeyJwk(
1627 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1549 1628
1550 // Extractable cases: 1629 // Extractable cases:
1551 // 1. input=T, JWK=F ==> fail (inconsistent) 1630 // 1. input=T, JWK=F ==> fail (inconsistent)
1552 // 4. input=F, JWK=F ==> pass, result extractable is F 1631 // 4. input=F, JWK=F ==> pass, result extractable is F
1553 // 2. input=T, JWK=T ==> pass, result extractable is T 1632 // 2. input=T, JWK=T ==> pass, result extractable is T
1554 // 3. input=F, JWK=T ==> pass, result extractable is F 1633 // 3. input=F, JWK=T ==> pass, result extractable is F
1555 EXPECT_STATUS( 1634 EXPECT_EQ(
1556 Status::ErrorJwkExtInconsistent(), 1635 Status::ErrorJwkExtInconsistent(),
1557 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key)); 1636 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key));
1558 EXPECT_STATUS_SUCCESS( 1637 EXPECT_EQ(
1638 Status::Success(),
1559 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key)); 1639 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key));
1560 EXPECT_FALSE(key.extractable()); 1640 EXPECT_FALSE(key.extractable());
1561 dict.SetBoolean("ext", true); 1641 dict.SetBoolean("ext", true);
1562 EXPECT_STATUS_SUCCESS( 1642 EXPECT_EQ(Status::Success(),
1563 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); 1643 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
1564 EXPECT_TRUE(key.extractable()); 1644 EXPECT_TRUE(key.extractable());
1565 EXPECT_STATUS_SUCCESS( 1645 EXPECT_EQ(Status::Success(),
1566 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1646 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1567 EXPECT_FALSE(key.extractable()); 1647 EXPECT_FALSE(key.extractable());
1568 dict.SetBoolean("ext", true); // restore previous value 1648 dict.SetBoolean("ext", true); // restore previous value
1569 1649
1570 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value 1650 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
1571 // (HMAC SHA256). 1651 // (HMAC SHA256).
1572 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), 1652 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
1573 ImportKeyJwk(CryptoData(json_vec), 1653 ImportKeyJwk(CryptoData(json_vec),
1574 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1654 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1575 extractable, 1655 extractable,
1576 usage_mask, 1656 usage_mask,
1577 &key)); 1657 &key));
1578 1658
1579 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value 1659 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
1580 // (HMAC SHA256). 1660 // (HMAC SHA256).
1581 EXPECT_STATUS( 1661 EXPECT_EQ(
1582 Status::ErrorJwkAlgorithmInconsistent(), 1662 Status::ErrorJwkAlgorithmInconsistent(),
1583 ImportKeyJwk(CryptoData(json_vec), 1663 ImportKeyJwk(CryptoData(json_vec),
1584 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), 1664 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
1585 extractable, 1665 extractable,
1586 usage_mask, 1666 usage_mask,
1587 &key)); 1667 &key));
1588 1668
1589 // Pass: JWK alg missing but input algorithm specified: use input value 1669 // Pass: JWK alg missing but input algorithm specified: use input value
1590 dict.Remove("alg", NULL); 1670 dict.Remove("alg", NULL);
1591 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1671 EXPECT_EQ(Status::Success(),
1592 dict, 1672 ImportKeyJwkFromDict(
1593 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), 1673 dict,
1594 extractable, 1674 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
1595 usage_mask, 1675 extractable,
1596 &key)); 1676 usage_mask,
1677 &key));
1597 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); 1678 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
1598 dict.SetString("alg", "HS256"); 1679 dict.SetString("alg", "HS256");
1599 1680
1600 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value 1681 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
1601 // (sign|verify) 1682 // (sign|verify)
1602 EXPECT_STATUS(Status::ErrorJwkUseInconsistent(), 1683 EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
1603 ImportKeyJwk(CryptoData(json_vec), 1684 ImportKeyJwk(CryptoData(json_vec),
1604 algorithm, 1685 algorithm,
1605 extractable, 1686 extractable,
1606 blink::WebCryptoKeyUsageEncrypt, 1687 blink::WebCryptoKeyUsageEncrypt,
1607 &key)); 1688 &key));
1608 1689
1609 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK 1690 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
1610 // value (sign|verify) 1691 // value (sign|verify)
1611 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | 1692 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
1612 blink::WebCryptoKeyUsageVerify; 1693 blink::WebCryptoKeyUsageVerify;
1613 EXPECT_STATUS( 1694 EXPECT_EQ(
1614 Status::ErrorJwkUseInconsistent(), 1695 Status::ErrorJwkUseInconsistent(),
1615 ImportKeyJwk( 1696 ImportKeyJwk(
1616 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1697 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1617 1698
1618 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, 1699 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
1619 // only certain alg values are permitted. For example, when kty = "RSA" alg 1700 // only certain alg values are permitted. For example, when kty = "RSA" alg
1620 // must be of the RSA family, or when kty = "oct" alg must be symmetric 1701 // must be of the RSA family, or when kty = "oct" alg must be symmetric
1621 // algorithm. 1702 // algorithm.
1622 1703
1623 // TODO(padolph): key_ops consistency tests 1704 // TODO(padolph): key_ops consistency tests
(...skipping 12 matching lines...) Expand all
1636 // Import a symmetric key JWK and HMAC-SHA256 sign() 1717 // Import a symmetric key JWK and HMAC-SHA256 sign()
1637 // Uses the first SHA256 test vector from the HMAC sample set above. 1718 // Uses the first SHA256 test vector from the HMAC sample set above.
1638 1719
1639 base::DictionaryValue dict; 1720 base::DictionaryValue dict;
1640 dict.SetString("kty", "oct"); 1721 dict.SetString("kty", "oct");
1641 dict.SetString("alg", "HS256"); 1722 dict.SetString("alg", "HS256");
1642 dict.SetString("use", "sig"); 1723 dict.SetString("use", "sig");
1643 dict.SetBoolean("ext", false); 1724 dict.SetBoolean("ext", false);
1644 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1725 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1645 1726
1646 ASSERT_STATUS_SUCCESS( 1727 ASSERT_EQ(
1728 Status::Success(),
1647 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); 1729 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
1648 1730
1649 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 1731 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
1650 key.algorithm().hmacParams()->hash().id()); 1732 key.algorithm().hmacParams()->hash().id());
1651 1733
1652 const std::vector<uint8> message_raw = HexStringToBytes( 1734 const std::vector<uint8> message_raw = HexStringToBytes(
1653 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" 1735 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
1654 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" 1736 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
1655 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" 1737 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
1656 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); 1738 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
1657 1739
1658 blink::WebArrayBuffer output; 1740 blink::WebArrayBuffer output;
1659 1741
1660 ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), 1742 ASSERT_EQ(Status::Success(),
1661 key, 1743 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
1662 CryptoData(message_raw), 1744 key,
1663 &output)); 1745 CryptoData(message_raw),
1746 &output));
1664 1747
1665 const std::string mac_raw = 1748 const std::string mac_raw =
1666 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; 1749 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
1667 1750
1668 ExpectArrayBufferMatchesHex(mac_raw, output); 1751 ExpectArrayBufferMatchesHex(mac_raw, output);
1669 1752
1670 // TODO(padolph): Import an RSA public key JWK and use it 1753 // TODO(padolph): Import an RSA public key JWK and use it
1671 } 1754 }
1672 1755
1673 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) { 1756 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
1742 // HMAC SHA-384 1825 // HMAC SHA-384
1743 {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"}, 1826 {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"},
1744 // HMAC SHA-512 1827 // HMAC SHA-512
1745 {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"}, 1828 {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"},
1746 // Large usage value 1829 // Large usage value
1747 {key_hex_256, aes_cbc_alg, 1830 {key_hex_256, aes_cbc_alg,
1748 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | 1831 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
1749 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 1832 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
1750 "A256CBC"}, 1833 "A256CBC"},
1751 // Zero usage value 1834 // Zero usage value
1752 {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, }; 1835 {key_hex_512, hmac_sha_512_alg, 0, "HS512"},
1836 };
1753 1837
1754 // Round-trip import/export each key. 1838 // Round-trip import/export each key.
1755 1839
1756 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1840 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1757 blink::WebArrayBuffer json; 1841 blink::WebArrayBuffer json;
1758 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); 1842 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
1759 ++test_index) { 1843 ++test_index) {
1760 SCOPED_TRACE(test_index); 1844 SCOPED_TRACE(test_index);
1761 const TestCase& test = kTests[test_index]; 1845 const TestCase& test = kTests[test_index];
1762 1846
1763 // Skip AES-GCM tests where not supported. 1847 // Skip AES-GCM tests where not supported.
1764 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm && 1848 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm &&
1765 !SupportsAesGcm()) { 1849 !SupportsAesGcm()) {
1766 continue; 1850 continue;
1767 } 1851 }
1768 1852
1769 // Import a raw key. 1853 // Import a raw key.
1770 key = ImportSecretKeyFromRaw( 1854 key = ImportSecretKeyFromRaw(
1771 HexStringToBytes(test.key_hex), test.algorithm, test.usage); 1855 HexStringToBytes(test.key_hex), test.algorithm, test.usage);
1772 1856
1773 // Export the key in JWK format and validate. 1857 // Export the key in JWK format and validate.
1774 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatJwk, key, &json)); 1858 ASSERT_EQ(Status::Success(),
1859 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
1775 EXPECT_TRUE(VerifySecretJwk(json, test.jwk_alg, test.key_hex, test.usage)); 1860 EXPECT_TRUE(VerifySecretJwk(json, test.jwk_alg, test.key_hex, test.usage));
1776 1861
1777 // Import the JWK-formatted key. 1862 // Import the JWK-formatted key.
1778 ASSERT_STATUS_SUCCESS( 1863 ASSERT_EQ(
1864 Status::Success(),
1779 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key)); 1865 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key));
1780 EXPECT_TRUE(key.handle()); 1866 EXPECT_TRUE(key.handle());
1781 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1867 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1782 EXPECT_EQ(test.algorithm.id(), key.algorithm().id()); 1868 EXPECT_EQ(test.algorithm.id(), key.algorithm().id());
1783 EXPECT_EQ(true, key.extractable()); 1869 EXPECT_EQ(true, key.extractable());
1784 EXPECT_EQ(test.usage, key.usages()); 1870 EXPECT_EQ(test.usage, key.usages());
1785 1871
1786 // Export the key in raw format and compare to the original. 1872 // Export the key in raw format and compare to the original.
1787 blink::WebArrayBuffer key_raw_out; 1873 blink::WebArrayBuffer key_raw_out;
1788 ASSERT_STATUS_SUCCESS( 1874 ASSERT_EQ(Status::Success(),
1789 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 1875 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
1790 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out); 1876 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out);
1791 } 1877 }
1792 } 1878 }
1793 1879
1794 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { 1880 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
1795 // Passing case: Import a valid RSA key in SPKI format. 1881 // Passing case: Import a valid RSA key in SPKI format.
1796 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1882 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1797 ASSERT_STATUS_SUCCESS( 1883 ASSERT_EQ(
1884 Status::Success(),
1798 ImportKey(blink::WebCryptoKeyFormatSpki, 1885 ImportKey(blink::WebCryptoKeyFormatSpki,
1799 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1886 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1800 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1887 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1801 true, 1888 true,
1802 blink::WebCryptoKeyUsageEncrypt, 1889 blink::WebCryptoKeyUsageEncrypt,
1803 &key)); 1890 &key));
1804 EXPECT_TRUE(key.handle()); 1891 EXPECT_TRUE(key.handle());
1805 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); 1892 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
1806 EXPECT_TRUE(key.extractable()); 1893 EXPECT_TRUE(key.extractable());
1807 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1894 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1808 EXPECT_EQ(kModulusLengthBits, 1895 EXPECT_EQ(kModulusLengthBits,
1809 key.algorithm().rsaParams()->modulusLengthBits()); 1896 key.algorithm().rsaParams()->modulusLengthBits());
1810 ExpectCryptoDataMatchesHex( 1897 ExpectCryptoDataMatchesHex(
1811 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); 1898 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent()));
1812 1899
1813 // Failing case: Empty SPKI data 1900 // Failing case: Empty SPKI data
1814 EXPECT_STATUS( 1901 EXPECT_EQ(
1815 Status::ErrorImportEmptyKeyData(), 1902 Status::ErrorImportEmptyKeyData(),
1816 ImportKey(blink::WebCryptoKeyFormatSpki, 1903 ImportKey(blink::WebCryptoKeyFormatSpki,
1817 CryptoData(std::vector<uint8>()), 1904 CryptoData(std::vector<uint8>()),
1818 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1905 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1819 true, 1906 true,
1820 blink::WebCryptoKeyUsageEncrypt, 1907 blink::WebCryptoKeyUsageEncrypt,
1821 &key)); 1908 &key));
1822 1909
1823 // Failing case: Bad DER encoding. 1910 // Failing case: Bad DER encoding.
1824 EXPECT_STATUS( 1911 EXPECT_EQ(
1825 Status::Error(), 1912 Status::DataError(),
1826 ImportKey(blink::WebCryptoKeyFormatSpki, 1913 ImportKey(blink::WebCryptoKeyFormatSpki,
1827 CryptoData(HexStringToBytes("618333c4cb")), 1914 CryptoData(HexStringToBytes("618333c4cb")),
1828 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1915 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1829 true, 1916 true,
1830 blink::WebCryptoKeyUsageEncrypt, 1917 blink::WebCryptoKeyUsageEncrypt,
1831 &key)); 1918 &key));
1832 1919
1833 // Failing case: Import RSA key but provide an inconsistent input algorithm. 1920 // Failing case: Import RSA key but provide an inconsistent input algorithm.
1834 EXPECT_STATUS(Status::Error(), 1921 EXPECT_EQ(Status::DataError(),
1835 ImportKey(blink::WebCryptoKeyFormatSpki, 1922 ImportKey(blink::WebCryptoKeyFormatSpki,
1836 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1923 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1837 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1924 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1838 true, 1925 true,
1839 blink::WebCryptoKeyUsageEncrypt, 1926 blink::WebCryptoKeyUsageEncrypt,
1840 &key)); 1927 &key));
1841 1928
1842 // Passing case: Export a previously imported RSA public key in SPKI format 1929 // Passing case: Export a previously imported RSA public key in SPKI format
1843 // and compare to original data. 1930 // and compare to original data.
1844 blink::WebArrayBuffer output; 1931 blink::WebArrayBuffer output;
1845 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 1932 ASSERT_EQ(Status::Success(),
1933 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
1846 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); 1934 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output);
1847 1935
1848 // Failing case: Try to export a previously imported RSA public key in raw 1936 // Failing case: Try to export a previously imported RSA public key in raw
1849 // format (not allowed for a public key). 1937 // format (not allowed for a public key).
1850 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 1938 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
1851 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); 1939 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
1852 1940
1853 // Failing case: Try to export a non-extractable key 1941 // Failing case: Try to export a non-extractable key
1854 ASSERT_STATUS_SUCCESS( 1942 ASSERT_EQ(
1943 Status::Success(),
1855 ImportKey(blink::WebCryptoKeyFormatSpki, 1944 ImportKey(blink::WebCryptoKeyFormatSpki,
1856 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1945 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1857 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1946 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1858 false, 1947 false,
1859 blink::WebCryptoKeyUsageEncrypt, 1948 blink::WebCryptoKeyUsageEncrypt,
1860 &key)); 1949 &key));
1861 EXPECT_TRUE(key.handle()); 1950 EXPECT_TRUE(key.handle());
1862 EXPECT_FALSE(key.extractable()); 1951 EXPECT_FALSE(key.extractable());
1863 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), 1952 EXPECT_EQ(Status::ErrorKeyNotExtractable(),
1864 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 1953 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
1865 } 1954 }
1866 1955
1867 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { 1956 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) {
1868 // Passing case: Import a valid RSA key in PKCS#8 format. 1957 // Passing case: Import a valid RSA key in PKCS#8 format.
1869 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1958 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1870 ASSERT_STATUS_SUCCESS(ImportKey( 1959 ASSERT_EQ(Status::Success(),
1871 blink::WebCryptoKeyFormatPkcs8, 1960 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1872 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 1961 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
1873 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1962 CreateRsaHashedImportAlgorithm(
1874 blink::WebCryptoAlgorithmIdSha1), 1963 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1875 true, 1964 blink::WebCryptoAlgorithmIdSha1),
1876 blink::WebCryptoKeyUsageSign, 1965 true,
1877 &key)); 1966 blink::WebCryptoKeyUsageSign,
1967 &key));
1878 EXPECT_TRUE(key.handle()); 1968 EXPECT_TRUE(key.handle());
1879 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); 1969 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type());
1880 EXPECT_TRUE(key.extractable()); 1970 EXPECT_TRUE(key.extractable());
1881 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); 1971 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
1882 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1972 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1883 key.algorithm().rsaHashedParams()->hash().id()); 1973 key.algorithm().rsaHashedParams()->hash().id());
1884 EXPECT_EQ(kModulusLengthBits, 1974 EXPECT_EQ(kModulusLengthBits,
1885 key.algorithm().rsaHashedParams()->modulusLengthBits()); 1975 key.algorithm().rsaHashedParams()->modulusLengthBits());
1886 ExpectCryptoDataMatchesHex( 1976 ExpectCryptoDataMatchesHex(
1887 "010001", 1977 "010001",
1888 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); 1978 CryptoData(key.algorithm().rsaHashedParams()->publicExponent()));
1889 1979
1890 blink::WebArrayBuffer exported_key; 1980 blink::WebArrayBuffer exported_key;
1891 ASSERT_STATUS_SUCCESS( 1981 ASSERT_EQ(Status::Success(),
1892 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key)); 1982 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key));
1893 ExpectArrayBufferMatchesHex(kPrivateKeyPkcs8DerHex, exported_key); 1983 ExpectArrayBufferMatchesHex(kPrivateKeyPkcs8DerHex, exported_key);
1894 1984
1895 // Failing case: Empty PKCS#8 data 1985 // Failing case: Empty PKCS#8 data
1896 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), 1986 EXPECT_EQ(Status::ErrorImportEmptyKeyData(),
1897 ImportKey(blink::WebCryptoKeyFormatPkcs8, 1987 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1898 CryptoData(std::vector<uint8>()), 1988 CryptoData(std::vector<uint8>()),
1899 CreateRsaHashedImportAlgorithm( 1989 CreateRsaHashedImportAlgorithm(
1900 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1990 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1901 blink::WebCryptoAlgorithmIdSha1), 1991 blink::WebCryptoAlgorithmIdSha1),
1902 true, 1992 true,
1903 blink::WebCryptoKeyUsageSign, 1993 blink::WebCryptoKeyUsageSign,
1904 &key)); 1994 &key));
1905 1995
1906 // Failing case: Bad DER encoding. 1996 // Failing case: Bad DER encoding.
1907 EXPECT_STATUS( 1997 EXPECT_EQ(
1908 Status::Error(), 1998 Status::DataError(),
1909 ImportKey(blink::WebCryptoKeyFormatPkcs8, 1999 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1910 CryptoData(HexStringToBytes("618333c4cb")), 2000 CryptoData(HexStringToBytes("618333c4cb")),
1911 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 2001 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
1912 true, 2002 true,
1913 blink::WebCryptoKeyUsageSign, 2003 blink::WebCryptoKeyUsageSign,
1914 &key)); 2004 &key));
1915 2005
1916 // Failing case: Import RSA key but provide an inconsistent input algorithm. 2006 // Failing case: Import RSA key but provide an inconsistent input algorithm.
1917 EXPECT_STATUS(Status::Error(), 2007 EXPECT_EQ(Status::DataError(),
1918 ImportKey(blink::WebCryptoKeyFormatPkcs8, 2008 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1919 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 2009 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
1920 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2010 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1921 true, 2011 true,
1922 blink::WebCryptoKeyUsageSign, 2012 blink::WebCryptoKeyUsageSign,
1923 &key)); 2013 &key));
1924 } 2014 }
1925 2015
1926 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { 2016 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
1927 // Note: using unrealistic short key lengths here to avoid bogging down tests. 2017 // Note: using unrealistic short key lengths here to avoid bogging down tests.
1928 2018
1929 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. 2019 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
1930 const unsigned int modulus_length = 256; 2020 const unsigned int modulus_length = 256;
1931 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); 2021 const std::vector<uint8> public_exponent = HexStringToBytes("010001");
1932 blink::WebCryptoAlgorithm algorithm = 2022 blink::WebCryptoAlgorithm algorithm =
1933 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2023 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
1934 modulus_length, 2024 modulus_length,
1935 public_exponent); 2025 public_exponent);
1936 bool extractable = true; 2026 bool extractable = true;
1937 const blink::WebCryptoKeyUsageMask usage_mask = 0; 2027 const blink::WebCryptoKeyUsageMask usage_mask = 0;
1938 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2028 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
1939 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2029 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
1940 ASSERT_STATUS_SUCCESS(GenerateKeyPair( 2030 ASSERT_EQ(Status::Success(),
1941 algorithm, extractable, usage_mask, &public_key, &private_key)); 2031 GenerateKeyPair(
2032 algorithm, extractable, usage_mask, &public_key, &private_key));
1942 EXPECT_FALSE(public_key.isNull()); 2033 EXPECT_FALSE(public_key.isNull());
1943 EXPECT_FALSE(private_key.isNull()); 2034 EXPECT_FALSE(private_key.isNull());
1944 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2035 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
1945 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2036 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
1946 EXPECT_TRUE(public_key.extractable()); 2037 EXPECT_TRUE(public_key.extractable());
1947 EXPECT_EQ(extractable, private_key.extractable()); 2038 EXPECT_EQ(extractable, private_key.extractable());
1948 EXPECT_EQ(usage_mask, public_key.usages()); 2039 EXPECT_EQ(usage_mask, public_key.usages());
1949 EXPECT_EQ(usage_mask, private_key.usages()); 2040 EXPECT_EQ(usage_mask, private_key.usages());
1950 2041
1951 // Try exporting the generated key pair, and then re-importing to verify that 2042 // Try exporting the generated key pair, and then re-importing to verify that
1952 // the exported data was valid. 2043 // the exported data was valid.
1953 blink::WebArrayBuffer public_key_spki; 2044 blink::WebArrayBuffer public_key_spki;
1954 EXPECT_STATUS_SUCCESS( 2045 EXPECT_EQ(
2046 Status::Success(),
1955 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); 2047 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki));
1956 public_key = blink::WebCryptoKey::createNull(); 2048 public_key = blink::WebCryptoKey::createNull();
1957 EXPECT_STATUS_SUCCESS( 2049 EXPECT_EQ(
2050 Status::Success(),
1958 ImportKey(blink::WebCryptoKeyFormatSpki, 2051 ImportKey(blink::WebCryptoKeyFormatSpki,
1959 CryptoData(public_key_spki), 2052 CryptoData(public_key_spki),
1960 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 2053 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1961 true, 2054 true,
1962 usage_mask, 2055 usage_mask,
1963 &public_key)); 2056 &public_key));
1964 EXPECT_EQ(modulus_length, 2057 EXPECT_EQ(modulus_length,
1965 public_key.algorithm().rsaParams()->modulusLengthBits()); 2058 public_key.algorithm().rsaParams()->modulusLengthBits());
1966 2059
1967 blink::WebArrayBuffer private_key_pkcs8; 2060 blink::WebArrayBuffer private_key_pkcs8;
1968 EXPECT_STATUS_SUCCESS(ExportKey( 2061 EXPECT_EQ(
1969 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); 2062 Status::Success(),
2063 ExportKey(
2064 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8));
1970 private_key = blink::WebCryptoKey::createNull(); 2065 private_key = blink::WebCryptoKey::createNull();
1971 EXPECT_STATUS_SUCCESS( 2066 EXPECT_EQ(
2067 Status::Success(),
1972 ImportKey(blink::WebCryptoKeyFormatPkcs8, 2068 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1973 CryptoData(private_key_pkcs8), 2069 CryptoData(private_key_pkcs8),
1974 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 2070 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1975 true, 2071 true,
1976 usage_mask, 2072 usage_mask,
1977 &private_key)); 2073 &private_key));
1978 EXPECT_EQ(modulus_length, 2074 EXPECT_EQ(modulus_length,
1979 private_key.algorithm().rsaParams()->modulusLengthBits()); 2075 private_key.algorithm().rsaParams()->modulusLengthBits());
1980 2076
1981 // Fail with bad modulus. 2077 // Fail with bad modulus.
1982 algorithm = CreateRsaKeyGenAlgorithm( 2078 algorithm = CreateRsaKeyGenAlgorithm(
1983 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); 2079 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
1984 EXPECT_STATUS( 2080 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(),
1985 Status::ErrorGenerateRsaZeroModulus(), 2081 GenerateKeyPair(
1986 GenerateKeyPair( 2082 algorithm, extractable, usage_mask, &public_key, &private_key));
1987 algorithm, extractable, usage_mask, &public_key, &private_key));
1988 2083
1989 // Fail with bad exponent: larger than unsigned long. 2084 // Fail with bad exponent: larger than unsigned long.
1990 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT 2085 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT
1991 const std::vector<uint8> long_exponent(exponent_length, 0x01); 2086 const std::vector<uint8> long_exponent(exponent_length, 0x01);
1992 algorithm = CreateRsaKeyGenAlgorithm( 2087 algorithm = CreateRsaKeyGenAlgorithm(
1993 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); 2088 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent);
1994 EXPECT_STATUS( 2089 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
1995 Status::ErrorGenerateKeyPublicExponent(), 2090 GenerateKeyPair(
1996 GenerateKeyPair( 2091 algorithm, extractable, usage_mask, &public_key, &private_key));
1997 algorithm, extractable, usage_mask, &public_key, &private_key));
1998 2092
1999 // Fail with bad exponent: empty. 2093 // Fail with bad exponent: empty.
2000 const std::vector<uint8> empty_exponent; 2094 const std::vector<uint8> empty_exponent;
2001 algorithm = 2095 algorithm =
2002 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2096 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2003 modulus_length, 2097 modulus_length,
2004 empty_exponent); 2098 empty_exponent);
2005 EXPECT_STATUS( 2099 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
2006 Status::ErrorGenerateKeyPublicExponent(), 2100 GenerateKeyPair(
2007 GenerateKeyPair( 2101 algorithm, extractable, usage_mask, &public_key, &private_key));
2008 algorithm, extractable, usage_mask, &public_key, &private_key));
2009 2102
2010 // Fail with bad exponent: all zeros. 2103 // Fail with bad exponent: all zeros.
2011 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); 2104 std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
2012 algorithm = 2105 algorithm =
2013 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2106 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2014 modulus_length, 2107 modulus_length,
2015 exponent_with_leading_zeros); 2108 exponent_with_leading_zeros);
2016 EXPECT_STATUS( 2109 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
2017 Status::ErrorGenerateKeyPublicExponent(), 2110 GenerateKeyPair(
2018 GenerateKeyPair( 2111 algorithm, extractable, usage_mask, &public_key, &private_key));
2019 algorithm, extractable, usage_mask, &public_key, &private_key));
2020 2112
2021 // Key generation success using exponent with leading zeros. 2113 // Key generation success using exponent with leading zeros.
2022 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), 2114 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
2023 public_exponent.begin(), 2115 public_exponent.begin(),
2024 public_exponent.end()); 2116 public_exponent.end());
2025 algorithm = 2117 algorithm =
2026 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2118 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2027 modulus_length, 2119 modulus_length,
2028 exponent_with_leading_zeros); 2120 exponent_with_leading_zeros);
2029 EXPECT_STATUS_SUCCESS(GenerateKeyPair( 2121 EXPECT_EQ(Status::Success(),
2030 algorithm, extractable, usage_mask, &public_key, &private_key)); 2122 GenerateKeyPair(
2123 algorithm, extractable, usage_mask, &public_key, &private_key));
2031 EXPECT_FALSE(public_key.isNull()); 2124 EXPECT_FALSE(public_key.isNull());
2032 EXPECT_FALSE(private_key.isNull()); 2125 EXPECT_FALSE(private_key.isNull());
2033 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2126 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2034 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2127 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2035 EXPECT_TRUE(public_key.extractable()); 2128 EXPECT_TRUE(public_key.extractable());
2036 EXPECT_EQ(extractable, private_key.extractable()); 2129 EXPECT_EQ(extractable, private_key.extractable());
2037 EXPECT_EQ(usage_mask, public_key.usages()); 2130 EXPECT_EQ(usage_mask, public_key.usages());
2038 EXPECT_EQ(usage_mask, private_key.usages()); 2131 EXPECT_EQ(usage_mask, private_key.usages());
2039 2132
2040 // Successful WebCryptoAlgorithmIdRsaOaep key generation. 2133 // Successful WebCryptoAlgorithmIdRsaOaep key generation.
2041 algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, 2134 algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep,
2042 blink::WebCryptoAlgorithmIdSha256, 2135 blink::WebCryptoAlgorithmIdSha256,
2043 modulus_length, 2136 modulus_length,
2044 public_exponent); 2137 public_exponent);
2045 EXPECT_STATUS_SUCCESS(GenerateKeyPair( 2138 EXPECT_EQ(Status::Success(),
2046 algorithm, extractable, usage_mask, &public_key, &private_key)); 2139 GenerateKeyPair(
2140 algorithm, extractable, usage_mask, &public_key, &private_key));
2047 EXPECT_FALSE(public_key.isNull()); 2141 EXPECT_FALSE(public_key.isNull());
2048 EXPECT_FALSE(private_key.isNull()); 2142 EXPECT_FALSE(private_key.isNull());
2049 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2143 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2050 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2144 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2051 EXPECT_EQ(modulus_length, 2145 EXPECT_EQ(modulus_length,
2052 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2146 public_key.algorithm().rsaHashedParams()->modulusLengthBits());
2053 EXPECT_EQ(modulus_length, 2147 EXPECT_EQ(modulus_length,
2054 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2148 private_key.algorithm().rsaHashedParams()->modulusLengthBits());
2055 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2149 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2056 public_key.algorithm().rsaHashedParams()->hash().id()); 2150 public_key.algorithm().rsaHashedParams()->hash().id());
2057 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2151 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2058 private_key.algorithm().rsaHashedParams()->hash().id()); 2152 private_key.algorithm().rsaHashedParams()->hash().id());
2059 EXPECT_TRUE(public_key.extractable()); 2153 EXPECT_TRUE(public_key.extractable());
2060 EXPECT_EQ(extractable, private_key.extractable()); 2154 EXPECT_EQ(extractable, private_key.extractable());
2061 EXPECT_EQ(usage_mask, public_key.usages()); 2155 EXPECT_EQ(usage_mask, public_key.usages());
2062 EXPECT_EQ(usage_mask, private_key.usages()); 2156 EXPECT_EQ(usage_mask, private_key.usages());
2063 2157
2064 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. 2158 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
2065 algorithm = 2159 algorithm =
2066 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2160 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2067 blink::WebCryptoAlgorithmIdSha1, 2161 blink::WebCryptoAlgorithmIdSha1,
2068 modulus_length, 2162 modulus_length,
2069 public_exponent); 2163 public_exponent);
2070 EXPECT_STATUS_SUCCESS( 2164 EXPECT_EQ(
2165 Status::Success(),
2071 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); 2166 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key));
2072 EXPECT_FALSE(public_key.isNull()); 2167 EXPECT_FALSE(public_key.isNull());
2073 EXPECT_FALSE(private_key.isNull()); 2168 EXPECT_FALSE(private_key.isNull());
2074 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2169 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2075 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2170 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2076 EXPECT_EQ(modulus_length, 2171 EXPECT_EQ(modulus_length,
2077 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2172 public_key.algorithm().rsaHashedParams()->modulusLengthBits());
2078 EXPECT_EQ(modulus_length, 2173 EXPECT_EQ(modulus_length,
2079 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2174 private_key.algorithm().rsaHashedParams()->modulusLengthBits());
2080 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2175 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2081 public_key.algorithm().rsaHashedParams()->hash().id()); 2176 public_key.algorithm().rsaHashedParams()->hash().id());
2082 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2177 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2083 private_key.algorithm().rsaHashedParams()->hash().id()); 2178 private_key.algorithm().rsaHashedParams()->hash().id());
2084 // Even though "extractable" was set to false, the public key remains 2179 // Even though "extractable" was set to false, the public key remains
2085 // extractable. 2180 // extractable.
2086 EXPECT_TRUE(public_key.extractable()); 2181 EXPECT_TRUE(public_key.extractable());
2087 EXPECT_FALSE(private_key.extractable()); 2182 EXPECT_FALSE(private_key.extractable());
2088 EXPECT_EQ(usage_mask, public_key.usages()); 2183 EXPECT_EQ(usage_mask, public_key.usages());
2089 EXPECT_EQ(usage_mask, private_key.usages()); 2184 EXPECT_EQ(usage_mask, private_key.usages());
2090 2185
2091 // Exporting a private key as SPKI format doesn't make sense. However this 2186 // Exporting a private key as SPKI format doesn't make sense. However this
2092 // will first fail because the key is not extractable. 2187 // will first fail because the key is not extractable.
2093 blink::WebArrayBuffer output; 2188 blink::WebArrayBuffer output;
2094 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), 2189 EXPECT_EQ(Status::ErrorKeyNotExtractable(),
2095 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); 2190 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
2096 2191
2097 // Re-generate an extractable private_key and try to export it as SPKI format. 2192 // Re-generate an extractable private_key and try to export it as SPKI format.
2098 // This should fail since spki is for public keys. 2193 // This should fail since spki is for public keys.
2099 EXPECT_STATUS_SUCCESS( 2194 EXPECT_EQ(
2195 Status::Success(),
2100 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); 2196 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key));
2101 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2197 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2102 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); 2198 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
2103 } 2199 }
2104 2200
2105 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { 2201 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) {
2106 // Import a key pair. 2202 // Import a key pair.
2107 blink::WebCryptoAlgorithm algorithm = 2203 blink::WebCryptoAlgorithm algorithm =
2108 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2204 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2109 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2205 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2110 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2206 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2111 ImportRsaKeyPair( 2207 ImportRsaKeyPair(
2112 HexStringToBytes(kPublicKeySpkiDerHex), 2208 HexStringToBytes(kPublicKeySpkiDerHex),
(...skipping 15 matching lines...) Expand all
2128 2224
2129 // Verify encrypt / decrypt round trip on a few messages. Note that RSA 2225 // Verify encrypt / decrypt round trip on a few messages. Note that RSA
2130 // encryption does not support empty input. 2226 // encryption does not support empty input.
2131 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2227 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2132 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", 2228 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f",
2133 max_data_hex}; 2229 max_data_hex};
2134 blink::WebArrayBuffer encrypted_data; 2230 blink::WebArrayBuffer encrypted_data;
2135 blink::WebArrayBuffer decrypted_data; 2231 blink::WebArrayBuffer decrypted_data;
2136 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { 2232 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) {
2137 SCOPED_TRACE(i); 2233 SCOPED_TRACE(i);
2138 EXPECT_STATUS_SUCCESS(Encrypt(algorithm, 2234 EXPECT_EQ(Status::Success(),
2139 public_key, 2235 Encrypt(algorithm,
2140 CryptoData(HexStringToBytes(kTestDataHex[i])), 2236 public_key,
2141 &encrypted_data)); 2237 CryptoData(HexStringToBytes(kTestDataHex[i])),
2238 &encrypted_data));
2142 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength()); 2239 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength());
2143 ASSERT_STATUS_SUCCESS(Decrypt( 2240 ASSERT_EQ(Status::Success(),
2144 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2241 Decrypt(algorithm,
2242 private_key,
2243 CryptoData(encrypted_data),
2244 &decrypted_data));
2145 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); 2245 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data);
2146 } 2246 }
2147 } 2247 }
2148 2248
2149 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { 2249 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) {
2150 scoped_ptr<base::Value> json; 2250 scoped_ptr<base::Value> json;
2151 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); 2251 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
2152 base::DictionaryValue* test = NULL; 2252 base::DictionaryValue* test = NULL;
2153 ASSERT_TRUE(json->GetAsDictionary(&test)); 2253 ASSERT_TRUE(json->GetAsDictionary(&test));
2154 2254
(...skipping 22 matching lines...) Expand all
2177 rsa_pkcs8_der, 2277 rsa_pkcs8_der,
2178 algorithm, 2278 algorithm,
2179 false, 2279 false,
2180 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2280 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
2181 &public_key, 2281 &public_key,
2182 &private_key); 2282 &private_key);
2183 2283
2184 // Decrypt the known-good ciphertext with the private key. As a check we must 2284 // Decrypt the known-good ciphertext with the private key. As a check we must
2185 // get the known original cleartext. 2285 // get the known original cleartext.
2186 blink::WebArrayBuffer decrypted_data; 2286 blink::WebArrayBuffer decrypted_data;
2187 ASSERT_STATUS_SUCCESS( 2287 ASSERT_EQ(
2288 Status::Success(),
2188 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); 2289 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data));
2189 EXPECT_FALSE(decrypted_data.isNull()); 2290 EXPECT_FALSE(decrypted_data.isNull());
2190 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); 2291 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data));
2191 2292
2192 // Encrypt this decrypted data with the public key. 2293 // Encrypt this decrypted data with the public key.
2193 blink::WebArrayBuffer encrypted_data; 2294 blink::WebArrayBuffer encrypted_data;
2194 ASSERT_STATUS_SUCCESS(Encrypt( 2295 ASSERT_EQ(
2195 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); 2296 Status::Success(),
2297 Encrypt(
2298 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data));
2196 EXPECT_EQ(128u, encrypted_data.byteLength()); 2299 EXPECT_EQ(128u, encrypted_data.byteLength());
2197 2300
2198 // Finally, decrypt the newly encrypted result with the private key, and 2301 // Finally, decrypt the newly encrypted result with the private key, and
2199 // compare to the known original cleartext. 2302 // compare to the known original cleartext.
2200 decrypted_data.reset(); 2303 decrypted_data.reset();
2201 ASSERT_STATUS_SUCCESS(Decrypt( 2304 ASSERT_EQ(
2202 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2305 Status::Success(),
2306 Decrypt(
2307 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2203 EXPECT_FALSE(decrypted_data.isNull()); 2308 EXPECT_FALSE(decrypted_data.isNull());
2204 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); 2309 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data));
2205 } 2310 }
2206 2311
2207 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { 2312 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) {
2208 // Import a key pair. 2313 // Import a key pair.
2209 blink::WebCryptoAlgorithm algorithm = 2314 blink::WebCryptoAlgorithm algorithm =
2210 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2315 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2211 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2316 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2212 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2317 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2213 ImportRsaKeyPair( 2318 ImportRsaKeyPair(
2214 HexStringToBytes(kPublicKeySpkiDerHex), 2319 HexStringToBytes(kPublicKeySpkiDerHex),
2215 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2320 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2216 algorithm, 2321 algorithm,
2217 false, 2322 false,
2218 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2323 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
2219 &public_key, 2324 &public_key,
2220 &private_key); 2325 &private_key);
2221 2326
2222 // Fail encrypt with a private key. 2327 // Fail encrypt with a private key.
2223 blink::WebArrayBuffer encrypted_data; 2328 blink::WebArrayBuffer encrypted_data;
2224 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); 2329 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f");
2225 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); 2330 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str));
2226 EXPECT_STATUS( 2331 EXPECT_EQ(
2227 Status::ErrorUnexpectedKeyType(), 2332 Status::ErrorUnexpectedKeyType(),
2228 Encrypt( 2333 Encrypt(
2229 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); 2334 algorithm, private_key, CryptoData(message_hex), &encrypted_data));
2230 2335
2231 // Fail encrypt with empty message. 2336 // Fail encrypt with empty message.
2232 EXPECT_STATUS(Status::Error(), 2337 EXPECT_EQ(Status::ErrorDataTooSmall(),
2233 Encrypt(algorithm, 2338 Encrypt(algorithm,
2234 public_key, 2339 public_key,
2235 CryptoData(std::vector<uint8>()), 2340 CryptoData(std::vector<uint8>()),
2236 &encrypted_data)); 2341 &encrypted_data));
2237 2342
2238 // Fail encrypt with message too large. RSAES can operate on messages up to 2343 // Fail encrypt with message too large. RSAES can operate on messages up to
2239 // length of k - 11 bytes, where k is the octet length of the RSA modulus. 2344 // length of k - 11 bytes, where k is the octet length of the RSA modulus.
2240 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; 2345 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11;
2241 EXPECT_STATUS( 2346 EXPECT_EQ(Status::ErrorDataTooLarge(),
2242 Status::ErrorDataTooLarge(), 2347 Encrypt(algorithm,
2243 Encrypt(algorithm, 2348 public_key,
2244 public_key, 2349 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')),
2245 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), 2350 &encrypted_data));
2246 &encrypted_data));
2247 2351
2248 // Generate encrypted data. 2352 // Generate encrypted data.
2249 EXPECT_STATUS( 2353 EXPECT_EQ(
2250 Status::Success(), 2354 Status::Success(),
2251 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); 2355 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data));
2252 2356
2253 // Fail decrypt with a public key. 2357 // Fail decrypt with a public key.
2254 blink::WebArrayBuffer decrypted_data; 2358 blink::WebArrayBuffer decrypted_data;
2255 EXPECT_STATUS( 2359 EXPECT_EQ(
2256 Status::ErrorUnexpectedKeyType(), 2360 Status::ErrorUnexpectedKeyType(),
2257 Decrypt( 2361 Decrypt(
2258 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); 2362 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data));
2259 2363
2260 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. 2364 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted.
2261 std::vector<uint8> corrupted_data( 2365 std::vector<uint8> corrupted_data(
2262 static_cast<uint8*>(encrypted_data.data()), 2366 static_cast<uint8*>(encrypted_data.data()),
2263 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); 2367 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength());
2264 corrupted_data[corrupted_data.size() / 2] ^= 0x01; 2368 corrupted_data[corrupted_data.size() / 2] ^= 0x01;
2265 EXPECT_STATUS( 2369 EXPECT_EQ(
2266 Status::Error(), 2370 Status::OperationError(),
2267 Decrypt( 2371 Decrypt(
2268 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data)); 2372 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data));
2269 2373
2270 // TODO(padolph): Are there other specific data corruption scenarios to 2374 // TODO(padolph): Are there other specific data corruption scenarios to
2271 // consider? 2375 // consider?
2272 2376
2273 // Do a successful decrypt with good data just for confirmation. 2377 // Do a successful decrypt with good data just for confirmation.
2274 EXPECT_STATUS_SUCCESS(Decrypt( 2378 EXPECT_EQ(
2275 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2379 Status::Success(),
2380 Decrypt(
2381 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2276 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); 2382 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
2277 } 2383 }
2278 2384
2279 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { 2385 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
2280 // Import a key pair. 2386 // Import a key pair.
2281 blink::WebCryptoKeyUsageMask usage_mask = 2387 blink::WebCryptoKeyUsageMask usage_mask =
2282 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; 2388 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
2283 blink::WebCryptoAlgorithm importAlgorithm = 2389 blink::WebCryptoAlgorithm importAlgorithm =
2284 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2390 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2285 blink::WebCryptoAlgorithmIdSha1); 2391 blink::WebCryptoAlgorithmIdSha1);
2286 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2392 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2287 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2393 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2288 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), 2394 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2289 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2395 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2290 importAlgorithm, 2396 importAlgorithm,
2291 false, 2397 false,
2292 usage_mask, 2398 usage_mask,
2293 &public_key, 2399 &public_key,
2294 &private_key); 2400 &private_key);
2295 2401
2296 blink::WebCryptoAlgorithm algorithm = 2402 blink::WebCryptoAlgorithm algorithm =
2297 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); 2403 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
2298 2404
2299 blink::WebArrayBuffer signature; 2405 blink::WebArrayBuffer signature;
2300 bool signature_match; 2406 bool signature_match;
2301 2407
2302 // Compute a signature. 2408 // Compute a signature.
2303 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); 2409 const std::vector<uint8> data = HexStringToBytes("010203040506070809");
2304 ASSERT_STATUS_SUCCESS( 2410 ASSERT_EQ(Status::Success(),
2305 Sign(algorithm, private_key, CryptoData(data), &signature)); 2411 Sign(algorithm, private_key, CryptoData(data), &signature));
2306 2412
2307 // Ensure truncated signature does not verify by passing one less byte. 2413 // Ensure truncated signature does not verify by passing one less byte.
2308 EXPECT_STATUS_SUCCESS(VerifySignature( 2414 EXPECT_EQ(
2309 algorithm, 2415 Status::Success(),
2310 public_key, 2416 VerifySignature(
2311 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()), 2417 algorithm,
2312 signature.byteLength() - 1), 2418 public_key,
2313 CryptoData(data), 2419 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()),
2314 &signature_match)); 2420 signature.byteLength() - 1),
2421 CryptoData(data),
2422 &signature_match));
2315 EXPECT_FALSE(signature_match); 2423 EXPECT_FALSE(signature_match);
2316 2424
2317 // Ensure truncated signature does not verify by passing no bytes. 2425 // Ensure truncated signature does not verify by passing no bytes.
2318 EXPECT_STATUS_SUCCESS(VerifySignature( 2426 EXPECT_EQ(Status::Success(),
2319 algorithm, public_key, CryptoData(), CryptoData(data), &signature_match)); 2427 VerifySignature(algorithm,
2428 public_key,
2429 CryptoData(),
2430 CryptoData(data),
2431 &signature_match));
2320 EXPECT_FALSE(signature_match); 2432 EXPECT_FALSE(signature_match);
2321 2433
2322 // Ensure corrupted signature does not verify. 2434 // Ensure corrupted signature does not verify.
2323 std::vector<uint8> corrupt_sig( 2435 std::vector<uint8> corrupt_sig(
2324 static_cast<uint8*>(signature.data()), 2436 static_cast<uint8*>(signature.data()),
2325 static_cast<uint8*>(signature.data()) + signature.byteLength()); 2437 static_cast<uint8*>(signature.data()) + signature.byteLength());
2326 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; 2438 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
2327 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 2439 EXPECT_EQ(Status::Success(),
2328 public_key, 2440 VerifySignature(algorithm,
2329 CryptoData(corrupt_sig), 2441 public_key,
2330 CryptoData(data), 2442 CryptoData(corrupt_sig),
2331 &signature_match)); 2443 CryptoData(data),
2444 &signature_match));
2332 EXPECT_FALSE(signature_match); 2445 EXPECT_FALSE(signature_match);
2333 2446
2334 // Ensure signatures that are greater than the modulus size fail. 2447 // Ensure signatures that are greater than the modulus size fail.
2335 const unsigned int long_message_size_bytes = 1024; 2448 const unsigned int long_message_size_bytes = 1024;
2336 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); 2449 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
2337 const unsigned char kLongSignature[long_message_size_bytes] = {0}; 2450 const unsigned char kLongSignature[long_message_size_bytes] = {0};
2338 EXPECT_STATUS_SUCCESS( 2451 EXPECT_EQ(Status::Success(),
2339 VerifySignature(algorithm, 2452 VerifySignature(algorithm,
2340 public_key, 2453 public_key,
2341 CryptoData(kLongSignature, sizeof(kLongSignature)), 2454 CryptoData(kLongSignature, sizeof(kLongSignature)),
2342 CryptoData(data), 2455 CryptoData(data),
2343 &signature_match)); 2456 &signature_match));
2344 EXPECT_FALSE(signature_match); 2457 EXPECT_FALSE(signature_match);
2345 2458
2346 // Ensure that verifying using a private key, rather than a public key, fails. 2459 // Ensure that verifying using a private key, rather than a public key, fails.
2347 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2460 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2348 VerifySignature(algorithm, 2461 VerifySignature(algorithm,
2349 private_key, 2462 private_key,
2350 CryptoData(signature), 2463 CryptoData(signature),
2351 CryptoData(data), 2464 CryptoData(data),
2352 &signature_match)); 2465 &signature_match));
2353 2466
2354 // Ensure that signing using a public key, rather than a private key, fails. 2467 // Ensure that signing using a public key, rather than a private key, fails.
2355 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2468 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2356 Sign(algorithm, public_key, CryptoData(data), &signature)); 2469 Sign(algorithm, public_key, CryptoData(data), &signature));
2357 2470
2358 // Ensure that signing and verifying with an incompatible algorithm fails. 2471 // Ensure that signing and verifying with an incompatible algorithm fails.
2359 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2472 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2360 2473
2361 EXPECT_STATUS(Status::ErrorUnexpected(), 2474 EXPECT_EQ(Status::ErrorUnexpected(),
2362 Sign(algorithm, private_key, CryptoData(data), &signature)); 2475 Sign(algorithm, private_key, CryptoData(data), &signature));
2363 EXPECT_STATUS(Status::ErrorUnexpected(), 2476 EXPECT_EQ(Status::ErrorUnexpected(),
2364 VerifySignature(algorithm, 2477 VerifySignature(algorithm,
2365 public_key, 2478 public_key,
2366 CryptoData(signature), 2479 CryptoData(signature),
2367 CryptoData(data), 2480 CryptoData(data),
2368 &signature_match)); 2481 &signature_match));
2369 2482
2370 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash 2483 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
2371 // based solely on the contents of the input signature data. In the Web Crypto 2484 // based solely on the contents of the input signature data. In the Web Crypto
2372 // implementation, the inner hash should be specified uniquely by the key 2485 // implementation, the inner hash should be specified uniquely by the key
2373 // algorithm parameter. To validate this behavior, call Verify with a computed 2486 // algorithm parameter. To validate this behavior, call Verify with a computed
2374 // signature that used one hash type (SHA-1), but pass in a key with a 2487 // signature that used one hash type (SHA-1), but pass in a key with a
2375 // different inner hash type (SHA-256). If the hash type is determined by the 2488 // different inner hash type (SHA-256). If the hash type is determined by the
2376 // signature itself (undesired), the verify will pass, while if the hash type 2489 // signature itself (undesired), the verify will pass, while if the hash type
2377 // is specified by the key algorithm (desired), the verify will fail. 2490 // is specified by the key algorithm (desired), the verify will fail.
2378 2491
2379 // Compute a signature using SHA-1 as the inner hash. 2492 // Compute a signature using SHA-1 as the inner hash.
2380 EXPECT_STATUS_SUCCESS( 2493 EXPECT_EQ(Status::Success(),
2381 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 2494 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
2382 private_key, 2495 private_key,
2383 CryptoData(data), 2496 CryptoData(data),
2384 &signature)); 2497 &signature));
2385 2498
2386 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); 2499 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull();
2387 EXPECT_STATUS_SUCCESS(ImportKey( 2500 EXPECT_EQ(Status::Success(),
2388 blink::WebCryptoKeyFormatSpki, 2501 ImportKey(blink::WebCryptoKeyFormatSpki,
2389 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 2502 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
2390 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2503 CreateRsaHashedImportAlgorithm(
2391 blink::WebCryptoAlgorithmIdSha256), 2504 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2392 true, 2505 blink::WebCryptoAlgorithmIdSha256),
2393 usage_mask, 2506 true,
2394 &public_key_256)); 2507 usage_mask,
2508 &public_key_256));
2395 2509
2396 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The 2510 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
2397 // signature should not verify. 2511 // signature should not verify.
2398 // NOTE: public_key was produced by generateKey, and so its associated 2512 // NOTE: public_key was produced by generateKey, and so its associated
2399 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus 2513 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
2400 // it has no inner hash to conflict with the input algorithm. 2514 // it has no inner hash to conflict with the input algorithm.
2401 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2515 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2402 private_key.algorithm().rsaHashedParams()->hash().id()); 2516 private_key.algorithm().rsaHashedParams()->hash().id());
2403 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2517 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2404 public_key_256.algorithm().rsaHashedParams()->hash().id()); 2518 public_key_256.algorithm().rsaHashedParams()->hash().id());
2405 2519
2406 bool is_match; 2520 bool is_match;
2407 EXPECT_STATUS_SUCCESS(VerifySignature( 2521 EXPECT_EQ(Status::Success(),
2408 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 2522 VerifySignature(
2409 public_key_256, 2523 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
2410 CryptoData(signature), 2524 public_key_256,
2411 CryptoData(data), 2525 CryptoData(signature),
2412 &is_match)); 2526 CryptoData(data),
2527 &is_match));
2413 EXPECT_FALSE(is_match); 2528 EXPECT_FALSE(is_match);
2414 } 2529 }
2415 2530
2416 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { 2531 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
2417 scoped_ptr<base::ListValue> tests; 2532 scoped_ptr<base::ListValue> tests;
2418 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); 2533 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
2419 2534
2420 // Import the key pair. 2535 // Import the key pair.
2421 blink::WebCryptoAlgorithm importAlgorithm = 2536 blink::WebCryptoAlgorithm importAlgorithm =
2422 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2537 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
(...skipping 19 matching lines...) Expand all
2442 2557
2443 base::DictionaryValue* test; 2558 base::DictionaryValue* test;
2444 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 2559 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
2445 2560
2446 std::vector<uint8> test_message = 2561 std::vector<uint8> test_message =
2447 GetBytesFromHexString(test, "message_hex"); 2562 GetBytesFromHexString(test, "message_hex");
2448 std::vector<uint8> test_signature = 2563 std::vector<uint8> test_signature =
2449 GetBytesFromHexString(test, "signature_hex"); 2564 GetBytesFromHexString(test, "signature_hex");
2450 2565
2451 signature.reset(); 2566 signature.reset();
2452 ASSERT_STATUS_SUCCESS( 2567 ASSERT_EQ(
2568 Status::Success(),
2453 Sign(algorithm, private_key, CryptoData(test_message), &signature)); 2569 Sign(algorithm, private_key, CryptoData(test_message), &signature));
2454 EXPECT_TRUE(ArrayBufferMatches(test_signature, signature)); 2570 EXPECT_TRUE(ArrayBufferMatches(test_signature, signature));
2455 2571
2456 bool is_match = false; 2572 bool is_match = false;
2457 ASSERT_STATUS_SUCCESS(VerifySignature(algorithm, 2573 ASSERT_EQ(Status::Success(),
2458 public_key, 2574 VerifySignature(algorithm,
2459 CryptoData(test_signature), 2575 public_key,
2460 CryptoData(test_message), 2576 CryptoData(test_signature),
2461 &is_match)); 2577 CryptoData(test_message),
2578 &is_match));
2462 EXPECT_TRUE(is_match); 2579 EXPECT_TRUE(is_match);
2463 } 2580 }
2464 } 2581 }
2465 2582
2466 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { 2583 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
2467 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 2584 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
2468 blink::WebCryptoAlgorithm algorithm = 2585 blink::WebCryptoAlgorithm algorithm =
2469 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2586 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2470 2587
2471 // Import a 128-bit Key Encryption Key (KEK) 2588 // Import a 128-bit Key Encryption Key (KEK)
2472 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; 2589 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
2473 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2590 ASSERT_EQ(Status::Success(),
2474 CryptoData(HexStringToBytes(key_raw_hex_in)), 2591 ImportKey(blink::WebCryptoKeyFormatRaw,
2475 algorithm, 2592 CryptoData(HexStringToBytes(key_raw_hex_in)),
2476 true, 2593 algorithm,
2477 blink::WebCryptoKeyUsageWrapKey, 2594 true,
2478 &key)); 2595 blink::WebCryptoKeyUsageWrapKey,
2596 &key));
2479 blink::WebArrayBuffer key_raw_out; 2597 blink::WebArrayBuffer key_raw_out;
2480 EXPECT_STATUS_SUCCESS( 2598 EXPECT_EQ(Status::Success(),
2481 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2599 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2482 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2600 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2483 2601
2484 // Import a 192-bit KEK 2602 // Import a 192-bit KEK
2485 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; 2603 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103";
2486 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2604 ASSERT_EQ(Status::Success(),
2487 CryptoData(HexStringToBytes(key_raw_hex_in)), 2605 ImportKey(blink::WebCryptoKeyFormatRaw,
2488 algorithm, 2606 CryptoData(HexStringToBytes(key_raw_hex_in)),
2489 true, 2607 algorithm,
2490 blink::WebCryptoKeyUsageWrapKey, 2608 true,
2491 &key)); 2609 blink::WebCryptoKeyUsageWrapKey,
2492 EXPECT_STATUS_SUCCESS( 2610 &key));
2493 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2611 EXPECT_EQ(Status::Success(),
2612 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2494 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2613 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2495 2614
2496 // Import a 256-bit Key Encryption Key (KEK) 2615 // Import a 256-bit Key Encryption Key (KEK)
2497 key_raw_hex_in = 2616 key_raw_hex_in =
2498 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; 2617 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f";
2499 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2618 ASSERT_EQ(Status::Success(),
2500 CryptoData(HexStringToBytes(key_raw_hex_in)), 2619 ImportKey(blink::WebCryptoKeyFormatRaw,
2501 algorithm, 2620 CryptoData(HexStringToBytes(key_raw_hex_in)),
2502 true, 2621 algorithm,
2503 blink::WebCryptoKeyUsageWrapKey, 2622 true,
2504 &key)); 2623 blink::WebCryptoKeyUsageWrapKey,
2505 EXPECT_STATUS_SUCCESS( 2624 &key));
2506 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2625 EXPECT_EQ(Status::Success(),
2626 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2507 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2627 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2508 2628
2509 // Fail import of 0 length key 2629 // Fail import of 0 length key
2510 EXPECT_STATUS(Status::Error(), 2630 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2511 ImportKey(blink::WebCryptoKeyFormatRaw, 2631 ImportKey(blink::WebCryptoKeyFormatRaw,
2512 CryptoData(HexStringToBytes("")), 2632 CryptoData(HexStringToBytes("")),
2513 algorithm, 2633 algorithm,
2514 true, 2634 true,
2515 blink::WebCryptoKeyUsageWrapKey, 2635 blink::WebCryptoKeyUsageWrapKey,
2516 &key)); 2636 &key));
2517 2637
2518 // Fail import of 124-bit KEK 2638 // Fail import of 124-bit KEK
2519 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; 2639 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb";
2520 EXPECT_STATUS(Status::Error(), 2640 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2521 ImportKey(blink::WebCryptoKeyFormatRaw, 2641 ImportKey(blink::WebCryptoKeyFormatRaw,
2522 CryptoData(HexStringToBytes(key_raw_hex_in)), 2642 CryptoData(HexStringToBytes(key_raw_hex_in)),
2523 algorithm, 2643 algorithm,
2524 true, 2644 true,
2525 blink::WebCryptoKeyUsageWrapKey, 2645 blink::WebCryptoKeyUsageWrapKey,
2526 &key)); 2646 &key));
2527 2647
2528 // Fail import of 200-bit KEK 2648 // Fail import of 200-bit KEK
2529 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; 2649 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e";
2530 EXPECT_STATUS(Status::Error(), 2650 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2531 ImportKey(blink::WebCryptoKeyFormatRaw, 2651 ImportKey(blink::WebCryptoKeyFormatRaw,
2532 CryptoData(HexStringToBytes(key_raw_hex_in)), 2652 CryptoData(HexStringToBytes(key_raw_hex_in)),
2533 algorithm, 2653 algorithm,
2534 true, 2654 true,
2535 blink::WebCryptoKeyUsageWrapKey, 2655 blink::WebCryptoKeyUsageWrapKey,
2536 &key)); 2656 &key));
2537 2657
2538 // Fail import of 260-bit KEK 2658 // Fail import of 260-bit KEK
2539 key_raw_hex_in = 2659 key_raw_hex_in =
2540 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; 2660 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
2541 EXPECT_STATUS(Status::Error(), 2661 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2542 ImportKey(blink::WebCryptoKeyFormatRaw, 2662 ImportKey(blink::WebCryptoKeyFormatRaw,
2543 CryptoData(HexStringToBytes(key_raw_hex_in)), 2663 CryptoData(HexStringToBytes(key_raw_hex_in)),
2544 algorithm, 2664 algorithm,
2545 true, 2665 true,
2546 blink::WebCryptoKeyUsageWrapKey, 2666 blink::WebCryptoKeyUsageWrapKey,
2547 &key)); 2667 &key));
2548 } 2668 }
2549 2669
2550 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { 2670 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) {
2551 // This test exercises the code path common to all unwrap operations. 2671 // This test exercises the code path common to all unwrap operations.
2552 scoped_ptr<base::ListValue> tests; 2672 scoped_ptr<base::ListValue> tests;
2553 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2673 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2554 base::DictionaryValue* test; 2674 base::DictionaryValue* test;
2555 ASSERT_TRUE(tests->GetDictionary(0, &test)); 2675 ASSERT_TRUE(tests->GetDictionary(0, &test));
2556 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); 2676 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2557 const std::vector<uint8> test_ciphertext = 2677 const std::vector<uint8> test_ciphertext =
2558 GetBytesFromHexString(test, "ciphertext"); 2678 GetBytesFromHexString(test, "ciphertext");
2559 2679
2560 // Using a key that does not have unwrapKey usage should fail. 2680 // Using a key that does not have unwrapKey usage should fail.
2561 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw( 2681 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw(
2562 test_kek, 2682 test_kek,
2563 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2683 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2564 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey 2684 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey
2565 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2685 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2566 EXPECT_STATUS( 2686 EXPECT_EQ(
2567 Status::ErrorUnexpected(), 2687 Status::ErrorUnexpected(),
2568 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2688 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2569 CryptoData(test_ciphertext), 2689 CryptoData(test_ciphertext),
2570 bad_wrapping_key, 2690 bad_wrapping_key,
2571 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2691 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2572 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2692 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2573 true, 2693 true,
2574 blink::WebCryptoKeyUsageEncrypt, 2694 blink::WebCryptoKeyUsageEncrypt,
2575 &unwrapped_key)); 2695 &unwrapped_key));
2576 2696
2577 // Using a wrapping algorithm that does not match the wrapping key algorithm 2697 // Using a wrapping algorithm that does not match the wrapping key algorithm
2578 // should fail. 2698 // should fail.
2579 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2699 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2580 test_kek, 2700 test_kek,
2581 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2701 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2582 blink::WebCryptoKeyUsageUnwrapKey); 2702 blink::WebCryptoKeyUsageUnwrapKey);
2583 EXPECT_STATUS( 2703 EXPECT_EQ(
2584 Status::ErrorUnexpected(), 2704 Status::ErrorUnexpected(),
2585 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2705 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2586 CryptoData(test_ciphertext), 2706 CryptoData(test_ciphertext),
2587 wrapping_key, 2707 wrapping_key,
2588 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2708 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2589 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2709 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2590 true, 2710 true,
2591 blink::WebCryptoKeyUsageEncrypt, 2711 blink::WebCryptoKeyUsageEncrypt,
2592 &unwrapped_key)); 2712 &unwrapped_key));
2593 } 2713 }
(...skipping 20 matching lines...) Expand all
2614 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); 2734 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2615 2735
2616 // Import the key to be wrapped. 2736 // Import the key to be wrapped.
2617 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2737 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2618 test_key, 2738 test_key,
2619 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2739 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2620 blink::WebCryptoKeyUsageEncrypt); 2740 blink::WebCryptoKeyUsageEncrypt);
2621 2741
2622 // Wrap the key and verify the ciphertext result against the known answer. 2742 // Wrap the key and verify the ciphertext result against the known answer.
2623 blink::WebArrayBuffer wrapped_key; 2743 blink::WebArrayBuffer wrapped_key;
2624 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw, 2744 ASSERT_EQ(Status::Success(),
2625 wrapping_key, 2745 WrapKey(blink::WebCryptoKeyFormatRaw,
2626 key, 2746 wrapping_key,
2627 wrapping_algorithm, 2747 key,
2628 &wrapped_key)); 2748 wrapping_algorithm,
2749 &wrapped_key));
2629 EXPECT_TRUE(ArrayBufferMatches(test_ciphertext, wrapped_key)); 2750 EXPECT_TRUE(ArrayBufferMatches(test_ciphertext, wrapped_key));
2630 2751
2631 // Unwrap the known ciphertext to get a new test_key. 2752 // Unwrap the known ciphertext to get a new test_key.
2632 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2753 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2633 ASSERT_STATUS_SUCCESS( 2754 ASSERT_EQ(
2755 Status::Success(),
2634 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2756 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2635 CryptoData(test_ciphertext), 2757 CryptoData(test_ciphertext),
2636 wrapping_key, 2758 wrapping_key,
2637 wrapping_algorithm, 2759 wrapping_algorithm,
2638 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2760 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2639 true, 2761 true,
2640 blink::WebCryptoKeyUsageEncrypt, 2762 blink::WebCryptoKeyUsageEncrypt,
2641 &unwrapped_key)); 2763 &unwrapped_key));
2642 EXPECT_FALSE(key.isNull()); 2764 EXPECT_FALSE(key.isNull());
2643 EXPECT_TRUE(key.handle()); 2765 EXPECT_TRUE(key.handle());
2644 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 2766 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
2645 EXPECT_EQ( 2767 EXPECT_EQ(
2646 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), 2768 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
2647 key.algorithm().id()); 2769 key.algorithm().id());
2648 EXPECT_EQ(true, key.extractable()); 2770 EXPECT_EQ(true, key.extractable());
2649 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 2771 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
2650 2772
2651 // Export the new key and compare its raw bytes with the original known key. 2773 // Export the new key and compare its raw bytes with the original known key.
2652 blink::WebArrayBuffer raw_key; 2774 blink::WebArrayBuffer raw_key;
2653 EXPECT_STATUS_SUCCESS( 2775 EXPECT_EQ(Status::Success(),
2654 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 2776 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2655 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 2777 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
2656 } 2778 }
2657 } 2779 }
2658 2780
2659 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { 2781 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
2660 scoped_ptr<base::ListValue> tests; 2782 scoped_ptr<base::ListValue> tests;
2661 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2783 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2662 base::DictionaryValue* test; 2784 base::DictionaryValue* test;
2663 // Use 256 bits of data with a 256-bit KEK 2785 // Use 256 bits of data with a 256-bit KEK
2664 ASSERT_TRUE(tests->GetDictionary(5, &test)); 2786 ASSERT_TRUE(tests->GetDictionary(5, &test));
(...skipping 13 matching lines...) Expand all
2678 // Import the key to be wrapped. 2800 // Import the key to be wrapped.
2679 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2801 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2680 test_key, 2802 test_key,
2681 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2803 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2682 blink::WebCryptoKeyUsageEncrypt); 2804 blink::WebCryptoKeyUsageEncrypt);
2683 2805
2684 // Unwrap with wrapped data too small must fail. 2806 // Unwrap with wrapped data too small must fail.
2685 const std::vector<uint8> small_data(test_ciphertext.begin(), 2807 const std::vector<uint8> small_data(test_ciphertext.begin(),
2686 test_ciphertext.begin() + 23); 2808 test_ciphertext.begin() + 23);
2687 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2809 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2688 EXPECT_STATUS(Status::ErrorDataTooSmall(), 2810 EXPECT_EQ(Status::ErrorDataTooSmall(),
2689 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2811 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2690 CryptoData(small_data), 2812 CryptoData(small_data),
2691 wrapping_key, 2813 wrapping_key,
2692 wrapping_algorithm, 2814 wrapping_algorithm,
2693 key_algorithm, 2815 key_algorithm,
2694 true, 2816 true,
2695 blink::WebCryptoKeyUsageEncrypt, 2817 blink::WebCryptoKeyUsageEncrypt,
2696 &unwrapped_key)); 2818 &unwrapped_key));
2697 2819
2698 // Unwrap with wrapped data size not a multiple of 8 bytes must fail. 2820 // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
2699 const std::vector<uint8> unaligned_data(test_ciphertext.begin(), 2821 const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
2700 test_ciphertext.end() - 2); 2822 test_ciphertext.end() - 2);
2701 EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(), 2823 EXPECT_EQ(Status::ErrorInvalidAesKwDataLength(),
2702 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2824 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2703 CryptoData(unaligned_data), 2825 CryptoData(unaligned_data),
2704 wrapping_key, 2826 wrapping_key,
2705 wrapping_algorithm, 2827 wrapping_algorithm,
2706 key_algorithm, 2828 key_algorithm,
2707 true, 2829 true,
2708 blink::WebCryptoKeyUsageEncrypt, 2830 blink::WebCryptoKeyUsageEncrypt,
2709 &unwrapped_key)); 2831 &unwrapped_key));
2710 } 2832 }
2711 2833
2712 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) { 2834 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) {
2713 scoped_ptr<base::ListValue> tests; 2835 scoped_ptr<base::ListValue> tests;
2714 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2836 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2715 base::DictionaryValue* test; 2837 base::DictionaryValue* test;
2716 // Use 256 bits of data with a 256-bit KEK 2838 // Use 256 bits of data with a 256-bit KEK
2717 ASSERT_TRUE(tests->GetDictionary(5, &test)); 2839 ASSERT_TRUE(tests->GetDictionary(5, &test));
2718 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); 2840 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2719 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); 2841 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
2720 const std::vector<uint8> test_ciphertext = 2842 const std::vector<uint8> test_ciphertext =
2721 GetBytesFromHexString(test, "ciphertext"); 2843 GetBytesFromHexString(test, "ciphertext");
2722 const blink::WebCryptoAlgorithm wrapping_algorithm = 2844 const blink::WebCryptoAlgorithm wrapping_algorithm =
2723 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2845 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2724 2846
2725 // Import the wrapping key. 2847 // Import the wrapping key.
2726 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2848 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2727 test_kek, 2849 test_kek,
2728 wrapping_algorithm, 2850 wrapping_algorithm,
2729 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); 2851 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2730 2852
2731 // Unwrap of a corrupted version of the known ciphertext should fail, due to 2853 // Unwrap of a corrupted version of the known ciphertext should fail, due to
2732 // AES-KW's built-in integrity check. 2854 // AES-KW's built-in integrity check.
2733 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2855 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2734 EXPECT_STATUS( 2856 EXPECT_EQ(
2735 Status::Error(), 2857 Status::OperationError(),
2736 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2858 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2737 CryptoData(Corrupted(test_ciphertext)), 2859 CryptoData(Corrupted(test_ciphertext)),
2738 wrapping_key, 2860 wrapping_key,
2739 wrapping_algorithm, 2861 wrapping_algorithm,
2740 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2862 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2741 true, 2863 true,
2742 blink::WebCryptoKeyUsageEncrypt, 2864 blink::WebCryptoKeyUsageEncrypt,
2743 &unwrapped_key)); 2865 &unwrapped_key));
2744 } 2866 }
2745 2867
(...skipping 16 matching lines...) Expand all
2762 HexStringToBytes("000102030405060708090A0B0C0D0E0F"); 2884 HexStringToBytes("000102030405060708090A0B0C0D0E0F");
2763 const blink::WebCryptoAlgorithm wrapping_algorithm = 2885 const blink::WebCryptoAlgorithm wrapping_algorithm =
2764 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2886 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2765 2887
2766 // Import the wrapping key. 2888 // Import the wrapping key.
2767 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2889 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2768 wrapping_key_data, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey); 2890 wrapping_key_data, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey);
2769 2891
2770 // Unwrap the known wrapped key data to produce a new key 2892 // Unwrap the known wrapped key data to produce a new key
2771 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2893 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2772 ASSERT_STATUS_SUCCESS( 2894 ASSERT_EQ(
2895 Status::Success(),
2773 UnwrapKey(blink::WebCryptoKeyFormatJwk, 2896 UnwrapKey(blink::WebCryptoKeyFormatJwk,
2774 CryptoData(wrapped_key_data), 2897 CryptoData(wrapped_key_data),
2775 wrapping_key, 2898 wrapping_key,
2776 wrapping_algorithm, 2899 wrapping_algorithm,
2777 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), 2900 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
2778 true, 2901 true,
2779 blink::WebCryptoKeyUsageVerify, 2902 blink::WebCryptoKeyUsageVerify,
2780 &unwrapped_key)); 2903 &unwrapped_key));
2781 2904
2782 // Validate the new key's attributes. 2905 // Validate the new key's attributes.
2783 EXPECT_FALSE(unwrapped_key.isNull()); 2906 EXPECT_FALSE(unwrapped_key.isNull());
2784 EXPECT_TRUE(unwrapped_key.handle()); 2907 EXPECT_TRUE(unwrapped_key.handle());
2785 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); 2908 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type());
2786 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id()); 2909 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id());
2787 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2910 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2788 unwrapped_key.algorithm().hmacParams()->hash().id()); 2911 unwrapped_key.algorithm().hmacParams()->hash().id());
2789 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits()); 2912 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits());
2790 EXPECT_EQ(true, unwrapped_key.extractable()); 2913 EXPECT_EQ(true, unwrapped_key.extractable());
2791 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages()); 2914 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages());
2792 2915
2793 // Export the new key's raw data and compare to the known original. 2916 // Export the new key's raw data and compare to the known original.
2794 blink::WebArrayBuffer raw_key; 2917 blink::WebArrayBuffer raw_key;
2795 EXPECT_STATUS_SUCCESS( 2918 EXPECT_EQ(Status::Success(),
2796 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 2919 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2797 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); 2920 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key));
2798 } 2921 }
2799 2922
2800 // TODO(eroman): 2923 // TODO(eroman):
2801 // * Test decryption when the tag length exceeds input size 2924 // * Test decryption when the tag length exceeds input size
2802 // * Test decryption with empty input 2925 // * Test decryption with empty input
2803 // * Test decryption with tag length of 0. 2926 // * Test decryption with tag length of 0.
2804 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { 2927 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
2805 // Some Linux test runners may not have a new enough version of NSS. 2928 // Some Linux test runners may not have a new enough version of NSS.
2806 if (!SupportsAesGcm()) { 2929 if (!SupportsAesGcm()) {
(...skipping 22 matching lines...) Expand all
2829 const std::vector<uint8> test_cipher_text = 2952 const std::vector<uint8> test_cipher_text =
2830 GetBytesFromHexString(test, "cipher_text"); 2953 GetBytesFromHexString(test, "cipher_text");
2831 2954
2832 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2955 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2833 test_key, 2956 test_key,
2834 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), 2957 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
2835 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 2958 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
2836 2959
2837 // Verify exported raw key is identical to the imported data 2960 // Verify exported raw key is identical to the imported data
2838 blink::WebArrayBuffer raw_key; 2961 blink::WebArrayBuffer raw_key;
2839 EXPECT_STATUS_SUCCESS( 2962 EXPECT_EQ(Status::Success(),
2840 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 2963 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
2841 2964
2842 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 2965 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
2843 2966
2844 // Test encryption. 2967 // Test encryption.
2845 std::vector<uint8> cipher_text; 2968 std::vector<uint8> cipher_text;
2846 std::vector<uint8> authentication_tag; 2969 std::vector<uint8> authentication_tag;
2847 EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, 2970 EXPECT_EQ(Status::Success(),
2848 test_iv, 2971 AesGcmEncrypt(key,
2849 test_additional_data, 2972 test_iv,
2850 test_tag_size_bits, 2973 test_additional_data,
2851 test_plain_text, 2974 test_tag_size_bits,
2852 &cipher_text, 2975 test_plain_text,
2853 &authentication_tag)); 2976 &cipher_text,
2977 &authentication_tag));
2854 2978
2855 ExpectVectorMatches(test_cipher_text, cipher_text); 2979 ExpectVectorMatches(test_cipher_text, cipher_text);
2856 ExpectVectorMatches(test_authentication_tag, authentication_tag); 2980 ExpectVectorMatches(test_authentication_tag, authentication_tag);
2857 2981
2858 // Test decryption. 2982 // Test decryption.
2859 blink::WebArrayBuffer plain_text; 2983 blink::WebArrayBuffer plain_text;
2860 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, 2984 EXPECT_EQ(Status::Success(),
2861 test_iv, 2985 AesGcmDecrypt(key,
2862 test_additional_data, 2986 test_iv,
2863 test_tag_size_bits, 2987 test_additional_data,
2864 test_cipher_text, 2988 test_tag_size_bits,
2865 test_authentication_tag, 2989 test_cipher_text,
2866 &plain_text)); 2990 test_authentication_tag,
2991 &plain_text));
2867 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text)); 2992 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text));
2868 2993
2869 // Decryption should fail if any of the inputs are tampered with. 2994 // Decryption should fail if any of the inputs are tampered with.
2870 EXPECT_STATUS(Status::Error(), 2995 EXPECT_EQ(Status::OperationError(),
2871 AesGcmDecrypt(key, 2996 AesGcmDecrypt(key,
2872 Corrupted(test_iv), 2997 Corrupted(test_iv),
2873 test_additional_data, 2998 test_additional_data,
2874 test_tag_size_bits, 2999 test_tag_size_bits,
2875 test_cipher_text, 3000 test_cipher_text,
2876 test_authentication_tag, 3001 test_authentication_tag,
2877 &plain_text)); 3002 &plain_text));
2878 EXPECT_STATUS(Status::Error(), 3003 EXPECT_EQ(Status::OperationError(),
2879 AesGcmDecrypt(key, 3004 AesGcmDecrypt(key,
2880 test_iv, 3005 test_iv,
2881 Corrupted(test_additional_data), 3006 Corrupted(test_additional_data),
2882 test_tag_size_bits, 3007 test_tag_size_bits,
2883 test_cipher_text, 3008 test_cipher_text,
2884 test_authentication_tag, 3009 test_authentication_tag,
2885 &plain_text)); 3010 &plain_text));
2886 EXPECT_STATUS(Status::Error(), 3011 EXPECT_EQ(Status::OperationError(),
2887 AesGcmDecrypt(key, 3012 AesGcmDecrypt(key,
2888 test_iv, 3013 test_iv,
2889 test_additional_data, 3014 test_additional_data,
2890 test_tag_size_bits, 3015 test_tag_size_bits,
2891 Corrupted(test_cipher_text), 3016 Corrupted(test_cipher_text),
2892 test_authentication_tag, 3017 test_authentication_tag,
2893 &plain_text)); 3018 &plain_text));
2894 EXPECT_STATUS(Status::Error(), 3019 EXPECT_EQ(Status::OperationError(),
2895 AesGcmDecrypt(key, 3020 AesGcmDecrypt(key,
2896 test_iv, 3021 test_iv,
2897 test_additional_data, 3022 test_additional_data,
2898 test_tag_size_bits, 3023 test_tag_size_bits,
2899 test_cipher_text, 3024 test_cipher_text,
2900 Corrupted(test_authentication_tag), 3025 Corrupted(test_authentication_tag),
2901 &plain_text)); 3026 &plain_text));
2902 3027
2903 // Try different incorrect tag lengths 3028 // Try different incorrect tag lengths
2904 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255}; 3029 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255};
2905 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) { 3030 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) {
2906 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i]; 3031 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i];
2907 if (test_tag_size_bits == wrong_tag_size_bits) 3032 if (test_tag_size_bits == wrong_tag_size_bits)
2908 continue; 3033 continue;
2909 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, 3034 EXPECT_NE(Status::Success(),
2910 test_iv, 3035 AesGcmDecrypt(key,
2911 test_additional_data, 3036 test_iv,
2912 wrong_tag_size_bits, 3037 test_additional_data,
2913 test_cipher_text, 3038 wrong_tag_size_bits,
2914 test_authentication_tag, 3039 test_cipher_text,
2915 &plain_text)); 3040 test_authentication_tag,
3041 &plain_text));
2916 } 3042 }
2917 } 3043 }
2918 } 3044 }
2919 3045
2920 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { 3046 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) {
2921 scoped_ptr<base::Value> json; 3047 scoped_ptr<base::Value> json;
2922 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); 3048 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
2923 base::DictionaryValue* test = NULL; 3049 base::DictionaryValue* test = NULL;
2924 ASSERT_TRUE(json->GetAsDictionary(&test)); 3050 ASSERT_TRUE(json->GetAsDictionary(&test));
2925 const std::vector<uint8> rsa_spki_der = 3051 const std::vector<uint8> rsa_spki_der =
(...skipping 15 matching lines...) Expand all
2941 rsa_spki_der, 3067 rsa_spki_der,
2942 rsa_pkcs8_der, 3068 rsa_pkcs8_der,
2943 algorithm, 3069 algorithm,
2944 false, 3070 false,
2945 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3071 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
2946 &public_key, 3072 &public_key,
2947 &private_key); 3073 &private_key);
2948 3074
2949 // Import the symmetric key. 3075 // Import the symmetric key.
2950 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3076 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
2951 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3077 ASSERT_EQ(Status::Success(),
2952 CryptoData(cleartext), 3078 ImportKey(blink::WebCryptoKeyFormatRaw,
2953 key_algorithm, 3079 CryptoData(cleartext),
2954 true, 3080 key_algorithm,
2955 blink::WebCryptoKeyUsageSign, 3081 true,
2956 &key)); 3082 blink::WebCryptoKeyUsageSign,
3083 &key));
2957 3084
2958 // Wrap the symmetric key with raw format. 3085 // Wrap the symmetric key with raw format.
2959 blink::WebArrayBuffer wrapped_key; 3086 blink::WebArrayBuffer wrapped_key;
2960 ASSERT_STATUS_SUCCESS(WrapKey( 3087 ASSERT_EQ(Status::Success(),
2961 blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); 3088 WrapKey(blink::WebCryptoKeyFormatRaw,
3089 public_key,
3090 key,
3091 algorithm,
3092 &wrapped_key));
2962 3093
2963 // Unwrap the wrapped key. 3094 // Unwrap the wrapped key.
2964 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3095 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2965 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, 3096 ASSERT_EQ(Status::Success(),
2966 CryptoData(wrapped_key), 3097 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2967 private_key, 3098 CryptoData(wrapped_key),
2968 algorithm, 3099 private_key,
2969 key_algorithm, 3100 algorithm,
2970 true, 3101 key_algorithm,
2971 blink::WebCryptoKeyUsageSign, 3102 true,
2972 &unwrapped_key)); 3103 blink::WebCryptoKeyUsageSign,
3104 &unwrapped_key));
2973 EXPECT_FALSE(key.isNull()); 3105 EXPECT_FALSE(key.isNull());
2974 EXPECT_TRUE(key.handle()); 3106 EXPECT_TRUE(key.handle());
2975 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 3107 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
2976 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); 3108 EXPECT_EQ(key_algorithm.id(), key.algorithm().id());
2977 EXPECT_EQ(true, key.extractable()); 3109 EXPECT_EQ(true, key.extractable());
2978 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); 3110 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
2979 3111
2980 // Export the new key and compare its raw bytes with the original known data. 3112 // Export the new key and compare its raw bytes with the original known data.
2981 blink::WebArrayBuffer raw_key; 3113 blink::WebArrayBuffer raw_key;
2982 EXPECT_STATUS_SUCCESS( 3114 EXPECT_EQ(Status::Success(),
2983 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3115 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2984 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); 3116 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
2985 3117
2986 // Unwrap the known wrapped key and compare to the known cleartext. 3118 // Unwrap the known wrapped key and compare to the known cleartext.
2987 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, 3119 ASSERT_EQ(Status::Success(),
2988 CryptoData(ciphertext), 3120 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2989 private_key, 3121 CryptoData(ciphertext),
2990 algorithm, 3122 private_key,
2991 key_algorithm, 3123 algorithm,
2992 true, 3124 key_algorithm,
2993 blink::WebCryptoKeyUsageSign, 3125 true,
2994 &unwrapped_key)); 3126 blink::WebCryptoKeyUsageSign,
2995 EXPECT_STATUS_SUCCESS( 3127 &unwrapped_key));
2996 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3128 EXPECT_EQ(Status::Success(),
3129 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2997 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); 3130 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
2998 } 3131 }
2999 3132
3000 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { 3133 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) {
3001 const std::vector<uint8> data(64, 0); 3134 const std::vector<uint8> data(64, 0);
3002 blink::WebCryptoAlgorithm key_algorithm = 3135 blink::WebCryptoAlgorithm key_algorithm =
3003 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 3136 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
3004 3137
3005 // Import the RSA key pair. 3138 // Import the RSA key pair.
3006 blink::WebCryptoAlgorithm wrapping_algorithm = 3139 blink::WebCryptoAlgorithm wrapping_algorithm =
3007 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3140 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3008 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 3141 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3009 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 3142 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3010 ImportRsaKeyPair( 3143 ImportRsaKeyPair(
3011 HexStringToBytes(kPublicKeySpkiDerHex), 3144 HexStringToBytes(kPublicKeySpkiDerHex),
3012 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3145 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3013 wrapping_algorithm, 3146 wrapping_algorithm,
3014 false, 3147 false,
3015 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3148 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
3016 &public_key, 3149 &public_key,
3017 &private_key); 3150 &private_key);
3018 3151
3019 // Import the symmetric key. 3152 // Import the symmetric key.
3020 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3153 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3021 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3154 ASSERT_EQ(Status::Success(),
3022 CryptoData(data), 3155 ImportKey(blink::WebCryptoKeyFormatRaw,
3023 key_algorithm, 3156 CryptoData(data),
3024 true, 3157 key_algorithm,
3025 blink::WebCryptoKeyUsageSign, 3158 true,
3026 &key)); 3159 blink::WebCryptoKeyUsageSign,
3160 &key));
3027 3161
3028 // Wrapping with a private key should fail. 3162 // Wrapping with a private key should fail.
3029 blink::WebArrayBuffer wrapped_key; 3163 blink::WebArrayBuffer wrapped_key;
3030 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 3164 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3031 WrapKey(blink::WebCryptoKeyFormatRaw, 3165 WrapKey(blink::WebCryptoKeyFormatRaw,
3032 private_key, 3166 private_key,
3033 key, 3167 key,
3034 wrapping_algorithm, 3168 wrapping_algorithm,
3035 &wrapped_key)); 3169 &wrapped_key));
3036 3170
3037 // Wrapping a key whose raw keying material is too large for the wrapping key 3171 // Wrapping a key whose raw keying material is too large for the wrapping key
3038 // should fail. 3172 // should fail.
3039 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet 3173 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet
3040 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a 3174 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a
3041 // big piece of data here that fails both of these criteria, so it can be used 3175 // big piece of data here that fails both of these criteria, so it can be used
3042 // for both wrap and unwrap negative tests below. 3176 // for both wrap and unwrap negative tests below.
3043 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0); 3177 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0);
3044 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); 3178 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull();
3045 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3179 ASSERT_EQ(Status::Success(),
3046 CryptoData(big_data), 3180 ImportKey(blink::WebCryptoKeyFormatRaw,
3047 key_algorithm, 3181 CryptoData(big_data),
3048 true, 3182 key_algorithm,
3049 blink::WebCryptoKeyUsageSign, 3183 true,
3050 &big_key)); 3184 blink::WebCryptoKeyUsageSign,
3051 EXPECT_STATUS(Status::ErrorDataTooLarge(), 3185 &big_key));
3052 WrapKey(blink::WebCryptoKeyFormatRaw, 3186 EXPECT_EQ(Status::ErrorDataTooLarge(),
3053 public_key, 3187 WrapKey(blink::WebCryptoKeyFormatRaw,
3054 big_key, 3188 public_key,
3055 wrapping_algorithm, 3189 big_key,
3056 &wrapped_key)); 3190 wrapping_algorithm,
3191 &wrapped_key));
3057 3192
3058 // Unwrapping with a public key should fail. 3193 // Unwrapping with a public key should fail.
3059 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3194 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3060 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 3195 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3061 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3196 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3062 CryptoData(data), 3197 CryptoData(data),
3063 public_key, 3198 public_key,
3064 wrapping_algorithm, 3199 wrapping_algorithm,
3065 key_algorithm, 3200 key_algorithm,
3066 true, 3201 true,
3067 blink::WebCryptoKeyUsageSign, 3202 blink::WebCryptoKeyUsageSign,
3068 &unwrapped_key)); 3203 &unwrapped_key));
3069 3204
3070 // Unwrapping empty data should fail. 3205 // Unwrapping empty data should fail.
3071 const std::vector<uint8> emtpy_data; 3206 const std::vector<uint8> emtpy_data;
3072 EXPECT_STATUS(Status::ErrorDataTooSmall(), 3207 EXPECT_EQ(Status::ErrorDataTooSmall(),
3073 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3208 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3074 CryptoData(emtpy_data), 3209 CryptoData(emtpy_data),
3075 private_key, 3210 private_key,
3076 wrapping_algorithm, 3211 wrapping_algorithm,
3077 key_algorithm, 3212 key_algorithm,
3078 true, 3213 true,
3079 blink::WebCryptoKeyUsageSign, 3214 blink::WebCryptoKeyUsageSign,
3080 &unwrapped_key)); 3215 &unwrapped_key));
3081 3216
3082 // Unwrapping data too large for the wrapping key should fail. 3217 // Unwrapping data too large for the wrapping key should fail.
3083 EXPECT_STATUS(Status::ErrorDataTooLarge(), 3218 EXPECT_EQ(Status::ErrorDataTooLarge(),
3084 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3219 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3085 CryptoData(big_data), 3220 CryptoData(big_data),
3086 private_key, 3221 private_key,
3087 wrapping_algorithm, 3222 wrapping_algorithm,
3088 key_algorithm, 3223 key_algorithm,
3089 true, 3224 true,
3090 blink::WebCryptoKeyUsageSign, 3225 blink::WebCryptoKeyUsageSign,
3091 &unwrapped_key)); 3226 &unwrapped_key));
3092 } 3227 }
3093 3228
3094 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyUnwrapKnownAnswer)) { 3229 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyUnwrapKnownAnswer)) {
3095 // The following data lists a known 128-bit AES-CBC key, then a JWK 3230 // The following data lists a known 128-bit AES-CBC key, then a JWK
3096 // representation of this key that was encrypted ("wrapped") using 3231 // representation of this key that was encrypted ("wrapped") using
3097 // RSAES-PKCS1-v1_5 and kPublicKeySpkiDerHex as the wrapping key. 3232 // RSAES-PKCS1-v1_5 and kPublicKeySpkiDerHex as the wrapping key.
3098 // For reference, the intermediate clear JWK is 3233 // For reference, the intermediate clear JWK is
3099 // {"alg":"A128CBC","ext":true,"k":<b64url>,"key_ops":["encrypt"],"kty":"oct"} 3234 // {"alg":"A128CBC","ext":true,"k":<b64url>,"key_ops":["encrypt"],"kty":"oct"}
3100 const std::vector<uint8> key_data = 3235 const std::vector<uint8> key_data =
3101 HexStringToBytes("8f56a26e7e8b77dca15ed54339724bf5"); 3236 HexStringToBytes("8f56a26e7e8b77dca15ed54339724bf5");
3102 const std::vector<uint8> wrapped_key_data = HexStringToBytes( 3237 const std::vector<uint8> wrapped_key_data = HexStringToBytes(
3103 "9debcabd9c731d6a779622dbef38635419c409b3077af67b3cf0601b2da7054f2ec26156" 3238 "9debcabd9c731d6a779622dbef38635419c409b3077af67b3cf0601b2da7054f2ec26156"
3104 "06bb764e4986f45dd09ce660432a7abbac48b5249924f12dea52275b6d67d8b8a2f63525" 3239 "06bb764e4986f45dd09ce660432a7abbac48b5249924f12dea52275b6d67d8b8a2f63525"
3105 "fbbf67d61244c1afa9e30857b87b7a48cdc0b3196dc1477738cbf9e42ea65d5e0edc3b05" 3240 "fbbf67d61244c1afa9e30857b87b7a48cdc0b3196dc1477738cbf9e42ea65d5e0edc3b05"
3106 "afafadc7d7400e26a51270d251040d51ce46cecc"); 3241 "afafadc7d7400e26a51270d251040d51ce46cecc");
3107 const blink::WebCryptoAlgorithm wrapping_algorithm = 3242 const blink::WebCryptoAlgorithm wrapping_algorithm =
3108 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3243 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3109 3244
3110 // Import the private wrapping key. 3245 // Import the private wrapping key.
3111 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3246 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3112 ASSERT_STATUS_SUCCESS(ImportKey( 3247 ASSERT_EQ(Status::Success(),
3113 blink::WebCryptoKeyFormatPkcs8, 3248 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3114 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3249 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3115 wrapping_algorithm, 3250 wrapping_algorithm,
3116 false, 3251 false,
3117 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageUnwrapKey, 3252 blink::WebCryptoKeyUsageDecrypt |
3118 &private_wrapping_key)); 3253 blink::WebCryptoKeyUsageUnwrapKey,
3254 &private_wrapping_key));
3119 3255
3120 // Unwrap the key. 3256 // Unwrap the key.
3121 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3257 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3122 EXPECT_STATUS_SUCCESS( 3258 EXPECT_EQ(Status::Success(),
3123 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3259 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3124 CryptoData(wrapped_key_data), 3260 CryptoData(wrapped_key_data),
3125 private_wrapping_key, 3261 private_wrapping_key,
3126 wrapping_algorithm, 3262 wrapping_algorithm,
3127 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 3263 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
3128 true, 3264 true,
3129 blink::WebCryptoKeyUsageEncrypt, 3265 blink::WebCryptoKeyUsageEncrypt,
3130 &unwrapped_key)); 3266 &unwrapped_key));
3131 EXPECT_FALSE(unwrapped_key.isNull()); 3267 EXPECT_FALSE(unwrapped_key.isNull());
3132 EXPECT_TRUE(unwrapped_key.handle()); 3268 EXPECT_TRUE(unwrapped_key.handle());
3133 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); 3269 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type());
3134 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id()); 3270 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id());
3135 EXPECT_EQ(true, unwrapped_key.extractable()); 3271 EXPECT_EQ(true, unwrapped_key.extractable());
3136 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages()); 3272 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages());
3137 3273
3138 // Export the unwrapped key and compare to the original. 3274 // Export the unwrapped key and compare to the original.
3139 blink::WebArrayBuffer raw_key; 3275 blink::WebArrayBuffer raw_key;
3140 EXPECT_STATUS_SUCCESS( 3276 EXPECT_EQ(Status::Success(),
3141 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3277 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
3142 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); 3278 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key));
3143 } 3279 }
3144 3280
3145 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) { 3281 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) {
3146 // Generate the symkey to be wrapped (256-bit AES-CBC key). 3282 // Generate the symkey to be wrapped (256-bit AES-CBC key).
3147 const blink::WebCryptoAlgorithm gen_algorithm = 3283 const blink::WebCryptoAlgorithm gen_algorithm =
3148 CreateAesCbcKeyGenAlgorithm(256); 3284 CreateAesCbcKeyGenAlgorithm(256);
3149 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull(); 3285 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull();
3150 ASSERT_STATUS_SUCCESS(GenerateSecretKey( 3286 ASSERT_EQ(
3151 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); 3287 Status::Success(),
3288 GenerateSecretKey(
3289 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap));
3152 3290
3153 // Import the wrapping key pair. 3291 // Import the wrapping key pair.
3154 const blink::WebCryptoAlgorithm wrapping_algorithm = 3292 const blink::WebCryptoAlgorithm wrapping_algorithm =
3155 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3293 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3156 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); 3294 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull();
3157 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3295 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3158 ImportRsaKeyPair( 3296 ImportRsaKeyPair(
3159 HexStringToBytes(kPublicKeySpkiDerHex), 3297 HexStringToBytes(kPublicKeySpkiDerHex),
3160 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3298 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3161 wrapping_algorithm, 3299 wrapping_algorithm,
3162 false, 3300 false,
3163 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3301 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
3164 &public_wrapping_key, 3302 &public_wrapping_key,
3165 &private_wrapping_key); 3303 &private_wrapping_key);
3166 3304
3167 // Wrap the symkey in JWK format, using the public wrapping key. 3305 // Wrap the symkey in JWK format, using the public wrapping key.
3168 blink::WebArrayBuffer wrapped_data; 3306 blink::WebArrayBuffer wrapped_data;
3169 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatJwk, 3307 ASSERT_EQ(Status::Success(),
3170 public_wrapping_key, 3308 WrapKey(blink::WebCryptoKeyFormatJwk,
3171 key_to_wrap, 3309 public_wrapping_key,
3172 wrapping_algorithm, 3310 key_to_wrap,
3173 &wrapped_data)); 3311 wrapping_algorithm,
3312 &wrapped_data));
3174 3313
3175 // Unwrap the key using the private wrapping key. 3314 // Unwrap the key using the private wrapping key.
3176 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3315 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3177 ASSERT_STATUS_SUCCESS( 3316 ASSERT_EQ(Status::Success(),
3178 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3317 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3179 CryptoData(wrapped_data), 3318 CryptoData(wrapped_data),
3180 private_wrapping_key, 3319 private_wrapping_key,
3181 wrapping_algorithm, 3320 wrapping_algorithm,
3182 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 3321 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
3183 true, 3322 true,
3184 blink::WebCryptoKeyUsageEncrypt, 3323 blink::WebCryptoKeyUsageEncrypt,
3185 &unwrapped_key)); 3324 &unwrapped_key));
3186 3325
3187 // Export the original symkey and the unwrapped key and compare. 3326 // Export the original symkey and the unwrapped key and compare.
3188 blink::WebArrayBuffer raw_key1, raw_key2; 3327 blink::WebArrayBuffer raw_key1, raw_key2;
3189 EXPECT_STATUS_SUCCESS( 3328 EXPECT_EQ(Status::Success(),
3190 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1)); 3329 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1));
3191 EXPECT_STATUS_SUCCESS( 3330 EXPECT_EQ(Status::Success(),
3192 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2)); 3331 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2));
3193 EXPECT_TRUE(ArrayBuffersEqual(raw_key1, raw_key2)); 3332 EXPECT_TRUE(ArrayBuffersEqual(raw_key1, raw_key2));
3194 } 3333 }
3195 3334
3196 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) { 3335 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) {
3197 // Unwrap JWK-formatted data that can be successfully decrypted, but contains 3336 // Unwrap JWK-formatted data that can be successfully decrypted, but contains
3198 // an error in the plaintext JWK so it cannot be subsequently imported, and 3337 // an error in the plaintext JWK so it cannot be subsequently imported, and
3199 // ensure that a generic error is returned instead of some other more specific 3338 // ensure that a generic error is returned instead of some other more specific
3200 // error. This shows that information about the plaintext JWK inside the 3339 // error. This shows that information about the plaintext JWK inside the
3201 // encrypted data is not leaked. 3340 // encrypted data is not leaked.
3202 // Note that it is sufficient to consider just one JWK import failure mode 3341 // Note that it is sufficient to consider just one JWK import failure mode
3203 // here; others are validated in the ImportJwkFailures Test. The specific 3342 // here; others are validated in the ImportJwkFailures Test. The specific
3204 // error in the cleartext data below is kty = "foo", which is an invalid kty 3343 // error in the cleartext data below is kty = "foo", which is an invalid kty
3205 // value. 3344 // value.
3206 const std::string cleartext = 3345 const std::string cleartext =
3207 "{\"alg\":\"A128CBC\",\"ext\":true,\"k\":" 3346 "{\"alg\":\"A128CBC\",\"ext\":true,\"k\":"
3208 "\"j1aibn6Ld9yhXtVDOXJL9Q\",\"key_ops\":[\"encrypt\"],\"kty\":\"foo\"}"; 3347 "\"j1aibn6Ld9yhXtVDOXJL9Q\",\"key_ops\":[\"encrypt\"],\"kty\":\"foo\"}";
3209 // ciphertext is the cleartext above encrypted with kPublicKeySpkiDerHex, and 3348 // ciphertext is the cleartext above encrypted with kPublicKeySpkiDerHex, and
3210 // can be decrypted with kPrivateKeyPkcs8DerHex 3349 // can be decrypted with kPrivateKeyPkcs8DerHex
3211 const std::vector<uint8> ciphertext = HexStringToBytes( 3350 const std::vector<uint8> ciphertext = HexStringToBytes(
3212 "93bc7bb2ca8502fcf3224e19b12ba455ac32d01695611022c76d3dbdd797c044de047d44" 3351 "93bc7bb2ca8502fcf3224e19b12ba455ac32d01695611022c76d3dbdd797c044de047d44"
3213 "6c5ed5de5b8f79147ffe1df8da9c894b58881b238d39bd24cecd5c1a98a7c0b07354aee6" 3352 "6c5ed5de5b8f79147ffe1df8da9c894b58881b238d39bd24cecd5c1a98a7c0b07354aee6"
3214 "24791b2d549b7ecf1219c49513a1bcbb0fac5c6b59d350b564c44dc3678dadf84b4ea3d1" 3353 "24791b2d549b7ecf1219c49513a1bcbb0fac5c6b59d350b564c44dc3678dadf84b4ea3d1"
3215 "32e576e88f8d4a2d27c173e033a97bbda7e47bb9"); 3354 "32e576e88f8d4a2d27c173e033a97bbda7e47bb9");
3216 3355
3217 // Import the private decryption key. 3356 // Import the private decryption key.
3218 const blink::WebCryptoAlgorithm algorithm = 3357 const blink::WebCryptoAlgorithm algorithm =
3219 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3358 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3220 blink::WebCryptoKey private_decryption_key = 3359 blink::WebCryptoKey private_decryption_key =
3221 blink::WebCryptoKey::createNull(); 3360 blink::WebCryptoKey::createNull();
3222 ASSERT_STATUS_SUCCESS( 3361 ASSERT_EQ(Status::Success(),
3223 ImportKey(blink::WebCryptoKeyFormatPkcs8, 3362 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3224 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3363 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3225 algorithm, 3364 algorithm,
3226 false, 3365 false,
3227 blink::WebCryptoKeyUsageDecrypt, 3366 blink::WebCryptoKeyUsageDecrypt,
3228 &private_decryption_key)); 3367 &private_decryption_key));
3229 3368
3230 // Decrypt the ciphertext and validate the result, to prove that decryption is 3369 // Decrypt the ciphertext and validate the result, to prove that decryption is
3231 // successful. 3370 // successful.
3232 blink::WebArrayBuffer decrypted_data; 3371 blink::WebArrayBuffer decrypted_data;
3233 ASSERT_STATUS_SUCCESS(Decrypt(algorithm, 3372 ASSERT_EQ(Status::Success(),
3234 private_decryption_key, 3373 Decrypt(algorithm,
3235 CryptoData(ciphertext), 3374 private_decryption_key,
3236 &decrypted_data)); 3375 CryptoData(ciphertext),
3376 &decrypted_data));
3237 const std::string decrypted(static_cast<const char*>(decrypted_data.data()), 3377 const std::string decrypted(static_cast<const char*>(decrypted_data.data()),
3238 decrypted_data.byteLength()); 3378 decrypted_data.byteLength());
3239 EXPECT_EQ(cleartext, decrypted); 3379 EXPECT_EQ(cleartext, decrypted);
3240 3380
3241 // Import the private wrapping key. Note this is the same underlying keying 3381 // Import the private wrapping key. Note this is the same underlying keying
3242 // material used for private_decryption_key above. The only difference is that 3382 // material used for private_decryption_key above. The only difference is that
3243 // it has unwrap rather than decrypt usage. 3383 // it has unwrap rather than decrypt usage.
3244 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3384 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3245 ASSERT_STATUS_SUCCESS( 3385 ASSERT_EQ(Status::Success(),
3246 ImportKey(blink::WebCryptoKeyFormatPkcs8, 3386 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3247 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3387 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3248 algorithm, 3388 algorithm,
3249 false, 3389 false,
3250 blink::WebCryptoKeyUsageUnwrapKey, 3390 blink::WebCryptoKeyUsageUnwrapKey,
3251 &private_wrapping_key)); 3391 &private_wrapping_key));
3252 3392
3253 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a 3393 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a
3254 // generic error is received. 3394 // generic error is received.
3255 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3395 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3256 EXPECT_STATUS(Status::Error(), 3396 EXPECT_EQ(Status::OperationError(),
3257 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3397 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3258 CryptoData(ciphertext), 3398 CryptoData(ciphertext),
3259 private_wrapping_key, 3399 private_wrapping_key,
3260 algorithm, 3400 algorithm,
3261 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), 3401 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)),
3262 true, 3402 true,
3263 blink::WebCryptoKeyUsageEncrypt, 3403 blink::WebCryptoKeyUsageEncrypt,
3264 &unwrapped_key)); 3404 &unwrapped_key));
3265 } 3405 }
3266 3406
3267 } // namespace webcrypto 3407 } // namespace webcrypto
3268 3408
3269 } // namespace content 3409 } // namespace content
OLDNEW
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698