Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(381)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 243433006: [webcrypto] Set the error type for failures. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase and try to fix android build... Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/shared_crypto.h" 5 #include "content/child/webcrypto/shared_crypto.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/basictypes.h" 11 #include "base/basictypes.h"
12 #include "base/file_util.h" 12 #include "base/file_util.h"
13 #include "base/json/json_reader.h" 13 #include "base/json/json_reader.h"
14 #include "base/json/json_writer.h" 14 #include "base/json/json_writer.h"
15 #include "base/logging.h" 15 #include "base/logging.h"
16 #include "base/memory/ref_counted.h" 16 #include "base/memory/ref_counted.h"
17 #include "base/path_service.h" 17 #include "base/path_service.h"
18 #include "base/strings/string_number_conversions.h" 18 #include "base/strings/string_number_conversions.h"
19 #include "base/strings/string_util.h" 19 #include "base/strings/string_util.h"
20 #include "base/strings/stringprintf.h"
20 #include "content/child/webcrypto/crypto_data.h" 21 #include "content/child/webcrypto/crypto_data.h"
21 #include "content/child/webcrypto/status.h" 22 #include "content/child/webcrypto/status.h"
22 #include "content/child/webcrypto/webcrypto_util.h" 23 #include "content/child/webcrypto/webcrypto_util.h"
23 #include "content/public/common/content_paths.h" 24 #include "content/public/common/content_paths.h"
24 #include "testing/gtest/include/gtest/gtest.h" 25 #include "testing/gtest/include/gtest/gtest.h"
25 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" 26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" 28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" 29 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" 30 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
30 #include "third_party/re2/re2/re2.h" 31 #include "third_party/re2/re2/re2.h"
31 32
32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of 33 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of
33 // the tests: http://crbug.com/267888 34 // the tests: http://crbug.com/267888
34 #if defined(USE_OPENSSL) 35 #if defined(USE_OPENSSL)
35 #define MAYBE(test_name) DISABLED_##test_name 36 #define MAYBE(test_name) DISABLED_##test_name
36 #else 37 #else
37 #define MAYBE(test_name) test_name 38 #define MAYBE(test_name) test_name
38 #endif 39 #endif
39 40
40 // Helper macros to verify the value of a Status.
41 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess())
42 #define EXPECT_STATUS(expected, code) \
43 EXPECT_EQ(expected.ToString(), (code).ToString())
44 #define ASSERT_STATUS(expected, code) \
45 ASSERT_EQ(expected.ToString(), (code).ToString())
46 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code)
47 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code)
48
49 namespace content { 41 namespace content {
50 42
51 namespace webcrypto { 43 namespace webcrypto {
52 44
45 void PrintTo(const Status& status, ::std::ostream* os) {
46 if (status.IsSuccess())
47 *os << "Success";
48 else
49 *os << "Error type: " << status.error_type()
50 << " Error details: " << status.error_details();
51 }
52
53 bool operator==(const content::webcrypto::Status& a,
54 const content::webcrypto::Status& b) {
55 if (a.IsSuccess() != b.IsSuccess())
56 return false;
57 if (a.IsSuccess())
58 return true;
59 return a.error_type() == b.error_type() &&
60 a.error_details() == b.error_details();
61 }
62
63 bool operator!=(const content::webcrypto::Status& a,
64 const content::webcrypto::Status& b) {
65 return !(a == b);
66 }
67
53 namespace { 68 namespace {
54 69
55 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a 70 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a
56 // runtime dependency. Test it by trying to import a key. 71 // runtime dependency. Test it by trying to import a key.
57 // TODO(padolph): Consider caching the result of the import key test. 72 // TODO(padolph): Consider caching the result of the import key test.
58 bool SupportsAesGcm() { 73 bool SupportsAesGcm() {
59 std::vector<uint8> key_raw(16, 0); 74 std::vector<uint8> key_raw(16, 0);
60 75
61 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 76 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
62 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, 77 Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
63 CryptoData(key_raw), 78 CryptoData(key_raw),
64 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), 79 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
65 true, 80 true,
66 blink::WebCryptoKeyUsageEncrypt, 81 blink::WebCryptoKeyUsageEncrypt,
67 &key); 82 &key);
68 83
69 if (status.IsError()) 84 if (status.IsError())
70 EXPECT_STATUS(Status::ErrorUnsupported(), status); 85 EXPECT_EQ(Status::ErrorUnsupported(), status);
71 return status.IsSuccess(); 86 return status.IsSuccess();
72 } 87 }
73 88
74 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( 89 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
75 blink::WebCryptoAlgorithmId algorithm_id, 90 blink::WebCryptoAlgorithmId algorithm_id,
76 unsigned int modulus_length, 91 unsigned int modulus_length,
77 const std::vector<uint8>& public_exponent) { 92 const std::vector<uint8>& public_exponent) {
78 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id); 93 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id);
79 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( 94 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
80 algorithm_id, 95 algorithm_id,
(...skipping 323 matching lines...) Expand 10 before | Expand all | Expand 10 after
404 protected: 419 protected:
405 virtual void SetUp() OVERRIDE { Init(); } 420 virtual void SetUp() OVERRIDE { Init(); }
406 }; 421 };
407 422
408 blink::WebCryptoKey ImportSecretKeyFromRaw( 423 blink::WebCryptoKey ImportSecretKeyFromRaw(
409 const std::vector<uint8>& key_raw, 424 const std::vector<uint8>& key_raw,
410 const blink::WebCryptoAlgorithm& algorithm, 425 const blink::WebCryptoAlgorithm& algorithm,
411 blink::WebCryptoKeyUsageMask usage) { 426 blink::WebCryptoKeyUsageMask usage) {
412 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 427 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
413 bool extractable = true; 428 bool extractable = true;
414 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 429 EXPECT_EQ(Status::Success(),
415 CryptoData(key_raw), 430 ImportKey(blink::WebCryptoKeyFormatRaw,
416 algorithm, 431 CryptoData(key_raw),
417 extractable, 432 algorithm,
418 usage, 433 extractable,
419 &key)); 434 usage,
435 &key));
420 436
421 EXPECT_FALSE(key.isNull()); 437 EXPECT_FALSE(key.isNull());
422 EXPECT_TRUE(key.handle()); 438 EXPECT_TRUE(key.handle());
423 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 439 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
424 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 440 EXPECT_EQ(algorithm.id(), key.algorithm().id());
425 EXPECT_EQ(extractable, key.extractable()); 441 EXPECT_EQ(extractable, key.extractable());
426 EXPECT_EQ(usage, key.usages()); 442 EXPECT_EQ(usage, key.usages());
427 return key; 443 return key;
428 } 444 }
429 445
430 void ImportRsaKeyPair(const std::vector<uint8>& spki_der, 446 void ImportRsaKeyPair(const std::vector<uint8>& spki_der,
431 const std::vector<uint8>& pkcs8_der, 447 const std::vector<uint8>& pkcs8_der,
432 const blink::WebCryptoAlgorithm& algorithm, 448 const blink::WebCryptoAlgorithm& algorithm,
433 bool extractable, 449 bool extractable,
434 blink::WebCryptoKeyUsageMask usage_mask, 450 blink::WebCryptoKeyUsageMask usage_mask,
435 blink::WebCryptoKey* public_key, 451 blink::WebCryptoKey* public_key,
436 blink::WebCryptoKey* private_key) { 452 blink::WebCryptoKey* private_key) {
437 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatSpki, 453 EXPECT_EQ(Status::Success(),
438 CryptoData(spki_der), 454 ImportKey(blink::WebCryptoKeyFormatSpki,
439 algorithm, 455 CryptoData(spki_der),
440 true, 456 algorithm,
441 usage_mask, 457 true,
442 public_key)); 458 usage_mask,
459 public_key));
443 EXPECT_FALSE(public_key->isNull()); 460 EXPECT_FALSE(public_key->isNull());
444 EXPECT_TRUE(public_key->handle()); 461 EXPECT_TRUE(public_key->handle());
445 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); 462 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
446 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); 463 EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
447 EXPECT_EQ(extractable, extractable); 464 EXPECT_EQ(extractable, extractable);
448 EXPECT_EQ(usage_mask, public_key->usages()); 465 EXPECT_EQ(usage_mask, public_key->usages());
449 466
450 EXPECT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatPkcs8, 467 EXPECT_EQ(Status::Success(),
451 CryptoData(pkcs8_der), 468 ImportKey(blink::WebCryptoKeyFormatPkcs8,
452 algorithm, 469 CryptoData(pkcs8_der),
453 extractable, 470 algorithm,
454 usage_mask, 471 extractable,
455 private_key)); 472 usage_mask,
473 private_key));
456 EXPECT_FALSE(private_key->isNull()); 474 EXPECT_FALSE(private_key->isNull());
457 EXPECT_TRUE(private_key->handle()); 475 EXPECT_TRUE(private_key->handle());
458 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); 476 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
459 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); 477 EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
460 EXPECT_EQ(extractable, extractable); 478 EXPECT_EQ(extractable, extractable);
461 EXPECT_EQ(usage_mask, private_key->usages()); 479 EXPECT_EQ(usage_mask, private_key->usages());
462 } 480 }
463 481
464 Status AesGcmEncrypt(const blink::WebCryptoKey& key, 482 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
465 const std::vector<uint8>& iv, 483 const std::vector<uint8>& iv,
466 const std::vector<uint8>& additional_data, 484 const std::vector<uint8>& additional_data,
467 unsigned int tag_length_bits, 485 unsigned int tag_length_bits,
468 const std::vector<uint8>& plain_text, 486 const std::vector<uint8>& plain_text,
469 std::vector<uint8>* cipher_text, 487 std::vector<uint8>* cipher_text,
470 std::vector<uint8>* authentication_tag) { 488 std::vector<uint8>* authentication_tag) {
471 EXPECT_TRUE(SupportsAesGcm()); 489 EXPECT_TRUE(SupportsAesGcm());
472 blink::WebCryptoAlgorithm algorithm = 490 blink::WebCryptoAlgorithm algorithm =
473 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); 491 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits);
474 492
475 blink::WebArrayBuffer output; 493 blink::WebArrayBuffer output;
476 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); 494 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output);
477 if (status.IsError()) 495 if (status.IsError())
478 return status; 496 return status;
479 497
480 if (output.byteLength() * 8 < tag_length_bits) { 498 if (output.byteLength() * 8 < tag_length_bits) {
481 EXPECT_TRUE(false); 499 EXPECT_TRUE(false);
482 return Status::Error(); 500 return Status::OperationError();
483 } 501 }
484 502
485 // The encryption result is cipher text with authentication tag appended. 503 // The encryption result is cipher text with authentication tag appended.
486 cipher_text->assign(static_cast<uint8*>(output.data()), 504 cipher_text->assign(static_cast<uint8*>(output.data()),
487 static_cast<uint8*>(output.data()) + 505 static_cast<uint8*>(output.data()) +
488 (output.byteLength() - tag_length_bits / 8)); 506 (output.byteLength() - tag_length_bits / 8));
489 authentication_tag->assign( 507 authentication_tag->assign(
490 static_cast<uint8*>(output.data()) + cipher_text->size(), 508 static_cast<uint8*>(output.data()) + cipher_text->size(),
491 static_cast<uint8*>(output.data()) + output.byteLength()); 509 static_cast<uint8*>(output.data()) + output.byteLength());
492 510
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after
553 return scoped_ptr<base::DictionaryValue>(dict_value); 571 return scoped_ptr<base::DictionaryValue>(dict_value);
554 } 572 }
555 573
556 // Verifies the input dictionary contains the expected values. Exact matches are 574 // Verifies the input dictionary contains the expected values. Exact matches are
557 // required on the fields examined. 575 // required on the fields examined.
558 ::testing::AssertionResult VerifyJwk( 576 ::testing::AssertionResult VerifyJwk(
559 const scoped_ptr<base::DictionaryValue>& dict, 577 const scoped_ptr<base::DictionaryValue>& dict,
560 const std::string& kty_expected, 578 const std::string& kty_expected,
561 const std::string& alg_expected, 579 const std::string& alg_expected,
562 blink::WebCryptoKeyUsageMask use_mask_expected) { 580 blink::WebCryptoKeyUsageMask use_mask_expected) {
563
564 // ---- kty 581 // ---- kty
565 std::string value_string; 582 std::string value_string;
566 if (!dict->GetString("kty", &value_string)) 583 if (!dict->GetString("kty", &value_string))
567 return ::testing::AssertionFailure() << "Missing 'kty'"; 584 return ::testing::AssertionFailure() << "Missing 'kty'";
568 if (value_string != kty_expected) 585 if (value_string != kty_expected)
569 return ::testing::AssertionFailure() << "Expected 'kty' to be " 586 return ::testing::AssertionFailure() << "Expected 'kty' to be "
570 << kty_expected << "but found " 587 << kty_expected << "but found "
571 << value_string; 588 << value_string;
572 589
573 // ---- alg 590 // ---- alg
(...skipping 101 matching lines...) Expand 10 before | Expand all | Expand 10 after
675 } // namespace 692 } // namespace
676 693
677 TEST_F(SharedCryptoTest, CheckAesGcm) { 694 TEST_F(SharedCryptoTest, CheckAesGcm) {
678 if (!SupportsAesGcm()) { 695 if (!SupportsAesGcm()) {
679 LOG(WARNING) << "AES GCM not supported on this platform, so some tests " 696 LOG(WARNING) << "AES GCM not supported on this platform, so some tests "
680 "will be skipped. Consider upgrading local NSS libraries"; 697 "will be skipped. Consider upgrading local NSS libraries";
681 return; 698 return;
682 } 699 }
683 } 700 }
684 701
685 TEST_F(SharedCryptoTest, StatusToString) { 702 // Tests several Status objects against their expected hard coded values, as
686 EXPECT_EQ("Success", Status::Success().ToString()); 703 // well as ensuring that comparison of Status objects works.
687 EXPECT_EQ("", Status::Error().ToString()); 704 // Comparison should take into account both the error details, as well as the
688 EXPECT_EQ("The requested operation is unsupported", 705 // error type.
689 Status::ErrorUnsupported().ToString()); 706 TEST_F(SharedCryptoTest, Status) {
707 // Even though the error message is the same, these should not be considered
708 // the same by the tests because the error type is different.
709 EXPECT_NE(Status::DataError(), Status::OperationError());
710 EXPECT_NE(Status::Success(), Status::OperationError());
711
712 EXPECT_EQ(Status::Success(), Status::Success());
713 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("kty", "string"),
714 Status::ErrorJwkPropertyWrongType("kty", "string"));
715
716 Status status = Status::Success();
717
718 EXPECT_FALSE(status.IsError());
719 EXPECT_EQ("", status.error_details());
720
721 status = Status::OperationError();
722 EXPECT_TRUE(status.IsError());
723 EXPECT_EQ("", status.error_details());
724 EXPECT_EQ(blink::WebCryptoErrorTypeOperation, status.error_type());
725
726 status = Status::DataError();
727 EXPECT_TRUE(status.IsError());
728 EXPECT_EQ("", status.error_details());
729 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
730
731 status = Status::ErrorUnsupported();
732 EXPECT_TRUE(status.IsError());
733 EXPECT_EQ("The requested operation is unsupported", status.error_details());
734 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type());
735
736 status = Status::ErrorJwkPropertyMissing("kty");
737 EXPECT_TRUE(status.IsError());
690 EXPECT_EQ("The required JWK property \"kty\" was missing", 738 EXPECT_EQ("The required JWK property \"kty\" was missing",
691 Status::ErrorJwkPropertyMissing("kty").ToString()); 739 status.error_details());
740 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
741
742 status = Status::ErrorJwkPropertyWrongType("kty", "string");
743 EXPECT_TRUE(status.IsError());
692 EXPECT_EQ("The JWK property \"kty\" must be a string", 744 EXPECT_EQ("The JWK property \"kty\" must be a string",
693 Status::ErrorJwkPropertyWrongType("kty", "string").ToString()); 745 status.error_details());
746 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
747
748 status = Status::ErrorJwkBase64Decode("n");
749 EXPECT_TRUE(status.IsError());
694 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", 750 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded",
695 Status::ErrorJwkBase64Decode("n").ToString()); 751 status.error_details());
752 EXPECT_EQ(blink::WebCryptoErrorTypeData, status.error_type());
696 } 753 }
697 754
698 TEST_F(SharedCryptoTest, DigestSampleSets) { 755 TEST_F(SharedCryptoTest, DigestSampleSets) {
699 scoped_ptr<base::ListValue> tests; 756 scoped_ptr<base::ListValue> tests;
700 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); 757 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests));
701 758
702 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 759 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
703 SCOPED_TRACE(test_index); 760 SCOPED_TRACE(test_index);
704 base::DictionaryValue* test; 761 base::DictionaryValue* test;
705 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 762 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
706 763
707 blink::WebCryptoAlgorithm test_algorithm = 764 blink::WebCryptoAlgorithm test_algorithm =
708 GetDigestAlgorithm(test, "algorithm"); 765 GetDigestAlgorithm(test, "algorithm");
709 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); 766 std::vector<uint8> test_input = GetBytesFromHexString(test, "input");
710 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); 767 std::vector<uint8> test_output = GetBytesFromHexString(test, "output");
711 768
712 blink::WebArrayBuffer output; 769 blink::WebArrayBuffer output;
713 ASSERT_STATUS_SUCCESS( 770 ASSERT_EQ(Status::Success(),
714 Digest(test_algorithm, CryptoData(test_input), &output)); 771 Digest(test_algorithm, CryptoData(test_input), &output));
715 EXPECT_TRUE(ArrayBufferMatches(test_output, output)); 772 EXPECT_TRUE(ArrayBufferMatches(test_output, output));
716 } 773 }
717 } 774 }
718 775
719 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) { 776 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) {
720 scoped_ptr<base::ListValue> tests; 777 scoped_ptr<base::ListValue> tests;
721 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); 778 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests));
722 779
723 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 780 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
724 SCOPED_TRACE(test_index); 781 SCOPED_TRACE(test_index);
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after
778 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 835 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
779 test_key, 836 test_key,
780 importAlgorithm, 837 importAlgorithm,
781 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); 838 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
782 839
783 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id()); 840 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
784 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits()); 841 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
785 842
786 // Verify exported raw key is identical to the imported data 843 // Verify exported raw key is identical to the imported data
787 blink::WebArrayBuffer raw_key; 844 blink::WebArrayBuffer raw_key;
788 EXPECT_STATUS_SUCCESS( 845 EXPECT_EQ(Status::Success(),
789 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 846 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
790 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 847 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
791 848
792 blink::WebArrayBuffer output; 849 blink::WebArrayBuffer output;
793 850
794 ASSERT_STATUS_SUCCESS( 851 ASSERT_EQ(Status::Success(),
795 Sign(algorithm, key, CryptoData(test_message), &output)); 852 Sign(algorithm, key, CryptoData(test_message), &output));
796 853
797 EXPECT_TRUE(ArrayBufferMatches(test_mac, output)); 854 EXPECT_TRUE(ArrayBufferMatches(test_mac, output));
798 855
799 bool signature_match = false; 856 bool signature_match = false;
800 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 857 EXPECT_EQ(Status::Success(),
801 key, 858 VerifySignature(algorithm,
802 CryptoData(output), 859 key,
803 CryptoData(test_message), 860 CryptoData(output),
804 &signature_match)); 861 CryptoData(test_message),
862 &signature_match));
805 EXPECT_TRUE(signature_match); 863 EXPECT_TRUE(signature_match);
806 864
807 // Ensure truncated signature does not verify by passing one less byte. 865 // Ensure truncated signature does not verify by passing one less byte.
808 EXPECT_STATUS_SUCCESS(VerifySignature( 866 EXPECT_EQ(Status::Success(),
809 algorithm, 867 VerifySignature(
810 key, 868 algorithm,
811 CryptoData(static_cast<const unsigned char*>(output.data()), 869 key,
812 output.byteLength() - 1), 870 CryptoData(static_cast<const unsigned char*>(output.data()),
813 CryptoData(test_message), 871 output.byteLength() - 1),
814 &signature_match)); 872 CryptoData(test_message),
873 &signature_match));
815 EXPECT_FALSE(signature_match); 874 EXPECT_FALSE(signature_match);
816 875
817 // Ensure truncated signature does not verify by passing no bytes. 876 // Ensure truncated signature does not verify by passing no bytes.
818 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 877 EXPECT_EQ(Status::Success(),
819 key, 878 VerifySignature(algorithm,
820 CryptoData(), 879 key,
821 CryptoData(test_message), 880 CryptoData(),
822 &signature_match)); 881 CryptoData(test_message),
882 &signature_match));
823 EXPECT_FALSE(signature_match); 883 EXPECT_FALSE(signature_match);
824 884
825 // Ensure extra long signature does not cause issues and fails. 885 // Ensure extra long signature does not cause issues and fails.
826 const unsigned char kLongSignature[1024] = {0}; 886 const unsigned char kLongSignature[1024] = {0};
827 EXPECT_STATUS_SUCCESS( 887 EXPECT_EQ(
888 Status::Success(),
828 VerifySignature(algorithm, 889 VerifySignature(algorithm,
829 key, 890 key,
830 CryptoData(kLongSignature, sizeof(kLongSignature)), 891 CryptoData(kLongSignature, sizeof(kLongSignature)),
831 CryptoData(test_message), 892 CryptoData(test_message),
832 &signature_match)); 893 &signature_match));
833 EXPECT_FALSE(signature_match); 894 EXPECT_FALSE(signature_match);
834 } 895 }
835 } 896 }
836 897
837 TEST_F(SharedCryptoTest, AesCbcFailures) { 898 TEST_F(SharedCryptoTest, AesCbcFailures) {
838 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; 899 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
839 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 900 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
840 HexStringToBytes(key_hex), 901 HexStringToBytes(key_hex),
841 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 902 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
842 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 903 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
843 904
844 // Verify exported raw key is identical to the imported data 905 // Verify exported raw key is identical to the imported data
845 blink::WebArrayBuffer raw_key; 906 blink::WebArrayBuffer raw_key;
846 EXPECT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 907 EXPECT_EQ(Status::Success(),
908 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
847 ExpectArrayBufferMatchesHex(key_hex, raw_key); 909 ExpectArrayBufferMatchesHex(key_hex, raw_key);
848 910
849 blink::WebArrayBuffer output; 911 blink::WebArrayBuffer output;
850 912
851 // Use an invalid |iv| (fewer than 16 bytes) 913 // Use an invalid |iv| (fewer than 16 bytes)
852 { 914 {
853 std::vector<uint8> input(32); 915 std::vector<uint8> input(32);
854 std::vector<uint8> iv; 916 std::vector<uint8> iv;
855 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 917 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
856 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), 918 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv),
857 key, 919 key,
858 CryptoData(input), 920 CryptoData(input),
859 &output)); 921 &output));
860 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 922 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
861 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv), 923 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv),
862 key, 924 key,
863 CryptoData(input), 925 CryptoData(input),
864 &output)); 926 &output));
865 } 927 }
866 928
867 // Use an invalid |iv| (more than 16 bytes) 929 // Use an invalid |iv| (more than 16 bytes)
868 { 930 {
869 std::vector<uint8> input(32); 931 std::vector<uint8> input(32);
870 std::vector<uint8> iv(17); 932 std::vector<uint8> iv(17);
871 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 933 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
872 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), 934 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv),
873 key, 935 key,
874 CryptoData(input), 936 CryptoData(input),
875 &output)); 937 &output));
876 EXPECT_STATUS(Status::ErrorIncorrectSizeAesCbcIv(), 938 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(),
877 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv), 939 Decrypt(webcrypto::CreateAesCbcAlgorithm(iv),
878 key, 940 key,
879 CryptoData(input), 941 CryptoData(input),
880 &output)); 942 &output));
881 } 943 }
882 944
883 // Give an input that is too large (would cause integer overflow when 945 // Give an input that is too large (would cause integer overflow when
884 // narrowing to an int). 946 // narrowing to an int).
885 { 947 {
886 std::vector<uint8> iv(16); 948 std::vector<uint8> iv(16);
887 949
888 // Pretend the input is large. Don't pass data pointer as NULL in case that 950 // Pretend the input is large. Don't pass data pointer as NULL in case that
889 // is special cased; the implementation shouldn't actually dereference the 951 // is special cased; the implementation shouldn't actually dereference the
890 // data. 952 // data.
891 CryptoData input(&iv[0], INT_MAX - 3); 953 CryptoData input(&iv[0], INT_MAX - 3);
892 954
893 EXPECT_STATUS(Status::ErrorDataTooLarge(), 955 EXPECT_EQ(Status::ErrorDataTooLarge(),
894 Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); 956 Encrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
895 EXPECT_STATUS(Status::ErrorDataTooLarge(), 957 EXPECT_EQ(Status::ErrorDataTooLarge(),
896 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); 958 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output));
897 } 959 }
898 960
899 // Fail importing the key (too few bytes specified) 961 // Fail importing the key (too few bytes specified)
900 { 962 {
901 std::vector<uint8> key_raw(1); 963 std::vector<uint8> key_raw(1);
902 std::vector<uint8> iv(16); 964 std::vector<uint8> iv(16);
903 965
904 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 966 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
905 EXPECT_STATUS(Status::Error(), 967 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
906 ImportKey(blink::WebCryptoKeyFormatRaw, 968 ImportKey(blink::WebCryptoKeyFormatRaw,
907 CryptoData(key_raw), 969 CryptoData(key_raw),
908 CreateAesCbcAlgorithm(iv), 970 CreateAesCbcAlgorithm(iv),
909 true, 971 true,
910 blink::WebCryptoKeyUsageEncrypt, 972 blink::WebCryptoKeyUsageEncrypt,
911 &key)); 973 &key));
912 } 974 }
913 975
914 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret 976 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
915 // keys). 977 // keys).
916 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 978 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
917 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 979 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
918 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 980 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
919 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); 981 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
920 } 982 }
921 983
922 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { 984 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
923 scoped_ptr<base::ListValue> tests; 985 scoped_ptr<base::ListValue> tests;
924 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); 986 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
925 987
926 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 988 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
927 SCOPED_TRACE(test_index); 989 SCOPED_TRACE(test_index);
928 base::DictionaryValue* test; 990 base::DictionaryValue* test;
929 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 991 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
930 992
931 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); 993 std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
932 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv"); 994 std::vector<uint8> test_iv = GetBytesFromHexString(test, "iv");
933 std::vector<uint8> test_plain_text = 995 std::vector<uint8> test_plain_text =
934 GetBytesFromHexString(test, "plain_text"); 996 GetBytesFromHexString(test, "plain_text");
935 std::vector<uint8> test_cipher_text = 997 std::vector<uint8> test_cipher_text =
936 GetBytesFromHexString(test, "cipher_text"); 998 GetBytesFromHexString(test, "cipher_text");
937 999
938 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 1000 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
939 test_key, 1001 test_key,
940 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1002 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
941 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 1003 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
942 1004
943 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits()); 1005 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits());
944 1006
945 // Verify exported raw key is identical to the imported data 1007 // Verify exported raw key is identical to the imported data
946 blink::WebArrayBuffer raw_key; 1008 blink::WebArrayBuffer raw_key;
947 EXPECT_STATUS_SUCCESS( 1009 EXPECT_EQ(Status::Success(),
948 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1010 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
949 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 1011 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
950 1012
951 blink::WebArrayBuffer output; 1013 blink::WebArrayBuffer output;
952 1014
953 // Test encryption. 1015 // Test encryption.
954 EXPECT_STATUS(Status::Success(), 1016 EXPECT_EQ(Status::Success(),
955 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), 1017 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv),
956 key, 1018 key,
957 CryptoData(test_plain_text), 1019 CryptoData(test_plain_text),
958 &output)); 1020 &output));
959 EXPECT_TRUE(ArrayBufferMatches(test_cipher_text, output)); 1021 EXPECT_TRUE(ArrayBufferMatches(test_cipher_text, output));
960 1022
961 // Test decryption. 1023 // Test decryption.
962 EXPECT_STATUS(Status::Success(), 1024 EXPECT_EQ(Status::Success(),
963 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), 1025 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv),
964 key, 1026 key,
965 CryptoData(test_cipher_text), 1027 CryptoData(test_cipher_text),
966 &output)); 1028 &output));
967 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output)); 1029 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output));
968 1030
969 const unsigned int kAesCbcBlockSize = 16; 1031 const unsigned int kAesCbcBlockSize = 16;
970 1032
971 // Decrypt with a padding error by stripping the last block. This also ends 1033 // Decrypt with a padding error by stripping the last block. This also ends
972 // up testing decryption over empty cipher text. 1034 // up testing decryption over empty cipher text.
973 if (test_cipher_text.size() >= kAesCbcBlockSize) { 1035 if (test_cipher_text.size() >= kAesCbcBlockSize) {
974 EXPECT_STATUS( 1036 EXPECT_EQ(Status::OperationError(),
975 Status::Error(), 1037 Decrypt(CreateAesCbcAlgorithm(test_iv),
976 Decrypt(CreateAesCbcAlgorithm(test_iv), 1038 key,
977 key, 1039 CryptoData(&test_cipher_text[0],
978 CryptoData(&test_cipher_text[0], 1040 test_cipher_text.size() - kAesCbcBlockSize),
979 test_cipher_text.size() - kAesCbcBlockSize), 1041 &output));
980 &output));
981 } 1042 }
982 1043
983 // Decrypt cipher text which is not a multiple of block size by stripping 1044 // Decrypt cipher text which is not a multiple of block size by stripping
984 // a few bytes off the cipher text. 1045 // a few bytes off the cipher text.
985 if (test_cipher_text.size() > 3) { 1046 if (test_cipher_text.size() > 3) {
986 EXPECT_STATUS( 1047 EXPECT_EQ(
987 Status::Error(), 1048 Status::OperationError(),
988 Decrypt(CreateAesCbcAlgorithm(test_iv), 1049 Decrypt(CreateAesCbcAlgorithm(test_iv),
989 key, 1050 key,
990 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3), 1051 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3),
991 &output)); 1052 &output));
992 } 1053 }
993 } 1054 }
994 } 1055 }
995 1056
996 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { 1057 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
997 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each 1058 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
998 // allowed key length. 1059 // allowed key length.
999 std::vector<blink::WebCryptoAlgorithm> algorithm; 1060 std::vector<blink::WebCryptoAlgorithm> algorithm;
1000 const unsigned short kKeyLength[] = {128, 192, 256}; 1061 const unsigned short kKeyLength[] = {128, 192, 256};
1001 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { 1062 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
1002 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); 1063 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
1003 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); 1064 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
1004 if (SupportsAesGcm()) 1065 if (SupportsAesGcm())
1005 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); 1066 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i]));
1006 } 1067 }
1007 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1068 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1008 std::vector<blink::WebArrayBuffer> keys; 1069 std::vector<blink::WebArrayBuffer> keys;
1009 blink::WebArrayBuffer key_bytes; 1070 blink::WebArrayBuffer key_bytes;
1010 for (size_t i = 0; i < algorithm.size(); ++i) { 1071 for (size_t i = 0; i < algorithm.size(); ++i) {
1011 SCOPED_TRACE(i); 1072 SCOPED_TRACE(i);
1012 // Generate a small sample of keys. 1073 // Generate a small sample of keys.
1013 keys.clear(); 1074 keys.clear();
1014 for (int j = 0; j < 16; ++j) { 1075 for (int j = 0; j < 16; ++j) {
1015 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm[i], true, 0, &key)); 1076 ASSERT_EQ(Status::Success(),
1077 GenerateSecretKey(algorithm[i], true, 0, &key));
1016 EXPECT_TRUE(key.handle()); 1078 EXPECT_TRUE(key.handle());
1017 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1079 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1018 ASSERT_STATUS_SUCCESS( 1080 ASSERT_EQ(Status::Success(),
1019 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); 1081 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
1020 EXPECT_EQ(key_bytes.byteLength() * 8, 1082 EXPECT_EQ(key_bytes.byteLength() * 8,
1021 key.algorithm().aesParams()->lengthBits()); 1083 key.algorithm().aesParams()->lengthBits());
1022 keys.push_back(key_bytes); 1084 keys.push_back(key_bytes);
1023 } 1085 }
1024 // Ensure all entries in the key sample set are unique. This is a simplistic 1086 // Ensure all entries in the key sample set are unique. This is a simplistic
1025 // estimate of whether the generated keys appear random. 1087 // estimate of whether the generated keys appear random.
1026 EXPECT_FALSE(CopiesExist(keys)); 1088 EXPECT_FALSE(CopiesExist(keys));
1027 } 1089 }
1028 } 1090 }
1029 1091
1030 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { 1092 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) {
1031 const unsigned short kKeyLen[] = {0, 127, 257}; 1093 const unsigned short kKeyLen[] = {0, 127, 257};
1032 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1094 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1033 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) { 1095 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLen); ++i) {
1034 SCOPED_TRACE(i); 1096 SCOPED_TRACE(i);
1035 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), 1097 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1036 GenerateSecretKey( 1098 GenerateSecretKey(
1037 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); 1099 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1038 EXPECT_STATUS(Status::ErrorGenerateKeyLength(), 1100 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1039 GenerateSecretKey( 1101 GenerateSecretKey(
1040 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); 1102 CreateAesKwKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1041 if (SupportsAesGcm()) { 1103 if (SupportsAesGcm()) {
1042 EXPECT_STATUS( 1104 EXPECT_EQ(Status::ErrorGenerateKeyLength(),
1043 Status::ErrorGenerateKeyLength(), 1105 GenerateSecretKey(
1044 GenerateSecretKey( 1106 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1045 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key));
1046 } 1107 }
1047 } 1108 }
1048 } 1109 }
1049 1110
1050 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { 1111 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) {
1051 // Generate a small sample of HMAC keys. 1112 // Generate a small sample of HMAC keys.
1052 std::vector<blink::WebArrayBuffer> keys; 1113 std::vector<blink::WebArrayBuffer> keys;
1053 for (int i = 0; i < 16; ++i) { 1114 for (int i = 0; i < 16; ++i) {
1054 blink::WebArrayBuffer key_bytes; 1115 blink::WebArrayBuffer key_bytes;
1055 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1116 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1056 blink::WebCryptoAlgorithm algorithm = 1117 blink::WebCryptoAlgorithm algorithm =
1057 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512); 1118 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
1058 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1119 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1059 EXPECT_FALSE(key.isNull()); 1120 EXPECT_FALSE(key.isNull());
1060 EXPECT_TRUE(key.handle()); 1121 EXPECT_TRUE(key.handle());
1061 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1122 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1062 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1123 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1063 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1124 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1064 key.algorithm().hmacParams()->hash().id()); 1125 key.algorithm().hmacParams()->hash().id());
1065 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); 1126 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
1066 1127
1067 blink::WebArrayBuffer raw_key; 1128 blink::WebArrayBuffer raw_key;
1068 ASSERT_STATUS_SUCCESS( 1129 ASSERT_EQ(Status::Success(),
1069 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1130 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1070 EXPECT_EQ(64U, raw_key.byteLength()); 1131 EXPECT_EQ(64U, raw_key.byteLength());
1071 keys.push_back(raw_key); 1132 keys.push_back(raw_key);
1072 } 1133 }
1073 // Ensure all entries in the key sample set are unique. This is a simplistic 1134 // Ensure all entries in the key sample set are unique. This is a simplistic
1074 // estimate of whether the generated keys appear random. 1135 // estimate of whether the generated keys appear random.
1075 EXPECT_FALSE(CopiesExist(keys)); 1136 EXPECT_FALSE(CopiesExist(keys));
1076 } 1137 }
1077 1138
1078 // If the key length is not provided, then the block size is used. 1139 // If the key length is not provided, then the block size is used.
1079 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { 1140 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) {
1080 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1141 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1081 blink::WebCryptoAlgorithm algorithm = 1142 blink::WebCryptoAlgorithm algorithm =
1082 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); 1143 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
1083 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1144 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1084 EXPECT_TRUE(key.handle()); 1145 EXPECT_TRUE(key.handle());
1085 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1146 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1086 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1147 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1087 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1148 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1088 key.algorithm().hmacParams()->hash().id()); 1149 key.algorithm().hmacParams()->hash().id());
1089 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); 1150 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
1090 blink::WebArrayBuffer raw_key; 1151 blink::WebArrayBuffer raw_key;
1091 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1152 ASSERT_EQ(Status::Success(),
1153 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1092 EXPECT_EQ(64U, raw_key.byteLength()); 1154 EXPECT_EQ(64U, raw_key.byteLength());
1093 1155
1094 // The block size for HMAC SHA-512 is larger. 1156 // The block size for HMAC SHA-512 is larger.
1095 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); 1157 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
1096 ASSERT_STATUS_SUCCESS(GenerateSecretKey(algorithm, true, 0, &key)); 1158 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key));
1097 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1159 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1098 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, 1160 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
1099 key.algorithm().hmacParams()->hash().id()); 1161 key.algorithm().hmacParams()->hash().id());
1100 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits()); 1162 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
1101 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 1163 ASSERT_EQ(Status::Success(),
1164 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
1102 EXPECT_EQ(128U, raw_key.byteLength()); 1165 EXPECT_EQ(128U, raw_key.byteLength());
1103 } 1166 }
1104 1167
1105 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) { 1168 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) {
1106 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1169 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1107 base::DictionaryValue dict; 1170 base::DictionaryValue dict;
1108 dict.SetString("kty", "oct"); 1171 dict.SetString("kty", "oct");
1109 dict.SetBoolean("ext", false); 1172 dict.SetBoolean("ext", false);
1110 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); 1173 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
1111 const blink::WebCryptoAlgorithm aes_cbc_algorithm = 1174 const blink::WebCryptoAlgorithm aes_cbc_algorithm =
1112 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1175 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1113 const blink::WebCryptoAlgorithm hmac_algorithm = 1176 const blink::WebCryptoAlgorithm hmac_algorithm =
1114 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 1177 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
1115 const blink::WebCryptoAlgorithm aes_kw_algorithm = 1178 const blink::WebCryptoAlgorithm aes_kw_algorithm =
1116 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 1179 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
1117 1180
1118 // Test null usage. 1181 // Test null usage.
1119 base::ListValue* key_ops = new base::ListValue; 1182 base::ListValue* key_ops = new base::ListValue;
1120 // Note: the following call makes dict assume ownership of key_ops. 1183 // Note: the following call makes dict assume ownership of key_ops.
1121 dict.Set("key_ops", key_ops); 1184 dict.Set("key_ops", key_ops);
1122 EXPECT_STATUS_SUCCESS( 1185 EXPECT_EQ(Status::Success(),
1123 ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key)); 1186 ImportKeyJwkFromDict(dict, aes_cbc_algorithm, false, 0, &key));
1124 EXPECT_EQ(0, key.usages()); 1187 EXPECT_EQ(0, key.usages());
1125 1188
1126 // Test each key_ops value translates to the correct Web Crypto value. 1189 // Test each key_ops value translates to the correct Web Crypto value.
1127 struct TestCase { 1190 struct TestCase {
1128 const char* jwk_key_op; 1191 const char* jwk_key_op;
1129 const char* jwk_alg; 1192 const char* jwk_alg;
1130 const blink::WebCryptoAlgorithm algorithm; 1193 const blink::WebCryptoAlgorithm algorithm;
1131 const blink::WebCryptoKeyUsage usage; 1194 const blink::WebCryptoKeyUsage usage;
1132 }; 1195 };
1133 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. 1196 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported.
1134 const TestCase test_case[] = { 1197 const TestCase test_case[] = {
1135 {"encrypt", "A128CBC", aes_cbc_algorithm, 1198 {"encrypt", "A128CBC", aes_cbc_algorithm,
1136 blink::WebCryptoKeyUsageEncrypt}, 1199 blink::WebCryptoKeyUsageEncrypt},
1137 {"decrypt", "A128CBC", aes_cbc_algorithm, 1200 {"decrypt", "A128CBC", aes_cbc_algorithm,
1138 blink::WebCryptoKeyUsageDecrypt}, 1201 blink::WebCryptoKeyUsageDecrypt},
1139 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, 1202 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign},
1140 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, 1203 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify},
1141 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, 1204 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey},
1142 {"unwrapKey", "A128KW", aes_kw_algorithm, 1205 {"unwrapKey", "A128KW", aes_kw_algorithm,
1143 blink::WebCryptoKeyUsageUnwrapKey}, 1206 blink::WebCryptoKeyUsageUnwrapKey},
1144 {"deriveKey", "HS256", hmac_algorithm, 1207 {"deriveKey", "HS256", hmac_algorithm,
1145 blink::WebCryptoKeyUsageDeriveKey}}; 1208 blink::WebCryptoKeyUsageDeriveKey}};
1146 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case); 1209 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case);
1147 ++test_index) { 1210 ++test_index) {
1148 SCOPED_TRACE(test_index); 1211 SCOPED_TRACE(test_index);
1149 dict.SetString("alg", test_case[test_index].jwk_alg); 1212 dict.SetString("alg", test_case[test_index].jwk_alg);
1150 key_ops->Clear(); 1213 key_ops->Clear();
1151 key_ops->AppendString(test_case[test_index].jwk_key_op); 1214 key_ops->AppendString(test_case[test_index].jwk_key_op);
1152 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict(dict, 1215 EXPECT_EQ(Status::Success(),
1153 test_case[test_index].algorithm, 1216 ImportKeyJwkFromDict(dict,
1154 false, 1217 test_case[test_index].algorithm,
1155 test_case[test_index].usage, 1218 false,
1156 &key)); 1219 test_case[test_index].usage,
1220 &key));
1157 EXPECT_EQ(test_case[test_index].usage, key.usages()); 1221 EXPECT_EQ(test_case[test_index].usage, key.usages());
1158 } 1222 }
1159 1223
1160 // Test discrete multiple usages. 1224 // Test discrete multiple usages.
1161 dict.SetString("alg", "A128CBC"); 1225 dict.SetString("alg", "A128CBC");
1162 key_ops->Clear(); 1226 key_ops->Clear();
1163 key_ops->AppendString("encrypt"); 1227 key_ops->AppendString("encrypt");
1164 key_ops->AppendString("decrypt"); 1228 key_ops->AppendString("decrypt");
1165 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1229 EXPECT_EQ(Status::Success(),
1166 dict, 1230 ImportKeyJwkFromDict(dict,
1167 aes_cbc_algorithm, 1231 aes_cbc_algorithm,
1168 false, 1232 false,
1169 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, 1233 blink::WebCryptoKeyUsageDecrypt |
1170 &key)); 1234 blink::WebCryptoKeyUsageEncrypt,
1235 &key));
1171 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, 1236 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
1172 key.usages()); 1237 key.usages());
1173 1238
1174 // Test constrained key usage (input usage is a subset of JWK usage). 1239 // Test constrained key usage (input usage is a subset of JWK usage).
1175 key_ops->Clear(); 1240 key_ops->Clear();
1176 key_ops->AppendString("encrypt"); 1241 key_ops->AppendString("encrypt");
1177 key_ops->AppendString("decrypt"); 1242 key_ops->AppendString("decrypt");
1178 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1243 EXPECT_EQ(Status::Success(),
1179 dict, aes_cbc_algorithm, false, blink::WebCryptoKeyUsageDecrypt, &key)); 1244 ImportKeyJwkFromDict(dict,
1245 aes_cbc_algorithm,
1246 false,
1247 blink::WebCryptoKeyUsageDecrypt,
1248 &key));
1180 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages()); 1249 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
1181 1250
1182 // Test failure if input usage is NOT a strict subset of the JWK usage. 1251 // Test failure if input usage is NOT a strict subset of the JWK usage.
1183 key_ops->Clear(); 1252 key_ops->Clear();
1184 key_ops->AppendString("encrypt"); 1253 key_ops->AppendString("encrypt");
1185 EXPECT_STATUS(Status::ErrorJwkKeyopsInconsistent(), 1254 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
1186 ImportKeyJwkFromDict(dict, 1255 ImportKeyJwkFromDict(dict,
1187 aes_cbc_algorithm, 1256 aes_cbc_algorithm,
1188 false, 1257 false,
1189 blink::WebCryptoKeyUsageEncrypt | 1258 blink::WebCryptoKeyUsageEncrypt |
1190 blink::WebCryptoKeyUsageDecrypt, 1259 blink::WebCryptoKeyUsageDecrypt,
1191 &key)); 1260 &key));
1192 1261
1193 // Test 'use' inconsistent with 'key_ops'. 1262 // Test 'use' inconsistent with 'key_ops'.
1194 dict.SetString("alg", "HS256"); 1263 dict.SetString("alg", "HS256");
1195 dict.SetString("use", "sig"); 1264 dict.SetString("use", "sig");
1196 key_ops->AppendString("sign"); 1265 key_ops->AppendString("sign");
1197 key_ops->AppendString("verify"); 1266 key_ops->AppendString("verify");
1198 key_ops->AppendString("encrypt"); 1267 key_ops->AppendString("encrypt");
1199 EXPECT_STATUS(Status::ErrorJwkUseAndKeyopsInconsistent(), 1268 EXPECT_EQ(Status::ErrorJwkUseAndKeyopsInconsistent(),
1200 ImportKeyJwkFromDict(dict, 1269 ImportKeyJwkFromDict(
1201 hmac_algorithm, 1270 dict,
1202 false, 1271 hmac_algorithm,
1203 blink::WebCryptoKeyUsageSign | 1272 false,
1204 blink::WebCryptoKeyUsageVerify, 1273 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1205 &key)); 1274 &key));
1206 1275
1207 // Test JWK composite 'sig' use 1276 // Test JWK composite 'sig' use
1208 dict.Remove("key_ops", NULL); 1277 dict.Remove("key_ops", NULL);
1209 dict.SetString("use", "sig"); 1278 dict.SetString("use", "sig");
1210 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1279 EXPECT_EQ(Status::Success(),
1211 dict, 1280 ImportKeyJwkFromDict(
1212 hmac_algorithm, 1281 dict,
1213 false, 1282 hmac_algorithm,
1214 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, 1283 false,
1215 &key)); 1284 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1285 &key));
1216 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, 1286 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
1217 key.usages()); 1287 key.usages());
1218 1288
1219 // Test JWK composite use 'enc' usage 1289 // Test JWK composite use 'enc' usage
1220 dict.SetString("alg", "A128CBC"); 1290 dict.SetString("alg", "A128CBC");
1221 dict.SetString("use", "enc"); 1291 dict.SetString("use", "enc");
1222 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1292 EXPECT_EQ(Status::Success(),
1223 dict, 1293 ImportKeyJwkFromDict(dict,
1224 aes_cbc_algorithm, 1294 aes_cbc_algorithm,
1225 false, 1295 false,
1226 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | 1296 blink::WebCryptoKeyUsageDecrypt |
1227 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey | 1297 blink::WebCryptoKeyUsageEncrypt |
1228 blink::WebCryptoKeyUsageDeriveKey, 1298 blink::WebCryptoKeyUsageWrapKey |
1229 &key)); 1299 blink::WebCryptoKeyUsageUnwrapKey |
1300 blink::WebCryptoKeyUsageDeriveKey,
1301 &key));
1230 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | 1302 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
1231 blink::WebCryptoKeyUsageWrapKey | 1303 blink::WebCryptoKeyUsageWrapKey |
1232 blink::WebCryptoKeyUsageUnwrapKey | 1304 blink::WebCryptoKeyUsageUnwrapKey |
1233 blink::WebCryptoKeyUsageDeriveKey, 1305 blink::WebCryptoKeyUsageDeriveKey,
1234 key.usages()); 1306 key.usages());
1235 } 1307 }
1236 1308
1237 TEST_F(SharedCryptoTest, ImportJwkFailures) { 1309 TEST_F(SharedCryptoTest, ImportJwkFailures) {
1238 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1310 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1239 blink::WebCryptoAlgorithm algorithm = 1311 blink::WebCryptoAlgorithm algorithm =
1240 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1312 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1241 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1313 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1242 1314
1243 // Baseline pass: each test below breaks a single item, so we start with a 1315 // Baseline pass: each test below breaks a single item, so we start with a
1244 // passing case to make sure each failure is caused by the isolated break. 1316 // passing case to make sure each failure is caused by the isolated break.
1245 // Each breaking subtest below resets the dictionary to this passing case when 1317 // Each breaking subtest below resets the dictionary to this passing case when
1246 // complete. 1318 // complete.
1247 base::DictionaryValue dict; 1319 base::DictionaryValue dict;
1248 RestoreJwkOctDictionary(&dict); 1320 RestoreJwkOctDictionary(&dict);
1249 EXPECT_STATUS_SUCCESS( 1321 EXPECT_EQ(Status::Success(),
1250 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1322 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1251 1323
1252 // Fail on empty JSON. 1324 // Fail on empty JSON.
1253 EXPECT_STATUS( 1325 EXPECT_EQ(
1254 Status::ErrorImportEmptyKeyData(), 1326 Status::ErrorImportEmptyKeyData(),
1255 ImportKeyJwk( 1327 ImportKeyJwk(
1256 CryptoData(MakeJsonVector("")), algorithm, false, usage_mask, &key)); 1328 CryptoData(MakeJsonVector("")), algorithm, false, usage_mask, &key));
1257 1329
1258 // Fail on invalid JSON. 1330 // Fail on invalid JSON.
1259 const std::vector<uint8> bad_json_vec = MakeJsonVector( 1331 const std::vector<uint8> bad_json_vec = MakeJsonVector(
1260 "{" 1332 "{"
1261 "\"kty\" : \"oct\"," 1333 "\"kty\" : \"oct\","
1262 "\"alg\" : \"HS256\"," 1334 "\"alg\" : \"HS256\","
1263 "\"use\" : "); 1335 "\"use\" : ");
1264 EXPECT_STATUS( 1336 EXPECT_EQ(Status::ErrorJwkNotDictionary(),
1265 Status::ErrorJwkNotDictionary(), 1337 ImportKeyJwk(
1266 ImportKeyJwk( 1338 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
1267 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
1268 1339
1269 // Fail on JWK alg present but unrecognized. 1340 // Fail on JWK alg present but unrecognized.
1270 dict.SetString("alg", "A127CBC"); 1341 dict.SetString("alg", "A127CBC");
1271 EXPECT_STATUS(Status::ErrorJwkUnrecognizedAlgorithm(), 1342 EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(),
1272 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1343 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1273 RestoreJwkOctDictionary(&dict); 1344 RestoreJwkOctDictionary(&dict);
1274 1345
1275 // Fail on invalid kty. 1346 // Fail on invalid kty.
1276 dict.SetString("kty", "foo"); 1347 dict.SetString("kty", "foo");
1277 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKty(), 1348 EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
1278 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1349 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1279 RestoreJwkOctDictionary(&dict); 1350 RestoreJwkOctDictionary(&dict);
1280 1351
1281 // Fail on missing kty. 1352 // Fail on missing kty.
1282 dict.Remove("kty", NULL); 1353 dict.Remove("kty", NULL);
1283 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("kty"), 1354 EXPECT_EQ(Status::ErrorJwkPropertyMissing("kty"),
1284 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1355 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1285 RestoreJwkOctDictionary(&dict); 1356 RestoreJwkOctDictionary(&dict);
1286 1357
1287 // Fail on kty wrong type. 1358 // Fail on kty wrong type.
1288 dict.SetDouble("kty", 0.1); 1359 dict.SetDouble("kty", 0.1);
1289 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("kty", "string"), 1360 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("kty", "string"),
1290 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1361 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1291 RestoreJwkOctDictionary(&dict); 1362 RestoreJwkOctDictionary(&dict);
1292 1363
1293 // Fail on invalid use. 1364 // Fail on invalid use.
1294 dict.SetString("use", "foo"); 1365 dict.SetString("use", "foo");
1295 EXPECT_STATUS(Status::ErrorJwkUnrecognizedUse(), 1366 EXPECT_EQ(Status::ErrorJwkUnrecognizedUse(),
1296 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1367 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1297 RestoreJwkOctDictionary(&dict); 1368 RestoreJwkOctDictionary(&dict);
1298 1369
1299 // Fail on invalid use (wrong type). 1370 // Fail on invalid use (wrong type).
1300 dict.SetBoolean("use", true); 1371 dict.SetBoolean("use", true);
1301 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("use", "string"), 1372 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("use", "string"),
1302 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1373 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1303 RestoreJwkOctDictionary(&dict); 1374 RestoreJwkOctDictionary(&dict);
1304 1375
1305 // Fail on invalid extractable (wrong type). 1376 // Fail on invalid extractable (wrong type).
1306 dict.SetInteger("ext", 0); 1377 dict.SetInteger("ext", 0);
1307 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("ext", "boolean"), 1378 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("ext", "boolean"),
1308 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1379 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1309 RestoreJwkOctDictionary(&dict); 1380 RestoreJwkOctDictionary(&dict);
1310 1381
1311 // Fail on invalid key_ops (wrong type). 1382 // Fail on invalid key_ops (wrong type).
1312 dict.SetBoolean("key_ops", true); 1383 dict.SetBoolean("key_ops", true);
1313 EXPECT_STATUS(Status::ErrorJwkPropertyWrongType("key_ops", "list"), 1384 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("key_ops", "list"),
1314 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1385 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1315 RestoreJwkOctDictionary(&dict); 1386 RestoreJwkOctDictionary(&dict);
1316 1387
1317 // Fail on invalid key_ops (wrong element value). 1388 // Fail on invalid key_ops (wrong element value).
1318 base::ListValue* key_ops = new base::ListValue; 1389 base::ListValue* key_ops = new base::ListValue;
1319 // Note: the following call makes dict assume ownership of key_ops. 1390 // Note: the following call makes dict assume ownership of key_ops.
1320 dict.Set("key_ops", key_ops); 1391 dict.Set("key_ops", key_ops);
1321 key_ops->AppendString("foo"); 1392 key_ops->AppendString("foo");
1322 EXPECT_STATUS(Status::ErrorJwkUnrecognizedKeyop(), 1393 EXPECT_EQ(Status::ErrorJwkUnrecognizedKeyop(),
1323 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1394 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1324 RestoreJwkOctDictionary(&dict); 1395 RestoreJwkOctDictionary(&dict);
1325 } 1396 }
1326 1397
1327 TEST_F(SharedCryptoTest, ImportJwkOctFailures) { 1398 TEST_F(SharedCryptoTest, ImportJwkOctFailures) {
1328 base::DictionaryValue dict; 1399 base::DictionaryValue dict;
1329 RestoreJwkOctDictionary(&dict); 1400 RestoreJwkOctDictionary(&dict);
1330 blink::WebCryptoAlgorithm algorithm = 1401 blink::WebCryptoAlgorithm algorithm =
1331 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1402 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1332 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1403 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1333 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1404 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1334 1405
1335 // Baseline pass. 1406 // Baseline pass.
1336 EXPECT_STATUS_SUCCESS( 1407 EXPECT_EQ(Status::Success(),
1337 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1408 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1338 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 1409 EXPECT_EQ(algorithm.id(), key.algorithm().id());
1339 EXPECT_FALSE(key.extractable()); 1410 EXPECT_FALSE(key.extractable());
1340 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1411 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1341 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1412 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1342 1413
1343 // The following are specific failure cases for when kty = "oct". 1414 // The following are specific failure cases for when kty = "oct".
1344 1415
1345 // Fail on missing k. 1416 // Fail on missing k.
1346 dict.Remove("k", NULL); 1417 dict.Remove("k", NULL);
1347 EXPECT_STATUS(Status::ErrorJwkPropertyMissing("k"), 1418 EXPECT_EQ(Status::ErrorJwkPropertyMissing("k"),
1348 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1419 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1349 RestoreJwkOctDictionary(&dict); 1420 RestoreJwkOctDictionary(&dict);
1350 1421
1351 // Fail on bad b64 encoding for k. 1422 // Fail on bad b64 encoding for k.
1352 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); 1423 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI=");
1353 EXPECT_STATUS(Status::ErrorJwkBase64Decode("k"), 1424 EXPECT_EQ(Status::ErrorJwkBase64Decode("k"),
1354 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1425 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1355 RestoreJwkOctDictionary(&dict); 1426 RestoreJwkOctDictionary(&dict);
1356 1427
1357 // Fail on empty k. 1428 // Fail on empty k.
1358 dict.SetString("k", ""); 1429 dict.SetString("k", "");
1359 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1430 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1360 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1431 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1361 RestoreJwkOctDictionary(&dict); 1432 RestoreJwkOctDictionary(&dict);
1362 1433
1363 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg 1434 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
1364 // value (128) for an AES key. 1435 // value (128) for an AES key.
1365 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); 1436 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
1366 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1437 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1367 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1438 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1368 RestoreJwkOctDictionary(&dict); 1439 RestoreJwkOctDictionary(&dict);
1369 1440
1370 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg 1441 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg
1371 // value (128) for an AES key. 1442 // value (128) for an AES key.
1372 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); 1443 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n");
1373 EXPECT_STATUS(Status::ErrorJwkIncorrectKeyLength(), 1444 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(),
1374 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1445 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1375 RestoreJwkOctDictionary(&dict); 1446 RestoreJwkOctDictionary(&dict);
1376 } 1447 }
1377 1448
1378 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { 1449 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) {
1379 // This test uses kPublicKeySpkiDerHex as the RSA key. The data below 1450 // This test uses kPublicKeySpkiDerHex as the RSA key. The data below
1380 // represents the modulus and public exponent extracted from this SPKI blob. 1451 // represents the modulus and public exponent extracted from this SPKI blob.
1381 // These values appear explicitly in the JWK rendering of the key. 1452 // These values appear explicitly in the JWK rendering of the key.
1382 const std::string n_hex = 1453 const std::string n_hex =
1383 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056" 1454 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056"
1384 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B" 1455 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B"
(...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after
1416 blink::WebCryptoAlgorithmIdSha512), 1487 blink::WebCryptoAlgorithmIdSha512),
1417 blink::WebCryptoKeyUsageSign, "RS512"}}; 1488 blink::WebCryptoKeyUsageSign, "RS512"}};
1418 1489
1419 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); 1490 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
1420 ++test_index) { 1491 ++test_index) {
1421 SCOPED_TRACE(test_index); 1492 SCOPED_TRACE(test_index);
1422 const TestCase& test = kTests[test_index]; 1493 const TestCase& test = kTests[test_index];
1423 1494
1424 // Import the spki to create a public key 1495 // Import the spki to create a public key
1425 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 1496 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
1426 ASSERT_STATUS_SUCCESS( 1497 ASSERT_EQ(Status::Success(),
1427 ImportKey(blink::WebCryptoKeyFormatSpki, 1498 ImportKey(blink::WebCryptoKeyFormatSpki,
1428 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1499 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1429 test.algorithm, 1500 test.algorithm,
1430 true, 1501 true,
1431 test.usage, 1502 test.usage,
1432 &public_key)); 1503 &public_key));
1433 1504
1434 // Export the public key as JWK and verify its contents 1505 // Export the public key as JWK and verify its contents
1435 blink::WebArrayBuffer jwk; 1506 blink::WebArrayBuffer jwk;
1436 ASSERT_STATUS_SUCCESS( 1507 ASSERT_EQ(Status::Success(),
1437 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk)); 1508 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk));
1438 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage)); 1509 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage));
1439 1510
1440 // Import the JWK back in to create a new key 1511 // Import the JWK back in to create a new key
1441 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); 1512 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull();
1442 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1513 EXPECT_EQ(
1443 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); 1514 Status::Success(),
1515 ImportKeyJwk(
1516 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2));
1444 EXPECT_TRUE(public_key2.handle()); 1517 EXPECT_TRUE(public_key2.handle());
1445 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); 1518 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type());
1446 EXPECT_EQ(true, public_key2.extractable()); 1519 EXPECT_EQ(true, public_key2.extractable());
1447 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); 1520 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id());
1448 1521
1449 // Export the new key as spki and compare to the original. 1522 // Export the new key as spki and compare to the original.
1450 blink::WebArrayBuffer spki; 1523 blink::WebArrayBuffer spki;
1451 ASSERT_STATUS_SUCCESS( 1524 ASSERT_EQ(Status::Success(),
1452 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); 1525 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki));
1453 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, CryptoData(spki)); 1526 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, CryptoData(spki));
1454 } 1527 }
1455 } 1528 }
1456 1529
1457 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { 1530 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) {
1458 base::DictionaryValue dict; 1531 base::DictionaryValue dict;
1459 RestoreJwkRsaDictionary(&dict); 1532 RestoreJwkRsaDictionary(&dict);
1460 blink::WebCryptoAlgorithm algorithm = 1533 blink::WebCryptoAlgorithm algorithm =
1461 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 1534 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
1462 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1535 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1463 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1536 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1464 1537
1465 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) 1538 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
1466 // entry, while an RSA private key must have those plus at least a "d" 1539 // entry, while an RSA private key must have those plus at least a "d"
1467 // (private exponent) entry. 1540 // (private exponent) entry.
1468 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, 1541 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
1469 // section 6.3. 1542 // section 6.3.
1470 1543
1471 // Baseline pass. 1544 // Baseline pass.
1472 EXPECT_STATUS_SUCCESS( 1545 EXPECT_EQ(Status::Success(),
1473 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1546 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1474 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 1547 EXPECT_EQ(algorithm.id(), key.algorithm().id());
1475 EXPECT_FALSE(key.extractable()); 1548 EXPECT_FALSE(key.extractable());
1476 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1549 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1477 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); 1550 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
1478 1551
1479 // The following are specific failure cases for when kty = "RSA". 1552 // The following are specific failure cases for when kty = "RSA".
1480 1553
1481 // Fail if either "n" or "e" is not present or malformed. 1554 // Fail if either "n" or "e" is not present or malformed.
1482 const std::string kKtyParmName[] = {"n", "e"}; 1555 const std::string kKtyParmName[] = {"n", "e"};
1483 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { 1556 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
1484 // Fail on missing parameter. 1557 // Fail on missing parameter.
1485 dict.Remove(kKtyParmName[idx], NULL); 1558 dict.Remove(kKtyParmName[idx], NULL);
1486 EXPECT_STATUS_ERROR( 1559 EXPECT_NE(Status::Success(),
1487 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1560 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1488 RestoreJwkRsaDictionary(&dict); 1561 RestoreJwkRsaDictionary(&dict);
1489 1562
1490 // Fail on bad b64 parameter encoding. 1563 // Fail on bad b64 parameter encoding.
1491 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); 1564 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
1492 EXPECT_STATUS_ERROR( 1565 EXPECT_NE(Status::Success(),
1493 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1566 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1494 RestoreJwkRsaDictionary(&dict); 1567 RestoreJwkRsaDictionary(&dict);
1495 1568
1496 // Fail on empty parameter. 1569 // Fail on empty parameter.
1497 dict.SetString(kKtyParmName[idx], ""); 1570 dict.SetString(kKtyParmName[idx], "");
1498 EXPECT_STATUS_ERROR( 1571 EXPECT_NE(Status::Success(),
1499 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1572 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1500 RestoreJwkRsaDictionary(&dict); 1573 RestoreJwkRsaDictionary(&dict);
1501 } 1574 }
1502 1575
1503 // Fail if "d" parameter is present, implying the JWK is a private key, which 1576 // Fail if "d" parameter is present, implying the JWK is a private key, which
1504 // is not supported. 1577 // is not supported.
1505 dict.SetString("d", "Qk3f0Dsyt"); 1578 dict.SetString("d", "Qk3f0Dsyt");
1506 EXPECT_STATUS(Status::ErrorJwkRsaPrivateKeyUnsupported(), 1579 EXPECT_EQ(Status::ErrorJwkRsaPrivateKeyUnsupported(),
1507 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1580 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1508 RestoreJwkRsaDictionary(&dict); 1581 RestoreJwkRsaDictionary(&dict);
1509 } 1582 }
1510 1583
1511 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) { 1584 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
1512 // The Web Crypto spec says that if a JWK value is present, but is 1585 // The Web Crypto spec says that if a JWK value is present, but is
1513 // inconsistent with the input value, the operation must fail. 1586 // inconsistent with the input value, the operation must fail.
1514 1587
1515 // Consistency rules when JWK value is not present: Inputs should be used. 1588 // Consistency rules when JWK value is not present: Inputs should be used.
1516 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1589 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1517 bool extractable = false; 1590 bool extractable = false;
1518 blink::WebCryptoAlgorithm algorithm = 1591 blink::WebCryptoAlgorithm algorithm =
1519 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 1592 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
1520 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; 1593 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
1521 base::DictionaryValue dict; 1594 base::DictionaryValue dict;
1522 dict.SetString("kty", "oct"); 1595 dict.SetString("kty", "oct");
1523 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1596 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1524 std::vector<uint8> json_vec = MakeJsonVector(dict); 1597 std::vector<uint8> json_vec = MakeJsonVector(dict);
1525 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1598 EXPECT_EQ(
1526 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1599 Status::Success(),
1600 ImportKeyJwk(
1601 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1527 EXPECT_TRUE(key.handle()); 1602 EXPECT_TRUE(key.handle());
1528 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1603 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1529 EXPECT_EQ(extractable, key.extractable()); 1604 EXPECT_EQ(extractable, key.extractable());
1530 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); 1605 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
1531 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 1606 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
1532 key.algorithm().hmacParams()->hash().id()); 1607 key.algorithm().hmacParams()->hash().id());
1533 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits()); 1608 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
1534 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); 1609 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
1535 key = blink::WebCryptoKey::createNull(); 1610 key = blink::WebCryptoKey::createNull();
1536 1611
1537 // Consistency rules when JWK value exists: Fail if inconsistency is found. 1612 // Consistency rules when JWK value exists: Fail if inconsistency is found.
1538 1613
1539 // Pass: All input values are consistent with the JWK values. 1614 // Pass: All input values are consistent with the JWK values.
1540 dict.Clear(); 1615 dict.Clear();
1541 dict.SetString("kty", "oct"); 1616 dict.SetString("kty", "oct");
1542 dict.SetString("alg", "HS256"); 1617 dict.SetString("alg", "HS256");
1543 dict.SetString("use", "sig"); 1618 dict.SetString("use", "sig");
1544 dict.SetBoolean("ext", false); 1619 dict.SetBoolean("ext", false);
1545 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1620 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1546 json_vec = MakeJsonVector(dict); 1621 json_vec = MakeJsonVector(dict);
1547 EXPECT_STATUS_SUCCESS(ImportKeyJwk( 1622 EXPECT_EQ(
1548 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1623 Status::Success(),
1624 ImportKeyJwk(
1625 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1549 1626
1550 // Extractable cases: 1627 // Extractable cases:
1551 // 1. input=T, JWK=F ==> fail (inconsistent) 1628 // 1. input=T, JWK=F ==> fail (inconsistent)
1552 // 4. input=F, JWK=F ==> pass, result extractable is F 1629 // 4. input=F, JWK=F ==> pass, result extractable is F
1553 // 2. input=T, JWK=T ==> pass, result extractable is T 1630 // 2. input=T, JWK=T ==> pass, result extractable is T
1554 // 3. input=F, JWK=T ==> pass, result extractable is F 1631 // 3. input=F, JWK=T ==> pass, result extractable is F
1555 EXPECT_STATUS( 1632 EXPECT_EQ(
1556 Status::ErrorJwkExtInconsistent(), 1633 Status::ErrorJwkExtInconsistent(),
1557 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key)); 1634 ImportKeyJwk(CryptoData(json_vec), algorithm, true, usage_mask, &key));
1558 EXPECT_STATUS_SUCCESS( 1635 EXPECT_EQ(
1636 Status::Success(),
1559 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key)); 1637 ImportKeyJwk(CryptoData(json_vec), algorithm, false, usage_mask, &key));
1560 EXPECT_FALSE(key.extractable()); 1638 EXPECT_FALSE(key.extractable());
1561 dict.SetBoolean("ext", true); 1639 dict.SetBoolean("ext", true);
1562 EXPECT_STATUS_SUCCESS( 1640 EXPECT_EQ(Status::Success(),
1563 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); 1641 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key));
1564 EXPECT_TRUE(key.extractable()); 1642 EXPECT_TRUE(key.extractable());
1565 EXPECT_STATUS_SUCCESS( 1643 EXPECT_EQ(Status::Success(),
1566 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); 1644 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
1567 EXPECT_FALSE(key.extractable()); 1645 EXPECT_FALSE(key.extractable());
1568 dict.SetBoolean("ext", true); // restore previous value 1646 dict.SetBoolean("ext", true); // restore previous value
1569 1647
1570 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value 1648 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
1571 // (HMAC SHA256). 1649 // (HMAC SHA256).
1572 EXPECT_STATUS(Status::ErrorJwkAlgorithmInconsistent(), 1650 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
1573 ImportKeyJwk(CryptoData(json_vec), 1651 ImportKeyJwk(CryptoData(json_vec),
1574 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1652 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1575 extractable, 1653 extractable,
1576 usage_mask, 1654 usage_mask,
1577 &key)); 1655 &key));
1578 1656
1579 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value 1657 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
1580 // (HMAC SHA256). 1658 // (HMAC SHA256).
1581 EXPECT_STATUS( 1659 EXPECT_EQ(
1582 Status::ErrorJwkAlgorithmInconsistent(), 1660 Status::ErrorJwkAlgorithmInconsistent(),
1583 ImportKeyJwk(CryptoData(json_vec), 1661 ImportKeyJwk(CryptoData(json_vec),
1584 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), 1662 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
1585 extractable, 1663 extractable,
1586 usage_mask, 1664 usage_mask,
1587 &key)); 1665 &key));
1588 1666
1589 // Pass: JWK alg missing but input algorithm specified: use input value 1667 // Pass: JWK alg missing but input algorithm specified: use input value
1590 dict.Remove("alg", NULL); 1668 dict.Remove("alg", NULL);
1591 EXPECT_STATUS_SUCCESS(ImportKeyJwkFromDict( 1669 EXPECT_EQ(Status::Success(),
1592 dict, 1670 ImportKeyJwkFromDict(
1593 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), 1671 dict,
1594 extractable, 1672 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
1595 usage_mask, 1673 extractable,
1596 &key)); 1674 usage_mask,
1675 &key));
1597 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); 1676 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
1598 dict.SetString("alg", "HS256"); 1677 dict.SetString("alg", "HS256");
1599 1678
1600 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value 1679 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
1601 // (sign|verify) 1680 // (sign|verify)
1602 EXPECT_STATUS(Status::ErrorJwkUseInconsistent(), 1681 EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
1603 ImportKeyJwk(CryptoData(json_vec), 1682 ImportKeyJwk(CryptoData(json_vec),
1604 algorithm, 1683 algorithm,
1605 extractable, 1684 extractable,
1606 blink::WebCryptoKeyUsageEncrypt, 1685 blink::WebCryptoKeyUsageEncrypt,
1607 &key)); 1686 &key));
1608 1687
1609 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK 1688 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
1610 // value (sign|verify) 1689 // value (sign|verify)
1611 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | 1690 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
1612 blink::WebCryptoKeyUsageVerify; 1691 blink::WebCryptoKeyUsageVerify;
1613 EXPECT_STATUS( 1692 EXPECT_EQ(
1614 Status::ErrorJwkUseInconsistent(), 1693 Status::ErrorJwkUseInconsistent(),
1615 ImportKeyJwk( 1694 ImportKeyJwk(
1616 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); 1695 CryptoData(json_vec), algorithm, extractable, usage_mask, &key));
1617 1696
1618 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, 1697 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
1619 // only certain alg values are permitted. For example, when kty = "RSA" alg 1698 // only certain alg values are permitted. For example, when kty = "RSA" alg
1620 // must be of the RSA family, or when kty = "oct" alg must be symmetric 1699 // must be of the RSA family, or when kty = "oct" alg must be symmetric
1621 // algorithm. 1700 // algorithm.
1622 1701
1623 // TODO(padolph): key_ops consistency tests 1702 // TODO(padolph): key_ops consistency tests
(...skipping 12 matching lines...) Expand all
1636 // Import a symmetric key JWK and HMAC-SHA256 sign() 1715 // Import a symmetric key JWK and HMAC-SHA256 sign()
1637 // Uses the first SHA256 test vector from the HMAC sample set above. 1716 // Uses the first SHA256 test vector from the HMAC sample set above.
1638 1717
1639 base::DictionaryValue dict; 1718 base::DictionaryValue dict;
1640 dict.SetString("kty", "oct"); 1719 dict.SetString("kty", "oct");
1641 dict.SetString("alg", "HS256"); 1720 dict.SetString("alg", "HS256");
1642 dict.SetString("use", "sig"); 1721 dict.SetString("use", "sig");
1643 dict.SetBoolean("ext", false); 1722 dict.SetBoolean("ext", false);
1644 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); 1723 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
1645 1724
1646 ASSERT_STATUS_SUCCESS( 1725 ASSERT_EQ(
1726 Status::Success(),
1647 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key)); 1727 ImportKeyJwkFromDict(dict, algorithm, extractable, usage_mask, &key));
1648 1728
1649 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 1729 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
1650 key.algorithm().hmacParams()->hash().id()); 1730 key.algorithm().hmacParams()->hash().id());
1651 1731
1652 const std::vector<uint8> message_raw = HexStringToBytes( 1732 const std::vector<uint8> message_raw = HexStringToBytes(
1653 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" 1733 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
1654 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" 1734 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
1655 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" 1735 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
1656 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); 1736 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
1657 1737
1658 blink::WebArrayBuffer output; 1738 blink::WebArrayBuffer output;
1659 1739
1660 ASSERT_STATUS_SUCCESS(Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), 1740 ASSERT_EQ(Status::Success(),
1661 key, 1741 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
1662 CryptoData(message_raw), 1742 key,
1663 &output)); 1743 CryptoData(message_raw),
1744 &output));
1664 1745
1665 const std::string mac_raw = 1746 const std::string mac_raw =
1666 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; 1747 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
1667 1748
1668 ExpectArrayBufferMatchesHex(mac_raw, output); 1749 ExpectArrayBufferMatchesHex(mac_raw, output);
1669 1750
1670 // TODO(padolph): Import an RSA public key JWK and use it 1751 // TODO(padolph): Import an RSA public key JWK and use it
1671 } 1752 }
1672 1753
1673 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) { 1754 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after
1742 // HMAC SHA-384 1823 // HMAC SHA-384
1743 {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"}, 1824 {key_hex_384, hmac_sha_384_alg, blink::WebCryptoKeyUsageSign, "HS384"},
1744 // HMAC SHA-512 1825 // HMAC SHA-512
1745 {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"}, 1826 {key_hex_512, hmac_sha_512_alg, blink::WebCryptoKeyUsageVerify, "HS512"},
1746 // Large usage value 1827 // Large usage value
1747 {key_hex_256, aes_cbc_alg, 1828 {key_hex_256, aes_cbc_alg,
1748 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | 1829 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
1749 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 1830 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
1750 "A256CBC"}, 1831 "A256CBC"},
1751 // Zero usage value 1832 // Zero usage value
1752 {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, }; 1833 {key_hex_512, hmac_sha_512_alg, 0, "HS512"},
1834 };
1753 1835
1754 // Round-trip import/export each key. 1836 // Round-trip import/export each key.
1755 1837
1756 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1838 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1757 blink::WebArrayBuffer json; 1839 blink::WebArrayBuffer json;
1758 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); 1840 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
1759 ++test_index) { 1841 ++test_index) {
1760 SCOPED_TRACE(test_index); 1842 SCOPED_TRACE(test_index);
1761 const TestCase& test = kTests[test_index]; 1843 const TestCase& test = kTests[test_index];
1762 1844
1763 // Skip AES-GCM tests where not supported. 1845 // Skip AES-GCM tests where not supported.
1764 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm && 1846 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm &&
1765 !SupportsAesGcm()) { 1847 !SupportsAesGcm()) {
1766 continue; 1848 continue;
1767 } 1849 }
1768 1850
1769 // Import a raw key. 1851 // Import a raw key.
1770 key = ImportSecretKeyFromRaw( 1852 key = ImportSecretKeyFromRaw(
1771 HexStringToBytes(test.key_hex), test.algorithm, test.usage); 1853 HexStringToBytes(test.key_hex), test.algorithm, test.usage);
1772 1854
1773 // Export the key in JWK format and validate. 1855 // Export the key in JWK format and validate.
1774 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatJwk, key, &json)); 1856 ASSERT_EQ(Status::Success(),
1857 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
1775 EXPECT_TRUE(VerifySecretJwk(json, test.jwk_alg, test.key_hex, test.usage)); 1858 EXPECT_TRUE(VerifySecretJwk(json, test.jwk_alg, test.key_hex, test.usage));
1776 1859
1777 // Import the JWK-formatted key. 1860 // Import the JWK-formatted key.
1778 ASSERT_STATUS_SUCCESS( 1861 ASSERT_EQ(
1862 Status::Success(),
1779 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key)); 1863 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key));
1780 EXPECT_TRUE(key.handle()); 1864 EXPECT_TRUE(key.handle());
1781 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 1865 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
1782 EXPECT_EQ(test.algorithm.id(), key.algorithm().id()); 1866 EXPECT_EQ(test.algorithm.id(), key.algorithm().id());
1783 EXPECT_EQ(true, key.extractable()); 1867 EXPECT_EQ(true, key.extractable());
1784 EXPECT_EQ(test.usage, key.usages()); 1868 EXPECT_EQ(test.usage, key.usages());
1785 1869
1786 // Export the key in raw format and compare to the original. 1870 // Export the key in raw format and compare to the original.
1787 blink::WebArrayBuffer key_raw_out; 1871 blink::WebArrayBuffer key_raw_out;
1788 ASSERT_STATUS_SUCCESS( 1872 ASSERT_EQ(Status::Success(),
1789 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 1873 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
1790 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out); 1874 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out);
1791 } 1875 }
1792 } 1876 }
1793 1877
1794 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { 1878 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
1795 // Passing case: Import a valid RSA key in SPKI format. 1879 // Passing case: Import a valid RSA key in SPKI format.
1796 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1880 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1797 ASSERT_STATUS_SUCCESS( 1881 ASSERT_EQ(
1882 Status::Success(),
1798 ImportKey(blink::WebCryptoKeyFormatSpki, 1883 ImportKey(blink::WebCryptoKeyFormatSpki,
1799 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1884 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1800 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1885 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1801 true, 1886 true,
1802 blink::WebCryptoKeyUsageEncrypt, 1887 blink::WebCryptoKeyUsageEncrypt,
1803 &key)); 1888 &key));
1804 EXPECT_TRUE(key.handle()); 1889 EXPECT_TRUE(key.handle());
1805 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); 1890 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
1806 EXPECT_TRUE(key.extractable()); 1891 EXPECT_TRUE(key.extractable());
1807 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 1892 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
1808 EXPECT_EQ(kModulusLengthBits, 1893 EXPECT_EQ(kModulusLengthBits,
1809 key.algorithm().rsaParams()->modulusLengthBits()); 1894 key.algorithm().rsaParams()->modulusLengthBits());
1810 ExpectCryptoDataMatchesHex( 1895 ExpectCryptoDataMatchesHex(
1811 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); 1896 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent()));
1812 1897
1813 // Failing case: Empty SPKI data 1898 // Failing case: Empty SPKI data
1814 EXPECT_STATUS( 1899 EXPECT_EQ(
1815 Status::ErrorImportEmptyKeyData(), 1900 Status::ErrorImportEmptyKeyData(),
1816 ImportKey(blink::WebCryptoKeyFormatSpki, 1901 ImportKey(blink::WebCryptoKeyFormatSpki,
1817 CryptoData(std::vector<uint8>()), 1902 CryptoData(std::vector<uint8>()),
1818 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1903 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1819 true, 1904 true,
1820 blink::WebCryptoKeyUsageEncrypt, 1905 blink::WebCryptoKeyUsageEncrypt,
1821 &key)); 1906 &key));
1822 1907
1823 // Failing case: Bad DER encoding. 1908 // Failing case: Bad DER encoding.
1824 EXPECT_STATUS( 1909 EXPECT_EQ(
1825 Status::Error(), 1910 Status::DataError(),
1826 ImportKey(blink::WebCryptoKeyFormatSpki, 1911 ImportKey(blink::WebCryptoKeyFormatSpki,
1827 CryptoData(HexStringToBytes("618333c4cb")), 1912 CryptoData(HexStringToBytes("618333c4cb")),
1828 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1913 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1829 true, 1914 true,
1830 blink::WebCryptoKeyUsageEncrypt, 1915 blink::WebCryptoKeyUsageEncrypt,
1831 &key)); 1916 &key));
1832 1917
1833 // Failing case: Import RSA key but provide an inconsistent input algorithm. 1918 // Failing case: Import RSA key but provide an inconsistent input algorithm.
1834 EXPECT_STATUS(Status::Error(), 1919 EXPECT_EQ(Status::DataError(),
1835 ImportKey(blink::WebCryptoKeyFormatSpki, 1920 ImportKey(blink::WebCryptoKeyFormatSpki,
1836 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1921 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1837 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 1922 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1838 true, 1923 true,
1839 blink::WebCryptoKeyUsageEncrypt, 1924 blink::WebCryptoKeyUsageEncrypt,
1840 &key)); 1925 &key));
1841 1926
1842 // Passing case: Export a previously imported RSA public key in SPKI format 1927 // Passing case: Export a previously imported RSA public key in SPKI format
1843 // and compare to original data. 1928 // and compare to original data.
1844 blink::WebArrayBuffer output; 1929 blink::WebArrayBuffer output;
1845 ASSERT_STATUS_SUCCESS(ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 1930 ASSERT_EQ(Status::Success(),
1931 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
1846 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); 1932 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output);
1847 1933
1848 // Failing case: Try to export a previously imported RSA public key in raw 1934 // Failing case: Try to export a previously imported RSA public key in raw
1849 // format (not allowed for a public key). 1935 // format (not allowed for a public key).
1850 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 1936 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
1851 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); 1937 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
1852 1938
1853 // Failing case: Try to export a non-extractable key 1939 // Failing case: Try to export a non-extractable key
1854 ASSERT_STATUS_SUCCESS( 1940 ASSERT_EQ(
1941 Status::Success(),
1855 ImportKey(blink::WebCryptoKeyFormatSpki, 1942 ImportKey(blink::WebCryptoKeyFormatSpki,
1856 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 1943 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
1857 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1944 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1858 false, 1945 false,
1859 blink::WebCryptoKeyUsageEncrypt, 1946 blink::WebCryptoKeyUsageEncrypt,
1860 &key)); 1947 &key));
1861 EXPECT_TRUE(key.handle()); 1948 EXPECT_TRUE(key.handle());
1862 EXPECT_FALSE(key.extractable()); 1949 EXPECT_FALSE(key.extractable());
1863 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), 1950 EXPECT_EQ(Status::ErrorKeyNotExtractable(),
1864 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); 1951 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
1865 } 1952 }
1866 1953
1867 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { 1954 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) {
1868 // Passing case: Import a valid RSA key in PKCS#8 format. 1955 // Passing case: Import a valid RSA key in PKCS#8 format.
1869 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1956 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1870 ASSERT_STATUS_SUCCESS(ImportKey( 1957 ASSERT_EQ(Status::Success(),
1871 blink::WebCryptoKeyFormatPkcs8, 1958 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1872 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 1959 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
1873 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1960 CreateRsaHashedImportAlgorithm(
1874 blink::WebCryptoAlgorithmIdSha1), 1961 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1875 true, 1962 blink::WebCryptoAlgorithmIdSha1),
1876 blink::WebCryptoKeyUsageSign, 1963 true,
1877 &key)); 1964 blink::WebCryptoKeyUsageSign,
1965 &key));
1878 EXPECT_TRUE(key.handle()); 1966 EXPECT_TRUE(key.handle());
1879 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); 1967 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type());
1880 EXPECT_TRUE(key.extractable()); 1968 EXPECT_TRUE(key.extractable());
1881 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); 1969 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
1882 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 1970 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
1883 key.algorithm().rsaHashedParams()->hash().id()); 1971 key.algorithm().rsaHashedParams()->hash().id());
1884 EXPECT_EQ(kModulusLengthBits, 1972 EXPECT_EQ(kModulusLengthBits,
1885 key.algorithm().rsaHashedParams()->modulusLengthBits()); 1973 key.algorithm().rsaHashedParams()->modulusLengthBits());
1886 ExpectCryptoDataMatchesHex( 1974 ExpectCryptoDataMatchesHex(
1887 "010001", 1975 "010001",
1888 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); 1976 CryptoData(key.algorithm().rsaHashedParams()->publicExponent()));
1889 1977
1890 blink::WebArrayBuffer exported_key; 1978 blink::WebArrayBuffer exported_key;
1891 ASSERT_STATUS_SUCCESS( 1979 ASSERT_EQ(Status::Success(),
1892 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key)); 1980 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key));
1893 ExpectArrayBufferMatchesHex(kPrivateKeyPkcs8DerHex, exported_key); 1981 ExpectArrayBufferMatchesHex(kPrivateKeyPkcs8DerHex, exported_key);
1894 1982
1895 // Failing case: Empty PKCS#8 data 1983 // Failing case: Empty PKCS#8 data
1896 EXPECT_STATUS(Status::ErrorImportEmptyKeyData(), 1984 EXPECT_EQ(Status::ErrorImportEmptyKeyData(),
1897 ImportKey(blink::WebCryptoKeyFormatPkcs8, 1985 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1898 CryptoData(std::vector<uint8>()), 1986 CryptoData(std::vector<uint8>()),
1899 CreateRsaHashedImportAlgorithm( 1987 CreateRsaHashedImportAlgorithm(
1900 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1988 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1901 blink::WebCryptoAlgorithmIdSha1), 1989 blink::WebCryptoAlgorithmIdSha1),
1902 true, 1990 true,
1903 blink::WebCryptoKeyUsageSign, 1991 blink::WebCryptoKeyUsageSign,
1904 &key)); 1992 &key));
1905 1993
1906 // Failing case: Bad DER encoding. 1994 // Failing case: Bad DER encoding.
1907 EXPECT_STATUS( 1995 EXPECT_EQ(
1908 Status::Error(), 1996 Status::DataError(),
1909 ImportKey(blink::WebCryptoKeyFormatPkcs8, 1997 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1910 CryptoData(HexStringToBytes("618333c4cb")), 1998 CryptoData(HexStringToBytes("618333c4cb")),
1911 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 1999 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
1912 true, 2000 true,
1913 blink::WebCryptoKeyUsageSign, 2001 blink::WebCryptoKeyUsageSign,
1914 &key)); 2002 &key));
1915 2003
1916 // Failing case: Import RSA key but provide an inconsistent input algorithm. 2004 // Failing case: Import RSA key but provide an inconsistent input algorithm.
1917 EXPECT_STATUS(Status::Error(), 2005 EXPECT_EQ(Status::DataError(),
1918 ImportKey(blink::WebCryptoKeyFormatPkcs8, 2006 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1919 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 2007 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
1920 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2008 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
1921 true, 2009 true,
1922 blink::WebCryptoKeyUsageSign, 2010 blink::WebCryptoKeyUsageSign,
1923 &key)); 2011 &key));
1924 } 2012 }
1925 2013
1926 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { 2014 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
1927 // Note: using unrealistic short key lengths here to avoid bogging down tests. 2015 // Note: using unrealistic short key lengths here to avoid bogging down tests.
1928 2016
1929 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. 2017 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
1930 const unsigned int modulus_length = 256; 2018 const unsigned int modulus_length = 256;
1931 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); 2019 const std::vector<uint8> public_exponent = HexStringToBytes("010001");
1932 blink::WebCryptoAlgorithm algorithm = 2020 blink::WebCryptoAlgorithm algorithm =
1933 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2021 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
1934 modulus_length, 2022 modulus_length,
1935 public_exponent); 2023 public_exponent);
1936 bool extractable = true; 2024 bool extractable = true;
1937 const blink::WebCryptoKeyUsageMask usage_mask = 0; 2025 const blink::WebCryptoKeyUsageMask usage_mask = 0;
1938 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2026 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
1939 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2027 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
1940 ASSERT_STATUS_SUCCESS(GenerateKeyPair( 2028 ASSERT_EQ(Status::Success(),
1941 algorithm, extractable, usage_mask, &public_key, &private_key)); 2029 GenerateKeyPair(
2030 algorithm, extractable, usage_mask, &public_key, &private_key));
1942 EXPECT_FALSE(public_key.isNull()); 2031 EXPECT_FALSE(public_key.isNull());
1943 EXPECT_FALSE(private_key.isNull()); 2032 EXPECT_FALSE(private_key.isNull());
1944 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2033 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
1945 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2034 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
1946 EXPECT_TRUE(public_key.extractable()); 2035 EXPECT_TRUE(public_key.extractable());
1947 EXPECT_EQ(extractable, private_key.extractable()); 2036 EXPECT_EQ(extractable, private_key.extractable());
1948 EXPECT_EQ(usage_mask, public_key.usages()); 2037 EXPECT_EQ(usage_mask, public_key.usages());
1949 EXPECT_EQ(usage_mask, private_key.usages()); 2038 EXPECT_EQ(usage_mask, private_key.usages());
1950 2039
1951 // Try exporting the generated key pair, and then re-importing to verify that 2040 // Try exporting the generated key pair, and then re-importing to verify that
1952 // the exported data was valid. 2041 // the exported data was valid.
1953 blink::WebArrayBuffer public_key_spki; 2042 blink::WebArrayBuffer public_key_spki;
1954 EXPECT_STATUS_SUCCESS( 2043 EXPECT_EQ(
2044 Status::Success(),
1955 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); 2045 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki));
1956 public_key = blink::WebCryptoKey::createNull(); 2046 public_key = blink::WebCryptoKey::createNull();
1957 EXPECT_STATUS_SUCCESS( 2047 EXPECT_EQ(
2048 Status::Success(),
1958 ImportKey(blink::WebCryptoKeyFormatSpki, 2049 ImportKey(blink::WebCryptoKeyFormatSpki,
1959 CryptoData(public_key_spki), 2050 CryptoData(public_key_spki),
1960 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 2051 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1961 true, 2052 true,
1962 usage_mask, 2053 usage_mask,
1963 &public_key)); 2054 &public_key));
1964 EXPECT_EQ(modulus_length, 2055 EXPECT_EQ(modulus_length,
1965 public_key.algorithm().rsaParams()->modulusLengthBits()); 2056 public_key.algorithm().rsaParams()->modulusLengthBits());
1966 2057
1967 blink::WebArrayBuffer private_key_pkcs8; 2058 blink::WebArrayBuffer private_key_pkcs8;
1968 EXPECT_STATUS_SUCCESS(ExportKey( 2059 EXPECT_EQ(
1969 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); 2060 Status::Success(),
2061 ExportKey(
2062 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8));
1970 private_key = blink::WebCryptoKey::createNull(); 2063 private_key = blink::WebCryptoKey::createNull();
1971 EXPECT_STATUS_SUCCESS( 2064 EXPECT_EQ(
2065 Status::Success(),
1972 ImportKey(blink::WebCryptoKeyFormatPkcs8, 2066 ImportKey(blink::WebCryptoKeyFormatPkcs8,
1973 CryptoData(private_key_pkcs8), 2067 CryptoData(private_key_pkcs8),
1974 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 2068 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1975 true, 2069 true,
1976 usage_mask, 2070 usage_mask,
1977 &private_key)); 2071 &private_key));
1978 EXPECT_EQ(modulus_length, 2072 EXPECT_EQ(modulus_length,
1979 private_key.algorithm().rsaParams()->modulusLengthBits()); 2073 private_key.algorithm().rsaParams()->modulusLengthBits());
1980 2074
1981 // Fail with bad modulus. 2075 // Fail with bad modulus.
1982 algorithm = CreateRsaKeyGenAlgorithm( 2076 algorithm = CreateRsaKeyGenAlgorithm(
1983 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); 2077 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
1984 EXPECT_STATUS( 2078 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(),
1985 Status::ErrorGenerateRsaZeroModulus(), 2079 GenerateKeyPair(
1986 GenerateKeyPair( 2080 algorithm, extractable, usage_mask, &public_key, &private_key));
1987 algorithm, extractable, usage_mask, &public_key, &private_key));
1988 2081
1989 // Fail with bad exponent: larger than unsigned long. 2082 // Fail with bad exponent: larger than unsigned long.
1990 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT 2083 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT
1991 const std::vector<uint8> long_exponent(exponent_length, 0x01); 2084 const std::vector<uint8> long_exponent(exponent_length, 0x01);
1992 algorithm = CreateRsaKeyGenAlgorithm( 2085 algorithm = CreateRsaKeyGenAlgorithm(
1993 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); 2086 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent);
1994 EXPECT_STATUS( 2087 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
1995 Status::ErrorGenerateKeyPublicExponent(), 2088 GenerateKeyPair(
1996 GenerateKeyPair( 2089 algorithm, extractable, usage_mask, &public_key, &private_key));
1997 algorithm, extractable, usage_mask, &public_key, &private_key));
1998 2090
1999 // Fail with bad exponent: empty. 2091 // Fail with bad exponent: empty.
2000 const std::vector<uint8> empty_exponent; 2092 const std::vector<uint8> empty_exponent;
2001 algorithm = 2093 algorithm =
2002 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2094 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2003 modulus_length, 2095 modulus_length,
2004 empty_exponent); 2096 empty_exponent);
2005 EXPECT_STATUS( 2097 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
2006 Status::ErrorGenerateKeyPublicExponent(), 2098 GenerateKeyPair(
2007 GenerateKeyPair( 2099 algorithm, extractable, usage_mask, &public_key, &private_key));
2008 algorithm, extractable, usage_mask, &public_key, &private_key));
2009 2100
2010 // Fail with bad exponent: all zeros. 2101 // Fail with bad exponent: all zeros.
2011 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); 2102 std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
2012 algorithm = 2103 algorithm =
2013 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2104 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2014 modulus_length, 2105 modulus_length,
2015 exponent_with_leading_zeros); 2106 exponent_with_leading_zeros);
2016 EXPECT_STATUS( 2107 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
2017 Status::ErrorGenerateKeyPublicExponent(), 2108 GenerateKeyPair(
2018 GenerateKeyPair( 2109 algorithm, extractable, usage_mask, &public_key, &private_key));
2019 algorithm, extractable, usage_mask, &public_key, &private_key));
2020 2110
2021 // Key generation success using exponent with leading zeros. 2111 // Key generation success using exponent with leading zeros.
2022 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), 2112 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
2023 public_exponent.begin(), 2113 public_exponent.begin(),
2024 public_exponent.end()); 2114 public_exponent.end());
2025 algorithm = 2115 algorithm =
2026 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 2116 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
2027 modulus_length, 2117 modulus_length,
2028 exponent_with_leading_zeros); 2118 exponent_with_leading_zeros);
2029 EXPECT_STATUS_SUCCESS(GenerateKeyPair( 2119 EXPECT_EQ(Status::Success(),
2030 algorithm, extractable, usage_mask, &public_key, &private_key)); 2120 GenerateKeyPair(
2121 algorithm, extractable, usage_mask, &public_key, &private_key));
2031 EXPECT_FALSE(public_key.isNull()); 2122 EXPECT_FALSE(public_key.isNull());
2032 EXPECT_FALSE(private_key.isNull()); 2123 EXPECT_FALSE(private_key.isNull());
2033 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2124 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2034 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2125 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2035 EXPECT_TRUE(public_key.extractable()); 2126 EXPECT_TRUE(public_key.extractable());
2036 EXPECT_EQ(extractable, private_key.extractable()); 2127 EXPECT_EQ(extractable, private_key.extractable());
2037 EXPECT_EQ(usage_mask, public_key.usages()); 2128 EXPECT_EQ(usage_mask, public_key.usages());
2038 EXPECT_EQ(usage_mask, private_key.usages()); 2129 EXPECT_EQ(usage_mask, private_key.usages());
2039 2130
2040 // Successful WebCryptoAlgorithmIdRsaOaep key generation. 2131 // Successful WebCryptoAlgorithmIdRsaOaep key generation.
2041 algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, 2132 algorithm = CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep,
2042 blink::WebCryptoAlgorithmIdSha256, 2133 blink::WebCryptoAlgorithmIdSha256,
2043 modulus_length, 2134 modulus_length,
2044 public_exponent); 2135 public_exponent);
2045 EXPECT_STATUS_SUCCESS(GenerateKeyPair( 2136 EXPECT_EQ(Status::Success(),
2046 algorithm, extractable, usage_mask, &public_key, &private_key)); 2137 GenerateKeyPair(
2138 algorithm, extractable, usage_mask, &public_key, &private_key));
2047 EXPECT_FALSE(public_key.isNull()); 2139 EXPECT_FALSE(public_key.isNull());
2048 EXPECT_FALSE(private_key.isNull()); 2140 EXPECT_FALSE(private_key.isNull());
2049 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2141 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2050 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2142 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2051 EXPECT_EQ(modulus_length, 2143 EXPECT_EQ(modulus_length,
2052 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2144 public_key.algorithm().rsaHashedParams()->modulusLengthBits());
2053 EXPECT_EQ(modulus_length, 2145 EXPECT_EQ(modulus_length,
2054 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2146 private_key.algorithm().rsaHashedParams()->modulusLengthBits());
2055 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2147 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2056 public_key.algorithm().rsaHashedParams()->hash().id()); 2148 public_key.algorithm().rsaHashedParams()->hash().id());
2057 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2149 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2058 private_key.algorithm().rsaHashedParams()->hash().id()); 2150 private_key.algorithm().rsaHashedParams()->hash().id());
2059 EXPECT_TRUE(public_key.extractable()); 2151 EXPECT_TRUE(public_key.extractable());
2060 EXPECT_EQ(extractable, private_key.extractable()); 2152 EXPECT_EQ(extractable, private_key.extractable());
2061 EXPECT_EQ(usage_mask, public_key.usages()); 2153 EXPECT_EQ(usage_mask, public_key.usages());
2062 EXPECT_EQ(usage_mask, private_key.usages()); 2154 EXPECT_EQ(usage_mask, private_key.usages());
2063 2155
2064 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. 2156 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
2065 algorithm = 2157 algorithm =
2066 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2158 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2067 blink::WebCryptoAlgorithmIdSha1, 2159 blink::WebCryptoAlgorithmIdSha1,
2068 modulus_length, 2160 modulus_length,
2069 public_exponent); 2161 public_exponent);
2070 EXPECT_STATUS_SUCCESS( 2162 EXPECT_EQ(
2163 Status::Success(),
2071 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); 2164 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key));
2072 EXPECT_FALSE(public_key.isNull()); 2165 EXPECT_FALSE(public_key.isNull());
2073 EXPECT_FALSE(private_key.isNull()); 2166 EXPECT_FALSE(private_key.isNull());
2074 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); 2167 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type());
2075 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); 2168 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type());
2076 EXPECT_EQ(modulus_length, 2169 EXPECT_EQ(modulus_length,
2077 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2170 public_key.algorithm().rsaHashedParams()->modulusLengthBits());
2078 EXPECT_EQ(modulus_length, 2171 EXPECT_EQ(modulus_length,
2079 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); 2172 private_key.algorithm().rsaHashedParams()->modulusLengthBits());
2080 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2173 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2081 public_key.algorithm().rsaHashedParams()->hash().id()); 2174 public_key.algorithm().rsaHashedParams()->hash().id());
2082 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2175 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2083 private_key.algorithm().rsaHashedParams()->hash().id()); 2176 private_key.algorithm().rsaHashedParams()->hash().id());
2084 // Even though "extractable" was set to false, the public key remains 2177 // Even though "extractable" was set to false, the public key remains
2085 // extractable. 2178 // extractable.
2086 EXPECT_TRUE(public_key.extractable()); 2179 EXPECT_TRUE(public_key.extractable());
2087 EXPECT_FALSE(private_key.extractable()); 2180 EXPECT_FALSE(private_key.extractable());
2088 EXPECT_EQ(usage_mask, public_key.usages()); 2181 EXPECT_EQ(usage_mask, public_key.usages());
2089 EXPECT_EQ(usage_mask, private_key.usages()); 2182 EXPECT_EQ(usage_mask, private_key.usages());
2090 2183
2091 // Exporting a private key as SPKI format doesn't make sense. However this 2184 // Exporting a private key as SPKI format doesn't make sense. However this
2092 // will first fail because the key is not extractable. 2185 // will first fail because the key is not extractable.
2093 blink::WebArrayBuffer output; 2186 blink::WebArrayBuffer output;
2094 EXPECT_STATUS(Status::ErrorKeyNotExtractable(), 2187 EXPECT_EQ(Status::ErrorKeyNotExtractable(),
2095 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); 2188 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
2096 2189
2097 // Re-generate an extractable private_key and try to export it as SPKI format. 2190 // Re-generate an extractable private_key and try to export it as SPKI format.
2098 // This should fail since spki is for public keys. 2191 // This should fail since spki is for public keys.
2099 EXPECT_STATUS_SUCCESS( 2192 EXPECT_EQ(
2193 Status::Success(),
2100 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); 2194 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key));
2101 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2195 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2102 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); 2196 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
2103 } 2197 }
2104 2198
2105 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { 2199 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) {
2106 // Import a key pair. 2200 // Import a key pair.
2107 blink::WebCryptoAlgorithm algorithm = 2201 blink::WebCryptoAlgorithm algorithm =
2108 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2202 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2109 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2203 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2110 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2204 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2111 ImportRsaKeyPair( 2205 ImportRsaKeyPair(
2112 HexStringToBytes(kPublicKeySpkiDerHex), 2206 HexStringToBytes(kPublicKeySpkiDerHex),
(...skipping 15 matching lines...) Expand all
2128 2222
2129 // Verify encrypt / decrypt round trip on a few messages. Note that RSA 2223 // Verify encrypt / decrypt round trip on a few messages. Note that RSA
2130 // encryption does not support empty input. 2224 // encryption does not support empty input.
2131 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2225 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2132 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", 2226 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f",
2133 max_data_hex}; 2227 max_data_hex};
2134 blink::WebArrayBuffer encrypted_data; 2228 blink::WebArrayBuffer encrypted_data;
2135 blink::WebArrayBuffer decrypted_data; 2229 blink::WebArrayBuffer decrypted_data;
2136 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { 2230 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) {
2137 SCOPED_TRACE(i); 2231 SCOPED_TRACE(i);
2138 EXPECT_STATUS_SUCCESS(Encrypt(algorithm, 2232 EXPECT_EQ(Status::Success(),
2139 public_key, 2233 Encrypt(algorithm,
2140 CryptoData(HexStringToBytes(kTestDataHex[i])), 2234 public_key,
2141 &encrypted_data)); 2235 CryptoData(HexStringToBytes(kTestDataHex[i])),
2236 &encrypted_data));
2142 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength()); 2237 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength());
2143 ASSERT_STATUS_SUCCESS(Decrypt( 2238 ASSERT_EQ(Status::Success(),
2144 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2239 Decrypt(algorithm,
2240 private_key,
2241 CryptoData(encrypted_data),
2242 &decrypted_data));
2145 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); 2243 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data);
2146 } 2244 }
2147 } 2245 }
2148 2246
2149 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { 2247 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) {
2150 scoped_ptr<base::Value> json; 2248 scoped_ptr<base::Value> json;
2151 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); 2249 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
2152 base::DictionaryValue* test = NULL; 2250 base::DictionaryValue* test = NULL;
2153 ASSERT_TRUE(json->GetAsDictionary(&test)); 2251 ASSERT_TRUE(json->GetAsDictionary(&test));
2154 2252
(...skipping 22 matching lines...) Expand all
2177 rsa_pkcs8_der, 2275 rsa_pkcs8_der,
2178 algorithm, 2276 algorithm,
2179 false, 2277 false,
2180 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2278 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
2181 &public_key, 2279 &public_key,
2182 &private_key); 2280 &private_key);
2183 2281
2184 // Decrypt the known-good ciphertext with the private key. As a check we must 2282 // Decrypt the known-good ciphertext with the private key. As a check we must
2185 // get the known original cleartext. 2283 // get the known original cleartext.
2186 blink::WebArrayBuffer decrypted_data; 2284 blink::WebArrayBuffer decrypted_data;
2187 ASSERT_STATUS_SUCCESS( 2285 ASSERT_EQ(
2286 Status::Success(),
2188 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); 2287 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data));
2189 EXPECT_FALSE(decrypted_data.isNull()); 2288 EXPECT_FALSE(decrypted_data.isNull());
2190 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); 2289 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data));
2191 2290
2192 // Encrypt this decrypted data with the public key. 2291 // Encrypt this decrypted data with the public key.
2193 blink::WebArrayBuffer encrypted_data; 2292 blink::WebArrayBuffer encrypted_data;
2194 ASSERT_STATUS_SUCCESS(Encrypt( 2293 ASSERT_EQ(
2195 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); 2294 Status::Success(),
2295 Encrypt(
2296 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data));
2196 EXPECT_EQ(128u, encrypted_data.byteLength()); 2297 EXPECT_EQ(128u, encrypted_data.byteLength());
2197 2298
2198 // Finally, decrypt the newly encrypted result with the private key, and 2299 // Finally, decrypt the newly encrypted result with the private key, and
2199 // compare to the known original cleartext. 2300 // compare to the known original cleartext.
2200 decrypted_data.reset(); 2301 decrypted_data.reset();
2201 ASSERT_STATUS_SUCCESS(Decrypt( 2302 ASSERT_EQ(
2202 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2303 Status::Success(),
2304 Decrypt(
2305 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2203 EXPECT_FALSE(decrypted_data.isNull()); 2306 EXPECT_FALSE(decrypted_data.isNull());
2204 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); 2307 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data));
2205 } 2308 }
2206 2309
2207 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { 2310 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) {
2208 // Import a key pair. 2311 // Import a key pair.
2209 blink::WebCryptoAlgorithm algorithm = 2312 blink::WebCryptoAlgorithm algorithm =
2210 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2313 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2211 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2314 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2212 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2315 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2213 ImportRsaKeyPair( 2316 ImportRsaKeyPair(
2214 HexStringToBytes(kPublicKeySpkiDerHex), 2317 HexStringToBytes(kPublicKeySpkiDerHex),
2215 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2318 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2216 algorithm, 2319 algorithm,
2217 false, 2320 false,
2218 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2321 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
2219 &public_key, 2322 &public_key,
2220 &private_key); 2323 &private_key);
2221 2324
2222 // Fail encrypt with a private key. 2325 // Fail encrypt with a private key.
2223 blink::WebArrayBuffer encrypted_data; 2326 blink::WebArrayBuffer encrypted_data;
2224 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); 2327 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f");
2225 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); 2328 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str));
2226 EXPECT_STATUS( 2329 EXPECT_EQ(
2227 Status::ErrorUnexpectedKeyType(), 2330 Status::ErrorUnexpectedKeyType(),
2228 Encrypt( 2331 Encrypt(
2229 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); 2332 algorithm, private_key, CryptoData(message_hex), &encrypted_data));
2230 2333
2231 // Fail encrypt with empty message. 2334 // Fail encrypt with empty message.
2232 EXPECT_STATUS(Status::Error(), 2335 EXPECT_EQ(Status::ErrorDataTooSmall(),
2233 Encrypt(algorithm, 2336 Encrypt(algorithm,
2234 public_key, 2337 public_key,
2235 CryptoData(std::vector<uint8>()), 2338 CryptoData(std::vector<uint8>()),
2236 &encrypted_data)); 2339 &encrypted_data));
2237 2340
2238 // Fail encrypt with message too large. RSAES can operate on messages up to 2341 // Fail encrypt with message too large. RSAES can operate on messages up to
2239 // length of k - 11 bytes, where k is the octet length of the RSA modulus. 2342 // length of k - 11 bytes, where k is the octet length of the RSA modulus.
2240 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; 2343 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11;
2241 EXPECT_STATUS( 2344 EXPECT_EQ(Status::ErrorDataTooLarge(),
2242 Status::ErrorDataTooLarge(), 2345 Encrypt(algorithm,
2243 Encrypt(algorithm, 2346 public_key,
2244 public_key, 2347 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')),
2245 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), 2348 &encrypted_data));
2246 &encrypted_data));
2247 2349
2248 // Generate encrypted data. 2350 // Generate encrypted data.
2249 EXPECT_STATUS( 2351 EXPECT_EQ(
2250 Status::Success(), 2352 Status::Success(),
2251 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); 2353 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data));
2252 2354
2253 // Fail decrypt with a public key. 2355 // Fail decrypt with a public key.
2254 blink::WebArrayBuffer decrypted_data; 2356 blink::WebArrayBuffer decrypted_data;
2255 EXPECT_STATUS( 2357 EXPECT_EQ(
2256 Status::ErrorUnexpectedKeyType(), 2358 Status::ErrorUnexpectedKeyType(),
2257 Decrypt( 2359 Decrypt(
2258 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); 2360 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data));
2259 2361
2260 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. 2362 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted.
2261 std::vector<uint8> corrupted_data( 2363 std::vector<uint8> corrupted_data(
2262 static_cast<uint8*>(encrypted_data.data()), 2364 static_cast<uint8*>(encrypted_data.data()),
2263 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); 2365 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength());
2264 corrupted_data[corrupted_data.size() / 2] ^= 0x01; 2366 corrupted_data[corrupted_data.size() / 2] ^= 0x01;
2265 EXPECT_STATUS( 2367 EXPECT_EQ(
2266 Status::Error(), 2368 Status::OperationError(),
2267 Decrypt( 2369 Decrypt(
2268 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data)); 2370 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data));
2269 2371
2270 // TODO(padolph): Are there other specific data corruption scenarios to 2372 // TODO(padolph): Are there other specific data corruption scenarios to
2271 // consider? 2373 // consider?
2272 2374
2273 // Do a successful decrypt with good data just for confirmation. 2375 // Do a successful decrypt with good data just for confirmation.
2274 EXPECT_STATUS_SUCCESS(Decrypt( 2376 EXPECT_EQ(
2275 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2377 Status::Success(),
2378 Decrypt(
2379 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2276 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); 2380 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
2277 } 2381 }
2278 2382
2279 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { 2383 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
2280 // Import a key pair. 2384 // Import a key pair.
2281 blink::WebCryptoKeyUsageMask usage_mask = 2385 blink::WebCryptoKeyUsageMask usage_mask =
2282 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; 2386 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
2283 blink::WebCryptoAlgorithm importAlgorithm = 2387 blink::WebCryptoAlgorithm importAlgorithm =
2284 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2388 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2285 blink::WebCryptoAlgorithmIdSha1); 2389 blink::WebCryptoAlgorithmIdSha1);
2286 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2390 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2287 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2391 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2288 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), 2392 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2289 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2393 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2290 importAlgorithm, 2394 importAlgorithm,
2291 false, 2395 false,
2292 usage_mask, 2396 usage_mask,
2293 &public_key, 2397 &public_key,
2294 &private_key); 2398 &private_key);
2295 2399
2296 blink::WebCryptoAlgorithm algorithm = 2400 blink::WebCryptoAlgorithm algorithm =
2297 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); 2401 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
2298 2402
2299 blink::WebArrayBuffer signature; 2403 blink::WebArrayBuffer signature;
2300 bool signature_match; 2404 bool signature_match;
2301 2405
2302 // Compute a signature. 2406 // Compute a signature.
2303 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); 2407 const std::vector<uint8> data = HexStringToBytes("010203040506070809");
2304 ASSERT_STATUS_SUCCESS( 2408 ASSERT_EQ(Status::Success(),
2305 Sign(algorithm, private_key, CryptoData(data), &signature)); 2409 Sign(algorithm, private_key, CryptoData(data), &signature));
2306 2410
2307 // Ensure truncated signature does not verify by passing one less byte. 2411 // Ensure truncated signature does not verify by passing one less byte.
2308 EXPECT_STATUS_SUCCESS(VerifySignature( 2412 EXPECT_EQ(
2309 algorithm, 2413 Status::Success(),
2310 public_key, 2414 VerifySignature(
2311 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()), 2415 algorithm,
2312 signature.byteLength() - 1), 2416 public_key,
2313 CryptoData(data), 2417 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()),
2314 &signature_match)); 2418 signature.byteLength() - 1),
2419 CryptoData(data),
2420 &signature_match));
2315 EXPECT_FALSE(signature_match); 2421 EXPECT_FALSE(signature_match);
2316 2422
2317 // Ensure truncated signature does not verify by passing no bytes. 2423 // Ensure truncated signature does not verify by passing no bytes.
2318 EXPECT_STATUS_SUCCESS(VerifySignature( 2424 EXPECT_EQ(Status::Success(),
2319 algorithm, public_key, CryptoData(), CryptoData(data), &signature_match)); 2425 VerifySignature(algorithm,
2426 public_key,
2427 CryptoData(),
2428 CryptoData(data),
2429 &signature_match));
2320 EXPECT_FALSE(signature_match); 2430 EXPECT_FALSE(signature_match);
2321 2431
2322 // Ensure corrupted signature does not verify. 2432 // Ensure corrupted signature does not verify.
2323 std::vector<uint8> corrupt_sig( 2433 std::vector<uint8> corrupt_sig(
2324 static_cast<uint8*>(signature.data()), 2434 static_cast<uint8*>(signature.data()),
2325 static_cast<uint8*>(signature.data()) + signature.byteLength()); 2435 static_cast<uint8*>(signature.data()) + signature.byteLength());
2326 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; 2436 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
2327 EXPECT_STATUS_SUCCESS(VerifySignature(algorithm, 2437 EXPECT_EQ(Status::Success(),
2328 public_key, 2438 VerifySignature(algorithm,
2329 CryptoData(corrupt_sig), 2439 public_key,
2330 CryptoData(data), 2440 CryptoData(corrupt_sig),
2331 &signature_match)); 2441 CryptoData(data),
2442 &signature_match));
2332 EXPECT_FALSE(signature_match); 2443 EXPECT_FALSE(signature_match);
2333 2444
2334 // Ensure signatures that are greater than the modulus size fail. 2445 // Ensure signatures that are greater than the modulus size fail.
2335 const unsigned int long_message_size_bytes = 1024; 2446 const unsigned int long_message_size_bytes = 1024;
2336 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); 2447 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
2337 const unsigned char kLongSignature[long_message_size_bytes] = {0}; 2448 const unsigned char kLongSignature[long_message_size_bytes] = {0};
2338 EXPECT_STATUS_SUCCESS( 2449 EXPECT_EQ(Status::Success(),
2339 VerifySignature(algorithm, 2450 VerifySignature(algorithm,
2340 public_key, 2451 public_key,
2341 CryptoData(kLongSignature, sizeof(kLongSignature)), 2452 CryptoData(kLongSignature, sizeof(kLongSignature)),
2342 CryptoData(data), 2453 CryptoData(data),
2343 &signature_match)); 2454 &signature_match));
2344 EXPECT_FALSE(signature_match); 2455 EXPECT_FALSE(signature_match);
2345 2456
2346 // Ensure that verifying using a private key, rather than a public key, fails. 2457 // Ensure that verifying using a private key, rather than a public key, fails.
2347 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2458 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2348 VerifySignature(algorithm, 2459 VerifySignature(algorithm,
2349 private_key, 2460 private_key,
2350 CryptoData(signature), 2461 CryptoData(signature),
2351 CryptoData(data), 2462 CryptoData(data),
2352 &signature_match)); 2463 &signature_match));
2353 2464
2354 // Ensure that signing using a public key, rather than a private key, fails. 2465 // Ensure that signing using a public key, rather than a private key, fails.
2355 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 2466 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2356 Sign(algorithm, public_key, CryptoData(data), &signature)); 2467 Sign(algorithm, public_key, CryptoData(data), &signature));
2357 2468
2358 // Ensure that signing and verifying with an incompatible algorithm fails. 2469 // Ensure that signing and verifying with an incompatible algorithm fails.
2359 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2470 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2360 2471
2361 EXPECT_STATUS(Status::ErrorUnexpected(), 2472 EXPECT_EQ(Status::ErrorUnexpected(),
2362 Sign(algorithm, private_key, CryptoData(data), &signature)); 2473 Sign(algorithm, private_key, CryptoData(data), &signature));
2363 EXPECT_STATUS(Status::ErrorUnexpected(), 2474 EXPECT_EQ(Status::ErrorUnexpected(),
2364 VerifySignature(algorithm, 2475 VerifySignature(algorithm,
2365 public_key, 2476 public_key,
2366 CryptoData(signature), 2477 CryptoData(signature),
2367 CryptoData(data), 2478 CryptoData(data),
2368 &signature_match)); 2479 &signature_match));
2369 2480
2370 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash 2481 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
2371 // based solely on the contents of the input signature data. In the Web Crypto 2482 // based solely on the contents of the input signature data. In the Web Crypto
2372 // implementation, the inner hash should be specified uniquely by the key 2483 // implementation, the inner hash should be specified uniquely by the key
2373 // algorithm parameter. To validate this behavior, call Verify with a computed 2484 // algorithm parameter. To validate this behavior, call Verify with a computed
2374 // signature that used one hash type (SHA-1), but pass in a key with a 2485 // signature that used one hash type (SHA-1), but pass in a key with a
2375 // different inner hash type (SHA-256). If the hash type is determined by the 2486 // different inner hash type (SHA-256). If the hash type is determined by the
2376 // signature itself (undesired), the verify will pass, while if the hash type 2487 // signature itself (undesired), the verify will pass, while if the hash type
2377 // is specified by the key algorithm (desired), the verify will fail. 2488 // is specified by the key algorithm (desired), the verify will fail.
2378 2489
2379 // Compute a signature using SHA-1 as the inner hash. 2490 // Compute a signature using SHA-1 as the inner hash.
2380 EXPECT_STATUS_SUCCESS( 2491 EXPECT_EQ(Status::Success(),
2381 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 2492 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
2382 private_key, 2493 private_key,
2383 CryptoData(data), 2494 CryptoData(data),
2384 &signature)); 2495 &signature));
2385 2496
2386 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); 2497 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull();
2387 EXPECT_STATUS_SUCCESS(ImportKey( 2498 EXPECT_EQ(Status::Success(),
2388 blink::WebCryptoKeyFormatSpki, 2499 ImportKey(blink::WebCryptoKeyFormatSpki,
2389 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 2500 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
2390 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2501 CreateRsaHashedImportAlgorithm(
2391 blink::WebCryptoAlgorithmIdSha256), 2502 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2392 true, 2503 blink::WebCryptoAlgorithmIdSha256),
2393 usage_mask, 2504 true,
2394 &public_key_256)); 2505 usage_mask,
2506 &public_key_256));
2395 2507
2396 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The 2508 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
2397 // signature should not verify. 2509 // signature should not verify.
2398 // NOTE: public_key was produced by generateKey, and so its associated 2510 // NOTE: public_key was produced by generateKey, and so its associated
2399 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus 2511 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
2400 // it has no inner hash to conflict with the input algorithm. 2512 // it has no inner hash to conflict with the input algorithm.
2401 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2513 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2402 private_key.algorithm().rsaHashedParams()->hash().id()); 2514 private_key.algorithm().rsaHashedParams()->hash().id());
2403 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2515 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2404 public_key_256.algorithm().rsaHashedParams()->hash().id()); 2516 public_key_256.algorithm().rsaHashedParams()->hash().id());
2405 2517
2406 bool is_match; 2518 bool is_match;
2407 EXPECT_STATUS_SUCCESS(VerifySignature( 2519 EXPECT_EQ(Status::Success(),
2408 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), 2520 VerifySignature(
2409 public_key_256, 2521 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
2410 CryptoData(signature), 2522 public_key_256,
2411 CryptoData(data), 2523 CryptoData(signature),
2412 &is_match)); 2524 CryptoData(data),
2525 &is_match));
2413 EXPECT_FALSE(is_match); 2526 EXPECT_FALSE(is_match);
2414 } 2527 }
2415 2528
2416 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { 2529 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
2417 scoped_ptr<base::ListValue> tests; 2530 scoped_ptr<base::ListValue> tests;
2418 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); 2531 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
2419 2532
2420 // Import the key pair. 2533 // Import the key pair.
2421 blink::WebCryptoAlgorithm importAlgorithm = 2534 blink::WebCryptoAlgorithm importAlgorithm =
2422 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2535 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
(...skipping 19 matching lines...) Expand all
2442 2555
2443 base::DictionaryValue* test; 2556 base::DictionaryValue* test;
2444 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); 2557 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
2445 2558
2446 std::vector<uint8> test_message = 2559 std::vector<uint8> test_message =
2447 GetBytesFromHexString(test, "message_hex"); 2560 GetBytesFromHexString(test, "message_hex");
2448 std::vector<uint8> test_signature = 2561 std::vector<uint8> test_signature =
2449 GetBytesFromHexString(test, "signature_hex"); 2562 GetBytesFromHexString(test, "signature_hex");
2450 2563
2451 signature.reset(); 2564 signature.reset();
2452 ASSERT_STATUS_SUCCESS( 2565 ASSERT_EQ(
2566 Status::Success(),
2453 Sign(algorithm, private_key, CryptoData(test_message), &signature)); 2567 Sign(algorithm, private_key, CryptoData(test_message), &signature));
2454 EXPECT_TRUE(ArrayBufferMatches(test_signature, signature)); 2568 EXPECT_TRUE(ArrayBufferMatches(test_signature, signature));
2455 2569
2456 bool is_match = false; 2570 bool is_match = false;
2457 ASSERT_STATUS_SUCCESS(VerifySignature(algorithm, 2571 ASSERT_EQ(Status::Success(),
2458 public_key, 2572 VerifySignature(algorithm,
2459 CryptoData(test_signature), 2573 public_key,
2460 CryptoData(test_message), 2574 CryptoData(test_signature),
2461 &is_match)); 2575 CryptoData(test_message),
2576 &is_match));
2462 EXPECT_TRUE(is_match); 2577 EXPECT_TRUE(is_match);
2463 } 2578 }
2464 } 2579 }
2465 2580
2466 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { 2581 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
2467 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 2582 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
2468 blink::WebCryptoAlgorithm algorithm = 2583 blink::WebCryptoAlgorithm algorithm =
2469 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2584 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2470 2585
2471 // Import a 128-bit Key Encryption Key (KEK) 2586 // Import a 128-bit Key Encryption Key (KEK)
2472 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; 2587 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
2473 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2588 ASSERT_EQ(Status::Success(),
2474 CryptoData(HexStringToBytes(key_raw_hex_in)), 2589 ImportKey(blink::WebCryptoKeyFormatRaw,
2475 algorithm, 2590 CryptoData(HexStringToBytes(key_raw_hex_in)),
2476 true, 2591 algorithm,
2477 blink::WebCryptoKeyUsageWrapKey, 2592 true,
2478 &key)); 2593 blink::WebCryptoKeyUsageWrapKey,
2594 &key));
2479 blink::WebArrayBuffer key_raw_out; 2595 blink::WebArrayBuffer key_raw_out;
2480 EXPECT_STATUS_SUCCESS( 2596 EXPECT_EQ(Status::Success(),
2481 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2597 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2482 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2598 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2483 2599
2484 // Import a 192-bit KEK 2600 // Import a 192-bit KEK
2485 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; 2601 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103";
2486 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2602 ASSERT_EQ(Status::Success(),
2487 CryptoData(HexStringToBytes(key_raw_hex_in)), 2603 ImportKey(blink::WebCryptoKeyFormatRaw,
2488 algorithm, 2604 CryptoData(HexStringToBytes(key_raw_hex_in)),
2489 true, 2605 algorithm,
2490 blink::WebCryptoKeyUsageWrapKey, 2606 true,
2491 &key)); 2607 blink::WebCryptoKeyUsageWrapKey,
2492 EXPECT_STATUS_SUCCESS( 2608 &key));
2493 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2609 EXPECT_EQ(Status::Success(),
2610 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2494 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2611 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2495 2612
2496 // Import a 256-bit Key Encryption Key (KEK) 2613 // Import a 256-bit Key Encryption Key (KEK)
2497 key_raw_hex_in = 2614 key_raw_hex_in =
2498 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; 2615 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f";
2499 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 2616 ASSERT_EQ(Status::Success(),
2500 CryptoData(HexStringToBytes(key_raw_hex_in)), 2617 ImportKey(blink::WebCryptoKeyFormatRaw,
2501 algorithm, 2618 CryptoData(HexStringToBytes(key_raw_hex_in)),
2502 true, 2619 algorithm,
2503 blink::WebCryptoKeyUsageWrapKey, 2620 true,
2504 &key)); 2621 blink::WebCryptoKeyUsageWrapKey,
2505 EXPECT_STATUS_SUCCESS( 2622 &key));
2506 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); 2623 EXPECT_EQ(Status::Success(),
2624 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
2507 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); 2625 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out);
2508 2626
2509 // Fail import of 0 length key 2627 // Fail import of 0 length key
2510 EXPECT_STATUS(Status::Error(), 2628 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2511 ImportKey(blink::WebCryptoKeyFormatRaw, 2629 ImportKey(blink::WebCryptoKeyFormatRaw,
2512 CryptoData(HexStringToBytes("")), 2630 CryptoData(HexStringToBytes("")),
2513 algorithm, 2631 algorithm,
2514 true, 2632 true,
2515 blink::WebCryptoKeyUsageWrapKey, 2633 blink::WebCryptoKeyUsageWrapKey,
2516 &key)); 2634 &key));
2517 2635
2518 // Fail import of 124-bit KEK 2636 // Fail import of 124-bit KEK
2519 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; 2637 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb";
2520 EXPECT_STATUS(Status::Error(), 2638 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2521 ImportKey(blink::WebCryptoKeyFormatRaw, 2639 ImportKey(blink::WebCryptoKeyFormatRaw,
2522 CryptoData(HexStringToBytes(key_raw_hex_in)), 2640 CryptoData(HexStringToBytes(key_raw_hex_in)),
2523 algorithm, 2641 algorithm,
2524 true, 2642 true,
2525 blink::WebCryptoKeyUsageWrapKey, 2643 blink::WebCryptoKeyUsageWrapKey,
2526 &key)); 2644 &key));
2527 2645
2528 // Fail import of 200-bit KEK 2646 // Fail import of 200-bit KEK
2529 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; 2647 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e";
2530 EXPECT_STATUS(Status::Error(), 2648 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2531 ImportKey(blink::WebCryptoKeyFormatRaw, 2649 ImportKey(blink::WebCryptoKeyFormatRaw,
2532 CryptoData(HexStringToBytes(key_raw_hex_in)), 2650 CryptoData(HexStringToBytes(key_raw_hex_in)),
2533 algorithm, 2651 algorithm,
2534 true, 2652 true,
2535 blink::WebCryptoKeyUsageWrapKey, 2653 blink::WebCryptoKeyUsageWrapKey,
2536 &key)); 2654 &key));
2537 2655
2538 // Fail import of 260-bit KEK 2656 // Fail import of 260-bit KEK
2539 key_raw_hex_in = 2657 key_raw_hex_in =
2540 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; 2658 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a";
2541 EXPECT_STATUS(Status::Error(), 2659 EXPECT_EQ(Status::ErrorImportAesKeyLength(),
2542 ImportKey(blink::WebCryptoKeyFormatRaw, 2660 ImportKey(blink::WebCryptoKeyFormatRaw,
2543 CryptoData(HexStringToBytes(key_raw_hex_in)), 2661 CryptoData(HexStringToBytes(key_raw_hex_in)),
2544 algorithm, 2662 algorithm,
2545 true, 2663 true,
2546 blink::WebCryptoKeyUsageWrapKey, 2664 blink::WebCryptoKeyUsageWrapKey,
2547 &key)); 2665 &key));
2548 } 2666 }
2549 2667
2550 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { 2668 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) {
2551 // This test exercises the code path common to all unwrap operations. 2669 // This test exercises the code path common to all unwrap operations.
2552 scoped_ptr<base::ListValue> tests; 2670 scoped_ptr<base::ListValue> tests;
2553 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2671 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2554 base::DictionaryValue* test; 2672 base::DictionaryValue* test;
2555 ASSERT_TRUE(tests->GetDictionary(0, &test)); 2673 ASSERT_TRUE(tests->GetDictionary(0, &test));
2556 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); 2674 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2557 const std::vector<uint8> test_ciphertext = 2675 const std::vector<uint8> test_ciphertext =
2558 GetBytesFromHexString(test, "ciphertext"); 2676 GetBytesFromHexString(test, "ciphertext");
2559 2677
2560 // Using a key that does not have unwrapKey usage should fail. 2678 // Using a key that does not have unwrapKey usage should fail.
2561 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw( 2679 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw(
2562 test_kek, 2680 test_kek,
2563 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2681 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2564 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey 2682 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey
2565 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2683 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2566 EXPECT_STATUS( 2684 EXPECT_EQ(
2567 Status::ErrorUnexpected(), 2685 Status::ErrorUnexpected(),
2568 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2686 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2569 CryptoData(test_ciphertext), 2687 CryptoData(test_ciphertext),
2570 bad_wrapping_key, 2688 bad_wrapping_key,
2571 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2689 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2572 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2690 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2573 true, 2691 true,
2574 blink::WebCryptoKeyUsageEncrypt, 2692 blink::WebCryptoKeyUsageEncrypt,
2575 &unwrapped_key)); 2693 &unwrapped_key));
2576 2694
2577 // Using a wrapping algorithm that does not match the wrapping key algorithm 2695 // Using a wrapping algorithm that does not match the wrapping key algorithm
2578 // should fail. 2696 // should fail.
2579 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2697 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2580 test_kek, 2698 test_kek,
2581 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2699 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2582 blink::WebCryptoKeyUsageUnwrapKey); 2700 blink::WebCryptoKeyUsageUnwrapKey);
2583 EXPECT_STATUS( 2701 EXPECT_EQ(
2584 Status::ErrorUnexpected(), 2702 Status::ErrorUnexpected(),
2585 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2703 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2586 CryptoData(test_ciphertext), 2704 CryptoData(test_ciphertext),
2587 wrapping_key, 2705 wrapping_key,
2588 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2706 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2589 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2707 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2590 true, 2708 true,
2591 blink::WebCryptoKeyUsageEncrypt, 2709 blink::WebCryptoKeyUsageEncrypt,
2592 &unwrapped_key)); 2710 &unwrapped_key));
2593 } 2711 }
(...skipping 20 matching lines...) Expand all
2614 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); 2732 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2615 2733
2616 // Import the key to be wrapped. 2734 // Import the key to be wrapped.
2617 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2735 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2618 test_key, 2736 test_key,
2619 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2737 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2620 blink::WebCryptoKeyUsageEncrypt); 2738 blink::WebCryptoKeyUsageEncrypt);
2621 2739
2622 // Wrap the key and verify the ciphertext result against the known answer. 2740 // Wrap the key and verify the ciphertext result against the known answer.
2623 blink::WebArrayBuffer wrapped_key; 2741 blink::WebArrayBuffer wrapped_key;
2624 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatRaw, 2742 ASSERT_EQ(Status::Success(),
2625 wrapping_key, 2743 WrapKey(blink::WebCryptoKeyFormatRaw,
2626 key, 2744 wrapping_key,
2627 wrapping_algorithm, 2745 key,
2628 &wrapped_key)); 2746 wrapping_algorithm,
2747 &wrapped_key));
2629 EXPECT_TRUE(ArrayBufferMatches(test_ciphertext, wrapped_key)); 2748 EXPECT_TRUE(ArrayBufferMatches(test_ciphertext, wrapped_key));
2630 2749
2631 // Unwrap the known ciphertext to get a new test_key. 2750 // Unwrap the known ciphertext to get a new test_key.
2632 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2751 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2633 ASSERT_STATUS_SUCCESS( 2752 ASSERT_EQ(
2753 Status::Success(),
2634 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2754 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2635 CryptoData(test_ciphertext), 2755 CryptoData(test_ciphertext),
2636 wrapping_key, 2756 wrapping_key,
2637 wrapping_algorithm, 2757 wrapping_algorithm,
2638 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2758 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2639 true, 2759 true,
2640 blink::WebCryptoKeyUsageEncrypt, 2760 blink::WebCryptoKeyUsageEncrypt,
2641 &unwrapped_key)); 2761 &unwrapped_key));
2642 EXPECT_FALSE(key.isNull()); 2762 EXPECT_FALSE(key.isNull());
2643 EXPECT_TRUE(key.handle()); 2763 EXPECT_TRUE(key.handle());
2644 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 2764 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
2645 EXPECT_EQ( 2765 EXPECT_EQ(
2646 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), 2766 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),
2647 key.algorithm().id()); 2767 key.algorithm().id());
2648 EXPECT_EQ(true, key.extractable()); 2768 EXPECT_EQ(true, key.extractable());
2649 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); 2769 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
2650 2770
2651 // Export the new key and compare its raw bytes with the original known key. 2771 // Export the new key and compare its raw bytes with the original known key.
2652 blink::WebArrayBuffer raw_key; 2772 blink::WebArrayBuffer raw_key;
2653 EXPECT_STATUS_SUCCESS( 2773 EXPECT_EQ(Status::Success(),
2654 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 2774 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2655 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 2775 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
2656 } 2776 }
2657 } 2777 }
2658 2778
2659 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { 2779 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
2660 scoped_ptr<base::ListValue> tests; 2780 scoped_ptr<base::ListValue> tests;
2661 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2781 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2662 base::DictionaryValue* test; 2782 base::DictionaryValue* test;
2663 // Use 256 bits of data with a 256-bit KEK 2783 // Use 256 bits of data with a 256-bit KEK
2664 ASSERT_TRUE(tests->GetDictionary(5, &test)); 2784 ASSERT_TRUE(tests->GetDictionary(5, &test));
(...skipping 13 matching lines...) Expand all
2678 // Import the key to be wrapped. 2798 // Import the key to be wrapped.
2679 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2799 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2680 test_key, 2800 test_key,
2681 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2801 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2682 blink::WebCryptoKeyUsageEncrypt); 2802 blink::WebCryptoKeyUsageEncrypt);
2683 2803
2684 // Unwrap with wrapped data too small must fail. 2804 // Unwrap with wrapped data too small must fail.
2685 const std::vector<uint8> small_data(test_ciphertext.begin(), 2805 const std::vector<uint8> small_data(test_ciphertext.begin(),
2686 test_ciphertext.begin() + 23); 2806 test_ciphertext.begin() + 23);
2687 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2807 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2688 EXPECT_STATUS(Status::ErrorDataTooSmall(), 2808 EXPECT_EQ(Status::ErrorDataTooSmall(),
2689 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2809 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2690 CryptoData(small_data), 2810 CryptoData(small_data),
2691 wrapping_key, 2811 wrapping_key,
2692 wrapping_algorithm, 2812 wrapping_algorithm,
2693 key_algorithm, 2813 key_algorithm,
2694 true, 2814 true,
2695 blink::WebCryptoKeyUsageEncrypt, 2815 blink::WebCryptoKeyUsageEncrypt,
2696 &unwrapped_key)); 2816 &unwrapped_key));
2697 2817
2698 // Unwrap with wrapped data size not a multiple of 8 bytes must fail. 2818 // Unwrap with wrapped data size not a multiple of 8 bytes must fail.
2699 const std::vector<uint8> unaligned_data(test_ciphertext.begin(), 2819 const std::vector<uint8> unaligned_data(test_ciphertext.begin(),
2700 test_ciphertext.end() - 2); 2820 test_ciphertext.end() - 2);
2701 EXPECT_STATUS(Status::ErrorInvalidAesKwDataLength(), 2821 EXPECT_EQ(Status::ErrorInvalidAesKwDataLength(),
2702 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2822 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2703 CryptoData(unaligned_data), 2823 CryptoData(unaligned_data),
2704 wrapping_key, 2824 wrapping_key,
2705 wrapping_algorithm, 2825 wrapping_algorithm,
2706 key_algorithm, 2826 key_algorithm,
2707 true, 2827 true,
2708 blink::WebCryptoKeyUsageEncrypt, 2828 blink::WebCryptoKeyUsageEncrypt,
2709 &unwrapped_key)); 2829 &unwrapped_key));
2710 } 2830 }
2711 2831
2712 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) { 2832 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) {
2713 scoped_ptr<base::ListValue> tests; 2833 scoped_ptr<base::ListValue> tests;
2714 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2834 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2715 base::DictionaryValue* test; 2835 base::DictionaryValue* test;
2716 // Use 256 bits of data with a 256-bit KEK 2836 // Use 256 bits of data with a 256-bit KEK
2717 ASSERT_TRUE(tests->GetDictionary(5, &test)); 2837 ASSERT_TRUE(tests->GetDictionary(5, &test));
2718 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); 2838 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2719 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); 2839 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
2720 const std::vector<uint8> test_ciphertext = 2840 const std::vector<uint8> test_ciphertext =
2721 GetBytesFromHexString(test, "ciphertext"); 2841 GetBytesFromHexString(test, "ciphertext");
2722 const blink::WebCryptoAlgorithm wrapping_algorithm = 2842 const blink::WebCryptoAlgorithm wrapping_algorithm =
2723 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2843 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2724 2844
2725 // Import the wrapping key. 2845 // Import the wrapping key.
2726 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2846 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2727 test_kek, 2847 test_kek,
2728 wrapping_algorithm, 2848 wrapping_algorithm,
2729 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); 2849 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey);
2730 2850
2731 // Unwrap of a corrupted version of the known ciphertext should fail, due to 2851 // Unwrap of a corrupted version of the known ciphertext should fail, due to
2732 // AES-KW's built-in integrity check. 2852 // AES-KW's built-in integrity check.
2733 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2853 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2734 EXPECT_STATUS( 2854 EXPECT_EQ(
2735 Status::Error(), 2855 Status::OperationError(),
2736 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2856 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2737 CryptoData(Corrupted(test_ciphertext)), 2857 CryptoData(Corrupted(test_ciphertext)),
2738 wrapping_key, 2858 wrapping_key,
2739 wrapping_algorithm, 2859 wrapping_algorithm,
2740 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 2860 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2741 true, 2861 true,
2742 blink::WebCryptoKeyUsageEncrypt, 2862 blink::WebCryptoKeyUsageEncrypt,
2743 &unwrapped_key)); 2863 &unwrapped_key));
2744 } 2864 }
2745 2865
(...skipping 16 matching lines...) Expand all
2762 HexStringToBytes("000102030405060708090A0B0C0D0E0F"); 2882 HexStringToBytes("000102030405060708090A0B0C0D0E0F");
2763 const blink::WebCryptoAlgorithm wrapping_algorithm = 2883 const blink::WebCryptoAlgorithm wrapping_algorithm =
2764 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); 2884 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
2765 2885
2766 // Import the wrapping key. 2886 // Import the wrapping key.
2767 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2887 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2768 wrapping_key_data, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey); 2888 wrapping_key_data, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey);
2769 2889
2770 // Unwrap the known wrapped key data to produce a new key 2890 // Unwrap the known wrapped key data to produce a new key
2771 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2891 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2772 ASSERT_STATUS_SUCCESS( 2892 ASSERT_EQ(
2893 Status::Success(),
2773 UnwrapKey(blink::WebCryptoKeyFormatJwk, 2894 UnwrapKey(blink::WebCryptoKeyFormatJwk,
2774 CryptoData(wrapped_key_data), 2895 CryptoData(wrapped_key_data),
2775 wrapping_key, 2896 wrapping_key,
2776 wrapping_algorithm, 2897 wrapping_algorithm,
2777 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), 2898 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256),
2778 true, 2899 true,
2779 blink::WebCryptoKeyUsageVerify, 2900 blink::WebCryptoKeyUsageVerify,
2780 &unwrapped_key)); 2901 &unwrapped_key));
2781 2902
2782 // Validate the new key's attributes. 2903 // Validate the new key's attributes.
2783 EXPECT_FALSE(unwrapped_key.isNull()); 2904 EXPECT_FALSE(unwrapped_key.isNull());
2784 EXPECT_TRUE(unwrapped_key.handle()); 2905 EXPECT_TRUE(unwrapped_key.handle());
2785 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); 2906 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type());
2786 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id()); 2907 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id());
2787 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2908 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
2788 unwrapped_key.algorithm().hmacParams()->hash().id()); 2909 unwrapped_key.algorithm().hmacParams()->hash().id());
2789 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits()); 2910 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits());
2790 EXPECT_EQ(true, unwrapped_key.extractable()); 2911 EXPECT_EQ(true, unwrapped_key.extractable());
2791 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages()); 2912 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages());
2792 2913
2793 // Export the new key's raw data and compare to the known original. 2914 // Export the new key's raw data and compare to the known original.
2794 blink::WebArrayBuffer raw_key; 2915 blink::WebArrayBuffer raw_key;
2795 EXPECT_STATUS_SUCCESS( 2916 EXPECT_EQ(Status::Success(),
2796 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 2917 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2797 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); 2918 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key));
2798 } 2919 }
2799 2920
2800 // TODO(eroman): 2921 // TODO(eroman):
2801 // * Test decryption when the tag length exceeds input size 2922 // * Test decryption when the tag length exceeds input size
2802 // * Test decryption with empty input 2923 // * Test decryption with empty input
2803 // * Test decryption with tag length of 0. 2924 // * Test decryption with tag length of 0.
2804 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { 2925 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
2805 // Some Linux test runners may not have a new enough version of NSS. 2926 // Some Linux test runners may not have a new enough version of NSS.
2806 if (!SupportsAesGcm()) { 2927 if (!SupportsAesGcm()) {
(...skipping 22 matching lines...) Expand all
2829 const std::vector<uint8> test_cipher_text = 2950 const std::vector<uint8> test_cipher_text =
2830 GetBytesFromHexString(test, "cipher_text"); 2951 GetBytesFromHexString(test, "cipher_text");
2831 2952
2832 blink::WebCryptoKey key = ImportSecretKeyFromRaw( 2953 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
2833 test_key, 2954 test_key,
2834 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), 2955 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm),
2835 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); 2956 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
2836 2957
2837 // Verify exported raw key is identical to the imported data 2958 // Verify exported raw key is identical to the imported data
2838 blink::WebArrayBuffer raw_key; 2959 blink::WebArrayBuffer raw_key;
2839 EXPECT_STATUS_SUCCESS( 2960 EXPECT_EQ(Status::Success(),
2840 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); 2961 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
2841 2962
2842 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); 2963 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key));
2843 2964
2844 // Test encryption. 2965 // Test encryption.
2845 std::vector<uint8> cipher_text; 2966 std::vector<uint8> cipher_text;
2846 std::vector<uint8> authentication_tag; 2967 std::vector<uint8> authentication_tag;
2847 EXPECT_STATUS_SUCCESS(AesGcmEncrypt(key, 2968 EXPECT_EQ(Status::Success(),
2848 test_iv, 2969 AesGcmEncrypt(key,
2849 test_additional_data, 2970 test_iv,
2850 test_tag_size_bits, 2971 test_additional_data,
2851 test_plain_text, 2972 test_tag_size_bits,
2852 &cipher_text, 2973 test_plain_text,
2853 &authentication_tag)); 2974 &cipher_text,
2975 &authentication_tag));
2854 2976
2855 ExpectVectorMatches(test_cipher_text, cipher_text); 2977 ExpectVectorMatches(test_cipher_text, cipher_text);
2856 ExpectVectorMatches(test_authentication_tag, authentication_tag); 2978 ExpectVectorMatches(test_authentication_tag, authentication_tag);
2857 2979
2858 // Test decryption. 2980 // Test decryption.
2859 blink::WebArrayBuffer plain_text; 2981 blink::WebArrayBuffer plain_text;
2860 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, 2982 EXPECT_EQ(Status::Success(),
2861 test_iv, 2983 AesGcmDecrypt(key,
2862 test_additional_data, 2984 test_iv,
2863 test_tag_size_bits, 2985 test_additional_data,
2864 test_cipher_text, 2986 test_tag_size_bits,
2865 test_authentication_tag, 2987 test_cipher_text,
2866 &plain_text)); 2988 test_authentication_tag,
2989 &plain_text));
2867 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text)); 2990 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text));
2868 2991
2869 // Decryption should fail if any of the inputs are tampered with. 2992 // Decryption should fail if any of the inputs are tampered with.
2870 EXPECT_STATUS(Status::Error(), 2993 EXPECT_EQ(Status::OperationError(),
2871 AesGcmDecrypt(key, 2994 AesGcmDecrypt(key,
2872 Corrupted(test_iv), 2995 Corrupted(test_iv),
2873 test_additional_data, 2996 test_additional_data,
2874 test_tag_size_bits, 2997 test_tag_size_bits,
2875 test_cipher_text, 2998 test_cipher_text,
2876 test_authentication_tag, 2999 test_authentication_tag,
2877 &plain_text)); 3000 &plain_text));
2878 EXPECT_STATUS(Status::Error(), 3001 EXPECT_EQ(Status::OperationError(),
2879 AesGcmDecrypt(key, 3002 AesGcmDecrypt(key,
2880 test_iv, 3003 test_iv,
2881 Corrupted(test_additional_data), 3004 Corrupted(test_additional_data),
2882 test_tag_size_bits, 3005 test_tag_size_bits,
2883 test_cipher_text, 3006 test_cipher_text,
2884 test_authentication_tag, 3007 test_authentication_tag,
2885 &plain_text)); 3008 &plain_text));
2886 EXPECT_STATUS(Status::Error(), 3009 EXPECT_EQ(Status::OperationError(),
2887 AesGcmDecrypt(key, 3010 AesGcmDecrypt(key,
2888 test_iv, 3011 test_iv,
2889 test_additional_data, 3012 test_additional_data,
2890 test_tag_size_bits, 3013 test_tag_size_bits,
2891 Corrupted(test_cipher_text), 3014 Corrupted(test_cipher_text),
2892 test_authentication_tag, 3015 test_authentication_tag,
2893 &plain_text)); 3016 &plain_text));
2894 EXPECT_STATUS(Status::Error(), 3017 EXPECT_EQ(Status::OperationError(),
2895 AesGcmDecrypt(key, 3018 AesGcmDecrypt(key,
2896 test_iv, 3019 test_iv,
2897 test_additional_data, 3020 test_additional_data,
2898 test_tag_size_bits, 3021 test_tag_size_bits,
2899 test_cipher_text, 3022 test_cipher_text,
2900 Corrupted(test_authentication_tag), 3023 Corrupted(test_authentication_tag),
2901 &plain_text)); 3024 &plain_text));
2902 3025
2903 // Try different incorrect tag lengths 3026 // Try different incorrect tag lengths
2904 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255}; 3027 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255};
2905 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) { 3028 for (size_t tag_i = 0; tag_i < arraysize(kAlternateTagLengths); ++tag_i) {
2906 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i]; 3029 unsigned int wrong_tag_size_bits = kAlternateTagLengths[tag_i];
2907 if (test_tag_size_bits == wrong_tag_size_bits) 3030 if (test_tag_size_bits == wrong_tag_size_bits)
2908 continue; 3031 continue;
2909 EXPECT_STATUS_ERROR(AesGcmDecrypt(key, 3032 EXPECT_NE(Status::Success(),
2910 test_iv, 3033 AesGcmDecrypt(key,
2911 test_additional_data, 3034 test_iv,
2912 wrong_tag_size_bits, 3035 test_additional_data,
2913 test_cipher_text, 3036 wrong_tag_size_bits,
2914 test_authentication_tag, 3037 test_cipher_text,
2915 &plain_text)); 3038 test_authentication_tag,
3039 &plain_text));
2916 } 3040 }
2917 } 3041 }
2918 } 3042 }
2919 3043
2920 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { 3044 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) {
2921 scoped_ptr<base::Value> json; 3045 scoped_ptr<base::Value> json;
2922 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); 3046 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json));
2923 base::DictionaryValue* test = NULL; 3047 base::DictionaryValue* test = NULL;
2924 ASSERT_TRUE(json->GetAsDictionary(&test)); 3048 ASSERT_TRUE(json->GetAsDictionary(&test));
2925 const std::vector<uint8> rsa_spki_der = 3049 const std::vector<uint8> rsa_spki_der =
(...skipping 15 matching lines...) Expand all
2941 rsa_spki_der, 3065 rsa_spki_der,
2942 rsa_pkcs8_der, 3066 rsa_pkcs8_der,
2943 algorithm, 3067 algorithm,
2944 false, 3068 false,
2945 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3069 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
2946 &public_key, 3070 &public_key,
2947 &private_key); 3071 &private_key);
2948 3072
2949 // Import the symmetric key. 3073 // Import the symmetric key.
2950 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3074 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
2951 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3075 ASSERT_EQ(Status::Success(),
2952 CryptoData(cleartext), 3076 ImportKey(blink::WebCryptoKeyFormatRaw,
2953 key_algorithm, 3077 CryptoData(cleartext),
2954 true, 3078 key_algorithm,
2955 blink::WebCryptoKeyUsageSign, 3079 true,
2956 &key)); 3080 blink::WebCryptoKeyUsageSign,
3081 &key));
2957 3082
2958 // Wrap the symmetric key with raw format. 3083 // Wrap the symmetric key with raw format.
2959 blink::WebArrayBuffer wrapped_key; 3084 blink::WebArrayBuffer wrapped_key;
2960 ASSERT_STATUS_SUCCESS(WrapKey( 3085 ASSERT_EQ(Status::Success(),
2961 blink::WebCryptoKeyFormatRaw, public_key, key, algorithm, &wrapped_key)); 3086 WrapKey(blink::WebCryptoKeyFormatRaw,
3087 public_key,
3088 key,
3089 algorithm,
3090 &wrapped_key));
2962 3091
2963 // Unwrap the wrapped key. 3092 // Unwrap the wrapped key.
2964 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3093 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2965 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, 3094 ASSERT_EQ(Status::Success(),
2966 CryptoData(wrapped_key), 3095 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2967 private_key, 3096 CryptoData(wrapped_key),
2968 algorithm, 3097 private_key,
2969 key_algorithm, 3098 algorithm,
2970 true, 3099 key_algorithm,
2971 blink::WebCryptoKeyUsageSign, 3100 true,
2972 &unwrapped_key)); 3101 blink::WebCryptoKeyUsageSign,
3102 &unwrapped_key));
2973 EXPECT_FALSE(key.isNull()); 3103 EXPECT_FALSE(key.isNull());
2974 EXPECT_TRUE(key.handle()); 3104 EXPECT_TRUE(key.handle());
2975 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); 3105 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
2976 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); 3106 EXPECT_EQ(key_algorithm.id(), key.algorithm().id());
2977 EXPECT_EQ(true, key.extractable()); 3107 EXPECT_EQ(true, key.extractable());
2978 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); 3108 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
2979 3109
2980 // Export the new key and compare its raw bytes with the original known data. 3110 // Export the new key and compare its raw bytes with the original known data.
2981 blink::WebArrayBuffer raw_key; 3111 blink::WebArrayBuffer raw_key;
2982 EXPECT_STATUS_SUCCESS( 3112 EXPECT_EQ(Status::Success(),
2983 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3113 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2984 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); 3114 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
2985 3115
2986 // Unwrap the known wrapped key and compare to the known cleartext. 3116 // Unwrap the known wrapped key and compare to the known cleartext.
2987 ASSERT_STATUS_SUCCESS(UnwrapKey(blink::WebCryptoKeyFormatRaw, 3117 ASSERT_EQ(Status::Success(),
2988 CryptoData(ciphertext), 3118 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2989 private_key, 3119 CryptoData(ciphertext),
2990 algorithm, 3120 private_key,
2991 key_algorithm, 3121 algorithm,
2992 true, 3122 key_algorithm,
2993 blink::WebCryptoKeyUsageSign, 3123 true,
2994 &unwrapped_key)); 3124 blink::WebCryptoKeyUsageSign,
2995 EXPECT_STATUS_SUCCESS( 3125 &unwrapped_key));
2996 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3126 EXPECT_EQ(Status::Success(),
3127 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
2997 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); 3128 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key));
2998 } 3129 }
2999 3130
3000 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { 3131 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) {
3001 const std::vector<uint8> data(64, 0); 3132 const std::vector<uint8> data(64, 0);
3002 blink::WebCryptoAlgorithm key_algorithm = 3133 blink::WebCryptoAlgorithm key_algorithm =
3003 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 3134 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
3004 3135
3005 // Import the RSA key pair. 3136 // Import the RSA key pair.
3006 blink::WebCryptoAlgorithm wrapping_algorithm = 3137 blink::WebCryptoAlgorithm wrapping_algorithm =
3007 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3138 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3008 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 3139 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3009 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 3140 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3010 ImportRsaKeyPair( 3141 ImportRsaKeyPair(
3011 HexStringToBytes(kPublicKeySpkiDerHex), 3142 HexStringToBytes(kPublicKeySpkiDerHex),
3012 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3143 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3013 wrapping_algorithm, 3144 wrapping_algorithm,
3014 false, 3145 false,
3015 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3146 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
3016 &public_key, 3147 &public_key,
3017 &private_key); 3148 &private_key);
3018 3149
3019 // Import the symmetric key. 3150 // Import the symmetric key.
3020 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3151 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3021 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3152 ASSERT_EQ(Status::Success(),
3022 CryptoData(data), 3153 ImportKey(blink::WebCryptoKeyFormatRaw,
3023 key_algorithm, 3154 CryptoData(data),
3024 true, 3155 key_algorithm,
3025 blink::WebCryptoKeyUsageSign, 3156 true,
3026 &key)); 3157 blink::WebCryptoKeyUsageSign,
3158 &key));
3027 3159
3028 // Wrapping with a private key should fail. 3160 // Wrapping with a private key should fail.
3029 blink::WebArrayBuffer wrapped_key; 3161 blink::WebArrayBuffer wrapped_key;
3030 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 3162 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3031 WrapKey(blink::WebCryptoKeyFormatRaw, 3163 WrapKey(blink::WebCryptoKeyFormatRaw,
3032 private_key, 3164 private_key,
3033 key, 3165 key,
3034 wrapping_algorithm, 3166 wrapping_algorithm,
3035 &wrapped_key)); 3167 &wrapped_key));
3036 3168
3037 // Wrapping a key whose raw keying material is too large for the wrapping key 3169 // Wrapping a key whose raw keying material is too large for the wrapping key
3038 // should fail. 3170 // should fail.
3039 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet 3171 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet
3040 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a 3172 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a
3041 // big piece of data here that fails both of these criteria, so it can be used 3173 // big piece of data here that fails both of these criteria, so it can be used
3042 // for both wrap and unwrap negative tests below. 3174 // for both wrap and unwrap negative tests below.
3043 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0); 3175 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0);
3044 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); 3176 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull();
3045 ASSERT_STATUS_SUCCESS(ImportKey(blink::WebCryptoKeyFormatRaw, 3177 ASSERT_EQ(Status::Success(),
3046 CryptoData(big_data), 3178 ImportKey(blink::WebCryptoKeyFormatRaw,
3047 key_algorithm, 3179 CryptoData(big_data),
3048 true, 3180 key_algorithm,
3049 blink::WebCryptoKeyUsageSign, 3181 true,
3050 &big_key)); 3182 blink::WebCryptoKeyUsageSign,
3051 EXPECT_STATUS(Status::ErrorDataTooLarge(), 3183 &big_key));
3052 WrapKey(blink::WebCryptoKeyFormatRaw, 3184 EXPECT_EQ(Status::ErrorDataTooLarge(),
3053 public_key, 3185 WrapKey(blink::WebCryptoKeyFormatRaw,
3054 big_key, 3186 public_key,
3055 wrapping_algorithm, 3187 big_key,
3056 &wrapped_key)); 3188 wrapping_algorithm,
3189 &wrapped_key));
3057 3190
3058 // Unwrapping with a public key should fail. 3191 // Unwrapping with a public key should fail.
3059 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3192 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3060 EXPECT_STATUS(Status::ErrorUnexpectedKeyType(), 3193 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3061 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3194 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3062 CryptoData(data), 3195 CryptoData(data),
3063 public_key, 3196 public_key,
3064 wrapping_algorithm, 3197 wrapping_algorithm,
3065 key_algorithm, 3198 key_algorithm,
3066 true, 3199 true,
3067 blink::WebCryptoKeyUsageSign, 3200 blink::WebCryptoKeyUsageSign,
3068 &unwrapped_key)); 3201 &unwrapped_key));
3069 3202
3070 // Unwrapping empty data should fail. 3203 // Unwrapping empty data should fail.
3071 const std::vector<uint8> emtpy_data; 3204 const std::vector<uint8> emtpy_data;
3072 EXPECT_STATUS(Status::ErrorDataTooSmall(), 3205 EXPECT_EQ(Status::ErrorDataTooSmall(),
3073 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3206 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3074 CryptoData(emtpy_data), 3207 CryptoData(emtpy_data),
3075 private_key, 3208 private_key,
3076 wrapping_algorithm, 3209 wrapping_algorithm,
3077 key_algorithm, 3210 key_algorithm,
3078 true, 3211 true,
3079 blink::WebCryptoKeyUsageSign, 3212 blink::WebCryptoKeyUsageSign,
3080 &unwrapped_key)); 3213 &unwrapped_key));
3081 3214
3082 // Unwrapping data too large for the wrapping key should fail. 3215 // Unwrapping data too large for the wrapping key should fail.
3083 EXPECT_STATUS(Status::ErrorDataTooLarge(), 3216 EXPECT_EQ(Status::ErrorDataTooLarge(),
3084 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3217 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3085 CryptoData(big_data), 3218 CryptoData(big_data),
3086 private_key, 3219 private_key,
3087 wrapping_algorithm, 3220 wrapping_algorithm,
3088 key_algorithm, 3221 key_algorithm,
3089 true, 3222 true,
3090 blink::WebCryptoKeyUsageSign, 3223 blink::WebCryptoKeyUsageSign,
3091 &unwrapped_key)); 3224 &unwrapped_key));
3092 } 3225 }
3093 3226
3094 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyUnwrapKnownAnswer)) { 3227 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyUnwrapKnownAnswer)) {
3095 // The following data lists a known 128-bit AES-CBC key, then a JWK 3228 // The following data lists a known 128-bit AES-CBC key, then a JWK
3096 // representation of this key that was encrypted ("wrapped") using 3229 // representation of this key that was encrypted ("wrapped") using
3097 // RSAES-PKCS1-v1_5 and kPublicKeySpkiDerHex as the wrapping key. 3230 // RSAES-PKCS1-v1_5 and kPublicKeySpkiDerHex as the wrapping key.
3098 // For reference, the intermediate clear JWK is 3231 // For reference, the intermediate clear JWK is
3099 // {"alg":"A128CBC","ext":true,"k":<b64url>,"key_ops":["encrypt"],"kty":"oct"} 3232 // {"alg":"A128CBC","ext":true,"k":<b64url>,"key_ops":["encrypt"],"kty":"oct"}
3100 const std::vector<uint8> key_data = 3233 const std::vector<uint8> key_data =
3101 HexStringToBytes("8f56a26e7e8b77dca15ed54339724bf5"); 3234 HexStringToBytes("8f56a26e7e8b77dca15ed54339724bf5");
3102 const std::vector<uint8> wrapped_key_data = HexStringToBytes( 3235 const std::vector<uint8> wrapped_key_data = HexStringToBytes(
3103 "9debcabd9c731d6a779622dbef38635419c409b3077af67b3cf0601b2da7054f2ec26156" 3236 "9debcabd9c731d6a779622dbef38635419c409b3077af67b3cf0601b2da7054f2ec26156"
3104 "06bb764e4986f45dd09ce660432a7abbac48b5249924f12dea52275b6d67d8b8a2f63525" 3237 "06bb764e4986f45dd09ce660432a7abbac48b5249924f12dea52275b6d67d8b8a2f63525"
3105 "fbbf67d61244c1afa9e30857b87b7a48cdc0b3196dc1477738cbf9e42ea65d5e0edc3b05" 3238 "fbbf67d61244c1afa9e30857b87b7a48cdc0b3196dc1477738cbf9e42ea65d5e0edc3b05"
3106 "afafadc7d7400e26a51270d251040d51ce46cecc"); 3239 "afafadc7d7400e26a51270d251040d51ce46cecc");
3107 const blink::WebCryptoAlgorithm wrapping_algorithm = 3240 const blink::WebCryptoAlgorithm wrapping_algorithm =
3108 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3241 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3109 3242
3110 // Import the private wrapping key. 3243 // Import the private wrapping key.
3111 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3244 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3112 ASSERT_STATUS_SUCCESS(ImportKey( 3245 ASSERT_EQ(Status::Success(),
3113 blink::WebCryptoKeyFormatPkcs8, 3246 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3114 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3247 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3115 wrapping_algorithm, 3248 wrapping_algorithm,
3116 false, 3249 false,
3117 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageUnwrapKey, 3250 blink::WebCryptoKeyUsageDecrypt |
3118 &private_wrapping_key)); 3251 blink::WebCryptoKeyUsageUnwrapKey,
3252 &private_wrapping_key));
3119 3253
3120 // Unwrap the key. 3254 // Unwrap the key.
3121 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3255 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3122 EXPECT_STATUS_SUCCESS( 3256 EXPECT_EQ(Status::Success(),
3123 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3257 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3124 CryptoData(wrapped_key_data), 3258 CryptoData(wrapped_key_data),
3125 private_wrapping_key, 3259 private_wrapping_key,
3126 wrapping_algorithm, 3260 wrapping_algorithm,
3127 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 3261 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
3128 true, 3262 true,
3129 blink::WebCryptoKeyUsageEncrypt, 3263 blink::WebCryptoKeyUsageEncrypt,
3130 &unwrapped_key)); 3264 &unwrapped_key));
3131 EXPECT_FALSE(unwrapped_key.isNull()); 3265 EXPECT_FALSE(unwrapped_key.isNull());
3132 EXPECT_TRUE(unwrapped_key.handle()); 3266 EXPECT_TRUE(unwrapped_key.handle());
3133 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); 3267 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type());
3134 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id()); 3268 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id());
3135 EXPECT_EQ(true, unwrapped_key.extractable()); 3269 EXPECT_EQ(true, unwrapped_key.extractable());
3136 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages()); 3270 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages());
3137 3271
3138 // Export the unwrapped key and compare to the original. 3272 // Export the unwrapped key and compare to the original.
3139 blink::WebArrayBuffer raw_key; 3273 blink::WebArrayBuffer raw_key;
3140 EXPECT_STATUS_SUCCESS( 3274 EXPECT_EQ(Status::Success(),
3141 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); 3275 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));
3142 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); 3276 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key));
3143 } 3277 }
3144 3278
3145 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) { 3279 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) {
3146 // Generate the symkey to be wrapped (256-bit AES-CBC key). 3280 // Generate the symkey to be wrapped (256-bit AES-CBC key).
3147 const blink::WebCryptoAlgorithm gen_algorithm = 3281 const blink::WebCryptoAlgorithm gen_algorithm =
3148 CreateAesCbcKeyGenAlgorithm(256); 3282 CreateAesCbcKeyGenAlgorithm(256);
3149 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull(); 3283 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull();
3150 ASSERT_STATUS_SUCCESS(GenerateSecretKey( 3284 ASSERT_EQ(
3151 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); 3285 Status::Success(),
3286 GenerateSecretKey(
3287 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap));
3152 3288
3153 // Import the wrapping key pair. 3289 // Import the wrapping key pair.
3154 const blink::WebCryptoAlgorithm wrapping_algorithm = 3290 const blink::WebCryptoAlgorithm wrapping_algorithm =
3155 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3291 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3156 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); 3292 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull();
3157 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3293 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3158 ImportRsaKeyPair( 3294 ImportRsaKeyPair(
3159 HexStringToBytes(kPublicKeySpkiDerHex), 3295 HexStringToBytes(kPublicKeySpkiDerHex),
3160 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3296 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3161 wrapping_algorithm, 3297 wrapping_algorithm,
3162 false, 3298 false,
3163 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3299 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
3164 &public_wrapping_key, 3300 &public_wrapping_key,
3165 &private_wrapping_key); 3301 &private_wrapping_key);
3166 3302
3167 // Wrap the symkey in JWK format, using the public wrapping key. 3303 // Wrap the symkey in JWK format, using the public wrapping key.
3168 blink::WebArrayBuffer wrapped_data; 3304 blink::WebArrayBuffer wrapped_data;
3169 ASSERT_STATUS_SUCCESS(WrapKey(blink::WebCryptoKeyFormatJwk, 3305 ASSERT_EQ(Status::Success(),
3170 public_wrapping_key, 3306 WrapKey(blink::WebCryptoKeyFormatJwk,
3171 key_to_wrap, 3307 public_wrapping_key,
3172 wrapping_algorithm, 3308 key_to_wrap,
3173 &wrapped_data)); 3309 wrapping_algorithm,
3310 &wrapped_data));
3174 3311
3175 // Unwrap the key using the private wrapping key. 3312 // Unwrap the key using the private wrapping key.
3176 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3313 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3177 ASSERT_STATUS_SUCCESS( 3314 ASSERT_EQ(Status::Success(),
3178 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3315 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3179 CryptoData(wrapped_data), 3316 CryptoData(wrapped_data),
3180 private_wrapping_key, 3317 private_wrapping_key,
3181 wrapping_algorithm, 3318 wrapping_algorithm,
3182 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), 3319 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
3183 true, 3320 true,
3184 blink::WebCryptoKeyUsageEncrypt, 3321 blink::WebCryptoKeyUsageEncrypt,
3185 &unwrapped_key)); 3322 &unwrapped_key));
3186 3323
3187 // Export the original symkey and the unwrapped key and compare. 3324 // Export the original symkey and the unwrapped key and compare.
3188 blink::WebArrayBuffer raw_key1, raw_key2; 3325 blink::WebArrayBuffer raw_key1, raw_key2;
3189 EXPECT_STATUS_SUCCESS( 3326 EXPECT_EQ(Status::Success(),
3190 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1)); 3327 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1));
3191 EXPECT_STATUS_SUCCESS( 3328 EXPECT_EQ(Status::Success(),
3192 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2)); 3329 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2));
3193 EXPECT_TRUE(ArrayBuffersEqual(raw_key1, raw_key2)); 3330 EXPECT_TRUE(ArrayBuffersEqual(raw_key1, raw_key2));
3194 } 3331 }
3195 3332
3196 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) { 3333 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) {
3197 // Unwrap JWK-formatted data that can be successfully decrypted, but contains 3334 // Unwrap JWK-formatted data that can be successfully decrypted, but contains
3198 // an error in the plaintext JWK so it cannot be subsequently imported, and 3335 // an error in the plaintext JWK so it cannot be subsequently imported, and
3199 // ensure that a generic error is returned instead of some other more specific 3336 // ensure that a generic error is returned instead of some other more specific
3200 // error. This shows that information about the plaintext JWK inside the 3337 // error. This shows that information about the plaintext JWK inside the
3201 // encrypted data is not leaked. 3338 // encrypted data is not leaked.
3202 // Note that it is sufficient to consider just one JWK import failure mode 3339 // Note that it is sufficient to consider just one JWK import failure mode
3203 // here; others are validated in the ImportJwkFailures Test. The specific 3340 // here; others are validated in the ImportJwkFailures Test. The specific
3204 // error in the cleartext data below is kty = "foo", which is an invalid kty 3341 // error in the cleartext data below is kty = "foo", which is an invalid kty
3205 // value. 3342 // value.
3206 const std::string cleartext = 3343 const std::string cleartext =
3207 "{\"alg\":\"A128CBC\",\"ext\":true,\"k\":" 3344 "{\"alg\":\"A128CBC\",\"ext\":true,\"k\":"
3208 "\"j1aibn6Ld9yhXtVDOXJL9Q\",\"key_ops\":[\"encrypt\"],\"kty\":\"foo\"}"; 3345 "\"j1aibn6Ld9yhXtVDOXJL9Q\",\"key_ops\":[\"encrypt\"],\"kty\":\"foo\"}";
3209 // ciphertext is the cleartext above encrypted with kPublicKeySpkiDerHex, and 3346 // ciphertext is the cleartext above encrypted with kPublicKeySpkiDerHex, and
3210 // can be decrypted with kPrivateKeyPkcs8DerHex 3347 // can be decrypted with kPrivateKeyPkcs8DerHex
3211 const std::vector<uint8> ciphertext = HexStringToBytes( 3348 const std::vector<uint8> ciphertext = HexStringToBytes(
3212 "93bc7bb2ca8502fcf3224e19b12ba455ac32d01695611022c76d3dbdd797c044de047d44" 3349 "93bc7bb2ca8502fcf3224e19b12ba455ac32d01695611022c76d3dbdd797c044de047d44"
3213 "6c5ed5de5b8f79147ffe1df8da9c894b58881b238d39bd24cecd5c1a98a7c0b07354aee6" 3350 "6c5ed5de5b8f79147ffe1df8da9c894b58881b238d39bd24cecd5c1a98a7c0b07354aee6"
3214 "24791b2d549b7ecf1219c49513a1bcbb0fac5c6b59d350b564c44dc3678dadf84b4ea3d1" 3351 "24791b2d549b7ecf1219c49513a1bcbb0fac5c6b59d350b564c44dc3678dadf84b4ea3d1"
3215 "32e576e88f8d4a2d27c173e033a97bbda7e47bb9"); 3352 "32e576e88f8d4a2d27c173e033a97bbda7e47bb9");
3216 3353
3217 // Import the private decryption key. 3354 // Import the private decryption key.
3218 const blink::WebCryptoAlgorithm algorithm = 3355 const blink::WebCryptoAlgorithm algorithm =
3219 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3356 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3220 blink::WebCryptoKey private_decryption_key = 3357 blink::WebCryptoKey private_decryption_key =
3221 blink::WebCryptoKey::createNull(); 3358 blink::WebCryptoKey::createNull();
3222 ASSERT_STATUS_SUCCESS( 3359 ASSERT_EQ(Status::Success(),
3223 ImportKey(blink::WebCryptoKeyFormatPkcs8, 3360 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3224 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3361 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3225 algorithm, 3362 algorithm,
3226 false, 3363 false,
3227 blink::WebCryptoKeyUsageDecrypt, 3364 blink::WebCryptoKeyUsageDecrypt,
3228 &private_decryption_key)); 3365 &private_decryption_key));
3229 3366
3230 // Decrypt the ciphertext and validate the result, to prove that decryption is 3367 // Decrypt the ciphertext and validate the result, to prove that decryption is
3231 // successful. 3368 // successful.
3232 blink::WebArrayBuffer decrypted_data; 3369 blink::WebArrayBuffer decrypted_data;
3233 ASSERT_STATUS_SUCCESS(Decrypt(algorithm, 3370 ASSERT_EQ(Status::Success(),
3234 private_decryption_key, 3371 Decrypt(algorithm,
3235 CryptoData(ciphertext), 3372 private_decryption_key,
3236 &decrypted_data)); 3373 CryptoData(ciphertext),
3374 &decrypted_data));
3237 const std::string decrypted(static_cast<const char*>(decrypted_data.data()), 3375 const std::string decrypted(static_cast<const char*>(decrypted_data.data()),
3238 decrypted_data.byteLength()); 3376 decrypted_data.byteLength());
3239 EXPECT_EQ(cleartext, decrypted); 3377 EXPECT_EQ(cleartext, decrypted);
3240 3378
3241 // Import the private wrapping key. Note this is the same underlying keying 3379 // Import the private wrapping key. Note this is the same underlying keying
3242 // material used for private_decryption_key above. The only difference is that 3380 // material used for private_decryption_key above. The only difference is that
3243 // it has unwrap rather than decrypt usage. 3381 // it has unwrap rather than decrypt usage.
3244 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3382 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3245 ASSERT_STATUS_SUCCESS( 3383 ASSERT_EQ(Status::Success(),
3246 ImportKey(blink::WebCryptoKeyFormatPkcs8, 3384 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3247 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3385 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3248 algorithm, 3386 algorithm,
3249 false, 3387 false,
3250 blink::WebCryptoKeyUsageUnwrapKey, 3388 blink::WebCryptoKeyUsageUnwrapKey,
3251 &private_wrapping_key)); 3389 &private_wrapping_key));
3252 3390
3253 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a 3391 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a
3254 // generic error is received. 3392 // generic error is received.
3255 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3393 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3256 EXPECT_STATUS(Status::Error(), 3394 EXPECT_EQ(Status::OperationError(),
3257 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3395 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3258 CryptoData(ciphertext), 3396 CryptoData(ciphertext),
3259 private_wrapping_key, 3397 private_wrapping_key,
3260 algorithm, 3398 algorithm,
3261 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), 3399 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)),
3262 true, 3400 true,
3263 blink::WebCryptoKeyUsageEncrypt, 3401 blink::WebCryptoKeyUsageEncrypt,
3264 &unwrapped_key)); 3402 &unwrapped_key));
3265 } 3403 }
3266 3404
3267 } // namespace webcrypto 3405 } // namespace webcrypto
3268 3406
3269 } // namespace content 3407 } // namespace content
OLDNEW
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698