OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
18 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
19 #include "base/strings/string_util.h" | 19 #include "base/strings/string_util.h" |
20 #include "base/strings/stringprintf.h" | |
20 #include "content/child/webcrypto/crypto_data.h" | 21 #include "content/child/webcrypto/crypto_data.h" |
21 #include "content/child/webcrypto/status.h" | 22 #include "content/child/webcrypto/status.h" |
22 #include "content/child/webcrypto/webcrypto_util.h" | 23 #include "content/child/webcrypto/webcrypto_util.h" |
23 #include "content/public/common/content_paths.h" | 24 #include "content/public/common/content_paths.h" |
24 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
25 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 29 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 30 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
30 #include "third_party/re2/re2/re2.h" | 31 #include "third_party/re2/re2/re2.h" |
31 | 32 |
32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 33 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
33 // the tests: http://crbug.com/267888 | 34 // the tests: http://crbug.com/267888 |
34 #if defined(USE_OPENSSL) | 35 #if defined(USE_OPENSSL) |
35 #define MAYBE(test_name) DISABLED_##test_name | 36 #define MAYBE(test_name) DISABLED_##test_name |
36 #else | 37 #else |
37 #define MAYBE(test_name) test_name | 38 #define MAYBE(test_name) test_name |
38 #endif | 39 #endif |
39 | 40 |
40 // Helper macros to verify the value of a Status. | 41 // Helper macros to verify the value of a Status. |
41 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) | 42 #define EXPECT_STATUS_ERROR(code) EXPECT_FALSE((code).IsSuccess()) |
42 #define EXPECT_STATUS(expected, code) \ | 43 #define EXPECT_STATUS(expected, code) \ |
43 EXPECT_EQ(expected.ToString(), (code).ToString()) | 44 EXPECT_EQ(StatusToString(expected), StatusToString(code)) |
44 #define ASSERT_STATUS(expected, code) \ | 45 #define ASSERT_STATUS(expected, code) \ |
45 ASSERT_EQ(expected.ToString(), (code).ToString()) | 46 ASSERT_EQ(StatusToString(expected), StatusToString(code)) |
46 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) | 47 #define EXPECT_STATUS_SUCCESS(code) EXPECT_STATUS(Status::Success(), code) |
47 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) | 48 #define ASSERT_STATUS_SUCCESS(code) ASSERT_STATUS(Status::Success(), code) |
48 | 49 |
49 namespace content { | 50 namespace content { |
50 | 51 |
51 namespace webcrypto { | 52 namespace webcrypto { |
52 | 53 |
53 namespace { | 54 namespace { |
54 | 55 |
56 std::string StatusToString(const Status& status) { | |
57 if (status.IsSuccess()) | |
58 return "Success"; | |
59 return base::StringPrintf("error_type=%d: %s, error_details=", | |
60 status.error_type(), | |
61 status.error_details().c_str()); | |
62 } | |
Ryan Sleevi
2014/04/24 01:17:01
This isn't really idiomatic GTest to do this.
The
eroman
2014/04/24 02:34:37
I addressed this by changing the code to using EXP
| |
63 | |
55 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a | 64 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
56 // runtime dependency. Test it by trying to import a key. | 65 // runtime dependency. Test it by trying to import a key. |
57 // TODO(padolph): Consider caching the result of the import key test. | 66 // TODO(padolph): Consider caching the result of the import key test. |
58 bool SupportsAesGcm() { | 67 bool SupportsAesGcm() { |
59 std::vector<uint8> key_raw(16, 0); | 68 std::vector<uint8> key_raw(16, 0); |
60 | 69 |
61 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 70 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
62 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, | 71 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, |
63 CryptoData(key_raw), | 72 CryptoData(key_raw), |
64 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 73 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
(...skipping 407 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
472 blink::WebCryptoAlgorithm algorithm = | 481 blink::WebCryptoAlgorithm algorithm = |
473 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); | 482 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); |
474 | 483 |
475 blink::WebArrayBuffer output; | 484 blink::WebArrayBuffer output; |
476 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); | 485 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); |
477 if (status.IsError()) | 486 if (status.IsError()) |
478 return status; | 487 return status; |
479 | 488 |
480 if (output.byteLength() * 8 < tag_length_bits) { | 489 if (output.byteLength() * 8 < tag_length_bits) { |
481 EXPECT_TRUE(false); | 490 EXPECT_TRUE(false); |
482 return Status::Error(); | 491 return Status::OperationError(); |
483 } | 492 } |
484 | 493 |
485 // The encryption result is cipher text with authentication tag appended. | 494 // The encryption result is cipher text with authentication tag appended. |
486 cipher_text->assign(static_cast<uint8*>(output.data()), | 495 cipher_text->assign(static_cast<uint8*>(output.data()), |
487 static_cast<uint8*>(output.data()) + | 496 static_cast<uint8*>(output.data()) + |
488 (output.byteLength() - tag_length_bits / 8)); | 497 (output.byteLength() - tag_length_bits / 8)); |
489 authentication_tag->assign( | 498 authentication_tag->assign( |
490 static_cast<uint8*>(output.data()) + cipher_text->size(), | 499 static_cast<uint8*>(output.data()) + cipher_text->size(), |
491 static_cast<uint8*>(output.data()) + output.byteLength()); | 500 static_cast<uint8*>(output.data()) + output.byteLength()); |
492 | 501 |
(...skipping 182 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
675 } // namespace | 684 } // namespace |
676 | 685 |
677 TEST_F(SharedCryptoTest, CheckAesGcm) { | 686 TEST_F(SharedCryptoTest, CheckAesGcm) { |
678 if (!SupportsAesGcm()) { | 687 if (!SupportsAesGcm()) { |
679 LOG(WARNING) << "AES GCM not supported on this platform, so some tests " | 688 LOG(WARNING) << "AES GCM not supported on this platform, so some tests " |
680 "will be skipped. Consider upgrading local NSS libraries"; | 689 "will be skipped. Consider upgrading local NSS libraries"; |
681 return; | 690 return; |
682 } | 691 } |
683 } | 692 } |
684 | 693 |
685 TEST_F(SharedCryptoTest, StatusToString) { | 694 TEST_F(SharedCryptoTest, Status) { |
Ryan Sleevi
2014/04/24 01:17:01
It's not clear what you're trying to test by this
eroman
2014/04/24 02:34:37
The relevant distinction is to make sure that erro
| |
686 EXPECT_EQ("Success", Status::Success().ToString()); | 695 Status status = Status::Success(); |
687 EXPECT_EQ("", Status::Error().ToString()); | 696 |
688 EXPECT_EQ("The requested operation is unsupported", | 697 EXPECT_EQ(false, status.IsError()); |
689 Status::ErrorUnsupported().ToString()); | 698 EXPECT_EQ("", status.error_details()); |
699 | |
700 status = Status::OperationError(); | |
701 EXPECT_EQ(true, status.IsError()); | |
702 EXPECT_EQ("", status.error_details()); | |
703 EXPECT_EQ(blink::WebCryptoErrorTypeOperation, status.error_type()); | |
704 | |
705 status = Status::DataError(); | |
706 EXPECT_EQ(true, status.IsError()); | |
707 EXPECT_EQ("", status.error_details()); | |
708 EXPECT_EQ(blink::WebCryptoErrorTypeData, Status::DataError().error_type()); | |
709 | |
710 // Even though the error message is the same, these should not be considered | |
711 // the same by the tests. | |
Ryan Sleevi
2014/04/24 01:17:01
This doesn't make any sense. Is "error message" th
eroman
2014/04/24 02:34:37
error message, versus error type.
| |
712 EXPECT_NE(StatusToString(Status::DataError()), | |
713 StatusToString(Status::OperationError())); | |
714 | |
715 status = Status::ErrorUnsupported(); | |
716 EXPECT_EQ(true, status.IsError()); | |
717 EXPECT_EQ("The requested operation is unsupported", status.error_details()); | |
718 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type()); | |
719 | |
720 status = Status::ErrorJwkPropertyMissing("kty"); | |
721 EXPECT_EQ(true, status.IsError()); | |
690 EXPECT_EQ("The required JWK property \"kty\" was missing", | 722 EXPECT_EQ("The required JWK property \"kty\" was missing", |
691 Status::ErrorJwkPropertyMissing("kty").ToString()); | 723 status.error_details()); |
724 EXPECT_EQ(blink::WebCryptoErrorTypeData, Status::DataError().error_type()); | |
725 | |
726 status = Status::ErrorJwkPropertyWrongType("kty", "string"); | |
727 EXPECT_EQ(true, status.IsError()); | |
692 EXPECT_EQ("The JWK property \"kty\" must be a string", | 728 EXPECT_EQ("The JWK property \"kty\" must be a string", |
693 Status::ErrorJwkPropertyWrongType("kty", "string").ToString()); | 729 status.error_details()); |
730 EXPECT_EQ(blink::WebCryptoErrorTypeData, Status::DataError().error_type()); | |
731 | |
732 status = Status::ErrorJwkBase64Decode("n"); | |
733 EXPECT_EQ(true, status.IsError()); | |
694 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", | 734 EXPECT_EQ("The JWK property \"n\" could not be base64 decoded", |
695 Status::ErrorJwkBase64Decode("n").ToString()); | 735 status.error_details()); |
736 EXPECT_EQ(blink::WebCryptoErrorTypeData, Status::DataError().error_type()); | |
696 } | 737 } |
697 | 738 |
698 TEST_F(SharedCryptoTest, DigestSampleSets) { | 739 TEST_F(SharedCryptoTest, DigestSampleSets) { |
699 scoped_ptr<base::ListValue> tests; | 740 scoped_ptr<base::ListValue> tests; |
700 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); | 741 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); |
701 | 742 |
702 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 743 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
703 SCOPED_TRACE(test_index); | 744 SCOPED_TRACE(test_index); |
704 base::DictionaryValue* test; | 745 base::DictionaryValue* test; |
705 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 746 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
(...skipping 189 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
895 EXPECT_STATUS(Status::ErrorDataTooLarge(), | 936 EXPECT_STATUS(Status::ErrorDataTooLarge(), |
896 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); | 937 Decrypt(CreateAesCbcAlgorithm(iv), key, input, &output)); |
897 } | 938 } |
898 | 939 |
899 // Fail importing the key (too few bytes specified) | 940 // Fail importing the key (too few bytes specified) |
900 { | 941 { |
901 std::vector<uint8> key_raw(1); | 942 std::vector<uint8> key_raw(1); |
902 std::vector<uint8> iv(16); | 943 std::vector<uint8> iv(16); |
903 | 944 |
904 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 945 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
905 EXPECT_STATUS(Status::Error(), | 946 EXPECT_STATUS(Status::ErrorImportAesKeyLength(), |
906 ImportKey(blink::WebCryptoKeyFormatRaw, | 947 ImportKey(blink::WebCryptoKeyFormatRaw, |
907 CryptoData(key_raw), | 948 CryptoData(key_raw), |
908 CreateAesCbcAlgorithm(iv), | 949 CreateAesCbcAlgorithm(iv), |
909 true, | 950 true, |
910 blink::WebCryptoKeyUsageEncrypt, | 951 blink::WebCryptoKeyUsageEncrypt, |
911 &key)); | 952 &key)); |
912 } | 953 } |
913 | 954 |
914 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | 955 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
915 // keys). | 956 // keys). |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
965 CryptoData(test_cipher_text), | 1006 CryptoData(test_cipher_text), |
966 &output)); | 1007 &output)); |
967 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output)); | 1008 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output)); |
968 | 1009 |
969 const unsigned int kAesCbcBlockSize = 16; | 1010 const unsigned int kAesCbcBlockSize = 16; |
970 | 1011 |
971 // Decrypt with a padding error by stripping the last block. This also ends | 1012 // Decrypt with a padding error by stripping the last block. This also ends |
972 // up testing decryption over empty cipher text. | 1013 // up testing decryption over empty cipher text. |
973 if (test_cipher_text.size() >= kAesCbcBlockSize) { | 1014 if (test_cipher_text.size() >= kAesCbcBlockSize) { |
974 EXPECT_STATUS( | 1015 EXPECT_STATUS( |
975 Status::Error(), | 1016 Status::OperationError(), |
976 Decrypt(CreateAesCbcAlgorithm(test_iv), | 1017 Decrypt(CreateAesCbcAlgorithm(test_iv), |
977 key, | 1018 key, |
978 CryptoData(&test_cipher_text[0], | 1019 CryptoData(&test_cipher_text[0], |
979 test_cipher_text.size() - kAesCbcBlockSize), | 1020 test_cipher_text.size() - kAesCbcBlockSize), |
980 &output)); | 1021 &output)); |
981 } | 1022 } |
982 | 1023 |
983 // Decrypt cipher text which is not a multiple of block size by stripping | 1024 // Decrypt cipher text which is not a multiple of block size by stripping |
984 // a few bytes off the cipher text. | 1025 // a few bytes off the cipher text. |
985 if (test_cipher_text.size() > 3) { | 1026 if (test_cipher_text.size() > 3) { |
986 EXPECT_STATUS( | 1027 EXPECT_STATUS( |
987 Status::Error(), | 1028 Status::OperationError(), |
988 Decrypt(CreateAesCbcAlgorithm(test_iv), | 1029 Decrypt(CreateAesCbcAlgorithm(test_iv), |
989 key, | 1030 key, |
990 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3), | 1031 CryptoData(&test_cipher_text[0], test_cipher_text.size() - 3), |
991 &output)); | 1032 &output)); |
992 } | 1033 } |
993 } | 1034 } |
994 } | 1035 } |
995 | 1036 |
996 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { | 1037 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { |
997 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each | 1038 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each |
(...skipping 817 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1815 Status::ErrorImportEmptyKeyData(), | 1856 Status::ErrorImportEmptyKeyData(), |
1816 ImportKey(blink::WebCryptoKeyFormatSpki, | 1857 ImportKey(blink::WebCryptoKeyFormatSpki, |
1817 CryptoData(std::vector<uint8>()), | 1858 CryptoData(std::vector<uint8>()), |
1818 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1859 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1819 true, | 1860 true, |
1820 blink::WebCryptoKeyUsageEncrypt, | 1861 blink::WebCryptoKeyUsageEncrypt, |
1821 &key)); | 1862 &key)); |
1822 | 1863 |
1823 // Failing case: Bad DER encoding. | 1864 // Failing case: Bad DER encoding. |
1824 EXPECT_STATUS( | 1865 EXPECT_STATUS( |
1825 Status::Error(), | 1866 Status::DataError(), |
1826 ImportKey(blink::WebCryptoKeyFormatSpki, | 1867 ImportKey(blink::WebCryptoKeyFormatSpki, |
1827 CryptoData(HexStringToBytes("618333c4cb")), | 1868 CryptoData(HexStringToBytes("618333c4cb")), |
1828 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1869 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1829 true, | 1870 true, |
1830 blink::WebCryptoKeyUsageEncrypt, | 1871 blink::WebCryptoKeyUsageEncrypt, |
1831 &key)); | 1872 &key)); |
1832 | 1873 |
1833 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1874 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1834 EXPECT_STATUS(Status::Error(), | 1875 EXPECT_STATUS(Status::DataError(), |
1835 ImportKey(blink::WebCryptoKeyFormatSpki, | 1876 ImportKey(blink::WebCryptoKeyFormatSpki, |
1836 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1877 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1837 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1878 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1838 true, | 1879 true, |
1839 blink::WebCryptoKeyUsageEncrypt, | 1880 blink::WebCryptoKeyUsageEncrypt, |
1840 &key)); | 1881 &key)); |
1841 | 1882 |
1842 // Passing case: Export a previously imported RSA public key in SPKI format | 1883 // Passing case: Export a previously imported RSA public key in SPKI format |
1843 // and compare to original data. | 1884 // and compare to original data. |
1844 blink::WebArrayBuffer output; | 1885 blink::WebArrayBuffer output; |
(...skipping 53 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1898 CryptoData(std::vector<uint8>()), | 1939 CryptoData(std::vector<uint8>()), |
1899 CreateRsaHashedImportAlgorithm( | 1940 CreateRsaHashedImportAlgorithm( |
1900 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1941 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1901 blink::WebCryptoAlgorithmIdSha1), | 1942 blink::WebCryptoAlgorithmIdSha1), |
1902 true, | 1943 true, |
1903 blink::WebCryptoKeyUsageSign, | 1944 blink::WebCryptoKeyUsageSign, |
1904 &key)); | 1945 &key)); |
1905 | 1946 |
1906 // Failing case: Bad DER encoding. | 1947 // Failing case: Bad DER encoding. |
1907 EXPECT_STATUS( | 1948 EXPECT_STATUS( |
1908 Status::Error(), | 1949 Status::DataError(), |
1909 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1950 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
1910 CryptoData(HexStringToBytes("618333c4cb")), | 1951 CryptoData(HexStringToBytes("618333c4cb")), |
1911 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1952 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1912 true, | 1953 true, |
1913 blink::WebCryptoKeyUsageSign, | 1954 blink::WebCryptoKeyUsageSign, |
1914 &key)); | 1955 &key)); |
1915 | 1956 |
1916 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1957 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1917 EXPECT_STATUS(Status::Error(), | 1958 EXPECT_STATUS(Status::DataError(), |
1918 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 1959 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
1919 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 1960 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
1920 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1961 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1921 true, | 1962 true, |
1922 blink::WebCryptoKeyUsageSign, | 1963 blink::WebCryptoKeyUsageSign, |
1923 &key)); | 1964 &key)); |
1924 } | 1965 } |
1925 | 1966 |
1926 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { | 1967 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
1927 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 1968 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
(...skipping 294 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2222 // Fail encrypt with a private key. | 2263 // Fail encrypt with a private key. |
2223 blink::WebArrayBuffer encrypted_data; | 2264 blink::WebArrayBuffer encrypted_data; |
2224 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 2265 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
2225 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 2266 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
2226 EXPECT_STATUS( | 2267 EXPECT_STATUS( |
2227 Status::ErrorUnexpectedKeyType(), | 2268 Status::ErrorUnexpectedKeyType(), |
2228 Encrypt( | 2269 Encrypt( |
2229 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); | 2270 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); |
2230 | 2271 |
2231 // Fail encrypt with empty message. | 2272 // Fail encrypt with empty message. |
2232 EXPECT_STATUS(Status::Error(), | 2273 EXPECT_STATUS(Status::ErrorDataTooSmall(), |
2233 Encrypt(algorithm, | 2274 Encrypt(algorithm, |
2234 public_key, | 2275 public_key, |
2235 CryptoData(std::vector<uint8>()), | 2276 CryptoData(std::vector<uint8>()), |
2236 &encrypted_data)); | 2277 &encrypted_data)); |
2237 | 2278 |
2238 // Fail encrypt with message too large. RSAES can operate on messages up to | 2279 // Fail encrypt with message too large. RSAES can operate on messages up to |
2239 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 2280 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
2240 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; | 2281 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; |
2241 EXPECT_STATUS( | 2282 EXPECT_STATUS( |
2242 Status::ErrorDataTooLarge(), | 2283 Status::ErrorDataTooLarge(), |
(...skipping 13 matching lines...) Expand all Loading... | |
2256 Status::ErrorUnexpectedKeyType(), | 2297 Status::ErrorUnexpectedKeyType(), |
2257 Decrypt( | 2298 Decrypt( |
2258 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); | 2299 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); |
2259 | 2300 |
2260 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. | 2301 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. |
2261 std::vector<uint8> corrupted_data( | 2302 std::vector<uint8> corrupted_data( |
2262 static_cast<uint8*>(encrypted_data.data()), | 2303 static_cast<uint8*>(encrypted_data.data()), |
2263 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); | 2304 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); |
2264 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 2305 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
2265 EXPECT_STATUS( | 2306 EXPECT_STATUS( |
2266 Status::Error(), | 2307 Status::OperationError(), |
2267 Decrypt( | 2308 Decrypt( |
2268 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data)); | 2309 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data)); |
2269 | 2310 |
2270 // TODO(padolph): Are there other specific data corruption scenarios to | 2311 // TODO(padolph): Are there other specific data corruption scenarios to |
2271 // consider? | 2312 // consider? |
2272 | 2313 |
2273 // Do a successful decrypt with good data just for confirmation. | 2314 // Do a successful decrypt with good data just for confirmation. |
2274 EXPECT_STATUS_SUCCESS(Decrypt( | 2315 EXPECT_STATUS_SUCCESS(Decrypt( |
2275 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | 2316 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
2276 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 2317 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
(...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2500 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2541 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2501 algorithm, | 2542 algorithm, |
2502 true, | 2543 true, |
2503 blink::WebCryptoKeyUsageWrapKey, | 2544 blink::WebCryptoKeyUsageWrapKey, |
2504 &key)); | 2545 &key)); |
2505 EXPECT_STATUS_SUCCESS( | 2546 EXPECT_STATUS_SUCCESS( |
2506 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | 2547 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
2507 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2548 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); |
2508 | 2549 |
2509 // Fail import of 0 length key | 2550 // Fail import of 0 length key |
2510 EXPECT_STATUS(Status::Error(), | 2551 EXPECT_STATUS(Status::ErrorImportAesKeyLength(), |
2511 ImportKey(blink::WebCryptoKeyFormatRaw, | 2552 ImportKey(blink::WebCryptoKeyFormatRaw, |
2512 CryptoData(HexStringToBytes("")), | 2553 CryptoData(HexStringToBytes("")), |
2513 algorithm, | 2554 algorithm, |
2514 true, | 2555 true, |
2515 blink::WebCryptoKeyUsageWrapKey, | 2556 blink::WebCryptoKeyUsageWrapKey, |
2516 &key)); | 2557 &key)); |
2517 | 2558 |
2518 // Fail import of 124-bit KEK | 2559 // Fail import of 124-bit KEK |
2519 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; | 2560 key_raw_hex_in = "3e4566a2bdaa10cb68134fa66c15ddb"; |
2520 EXPECT_STATUS(Status::Error(), | 2561 EXPECT_STATUS(Status::ErrorImportAesKeyLength(), |
2521 ImportKey(blink::WebCryptoKeyFormatRaw, | 2562 ImportKey(blink::WebCryptoKeyFormatRaw, |
2522 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2563 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2523 algorithm, | 2564 algorithm, |
2524 true, | 2565 true, |
2525 blink::WebCryptoKeyUsageWrapKey, | 2566 blink::WebCryptoKeyUsageWrapKey, |
2526 &key)); | 2567 &key)); |
2527 | 2568 |
2528 // Fail import of 200-bit KEK | 2569 // Fail import of 200-bit KEK |
2529 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; | 2570 key_raw_hex_in = "0a1d88608a5ad9fec64f1ada269ebab4baa2feeb8d95638c0e"; |
2530 EXPECT_STATUS(Status::Error(), | 2571 EXPECT_STATUS(Status::ErrorImportAesKeyLength(), |
2531 ImportKey(blink::WebCryptoKeyFormatRaw, | 2572 ImportKey(blink::WebCryptoKeyFormatRaw, |
2532 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2573 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2533 algorithm, | 2574 algorithm, |
2534 true, | 2575 true, |
2535 blink::WebCryptoKeyUsageWrapKey, | 2576 blink::WebCryptoKeyUsageWrapKey, |
2536 &key)); | 2577 &key)); |
2537 | 2578 |
2538 // Fail import of 260-bit KEK | 2579 // Fail import of 260-bit KEK |
2539 key_raw_hex_in = | 2580 key_raw_hex_in = |
2540 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; | 2581 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
2541 EXPECT_STATUS(Status::Error(), | 2582 EXPECT_STATUS(Status::ErrorImportAesKeyLength(), |
2542 ImportKey(blink::WebCryptoKeyFormatRaw, | 2583 ImportKey(blink::WebCryptoKeyFormatRaw, |
2543 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2584 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2544 algorithm, | 2585 algorithm, |
2545 true, | 2586 true, |
2546 blink::WebCryptoKeyUsageWrapKey, | 2587 blink::WebCryptoKeyUsageWrapKey, |
2547 &key)); | 2588 &key)); |
2548 } | 2589 } |
2549 | 2590 |
2550 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { | 2591 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { |
2551 // This test exercises the code path common to all unwrap operations. | 2592 // This test exercises the code path common to all unwrap operations. |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2725 // Import the wrapping key. | 2766 // Import the wrapping key. |
2726 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | 2767 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
2727 test_kek, | 2768 test_kek, |
2728 wrapping_algorithm, | 2769 wrapping_algorithm, |
2729 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | 2770 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
2730 | 2771 |
2731 // Unwrap of a corrupted version of the known ciphertext should fail, due to | 2772 // Unwrap of a corrupted version of the known ciphertext should fail, due to |
2732 // AES-KW's built-in integrity check. | 2773 // AES-KW's built-in integrity check. |
2733 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 2774 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
2734 EXPECT_STATUS( | 2775 EXPECT_STATUS( |
2735 Status::Error(), | 2776 Status::OperationError(), |
2736 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 2777 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
2737 CryptoData(Corrupted(test_ciphertext)), | 2778 CryptoData(Corrupted(test_ciphertext)), |
2738 wrapping_key, | 2779 wrapping_key, |
2739 wrapping_algorithm, | 2780 wrapping_algorithm, |
2740 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2781 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2741 true, | 2782 true, |
2742 blink::WebCryptoKeyUsageEncrypt, | 2783 blink::WebCryptoKeyUsageEncrypt, |
2743 &unwrapped_key)); | 2784 &unwrapped_key)); |
2744 } | 2785 } |
2745 | 2786 |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
2860 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, | 2901 EXPECT_STATUS_SUCCESS(AesGcmDecrypt(key, |
2861 test_iv, | 2902 test_iv, |
2862 test_additional_data, | 2903 test_additional_data, |
2863 test_tag_size_bits, | 2904 test_tag_size_bits, |
2864 test_cipher_text, | 2905 test_cipher_text, |
2865 test_authentication_tag, | 2906 test_authentication_tag, |
2866 &plain_text)); | 2907 &plain_text)); |
2867 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text)); | 2908 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text)); |
2868 | 2909 |
2869 // Decryption should fail if any of the inputs are tampered with. | 2910 // Decryption should fail if any of the inputs are tampered with. |
2870 EXPECT_STATUS(Status::Error(), | 2911 EXPECT_STATUS(Status::OperationError(), |
2871 AesGcmDecrypt(key, | 2912 AesGcmDecrypt(key, |
2872 Corrupted(test_iv), | 2913 Corrupted(test_iv), |
2873 test_additional_data, | 2914 test_additional_data, |
2874 test_tag_size_bits, | 2915 test_tag_size_bits, |
2875 test_cipher_text, | 2916 test_cipher_text, |
2876 test_authentication_tag, | 2917 test_authentication_tag, |
2877 &plain_text)); | 2918 &plain_text)); |
2878 EXPECT_STATUS(Status::Error(), | 2919 EXPECT_STATUS(Status::OperationError(), |
2879 AesGcmDecrypt(key, | 2920 AesGcmDecrypt(key, |
2880 test_iv, | 2921 test_iv, |
2881 Corrupted(test_additional_data), | 2922 Corrupted(test_additional_data), |
2882 test_tag_size_bits, | 2923 test_tag_size_bits, |
2883 test_cipher_text, | 2924 test_cipher_text, |
2884 test_authentication_tag, | 2925 test_authentication_tag, |
2885 &plain_text)); | 2926 &plain_text)); |
2886 EXPECT_STATUS(Status::Error(), | 2927 EXPECT_STATUS(Status::OperationError(), |
2887 AesGcmDecrypt(key, | 2928 AesGcmDecrypt(key, |
2888 test_iv, | 2929 test_iv, |
2889 test_additional_data, | 2930 test_additional_data, |
2890 test_tag_size_bits, | 2931 test_tag_size_bits, |
2891 Corrupted(test_cipher_text), | 2932 Corrupted(test_cipher_text), |
2892 test_authentication_tag, | 2933 test_authentication_tag, |
2893 &plain_text)); | 2934 &plain_text)); |
2894 EXPECT_STATUS(Status::Error(), | 2935 EXPECT_STATUS(Status::OperationError(), |
2895 AesGcmDecrypt(key, | 2936 AesGcmDecrypt(key, |
2896 test_iv, | 2937 test_iv, |
2897 test_additional_data, | 2938 test_additional_data, |
2898 test_tag_size_bits, | 2939 test_tag_size_bits, |
2899 test_cipher_text, | 2940 test_cipher_text, |
2900 Corrupted(test_authentication_tag), | 2941 Corrupted(test_authentication_tag), |
2901 &plain_text)); | 2942 &plain_text)); |
2902 | 2943 |
2903 // Try different incorrect tag lengths | 2944 // Try different incorrect tag lengths |
2904 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255}; | 2945 uint8 kAlternateTagLengths[] = {0, 8, 96, 120, 128, 160, 255}; |
(...skipping 341 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
3246 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 3287 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
3247 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 3288 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
3248 algorithm, | 3289 algorithm, |
3249 false, | 3290 false, |
3250 blink::WebCryptoKeyUsageUnwrapKey, | 3291 blink::WebCryptoKeyUsageUnwrapKey, |
3251 &private_wrapping_key)); | 3292 &private_wrapping_key)); |
3252 | 3293 |
3253 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a | 3294 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a |
3254 // generic error is received. | 3295 // generic error is received. |
3255 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 3296 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
3256 EXPECT_STATUS(Status::Error(), | 3297 EXPECT_STATUS(Status::OperationError(), |
3257 UnwrapKey(blink::WebCryptoKeyFormatJwk, | 3298 UnwrapKey(blink::WebCryptoKeyFormatJwk, |
3258 CryptoData(ciphertext), | 3299 CryptoData(ciphertext), |
3259 private_wrapping_key, | 3300 private_wrapping_key, |
3260 algorithm, | 3301 algorithm, |
3261 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), | 3302 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), |
3262 true, | 3303 true, |
3263 blink::WebCryptoKeyUsageEncrypt, | 3304 blink::WebCryptoKeyUsageEncrypt, |
3264 &unwrapped_key)); | 3305 &unwrapped_key)); |
3265 } | 3306 } |
3266 | 3307 |
3267 } // namespace webcrypto | 3308 } // namespace webcrypto |
3268 | 3309 |
3269 } // namespace content | 3310 } // namespace content |
OLD | NEW |