OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
11 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
12 #include "base/file_util.h" | 12 #include "base/file_util.h" |
13 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
14 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
15 #include "base/logging.h" | 15 #include "base/logging.h" |
16 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
17 #include "base/path_service.h" | 17 #include "base/path_service.h" |
18 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
19 #include "base/strings/string_util.h" | 19 #include "base/strings/string_util.h" |
20 #include "base/strings/stringprintf.h" | 20 #include "base/strings/stringprintf.h" |
21 #include "content/child/webcrypto/crypto_data.h" | 21 #include "content/child/webcrypto/crypto_data.h" |
22 #include "content/child/webcrypto/status.h" | 22 #include "content/child/webcrypto/status.h" |
23 #include "content/child/webcrypto/webcrypto_util.h" | 23 #include "content/child/webcrypto/webcrypto_util.h" |
24 #include "content/public/common/content_paths.h" | 24 #include "content/public/common/content_paths.h" |
25 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
26 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | |
27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
28 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
29 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
30 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
31 #include "third_party/re2/re2/re2.h" | 30 #include "third_party/re2/re2/re2.h" |
32 | 31 |
33 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 32 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
34 // the tests: http://crbug.com/267888 | 33 // the tests: http://crbug.com/267888 |
35 #if defined(USE_OPENSSL) | 34 #if defined(USE_OPENSSL) |
36 #define MAYBE(test_name) DISABLED_##test_name | 35 #define MAYBE(test_name) DISABLED_##test_name |
37 #else | 36 #else |
38 #define MAYBE(test_name) test_name | 37 #define MAYBE(test_name) test_name |
39 #endif | 38 #endif |
40 | 39 |
| 40 #define EXPECT_BYTES_EQ(expected, actual) \ |
| 41 EXPECT_EQ(CryptoData(expected), CryptoData(actual)) |
| 42 |
| 43 #define EXPECT_BYTES_EQ_HEX(expected_hex, actual_bytes) \ |
| 44 EXPECT_BYTES_EQ(HexStringToBytes(expected_hex), actual_bytes) |
| 45 |
41 namespace content { | 46 namespace content { |
42 | 47 |
43 namespace webcrypto { | 48 namespace webcrypto { |
44 | 49 |
| 50 // These functions are used by GTEST to support EXPECT_EQ() for |
| 51 // webcrypto::Status and webcrypto::CryptoData |
| 52 |
45 void PrintTo(const Status& status, ::std::ostream* os) { | 53 void PrintTo(const Status& status, ::std::ostream* os) { |
46 if (status.IsSuccess()) | 54 if (status.IsSuccess()) |
47 *os << "Success"; | 55 *os << "Success"; |
48 else | 56 else |
49 *os << "Error type: " << status.error_type() | 57 *os << "Error type: " << status.error_type() |
50 << " Error details: " << status.error_details(); | 58 << " Error details: " << status.error_details(); |
51 } | 59 } |
52 | 60 |
53 bool operator==(const content::webcrypto::Status& a, | 61 bool operator==(const content::webcrypto::Status& a, |
54 const content::webcrypto::Status& b) { | 62 const content::webcrypto::Status& b) { |
55 if (a.IsSuccess() != b.IsSuccess()) | 63 if (a.IsSuccess() != b.IsSuccess()) |
56 return false; | 64 return false; |
57 if (a.IsSuccess()) | 65 if (a.IsSuccess()) |
58 return true; | 66 return true; |
59 return a.error_type() == b.error_type() && | 67 return a.error_type() == b.error_type() && |
60 a.error_details() == b.error_details(); | 68 a.error_details() == b.error_details(); |
61 } | 69 } |
62 | 70 |
63 bool operator!=(const content::webcrypto::Status& a, | 71 bool operator!=(const content::webcrypto::Status& a, |
64 const content::webcrypto::Status& b) { | 72 const content::webcrypto::Status& b) { |
65 return !(a == b); | 73 return !(a == b); |
66 } | 74 } |
67 | 75 |
| 76 void PrintTo(const CryptoData& data, ::std::ostream* os) { |
| 77 *os << "[" << base::HexEncode(data.bytes(), data.byte_length()) << "]"; |
| 78 } |
| 79 |
| 80 bool operator==(const content::webcrypto::CryptoData& a, |
| 81 const content::webcrypto::CryptoData& b) { |
| 82 return a.byte_length() == b.byte_length() && |
| 83 memcmp(a.bytes(), b.bytes(), a.byte_length()) == 0; |
| 84 } |
| 85 |
68 namespace { | 86 namespace { |
69 | 87 |
70 // ----------------------------------------------------------------------------- | 88 // ----------------------------------------------------------------------------- |
71 // TODO(eroman): Remove these helpers and convert all of the tests to using the | |
72 // std::vector<> flavor of functions directly. | |
73 // ----------------------------------------------------------------------------- | |
74 | 89 |
75 blink::WebArrayBuffer CreateArrayBuffer(const uint8* data, | |
76 unsigned int data_size) { | |
77 blink::WebArrayBuffer buffer = blink::WebArrayBuffer::create(data_size, 1); | |
78 DCHECK(!buffer.isNull()); | |
79 if (data_size) // data_size == 0 might mean the data pointer is invalid | |
80 memcpy(buffer.data(), data, data_size); | |
81 return buffer; | |
82 } | |
83 | |
84 void AssignWebArrayBuffer(const std::vector<uint8>& in, | |
85 blink::WebArrayBuffer* out) { | |
86 *out = CreateArrayBuffer(Uint8VectorStart(in), in.size()); | |
87 } | |
88 | |
89 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
90 const blink::WebCryptoKey& key, | |
91 const CryptoData& data, | |
92 blink::WebArrayBuffer* web_buffer) { | |
93 std::vector<uint8> buffer; | |
94 Status status = Encrypt(algorithm, key, data, &buffer); | |
95 AssignWebArrayBuffer(buffer, web_buffer); | |
96 return status; | |
97 } | |
98 | |
99 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
100 const blink::WebCryptoKey& key, | |
101 const CryptoData& data, | |
102 blink::WebArrayBuffer* web_buffer) { | |
103 std::vector<uint8> buffer; | |
104 Status status = Decrypt(algorithm, key, data, &buffer); | |
105 AssignWebArrayBuffer(buffer, web_buffer); | |
106 return status; | |
107 } | |
108 | |
109 Status Digest(const blink::WebCryptoAlgorithm& algorithm, | |
110 const CryptoData& data, | |
111 blink::WebArrayBuffer* web_buffer) { | |
112 std::vector<uint8> buffer; | |
113 Status status = Digest(algorithm, data, &buffer); | |
114 AssignWebArrayBuffer(buffer, web_buffer); | |
115 return status; | |
116 } | |
117 | |
118 Status ExportKey(blink::WebCryptoKeyFormat format, | |
119 const blink::WebCryptoKey& key, | |
120 blink::WebArrayBuffer* web_buffer) { | |
121 std::vector<uint8> buffer; | |
122 Status status = webcrypto::ExportKey(format, key, &buffer); | |
123 AssignWebArrayBuffer(buffer, web_buffer); | |
124 return status; | |
125 } | |
126 | |
127 Status Sign(const blink::WebCryptoAlgorithm& algorithm, | |
128 const blink::WebCryptoKey& key, | |
129 const CryptoData& data, | |
130 blink::WebArrayBuffer* web_buffer) { | |
131 std::vector<uint8> buffer; | |
132 | |
133 Status status = Sign(algorithm, key, data, &buffer); | |
134 AssignWebArrayBuffer(buffer, web_buffer); | |
135 return status; | |
136 } | |
137 | |
138 Status WrapKey(blink::WebCryptoKeyFormat format, | |
139 const blink::WebCryptoKey& wrapping_key, | |
140 const blink::WebCryptoKey& key_to_wrap, | |
141 const blink::WebCryptoAlgorithm& wrapping_algorithm, | |
142 blink::WebArrayBuffer* web_buffer) { | |
143 std::vector<uint8> buffer; | |
144 | |
145 Status status = webcrypto::WrapKey( | |
146 format, wrapping_key, key_to_wrap, wrapping_algorithm, &buffer); | |
147 AssignWebArrayBuffer(buffer, web_buffer); | |
148 return status; | |
149 } | |
150 | |
151 // ----------------------------------------------------------------------------- | |
152 | |
153 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a | 90 // TODO(eroman): For Linux builds using system NSS, AES-GCM support is a |
154 // runtime dependency. Test it by trying to import a key. | 91 // runtime dependency. Test it by trying to import a key. |
155 // TODO(padolph): Consider caching the result of the import key test. | 92 // TODO(padolph): Consider caching the result of the import key test. |
156 bool SupportsAesGcm() { | 93 bool SupportsAesGcm() { |
157 std::vector<uint8> key_raw(16, 0); | 94 std::vector<uint8> key_raw(16, 0); |
158 | 95 |
159 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 96 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
160 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, | 97 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, |
161 CryptoData(key_raw), | 98 CryptoData(key_raw), |
162 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 99 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
248 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 185 corrupted_data[corrupted_data.size() / 2] ^= 0x01; |
249 return corrupted_data; | 186 return corrupted_data; |
250 } | 187 } |
251 | 188 |
252 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 189 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
253 std::vector<uint8> bytes; | 190 std::vector<uint8> bytes; |
254 base::HexStringToBytes(hex, &bytes); | 191 base::HexStringToBytes(hex, &bytes); |
255 return bytes; | 192 return bytes; |
256 } | 193 } |
257 | 194 |
258 ::testing::AssertionResult ArrayBufferMatches( | |
259 const std::vector<uint8>& expected, | |
260 const blink::WebArrayBuffer& actual) { | |
261 if (base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()) == | |
262 base::HexEncode(actual.data(), actual.byteLength())) | |
263 return ::testing::AssertionSuccess(); | |
264 return ::testing::AssertionFailure(); | |
265 } | |
266 | |
267 void ExpectCryptoDataMatchesHex(const std::string& expected_hex, | |
268 const CryptoData& actual) { | |
269 EXPECT_STRCASEEQ( | |
270 expected_hex.c_str(), | |
271 base::HexEncode(actual.bytes(), actual.byte_length()).c_str()); | |
272 } | |
273 | |
274 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | |
275 const blink::WebArrayBuffer& array_buffer) { | |
276 ExpectCryptoDataMatchesHex(expected_hex, CryptoData(array_buffer)); | |
277 } | |
278 | |
279 void ExpectVectorMatches(const std::vector<uint8>& expected, | |
280 const std::vector<uint8>& actual) { | |
281 EXPECT_EQ( | |
282 base::HexEncode(webcrypto::Uint8VectorStart(expected), expected.size()), | |
283 base::HexEncode(webcrypto::Uint8VectorStart(actual), actual.size())); | |
284 } | |
285 | |
286 std::vector<uint8> MakeJsonVector(const std::string& json_string) { | 195 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
287 return std::vector<uint8>(json_string.begin(), json_string.end()); | 196 return std::vector<uint8>(json_string.begin(), json_string.end()); |
288 } | 197 } |
289 | 198 |
290 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { | 199 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
291 std::string json; | 200 std::string json; |
292 base::JSONWriter::Write(&dict, &json); | 201 base::JSONWriter::Write(&dict, &json); |
293 return MakeJsonVector(json); | 202 return MakeJsonVector(json); |
294 } | 203 } |
295 | 204 |
(...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
371 const char* property_name) { | 280 const char* property_name) { |
372 std::string algorithm_name; | 281 std::string algorithm_name; |
373 if (!dict->GetString(property_name, &algorithm_name)) { | 282 if (!dict->GetString(property_name, &algorithm_name)) { |
374 EXPECT_TRUE(false) << "Couldn't get string property: " << property_name; | 283 EXPECT_TRUE(false) << "Couldn't get string property: " << property_name; |
375 return blink::WebCryptoAlgorithm::createNull(); | 284 return blink::WebCryptoAlgorithm::createNull(); |
376 } | 285 } |
377 | 286 |
378 struct { | 287 struct { |
379 const char* name; | 288 const char* name; |
380 blink::WebCryptoAlgorithmId id; | 289 blink::WebCryptoAlgorithmId id; |
381 } kDigestNameToId[] = {{"sha-1", blink::WebCryptoAlgorithmIdSha1}, | 290 } kDigestNameToId[] = { |
382 {"sha-256", blink::WebCryptoAlgorithmIdSha256}, | 291 {"sha-1", blink::WebCryptoAlgorithmIdSha1}, |
383 {"sha-384", blink::WebCryptoAlgorithmIdSha384}, | 292 {"sha-256", blink::WebCryptoAlgorithmIdSha256}, |
384 {"sha-512", blink::WebCryptoAlgorithmIdSha512}, }; | 293 {"sha-384", blink::WebCryptoAlgorithmIdSha384}, |
| 294 {"sha-512", blink::WebCryptoAlgorithmIdSha512}, |
| 295 }; |
385 | 296 |
386 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { | 297 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kDigestNameToId); ++i) { |
387 if (kDigestNameToId[i].name == algorithm_name) | 298 if (kDigestNameToId[i].name == algorithm_name) |
388 return CreateAlgorithm(kDigestNameToId[i].id); | 299 return CreateAlgorithm(kDigestNameToId[i].id); |
389 } | 300 } |
390 | 301 |
391 return blink::WebCryptoAlgorithm::createNull(); | 302 return blink::WebCryptoAlgorithm::createNull(); |
392 } | 303 } |
393 | 304 |
394 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON | 305 // Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON |
(...skipping 16 matching lines...) Expand all Loading... |
411 dict->SetString("use", "enc"); | 322 dict->SetString("use", "enc"); |
412 dict->SetBoolean("ext", false); | 323 dict->SetBoolean("ext", false); |
413 dict->SetString( | 324 dict->SetString( |
414 "n", | 325 "n", |
415 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 326 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
416 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 327 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
417 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 328 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
418 dict->SetString("e", "AQAB"); | 329 dict->SetString("e", "AQAB"); |
419 } | 330 } |
420 | 331 |
421 // Determines if two ArrayBuffers have identical content. | 332 // Returns true if any of the vectors in the input list have identical content. |
422 bool ArrayBuffersEqual(const blink::WebArrayBuffer& a, | 333 // Dumb O(n^2) implementation but should be fast enough for the input sizes that |
423 const blink::WebArrayBuffer& b) { | 334 // are used. |
424 return a.byteLength() == b.byteLength() && | 335 bool CopiesExist(const std::vector<std::vector<uint8> >& bufs) { |
425 memcmp(a.data(), b.data(), a.byteLength()) == 0; | |
426 } | |
427 | |
428 // Given a vector of WebArrayBuffers, determines if there are any copies. | |
429 bool CopiesExist(std::vector<blink::WebArrayBuffer> bufs) { | |
430 for (size_t i = 0; i < bufs.size(); ++i) { | 336 for (size_t i = 0; i < bufs.size(); ++i) { |
431 for (size_t j = i + 1; j < bufs.size(); ++j) { | 337 for (size_t j = i + 1; j < bufs.size(); ++j) { |
432 if (ArrayBuffersEqual(bufs[i], bufs[j])) | 338 if (CryptoData(bufs[i]) == CryptoData(bufs[j])) |
433 return true; | 339 return true; |
434 } | 340 } |
435 } | 341 } |
436 return false; | 342 return false; |
437 } | 343 } |
438 | 344 |
439 blink::WebCryptoAlgorithm CreateAesKeyGenAlgorithm( | 345 blink::WebCryptoAlgorithm CreateAesKeyGenAlgorithm( |
440 blink::WebCryptoAlgorithmId aes_alg_id, | 346 blink::WebCryptoAlgorithmId aes_alg_id, |
441 unsigned short length) { | 347 unsigned short length) { |
442 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 348 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
(...skipping 123 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
566 const std::vector<uint8>& iv, | 472 const std::vector<uint8>& iv, |
567 const std::vector<uint8>& additional_data, | 473 const std::vector<uint8>& additional_data, |
568 unsigned int tag_length_bits, | 474 unsigned int tag_length_bits, |
569 const std::vector<uint8>& plain_text, | 475 const std::vector<uint8>& plain_text, |
570 std::vector<uint8>* cipher_text, | 476 std::vector<uint8>* cipher_text, |
571 std::vector<uint8>* authentication_tag) { | 477 std::vector<uint8>* authentication_tag) { |
572 EXPECT_TRUE(SupportsAesGcm()); | 478 EXPECT_TRUE(SupportsAesGcm()); |
573 blink::WebCryptoAlgorithm algorithm = | 479 blink::WebCryptoAlgorithm algorithm = |
574 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); | 480 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); |
575 | 481 |
576 blink::WebArrayBuffer output; | 482 std::vector<uint8> output; |
577 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); | 483 Status status = Encrypt(algorithm, key, CryptoData(plain_text), &output); |
578 if (status.IsError()) | 484 if (status.IsError()) |
579 return status; | 485 return status; |
580 | 486 |
581 if (output.byteLength() * 8 < tag_length_bits) { | 487 if ((tag_length_bits % 8) != 0) { |
582 EXPECT_TRUE(false); | 488 EXPECT_TRUE(false) << "Encrypt should have failed."; |
| 489 return Status::OperationError(); |
| 490 } |
| 491 |
| 492 size_t tag_length_bytes = tag_length_bits / 8; |
| 493 |
| 494 if (tag_length_bytes > output.size()) { |
| 495 EXPECT_TRUE(false) << "tag length is larger than output"; |
583 return Status::OperationError(); | 496 return Status::OperationError(); |
584 } | 497 } |
585 | 498 |
586 // The encryption result is cipher text with authentication tag appended. | 499 // The encryption result is cipher text with authentication tag appended. |
587 cipher_text->assign(static_cast<uint8*>(output.data()), | 500 cipher_text->assign(output.begin(), |
588 static_cast<uint8*>(output.data()) + | 501 output.begin() + (output.size() - tag_length_bytes)); |
589 (output.byteLength() - tag_length_bits / 8)); | 502 authentication_tag->assign(output.begin() + cipher_text->size(), |
590 authentication_tag->assign( | 503 output.end()); |
591 static_cast<uint8*>(output.data()) + cipher_text->size(), | |
592 static_cast<uint8*>(output.data()) + output.byteLength()); | |
593 | 504 |
594 return Status::Success(); | 505 return Status::Success(); |
595 } | 506 } |
596 | 507 |
597 Status AesGcmDecrypt(const blink::WebCryptoKey& key, | 508 Status AesGcmDecrypt(const blink::WebCryptoKey& key, |
598 const std::vector<uint8>& iv, | 509 const std::vector<uint8>& iv, |
599 const std::vector<uint8>& additional_data, | 510 const std::vector<uint8>& additional_data, |
600 unsigned int tag_length_bits, | 511 unsigned int tag_length_bits, |
601 const std::vector<uint8>& cipher_text, | 512 const std::vector<uint8>& cipher_text, |
602 const std::vector<uint8>& authentication_tag, | 513 const std::vector<uint8>& authentication_tag, |
603 blink::WebArrayBuffer* plain_text) { | 514 std::vector<uint8>* plain_text) { |
604 EXPECT_TRUE(SupportsAesGcm()); | 515 EXPECT_TRUE(SupportsAesGcm()); |
605 blink::WebCryptoAlgorithm algorithm = | 516 blink::WebCryptoAlgorithm algorithm = |
606 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); | 517 CreateAesGcmAlgorithm(iv, additional_data, tag_length_bits); |
607 | 518 |
608 // Join cipher text and authentication tag. | 519 // Join cipher text and authentication tag. |
609 std::vector<uint8> cipher_text_with_tag; | 520 std::vector<uint8> cipher_text_with_tag; |
610 cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size()); | 521 cipher_text_with_tag.reserve(cipher_text.size() + authentication_tag.size()); |
611 cipher_text_with_tag.insert( | 522 cipher_text_with_tag.insert( |
612 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); | 523 cipher_text_with_tag.end(), cipher_text.begin(), cipher_text.end()); |
613 cipher_text_with_tag.insert(cipher_text_with_tag.end(), | 524 cipher_text_with_tag.insert(cipher_text_with_tag.end(), |
(...skipping 21 matching lines...) Expand all Loading... |
635 bool extractable, | 546 bool extractable, |
636 blink::WebCryptoKeyUsageMask usage_mask, | 547 blink::WebCryptoKeyUsageMask usage_mask, |
637 blink::WebCryptoKey* key) { | 548 blink::WebCryptoKey* key) { |
638 return ImportKeyJwk(CryptoData(MakeJsonVector(dict)), | 549 return ImportKeyJwk(CryptoData(MakeJsonVector(dict)), |
639 algorithm, | 550 algorithm, |
640 extractable, | 551 extractable, |
641 usage_mask, | 552 usage_mask, |
642 key); | 553 key); |
643 } | 554 } |
644 | 555 |
645 // Parses an ArrayBuffer of JSON into a dictionary. | 556 // Parses a vector of JSON into a dictionary. |
646 scoped_ptr<base::DictionaryValue> GetJwkDictionary( | 557 scoped_ptr<base::DictionaryValue> GetJwkDictionary( |
647 const blink::WebArrayBuffer& json) { | 558 const std::vector<uint8>& json) { |
648 base::StringPiece json_string(reinterpret_cast<const char*>(json.data()), | 559 base::StringPiece json_string( |
649 json.byteLength()); | 560 reinterpret_cast<const char*>(Uint8VectorStart(json)), json.size()); |
650 base::Value* value = base::JSONReader::Read(json_string); | 561 base::Value* value = base::JSONReader::Read(json_string); |
651 EXPECT_TRUE(value); | 562 EXPECT_TRUE(value); |
652 base::DictionaryValue* dict_value = NULL; | 563 base::DictionaryValue* dict_value = NULL; |
653 value->GetAsDictionary(&dict_value); | 564 value->GetAsDictionary(&dict_value); |
654 return scoped_ptr<base::DictionaryValue>(dict_value); | 565 return scoped_ptr<base::DictionaryValue>(dict_value); |
655 } | 566 } |
656 | 567 |
657 // Verifies the input dictionary contains the expected values. Exact matches are | 568 // Verifies the input dictionary contains the expected values. Exact matches are |
658 // required on the fields examined. | 569 // required on the fields examined. |
659 ::testing::AssertionResult VerifyJwk( | 570 ::testing::AssertionResult VerifyJwk( |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
696 if (status.IsError()) | 607 if (status.IsError()) |
697 return ::testing::AssertionFailure() << "Failure extracting 'key_ops'"; | 608 return ::testing::AssertionFailure() << "Failure extracting 'key_ops'"; |
698 if (key_ops_mask != use_mask_expected) | 609 if (key_ops_mask != use_mask_expected) |
699 return ::testing::AssertionFailure() | 610 return ::testing::AssertionFailure() |
700 << "Expected 'key_ops' mask to be " << use_mask_expected | 611 << "Expected 'key_ops' mask to be " << use_mask_expected |
701 << " but found " << key_ops_mask << " (" << value_string << ")"; | 612 << " but found " << key_ops_mask << " (" << value_string << ")"; |
702 | 613 |
703 return ::testing::AssertionSuccess(); | 614 return ::testing::AssertionSuccess(); |
704 } | 615 } |
705 | 616 |
706 // Verifies that the JSON in the input ArrayBuffer contains the provided | 617 // Verifies that the JSON in the input vector contains the provided |
707 // expected values. Exact matches are required on the fields examined. | 618 // expected values. Exact matches are required on the fields examined. |
708 ::testing::AssertionResult VerifySecretJwk( | 619 ::testing::AssertionResult VerifySecretJwk( |
709 const blink::WebArrayBuffer& json, | 620 const std::vector<uint8>& json, |
710 const std::string& alg_expected, | 621 const std::string& alg_expected, |
711 const std::string& k_expected_hex, | 622 const std::string& k_expected_hex, |
712 blink::WebCryptoKeyUsageMask use_mask_expected) { | 623 blink::WebCryptoKeyUsageMask use_mask_expected) { |
713 scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json); | 624 scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json); |
714 if (!dict.get() || dict->empty()) | 625 if (!dict.get() || dict->empty()) |
715 return ::testing::AssertionFailure() << "JSON parsing failed"; | 626 return ::testing::AssertionFailure() << "JSON parsing failed"; |
716 | 627 |
717 // ---- k | 628 // ---- k |
718 std::string value_string; | 629 std::string value_string; |
719 if (!dict->GetString("k", &value_string)) | 630 if (!dict->GetString("k", &value_string)) |
720 return ::testing::AssertionFailure() << "Missing 'k'"; | 631 return ::testing::AssertionFailure() << "Missing 'k'"; |
721 std::string k_value; | 632 std::string k_value; |
722 if (!webcrypto::Base64DecodeUrlSafe(value_string, &k_value)) | 633 if (!webcrypto::Base64DecodeUrlSafe(value_string, &k_value)) |
723 return ::testing::AssertionFailure() << "Base64DecodeUrlSafe(k) failed"; | 634 return ::testing::AssertionFailure() << "Base64DecodeUrlSafe(k) failed"; |
724 if (!LowerCaseEqualsASCII(base::HexEncode(k_value.data(), k_value.size()), | 635 if (!LowerCaseEqualsASCII(base::HexEncode(k_value.data(), k_value.size()), |
725 k_expected_hex.c_str())) { | 636 k_expected_hex.c_str())) { |
726 return ::testing::AssertionFailure() << "Expected 'k' to be " | 637 return ::testing::AssertionFailure() << "Expected 'k' to be " |
727 << k_expected_hex | 638 << k_expected_hex |
728 << " but found something different"; | 639 << " but found something different"; |
729 } | 640 } |
730 | 641 |
731 return VerifyJwk(dict, "oct", alg_expected, use_mask_expected); | 642 return VerifyJwk(dict, "oct", alg_expected, use_mask_expected); |
732 } | 643 } |
733 | 644 |
734 // Verifies that the JSON in the input ArrayBuffer contains the provided | 645 // Verifies that the JSON in the input vector contains the provided |
735 // expected values. Exact matches are required on the fields examined. | 646 // expected values. Exact matches are required on the fields examined. |
736 ::testing::AssertionResult VerifyPublicJwk( | 647 ::testing::AssertionResult VerifyPublicJwk( |
737 const blink::WebArrayBuffer& json, | 648 const std::vector<uint8>& json, |
738 const std::string& alg_expected, | 649 const std::string& alg_expected, |
739 const std::string& n_expected_hex, | 650 const std::string& n_expected_hex, |
740 const std::string& e_expected_hex, | 651 const std::string& e_expected_hex, |
741 blink::WebCryptoKeyUsageMask use_mask_expected) { | 652 blink::WebCryptoKeyUsageMask use_mask_expected) { |
742 scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json); | 653 scoped_ptr<base::DictionaryValue> dict = GetJwkDictionary(json); |
743 if (!dict.get() || dict->empty()) | 654 if (!dict.get() || dict->empty()) |
744 return ::testing::AssertionFailure() << "JSON parsing failed"; | 655 return ::testing::AssertionFailure() << "JSON parsing failed"; |
745 | 656 |
746 // ---- n | 657 // ---- n |
747 std::string value_string; | 658 std::string value_string; |
(...skipping 94 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
842 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 753 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
843 SCOPED_TRACE(test_index); | 754 SCOPED_TRACE(test_index); |
844 base::DictionaryValue* test; | 755 base::DictionaryValue* test; |
845 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 756 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
846 | 757 |
847 blink::WebCryptoAlgorithm test_algorithm = | 758 blink::WebCryptoAlgorithm test_algorithm = |
848 GetDigestAlgorithm(test, "algorithm"); | 759 GetDigestAlgorithm(test, "algorithm"); |
849 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); | 760 std::vector<uint8> test_input = GetBytesFromHexString(test, "input"); |
850 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); | 761 std::vector<uint8> test_output = GetBytesFromHexString(test, "output"); |
851 | 762 |
852 blink::WebArrayBuffer output; | 763 std::vector<uint8> output; |
853 ASSERT_EQ(Status::Success(), | 764 ASSERT_EQ(Status::Success(), |
854 Digest(test_algorithm, CryptoData(test_input), &output)); | 765 Digest(test_algorithm, CryptoData(test_input), &output)); |
855 EXPECT_TRUE(ArrayBufferMatches(test_output, output)); | 766 EXPECT_BYTES_EQ(test_output, output); |
856 } | 767 } |
857 } | 768 } |
858 | 769 |
859 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) { | 770 TEST_F(SharedCryptoTest, DigestSampleSetsInChunks) { |
860 scoped_ptr<base::ListValue> tests; | 771 scoped_ptr<base::ListValue> tests; |
861 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); | 772 ASSERT_TRUE(ReadJsonTestFileToList("digest.json", &tests)); |
862 | 773 |
863 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 774 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
864 SCOPED_TRACE(test_index); | 775 SCOPED_TRACE(test_index); |
865 base::DictionaryValue* test; | 776 base::DictionaryValue* test; |
(...skipping 16 matching lines...) Expand all Loading... |
882 size_t chunk_index = 0; | 793 size_t chunk_index = 0; |
883 while (begin != test_input.end()) { | 794 while (begin != test_input.end()) { |
884 size_t chunk_length = std::min(kChunkSizeBytes, length - chunk_index); | 795 size_t chunk_length = std::min(kChunkSizeBytes, length - chunk_index); |
885 std::vector<uint8> chunk(begin, begin + chunk_length); | 796 std::vector<uint8> chunk(begin, begin + chunk_length); |
886 ASSERT_TRUE(chunk.size() > 0); | 797 ASSERT_TRUE(chunk.size() > 0); |
887 EXPECT_TRUE(digestor->consume(&chunk.front(), chunk.size())); | 798 EXPECT_TRUE(digestor->consume(&chunk.front(), chunk.size())); |
888 chunk_index = chunk_index + chunk_length; | 799 chunk_index = chunk_index + chunk_length; |
889 begin = begin + chunk_length; | 800 begin = begin + chunk_length; |
890 } | 801 } |
891 EXPECT_TRUE(digestor->finish(output, output_length)); | 802 EXPECT_TRUE(digestor->finish(output, output_length)); |
892 ExpectVectorMatches(test_output, | 803 EXPECT_BYTES_EQ(test_output, CryptoData(output, output_length)); |
893 std::vector<uint8>(output, output + output_length)); | |
894 } | 804 } |
895 } | 805 } |
896 | 806 |
897 TEST_F(SharedCryptoTest, HMACSampleSets) { | 807 TEST_F(SharedCryptoTest, HMACSampleSets) { |
898 scoped_ptr<base::ListValue> tests; | 808 scoped_ptr<base::ListValue> tests; |
899 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); | 809 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests)); |
900 // TODO(padolph): Missing known answer tests for HMAC SHA384, and SHA512. | 810 // TODO(padolph): Missing known answer tests for HMAC SHA384, and SHA512. |
901 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 811 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
902 SCOPED_TRACE(test_index); | 812 SCOPED_TRACE(test_index); |
903 base::DictionaryValue* test; | 813 base::DictionaryValue* test; |
(...skipping 13 matching lines...) Expand all Loading... |
917 | 827 |
918 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 828 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
919 test_key, | 829 test_key, |
920 importAlgorithm, | 830 importAlgorithm, |
921 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); | 831 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify); |
922 | 832 |
923 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id()); | 833 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id()); |
924 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits()); | 834 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits()); |
925 | 835 |
926 // Verify exported raw key is identical to the imported data | 836 // Verify exported raw key is identical to the imported data |
927 blink::WebArrayBuffer raw_key; | 837 std::vector<uint8> raw_key; |
928 EXPECT_EQ(Status::Success(), | 838 EXPECT_EQ(Status::Success(), |
929 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 839 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
930 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); | 840 EXPECT_BYTES_EQ(test_key, raw_key); |
931 | 841 |
932 blink::WebArrayBuffer output; | 842 std::vector<uint8> output; |
933 | 843 |
934 ASSERT_EQ(Status::Success(), | 844 ASSERT_EQ(Status::Success(), |
935 Sign(algorithm, key, CryptoData(test_message), &output)); | 845 Sign(algorithm, key, CryptoData(test_message), &output)); |
936 | 846 |
937 EXPECT_TRUE(ArrayBufferMatches(test_mac, output)); | 847 EXPECT_BYTES_EQ(test_mac, output); |
938 | 848 |
939 bool signature_match = false; | 849 bool signature_match = false; |
940 EXPECT_EQ(Status::Success(), | 850 EXPECT_EQ(Status::Success(), |
941 VerifySignature(algorithm, | 851 VerifySignature(algorithm, |
942 key, | 852 key, |
943 CryptoData(output), | 853 CryptoData(output), |
944 CryptoData(test_message), | 854 CryptoData(test_message), |
945 &signature_match)); | 855 &signature_match)); |
946 EXPECT_TRUE(signature_match); | 856 EXPECT_TRUE(signature_match); |
947 | 857 |
948 // Ensure truncated signature does not verify by passing one less byte. | 858 // Ensure truncated signature does not verify by passing one less byte. |
949 EXPECT_EQ(Status::Success(), | 859 EXPECT_EQ( |
950 VerifySignature( | 860 Status::Success(), |
951 algorithm, | 861 VerifySignature(algorithm, |
952 key, | 862 key, |
953 CryptoData(static_cast<const unsigned char*>(output.data()), | 863 CryptoData(Uint8VectorStart(output), output.size() - 1), |
954 output.byteLength() - 1), | 864 CryptoData(test_message), |
955 CryptoData(test_message), | 865 &signature_match)); |
956 &signature_match)); | |
957 EXPECT_FALSE(signature_match); | 866 EXPECT_FALSE(signature_match); |
958 | 867 |
959 // Ensure truncated signature does not verify by passing no bytes. | 868 // Ensure truncated signature does not verify by passing no bytes. |
960 EXPECT_EQ(Status::Success(), | 869 EXPECT_EQ(Status::Success(), |
961 VerifySignature(algorithm, | 870 VerifySignature(algorithm, |
962 key, | 871 key, |
963 CryptoData(), | 872 CryptoData(), |
964 CryptoData(test_message), | 873 CryptoData(test_message), |
965 &signature_match)); | 874 &signature_match)); |
966 EXPECT_FALSE(signature_match); | 875 EXPECT_FALSE(signature_match); |
(...skipping 12 matching lines...) Expand all Loading... |
979 } | 888 } |
980 | 889 |
981 TEST_F(SharedCryptoTest, AesCbcFailures) { | 890 TEST_F(SharedCryptoTest, AesCbcFailures) { |
982 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; | 891 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; |
983 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 892 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
984 HexStringToBytes(key_hex), | 893 HexStringToBytes(key_hex), |
985 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 894 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
986 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 895 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
987 | 896 |
988 // Verify exported raw key is identical to the imported data | 897 // Verify exported raw key is identical to the imported data |
989 blink::WebArrayBuffer raw_key; | 898 std::vector<uint8> raw_key; |
990 EXPECT_EQ(Status::Success(), | 899 EXPECT_EQ(Status::Success(), |
991 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 900 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
992 ExpectArrayBufferMatchesHex(key_hex, raw_key); | 901 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); |
993 | 902 |
994 blink::WebArrayBuffer output; | 903 std::vector<uint8> output; |
995 | 904 |
996 // Use an invalid |iv| (fewer than 16 bytes) | 905 // Use an invalid |iv| (fewer than 16 bytes) |
997 { | 906 { |
998 std::vector<uint8> input(32); | 907 std::vector<uint8> input(32); |
999 std::vector<uint8> iv; | 908 std::vector<uint8> iv; |
1000 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(), | 909 EXPECT_EQ(Status::ErrorIncorrectSizeAesCbcIv(), |
1001 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), | 910 Encrypt(webcrypto::CreateAesCbcAlgorithm(iv), |
1002 key, | 911 key, |
1003 CryptoData(input), | 912 CryptoData(input), |
1004 &output)); | 913 &output)); |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1081 GetBytesFromHexString(test, "cipher_text"); | 990 GetBytesFromHexString(test, "cipher_text"); |
1082 | 991 |
1083 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 992 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
1084 test_key, | 993 test_key, |
1085 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 994 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1086 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 995 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
1087 | 996 |
1088 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits()); | 997 EXPECT_EQ(test_key.size() * 8, key.algorithm().aesParams()->lengthBits()); |
1089 | 998 |
1090 // Verify exported raw key is identical to the imported data | 999 // Verify exported raw key is identical to the imported data |
1091 blink::WebArrayBuffer raw_key; | 1000 std::vector<uint8> raw_key; |
1092 EXPECT_EQ(Status::Success(), | 1001 EXPECT_EQ(Status::Success(), |
1093 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1002 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1094 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); | 1003 EXPECT_BYTES_EQ(test_key, raw_key); |
1095 | 1004 |
1096 blink::WebArrayBuffer output; | 1005 std::vector<uint8> output; |
1097 | 1006 |
1098 // Test encryption. | 1007 // Test encryption. |
1099 EXPECT_EQ(Status::Success(), | 1008 EXPECT_EQ(Status::Success(), |
1100 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), | 1009 Encrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), |
1101 key, | 1010 key, |
1102 CryptoData(test_plain_text), | 1011 CryptoData(test_plain_text), |
1103 &output)); | 1012 &output)); |
1104 EXPECT_TRUE(ArrayBufferMatches(test_cipher_text, output)); | 1013 EXPECT_BYTES_EQ(test_cipher_text, output); |
1105 | 1014 |
1106 // Test decryption. | 1015 // Test decryption. |
1107 EXPECT_EQ(Status::Success(), | 1016 EXPECT_EQ(Status::Success(), |
1108 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), | 1017 Decrypt(webcrypto::CreateAesCbcAlgorithm(test_iv), |
1109 key, | 1018 key, |
1110 CryptoData(test_cipher_text), | 1019 CryptoData(test_cipher_text), |
1111 &output)); | 1020 &output)); |
1112 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, output)); | 1021 EXPECT_BYTES_EQ(test_plain_text, output); |
1113 | 1022 |
1114 const unsigned int kAesCbcBlockSize = 16; | 1023 const unsigned int kAesCbcBlockSize = 16; |
1115 | 1024 |
1116 // Decrypt with a padding error by stripping the last block. This also ends | 1025 // Decrypt with a padding error by stripping the last block. This also ends |
1117 // up testing decryption over empty cipher text. | 1026 // up testing decryption over empty cipher text. |
1118 if (test_cipher_text.size() >= kAesCbcBlockSize) { | 1027 if (test_cipher_text.size() >= kAesCbcBlockSize) { |
1119 EXPECT_EQ(Status::OperationError(), | 1028 EXPECT_EQ(Status::OperationError(), |
1120 Decrypt(CreateAesCbcAlgorithm(test_iv), | 1029 Decrypt(CreateAesCbcAlgorithm(test_iv), |
1121 key, | 1030 key, |
1122 CryptoData(&test_cipher_text[0], | 1031 CryptoData(&test_cipher_text[0], |
(...skipping 19 matching lines...) Expand all Loading... |
1142 // allowed key length. | 1051 // allowed key length. |
1143 std::vector<blink::WebCryptoAlgorithm> algorithm; | 1052 std::vector<blink::WebCryptoAlgorithm> algorithm; |
1144 const unsigned short kKeyLength[] = {128, 192, 256}; | 1053 const unsigned short kKeyLength[] = {128, 192, 256}; |
1145 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { | 1054 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { |
1146 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); | 1055 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); |
1147 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); | 1056 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); |
1148 if (SupportsAesGcm()) | 1057 if (SupportsAesGcm()) |
1149 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); | 1058 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); |
1150 } | 1059 } |
1151 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1060 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1152 std::vector<blink::WebArrayBuffer> keys; | 1061 std::vector<std::vector<uint8> > keys; |
1153 blink::WebArrayBuffer key_bytes; | 1062 std::vector<uint8> key_bytes; |
1154 for (size_t i = 0; i < algorithm.size(); ++i) { | 1063 for (size_t i = 0; i < algorithm.size(); ++i) { |
1155 SCOPED_TRACE(i); | 1064 SCOPED_TRACE(i); |
1156 // Generate a small sample of keys. | 1065 // Generate a small sample of keys. |
1157 keys.clear(); | 1066 keys.clear(); |
1158 for (int j = 0; j < 16; ++j) { | 1067 for (int j = 0; j < 16; ++j) { |
1159 ASSERT_EQ(Status::Success(), | 1068 ASSERT_EQ(Status::Success(), |
1160 GenerateSecretKey(algorithm[i], true, 0, &key)); | 1069 GenerateSecretKey(algorithm[i], true, 0, &key)); |
1161 EXPECT_TRUE(key.handle()); | 1070 EXPECT_TRUE(key.handle()); |
1162 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1071 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1163 ASSERT_EQ(Status::Success(), | 1072 ASSERT_EQ(Status::Success(), |
1164 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | 1073 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); |
1165 EXPECT_EQ(key_bytes.byteLength() * 8, | 1074 EXPECT_EQ(key_bytes.size() * 8, |
1166 key.algorithm().aesParams()->lengthBits()); | 1075 key.algorithm().aesParams()->lengthBits()); |
1167 keys.push_back(key_bytes); | 1076 keys.push_back(key_bytes); |
1168 } | 1077 } |
1169 // Ensure all entries in the key sample set are unique. This is a simplistic | 1078 // Ensure all entries in the key sample set are unique. This is a simplistic |
1170 // estimate of whether the generated keys appear random. | 1079 // estimate of whether the generated keys appear random. |
1171 EXPECT_FALSE(CopiesExist(keys)); | 1080 EXPECT_FALSE(CopiesExist(keys)); |
1172 } | 1081 } |
1173 } | 1082 } |
1174 | 1083 |
1175 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { | 1084 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAesBadLength)) { |
(...skipping 10 matching lines...) Expand all Loading... |
1186 if (SupportsAesGcm()) { | 1095 if (SupportsAesGcm()) { |
1187 EXPECT_EQ(Status::ErrorGenerateKeyLength(), | 1096 EXPECT_EQ(Status::ErrorGenerateKeyLength(), |
1188 GenerateSecretKey( | 1097 GenerateSecretKey( |
1189 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); | 1098 CreateAesGcmKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
1190 } | 1099 } |
1191 } | 1100 } |
1192 } | 1101 } |
1193 | 1102 |
1194 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { | 1103 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmac)) { |
1195 // Generate a small sample of HMAC keys. | 1104 // Generate a small sample of HMAC keys. |
1196 std::vector<blink::WebArrayBuffer> keys; | 1105 std::vector<std::vector<uint8> > keys; |
1197 for (int i = 0; i < 16; ++i) { | 1106 for (int i = 0; i < 16; ++i) { |
1198 blink::WebArrayBuffer key_bytes; | 1107 std::vector<uint8> key_bytes; |
1199 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1108 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1200 blink::WebCryptoAlgorithm algorithm = | 1109 blink::WebCryptoAlgorithm algorithm = |
1201 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512); | 1110 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512); |
1202 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); | 1111 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); |
1203 EXPECT_FALSE(key.isNull()); | 1112 EXPECT_FALSE(key.isNull()); |
1204 EXPECT_TRUE(key.handle()); | 1113 EXPECT_TRUE(key.handle()); |
1205 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1114 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1206 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 1115 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
1207 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 1116 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
1208 key.algorithm().hmacParams()->hash().id()); | 1117 key.algorithm().hmacParams()->hash().id()); |
1209 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); | 1118 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); |
1210 | 1119 |
1211 blink::WebArrayBuffer raw_key; | 1120 std::vector<uint8> raw_key; |
1212 ASSERT_EQ(Status::Success(), | 1121 ASSERT_EQ(Status::Success(), |
1213 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1122 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1214 EXPECT_EQ(64U, raw_key.byteLength()); | 1123 EXPECT_EQ(64U, raw_key.size()); |
1215 keys.push_back(raw_key); | 1124 keys.push_back(raw_key); |
1216 } | 1125 } |
1217 // Ensure all entries in the key sample set are unique. This is a simplistic | 1126 // Ensure all entries in the key sample set are unique. This is a simplistic |
1218 // estimate of whether the generated keys appear random. | 1127 // estimate of whether the generated keys appear random. |
1219 EXPECT_FALSE(CopiesExist(keys)); | 1128 EXPECT_FALSE(CopiesExist(keys)); |
1220 } | 1129 } |
1221 | 1130 |
1222 // If the key length is not provided, then the block size is used. | 1131 // If the key length is not provided, then the block size is used. |
1223 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { | 1132 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyHmacNoLength)) { |
1224 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1133 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1225 blink::WebCryptoAlgorithm algorithm = | 1134 blink::WebCryptoAlgorithm algorithm = |
1226 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 1135 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
1227 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); | 1136 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); |
1228 EXPECT_TRUE(key.handle()); | 1137 EXPECT_TRUE(key.handle()); |
1229 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1138 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1230 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 1139 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
1231 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 1140 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
1232 key.algorithm().hmacParams()->hash().id()); | 1141 key.algorithm().hmacParams()->hash().id()); |
1233 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); | 1142 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits()); |
1234 blink::WebArrayBuffer raw_key; | 1143 std::vector<uint8> raw_key; |
1235 ASSERT_EQ(Status::Success(), | 1144 ASSERT_EQ(Status::Success(), |
1236 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1145 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1237 EXPECT_EQ(64U, raw_key.byteLength()); | 1146 EXPECT_EQ(64U, raw_key.size()); |
1238 | 1147 |
1239 // The block size for HMAC SHA-512 is larger. | 1148 // The block size for HMAC SHA-512 is larger. |
1240 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); | 1149 algorithm = CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0); |
1241 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); | 1150 ASSERT_EQ(Status::Success(), GenerateSecretKey(algorithm, true, 0, &key)); |
1242 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | 1151 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id()); |
1243 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, | 1152 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512, |
1244 key.algorithm().hmacParams()->hash().id()); | 1153 key.algorithm().hmacParams()->hash().id()); |
1245 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits()); | 1154 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits()); |
1246 ASSERT_EQ(Status::Success(), | 1155 ASSERT_EQ(Status::Success(), |
1247 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 1156 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
1248 EXPECT_EQ(128U, raw_key.byteLength()); | 1157 EXPECT_EQ(128U, raw_key.size()); |
1249 } | 1158 } |
1250 | 1159 |
1251 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) { | 1160 TEST_F(SharedCryptoTest, ImportJwkKeyUsage) { |
1252 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1161 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1253 base::DictionaryValue dict; | 1162 base::DictionaryValue dict; |
1254 dict.SetString("kty", "oct"); | 1163 dict.SetString("kty", "oct"); |
1255 dict.SetBoolean("ext", false); | 1164 dict.SetBoolean("ext", false); |
1256 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 1165 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
1257 const blink::WebCryptoAlgorithm aes_cbc_algorithm = | 1166 const blink::WebCryptoAlgorithm aes_cbc_algorithm = |
1258 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1167 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
(...skipping 320 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1579 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1488 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1580 ASSERT_EQ(Status::Success(), | 1489 ASSERT_EQ(Status::Success(), |
1581 ImportKey(blink::WebCryptoKeyFormatSpki, | 1490 ImportKey(blink::WebCryptoKeyFormatSpki, |
1582 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1491 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1583 test.algorithm, | 1492 test.algorithm, |
1584 true, | 1493 true, |
1585 test.usage, | 1494 test.usage, |
1586 &public_key)); | 1495 &public_key)); |
1587 | 1496 |
1588 // Export the public key as JWK and verify its contents | 1497 // Export the public key as JWK and verify its contents |
1589 blink::WebArrayBuffer jwk; | 1498 std::vector<uint8> jwk; |
1590 ASSERT_EQ(Status::Success(), | 1499 ASSERT_EQ(Status::Success(), |
1591 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk)); | 1500 ExportKey(blink::WebCryptoKeyFormatJwk, public_key, &jwk)); |
1592 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage)); | 1501 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage)); |
1593 | 1502 |
1594 // Import the JWK back in to create a new key | 1503 // Import the JWK back in to create a new key |
1595 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); | 1504 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); |
1596 EXPECT_EQ( | 1505 EXPECT_EQ( |
1597 Status::Success(), | 1506 Status::Success(), |
1598 ImportKeyJwk( | 1507 ImportKeyJwk( |
1599 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); | 1508 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); |
1600 EXPECT_TRUE(public_key2.handle()); | 1509 EXPECT_TRUE(public_key2.handle()); |
1601 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); | 1510 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); |
1602 EXPECT_EQ(true, public_key2.extractable()); | 1511 EXPECT_EQ(true, public_key2.extractable()); |
1603 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); | 1512 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); |
1604 | 1513 |
1605 // Export the new key as spki and compare to the original. | 1514 // Export the new key as spki and compare to the original. |
1606 blink::WebArrayBuffer spki; | 1515 std::vector<uint8> spki; |
1607 ASSERT_EQ(Status::Success(), | 1516 ASSERT_EQ(Status::Success(), |
1608 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); | 1517 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); |
1609 ExpectCryptoDataMatchesHex(kPublicKeySpkiDerHex, CryptoData(spki)); | 1518 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); |
1610 } | 1519 } |
1611 } | 1520 } |
1612 | 1521 |
1613 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { | 1522 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
1614 base::DictionaryValue dict; | 1523 base::DictionaryValue dict; |
1615 RestoreJwkRsaDictionary(&dict); | 1524 RestoreJwkRsaDictionary(&dict); |
1616 blink::WebCryptoAlgorithm algorithm = | 1525 blink::WebCryptoAlgorithm algorithm = |
1617 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1526 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1618 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1527 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1619 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1528 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
(...skipping 191 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1811 | 1720 |
1812 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 1721 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
1813 key.algorithm().hmacParams()->hash().id()); | 1722 key.algorithm().hmacParams()->hash().id()); |
1814 | 1723 |
1815 const std::vector<uint8> message_raw = HexStringToBytes( | 1724 const std::vector<uint8> message_raw = HexStringToBytes( |
1816 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | 1725 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
1817 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | 1726 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
1818 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | 1727 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
1819 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | 1728 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
1820 | 1729 |
1821 blink::WebArrayBuffer output; | 1730 std::vector<uint8> output; |
1822 | 1731 |
1823 ASSERT_EQ(Status::Success(), | 1732 ASSERT_EQ(Status::Success(), |
1824 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), | 1733 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), |
1825 key, | 1734 key, |
1826 CryptoData(message_raw), | 1735 CryptoData(message_raw), |
1827 &output)); | 1736 &output)); |
1828 | 1737 |
1829 const std::string mac_raw = | 1738 const std::string mac_raw = |
1830 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1739 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1831 | 1740 |
1832 ExpectArrayBufferMatchesHex(mac_raw, output); | 1741 EXPECT_BYTES_EQ_HEX(mac_raw, output); |
1833 | 1742 |
1834 // TODO(padolph): Import an RSA public key JWK and use it | 1743 // TODO(padolph): Import an RSA public key JWK and use it |
1835 } | 1744 } |
1836 | 1745 |
1837 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) { | 1746 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) { |
1838 // Raw keys are generated by openssl: | 1747 // Raw keys are generated by openssl: |
1839 // % openssl rand -hex <key length bytes> | 1748 // % openssl rand -hex <key length bytes> |
1840 const char* const key_hex_128 = "3f1e7cd4f6f8543f6b1e16002e688623"; | 1749 const char* const key_hex_128 = "3f1e7cd4f6f8543f6b1e16002e688623"; |
1841 const char* const key_hex_192 = | 1750 const char* const key_hex_192 = |
1842 "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243"; | 1751 "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243"; |
(...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1912 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | 1821 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | |
1913 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 1822 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
1914 "A256CBC"}, | 1823 "A256CBC"}, |
1915 // Zero usage value | 1824 // Zero usage value |
1916 {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, | 1825 {key_hex_512, hmac_sha_512_alg, 0, "HS512"}, |
1917 }; | 1826 }; |
1918 | 1827 |
1919 // Round-trip import/export each key. | 1828 // Round-trip import/export each key. |
1920 | 1829 |
1921 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1830 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1922 blink::WebArrayBuffer json; | 1831 std::vector<uint8> json; |
1923 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | 1832 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); |
1924 ++test_index) { | 1833 ++test_index) { |
1925 SCOPED_TRACE(test_index); | 1834 SCOPED_TRACE(test_index); |
1926 const TestCase& test = kTests[test_index]; | 1835 const TestCase& test = kTests[test_index]; |
1927 | 1836 |
1928 // Skip AES-GCM tests where not supported. | 1837 // Skip AES-GCM tests where not supported. |
1929 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm && | 1838 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm && |
1930 !SupportsAesGcm()) { | 1839 !SupportsAesGcm()) { |
1931 continue; | 1840 continue; |
1932 } | 1841 } |
(...skipping 11 matching lines...) Expand all Loading... |
1944 ASSERT_EQ( | 1853 ASSERT_EQ( |
1945 Status::Success(), | 1854 Status::Success(), |
1946 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key)); | 1855 ImportKeyJwk(CryptoData(json), test.algorithm, true, test.usage, &key)); |
1947 EXPECT_TRUE(key.handle()); | 1856 EXPECT_TRUE(key.handle()); |
1948 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1857 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1949 EXPECT_EQ(test.algorithm.id(), key.algorithm().id()); | 1858 EXPECT_EQ(test.algorithm.id(), key.algorithm().id()); |
1950 EXPECT_EQ(true, key.extractable()); | 1859 EXPECT_EQ(true, key.extractable()); |
1951 EXPECT_EQ(test.usage, key.usages()); | 1860 EXPECT_EQ(test.usage, key.usages()); |
1952 | 1861 |
1953 // Export the key in raw format and compare to the original. | 1862 // Export the key in raw format and compare to the original. |
1954 blink::WebArrayBuffer key_raw_out; | 1863 std::vector<uint8> key_raw_out; |
1955 ASSERT_EQ(Status::Success(), | 1864 ASSERT_EQ(Status::Success(), |
1956 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | 1865 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
1957 ExpectArrayBufferMatchesHex(test.key_hex, key_raw_out); | 1866 EXPECT_BYTES_EQ_HEX(test.key_hex, key_raw_out); |
1958 } | 1867 } |
1959 } | 1868 } |
1960 | 1869 |
1961 TEST_F(SharedCryptoTest, MAYBE(ExportJwkEmptySymmetricKey)) { | 1870 TEST_F(SharedCryptoTest, MAYBE(ExportJwkEmptySymmetricKey)) { |
1962 const blink::WebCryptoAlgorithm import_algorithm = | 1871 const blink::WebCryptoAlgorithm import_algorithm = |
1963 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1); | 1872 webcrypto::CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1); |
1964 | 1873 |
1965 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign; | 1874 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign; |
1966 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1875 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1967 | 1876 |
1968 // Import a zero-byte HMAC key. | 1877 // Import a zero-byte HMAC key. |
1969 const char key_data_hex[] = ""; | 1878 const char key_data_hex[] = ""; |
1970 key = ImportSecretKeyFromRaw( | 1879 key = ImportSecretKeyFromRaw( |
1971 HexStringToBytes(key_data_hex), import_algorithm, usages); | 1880 HexStringToBytes(key_data_hex), import_algorithm, usages); |
1972 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); | 1881 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); |
1973 | 1882 |
1974 // Export the key in JWK format and validate. | 1883 // Export the key in JWK format and validate. |
1975 blink::WebArrayBuffer json; | 1884 std::vector<uint8> json; |
1976 ASSERT_EQ(Status::Success(), | 1885 ASSERT_EQ(Status::Success(), |
1977 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json)); | 1886 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json)); |
1978 EXPECT_TRUE(VerifySecretJwk(json, "HS1", key_data_hex, usages)); | 1887 EXPECT_TRUE(VerifySecretJwk(json, "HS1", key_data_hex, usages)); |
1979 | 1888 |
1980 // Now try re-importing the JWK key. | 1889 // Now try re-importing the JWK key. |
1981 key = blink::WebCryptoKey::createNull(); | 1890 key = blink::WebCryptoKey::createNull(); |
1982 EXPECT_EQ(Status::Success(), | 1891 EXPECT_EQ(Status::Success(), |
1983 ImportKey(blink::WebCryptoKeyFormatJwk, | 1892 ImportKey(blink::WebCryptoKeyFormatJwk, |
1984 CryptoData(json), | 1893 CryptoData(json), |
1985 import_algorithm, | 1894 import_algorithm, |
1986 true, | 1895 true, |
1987 usages, | 1896 usages, |
1988 &key)); | 1897 &key)); |
1989 | 1898 |
1990 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 1899 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
1991 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); | 1900 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); |
1992 | 1901 |
1993 blink::WebArrayBuffer exported_key_data; | 1902 std::vector<uint8> exported_key_data; |
1994 EXPECT_EQ(Status::Success(), | 1903 EXPECT_EQ(Status::Success(), |
1995 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); | 1904 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); |
1996 | 1905 |
1997 EXPECT_EQ(0u, exported_key_data.byteLength()); | 1906 EXPECT_EQ(0u, exported_key_data.size()); |
1998 } | 1907 } |
1999 | 1908 |
2000 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1909 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
2001 // Passing case: Import a valid RSA key in SPKI format. | 1910 // Passing case: Import a valid RSA key in SPKI format. |
2002 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1911 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
2003 ASSERT_EQ( | 1912 ASSERT_EQ( |
2004 Status::Success(), | 1913 Status::Success(), |
2005 ImportKey(blink::WebCryptoKeyFormatSpki, | 1914 ImportKey(blink::WebCryptoKeyFormatSpki, |
2006 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1915 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
2007 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1916 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
2008 true, | 1917 true, |
2009 blink::WebCryptoKeyUsageEncrypt, | 1918 blink::WebCryptoKeyUsageEncrypt, |
2010 &key)); | 1919 &key)); |
2011 EXPECT_TRUE(key.handle()); | 1920 EXPECT_TRUE(key.handle()); |
2012 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1921 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
2013 EXPECT_TRUE(key.extractable()); | 1922 EXPECT_TRUE(key.extractable()); |
2014 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1923 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
2015 EXPECT_EQ(kModulusLengthBits, | 1924 EXPECT_EQ(kModulusLengthBits, |
2016 key.algorithm().rsaParams()->modulusLengthBits()); | 1925 key.algorithm().rsaParams()->modulusLengthBits()); |
2017 ExpectCryptoDataMatchesHex( | 1926 EXPECT_BYTES_EQ_HEX( |
2018 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | 1927 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); |
2019 | 1928 |
2020 // Failing case: Empty SPKI data | 1929 // Failing case: Empty SPKI data |
2021 EXPECT_EQ( | 1930 EXPECT_EQ( |
2022 Status::ErrorImportEmptyKeyData(), | 1931 Status::ErrorImportEmptyKeyData(), |
2023 ImportKey(blink::WebCryptoKeyFormatSpki, | 1932 ImportKey(blink::WebCryptoKeyFormatSpki, |
2024 CryptoData(std::vector<uint8>()), | 1933 CryptoData(std::vector<uint8>()), |
2025 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1934 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
2026 true, | 1935 true, |
2027 blink::WebCryptoKeyUsageEncrypt, | 1936 blink::WebCryptoKeyUsageEncrypt, |
(...skipping 13 matching lines...) Expand all Loading... |
2041 EXPECT_EQ(Status::DataError(), | 1950 EXPECT_EQ(Status::DataError(), |
2042 ImportKey(blink::WebCryptoKeyFormatSpki, | 1951 ImportKey(blink::WebCryptoKeyFormatSpki, |
2043 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1952 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
2044 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1953 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2045 true, | 1954 true, |
2046 blink::WebCryptoKeyUsageEncrypt, | 1955 blink::WebCryptoKeyUsageEncrypt, |
2047 &key)); | 1956 &key)); |
2048 | 1957 |
2049 // Passing case: Export a previously imported RSA public key in SPKI format | 1958 // Passing case: Export a previously imported RSA public key in SPKI format |
2050 // and compare to original data. | 1959 // and compare to original data. |
2051 blink::WebArrayBuffer output; | 1960 std::vector<uint8> output; |
2052 ASSERT_EQ(Status::Success(), | 1961 ASSERT_EQ(Status::Success(), |
2053 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 1962 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
2054 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); | 1963 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output); |
2055 | 1964 |
2056 // Failing case: Try to export a previously imported RSA public key in raw | 1965 // Failing case: Try to export a previously imported RSA public key in raw |
2057 // format (not allowed for a public key). | 1966 // format (not allowed for a public key). |
2058 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 1967 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2059 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); | 1968 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
2060 | 1969 |
2061 // Failing case: Try to export a non-extractable key | 1970 // Failing case: Try to export a non-extractable key |
2062 ASSERT_EQ( | 1971 ASSERT_EQ( |
2063 Status::Success(), | 1972 Status::Success(), |
2064 ImportKey(blink::WebCryptoKeyFormatSpki, | 1973 ImportKey(blink::WebCryptoKeyFormatSpki, |
(...skipping 21 matching lines...) Expand all Loading... |
2086 blink::WebCryptoKeyUsageSign, | 1995 blink::WebCryptoKeyUsageSign, |
2087 &key)); | 1996 &key)); |
2088 EXPECT_TRUE(key.handle()); | 1997 EXPECT_TRUE(key.handle()); |
2089 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1998 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
2090 EXPECT_TRUE(key.extractable()); | 1999 EXPECT_TRUE(key.extractable()); |
2091 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 2000 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
2092 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 2001 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
2093 key.algorithm().rsaHashedParams()->hash().id()); | 2002 key.algorithm().rsaHashedParams()->hash().id()); |
2094 EXPECT_EQ(kModulusLengthBits, | 2003 EXPECT_EQ(kModulusLengthBits, |
2095 key.algorithm().rsaHashedParams()->modulusLengthBits()); | 2004 key.algorithm().rsaHashedParams()->modulusLengthBits()); |
2096 ExpectCryptoDataMatchesHex( | 2005 EXPECT_BYTES_EQ_HEX( |
2097 "010001", | 2006 "010001", |
2098 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); | 2007 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); |
2099 | 2008 |
2100 blink::WebArrayBuffer exported_key; | 2009 std::vector<uint8> exported_key; |
2101 ASSERT_EQ(Status::Success(), | 2010 ASSERT_EQ(Status::Success(), |
2102 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key)); | 2011 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key)); |
2103 ExpectArrayBufferMatchesHex(kPrivateKeyPkcs8DerHex, exported_key); | 2012 EXPECT_BYTES_EQ_HEX(kPrivateKeyPkcs8DerHex, exported_key); |
2104 | 2013 |
2105 // Failing case: Empty PKCS#8 data | 2014 // Failing case: Empty PKCS#8 data |
2106 EXPECT_EQ(Status::ErrorImportEmptyKeyData(), | 2015 EXPECT_EQ(Status::ErrorImportEmptyKeyData(), |
2107 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2016 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
2108 CryptoData(std::vector<uint8>()), | 2017 CryptoData(std::vector<uint8>()), |
2109 CreateRsaHashedImportAlgorithm( | 2018 CreateRsaHashedImportAlgorithm( |
2110 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2019 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2111 blink::WebCryptoAlgorithmIdSha1), | 2020 blink::WebCryptoAlgorithmIdSha1), |
2112 true, | 2021 true, |
2113 blink::WebCryptoKeyUsageSign, | 2022 blink::WebCryptoKeyUsageSign, |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2154 EXPECT_FALSE(private_key.isNull()); | 2063 EXPECT_FALSE(private_key.isNull()); |
2155 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 2064 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
2156 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 2065 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
2157 EXPECT_TRUE(public_key.extractable()); | 2066 EXPECT_TRUE(public_key.extractable()); |
2158 EXPECT_EQ(extractable, private_key.extractable()); | 2067 EXPECT_EQ(extractable, private_key.extractable()); |
2159 EXPECT_EQ(usage_mask, public_key.usages()); | 2068 EXPECT_EQ(usage_mask, public_key.usages()); |
2160 EXPECT_EQ(usage_mask, private_key.usages()); | 2069 EXPECT_EQ(usage_mask, private_key.usages()); |
2161 | 2070 |
2162 // Try exporting the generated key pair, and then re-importing to verify that | 2071 // Try exporting the generated key pair, and then re-importing to verify that |
2163 // the exported data was valid. | 2072 // the exported data was valid. |
2164 blink::WebArrayBuffer public_key_spki; | 2073 std::vector<uint8> public_key_spki; |
2165 EXPECT_EQ( | 2074 EXPECT_EQ( |
2166 Status::Success(), | 2075 Status::Success(), |
2167 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 2076 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
2168 public_key = blink::WebCryptoKey::createNull(); | 2077 public_key = blink::WebCryptoKey::createNull(); |
2169 EXPECT_EQ( | 2078 EXPECT_EQ( |
2170 Status::Success(), | 2079 Status::Success(), |
2171 ImportKey(blink::WebCryptoKeyFormatSpki, | 2080 ImportKey(blink::WebCryptoKeyFormatSpki, |
2172 CryptoData(public_key_spki), | 2081 CryptoData(public_key_spki), |
2173 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 2082 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
2174 true, | 2083 true, |
2175 usage_mask, | 2084 usage_mask, |
2176 &public_key)); | 2085 &public_key)); |
2177 EXPECT_EQ(modulus_length, | 2086 EXPECT_EQ(modulus_length, |
2178 public_key.algorithm().rsaParams()->modulusLengthBits()); | 2087 public_key.algorithm().rsaParams()->modulusLengthBits()); |
2179 | 2088 |
2180 blink::WebArrayBuffer private_key_pkcs8; | 2089 std::vector<uint8> private_key_pkcs8; |
2181 EXPECT_EQ( | 2090 EXPECT_EQ( |
2182 Status::Success(), | 2091 Status::Success(), |
2183 ExportKey( | 2092 ExportKey( |
2184 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 2093 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
2185 private_key = blink::WebCryptoKey::createNull(); | 2094 private_key = blink::WebCryptoKey::createNull(); |
2186 EXPECT_EQ( | 2095 EXPECT_EQ( |
2187 Status::Success(), | 2096 Status::Success(), |
2188 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2097 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
2189 CryptoData(private_key_pkcs8), | 2098 CryptoData(private_key_pkcs8), |
2190 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 2099 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2299 private_key.algorithm().rsaHashedParams()->hash().id()); | 2208 private_key.algorithm().rsaHashedParams()->hash().id()); |
2300 // Even though "extractable" was set to false, the public key remains | 2209 // Even though "extractable" was set to false, the public key remains |
2301 // extractable. | 2210 // extractable. |
2302 EXPECT_TRUE(public_key.extractable()); | 2211 EXPECT_TRUE(public_key.extractable()); |
2303 EXPECT_FALSE(private_key.extractable()); | 2212 EXPECT_FALSE(private_key.extractable()); |
2304 EXPECT_EQ(usage_mask, public_key.usages()); | 2213 EXPECT_EQ(usage_mask, public_key.usages()); |
2305 EXPECT_EQ(usage_mask, private_key.usages()); | 2214 EXPECT_EQ(usage_mask, private_key.usages()); |
2306 | 2215 |
2307 // Exporting a private key as SPKI format doesn't make sense. However this | 2216 // Exporting a private key as SPKI format doesn't make sense. However this |
2308 // will first fail because the key is not extractable. | 2217 // will first fail because the key is not extractable. |
2309 blink::WebArrayBuffer output; | 2218 std::vector<uint8> output; |
2310 EXPECT_EQ(Status::ErrorKeyNotExtractable(), | 2219 EXPECT_EQ(Status::ErrorKeyNotExtractable(), |
2311 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 2220 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
2312 | 2221 |
2313 // Re-generate an extractable private_key and try to export it as SPKI format. | 2222 // Re-generate an extractable private_key and try to export it as SPKI format. |
2314 // This should fail since spki is for public keys. | 2223 // This should fail since spki is for public keys. |
2315 EXPECT_EQ( | 2224 EXPECT_EQ( |
2316 Status::Success(), | 2225 Status::Success(), |
2317 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); | 2226 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); |
2318 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2227 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2319 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 2228 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
(...skipping 21 matching lines...) Expand all Loading... |
2341 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; | 2250 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; |
2342 char max_data_hex[kMsgHexSize + 1]; | 2251 char max_data_hex[kMsgHexSize + 1]; |
2343 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | 2252 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
2344 max_data_hex[kMsgHexSize] = '\0'; | 2253 max_data_hex[kMsgHexSize] = '\0'; |
2345 | 2254 |
2346 // Verify encrypt / decrypt round trip on a few messages. Note that RSA | 2255 // Verify encrypt / decrypt round trip on a few messages. Note that RSA |
2347 // encryption does not support empty input. | 2256 // encryption does not support empty input. |
2348 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 2257 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
2349 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", | 2258 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", |
2350 max_data_hex}; | 2259 max_data_hex}; |
2351 blink::WebArrayBuffer encrypted_data; | 2260 std::vector<uint8> encrypted_data; |
2352 blink::WebArrayBuffer decrypted_data; | 2261 std::vector<uint8> decrypted_data; |
2353 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | 2262 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { |
2354 SCOPED_TRACE(i); | 2263 SCOPED_TRACE(i); |
2355 EXPECT_EQ(Status::Success(), | 2264 EXPECT_EQ(Status::Success(), |
2356 Encrypt(algorithm, | 2265 Encrypt(algorithm, |
2357 public_key, | 2266 public_key, |
2358 CryptoData(HexStringToBytes(kTestDataHex[i])), | 2267 CryptoData(HexStringToBytes(kTestDataHex[i])), |
2359 &encrypted_data)); | 2268 &encrypted_data)); |
2360 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.byteLength()); | 2269 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.size()); |
2361 ASSERT_EQ(Status::Success(), | 2270 ASSERT_EQ(Status::Success(), |
2362 Decrypt(algorithm, | 2271 Decrypt(algorithm, |
2363 private_key, | 2272 private_key, |
2364 CryptoData(encrypted_data), | 2273 CryptoData(encrypted_data), |
2365 &decrypted_data)); | 2274 &decrypted_data)); |
2366 ExpectArrayBufferMatchesHex(kTestDataHex[i], decrypted_data); | 2275 EXPECT_BYTES_EQ_HEX(kTestDataHex[i], decrypted_data); |
2367 } | 2276 } |
2368 } | 2277 } |
2369 | 2278 |
2370 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { | 2279 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { |
2371 scoped_ptr<base::Value> json; | 2280 scoped_ptr<base::Value> json; |
2372 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); | 2281 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); |
2373 base::DictionaryValue* test = NULL; | 2282 base::DictionaryValue* test = NULL; |
2374 ASSERT_TRUE(json->GetAsDictionary(&test)); | 2283 ASSERT_TRUE(json->GetAsDictionary(&test)); |
2375 | 2284 |
2376 // Because the random data in PKCS1.5 padding makes the encryption output non- | 2285 // Because the random data in PKCS1.5 padding makes the encryption output non- |
(...skipping 20 matching lines...) Expand all Loading... |
2397 rsa_spki_der, | 2306 rsa_spki_der, |
2398 rsa_pkcs8_der, | 2307 rsa_pkcs8_der, |
2399 algorithm, | 2308 algorithm, |
2400 false, | 2309 false, |
2401 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 2310 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
2402 &public_key, | 2311 &public_key, |
2403 &private_key); | 2312 &private_key); |
2404 | 2313 |
2405 // Decrypt the known-good ciphertext with the private key. As a check we must | 2314 // Decrypt the known-good ciphertext with the private key. As a check we must |
2406 // get the known original cleartext. | 2315 // get the known original cleartext. |
2407 blink::WebArrayBuffer decrypted_data; | 2316 std::vector<uint8> decrypted_data; |
2408 ASSERT_EQ( | 2317 ASSERT_EQ( |
2409 Status::Success(), | 2318 Status::Success(), |
2410 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); | 2319 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); |
2411 EXPECT_FALSE(decrypted_data.isNull()); | 2320 EXPECT_BYTES_EQ(cleartext, decrypted_data); |
2412 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); | |
2413 | 2321 |
2414 // Encrypt this decrypted data with the public key. | 2322 // Encrypt this decrypted data with the public key. |
2415 blink::WebArrayBuffer encrypted_data; | 2323 std::vector<uint8> encrypted_data; |
2416 ASSERT_EQ( | 2324 ASSERT_EQ( |
2417 Status::Success(), | 2325 Status::Success(), |
2418 Encrypt( | 2326 Encrypt( |
2419 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); | 2327 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); |
2420 EXPECT_EQ(128u, encrypted_data.byteLength()); | 2328 EXPECT_EQ(128u, encrypted_data.size()); |
2421 | 2329 |
2422 // Finally, decrypt the newly encrypted result with the private key, and | 2330 // Finally, decrypt the newly encrypted result with the private key, and |
2423 // compare to the known original cleartext. | 2331 // compare to the known original cleartext. |
2424 decrypted_data.reset(); | 2332 decrypted_data.clear(); |
2425 ASSERT_EQ( | 2333 ASSERT_EQ( |
2426 Status::Success(), | 2334 Status::Success(), |
2427 Decrypt( | 2335 Decrypt( |
2428 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | 2336 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
2429 EXPECT_FALSE(decrypted_data.isNull()); | 2337 EXPECT_EQ(cleartext, decrypted_data); |
2430 EXPECT_TRUE(ArrayBufferMatches(cleartext, decrypted_data)); | |
2431 } | 2338 } |
2432 | 2339 |
2433 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { | 2340 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { |
2434 // Import a key pair. | 2341 // Import a key pair. |
2435 blink::WebCryptoAlgorithm algorithm = | 2342 blink::WebCryptoAlgorithm algorithm = |
2436 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 2343 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
2437 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2344 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2438 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2345 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2439 ImportRsaKeyPair( | 2346 ImportRsaKeyPair( |
2440 HexStringToBytes(kPublicKeySpkiDerHex), | 2347 HexStringToBytes(kPublicKeySpkiDerHex), |
2441 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2348 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
2442 algorithm, | 2349 algorithm, |
2443 false, | 2350 false, |
2444 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 2351 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
2445 &public_key, | 2352 &public_key, |
2446 &private_key); | 2353 &private_key); |
2447 | 2354 |
2448 // Fail encrypt with a private key. | 2355 // Fail encrypt with a private key. |
2449 blink::WebArrayBuffer encrypted_data; | 2356 std::vector<uint8> encrypted_data; |
2450 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 2357 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
2451 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 2358 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
2452 EXPECT_EQ( | 2359 EXPECT_EQ( |
2453 Status::ErrorUnexpectedKeyType(), | 2360 Status::ErrorUnexpectedKeyType(), |
2454 Encrypt( | 2361 Encrypt( |
2455 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); | 2362 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); |
2456 | 2363 |
2457 // Fail encrypt with empty message. | 2364 // Fail encrypt with empty message. |
2458 EXPECT_EQ(Status::ErrorDataTooSmall(), | 2365 EXPECT_EQ(Status::ErrorDataTooSmall(), |
2459 Encrypt(algorithm, | 2366 Encrypt(algorithm, |
2460 public_key, | 2367 public_key, |
2461 CryptoData(std::vector<uint8>()), | 2368 CryptoData(std::vector<uint8>()), |
2462 &encrypted_data)); | 2369 &encrypted_data)); |
2463 | 2370 |
2464 // Fail encrypt with message too large. RSAES can operate on messages up to | 2371 // Fail encrypt with message too large. RSAES can operate on messages up to |
2465 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 2372 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
2466 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; | 2373 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; |
2467 EXPECT_EQ(Status::ErrorDataTooLarge(), | 2374 EXPECT_EQ(Status::ErrorDataTooLarge(), |
2468 Encrypt(algorithm, | 2375 Encrypt(algorithm, |
2469 public_key, | 2376 public_key, |
2470 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), | 2377 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), |
2471 &encrypted_data)); | 2378 &encrypted_data)); |
2472 | 2379 |
2473 // Generate encrypted data. | 2380 // Generate encrypted data. |
2474 EXPECT_EQ( | 2381 EXPECT_EQ( |
2475 Status::Success(), | 2382 Status::Success(), |
2476 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); | 2383 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); |
2477 | 2384 |
2478 // Fail decrypt with a public key. | 2385 // Fail decrypt with a public key. |
2479 blink::WebArrayBuffer decrypted_data; | 2386 std::vector<uint8> decrypted_data; |
2480 EXPECT_EQ( | 2387 EXPECT_EQ( |
2481 Status::ErrorUnexpectedKeyType(), | 2388 Status::ErrorUnexpectedKeyType(), |
2482 Decrypt( | 2389 Decrypt( |
2483 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); | 2390 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); |
2484 | 2391 |
2485 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. | 2392 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. |
2486 std::vector<uint8> corrupted_data( | 2393 EXPECT_EQ(Status::OperationError(), |
2487 static_cast<uint8*>(encrypted_data.data()), | 2394 Decrypt(algorithm, |
2488 static_cast<uint8*>(encrypted_data.data()) + encrypted_data.byteLength()); | 2395 private_key, |
2489 corrupted_data[corrupted_data.size() / 2] ^= 0x01; | 2396 CryptoData(Corrupted(encrypted_data)), |
2490 EXPECT_EQ( | 2397 &decrypted_data)); |
2491 Status::OperationError(), | |
2492 Decrypt( | |
2493 algorithm, private_key, CryptoData(corrupted_data), &decrypted_data)); | |
2494 | 2398 |
2495 // TODO(padolph): Are there other specific data corruption scenarios to | 2399 // TODO(padolph): Are there other specific data corruption scenarios to |
2496 // consider? | 2400 // consider? |
2497 | 2401 |
2498 // Do a successful decrypt with good data just for confirmation. | 2402 // Do a successful decrypt with good data just for confirmation. |
2499 EXPECT_EQ( | 2403 EXPECT_EQ( |
2500 Status::Success(), | 2404 Status::Success(), |
2501 Decrypt( | 2405 Decrypt( |
2502 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | 2406 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); |
2503 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 2407 EXPECT_BYTES_EQ_HEX(message_hex_str, decrypted_data); |
2504 } | 2408 } |
2505 | 2409 |
2506 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 2410 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
2507 // Import a key pair. | 2411 // Import a key pair. |
2508 blink::WebCryptoKeyUsageMask usage_mask = | 2412 blink::WebCryptoKeyUsageMask usage_mask = |
2509 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | 2413 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
2510 blink::WebCryptoAlgorithm importAlgorithm = | 2414 blink::WebCryptoAlgorithm importAlgorithm = |
2511 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2415 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2512 blink::WebCryptoAlgorithmIdSha1); | 2416 blink::WebCryptoAlgorithmIdSha1); |
2513 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2417 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2514 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2418 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2515 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), | 2419 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
2516 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2420 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
2517 importAlgorithm, | 2421 importAlgorithm, |
2518 false, | 2422 false, |
2519 usage_mask, | 2423 usage_mask, |
2520 &public_key, | 2424 &public_key, |
2521 &private_key); | 2425 &private_key); |
2522 | 2426 |
2523 blink::WebCryptoAlgorithm algorithm = | 2427 blink::WebCryptoAlgorithm algorithm = |
2524 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | 2428 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); |
2525 | 2429 |
2526 blink::WebArrayBuffer signature; | 2430 std::vector<uint8> signature; |
2527 bool signature_match; | 2431 bool signature_match; |
2528 | 2432 |
2529 // Compute a signature. | 2433 // Compute a signature. |
2530 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | 2434 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
2531 ASSERT_EQ(Status::Success(), | 2435 ASSERT_EQ(Status::Success(), |
2532 Sign(algorithm, private_key, CryptoData(data), &signature)); | 2436 Sign(algorithm, private_key, CryptoData(data), &signature)); |
2533 | 2437 |
2534 // Ensure truncated signature does not verify by passing one less byte. | 2438 // Ensure truncated signature does not verify by passing one less byte. |
2535 EXPECT_EQ( | 2439 EXPECT_EQ(Status::Success(), |
2536 Status::Success(), | 2440 VerifySignature( |
2537 VerifySignature( | 2441 algorithm, |
2538 algorithm, | 2442 public_key, |
2539 public_key, | 2443 CryptoData(Uint8VectorStart(signature), signature.size() - 1), |
2540 CryptoData(reinterpret_cast<const unsigned char*>(signature.data()), | 2444 CryptoData(data), |
2541 signature.byteLength() - 1), | 2445 &signature_match)); |
2542 CryptoData(data), | |
2543 &signature_match)); | |
2544 EXPECT_FALSE(signature_match); | 2446 EXPECT_FALSE(signature_match); |
2545 | 2447 |
2546 // Ensure truncated signature does not verify by passing no bytes. | 2448 // Ensure truncated signature does not verify by passing no bytes. |
2547 EXPECT_EQ(Status::Success(), | 2449 EXPECT_EQ(Status::Success(), |
2548 VerifySignature(algorithm, | 2450 VerifySignature(algorithm, |
2549 public_key, | 2451 public_key, |
2550 CryptoData(), | 2452 CryptoData(), |
2551 CryptoData(data), | 2453 CryptoData(data), |
2552 &signature_match)); | 2454 &signature_match)); |
2553 EXPECT_FALSE(signature_match); | 2455 EXPECT_FALSE(signature_match); |
2554 | 2456 |
2555 // Ensure corrupted signature does not verify. | 2457 // Ensure corrupted signature does not verify. |
2556 std::vector<uint8> corrupt_sig( | 2458 std::vector<uint8> corrupt_sig = signature; |
2557 static_cast<uint8*>(signature.data()), | |
2558 static_cast<uint8*>(signature.data()) + signature.byteLength()); | |
2559 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | 2459 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
2560 EXPECT_EQ(Status::Success(), | 2460 EXPECT_EQ(Status::Success(), |
2561 VerifySignature(algorithm, | 2461 VerifySignature(algorithm, |
2562 public_key, | 2462 public_key, |
2563 CryptoData(corrupt_sig), | 2463 CryptoData(corrupt_sig), |
2564 CryptoData(data), | 2464 CryptoData(data), |
2565 &signature_match)); | 2465 &signature_match)); |
2566 EXPECT_FALSE(signature_match); | 2466 EXPECT_FALSE(signature_match); |
2567 | 2467 |
2568 // Ensure signatures that are greater than the modulus size fail. | 2468 // Ensure signatures that are greater than the modulus size fail. |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2665 importAlgorithm, | 2565 importAlgorithm, |
2666 false, | 2566 false, |
2667 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 2567 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
2668 &public_key, | 2568 &public_key, |
2669 &private_key); | 2569 &private_key); |
2670 | 2570 |
2671 blink::WebCryptoAlgorithm algorithm = | 2571 blink::WebCryptoAlgorithm algorithm = |
2672 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | 2572 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); |
2673 | 2573 |
2674 // Validate the signatures are computed and verified as expected. | 2574 // Validate the signatures are computed and verified as expected. |
2675 blink::WebArrayBuffer signature; | 2575 std::vector<uint8> signature; |
2676 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 2576 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
2677 SCOPED_TRACE(test_index); | 2577 SCOPED_TRACE(test_index); |
2678 | 2578 |
2679 base::DictionaryValue* test; | 2579 base::DictionaryValue* test; |
2680 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 2580 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
2681 | 2581 |
2682 std::vector<uint8> test_message = | 2582 std::vector<uint8> test_message = |
2683 GetBytesFromHexString(test, "message_hex"); | 2583 GetBytesFromHexString(test, "message_hex"); |
2684 std::vector<uint8> test_signature = | 2584 std::vector<uint8> test_signature = |
2685 GetBytesFromHexString(test, "signature_hex"); | 2585 GetBytesFromHexString(test, "signature_hex"); |
2686 | 2586 |
2687 signature.reset(); | 2587 signature.clear(); |
2688 ASSERT_EQ( | 2588 ASSERT_EQ( |
2689 Status::Success(), | 2589 Status::Success(), |
2690 Sign(algorithm, private_key, CryptoData(test_message), &signature)); | 2590 Sign(algorithm, private_key, CryptoData(test_message), &signature)); |
2691 EXPECT_TRUE(ArrayBufferMatches(test_signature, signature)); | 2591 EXPECT_BYTES_EQ(test_signature, signature); |
2692 | 2592 |
2693 bool is_match = false; | 2593 bool is_match = false; |
2694 ASSERT_EQ(Status::Success(), | 2594 ASSERT_EQ(Status::Success(), |
2695 VerifySignature(algorithm, | 2595 VerifySignature(algorithm, |
2696 public_key, | 2596 public_key, |
2697 CryptoData(test_signature), | 2597 CryptoData(test_signature), |
2698 CryptoData(test_message), | 2598 CryptoData(test_message), |
2699 &is_match)); | 2599 &is_match)); |
2700 EXPECT_TRUE(is_match); | 2600 EXPECT_TRUE(is_match); |
2701 } | 2601 } |
2702 } | 2602 } |
2703 | 2603 |
2704 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { | 2604 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
2705 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2605 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
2706 blink::WebCryptoAlgorithm algorithm = | 2606 blink::WebCryptoAlgorithm algorithm = |
2707 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | 2607 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
2708 | 2608 |
2709 // Import a 128-bit Key Encryption Key (KEK) | 2609 // Import a 128-bit Key Encryption Key (KEK) |
2710 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; | 2610 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; |
2711 ASSERT_EQ(Status::Success(), | 2611 ASSERT_EQ(Status::Success(), |
2712 ImportKey(blink::WebCryptoKeyFormatRaw, | 2612 ImportKey(blink::WebCryptoKeyFormatRaw, |
2713 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2613 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2714 algorithm, | 2614 algorithm, |
2715 true, | 2615 true, |
2716 blink::WebCryptoKeyUsageWrapKey, | 2616 blink::WebCryptoKeyUsageWrapKey, |
2717 &key)); | 2617 &key)); |
2718 blink::WebArrayBuffer key_raw_out; | 2618 std::vector<uint8> key_raw_out; |
2719 EXPECT_EQ(Status::Success(), | 2619 EXPECT_EQ(Status::Success(), |
2720 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | 2620 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
2721 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2621 EXPECT_BYTES_EQ_HEX(key_raw_hex_in, key_raw_out); |
2722 | 2622 |
2723 // Import a 192-bit KEK | 2623 // Import a 192-bit KEK |
2724 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; | 2624 key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103"; |
2725 ASSERT_EQ(Status::Success(), | 2625 ASSERT_EQ(Status::Success(), |
2726 ImportKey(blink::WebCryptoKeyFormatRaw, | 2626 ImportKey(blink::WebCryptoKeyFormatRaw, |
2727 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2627 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2728 algorithm, | 2628 algorithm, |
2729 true, | 2629 true, |
2730 blink::WebCryptoKeyUsageWrapKey, | 2630 blink::WebCryptoKeyUsageWrapKey, |
2731 &key)); | 2631 &key)); |
2732 EXPECT_EQ(Status::Success(), | 2632 EXPECT_EQ(Status::Success(), |
2733 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | 2633 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
2734 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2634 EXPECT_BYTES_EQ_HEX(key_raw_hex_in, key_raw_out); |
2735 | 2635 |
2736 // Import a 256-bit Key Encryption Key (KEK) | 2636 // Import a 256-bit Key Encryption Key (KEK) |
2737 key_raw_hex_in = | 2637 key_raw_hex_in = |
2738 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; | 2638 "e11fe66380d90fa9ebefb74e0478e78f95664d0c67ca20ce4a0b5842863ac46f"; |
2739 ASSERT_EQ(Status::Success(), | 2639 ASSERT_EQ(Status::Success(), |
2740 ImportKey(blink::WebCryptoKeyFormatRaw, | 2640 ImportKey(blink::WebCryptoKeyFormatRaw, |
2741 CryptoData(HexStringToBytes(key_raw_hex_in)), | 2641 CryptoData(HexStringToBytes(key_raw_hex_in)), |
2742 algorithm, | 2642 algorithm, |
2743 true, | 2643 true, |
2744 blink::WebCryptoKeyUsageWrapKey, | 2644 blink::WebCryptoKeyUsageWrapKey, |
2745 &key)); | 2645 &key)); |
2746 EXPECT_EQ(Status::Success(), | 2646 EXPECT_EQ(Status::Success(), |
2747 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); | 2647 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out)); |
2748 ExpectArrayBufferMatchesHex(key_raw_hex_in, key_raw_out); | 2648 EXPECT_BYTES_EQ_HEX(key_raw_hex_in, key_raw_out); |
2749 | 2649 |
2750 // Fail import of 0 length key | 2650 // Fail import of 0 length key |
2751 EXPECT_EQ(Status::ErrorImportAesKeyLength(), | 2651 EXPECT_EQ(Status::ErrorImportAesKeyLength(), |
2752 ImportKey(blink::WebCryptoKeyFormatRaw, | 2652 ImportKey(blink::WebCryptoKeyFormatRaw, |
2753 CryptoData(HexStringToBytes("")), | 2653 CryptoData(HexStringToBytes("")), |
2754 algorithm, | 2654 algorithm, |
2755 true, | 2655 true, |
2756 blink::WebCryptoKeyUsageWrapKey, | 2656 blink::WebCryptoKeyUsageWrapKey, |
2757 &key)); | 2657 &key)); |
2758 | 2658 |
(...skipping 95 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2854 wrapping_algorithm, | 2754 wrapping_algorithm, |
2855 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); | 2755 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey); |
2856 | 2756 |
2857 // Import the key to be wrapped. | 2757 // Import the key to be wrapped. |
2858 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 2758 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
2859 test_key, | 2759 test_key, |
2860 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2760 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2861 blink::WebCryptoKeyUsageEncrypt); | 2761 blink::WebCryptoKeyUsageEncrypt); |
2862 | 2762 |
2863 // Wrap the key and verify the ciphertext result against the known answer. | 2763 // Wrap the key and verify the ciphertext result against the known answer. |
2864 blink::WebArrayBuffer wrapped_key; | 2764 std::vector<uint8> wrapped_key; |
2865 ASSERT_EQ(Status::Success(), | 2765 ASSERT_EQ(Status::Success(), |
2866 WrapKey(blink::WebCryptoKeyFormatRaw, | 2766 WrapKey(blink::WebCryptoKeyFormatRaw, |
2867 wrapping_key, | 2767 wrapping_key, |
2868 key, | 2768 key, |
2869 wrapping_algorithm, | 2769 wrapping_algorithm, |
2870 &wrapped_key)); | 2770 &wrapped_key)); |
2871 EXPECT_TRUE(ArrayBufferMatches(test_ciphertext, wrapped_key)); | 2771 EXPECT_BYTES_EQ(test_ciphertext, wrapped_key); |
2872 | 2772 |
2873 // Unwrap the known ciphertext to get a new test_key. | 2773 // Unwrap the known ciphertext to get a new test_key. |
2874 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 2774 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
2875 ASSERT_EQ( | 2775 ASSERT_EQ( |
2876 Status::Success(), | 2776 Status::Success(), |
2877 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 2777 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
2878 CryptoData(test_ciphertext), | 2778 CryptoData(test_ciphertext), |
2879 wrapping_key, | 2779 wrapping_key, |
2880 wrapping_algorithm, | 2780 wrapping_algorithm, |
2881 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2781 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2882 true, | 2782 true, |
2883 blink::WebCryptoKeyUsageEncrypt, | 2783 blink::WebCryptoKeyUsageEncrypt, |
2884 &unwrapped_key)); | 2784 &unwrapped_key)); |
2885 EXPECT_FALSE(key.isNull()); | 2785 EXPECT_FALSE(key.isNull()); |
2886 EXPECT_TRUE(key.handle()); | 2786 EXPECT_TRUE(key.handle()); |
2887 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 2787 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
2888 EXPECT_EQ( | 2788 EXPECT_EQ( |
2889 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), | 2789 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(), |
2890 key.algorithm().id()); | 2790 key.algorithm().id()); |
2891 EXPECT_EQ(true, key.extractable()); | 2791 EXPECT_EQ(true, key.extractable()); |
2892 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 2792 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
2893 | 2793 |
2894 // Export the new key and compare its raw bytes with the original known key. | 2794 // Export the new key and compare its raw bytes with the original known key. |
2895 blink::WebArrayBuffer raw_key; | 2795 std::vector<uint8> raw_key; |
2896 EXPECT_EQ(Status::Success(), | 2796 EXPECT_EQ(Status::Success(), |
2897 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 2797 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
2898 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); | 2798 EXPECT_BYTES_EQ(test_key, raw_key); |
2899 } | 2799 } |
2900 } | 2800 } |
2901 | 2801 |
2902 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { | 2802 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { |
2903 scoped_ptr<base::ListValue> tests; | 2803 scoped_ptr<base::ListValue> tests; |
2904 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); | 2804 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); |
2905 base::DictionaryValue* test; | 2805 base::DictionaryValue* test; |
2906 // Use 256 bits of data with a 256-bit KEK | 2806 // Use 256 bits of data with a 256-bit KEK |
2907 ASSERT_TRUE(tests->GetDictionary(5, &test)); | 2807 ASSERT_TRUE(tests->GetDictionary(5, &test)); |
2908 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); | 2808 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); |
(...skipping 119 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3028 EXPECT_TRUE(unwrapped_key.handle()); | 2928 EXPECT_TRUE(unwrapped_key.handle()); |
3029 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); | 2929 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); |
3030 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id()); | 2930 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, unwrapped_key.algorithm().id()); |
3031 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 2931 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
3032 unwrapped_key.algorithm().hmacParams()->hash().id()); | 2932 unwrapped_key.algorithm().hmacParams()->hash().id()); |
3033 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits()); | 2933 EXPECT_EQ(256u, unwrapped_key.algorithm().hmacParams()->lengthBits()); |
3034 EXPECT_EQ(true, unwrapped_key.extractable()); | 2934 EXPECT_EQ(true, unwrapped_key.extractable()); |
3035 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages()); | 2935 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, unwrapped_key.usages()); |
3036 | 2936 |
3037 // Export the new key's raw data and compare to the known original. | 2937 // Export the new key's raw data and compare to the known original. |
3038 blink::WebArrayBuffer raw_key; | 2938 std::vector<uint8> raw_key; |
3039 EXPECT_EQ(Status::Success(), | 2939 EXPECT_EQ(Status::Success(), |
3040 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 2940 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
3041 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); | 2941 EXPECT_BYTES_EQ(key_data, raw_key); |
3042 } | 2942 } |
3043 | 2943 |
3044 // TODO(eroman): | 2944 // TODO(eroman): |
3045 // * Test decryption when the tag length exceeds input size | 2945 // * Test decryption when the tag length exceeds input size |
3046 // * Test decryption with empty input | 2946 // * Test decryption with empty input |
3047 // * Test decryption with tag length of 0. | 2947 // * Test decryption with tag length of 0. |
3048 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { | 2948 TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) { |
3049 // Some Linux test runners may not have a new enough version of NSS. | 2949 // Some Linux test runners may not have a new enough version of NSS. |
3050 if (!SupportsAesGcm()) { | 2950 if (!SupportsAesGcm()) { |
3051 LOG(WARNING) << "AES GCM not supported, skipping tests"; | 2951 LOG(WARNING) << "AES GCM not supported, skipping tests"; |
(...skipping 20 matching lines...) Expand all Loading... |
3072 const unsigned int test_tag_size_bits = test_authentication_tag.size() * 8; | 2972 const unsigned int test_tag_size_bits = test_authentication_tag.size() * 8; |
3073 const std::vector<uint8> test_cipher_text = | 2973 const std::vector<uint8> test_cipher_text = |
3074 GetBytesFromHexString(test, "cipher_text"); | 2974 GetBytesFromHexString(test, "cipher_text"); |
3075 | 2975 |
3076 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 2976 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
3077 test_key, | 2977 test_key, |
3078 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 2978 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
3079 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 2979 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
3080 | 2980 |
3081 // Verify exported raw key is identical to the imported data | 2981 // Verify exported raw key is identical to the imported data |
3082 blink::WebArrayBuffer raw_key; | 2982 std::vector<uint8> raw_key; |
3083 EXPECT_EQ(Status::Success(), | 2983 EXPECT_EQ(Status::Success(), |
3084 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); | 2984 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key)); |
3085 | 2985 |
3086 EXPECT_TRUE(ArrayBufferMatches(test_key, raw_key)); | 2986 EXPECT_BYTES_EQ(test_key, raw_key); |
3087 | 2987 |
3088 // Test encryption. | 2988 // Test encryption. |
3089 std::vector<uint8> cipher_text; | 2989 std::vector<uint8> cipher_text; |
3090 std::vector<uint8> authentication_tag; | 2990 std::vector<uint8> authentication_tag; |
3091 EXPECT_EQ(Status::Success(), | 2991 EXPECT_EQ(Status::Success(), |
3092 AesGcmEncrypt(key, | 2992 AesGcmEncrypt(key, |
3093 test_iv, | 2993 test_iv, |
3094 test_additional_data, | 2994 test_additional_data, |
3095 test_tag_size_bits, | 2995 test_tag_size_bits, |
3096 test_plain_text, | 2996 test_plain_text, |
3097 &cipher_text, | 2997 &cipher_text, |
3098 &authentication_tag)); | 2998 &authentication_tag)); |
3099 | 2999 |
3100 ExpectVectorMatches(test_cipher_text, cipher_text); | 3000 EXPECT_BYTES_EQ(test_cipher_text, cipher_text); |
3101 ExpectVectorMatches(test_authentication_tag, authentication_tag); | 3001 EXPECT_BYTES_EQ(test_authentication_tag, authentication_tag); |
3102 | 3002 |
3103 // Test decryption. | 3003 // Test decryption. |
3104 blink::WebArrayBuffer plain_text; | 3004 std::vector<uint8> plain_text; |
3105 EXPECT_EQ(Status::Success(), | 3005 EXPECT_EQ(Status::Success(), |
3106 AesGcmDecrypt(key, | 3006 AesGcmDecrypt(key, |
3107 test_iv, | 3007 test_iv, |
3108 test_additional_data, | 3008 test_additional_data, |
3109 test_tag_size_bits, | 3009 test_tag_size_bits, |
3110 test_cipher_text, | 3010 test_cipher_text, |
3111 test_authentication_tag, | 3011 test_authentication_tag, |
3112 &plain_text)); | 3012 &plain_text)); |
3113 EXPECT_TRUE(ArrayBufferMatches(test_plain_text, plain_text)); | 3013 EXPECT_BYTES_EQ(test_plain_text, plain_text); |
3114 | 3014 |
3115 // Decryption should fail if any of the inputs are tampered with. | 3015 // Decryption should fail if any of the inputs are tampered with. |
3116 EXPECT_EQ(Status::OperationError(), | 3016 EXPECT_EQ(Status::OperationError(), |
3117 AesGcmDecrypt(key, | 3017 AesGcmDecrypt(key, |
3118 Corrupted(test_iv), | 3018 Corrupted(test_iv), |
3119 test_additional_data, | 3019 test_additional_data, |
3120 test_tag_size_bits, | 3020 test_tag_size_bits, |
3121 test_cipher_text, | 3021 test_cipher_text, |
3122 test_authentication_tag, | 3022 test_authentication_tag, |
3123 &plain_text)); | 3023 &plain_text)); |
(...skipping 73 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3197 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 3097 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
3198 ASSERT_EQ(Status::Success(), | 3098 ASSERT_EQ(Status::Success(), |
3199 ImportKey(blink::WebCryptoKeyFormatRaw, | 3099 ImportKey(blink::WebCryptoKeyFormatRaw, |
3200 CryptoData(cleartext), | 3100 CryptoData(cleartext), |
3201 key_algorithm, | 3101 key_algorithm, |
3202 true, | 3102 true, |
3203 blink::WebCryptoKeyUsageSign, | 3103 blink::WebCryptoKeyUsageSign, |
3204 &key)); | 3104 &key)); |
3205 | 3105 |
3206 // Wrap the symmetric key with raw format. | 3106 // Wrap the symmetric key with raw format. |
3207 blink::WebArrayBuffer wrapped_key; | 3107 std::vector<uint8> wrapped_key; |
3208 ASSERT_EQ(Status::Success(), | 3108 ASSERT_EQ(Status::Success(), |
3209 WrapKey(blink::WebCryptoKeyFormatRaw, | 3109 WrapKey(blink::WebCryptoKeyFormatRaw, |
3210 public_key, | 3110 public_key, |
3211 key, | 3111 key, |
3212 algorithm, | 3112 algorithm, |
3213 &wrapped_key)); | 3113 &wrapped_key)); |
3214 | 3114 |
3215 // Unwrap the wrapped key. | 3115 // Unwrap the wrapped key. |
3216 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 3116 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
3217 ASSERT_EQ(Status::Success(), | 3117 ASSERT_EQ(Status::Success(), |
3218 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 3118 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
3219 CryptoData(wrapped_key), | 3119 CryptoData(wrapped_key), |
3220 private_key, | 3120 private_key, |
3221 algorithm, | 3121 algorithm, |
3222 key_algorithm, | 3122 key_algorithm, |
3223 true, | 3123 true, |
3224 blink::WebCryptoKeyUsageSign, | 3124 blink::WebCryptoKeyUsageSign, |
3225 &unwrapped_key)); | 3125 &unwrapped_key)); |
3226 EXPECT_FALSE(key.isNull()); | 3126 EXPECT_FALSE(key.isNull()); |
3227 EXPECT_TRUE(key.handle()); | 3127 EXPECT_TRUE(key.handle()); |
3228 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 3128 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
3229 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); | 3129 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); |
3230 EXPECT_EQ(true, key.extractable()); | 3130 EXPECT_EQ(true, key.extractable()); |
3231 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 3131 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
3232 | 3132 |
3233 // Export the new key and compare its raw bytes with the original known data. | 3133 // Export the new key and compare its raw bytes with the original known data. |
3234 blink::WebArrayBuffer raw_key; | 3134 std::vector<uint8> raw_key; |
3235 EXPECT_EQ(Status::Success(), | 3135 EXPECT_EQ(Status::Success(), |
3236 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 3136 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
3237 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); | 3137 EXPECT_BYTES_EQ(cleartext, raw_key); |
3238 | 3138 |
3239 // Unwrap the known wrapped key and compare to the known cleartext. | 3139 // Unwrap the known wrapped key and compare to the known cleartext. |
3240 ASSERT_EQ(Status::Success(), | 3140 ASSERT_EQ(Status::Success(), |
3241 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 3141 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
3242 CryptoData(ciphertext), | 3142 CryptoData(ciphertext), |
3243 private_key, | 3143 private_key, |
3244 algorithm, | 3144 algorithm, |
3245 key_algorithm, | 3145 key_algorithm, |
3246 true, | 3146 true, |
3247 blink::WebCryptoKeyUsageSign, | 3147 blink::WebCryptoKeyUsageSign, |
3248 &unwrapped_key)); | 3148 &unwrapped_key)); |
3249 EXPECT_EQ(Status::Success(), | 3149 EXPECT_EQ(Status::Success(), |
3250 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 3150 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
3251 EXPECT_TRUE(ArrayBufferMatches(cleartext, raw_key)); | 3151 EXPECT_BYTES_EQ(cleartext, raw_key); |
3252 } | 3152 } |
3253 | 3153 |
3254 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { | 3154 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { |
3255 const std::vector<uint8> data(64, 0); | 3155 const std::vector<uint8> data(64, 0); |
3256 blink::WebCryptoAlgorithm key_algorithm = | 3156 blink::WebCryptoAlgorithm key_algorithm = |
3257 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | 3157 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); |
3258 | 3158 |
3259 // Import the RSA key pair. | 3159 // Import the RSA key pair. |
3260 blink::WebCryptoAlgorithm wrapping_algorithm = | 3160 blink::WebCryptoAlgorithm wrapping_algorithm = |
3261 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 3161 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
(...skipping 12 matching lines...) Expand all Loading... |
3274 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 3174 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
3275 ASSERT_EQ(Status::Success(), | 3175 ASSERT_EQ(Status::Success(), |
3276 ImportKey(blink::WebCryptoKeyFormatRaw, | 3176 ImportKey(blink::WebCryptoKeyFormatRaw, |
3277 CryptoData(data), | 3177 CryptoData(data), |
3278 key_algorithm, | 3178 key_algorithm, |
3279 true, | 3179 true, |
3280 blink::WebCryptoKeyUsageSign, | 3180 blink::WebCryptoKeyUsageSign, |
3281 &key)); | 3181 &key)); |
3282 | 3182 |
3283 // Wrapping with a private key should fail. | 3183 // Wrapping with a private key should fail. |
3284 blink::WebArrayBuffer wrapped_key; | 3184 std::vector<uint8> wrapped_key; |
3285 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 3185 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
3286 WrapKey(blink::WebCryptoKeyFormatRaw, | 3186 WrapKey(blink::WebCryptoKeyFormatRaw, |
3287 private_key, | 3187 private_key, |
3288 key, | 3188 key, |
3289 wrapping_algorithm, | 3189 wrapping_algorithm, |
3290 &wrapped_key)); | 3190 &wrapped_key)); |
3291 | 3191 |
3292 // Wrapping a key whose raw keying material is too large for the wrapping key | 3192 // Wrapping a key whose raw keying material is too large for the wrapping key |
3293 // should fail. | 3193 // should fail. |
3294 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet | 3194 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet |
(...skipping 91 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3386 blink::WebCryptoKeyUsageEncrypt, | 3286 blink::WebCryptoKeyUsageEncrypt, |
3387 &unwrapped_key)); | 3287 &unwrapped_key)); |
3388 EXPECT_FALSE(unwrapped_key.isNull()); | 3288 EXPECT_FALSE(unwrapped_key.isNull()); |
3389 EXPECT_TRUE(unwrapped_key.handle()); | 3289 EXPECT_TRUE(unwrapped_key.handle()); |
3390 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); | 3290 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); |
3391 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id()); | 3291 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id()); |
3392 EXPECT_EQ(true, unwrapped_key.extractable()); | 3292 EXPECT_EQ(true, unwrapped_key.extractable()); |
3393 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages()); | 3293 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages()); |
3394 | 3294 |
3395 // Export the unwrapped key and compare to the original. | 3295 // Export the unwrapped key and compare to the original. |
3396 blink::WebArrayBuffer raw_key; | 3296 std::vector<uint8> raw_key; |
3397 EXPECT_EQ(Status::Success(), | 3297 EXPECT_EQ(Status::Success(), |
3398 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 3298 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
3399 EXPECT_TRUE(ArrayBufferMatches(key_data, raw_key)); | 3299 EXPECT_BYTES_EQ(key_data, raw_key); |
3400 } | 3300 } |
3401 | 3301 |
3402 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) { | 3302 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) { |
3403 // Generate the symkey to be wrapped (256-bit AES-CBC key). | 3303 // Generate the symkey to be wrapped (256-bit AES-CBC key). |
3404 const blink::WebCryptoAlgorithm gen_algorithm = | 3304 const blink::WebCryptoAlgorithm gen_algorithm = |
3405 CreateAesCbcKeyGenAlgorithm(256); | 3305 CreateAesCbcKeyGenAlgorithm(256); |
3406 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull(); | 3306 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull(); |
3407 ASSERT_EQ( | 3307 ASSERT_EQ( |
3408 Status::Success(), | 3308 Status::Success(), |
3409 GenerateSecretKey( | 3309 GenerateSecretKey( |
3410 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); | 3310 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); |
3411 | 3311 |
3412 // Import the wrapping key pair. | 3312 // Import the wrapping key pair. |
3413 const blink::WebCryptoAlgorithm wrapping_algorithm = | 3313 const blink::WebCryptoAlgorithm wrapping_algorithm = |
3414 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 3314 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
3415 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); | 3315 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); |
3416 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); | 3316 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); |
3417 ImportRsaKeyPair( | 3317 ImportRsaKeyPair( |
3418 HexStringToBytes(kPublicKeySpkiDerHex), | 3318 HexStringToBytes(kPublicKeySpkiDerHex), |
3419 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 3319 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
3420 wrapping_algorithm, | 3320 wrapping_algorithm, |
3421 false, | 3321 false, |
3422 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 3322 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
3423 &public_wrapping_key, | 3323 &public_wrapping_key, |
3424 &private_wrapping_key); | 3324 &private_wrapping_key); |
3425 | 3325 |
3426 // Wrap the symkey in JWK format, using the public wrapping key. | 3326 // Wrap the symkey in JWK format, using the public wrapping key. |
3427 blink::WebArrayBuffer wrapped_data; | 3327 std::vector<uint8> wrapped_data; |
3428 ASSERT_EQ(Status::Success(), | 3328 ASSERT_EQ(Status::Success(), |
3429 WrapKey(blink::WebCryptoKeyFormatJwk, | 3329 WrapKey(blink::WebCryptoKeyFormatJwk, |
3430 public_wrapping_key, | 3330 public_wrapping_key, |
3431 key_to_wrap, | 3331 key_to_wrap, |
3432 wrapping_algorithm, | 3332 wrapping_algorithm, |
3433 &wrapped_data)); | 3333 &wrapped_data)); |
3434 | 3334 |
3435 // Unwrap the key using the private wrapping key. | 3335 // Unwrap the key using the private wrapping key. |
3436 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 3336 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
3437 ASSERT_EQ(Status::Success(), | 3337 ASSERT_EQ(Status::Success(), |
3438 UnwrapKey(blink::WebCryptoKeyFormatJwk, | 3338 UnwrapKey(blink::WebCryptoKeyFormatJwk, |
3439 CryptoData(wrapped_data), | 3339 CryptoData(wrapped_data), |
3440 private_wrapping_key, | 3340 private_wrapping_key, |
3441 wrapping_algorithm, | 3341 wrapping_algorithm, |
3442 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 3342 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
3443 true, | 3343 true, |
3444 blink::WebCryptoKeyUsageEncrypt, | 3344 blink::WebCryptoKeyUsageEncrypt, |
3445 &unwrapped_key)); | 3345 &unwrapped_key)); |
3446 | 3346 |
3447 // Export the original symkey and the unwrapped key and compare. | 3347 // Export the original symkey and the unwrapped key and compare. |
3448 blink::WebArrayBuffer raw_key1, raw_key2; | 3348 std::vector<uint8> raw_key1, raw_key2; |
3449 EXPECT_EQ(Status::Success(), | 3349 EXPECT_EQ(Status::Success(), |
3450 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1)); | 3350 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1)); |
3451 EXPECT_EQ(Status::Success(), | 3351 EXPECT_EQ(Status::Success(), |
3452 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2)); | 3352 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2)); |
3453 EXPECT_TRUE(ArrayBuffersEqual(raw_key1, raw_key2)); | 3353 EXPECT_BYTES_EQ(raw_key1, raw_key2); |
3454 } | 3354 } |
3455 | 3355 |
3456 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) { | 3356 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) { |
3457 // Unwrap JWK-formatted data that can be successfully decrypted, but contains | 3357 // Unwrap JWK-formatted data that can be successfully decrypted, but contains |
3458 // an error in the plaintext JWK so it cannot be subsequently imported, and | 3358 // an error in the plaintext JWK so it cannot be subsequently imported, and |
3459 // ensure that a generic error is returned instead of some other more specific | 3359 // ensure that a generic error is returned instead of some other more specific |
3460 // error. This shows that information about the plaintext JWK inside the | 3360 // error. This shows that information about the plaintext JWK inside the |
3461 // encrypted data is not leaked. | 3361 // encrypted data is not leaked. |
3462 // Note that it is sufficient to consider just one JWK import failure mode | 3362 // Note that it is sufficient to consider just one JWK import failure mode |
3463 // here; others are validated in the ImportJwkFailures Test. The specific | 3363 // here; others are validated in the ImportJwkFailures Test. The specific |
(...skipping 18 matching lines...) Expand all Loading... |
3482 ASSERT_EQ(Status::Success(), | 3382 ASSERT_EQ(Status::Success(), |
3483 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 3383 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
3484 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 3384 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
3485 algorithm, | 3385 algorithm, |
3486 false, | 3386 false, |
3487 blink::WebCryptoKeyUsageDecrypt, | 3387 blink::WebCryptoKeyUsageDecrypt, |
3488 &private_decryption_key)); | 3388 &private_decryption_key)); |
3489 | 3389 |
3490 // Decrypt the ciphertext and validate the result, to prove that decryption is | 3390 // Decrypt the ciphertext and validate the result, to prove that decryption is |
3491 // successful. | 3391 // successful. |
3492 blink::WebArrayBuffer decrypted_data; | 3392 std::vector<uint8> decrypted_data; |
3493 ASSERT_EQ(Status::Success(), | 3393 ASSERT_EQ(Status::Success(), |
3494 Decrypt(algorithm, | 3394 Decrypt(algorithm, |
3495 private_decryption_key, | 3395 private_decryption_key, |
3496 CryptoData(ciphertext), | 3396 CryptoData(ciphertext), |
3497 &decrypted_data)); | 3397 &decrypted_data)); |
3498 const std::string decrypted(static_cast<const char*>(decrypted_data.data()), | 3398 EXPECT_BYTES_EQ(cleartext, decrypted_data); |
3499 decrypted_data.byteLength()); | |
3500 EXPECT_EQ(cleartext, decrypted); | |
3501 | 3399 |
3502 // Import the private wrapping key. Note this is the same underlying keying | 3400 // Import the private wrapping key. Note this is the same underlying keying |
3503 // material used for private_decryption_key above. The only difference is that | 3401 // material used for private_decryption_key above. The only difference is that |
3504 // it has unwrap rather than decrypt usage. | 3402 // it has unwrap rather than decrypt usage. |
3505 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); | 3403 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); |
3506 ASSERT_EQ(Status::Success(), | 3404 ASSERT_EQ(Status::Success(), |
3507 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 3405 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
3508 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 3406 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
3509 algorithm, | 3407 algorithm, |
3510 false, | 3408 false, |
(...skipping 10 matching lines...) Expand all Loading... |
3521 algorithm, | 3419 algorithm, |
3522 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), | 3420 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), |
3523 true, | 3421 true, |
3524 blink::WebCryptoKeyUsageEncrypt, | 3422 blink::WebCryptoKeyUsageEncrypt, |
3525 &unwrapped_key)); | 3423 &unwrapped_key)); |
3526 } | 3424 } |
3527 | 3425 |
3528 } // namespace webcrypto | 3426 } // namespace webcrypto |
3529 | 3427 |
3530 } // namespace content | 3428 } // namespace content |
OLD | NEW |