OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "webcrypto_impl.h" | 5 #include "webcrypto_impl.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/json/json_writer.h" |
8 #include "base/logging.h" | 9 #include "base/logging.h" |
9 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
10 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
11 #include "content/public/renderer/content_renderer_client.h" | 12 #include "content/public/renderer/content_renderer_client.h" |
12 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 13 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
13 #include "content/renderer/webcrypto/webcrypto_impl.h" | 14 #include "content/renderer/webcrypto/webcrypto_impl.h" |
14 #include "testing/gtest/include/gtest/gtest.h" | 15 #include "testing/gtest/include/gtest/gtest.h" |
15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 16 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
52 return &data[0]; | 53 return &data[0]; |
53 } | 54 } |
54 | 55 |
55 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 56 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
56 const std::vector<uint8>& iv) { | 57 const std::vector<uint8>& iv) { |
57 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 58 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
58 WebKit::WebCryptoAlgorithmIdAesCbc, | 59 WebKit::WebCryptoAlgorithmIdAesCbc, |
59 new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size())); | 60 new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size())); |
60 } | 61 } |
61 | 62 |
| 63 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
| 64 return std::vector<uint8>(json_string.begin(), json_string.end()); |
| 65 } |
| 66 |
| 67 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
| 68 std::string json; |
| 69 base::JSONWriter::Write(&dict, &json); |
| 70 return MakeJsonVector(json); |
| 71 } |
| 72 |
62 } // namespace | 73 } // namespace |
63 | 74 |
64 namespace content { | 75 namespace content { |
65 | 76 |
66 class WebCryptoImplTest : public testing::Test { | 77 class WebCryptoImplTest : public testing::Test { |
67 protected: | 78 protected: |
68 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( | 79 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( |
69 const std::string& key_hex, | 80 const std::string& key_hex, |
70 const WebKit::WebCryptoAlgorithm& algorithm, | 81 const WebKit::WebCryptoAlgorithm& algorithm, |
71 WebKit::WebCryptoKeyUsageMask usage) { | 82 WebKit::WebCryptoKeyUsageMask usage) { |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
176 | 187 |
177 bool DecryptInternal( | 188 bool DecryptInternal( |
178 const WebKit::WebCryptoAlgorithm& algorithm, | 189 const WebKit::WebCryptoAlgorithm& algorithm, |
179 const WebKit::WebCryptoKey& key, | 190 const WebKit::WebCryptoKey& key, |
180 const std::vector<uint8>& data, | 191 const std::vector<uint8>& data, |
181 WebKit::WebArrayBuffer* buffer) { | 192 WebKit::WebArrayBuffer* buffer) { |
182 return crypto_.DecryptInternal( | 193 return crypto_.DecryptInternal( |
183 algorithm, key, Start(data), data.size(), buffer); | 194 algorithm, key, Start(data), data.size(), buffer); |
184 } | 195 } |
185 | 196 |
| 197 bool ImportKeyJwk( |
| 198 const std::vector<uint8>& key_data, |
| 199 bool extractable, |
| 200 const WebKit::WebCryptoAlgorithm& algorithm, |
| 201 WebKit::WebCryptoKeyUsageMask usage_mask, |
| 202 scoped_ptr<WebKit::WebCryptoKeyHandle>* handle, |
| 203 WebKit::WebCryptoKeyType* type) { |
| 204 return crypto_.ImportKeyJwk(Start(key_data), |
| 205 key_data.size(), |
| 206 extractable, |
| 207 algorithm, |
| 208 usage_mask, |
| 209 handle, |
| 210 type); |
| 211 } |
| 212 |
186 private: | 213 private: |
187 WebCryptoImpl crypto_; | 214 WebCryptoImpl crypto_; |
188 }; | 215 }; |
189 | 216 |
190 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 217 TEST_F(WebCryptoImplTest, DigestSampleSets) { |
191 // The results are stored here in hex format for readability. | 218 // The results are stored here in hex format for readability. |
192 // | 219 // |
193 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced | 220 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced |
194 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 | 221 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 |
195 // | 222 // |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
261 | 288 |
262 WebKit::WebCryptoAlgorithm algorithm = CreateAlgorithm(test.algorithm); | 289 WebKit::WebCryptoAlgorithm algorithm = CreateAlgorithm(test.algorithm); |
263 std::vector<uint8> input = HexStringToBytes(test.hex_input); | 290 std::vector<uint8> input = HexStringToBytes(test.hex_input); |
264 | 291 |
265 WebKit::WebArrayBuffer output; | 292 WebKit::WebArrayBuffer output; |
266 ASSERT_TRUE(DigestInternal(algorithm, input, &output)); | 293 ASSERT_TRUE(DigestInternal(algorithm, input, &output)); |
267 ExpectArrayBufferMatchesHex(test.hex_result, output); | 294 ExpectArrayBufferMatchesHex(test.hex_result, output); |
268 } | 295 } |
269 } | 296 } |
270 | 297 |
271 // TODO(padolph) Enable these tests for OpenSSL once matching impl is available | |
272 #if !defined(USE_OPENSSL) | |
273 | 298 |
274 TEST_F(WebCryptoImplTest, HMACSampleSets) { | 299 TEST_F(WebCryptoImplTest, HMACSampleSets) { |
275 struct TestCase { | 300 struct TestCase { |
276 WebKit::WebCryptoAlgorithmId algorithm; | 301 WebKit::WebCryptoAlgorithmId algorithm; |
277 const char* key; | 302 const char* key; |
278 const char* message; | 303 const char* message; |
279 const char* mac; | 304 const char* mac; |
280 }; | 305 }; |
281 | 306 |
282 const TestCase kTests[] = { | 307 const TestCase kTests[] = { |
(...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
403 algorithm, | 428 algorithm, |
404 key, | 429 key, |
405 kLongSignature, | 430 kLongSignature, |
406 sizeof(kLongSignature), | 431 sizeof(kLongSignature), |
407 message_raw, | 432 message_raw, |
408 &signature_match)); | 433 &signature_match)); |
409 EXPECT_FALSE(signature_match); | 434 EXPECT_FALSE(signature_match); |
410 } | 435 } |
411 } | 436 } |
412 | 437 |
| 438 #if !defined(USE_OPENSSL) |
| 439 |
413 TEST_F(WebCryptoImplTest, AesCbcFailures) { | 440 TEST_F(WebCryptoImplTest, AesCbcFailures) { |
414 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 441 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
415 "2b7e151628aed2a6abf7158809cf4f3c", | 442 "2b7e151628aed2a6abf7158809cf4f3c", |
416 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), | 443 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), |
417 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); | 444 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); |
418 | 445 |
419 WebKit::WebArrayBuffer output; | 446 WebKit::WebArrayBuffer output; |
420 | 447 |
421 // Use an invalid |iv| (fewer than 16 bytes) | 448 // Use an invalid |iv| (fewer than 16 bytes) |
422 { | 449 { |
(...skipping 173 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
596 if (cipher_text.size() > 3) { | 623 if (cipher_text.size() > 3) { |
597 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), | 624 EXPECT_FALSE(DecryptInternal(CreateAesCbcAlgorithm(iv), |
598 key, | 625 key, |
599 &cipher_text[0], | 626 &cipher_text[0], |
600 cipher_text.size() - 3, | 627 cipher_text.size() - 3, |
601 &output)); | 628 &output)); |
602 } | 629 } |
603 } | 630 } |
604 } | 631 } |
605 | 632 |
606 #endif // !defined(USE_OPENSSL) | |
607 | 633 |
608 #if !defined(USE_OPENSSL) | |
609 TEST_F(WebCryptoImplTest, GenerateKeyAes) { | 634 TEST_F(WebCryptoImplTest, GenerateKeyAes) { |
610 scoped_ptr<WebKit::WebCryptoAesKeyGenParams> params( | 635 scoped_ptr<WebKit::WebCryptoAesKeyGenParams> params( |
611 new WebKit::WebCryptoAesKeyGenParams(128)); | 636 new WebKit::WebCryptoAesKeyGenParams(128)); |
612 WebKit::WebCryptoAlgorithm algorithm( | 637 WebKit::WebCryptoAlgorithm algorithm( |
613 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 638 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
614 WebKit::WebCryptoAlgorithmIdAesCbc, params.release())); | 639 WebKit::WebCryptoAlgorithmIdAesCbc, params.release())); |
615 | 640 |
616 scoped_ptr<WebKit::WebCryptoKeyHandle> result; | 641 scoped_ptr<WebKit::WebCryptoKeyHandle> result; |
617 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; | 642 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; |
618 | 643 |
(...skipping 11 matching lines...) Expand all Loading... |
630 | 655 |
631 WebCryptoImpl crypto; | 656 WebCryptoImpl crypto; |
632 scoped_ptr<WebKit::WebCryptoKeyHandle> result; | 657 scoped_ptr<WebKit::WebCryptoKeyHandle> result; |
633 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; | 658 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; |
634 | 659 |
635 EXPECT_FALSE(GenerateKeyInternal(algorithm, &result, &type)); | 660 EXPECT_FALSE(GenerateKeyInternal(algorithm, &result, &type)); |
636 EXPECT_FALSE(bool(result)); | 661 EXPECT_FALSE(bool(result)); |
637 EXPECT_EQ(type, WebKit::WebCryptoKeyTypePublic); | 662 EXPECT_EQ(type, WebKit::WebCryptoKeyTypePublic); |
638 } | 663 } |
639 | 664 |
| 665 |
640 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { | 666 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { |
641 WebKit::WebCryptoAlgorithm sha1_alg( | 667 WebKit::WebCryptoAlgorithm sha1_alg( |
642 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 668 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
643 WebKit::WebCryptoAlgorithmIdSha1, NULL)); | 669 WebKit::WebCryptoAlgorithmIdSha1, NULL)); |
644 scoped_ptr<WebKit::WebCryptoHmacKeyParams> params( | 670 scoped_ptr<WebKit::WebCryptoHmacKeyParams> params( |
645 new WebKit::WebCryptoHmacKeyParams(sha1_alg, true, 128)); | 671 new WebKit::WebCryptoHmacKeyParams(sha1_alg, true, 128)); |
646 WebKit::WebCryptoAlgorithm algorithm( | 672 WebKit::WebCryptoAlgorithm algorithm( |
647 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 673 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
648 WebKit::WebCryptoAlgorithmIdHmac, params.release())); | 674 WebKit::WebCryptoAlgorithmIdHmac, params.release())); |
649 | 675 |
(...skipping 15 matching lines...) Expand all Loading... |
665 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 691 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
666 WebKit::WebCryptoAlgorithmIdHmac, params.release())); | 692 WebKit::WebCryptoAlgorithmIdHmac, params.release())); |
667 | 693 |
668 scoped_ptr<WebKit::WebCryptoKeyHandle> result; | 694 scoped_ptr<WebKit::WebCryptoKeyHandle> result; |
669 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; | 695 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic; |
670 | 696 |
671 ASSERT_TRUE(GenerateKeyInternal(algorithm, &result, &type)); | 697 ASSERT_TRUE(GenerateKeyInternal(algorithm, &result, &type)); |
672 EXPECT_TRUE(bool(result)); | 698 EXPECT_TRUE(bool(result)); |
673 EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret); | 699 EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret); |
674 } | 700 } |
675 #endif /* !defined(USE_OPENSSL) */ | 701 |
| 702 #endif //#if !defined(USE_OPENSSL) |
| 703 |
| 704 TEST_F(WebCryptoImplTest, ImportJwkBadJwk) { |
| 705 |
| 706 WebKit::WebCryptoKeyType type; |
| 707 scoped_ptr<WebKit::WebCryptoKeyHandle> handle; |
| 708 std::vector<uint8> iv(16); |
| 709 WebKit::WebCryptoAlgorithm algorithm = CreateAesCbcAlgorithm(iv); |
| 710 bool extractable = false; |
| 711 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign; |
| 712 |
| 713 // Empty JSON |
| 714 std::vector<uint8> json_vec = MakeJsonVector(""); |
| 715 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 716 extractable, |
| 717 algorithm, |
| 718 usage_mask, |
| 719 &handle, |
| 720 &type)); |
| 721 |
| 722 // Invalid JSON |
| 723 json_vec = MakeJsonVector( |
| 724 "{" |
| 725 "\"kty\" : \"oct\"," |
| 726 "\"alg\" : \"HS256\"," |
| 727 "\"use\" : " |
| 728 ); |
| 729 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 730 extractable, |
| 731 algorithm, |
| 732 usage_mask, |
| 733 &handle, |
| 734 &type)); |
| 735 |
| 736 // Note, each subtest below resets the dictionary so there is less chance of |
| 737 // failure if they happen to be reordered. |
| 738 |
| 739 // Invalid kty |
| 740 base::DictionaryValue dict; |
| 741 dict.SetString("kty", "foo"); |
| 742 dict.SetString("alg", "HS256"); |
| 743 dict.SetString("use", "sig"); |
| 744 dict.SetBoolean("extractable", true); |
| 745 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 746 json_vec = MakeJsonVector(dict); |
| 747 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 748 extractable, |
| 749 algorithm, |
| 750 usage_mask, |
| 751 &handle, |
| 752 &type)); |
| 753 dict.SetString("kty", "oct"); |
| 754 |
| 755 // Missing kty |
| 756 dict.Remove("kty", NULL); |
| 757 json_vec = MakeJsonVector(dict); |
| 758 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 759 extractable, |
| 760 algorithm, |
| 761 usage_mask, |
| 762 &handle, |
| 763 &type)); |
| 764 dict.SetString("kty", "oct"); |
| 765 |
| 766 // Invalid alg |
| 767 dict.SetString("alg", "foo"); |
| 768 json_vec = MakeJsonVector(dict); |
| 769 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 770 extractable, |
| 771 algorithm, |
| 772 usage_mask, |
| 773 &handle, |
| 774 &type)); |
| 775 dict.SetString("alg", "HS256"); |
| 776 |
| 777 // Invalid use |
| 778 dict.SetString("use", "foo"); |
| 779 json_vec = MakeJsonVector(dict); |
| 780 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 781 extractable, |
| 782 algorithm, |
| 783 usage_mask, |
| 784 &handle, |
| 785 &type)); |
| 786 dict.SetString("use", "sig"); |
| 787 |
| 788 // Missing k when kty = "oct" |
| 789 dict.Remove("k", NULL); |
| 790 json_vec = MakeJsonVector(dict); |
| 791 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 792 extractable, |
| 793 algorithm, |
| 794 usage_mask, |
| 795 &handle, |
| 796 &type)); |
| 797 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 798 |
| 799 // Bad b64 encoding for k |
| 800 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3r #$% jhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 801 json_vec = MakeJsonVector(dict); |
| 802 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 803 extractable, |
| 804 algorithm, |
| 805 usage_mask, |
| 806 &handle, |
| 807 &type)); |
| 808 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 809 |
| 810 // TODO(padolph) RSA public key bad data: |
| 811 // Missing n or e when kty = "RSA" |
| 812 // Bad encoding for n or e |
| 813 // Size check on n?? |
| 814 // Value check on e?? |
| 815 } |
| 816 |
| 817 TEST_F(WebCryptoImplTest, ImportJwkCollision) { |
| 818 // The Web Crypto spec says that if a JWK value is present, but is |
| 819 // inconsistent with the input value, the operation must fail. |
| 820 |
| 821 // Collision rules when JWK value is not present: Inputs should be unmodified. |
| 822 scoped_ptr<WebKit::WebCryptoKeyHandle> handle; |
| 823 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret; |
| 824 bool extractable = true; |
| 825 WebKit::WebCryptoAlgorithm algorithm = |
| 826 CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256); |
| 827 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageVerify; |
| 828 base::DictionaryValue dict; |
| 829 dict.SetString("kty", "oct"); |
| 830 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 831 std::vector<uint8> json_vec = MakeJsonVector(dict); |
| 832 EXPECT_TRUE(ImportKeyJwk(json_vec, |
| 833 extractable, |
| 834 algorithm, |
| 835 usage_mask, |
| 836 &handle, |
| 837 &type)); |
| 838 EXPECT_TRUE(handle.get() != NULL); |
| 839 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, type); |
| 840 EXPECT_TRUE(extractable); |
| 841 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, algorithm.id()); |
| 842 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdSha256, |
| 843 algorithm.hmacParams()->hash().id()); |
| 844 EXPECT_EQ(WebKit::WebCryptoKeyUsageVerify, usage_mask); |
| 845 handle.reset(); |
| 846 |
| 847 // Collision rules when JWK value exists: Fail if inconsistency is found. |
| 848 // Happy path: all input values are consistent with the JWK values |
| 849 dict.Clear(); |
| 850 dict.SetString("kty", "oct"); |
| 851 dict.SetString("alg", "HS256"); |
| 852 dict.SetString("use", "sig"); |
| 853 dict.SetBoolean("extractable", true); |
| 854 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 855 json_vec = MakeJsonVector(dict); |
| 856 EXPECT_TRUE(ImportKeyJwk(json_vec, |
| 857 extractable, |
| 858 algorithm, |
| 859 usage_mask, |
| 860 &handle, |
| 861 &type)); |
| 862 |
| 863 // Fail: Input type (public) is inconsistent with JWK value (secret). |
| 864 type = WebKit::WebCryptoKeyTypePublic; |
| 865 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 866 extractable, |
| 867 algorithm, |
| 868 usage_mask, |
| 869 &handle, |
| 870 &type)); |
| 871 type = WebKit::WebCryptoKeyTypeSecret; |
| 872 |
| 873 // Fail: Input extractable (false) is inconsistent with JWK value (true). |
| 874 extractable = false; |
| 875 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 876 extractable, |
| 877 algorithm, |
| 878 usage_mask, |
| 879 &handle, |
| 880 &type)); |
| 881 extractable = true; |
| 882 |
| 883 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
| 884 // (HMAC SHA256). |
| 885 algorithm = CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha1); |
| 886 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 887 extractable, |
| 888 algorithm, |
| 889 usage_mask, |
| 890 &handle, |
| 891 &type)); |
| 892 algorithm = CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256); |
| 893 |
| 894 // Fail: Input usage_mask (sign) is inconsistent with JWK value (sign|verify) |
| 895 usage_mask = WebKit::WebCryptoKeyUsageEncrypt; |
| 896 EXPECT_FALSE(ImportKeyJwk(json_vec, |
| 897 extractable, |
| 898 algorithm, |
| 899 usage_mask, |
| 900 &handle, |
| 901 &type)); |
| 902 usage_mask = WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify; |
| 903 } |
| 904 |
| 905 TEST_F(WebCryptoImplTest, ImportJwkHappy) { |
| 906 |
| 907 // This test verifies the happy path of JWK import, including the application |
| 908 // of the imported key material. |
| 909 |
| 910 scoped_ptr<WebKit::WebCryptoKeyHandle> handle; |
| 911 WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret; |
| 912 bool extractable = false; |
| 913 WebKit::WebCryptoAlgorithm algorithm = |
| 914 CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256);; |
| 915 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign; |
| 916 |
| 917 // Import a symmetric key JWK and HMAC-SHA256 sign() |
| 918 // Uses the first SHA256 test vector from the HMAC sample set above. |
| 919 |
| 920 base::DictionaryValue dict; |
| 921 dict.SetString("kty", "oct"); |
| 922 dict.SetString("alg", "HS256"); |
| 923 dict.SetString("use", "sig"); |
| 924 dict.SetBoolean("extractable", false); |
| 925 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); |
| 926 std::vector<uint8> json_vec = MakeJsonVector(dict); |
| 927 |
| 928 ASSERT_TRUE(ImportKeyJwk(json_vec, |
| 929 extractable, |
| 930 algorithm, |
| 931 usage_mask, |
| 932 &handle, |
| 933 &type)); |
| 934 |
| 935 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::create(handle.release(), |
| 936 type, extractable, algorithm, usage_mask); |
| 937 |
| 938 const std::vector<uint8> message_raw = HexStringToBytes( |
| 939 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" |
| 940 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" |
| 941 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" |
| 942 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); |
| 943 |
| 944 WebKit::WebArrayBuffer output; |
| 945 |
| 946 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); |
| 947 |
| 948 const std::string mac_raw = |
| 949 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
| 950 |
| 951 ExpectArrayBufferMatchesHex(mac_raw, output); |
| 952 |
| 953 // TODO(padolph) |
| 954 // Import an RSA public key JWK and use it |
| 955 } |
676 | 956 |
677 } // namespace content | 957 } // namespace content |
OLD | NEW |