[webcrypto] Add JWK import for HMAC and AES-CBC key.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webcrypto_impl.h"
 
 #include "base/basictypes.h"
+#include "base/json/json_writer.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_number_conversions.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/renderer_webkitplatformsupport_impl.h"
 #include "content/renderer/webcrypto/webcrypto_impl.h"
+#include "content/renderer/webcrypto/webcrypto_util.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace {
 
 std::vector<uint8> HexStringToBytes(const std::string& hex) {
   std::vector<uint8> bytes;
   base::HexStringToBytes(hex, &bytes);
   return bytes;
 }
 
 void ExpectArrayBufferMatchesHex(const std::string& expected_hex,
                                  const WebKit::WebArrayBuffer& array_buffer) {
   EXPECT_STRCASEEQ(
       expected_hex.c_str(),
       base::HexEncode(
           array_buffer.data(), array_buffer.byteLength()).c_str());
 }
 
-WebKit::WebCryptoAlgorithm CreateAlgorithm(WebKit::WebCryptoAlgorithmId id) {
-  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL);
+std::vector<uint8> MakeJsonVector(const std::string& json_string) {
+  return std::vector<uint8>(json_string.begin(), json_string.end());
 }
 
-WebKit::WebCryptoAlgorithm CreateHmacAlgorithm(
-    WebKit::WebCryptoAlgorithmId hashId) {
-  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
-      WebKit::WebCryptoAlgorithmIdHmac,
-      new WebKit::WebCryptoHmacParams(CreateAlgorithm(hashId)));
-}
-
-WebKit::WebCryptoAlgorithm CreateHmacKeyAlgorithm(
-    WebKit::WebCryptoAlgorithmId hashId,
-    unsigned hash_length) {
-  // hash_length < 0 means unspecified
-  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
-      WebKit::WebCryptoAlgorithmIdHmac,
-      new WebKit::WebCryptoHmacKeyParams(CreateAlgorithm(hashId),
-                                         (hash_length != 0),
-                                         hash_length));
-}
-
-// Returns a pointer to the start of |data|, or NULL if it is empty. This is a
-// convenience function for getting the pointer, and should not be used beyond
-// the expected lifetime of |data|.
-const uint8* Start(const std::vector<uint8>& data) {
-  if (data.empty())
-    return NULL;
-  return &data[0];
-}
-
-WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
-    const std::vector<uint8>& iv) {
-  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
-      WebKit::WebCryptoAlgorithmIdAesCbc,
-      new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size()));
-}
-
-WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
-    unsigned short key_length_bits) {
-  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
-      WebKit::WebCryptoAlgorithmIdAesCbc,
-      new WebKit::WebCryptoAesKeyGenParams(key_length_bits));
+std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
+  std::string json;
+  base::JSONWriter::Write(&dict, &json);
+  return MakeJsonVector(json);
 }
 
 }  // namespace
 
 namespace content {
 
 class WebCryptoImplTest : public testing::Test {
  protected:
   WebKit::WebCryptoKey ImportSecretKeyFromRawHexString(
       const std::string& key_hex,
@@ skipping 106 matching lines @@
 
   bool DecryptInternal(
       const WebKit::WebCryptoAlgorithm& algorithm,
       const WebKit::WebCryptoKey& key,
       const std::vector<uint8>& data,
       WebKit::WebArrayBuffer* buffer) {
     return crypto_.DecryptInternal(
         algorithm, key, Start(data), data.size(), buffer);
   }
 
+  bool ImportKeyJwk(
+      const std::vector<uint8>& key_data,
+      bool extractable,
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      WebKit::WebCryptoKeyUsageMask usage_mask,
+      scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
+      WebKit::WebCryptoKeyType* type) {
+    return crypto_.ImportKeyJwk(Start(key_data),
+                                key_data.size(),
+                                extractable,
+                                algorithm,
+                                usage_mask,
+                                handle,
+                                type);
+  }
+
  private:
   WebCryptoImpl crypto_;
 };
 
 TEST_F(WebCryptoImplTest, DigestSampleSets) {
   // The results are stored here in hex format for readability.
   //
   // TODO(bryaneyler): Eventually, all these sample test sets should be replaced
   // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03
   //
@@ skipping 158 matching lines @@
       // mac
       "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b",
     },
   };
 
   for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
        ++test_index) {
     SCOPED_TRACE(test_index);
     const TestCase& test = kTests[test_index];
 
-    WebKit::WebCryptoAlgorithm algorithm = CreateHmacAlgorithm(test.algorithm);
+    WebKit::WebCryptoAlgorithm algorithm =
+        CreateHmacAlgorithmByHashId(test.algorithm);
 
     WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString(
         test.key, algorithm, WebKit::WebCryptoKeyUsageSign);
 
     std::vector<uint8> message_raw = HexStringToBytes(test.message);
 
     WebKit::WebArrayBuffer output;
 
     ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
 
@@ skipping 25 matching lines @@
         algorithm,
         key,
         kLongSignature,
         sizeof(kLongSignature),
         message_raw,
         &signature_match));
     EXPECT_FALSE(signature_match);
   }
 }
 
+#if !defined(USE_OPENSSL)
+
 TEST_F(WebCryptoImplTest, AesCbcFailures) {
   WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString(
       "2b7e151628aed2a6abf7158809cf4f3c",
       CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc),
       WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt);
 
   WebKit::WebArrayBuffer output;
 
   // Use an invalid |iv| (fewer than 16 bytes)
   {
@@ skipping 175 matching lines @@
                                    key,
                                    &cipher_text[0],
                                    cipher_text.size() - 3,
                                    &output));
     }
   }
 }
 
 // TODO (padolph): Add test to verify generated symmetric keys appear random.
 
-
 TEST_F(WebCryptoImplTest, GenerateKeyAes) {
   scoped_ptr<WebKit::WebCryptoKeyHandle> result;
   WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic;
-  ASSERT_TRUE(GenerateKeyInternal(CreateAesCbcAlgorithm(128), &result, &type));
+  ASSERT_TRUE(
+      GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(128), &result, &type));
   EXPECT_TRUE(result);
   EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret);
 }
 
 TEST_F(WebCryptoImplTest, GenerateKeyAesBadLength) {
   scoped_ptr<WebKit::WebCryptoKeyHandle> result;
   WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic;
-  EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(0), &result, &type));
-  EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(129), &result, &type));
+  EXPECT_FALSE(
+      GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(0), &result, &type));
+  EXPECT_FALSE(
+      GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(129), &result, &type));
 }
 
+
 TEST_F(WebCryptoImplTest, GenerateKeyHmac) {
   scoped_ptr<WebKit::WebCryptoKeyHandle> result;
   WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic;
   WebKit::WebCryptoAlgorithm algorithm =
-      CreateHmacKeyAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 128);
+      CreateHmacKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 128);
   ASSERT_TRUE(GenerateKeyInternal(algorithm, &result, &type));
   EXPECT_TRUE(result);
   EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret);
 }
 
 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) {
   scoped_ptr<WebKit::WebCryptoKeyHandle> result;
   WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic;
   WebKit::WebCryptoAlgorithm algorithm =
-      CreateHmacKeyAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 0);
+      CreateHmacKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 0);
   ASSERT_TRUE(GenerateKeyInternal(algorithm, &result, &type));
   EXPECT_TRUE(result);
   EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret);
 }
 
+#endif  //#if !defined(USE_OPENSSL)
+
+TEST_F(WebCryptoImplTest, ImportJwkBadJwk) {
+
+  WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret;
+  scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+  std::vector<uint8> iv(16);
+  WebKit::WebCryptoAlgorithm algorithm = CreateAesCbcAlgorithm(iv);
+  bool extractable = false;
+  WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign;
+
+  // Empty JSON
+  std::vector<uint8> json_vec = MakeJsonVector("");
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+
+  // Invalid JSON

[eroman, 2013/10/28 23:02:00]

good test cases, thanks!

+  json_vec = MakeJsonVector(
+      "{"
+        "\"kty\"         : \"oct\","
+        "\"alg\"         : \"A128CBC\","
+        "\"use\"         : "
+  );
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+
+  // Note, each subtest below resets the dictionary so there is less chance of
+  // failure if they happen to be reordered.
+
+  // Invalid kty
+  base::DictionaryValue dict;
+  dict.SetString("kty", "foo");
+  dict.SetString("alg", "A128CBC");
+  dict.SetString("use", "sig");
+  dict.SetBoolean("extractable", extractable);
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("kty", "oct");
+
+  // Missing kty
+  dict.Remove("kty", NULL);
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("kty", "oct");
+
+  // Invalid alg
+  dict.SetString("alg", "foo");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("alg", "A128CBC");
+
+  // Invalid use
+  dict.SetString("use", "foo");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("use", "sig");
+
+  // Missing k when kty = "oct"
+  dict.Remove("k", NULL);
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+
+  // Bad b64 encoding for k
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3r #$% jhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+
+  // empty k
+  dict.SetString("k", "");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+
+  // TODO(padolph) RSA public key bad data:

[eroman, 2013/10/28 23:02:00]

please add colon after paren.

[padolph, 2013/10/29 02:25:40]

Done.

+  // Missing n or e when kty = "RSA"
+  // Bad encoding for n or e
+  // Size check on n??
+  // Value check on e??

[eroman, 2013/10/28 23:02:00]

We will need a lot of tests to cover all the full set of cases! This is a good
start though.

Another one that comes to mind is case-sensitivity of properties. (Which is
different from the case-insensitivity of algorithm names in webcrypto).

[padolph, 2013/10/29 02:25:40]

Agreed. I wonder if the case-sensitive tests fit better on the blink side. They
are easy tests though wherever they live. The JWK strings must be an exact case
match as far as I can tell.

+}
+
+TEST_F(WebCryptoImplTest, ImportJwkInputInconsistent) {
+  // The Web Crypto spec says that if a JWK value is present, but is
+  // inconsistent with the input value, the operation must fail.
+
+  // Collision rules when JWK value is not present: Inputs should be unmodified.
+  scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+  WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret;
+  bool extractable = true;
+  WebKit::WebCryptoAlgorithm algorithm =
+      CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256);
+  WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageVerify;
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  std::vector<uint8> json_vec = MakeJsonVector(dict);
+  EXPECT_TRUE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  EXPECT_TRUE(handle.get() != NULL);
+  EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, type);
+  EXPECT_TRUE(extractable);
+  EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, algorithm.id());
+  EXPECT_EQ(WebKit::WebCryptoAlgorithmIdSha256,
+            algorithm.hmacParams()->hash().id());
+  EXPECT_EQ(WebKit::WebCryptoKeyUsageVerify, usage_mask);
+  handle.reset();
+
+  // Collision rules when JWK value exists: Fail if inconsistency is found.
+  // Happy path: all input values are consistent with the JWK values
+  dict.Clear();
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  dict.SetBoolean("extractable", true);
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  json_vec = MakeJsonVector(dict);
+  EXPECT_TRUE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+
+  // Fail: Input type (public) is inconsistent with JWK value (secret).
+  type = WebKit::WebCryptoKeyTypePublic;
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  type = WebKit::WebCryptoKeyTypeSecret;
+
+  // Fail: Input extractable (false) is inconsistent with JWK value (true).
+  extractable = false;
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  extractable = true;
+
+  // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
+  // (HMAC SHA256).
+  algorithm = CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha1);
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  algorithm = CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256);
+
+  // Fail: Input usage_mask (encrypt) is not a subset of the JWK value
+  // (sign|verify)
+  usage_mask = WebKit::WebCryptoKeyUsageEncrypt;
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  usage_mask = WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify;
+
+  // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
+  // value (sign|verify)
+  usage_mask = WebKit::WebCryptoKeyUsageEncrypt |

[eroman, 2013/10/28 23:02:00]

You must have read my mind! After reading the test case above, I was about to
ask for this one ;)

[padolph, 2013/10/29 02:25:40]

Yes, a superset is strictly not a subset. :)

+               WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify;
+  EXPECT_FALSE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+  usage_mask = WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify;
+}
+
+TEST_F(WebCryptoImplTest, ImportJwkHappy) {
+
+  // This test verifies the happy path of JWK import, including the application
+  // of the imported key material.
+
+  scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+  WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret;
+  bool extractable = false;
+  WebKit::WebCryptoAlgorithm algorithm =
+      CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256);
+  WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign;
+
+  // Import a symmetric key JWK and HMAC-SHA256 sign()
+  // Uses the first SHA256 test vector from the HMAC sample set above.
+
+  base::DictionaryValue dict;
+  dict.SetString("kty", "oct");
+  dict.SetString("alg", "HS256");
+  dict.SetString("use", "sig");
+  dict.SetBoolean("extractable", false);
+  dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+  std::vector<uint8> json_vec = MakeJsonVector(dict);
+
+  ASSERT_TRUE(ImportKeyJwk(
+      json_vec, extractable, algorithm, usage_mask, &handle, &type));
+
+  WebKit::WebCryptoKey key = WebKit::WebCryptoKey::create(
+      handle.release(), type, extractable, algorithm, usage_mask);
+
+  const std::vector<uint8> message_raw = HexStringToBytes(
+      "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
+      "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
+      "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
+      "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
+
+  WebKit::WebArrayBuffer output;
+
+  ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
+
+  const std::string mac_raw =
+      "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
+
+  ExpectArrayBufferMatchesHex(mac_raw, output);
+
+  // TODO(padolph)
+  // Import an RSA public key JWK and use it
+}
+
 }  // namespace content