OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "webcrypto_impl.h" | 5 #include "webcrypto_impl.h" |
6 | 6 |
7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
8 #include "base/json/json_writer.h" | |
8 #include "base/logging.h" | 9 #include "base/logging.h" |
9 #include "base/memory/ref_counted.h" | 10 #include "base/memory/ref_counted.h" |
10 #include "base/strings/string_number_conversions.h" | 11 #include "base/strings/string_number_conversions.h" |
11 #include "content/public/renderer/content_renderer_client.h" | 12 #include "content/public/renderer/content_renderer_client.h" |
12 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 13 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
13 #include "content/renderer/webcrypto/webcrypto_impl.h" | 14 #include "content/renderer/webcrypto/webcrypto_impl.h" |
15 #include "content/renderer/webcrypto/webcrypto_util.h" | |
14 #include "testing/gtest/include/gtest/gtest.h" | 16 #include "testing/gtest/include/gtest/gtest.h" |
15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 17 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
18 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
19 | 21 |
20 namespace { | 22 namespace { |
21 | 23 |
22 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 24 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
23 std::vector<uint8> bytes; | 25 std::vector<uint8> bytes; |
24 base::HexStringToBytes(hex, &bytes); | 26 base::HexStringToBytes(hex, &bytes); |
25 return bytes; | 27 return bytes; |
26 } | 28 } |
27 | 29 |
28 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 30 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, |
29 const WebKit::WebArrayBuffer& array_buffer) { | 31 const WebKit::WebArrayBuffer& array_buffer) { |
30 EXPECT_STRCASEEQ( | 32 EXPECT_STRCASEEQ( |
31 expected_hex.c_str(), | 33 expected_hex.c_str(), |
32 base::HexEncode( | 34 base::HexEncode( |
33 array_buffer.data(), array_buffer.byteLength()).c_str()); | 35 array_buffer.data(), array_buffer.byteLength()).c_str()); |
34 } | 36 } |
35 | 37 |
36 WebKit::WebCryptoAlgorithm CreateAlgorithm(WebKit::WebCryptoAlgorithmId id) { | 38 std::vector<uint8> MakeJsonVector(const std::string& json_string) { |
37 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); | 39 return std::vector<uint8>(json_string.begin(), json_string.end()); |
38 } | 40 } |
39 | 41 |
40 WebKit::WebCryptoAlgorithm CreateHmacAlgorithm( | 42 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) { |
41 WebKit::WebCryptoAlgorithmId hashId) { | 43 std::string json; |
42 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 44 base::JSONWriter::Write(&dict, &json); |
43 WebKit::WebCryptoAlgorithmIdHmac, | 45 return MakeJsonVector(json); |
44 new WebKit::WebCryptoHmacParams(CreateAlgorithm(hashId))); | |
45 } | 46 } |
46 | 47 |
47 WebKit::WebCryptoAlgorithm CreateHmacKeyAlgorithm( | 48 // Helper for ImportJwkBadJwk; restores JWK JSON dictionary to a good state |
48 WebKit::WebCryptoAlgorithmId hashId, | 49 void RestoreDictionaryForImportBadJwkTest(base::DictionaryValue* dict) { |
49 unsigned hash_length) { | 50 dict->Clear(); |
50 // hash_length < 0 means unspecified | 51 dict->SetString("kty", "oct"); |
51 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 52 dict->SetString("alg", "A128CBC"); |
52 WebKit::WebCryptoAlgorithmIdHmac, | 53 dict->SetString("use", "enc"); |
53 new WebKit::WebCryptoHmacKeyParams(CreateAlgorithm(hashId), | 54 dict->SetBoolean("extractable", false); |
54 (hash_length != 0), | 55 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
55 hash_length)); | |
56 } | |
57 | |
58 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a | |
59 // convenience function for getting the pointer, and should not be used beyond | |
60 // the expected lifetime of |data|. | |
61 const uint8* Start(const std::vector<uint8>& data) { | |
62 if (data.empty()) | |
63 return NULL; | |
64 return &data[0]; | |
65 } | |
66 | |
67 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( | |
68 const std::vector<uint8>& iv) { | |
69 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | |
70 WebKit::WebCryptoAlgorithmIdAesCbc, | |
71 new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size())); | |
72 } | |
73 | |
74 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( | |
75 unsigned short key_length_bits) { | |
76 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | |
77 WebKit::WebCryptoAlgorithmIdAesCbc, | |
78 new WebKit::WebCryptoAesKeyGenParams(key_length_bits)); | |
79 } | 56 } |
80 | 57 |
81 WebKit::WebCryptoAlgorithm CreateRsaAlgorithm( | 58 WebKit::WebCryptoAlgorithm CreateRsaAlgorithm( |
82 WebKit::WebCryptoAlgorithmId algorithm_id, | 59 WebKit::WebCryptoAlgorithmId algorithm_id, |
83 unsigned modulus_length, | 60 unsigned modulus_length, |
84 const std::vector<uint8>& public_exponent) { | 61 const std::vector<uint8>& public_exponent) { |
85 DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 62 DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
86 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 63 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
87 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep); | 64 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep); |
88 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 65 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
89 algorithm_id, | 66 algorithm_id, |
90 new WebKit::WebCryptoRsaKeyGenParams( | 67 new WebKit::WebCryptoRsaKeyGenParams( |
91 modulus_length, Start(public_exponent), public_exponent.size())); | 68 modulus_length, |
69 content::Start(public_exponent), | |
eroman
2013/11/07 20:54:37
remove the "content::" prefix (we are already in c
eroman
2013/11/09 02:22:14
Ah my mistake. Thanks for wrapping this section in
| |
70 public_exponent.size())); | |
92 } | 71 } |
93 | 72 |
94 } // namespace | 73 } // namespace |
95 | 74 |
96 namespace content { | 75 namespace content { |
97 | 76 |
98 class WebCryptoImplTest : public testing::Test { | 77 class WebCryptoImplTest : public testing::Test { |
99 protected: | 78 protected: |
100 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( | 79 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( |
101 const std::string& key_hex, | 80 const std::string& key_hex, |
(...skipping 114 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
216 | 195 |
217 bool DecryptInternal( | 196 bool DecryptInternal( |
218 const WebKit::WebCryptoAlgorithm& algorithm, | 197 const WebKit::WebCryptoAlgorithm& algorithm, |
219 const WebKit::WebCryptoKey& key, | 198 const WebKit::WebCryptoKey& key, |
220 const std::vector<uint8>& data, | 199 const std::vector<uint8>& data, |
221 WebKit::WebArrayBuffer* buffer) { | 200 WebKit::WebArrayBuffer* buffer) { |
222 return crypto_.DecryptInternal( | 201 return crypto_.DecryptInternal( |
223 algorithm, key, Start(data), data.size(), buffer); | 202 algorithm, key, Start(data), data.size(), buffer); |
224 } | 203 } |
225 | 204 |
205 bool ImportKeyJwk( | |
206 const std::vector<uint8>& key_data, | |
207 const WebKit::WebCryptoAlgorithm& algorithm, | |
208 bool extractable, | |
209 WebKit::WebCryptoKeyUsageMask usage_mask, | |
210 WebKit::WebCryptoKey* key) { | |
211 return crypto_.ImportKeyJwk(Start(key_data), | |
212 key_data.size(), | |
213 algorithm, | |
214 extractable, | |
215 usage_mask, | |
216 key); | |
217 } | |
218 | |
226 private: | 219 private: |
227 WebCryptoImpl crypto_; | 220 WebCryptoImpl crypto_; |
228 }; | 221 }; |
229 | 222 |
230 TEST_F(WebCryptoImplTest, DigestSampleSets) { | 223 TEST_F(WebCryptoImplTest, DigestSampleSets) { |
231 // The results are stored here in hex format for readability. | 224 // The results are stored here in hex format for readability. |
232 // | 225 // |
233 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced | 226 // TODO(bryaneyler): Eventually, all these sample test sets should be replaced |
234 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 | 227 // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03 |
235 // | 228 // |
(...skipping 158 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
394 // mac | 387 // mac |
395 "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b", | 388 "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b", |
396 }, | 389 }, |
397 }; | 390 }; |
398 | 391 |
399 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); | 392 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); |
400 ++test_index) { | 393 ++test_index) { |
401 SCOPED_TRACE(test_index); | 394 SCOPED_TRACE(test_index); |
402 const TestCase& test = kTests[test_index]; | 395 const TestCase& test = kTests[test_index]; |
403 | 396 |
404 WebKit::WebCryptoAlgorithm algorithm = CreateHmacAlgorithm(test.algorithm); | 397 WebKit::WebCryptoAlgorithm algorithm = |
398 CreateHmacAlgorithmByHashId(test.algorithm); | |
405 | 399 |
406 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 400 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
407 test.key, algorithm, WebKit::WebCryptoKeyUsageSign); | 401 test.key, algorithm, WebKit::WebCryptoKeyUsageSign); |
408 | 402 |
409 std::vector<uint8> message_raw = HexStringToBytes(test.message); | 403 std::vector<uint8> message_raw = HexStringToBytes(test.message); |
410 | 404 |
411 WebKit::WebArrayBuffer output; | 405 WebKit::WebArrayBuffer output; |
412 | 406 |
413 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); | 407 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); |
414 | 408 |
(...skipping 25 matching lines...) Expand all Loading... | |
440 algorithm, | 434 algorithm, |
441 key, | 435 key, |
442 kLongSignature, | 436 kLongSignature, |
443 sizeof(kLongSignature), | 437 sizeof(kLongSignature), |
444 message_raw, | 438 message_raw, |
445 &signature_match)); | 439 &signature_match)); |
446 EXPECT_FALSE(signature_match); | 440 EXPECT_FALSE(signature_match); |
447 } | 441 } |
448 } | 442 } |
449 | 443 |
444 #if !defined(USE_OPENSSL) | |
445 | |
450 TEST_F(WebCryptoImplTest, AesCbcFailures) { | 446 TEST_F(WebCryptoImplTest, AesCbcFailures) { |
451 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( | 447 WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString( |
452 "2b7e151628aed2a6abf7158809cf4f3c", | 448 "2b7e151628aed2a6abf7158809cf4f3c", |
453 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), | 449 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), |
454 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); | 450 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt); |
455 | 451 |
456 WebKit::WebArrayBuffer output; | 452 WebKit::WebArrayBuffer output; |
457 | 453 |
458 // Use an invalid |iv| (fewer than 16 bytes) | 454 // Use an invalid |iv| (fewer than 16 bytes) |
459 { | 455 { |
(...skipping 175 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
635 &output)); | 631 &output)); |
636 } | 632 } |
637 } | 633 } |
638 } | 634 } |
639 | 635 |
640 // TODO (padolph): Add test to verify generated symmetric keys appear random. | 636 // TODO (padolph): Add test to verify generated symmetric keys appear random. |
641 | 637 |
642 | 638 |
643 TEST_F(WebCryptoImplTest, GenerateKeyAes) { | 639 TEST_F(WebCryptoImplTest, GenerateKeyAes) { |
644 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 640 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
645 ASSERT_TRUE(GenerateKeyInternal(CreateAesCbcAlgorithm(128), &key)); | 641 ASSERT_TRUE(GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(128), &key)); |
646 EXPECT_TRUE(key.handle()); | 642 EXPECT_TRUE(key.handle()); |
647 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); | 643 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); |
648 } | 644 } |
649 | 645 |
650 TEST_F(WebCryptoImplTest, GenerateKeyAesBadLength) { | 646 TEST_F(WebCryptoImplTest, GenerateKeyAesBadLength) { |
651 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 647 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
652 EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(0), &key)); | 648 EXPECT_FALSE( |
653 EXPECT_FALSE(GenerateKeyInternal(CreateAesCbcAlgorithm(129), &key)); | 649 GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(0), &key)); |
650 EXPECT_FALSE( | |
651 GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(0), &key)); | |
652 EXPECT_FALSE( | |
653 GenerateKeyInternal(CreateAesCbcKeyGenAlgorithm(129), &key)); | |
654 } | 654 } |
655 | 655 |
656 | |
656 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { | 657 TEST_F(WebCryptoImplTest, GenerateKeyHmac) { |
657 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 658 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
658 WebKit::WebCryptoAlgorithm algorithm = | 659 WebKit::WebCryptoAlgorithm algorithm = |
659 CreateHmacKeyAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 128); | 660 CreateHmacKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 128); |
660 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 661 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); |
661 EXPECT_TRUE(key.handle()); | 662 EXPECT_TRUE(key.handle()); |
662 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); | 663 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); |
663 } | 664 } |
664 | 665 |
665 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) { | 666 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) { |
666 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 667 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
667 WebKit::WebCryptoAlgorithm algorithm = | 668 WebKit::WebCryptoAlgorithm algorithm = |
668 CreateHmacKeyAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 0); | 669 CreateHmacKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 0); |
669 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); | 670 ASSERT_TRUE(GenerateKeyInternal(algorithm, &key)); |
670 EXPECT_TRUE(key.handle()); | 671 EXPECT_TRUE(key.handle()); |
671 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); | 672 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); |
672 } | 673 } |
673 | 674 |
674 TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) { | 675 TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) { |
675 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 676 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
676 | 677 |
677 // This fails because the algorithm is null. | 678 // This fails because the algorithm is null. |
678 EXPECT_FALSE(ImportKeyInternal( | 679 EXPECT_FALSE(ImportKeyInternal( |
679 WebKit::WebCryptoKeyFormatRaw, | 680 WebKit::WebCryptoKeyFormatRaw, |
680 HexStringToBytes("00000000000000000000"), | 681 HexStringToBytes("00000000000000000000"), |
681 WebKit::WebCryptoAlgorithm::createNull(), | 682 WebKit::WebCryptoAlgorithm::createNull(), |
682 WebKit::WebCryptoKeyUsageSign, | 683 WebKit::WebCryptoKeyUsageSign, |
683 &key)); | 684 &key)); |
684 } | 685 } |
685 | 686 |
687 #endif //#if !defined(USE_OPENSSL) | |
688 | |
689 TEST_F(WebCryptoImplTest, ImportJwkBadJwk) { | |
690 | |
691 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | |
692 WebKit::WebCryptoAlgorithm algorithm = | |
693 CreateAesCbcAlgorithm(std::vector<uint8>()); | |
eroman
2013/11/07 20:54:37
or CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAes
padolph
2013/11/09 00:33:38
Done.
| |
694 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageEncrypt; | |
695 | |
696 // Baseline pass: each test below breaks a single item, so we start with a | |
697 // passing case to make sure each failure is caused by the isolated break. | |
698 // Each breaking subtest below resets the dictionary to this passing case when | |
699 // complete. | |
700 base::DictionaryValue dict; | |
701 RestoreDictionaryForImportBadJwkTest(&dict); | |
702 std::vector<uint8> json_vec = MakeJsonVector(dict); | |
703 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
704 | |
705 // Fail on empty JSON. | |
706 EXPECT_FALSE(ImportKeyJwk( | |
707 MakeJsonVector(""), algorithm, false, usage_mask, &key)); | |
708 | |
709 // Fail on invalid JSON. | |
710 const std::vector<uint8> bad_json_vec = MakeJsonVector( | |
711 "{" | |
712 "\"kty\" : \"oct\"," | |
713 "\"alg\" : \"HS256\"," | |
714 "\"use\" : " | |
715 ); | |
716 EXPECT_FALSE(ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key)); | |
717 | |
718 // Fail on JWK alg present but unrecognized. | |
719 dict.SetString("alg", "A127CBC"); | |
720 json_vec = MakeJsonVector(dict); | |
721 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
722 RestoreDictionaryForImportBadJwkTest(&dict); | |
723 | |
724 // Fail on both JWK and input algorithm missing. | |
725 dict.Remove("alg", NULL); | |
726 json_vec = MakeJsonVector(dict); | |
727 EXPECT_FALSE(ImportKeyJwk(json_vec, | |
728 WebKit::WebCryptoAlgorithm::createNull(), | |
729 false, | |
730 usage_mask, | |
731 &key)); | |
732 RestoreDictionaryForImportBadJwkTest(&dict); | |
733 | |
734 // Fail on invalid kty. | |
735 dict.SetString("kty", "foo"); | |
736 json_vec = MakeJsonVector(dict); | |
737 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
738 RestoreDictionaryForImportBadJwkTest(&dict); | |
739 | |
740 // Fail on missing kty. | |
741 dict.Remove("kty", NULL); | |
742 json_vec = MakeJsonVector(dict); | |
743 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
744 RestoreDictionaryForImportBadJwkTest(&dict); | |
745 | |
746 // Fail on invalid use. | |
747 dict.SetString("use", "foo"); | |
748 json_vec = MakeJsonVector(dict); | |
749 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
750 RestoreDictionaryForImportBadJwkTest(&dict); | |
751 | |
752 // Fail on missing k when kty = "oct". | |
753 dict.Remove("k", NULL); | |
754 json_vec = MakeJsonVector(dict); | |
755 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
756 RestoreDictionaryForImportBadJwkTest(&dict); | |
757 | |
758 // Fail on bad b64 encoding for k. | |
759 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); | |
760 json_vec = MakeJsonVector(dict); | |
761 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
762 RestoreDictionaryForImportBadJwkTest(&dict); | |
763 | |
764 // Fail on empty k. | |
765 dict.SetString("k", ""); | |
766 json_vec = MakeJsonVector(dict); | |
767 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
768 RestoreDictionaryForImportBadJwkTest(&dict); | |
769 | |
770 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg | |
771 // value (128) for an AES key. | |
772 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); | |
773 json_vec = MakeJsonVector(dict); | |
774 EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
775 RestoreDictionaryForImportBadJwkTest(&dict); | |
776 | |
777 // TODO(padolph) RSA public key bad data: | |
778 // Missing n or e when kty = "RSA" | |
779 // Bad encoding for n or e | |
780 // Size check on n?? | |
781 // Value check on e?? | |
782 } | |
783 | |
784 TEST_F(WebCryptoImplTest, ImportJwkInputInconsistent) { | |
785 // The Web Crypto spec says that if a JWK value is present, but is | |
786 // inconsistent with the input value, the operation must fail. | |
787 | |
788 // Consistency rules when JWK value is not present: Inputs should be used. | |
789 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | |
790 bool extractable = true; | |
791 WebKit::WebCryptoAlgorithm algorithm = | |
792 CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256); | |
793 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageVerify; | |
794 base::DictionaryValue dict; | |
795 dict.SetString("kty", "oct"); | |
796 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | |
797 std::vector<uint8> json_vec = MakeJsonVector(dict); | |
798 EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key)); | |
799 EXPECT_TRUE(key.handle()); | |
800 EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, key.type()); | |
801 EXPECT_EQ(extractable, key.extractable()); | |
802 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, key.algorithm().id()); | |
803 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdSha256, | |
804 key.algorithm().hmacParams()->hash().id()); | |
805 EXPECT_EQ(WebKit::WebCryptoKeyUsageVerify, key.usages()); | |
806 key = WebKit::WebCryptoKey::createNull(); | |
807 | |
808 // Consistency rules when JWK value exists: Fail if inconsistency is found. | |
809 // Happy path: all input values are consistent with the JWK values. | |
810 dict.Clear(); | |
811 dict.SetString("kty", "oct"); | |
812 dict.SetString("alg", "HS256"); | |
813 dict.SetString("use", "sig"); | |
814 dict.SetBoolean("extractable", true); | |
815 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | |
816 json_vec = MakeJsonVector(dict); | |
817 EXPECT_TRUE(ImportKeyJwk( | |
818 json_vec, algorithm, extractable, usage_mask, &key)); | |
819 | |
820 // Fail: Input extractable (false) is inconsistent with JWK value (true). | |
eroman
2013/11/07 20:54:37
Thanks for the test! As mentioned in other comment
padolph
2013/11/09 00:33:38
I changed the logic and added new tests that match
| |
821 EXPECT_FALSE( | |
822 ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key)); | |
823 | |
824 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | |
825 // (HMAC SHA256). | |
826 EXPECT_FALSE(ImportKeyJwk(json_vec, | |
827 CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), | |
828 extractable, | |
829 usage_mask, | |
830 &key)); | |
831 | |
832 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | |
833 // (HMAC SHA256). | |
834 EXPECT_FALSE(ImportKeyJwk( | |
835 json_vec, | |
836 CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha1), | |
837 extractable, | |
838 usage_mask, | |
839 &key)); | |
840 | |
841 // Pass: JWK alg valid but input algorithm isNull: use JWK algorithm value. | |
842 EXPECT_TRUE(ImportKeyJwk(json_vec, | |
843 WebKit::WebCryptoAlgorithm::createNull(), | |
844 extractable, | |
845 usage_mask, | |
846 &key)); | |
847 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, algorithm.id()); | |
848 | |
849 // Pass: JWK alg missing but input algorithm specified: use input value | |
850 dict.Remove("alg", NULL); | |
851 EXPECT_TRUE(ImportKeyJwk( | |
852 MakeJsonVector(dict), | |
853 CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256), | |
854 extractable, | |
855 usage_mask, | |
856 &key)); | |
857 EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, algorithm.id()); | |
858 dict.SetString("alg", "HS256"); | |
859 | |
860 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | |
861 // (sign|verify) | |
862 EXPECT_FALSE(ImportKeyJwk(json_vec, | |
863 algorithm, | |
864 extractable, | |
865 WebKit::WebCryptoKeyUsageEncrypt, | |
866 &key)); | |
867 | |
868 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK | |
869 // value (sign|verify) | |
870 usage_mask = WebKit::WebCryptoKeyUsageEncrypt | | |
871 WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify; | |
872 EXPECT_FALSE(ImportKeyJwk( | |
873 json_vec, algorithm, extractable, usage_mask, &key)); | |
874 usage_mask = WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify; | |
875 } | |
876 | |
877 TEST_F(WebCryptoImplTest, ImportJwkHappy) { | |
878 | |
879 // This test verifies the happy path of JWK import, including the application | |
880 // of the imported key material. | |
881 | |
882 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | |
883 bool extractable = false; | |
884 WebKit::WebCryptoAlgorithm algorithm = | |
885 CreateHmacAlgorithmByHashId(WebKit::WebCryptoAlgorithmIdSha256); | |
886 WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign; | |
887 | |
888 // Import a symmetric key JWK and HMAC-SHA256 sign() | |
889 // Uses the first SHA256 test vector from the HMAC sample set above. | |
890 | |
891 base::DictionaryValue dict; | |
892 dict.SetString("kty", "oct"); | |
893 dict.SetString("alg", "HS256"); | |
894 dict.SetString("use", "sig"); | |
895 dict.SetBoolean("extractable", false); | |
896 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | |
897 std::vector<uint8> json_vec = MakeJsonVector(dict); | |
898 | |
899 ASSERT_TRUE(ImportKeyJwk( | |
900 json_vec, algorithm, extractable, usage_mask, &key)); | |
901 | |
902 const std::vector<uint8> message_raw = HexStringToBytes( | |
903 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a" | |
904 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92" | |
905 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f" | |
906 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e"); | |
907 | |
908 WebKit::WebArrayBuffer output; | |
909 | |
910 ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output)); | |
911 | |
912 const std::string mac_raw = | |
913 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | |
914 | |
915 ExpectArrayBufferMatchesHex(mac_raw, output); | |
916 | |
917 // TODO(padolph) | |
918 // Import an RSA public key JWK and use it | |
919 } | |
920 | |
686 #if !defined(USE_OPENSSL) | 921 #if !defined(USE_OPENSSL) |
687 | 922 |
688 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { | 923 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
689 | 924 |
690 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 925 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
691 | 926 |
692 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 927 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
693 const unsigned modulus_length = 256; | 928 const unsigned modulus_length = 256; |
694 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 929 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
695 WebKit::WebCryptoAlgorithm algorithm = | 930 WebKit::WebCryptoAlgorithm algorithm = |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
786 EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type()); | 1021 EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type()); |
787 EXPECT_EQ(extractable, public_key.extractable()); | 1022 EXPECT_EQ(extractable, public_key.extractable()); |
788 EXPECT_EQ(extractable, private_key.extractable()); | 1023 EXPECT_EQ(extractable, private_key.extractable()); |
789 EXPECT_EQ(usage_mask, public_key.usages()); | 1024 EXPECT_EQ(usage_mask, public_key.usages()); |
790 EXPECT_EQ(usage_mask, private_key.usages()); | 1025 EXPECT_EQ(usage_mask, private_key.usages()); |
791 } | 1026 } |
792 | 1027 |
793 #endif // #if !defined(USE_OPENSSL) | 1028 #endif // #if !defined(USE_OPENSSL) |
794 | 1029 |
795 } // namespace content | 1030 } // namespace content |
OLD | NEW |