| Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| index 0ae3bbf4a28fc82d69b922307c21fcfb8ac95128..5ed2fcbae462e234f91b1584a84fe1832ab8b023 100644
|
| --- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| +++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| @@ -5,6 +5,7 @@
|
| #include "webcrypto_impl.h"
|
|
|
| #include "base/basictypes.h"
|
| +#include "base/json/json_writer.h"
|
| #include "base/logging.h"
|
| #include "base/memory/ref_counted.h"
|
| #include "base/strings/string_number_conversions.h"
|
| @@ -59,6 +60,16 @@ WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
|
| new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size()));
|
| }
|
|
|
| +std::vector<uint8> MakeJsonVector(const std::string& json_string) {
|
| + return std::vector<uint8>(json_string.begin(), json_string.end());
|
| +}
|
| +
|
| +std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
|
| + std::string json;
|
| + base::JSONWriter::Write(&dict, &json);
|
| + return MakeJsonVector(json);
|
| +}
|
| +
|
| } // namespace
|
|
|
| namespace content {
|
| @@ -183,6 +194,22 @@ class WebCryptoImplTest : public testing::Test {
|
| algorithm, key, Start(data), data.size(), buffer);
|
| }
|
|
|
| + bool ImportKeyJwk(
|
| + const std::vector<uint8>& key_data,
|
| + bool extractable,
|
| + const WebKit::WebCryptoAlgorithm& algorithm,
|
| + WebKit::WebCryptoKeyUsageMask usage_mask,
|
| + scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
|
| + WebKit::WebCryptoKeyType* type) {
|
| + return crypto_.ImportKeyJwk(Start(key_data),
|
| + key_data.size(),
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + handle,
|
| + type);
|
| + }
|
| +
|
| private:
|
| WebCryptoImpl crypto_;
|
| };
|
| @@ -268,8 +295,6 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
|
| }
|
| }
|
|
|
| -// TODO(padolph) Enable these tests for OpenSSL once matching impl is available
|
| -#if !defined(USE_OPENSSL)
|
|
|
| TEST_F(WebCryptoImplTest, HMACSampleSets) {
|
| struct TestCase {
|
| @@ -410,6 +435,8 @@ TEST_F(WebCryptoImplTest, HMACSampleSets) {
|
| }
|
| }
|
|
|
| +#if !defined(USE_OPENSSL)
|
| +
|
| TEST_F(WebCryptoImplTest, AesCbcFailures) {
|
| WebKit::WebCryptoKey key = ImportSecretKeyFromRawHexString(
|
| "2b7e151628aed2a6abf7158809cf4f3c",
|
| @@ -603,9 +630,7 @@ TEST_F(WebCryptoImplTest, AesCbcSampleSets) {
|
| }
|
| }
|
|
|
| -#endif // !defined(USE_OPENSSL)
|
|
|
| -#if !defined(USE_OPENSSL)
|
| TEST_F(WebCryptoImplTest, GenerateKeyAes) {
|
| scoped_ptr<WebKit::WebCryptoAesKeyGenParams> params(
|
| new WebKit::WebCryptoAesKeyGenParams(128));
|
| @@ -637,6 +662,7 @@ TEST_F(WebCryptoImplTest, GenerateKeyAesOddLength) {
|
| EXPECT_EQ(type, WebKit::WebCryptoKeyTypePublic);
|
| }
|
|
|
| +
|
| TEST_F(WebCryptoImplTest, GenerateKeyHmac) {
|
| WebKit::WebCryptoAlgorithm sha1_alg(
|
| WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
|
| @@ -672,6 +698,260 @@ TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) {
|
| EXPECT_TRUE(bool(result));
|
| EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret);
|
| }
|
| -#endif /* !defined(USE_OPENSSL) */
|
| +
|
| +#endif //#if !defined(USE_OPENSSL)
|
| +
|
| +TEST_F(WebCryptoImplTest, ImportJwkBadJwk) {
|
| +
|
| + WebKit::WebCryptoKeyType type;
|
| + scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
|
| + std::vector<uint8> iv(16);
|
| + WebKit::WebCryptoAlgorithm algorithm = CreateAesCbcAlgorithm(iv);
|
| + bool extractable = false;
|
| + WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign;
|
| +
|
| + // Empty JSON
|
| + std::vector<uint8> json_vec = MakeJsonVector("");
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| +
|
| + // Invalid JSON
|
| + json_vec = MakeJsonVector(
|
| + "{"
|
| + "\"kty\" : \"oct\","
|
| + "\"alg\" : \"HS256\","
|
| + "\"use\" : "
|
| + );
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| +
|
| + // Note, each subtest below resets the dictionary so there is less chance of
|
| + // failure if they happen to be reordered.
|
| +
|
| + // Invalid kty
|
| + base::DictionaryValue dict;
|
| + dict.SetString("kty", "foo");
|
| + dict.SetString("alg", "HS256");
|
| + dict.SetString("use", "sig");
|
| + dict.SetBoolean("extractable", true);
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("kty", "oct");
|
| +
|
| + // Missing kty
|
| + dict.Remove("kty", NULL);
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("kty", "oct");
|
| +
|
| + // Invalid alg
|
| + dict.SetString("alg", "foo");
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("alg", "HS256");
|
| +
|
| + // Invalid use
|
| + dict.SetString("use", "foo");
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("use", "sig");
|
| +
|
| + // Missing k when kty = "oct"
|
| + dict.Remove("k", NULL);
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| +
|
| + // Bad b64 encoding for k
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3r #$% jhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| +
|
| + // TODO(padolph) RSA public key bad data:
|
| + // Missing n or e when kty = "RSA"
|
| + // Bad encoding for n or e
|
| + // Size check on n??
|
| + // Value check on e??
|
| +}
|
| +
|
| +TEST_F(WebCryptoImplTest, ImportJwkCollision) {
|
| + // The Web Crypto spec says that if a JWK value is present, but is
|
| + // inconsistent with the input value, the operation must fail.
|
| +
|
| + // Collision rules when JWK value is not present: Inputs should be unmodified.
|
| + scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
|
| + WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret;
|
| + bool extractable = true;
|
| + WebKit::WebCryptoAlgorithm algorithm =
|
| + CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256);
|
| + WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageVerify;
|
| + base::DictionaryValue dict;
|
| + dict.SetString("kty", "oct");
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + std::vector<uint8> json_vec = MakeJsonVector(dict);
|
| + EXPECT_TRUE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + EXPECT_TRUE(handle.get() != NULL);
|
| + EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, type);
|
| + EXPECT_TRUE(extractable);
|
| + EXPECT_EQ(WebKit::WebCryptoAlgorithmIdHmac, algorithm.id());
|
| + EXPECT_EQ(WebKit::WebCryptoAlgorithmIdSha256,
|
| + algorithm.hmacParams()->hash().id());
|
| + EXPECT_EQ(WebKit::WebCryptoKeyUsageVerify, usage_mask);
|
| + handle.reset();
|
| +
|
| + // Collision rules when JWK value exists: Fail if inconsistency is found.
|
| + // Happy path: all input values are consistent with the JWK values
|
| + dict.Clear();
|
| + dict.SetString("kty", "oct");
|
| + dict.SetString("alg", "HS256");
|
| + dict.SetString("use", "sig");
|
| + dict.SetBoolean("extractable", true);
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + json_vec = MakeJsonVector(dict);
|
| + EXPECT_TRUE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| +
|
| + // Fail: Input type (public) is inconsistent with JWK value (secret).
|
| + type = WebKit::WebCryptoKeyTypePublic;
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + type = WebKit::WebCryptoKeyTypeSecret;
|
| +
|
| + // Fail: Input extractable (false) is inconsistent with JWK value (true).
|
| + extractable = false;
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + extractable = true;
|
| +
|
| + // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
|
| + // (HMAC SHA256).
|
| + algorithm = CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha1);
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + algorithm = CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256);
|
| +
|
| + // Fail: Input usage_mask (sign) is inconsistent with JWK value (sign|verify)
|
| + usage_mask = WebKit::WebCryptoKeyUsageEncrypt;
|
| + EXPECT_FALSE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| + usage_mask = WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify;
|
| +}
|
| +
|
| +TEST_F(WebCryptoImplTest, ImportJwkHappy) {
|
| +
|
| + // This test verifies the happy path of JWK import, including the application
|
| + // of the imported key material.
|
| +
|
| + scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
|
| + WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypeSecret;
|
| + bool extractable = false;
|
| + WebKit::WebCryptoAlgorithm algorithm =
|
| + CreateHmacAlgorithm(WebKit::WebCryptoAlgorithmIdSha256);;
|
| + WebKit::WebCryptoKeyUsageMask usage_mask = WebKit::WebCryptoKeyUsageSign;
|
| +
|
| + // Import a symmetric key JWK and HMAC-SHA256 sign()
|
| + // Uses the first SHA256 test vector from the HMAC sample set above.
|
| +
|
| + base::DictionaryValue dict;
|
| + dict.SetString("kty", "oct");
|
| + dict.SetString("alg", "HS256");
|
| + dict.SetString("use", "sig");
|
| + dict.SetBoolean("extractable", false);
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + std::vector<uint8> json_vec = MakeJsonVector(dict);
|
| +
|
| + ASSERT_TRUE(ImportKeyJwk(json_vec,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask,
|
| + &handle,
|
| + &type));
|
| +
|
| + WebKit::WebCryptoKey key = WebKit::WebCryptoKey::create(handle.release(),
|
| + type, extractable, algorithm, usage_mask);
|
| +
|
| + const std::vector<uint8> message_raw = HexStringToBytes(
|
| + "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
|
| + "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
|
| + "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
|
| + "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
|
| +
|
| + WebKit::WebArrayBuffer output;
|
| +
|
| + ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
|
| +
|
| + const std::string mac_raw =
|
| + "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
|
| +
|
| + ExpectArrayBufferMatchesHex(mac_raw, output);
|
| +
|
| + // TODO(padolph)
|
| + // Import an RSA public key JWK and use it
|
| +}
|
|
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 25906002:
[webcrypto] Add JWK import for HMAC and AES-CBC key. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master