content/child/webcrypto/shared_crypto_unittest.cc - Issue 269313004: [webcrypto] Fix AES-KW unwrapping for symmetric keys (NSS).

Side by Side Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 269313004: [webcrypto] Fix AES-KW unwrapping for symmetric keys (NSS). (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 7 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/child/webcrypto/shared_crypto.h"	5 #include "content/child/webcrypto/shared_crypto.h"

6	6

7 #include <algorithm>	7 #include <algorithm>

8 #include <string>	8 #include <string>

9 #include <vector>	9 #include <vector>

10	10

(...skipping 2767 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2778 CryptoData(test_ciphertext),	2778 CryptoData(test_ciphertext),

2779 wrapping_key,	2779 wrapping_key,

2780 wrapping_algorithm,	2780 wrapping_algorithm,

2781 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),	2781 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),

2782 true,	2782 true,

2783 blink::WebCryptoKeyUsageEncrypt,	2783 blink::WebCryptoKeyUsageEncrypt,

2784 &unwrapped_key));	2784 &unwrapped_key));

2785 EXPECT_FALSE(key.isNull());	2785 EXPECT_FALSE(key.isNull());

2786 EXPECT_TRUE(key.handle());	2786 EXPECT_TRUE(key.handle());

2787 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());	2787 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());

2788 EXPECT_EQ(	2788 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, key.algorithm().id());

2789 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc).id(),

2790 key.algorithm().id());

2791 EXPECT_EQ(true, key.extractable());	2789 EXPECT_EQ(true, key.extractable());

2792 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());	2790 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());

2793	2791

2794 // Export the new key and compare its raw bytes with the original known key.	2792 // Export the new key and compare its raw bytes with the original known key.

2795 std::vector<uint8> raw_key;	2793 std::vector<uint8> raw_key;

2796 EXPECT_EQ(Status::Success(),	2794 EXPECT_EQ(Status::Success(),

2797 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));	2795 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key));

2798 EXPECT_BYTES_EQ(test_key, raw_key);	2796 EXPECT_BYTES_EQ(test_key, raw_key);

2799 }	2797 }

2800 }	2798 }

2801	2799

	2800 // Unwrap a HMAC key using AES-KW, and then try signing using the unwrapped key.
	Ryan Sleevi 2014/05/08 00:58:44 "then try doing a sign/verify with the unwrapped k "then try doing a sign/verify with the unwrapped key" eroman 2014/05/08 01:02:40 Done. Show quoted text On 2014/05/08 00:58:44, Ryan Sleevi wrote: > "then try doing a sign/verify with the unwrapped key" Done.
	2801 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapSignVerifyHmac)) {

	2802 scoped_ptr<base::ListValue> tests;

	2803 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));

	2804

	2805 base::DictionaryValue* test;

	2806 ASSERT_TRUE(tests->GetDictionary(0, &test));

	2807 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");

	2808 const std::vector<uint8> test_ciphertext =

	2809 GetBytesFromHexString(test, "ciphertext");

	2810 const blink::WebCryptoAlgorithm wrapping_algorithm =

	2811 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);

	2812

	2813 // Import the wrapping key.

	2814 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(

	2815 test_kek, wrapping_algorithm, blink::WebCryptoKeyUsageUnwrapKey);

	2816

	2817 // Unwrap the known ciphertext.

	2818 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();

	2819 ASSERT_EQ(

	2820 Status::Success(),

	2821 UnwrapKey(blink::WebCryptoKeyFormatRaw,

	2822 CryptoData(test_ciphertext),

	2823 wrapping_key,

	2824 wrapping_algorithm,

	2825 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),

	2826 false,

	2827 blink::WebCryptoKeyUsageSign \| blink::WebCryptoKeyUsageVerify,

	2828 &key));

	2829

	2830 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());

	2831 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());

	2832 EXPECT_EQ(false, key.extractable());

	2833 EXPECT_EQ(blink::WebCryptoKeyUsageSign \| blink::WebCryptoKeyUsageVerify,

	2834 key.usages());

	2835

	2836 // Sign an empty message and ensure it is verified.

	2837 std::vector<uint8> test_message;

	2838 std::vector<uint8> signature;

	2839

	2840 ASSERT_EQ(Status::Success(),

	2841 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),

	2842 key,

	2843 CryptoData(test_message),

	2844 &signature));

	2845

	2846 EXPECT_GT(signature.size(), 0u);

	2847

	2848 bool verify_result;

	2849 ASSERT_EQ(Status::Success(),

	2850 VerifySignature(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),

	2851 key,

	2852 CryptoData(signature),

	2853 CryptoData(test_message),

	2854 &verify_result));

	2855 }

	2856

2802 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {	2857 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {

2803 scoped_ptr<base::ListValue> tests;	2858 scoped_ptr<base::ListValue> tests;

2804 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));	2859 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));

2805 base::DictionaryValue* test;	2860 base::DictionaryValue* test;

2806 // Use 256 bits of data with a 256-bit KEK	2861 // Use 256 bits of data with a 256-bit KEK

2807 ASSERT_TRUE(tests->GetDictionary(5, &test));	2862 ASSERT_TRUE(tests->GetDictionary(5, &test));

2808 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");	2863 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");

2809 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");	2864 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");

2810 const std::vector<uint8> test_ciphertext =	2865 const std::vector<uint8> test_ciphertext =

2811 GetBytesFromHexString(test, "ciphertext");	2866 GetBytesFromHexString(test, "ciphertext");

(...skipping 607 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
3419 algorithm,	3474 algorithm,

3420 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)),	3475 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)),

3421 true,	3476 true,

3422 blink::WebCryptoKeyUsageEncrypt,	3477 blink::WebCryptoKeyUsageEncrypt,

3423 &unwrapped_key));	3478 &unwrapped_key));

3424 }	3479 }

3425	3480

3426 } // namespace webcrypto	3481 } // namespace webcrypto

3427	3482

3428 } // namespace content	3483 } // namespace content

OLD	NEW

« no previous file with comments | « content/child/webcrypto/platform_crypto_nss.cc ('k') | no next file » | no next file with comments »