OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 439 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
450 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 450 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
451 EXPECT_EQ(extractable, key.extractable()); | 451 EXPECT_EQ(extractable, key.extractable()); |
452 EXPECT_EQ(usage, key.usages()); | 452 EXPECT_EQ(usage, key.usages()); |
453 return key; | 453 return key; |
454 } | 454 } |
455 | 455 |
456 void ImportRsaKeyPair(const std::vector<uint8>& spki_der, | 456 void ImportRsaKeyPair(const std::vector<uint8>& spki_der, |
457 const std::vector<uint8>& pkcs8_der, | 457 const std::vector<uint8>& pkcs8_der, |
458 const blink::WebCryptoAlgorithm& algorithm, | 458 const blink::WebCryptoAlgorithm& algorithm, |
459 bool extractable, | 459 bool extractable, |
460 blink::WebCryptoKeyUsageMask usage_mask, | 460 blink::WebCryptoKeyUsageMask public_key_usage_mask, |
| 461 blink::WebCryptoKeyUsageMask private_key_usage_mask, |
461 blink::WebCryptoKey* public_key, | 462 blink::WebCryptoKey* public_key, |
462 blink::WebCryptoKey* private_key) { | 463 blink::WebCryptoKey* private_key) { |
463 ASSERT_EQ(Status::Success(), | 464 ASSERT_EQ(Status::Success(), |
464 ImportKey(blink::WebCryptoKeyFormatSpki, | 465 ImportKey(blink::WebCryptoKeyFormatSpki, |
465 CryptoData(spki_der), | 466 CryptoData(spki_der), |
466 algorithm, | 467 algorithm, |
467 true, | 468 true, |
468 usage_mask, | 469 public_key_usage_mask, |
469 public_key)); | 470 public_key)); |
470 EXPECT_FALSE(public_key->isNull()); | 471 EXPECT_FALSE(public_key->isNull()); |
471 EXPECT_TRUE(public_key->handle()); | 472 EXPECT_TRUE(public_key->handle()); |
472 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); | 473 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); |
473 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); | 474 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); |
474 EXPECT_EQ(extractable, extractable); | 475 EXPECT_TRUE(public_key->extractable()); |
475 EXPECT_EQ(usage_mask, public_key->usages()); | 476 EXPECT_EQ(public_key_usage_mask, public_key->usages()); |
476 | 477 |
477 ASSERT_EQ(Status::Success(), | 478 ASSERT_EQ(Status::Success(), |
478 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 479 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
479 CryptoData(pkcs8_der), | 480 CryptoData(pkcs8_der), |
480 algorithm, | 481 algorithm, |
481 extractable, | 482 extractable, |
482 usage_mask, | 483 private_key_usage_mask, |
483 private_key)); | 484 private_key)); |
484 EXPECT_FALSE(private_key->isNull()); | 485 EXPECT_FALSE(private_key->isNull()); |
485 EXPECT_TRUE(private_key->handle()); | 486 EXPECT_TRUE(private_key->handle()); |
486 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); | 487 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); |
487 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); | 488 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); |
488 EXPECT_EQ(extractable, extractable); | 489 EXPECT_EQ(extractable, private_key->extractable()); |
489 EXPECT_EQ(usage_mask, private_key->usages()); | 490 EXPECT_EQ(private_key_usage_mask, private_key->usages()); |
490 } | 491 } |
491 | 492 |
492 Status AesGcmEncrypt(const blink::WebCryptoKey& key, | 493 Status AesGcmEncrypt(const blink::WebCryptoKey& key, |
493 const std::vector<uint8>& iv, | 494 const std::vector<uint8>& iv, |
494 const std::vector<uint8>& additional_data, | 495 const std::vector<uint8>& additional_data, |
495 unsigned int tag_length_bits, | 496 unsigned int tag_length_bits, |
496 const std::vector<uint8>& plain_text, | 497 const std::vector<uint8>& plain_text, |
497 std::vector<uint8>* cipher_text, | 498 std::vector<uint8>* cipher_text, |
498 std::vector<uint8>* authentication_tag) { | 499 std::vector<uint8>* authentication_tag) { |
499 EXPECT_TRUE(SupportsAesGcm()); | 500 EXPECT_TRUE(SupportsAesGcm()); |
(...skipping 709 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1209 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. | 1210 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. |
1210 const TestCase test_case[] = { | 1211 const TestCase test_case[] = { |
1211 {"encrypt", "A128CBC", aes_cbc_algorithm, | 1212 {"encrypt", "A128CBC", aes_cbc_algorithm, |
1212 blink::WebCryptoKeyUsageEncrypt}, | 1213 blink::WebCryptoKeyUsageEncrypt}, |
1213 {"decrypt", "A128CBC", aes_cbc_algorithm, | 1214 {"decrypt", "A128CBC", aes_cbc_algorithm, |
1214 blink::WebCryptoKeyUsageDecrypt}, | 1215 blink::WebCryptoKeyUsageDecrypt}, |
1215 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, | 1216 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, |
1216 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, | 1217 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, |
1217 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, | 1218 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, |
1218 {"unwrapKey", "A128KW", aes_kw_algorithm, | 1219 {"unwrapKey", "A128KW", aes_kw_algorithm, |
1219 blink::WebCryptoKeyUsageUnwrapKey}, | 1220 blink::WebCryptoKeyUsageUnwrapKey}}; |
1220 {"deriveKey", "HS256", hmac_algorithm, | |
1221 blink::WebCryptoKeyUsageDeriveKey}}; | |
1222 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case); | 1221 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case); |
1223 ++test_index) { | 1222 ++test_index) { |
1224 SCOPED_TRACE(test_index); | 1223 SCOPED_TRACE(test_index); |
1225 dict.SetString("alg", test_case[test_index].jwk_alg); | 1224 dict.SetString("alg", test_case[test_index].jwk_alg); |
1226 key_ops->Clear(); | 1225 key_ops->Clear(); |
1227 key_ops->AppendString(test_case[test_index].jwk_key_op); | 1226 key_ops->AppendString(test_case[test_index].jwk_key_op); |
1228 EXPECT_EQ(Status::Success(), | 1227 EXPECT_EQ(Status::Success(), |
1229 ImportKeyJwkFromDict(dict, | 1228 ImportKeyJwkFromDict(dict, |
1230 test_case[test_index].algorithm, | 1229 test_case[test_index].algorithm, |
1231 false, | 1230 false, |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1302 // Test JWK composite use 'enc' usage | 1301 // Test JWK composite use 'enc' usage |
1303 dict.SetString("alg", "A128CBC"); | 1302 dict.SetString("alg", "A128CBC"); |
1304 dict.SetString("use", "enc"); | 1303 dict.SetString("use", "enc"); |
1305 EXPECT_EQ(Status::Success(), | 1304 EXPECT_EQ(Status::Success(), |
1306 ImportKeyJwkFromDict(dict, | 1305 ImportKeyJwkFromDict(dict, |
1307 aes_cbc_algorithm, | 1306 aes_cbc_algorithm, |
1308 false, | 1307 false, |
1309 blink::WebCryptoKeyUsageDecrypt | | 1308 blink::WebCryptoKeyUsageDecrypt | |
1310 blink::WebCryptoKeyUsageEncrypt | | 1309 blink::WebCryptoKeyUsageEncrypt | |
1311 blink::WebCryptoKeyUsageWrapKey | | 1310 blink::WebCryptoKeyUsageWrapKey | |
1312 blink::WebCryptoKeyUsageUnwrapKey | | 1311 blink::WebCryptoKeyUsageUnwrapKey, |
1313 blink::WebCryptoKeyUsageDeriveKey, | |
1314 &key)); | 1312 &key)); |
1315 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | 1313 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | |
1316 blink::WebCryptoKeyUsageWrapKey | | 1314 blink::WebCryptoKeyUsageWrapKey | |
1317 blink::WebCryptoKeyUsageUnwrapKey | | 1315 blink::WebCryptoKeyUsageUnwrapKey, |
1318 blink::WebCryptoKeyUsageDeriveKey, | |
1319 key.usages()); | 1316 key.usages()); |
1320 } | 1317 } |
1321 | 1318 |
1322 TEST_F(SharedCryptoTest, ImportJwkFailures) { | 1319 TEST_F(SharedCryptoTest, ImportJwkFailures) { |
1323 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1320 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1324 blink::WebCryptoAlgorithm algorithm = | 1321 blink::WebCryptoAlgorithm algorithm = |
1325 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 1322 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
1326 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1323 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
1327 | 1324 |
1328 // Baseline pass: each test below breaks a single item, so we start with a | 1325 // Baseline pass: each test below breaks a single item, so we start with a |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1469 struct TestCase { | 1466 struct TestCase { |
1470 const blink::WebCryptoAlgorithm algorithm; | 1467 const blink::WebCryptoAlgorithm algorithm; |
1471 const blink::WebCryptoKeyUsageMask usage; | 1468 const blink::WebCryptoKeyUsageMask usage; |
1472 const char* const jwk_alg; | 1469 const char* const jwk_alg; |
1473 }; | 1470 }; |
1474 const TestCase kTests[] = { | 1471 const TestCase kTests[] = { |
1475 // RSASSA-PKCS1-v1_5 SHA-1 | 1472 // RSASSA-PKCS1-v1_5 SHA-1 |
1476 {CreateRsaHashedImportAlgorithm( | 1473 {CreateRsaHashedImportAlgorithm( |
1477 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1474 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1478 blink::WebCryptoAlgorithmIdSha1), | 1475 blink::WebCryptoAlgorithmIdSha1), |
1479 blink::WebCryptoKeyUsageSign, "RS1"}, | 1476 blink::WebCryptoKeyUsageVerify, "RS1"}, |
1480 // RSASSA-PKCS1-v1_5 SHA-256 | 1477 // RSASSA-PKCS1-v1_5 SHA-256 |
1481 {CreateRsaHashedImportAlgorithm( | 1478 {CreateRsaHashedImportAlgorithm( |
1482 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1479 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1483 blink::WebCryptoAlgorithmIdSha256), | 1480 blink::WebCryptoAlgorithmIdSha256), |
1484 blink::WebCryptoKeyUsageSign, "RS256"}, | 1481 blink::WebCryptoKeyUsageVerify, "RS256"}, |
1485 // RSASSA-PKCS1-v1_5 SHA-384 | 1482 // RSASSA-PKCS1-v1_5 SHA-384 |
1486 {CreateRsaHashedImportAlgorithm( | 1483 {CreateRsaHashedImportAlgorithm( |
1487 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1484 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1488 blink::WebCryptoAlgorithmIdSha384), | 1485 blink::WebCryptoAlgorithmIdSha384), |
1489 blink::WebCryptoKeyUsageSign, "RS384"}, | 1486 blink::WebCryptoKeyUsageVerify, "RS384"}, |
1490 // RSASSA-PKCS1-v1_5 SHA-512 | 1487 // RSASSA-PKCS1-v1_5 SHA-512 |
1491 {CreateRsaHashedImportAlgorithm( | 1488 {CreateRsaHashedImportAlgorithm( |
1492 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1489 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1493 blink::WebCryptoAlgorithmIdSha512), | 1490 blink::WebCryptoAlgorithmIdSha512), |
1494 blink::WebCryptoKeyUsageSign, "RS512"}, | 1491 blink::WebCryptoKeyUsageVerify, "RS512"}, |
1495 // RSA-OAEP with SHA-1 and MGF-1 / SHA-1 | 1492 // RSA-OAEP with SHA-1 and MGF-1 / SHA-1 |
1496 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, | 1493 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, |
1497 blink::WebCryptoAlgorithmIdSha1), | 1494 blink::WebCryptoAlgorithmIdSha1), |
1498 blink::WebCryptoKeyUsageEncrypt, "RSA-OAEP"}, | 1495 blink::WebCryptoKeyUsageEncrypt, "RSA-OAEP"}, |
1499 // RSA-OAEP with SHA-256 and MGF-1 / SHA-256 | 1496 // RSA-OAEP with SHA-256 and MGF-1 / SHA-256 |
1500 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, | 1497 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, |
1501 blink::WebCryptoAlgorithmIdSha256), | 1498 blink::WebCryptoAlgorithmIdSha256), |
1502 blink::WebCryptoKeyUsageEncrypt, "RSA-OAEP-256"}, | 1499 blink::WebCryptoKeyUsageEncrypt, "RSA-OAEP-256"}, |
1503 // RSA-OAEP with SHA-384 and MGF-1 / SHA-384 | 1500 // RSA-OAEP with SHA-384 and MGF-1 / SHA-384 |
1504 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, | 1501 {CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep, |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1539 test.usage)); | 1536 test.usage)); |
1540 | 1537 |
1541 // Import the JWK back in to create a new key | 1538 // Import the JWK back in to create a new key |
1542 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); | 1539 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); |
1543 ASSERT_EQ( | 1540 ASSERT_EQ( |
1544 Status::Success(), | 1541 Status::Success(), |
1545 ImportKeyJwk( | 1542 ImportKeyJwk( |
1546 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); | 1543 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); |
1547 ASSERT_TRUE(public_key2.handle()); | 1544 ASSERT_TRUE(public_key2.handle()); |
1548 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); | 1545 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); |
1549 EXPECT_EQ(true, public_key2.extractable()); | 1546 EXPECT_TRUE(public_key2.extractable()); |
1550 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); | 1547 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); |
1551 | 1548 |
1552 // Only perform SPKI consistency test for RSA-SSA as its | 1549 // Only perform SPKI consistency test for RSA-SSA as its |
1553 // export format is the same as kPublicKeySpkiDerHex | 1550 // export format is the same as kPublicKeySpkiDerHex |
1554 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5) { | 1551 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5) { |
1555 // Export the new key as spki and compare to the original. | 1552 // Export the new key as spki and compare to the original. |
1556 std::vector<uint8> spki; | 1553 std::vector<uint8> spki; |
1557 ASSERT_EQ(Status::Success(), | 1554 ASSERT_EQ(Status::Success(), |
1558 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); | 1555 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); |
1559 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); | 1556 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1672 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1669 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
1673 EXPECT_FALSE(key.extractable()); | 1670 EXPECT_FALSE(key.extractable()); |
1674 dict.SetBoolean("ext", true); // restore previous value | 1671 dict.SetBoolean("ext", true); // restore previous value |
1675 | 1672 |
1676 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | 1673 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
1677 // (HMAC SHA256). | 1674 // (HMAC SHA256). |
1678 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(), | 1675 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(), |
1679 ImportKeyJwk(CryptoData(json_vec), | 1676 ImportKeyJwk(CryptoData(json_vec), |
1680 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1677 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1681 extractable, | 1678 extractable, |
1682 usage_mask, | 1679 blink::WebCryptoKeyUsageEncrypt, |
1683 &key)); | 1680 &key)); |
1684 | 1681 |
1685 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1682 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
1686 // (HMAC SHA256). | 1683 // (HMAC SHA256). |
1687 EXPECT_EQ( | 1684 EXPECT_EQ( |
1688 Status::ErrorJwkAlgorithmInconsistent(), | 1685 Status::ErrorJwkAlgorithmInconsistent(), |
1689 ImportKeyJwk(CryptoData(json_vec), | 1686 ImportKeyJwk(CryptoData(json_vec), |
1690 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), | 1687 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1), |
1691 extractable, | 1688 extractable, |
1692 usage_mask, | 1689 usage_mask, |
1693 &key)); | 1690 &key)); |
1694 | 1691 |
1695 // Pass: JWK alg missing but input algorithm specified: use input value | 1692 // Pass: JWK alg missing but input algorithm specified: use input value |
1696 dict.Remove("alg", NULL); | 1693 dict.Remove("alg", NULL); |
1697 EXPECT_EQ(Status::Success(), | 1694 EXPECT_EQ(Status::Success(), |
1698 ImportKeyJwkFromDict( | 1695 ImportKeyJwkFromDict( |
1699 dict, | 1696 dict, |
1700 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), | 1697 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256), |
1701 extractable, | 1698 extractable, |
1702 usage_mask, | 1699 usage_mask, |
1703 &key)); | 1700 &key)); |
1704 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); | 1701 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id()); |
1705 dict.SetString("alg", "HS256"); | 1702 dict.SetString("alg", "HS256"); |
1706 | 1703 |
1707 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value | 1704 // Fail: Input usage_mask (encrypt) is not a subset of the JWK value |
1708 // (sign|verify) | 1705 // (sign|verify). Moreover "encrypt" is not a valid usage for HMAC. |
1709 EXPECT_EQ(Status::ErrorJwkUseInconsistent(), | 1706 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(), |
1710 ImportKeyJwk(CryptoData(json_vec), | 1707 ImportKeyJwk(CryptoData(json_vec), |
1711 algorithm, | 1708 algorithm, |
1712 extractable, | 1709 extractable, |
1713 blink::WebCryptoKeyUsageEncrypt, | 1710 blink::WebCryptoKeyUsageEncrypt, |
1714 &key)); | 1711 &key)); |
1715 | 1712 |
1716 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK | 1713 // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK |
1717 // value (sign|verify) | 1714 // value (sign|verify). Moreover "encrypt" is not a valid usage for HMAC. |
1718 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | | 1715 usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign | |
1719 blink::WebCryptoKeyUsageVerify; | 1716 blink::WebCryptoKeyUsageVerify; |
1720 EXPECT_EQ( | 1717 EXPECT_EQ( |
1721 Status::ErrorJwkUseInconsistent(), | 1718 Status::ErrorCreateKeyBadUsages(), |
1722 ImportKeyJwk( | 1719 ImportKeyJwk( |
1723 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); | 1720 CryptoData(json_vec), algorithm, extractable, usage_mask, &key)); |
1724 | 1721 |
1725 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, | 1722 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value, |
1726 // only certain alg values are permitted. For example, when kty = "RSA" alg | 1723 // only certain alg values are permitted. For example, when kty = "RSA" alg |
1727 // must be of the RSA family, or when kty = "oct" alg must be symmetric | 1724 // must be of the RSA family, or when kty = "oct" alg must be symmetric |
1728 // algorithm. | 1725 // algorithm. |
1729 | 1726 |
1730 // TODO(padolph): key_ops consistency tests | 1727 // TODO(padolph): key_ops consistency tests |
1731 } | 1728 } |
(...skipping 339 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2071 // Failing case: Bad DER encoding. | 2068 // Failing case: Bad DER encoding. |
2072 EXPECT_EQ( | 2069 EXPECT_EQ( |
2073 Status::DataError(), | 2070 Status::DataError(), |
2074 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2071 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
2075 CryptoData(HexStringToBytes("618333c4cb")), | 2072 CryptoData(HexStringToBytes("618333c4cb")), |
2076 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2073 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
2077 true, | 2074 true, |
2078 blink::WebCryptoKeyUsageSign, | 2075 blink::WebCryptoKeyUsageSign, |
2079 &key)); | 2076 &key)); |
2080 | 2077 |
2081 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 2078 // Failing case: Import RSA key but provide an inconsistent input algorithm |
2082 EXPECT_EQ(Status::DataError(), | 2079 // and usage. Several issues here: |
| 2080 // * AES-CBC doesn't support PKCS8 key format |
| 2081 // * AES-CBC doesn't support "sign" usage |
| 2082 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(), |
2083 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2083 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
2084 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2084 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
2085 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2085 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2086 true, | 2086 true, |
2087 blink::WebCryptoKeyUsageSign, | 2087 blink::WebCryptoKeyUsageSign, |
2088 &key)); | 2088 &key)); |
2089 } | 2089 } |
2090 | 2090 |
2091 // Tests JWK import and export by doing a roundtrip key conversion and ensuring | 2091 // Tests JWK import and export by doing a roundtrip key conversion and ensuring |
2092 // it was lossless: | 2092 // it was lossless: |
(...skipping 314 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2407 // This should fail since spki is for public keys. | 2407 // This should fail since spki is for public keys. |
2408 EXPECT_EQ( | 2408 EXPECT_EQ( |
2409 Status::Success(), | 2409 Status::Success(), |
2410 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); | 2410 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); |
2411 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2411 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2412 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 2412 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
2413 } | 2413 } |
2414 | 2414 |
2415 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 2415 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
2416 // Import a key pair. | 2416 // Import a key pair. |
2417 blink::WebCryptoKeyUsageMask usage_mask = | |
2418 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
2419 blink::WebCryptoAlgorithm importAlgorithm = | 2417 blink::WebCryptoAlgorithm importAlgorithm = |
2420 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2418 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2421 blink::WebCryptoAlgorithmIdSha1); | 2419 blink::WebCryptoAlgorithmIdSha1); |
2422 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2420 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2423 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2421 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2424 ASSERT_NO_FATAL_FAILURE( | 2422 ASSERT_NO_FATAL_FAILURE( |
2425 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), | 2423 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
2426 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2424 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
2427 importAlgorithm, | 2425 importAlgorithm, |
2428 false, | 2426 false, |
2429 usage_mask, | 2427 blink::WebCryptoKeyUsageVerify, |
| 2428 blink::WebCryptoKeyUsageSign, |
2430 &public_key, | 2429 &public_key, |
2431 &private_key)); | 2430 &private_key)); |
2432 | 2431 |
2433 blink::WebCryptoAlgorithm algorithm = | 2432 blink::WebCryptoAlgorithm algorithm = |
2434 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | 2433 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); |
2435 | 2434 |
2436 std::vector<uint8> signature; | 2435 std::vector<uint8> signature; |
2437 bool signature_match; | 2436 bool signature_match; |
2438 | 2437 |
2439 // Compute a signature. | 2438 // Compute a signature. |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2476 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); | 2475 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); |
2477 const unsigned char kLongSignature[long_message_size_bytes] = {0}; | 2476 const unsigned char kLongSignature[long_message_size_bytes] = {0}; |
2478 EXPECT_EQ(Status::Success(), | 2477 EXPECT_EQ(Status::Success(), |
2479 VerifySignature(algorithm, | 2478 VerifySignature(algorithm, |
2480 public_key, | 2479 public_key, |
2481 CryptoData(kLongSignature, sizeof(kLongSignature)), | 2480 CryptoData(kLongSignature, sizeof(kLongSignature)), |
2482 CryptoData(data), | 2481 CryptoData(data), |
2483 &signature_match)); | 2482 &signature_match)); |
2484 EXPECT_FALSE(signature_match); | 2483 EXPECT_FALSE(signature_match); |
2485 | 2484 |
2486 // Ensure that verifying using a private key, rather than a public key, fails. | |
2487 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | |
2488 VerifySignature(algorithm, | |
2489 private_key, | |
2490 CryptoData(signature), | |
2491 CryptoData(data), | |
2492 &signature_match)); | |
2493 | |
2494 // Ensure that signing using a public key, rather than a private key, fails. | |
2495 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | |
2496 Sign(algorithm, public_key, CryptoData(data), &signature)); | |
2497 | |
2498 // Ensure that signing and verifying with an incompatible algorithm fails. | 2485 // Ensure that signing and verifying with an incompatible algorithm fails. |
2499 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep); | 2486 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep); |
2500 | 2487 |
2501 EXPECT_EQ(Status::ErrorUnexpected(), | 2488 EXPECT_EQ(Status::ErrorUnexpected(), |
2502 Sign(algorithm, private_key, CryptoData(data), &signature)); | 2489 Sign(algorithm, private_key, CryptoData(data), &signature)); |
2503 EXPECT_EQ(Status::ErrorUnexpected(), | 2490 EXPECT_EQ(Status::ErrorUnexpected(), |
2504 VerifySignature(algorithm, | 2491 VerifySignature(algorithm, |
2505 public_key, | 2492 public_key, |
2506 CryptoData(signature), | 2493 CryptoData(signature), |
2507 CryptoData(data), | 2494 CryptoData(data), |
(...skipping 16 matching lines...) Expand all Loading... |
2524 &signature)); | 2511 &signature)); |
2525 | 2512 |
2526 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); | 2513 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); |
2527 EXPECT_EQ(Status::Success(), | 2514 EXPECT_EQ(Status::Success(), |
2528 ImportKey(blink::WebCryptoKeyFormatSpki, | 2515 ImportKey(blink::WebCryptoKeyFormatSpki, |
2529 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2516 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
2530 CreateRsaHashedImportAlgorithm( | 2517 CreateRsaHashedImportAlgorithm( |
2531 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2518 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2532 blink::WebCryptoAlgorithmIdSha256), | 2519 blink::WebCryptoAlgorithmIdSha256), |
2533 true, | 2520 true, |
2534 usage_mask, | 2521 blink::WebCryptoKeyUsageVerify, |
2535 &public_key_256)); | 2522 &public_key_256)); |
2536 | 2523 |
2537 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The | 2524 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The |
2538 // signature should not verify. | 2525 // signature should not verify. |
2539 // NOTE: public_key was produced by generateKey, and so its associated | 2526 // NOTE: public_key was produced by generateKey, and so its associated |
2540 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | 2527 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
2541 // it has no inner hash to conflict with the input algorithm. | 2528 // it has no inner hash to conflict with the input algorithm. |
2542 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 2529 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
2543 private_key.algorithm().rsaHashedParams()->hash().id()); | 2530 private_key.algorithm().rsaHashedParams()->hash().id()); |
2544 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 2531 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
(...skipping 13 matching lines...) Expand all Loading... |
2558 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 2545 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
2559 scoped_ptr<base::ListValue> tests; | 2546 scoped_ptr<base::ListValue> tests; |
2560 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 2547 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
2561 | 2548 |
2562 // Import the key pair. | 2549 // Import the key pair. |
2563 blink::WebCryptoAlgorithm importAlgorithm = | 2550 blink::WebCryptoAlgorithm importAlgorithm = |
2564 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2551 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2565 blink::WebCryptoAlgorithmIdSha1); | 2552 blink::WebCryptoAlgorithmIdSha1); |
2566 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2553 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2567 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2554 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2568 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | 2555 ASSERT_NO_FATAL_FAILURE( |
2569 HexStringToBytes(kPublicKeySpkiDerHex), | 2556 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
2570 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2557 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
2571 importAlgorithm, | 2558 importAlgorithm, |
2572 false, | 2559 false, |
2573 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | 2560 blink::WebCryptoKeyUsageVerify, |
2574 &public_key, | 2561 blink::WebCryptoKeyUsageSign, |
2575 &private_key)); | 2562 &public_key, |
| 2563 &private_key)); |
2576 | 2564 |
2577 blink::WebCryptoAlgorithm algorithm = | 2565 blink::WebCryptoAlgorithm algorithm = |
2578 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | 2566 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); |
2579 | 2567 |
2580 // Validate the signatures are computed and verified as expected. | 2568 // Validate the signatures are computed and verified as expected. |
2581 std::vector<uint8> signature; | 2569 std::vector<uint8> signature; |
2582 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 2570 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
2583 SCOPED_TRACE(test_index); | 2571 SCOPED_TRACE(test_index); |
2584 | 2572 |
2585 base::DictionaryValue* test; | 2573 base::DictionaryValue* test; |
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2697 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { | 2685 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { |
2698 // This test exercises the code path common to all unwrap operations. | 2686 // This test exercises the code path common to all unwrap operations. |
2699 scoped_ptr<base::ListValue> tests; | 2687 scoped_ptr<base::ListValue> tests; |
2700 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); | 2688 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); |
2701 base::DictionaryValue* test; | 2689 base::DictionaryValue* test; |
2702 ASSERT_TRUE(tests->GetDictionary(0, &test)); | 2690 ASSERT_TRUE(tests->GetDictionary(0, &test)); |
2703 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); | 2691 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); |
2704 const std::vector<uint8> test_ciphertext = | 2692 const std::vector<uint8> test_ciphertext = |
2705 GetBytesFromHexString(test, "ciphertext"); | 2693 GetBytesFromHexString(test, "ciphertext"); |
2706 | 2694 |
2707 // Using a key that does not have unwrapKey usage should fail. | |
2708 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw( | |
2709 test_kek, | |
2710 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | |
2711 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey | |
2712 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 2695 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); |
2713 EXPECT_EQ( | |
2714 Status::ErrorUnexpected(), | |
2715 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
2716 CryptoData(test_ciphertext), | |
2717 bad_wrapping_key, | |
2718 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | |
2719 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
2720 true, | |
2721 blink::WebCryptoKeyUsageEncrypt, | |
2722 &unwrapped_key)); | |
2723 | 2696 |
2724 // Using a wrapping algorithm that does not match the wrapping key algorithm | 2697 // Using a wrapping algorithm that does not match the wrapping key algorithm |
2725 // should fail. | 2698 // should fail. |
2726 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( | 2699 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( |
2727 test_kek, | 2700 test_kek, |
2728 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | 2701 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), |
2729 blink::WebCryptoKeyUsageUnwrapKey); | 2702 blink::WebCryptoKeyUsageUnwrapKey); |
2730 EXPECT_EQ( | 2703 EXPECT_EQ( |
2731 Status::ErrorUnexpected(), | 2704 Status::ErrorUnexpected(), |
2732 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 2705 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
(...skipping 575 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3308 GetBytesFromHexString(test, "private_key"); | 3281 GetBytesFromHexString(test, "private_key"); |
3309 std::vector<uint8> ciphertext = GetBytesFromHexString(test, "ciphertext"); | 3282 std::vector<uint8> ciphertext = GetBytesFromHexString(test, "ciphertext"); |
3310 std::vector<uint8> plaintext = GetBytesFromHexString(test, "plaintext"); | 3283 std::vector<uint8> plaintext = GetBytesFromHexString(test, "plaintext"); |
3311 std::vector<uint8> label = GetBytesFromHexString(test, "label"); | 3284 std::vector<uint8> label = GetBytesFromHexString(test, "label"); |
3312 | 3285 |
3313 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( | 3286 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( |
3314 blink::WebCryptoAlgorithmIdRsaOaep, digest_algorithm.id()); | 3287 blink::WebCryptoAlgorithmIdRsaOaep, digest_algorithm.id()); |
3315 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 3288 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
3316 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 3289 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
3317 | 3290 |
3318 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | 3291 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair(public_key_der, |
3319 public_key_der, | 3292 private_key_der, |
3320 private_key_der, | 3293 import_algorithm, |
3321 import_algorithm, | 3294 false, |
3322 false, | 3295 blink::WebCryptoKeyUsageEncrypt, |
3323 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 3296 blink::WebCryptoKeyUsageDecrypt, |
3324 &public_key, | 3297 &public_key, |
3325 &private_key)); | 3298 &private_key)); |
3326 | 3299 |
3327 blink::WebCryptoAlgorithm op_algorithm = CreateRsaOaepAlgorithm(label); | 3300 blink::WebCryptoAlgorithm op_algorithm = CreateRsaOaepAlgorithm(label); |
3328 std::vector<uint8> decrypted_data; | 3301 std::vector<uint8> decrypted_data; |
3329 ASSERT_EQ(Status::Success(), | 3302 ASSERT_EQ(Status::Success(), |
3330 Decrypt(op_algorithm, | 3303 Decrypt(op_algorithm, |
3331 private_key, | 3304 private_key, |
3332 CryptoData(ciphertext), | 3305 CryptoData(ciphertext), |
3333 &decrypted_data)); | 3306 &decrypted_data)); |
3334 EXPECT_BYTES_EQ(plaintext, decrypted_data); | 3307 EXPECT_BYTES_EQ(plaintext, decrypted_data); |
3335 std::vector<uint8> encrypted_data; | 3308 std::vector<uint8> encrypted_data; |
(...skipping 154 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3490 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( | 3463 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( |
3491 blink::WebCryptoAlgorithmIdRsaOaep, blink::WebCryptoAlgorithmIdSha1); | 3464 blink::WebCryptoAlgorithmIdRsaOaep, blink::WebCryptoAlgorithmIdSha1); |
3492 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 3465 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
3493 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 3466 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
3494 | 3467 |
3495 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | 3468 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( |
3496 HexStringToBytes(kPublicKeySpkiDerHex), | 3469 HexStringToBytes(kPublicKeySpkiDerHex), |
3497 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 3470 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
3498 import_algorithm, | 3471 import_algorithm, |
3499 false, | 3472 false, |
3500 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | 3473 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
3501 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 3474 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
3502 &public_key, | 3475 &public_key, |
3503 &private_key)); | 3476 &private_key)); |
3504 | 3477 |
3505 std::vector<uint8> label; | 3478 std::vector<uint8> label; |
3506 blink::WebCryptoAlgorithm wrapping_algorithm = CreateRsaOaepAlgorithm(label); | 3479 blink::WebCryptoAlgorithm wrapping_algorithm = CreateRsaOaepAlgorithm(label); |
3507 | 3480 |
3508 const std::string key_hex = "000102030405060708090A0B0C0D0E0F"; | 3481 const std::string key_hex = "000102030405060708090A0B0C0D0E0F"; |
3509 const blink::WebCryptoAlgorithm key_algorithm = | 3482 const blink::WebCryptoAlgorithm key_algorithm = |
3510 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 3483 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
3511 | 3484 |
(...skipping 96 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3608 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( | 3581 blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( |
3609 blink::WebCryptoAlgorithmIdRsaOaep, blink::WebCryptoAlgorithmIdSha1); | 3582 blink::WebCryptoAlgorithmIdRsaOaep, blink::WebCryptoAlgorithmIdSha1); |
3610 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 3583 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
3611 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 3584 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
3612 | 3585 |
3613 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | 3586 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( |
3614 HexStringToBytes(kPublicKey2048SpkiDerHex), | 3587 HexStringToBytes(kPublicKey2048SpkiDerHex), |
3615 HexStringToBytes(kPrivateKey2048Pkcs8DerHex), | 3588 HexStringToBytes(kPrivateKey2048Pkcs8DerHex), |
3616 import_algorithm, | 3589 import_algorithm, |
3617 false, | 3590 false, |
3618 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | 3591 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
3619 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 3592 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
3620 &public_key, | 3593 &public_key, |
3621 &private_key)); | 3594 &private_key)); |
3622 | 3595 |
3623 std::vector<uint8> label; | 3596 std::vector<uint8> label; |
3624 blink::WebCryptoAlgorithm wrapping_algorithm = CreateRsaOaepAlgorithm(label); | 3597 blink::WebCryptoAlgorithm wrapping_algorithm = CreateRsaOaepAlgorithm(label); |
3625 | 3598 |
3626 const std::string key_hex = "000102030405060708090a0b0c0d0e0f"; | 3599 const std::string key_hex = "000102030405060708090a0b0c0d0e0f"; |
3627 const blink::WebCryptoAlgorithm key_algorithm = | 3600 const blink::WebCryptoAlgorithm key_algorithm = |
3628 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 3601 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
3629 | 3602 |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3664 blink::WebCryptoKeyUsageEncrypt, | 3637 blink::WebCryptoKeyUsageEncrypt, |
3665 &unwrapped_key)); | 3638 &unwrapped_key)); |
3666 ASSERT_FALSE(unwrapped_key.isNull()); | 3639 ASSERT_FALSE(unwrapped_key.isNull()); |
3667 | 3640 |
3668 std::vector<uint8> raw_key; | 3641 std::vector<uint8> raw_key; |
3669 ASSERT_EQ(Status::Success(), | 3642 ASSERT_EQ(Status::Success(), |
3670 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 3643 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
3671 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); | 3644 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); |
3672 } | 3645 } |
3673 | 3646 |
| 3647 // Try importing an RSA-SSA public key with unsupported key usages using SPKI |
| 3648 // format. RSA-SSA public keys only support the 'verify' usage. |
| 3649 TEST_F(SharedCryptoTest, MAYBE(ImportRsaSsaPublicKeyBadUsage_SPKI)) { |
| 3650 const blink::WebCryptoAlgorithm algorithm = |
| 3651 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3652 blink::WebCryptoAlgorithmIdSha256); |
| 3653 |
| 3654 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3655 blink::WebCryptoKeyUsageSign, |
| 3656 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
| 3657 blink::WebCryptoKeyUsageEncrypt, |
| 3658 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 3659 }; |
| 3660 |
| 3661 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3662 SCOPED_TRACE(i); |
| 3663 |
| 3664 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 3665 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3666 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 3667 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 3668 algorithm, |
| 3669 false, |
| 3670 bad_usages[i], |
| 3671 &public_key)); |
| 3672 } |
| 3673 } |
| 3674 |
| 3675 // Try importing an RSA-SSA public key with unsupported key usages using JWK |
| 3676 // format. RSA-SSA public keys only support the 'verify' usage. |
| 3677 TEST_F(SharedCryptoTest, MAYBE(ImportRsaSsaPublicKeyBadUsage_JWK)) { |
| 3678 const blink::WebCryptoAlgorithm algorithm = |
| 3679 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3680 blink::WebCryptoAlgorithmIdSha256); |
| 3681 |
| 3682 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3683 blink::WebCryptoKeyUsageSign, |
| 3684 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
| 3685 blink::WebCryptoKeyUsageEncrypt, |
| 3686 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 3687 }; |
| 3688 |
| 3689 base::DictionaryValue dict; |
| 3690 RestoreJwkRsaDictionary(&dict); |
| 3691 dict.Remove("use", NULL); |
| 3692 dict.SetString("alg", "RS256"); |
| 3693 |
| 3694 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3695 SCOPED_TRACE(i); |
| 3696 |
| 3697 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 3698 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3699 ImportKeyJwkFromDict( |
| 3700 dict, algorithm, false, bad_usages[i], &public_key)); |
| 3701 } |
| 3702 } |
| 3703 |
| 3704 // Try importing an AES-CBC key with unsupported key usages using raw |
| 3705 // format. AES-CBC keys support the following usages: |
| 3706 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' |
| 3707 TEST_F(SharedCryptoTest, MAYBE(ImportAesCbcKeyBadUsage_Raw)) { |
| 3708 const blink::WebCryptoAlgorithm algorithm = |
| 3709 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
| 3710 |
| 3711 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3712 blink::WebCryptoKeyUsageSign, |
| 3713 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt, |
| 3714 blink::WebCryptoKeyUsageDeriveBits, |
| 3715 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify, |
| 3716 }; |
| 3717 |
| 3718 std::vector<uint8> key_bytes(16); |
| 3719 |
| 3720 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3721 SCOPED_TRACE(i); |
| 3722 |
| 3723 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 3724 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3725 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 3726 CryptoData(key_bytes), |
| 3727 algorithm, |
| 3728 true, |
| 3729 bad_usages[i], |
| 3730 &key)); |
| 3731 } |
| 3732 } |
| 3733 |
| 3734 // Try importing an AES-KW key with unsupported key usages using raw |
| 3735 // format. AES-KW keys support the following usages: |
| 3736 // 'wrapKey', 'unwrapKey' |
| 3737 TEST_F(SharedCryptoTest, MAYBE(ImportAesKwKeyBadUsage_Raw)) { |
| 3738 const blink::WebCryptoAlgorithm algorithm = |
| 3739 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
| 3740 |
| 3741 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3742 blink::WebCryptoKeyUsageEncrypt, |
| 3743 blink::WebCryptoKeyUsageDecrypt, |
| 3744 blink::WebCryptoKeyUsageSign, |
| 3745 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageUnwrapKey, |
| 3746 blink::WebCryptoKeyUsageDeriveBits, |
| 3747 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify, |
| 3748 }; |
| 3749 |
| 3750 std::vector<uint8> key_bytes(16); |
| 3751 |
| 3752 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3753 SCOPED_TRACE(i); |
| 3754 |
| 3755 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 3756 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3757 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 3758 CryptoData(key_bytes), |
| 3759 algorithm, |
| 3760 true, |
| 3761 bad_usages[i], |
| 3762 &key)); |
| 3763 } |
| 3764 } |
| 3765 |
| 3766 // Try unwrapping an HMAC key with unsupported usages using JWK format and |
| 3767 // AES-KW. HMAC keys support the following usages: |
| 3768 // 'sign', 'verify' |
| 3769 TEST_F(SharedCryptoTest, MAYBE(UnwrapHmacKeyBadUsage_JWK)) { |
| 3770 const blink::WebCryptoAlgorithm unwrap_algorithm = |
| 3771 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
| 3772 |
| 3773 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3774 blink::WebCryptoKeyUsageEncrypt, |
| 3775 blink::WebCryptoKeyUsageDecrypt, |
| 3776 blink::WebCryptoKeyUsageWrapKey, |
| 3777 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageWrapKey, |
| 3778 blink::WebCryptoKeyUsageVerify | blink::WebCryptoKeyUsageDeriveKey, |
| 3779 }; |
| 3780 |
| 3781 // Import the wrapping key. |
| 3782 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); |
| 3783 ASSERT_EQ(Status::Success(), |
| 3784 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 3785 CryptoData(std::vector<uint8>(16)), |
| 3786 unwrap_algorithm, |
| 3787 true, |
| 3788 blink::WebCryptoKeyUsageUnwrapKey, |
| 3789 &wrapping_key)); |
| 3790 |
| 3791 // The JWK plain text is: |
| 3792 // { "kty": "oct","alg": "HS256","k": "GADWrMRHwQfoNaXU5fZvTg=="} |
| 3793 const char* kWrappedJwk = |
| 3794 "0AA245F17064FFB2A7A094436A39BEBFC962C627303D1327EA750CE9F917688C2782A943" |
| 3795 "7AE7586547AC490E8AE7D5B02D63868D5C3BB57D36C4C8C5BF3962ACEC6F42E767E5706" |
| 3796 "4"; |
| 3797 |
| 3798 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3799 SCOPED_TRACE(i); |
| 3800 |
| 3801 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 3802 |
| 3803 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3804 UnwrapKey(blink::WebCryptoKeyFormatJwk, |
| 3805 CryptoData(HexStringToBytes(kWrappedJwk)), |
| 3806 wrapping_key, |
| 3807 unwrap_algorithm, |
| 3808 webcrypto::CreateHmacImportAlgorithm( |
| 3809 blink::WebCryptoAlgorithmIdSha256), |
| 3810 true, |
| 3811 bad_usages[i], |
| 3812 &key)); |
| 3813 } |
| 3814 } |
| 3815 |
| 3816 // Try unwrapping an RSA-SSA public key with unsupported usages using JWK format |
| 3817 // and AES-KW. RSA-SSA public keys support the following usages: |
| 3818 // 'verify' |
| 3819 TEST_F(SharedCryptoTest, MAYBE(UnwrapRsaSsaPublicKeyBadUsage_JWK)) { |
| 3820 const blink::WebCryptoAlgorithm unwrap_algorithm = |
| 3821 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
| 3822 |
| 3823 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3824 blink::WebCryptoKeyUsageEncrypt, |
| 3825 blink::WebCryptoKeyUsageSign, |
| 3826 blink::WebCryptoKeyUsageDecrypt, |
| 3827 blink::WebCryptoKeyUsageWrapKey, |
| 3828 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageWrapKey, |
| 3829 }; |
| 3830 |
| 3831 // Import the wrapping key. |
| 3832 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); |
| 3833 ASSERT_EQ(Status::Success(), |
| 3834 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 3835 CryptoData(std::vector<uint8>(16)), |
| 3836 unwrap_algorithm, |
| 3837 true, |
| 3838 blink::WebCryptoKeyUsageUnwrapKey, |
| 3839 &wrapping_key)); |
| 3840 |
| 3841 // The JWK plaintext is: |
| 3842 // { "kty": "RSA","alg": "RS256","n": "...","e": "AQAB"} |
| 3843 |
| 3844 const char* kWrappedJwk = |
| 3845 "CE8DAEF99E977EE58958B8C4494755C846E883B2ECA575C5366622839AF71AB30875F152" |
| 3846 "E8E33E15A7817A3A2874EB53EFE05C774D98BC936BA9BA29BEB8BB3F3C3CE2323CB3359D" |
| 3847 "E3F426605CF95CCF0E01E870ABD7E35F62E030B5FB6E520A5885514D1D850FB64B57806D" |
| 3848 "1ADA57C6E27DF345D8292D80F6B074F1BE51C4CF3D76ECC8886218551308681B44FAC60B" |
| 3849 "8CF6EA439BC63239103D0AE81ADB96F908680586C6169284E32EB7DD09D31103EBDAC0C2" |
| 3850 "40C72DCF0AEA454113CC47457B13305B25507CBEAB9BDC8D8E0F867F9167F9DCEF0D9F9B" |
| 3851 "30F2EE83CEDFD51136852C8A5939B768"; |
| 3852 |
| 3853 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3854 SCOPED_TRACE(i); |
| 3855 |
| 3856 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 3857 |
| 3858 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3859 UnwrapKey(blink::WebCryptoKeyFormatJwk, |
| 3860 CryptoData(HexStringToBytes(kWrappedJwk)), |
| 3861 wrapping_key, |
| 3862 unwrap_algorithm, |
| 3863 webcrypto::CreateRsaHashedImportAlgorithm( |
| 3864 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3865 blink::WebCryptoAlgorithmIdSha256), |
| 3866 true, |
| 3867 bad_usages[i], |
| 3868 &key)); |
| 3869 } |
| 3870 } |
| 3871 |
| 3872 // Generate an AES-CBC key with invalid usages. AES-CBC supports: |
| 3873 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' |
| 3874 TEST_F(SharedCryptoTest, MAYBE(GenerateAesKeyBadUsages)) { |
| 3875 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3876 blink::WebCryptoKeyUsageSign, blink::WebCryptoKeyUsageVerify, |
| 3877 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify, |
| 3878 }; |
| 3879 |
| 3880 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3881 SCOPED_TRACE(i); |
| 3882 |
| 3883 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 3884 |
| 3885 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3886 GenerateSecretKey( |
| 3887 CreateAesCbcKeyGenAlgorithm(128), true, bad_usages[i], &key)); |
| 3888 } |
| 3889 } |
| 3890 |
| 3891 // Generate an RSA-SSA key pair with invalid usages. RSA-SSA supports: |
| 3892 // 'sign', 'verify' |
| 3893 TEST_F(SharedCryptoTest, MAYBE(GenerateRsaSsaBadUsages)) { |
| 3894 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 3895 blink::WebCryptoKeyUsageDecrypt, |
| 3896 blink::WebCryptoKeyUsageVerify | blink::WebCryptoKeyUsageDecrypt, |
| 3897 blink::WebCryptoKeyUsageWrapKey, |
| 3898 }; |
| 3899 |
| 3900 const unsigned int modulus_length = 256; |
| 3901 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
| 3902 |
| 3903 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 3904 SCOPED_TRACE(i); |
| 3905 |
| 3906 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 3907 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 3908 |
| 3909 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 3910 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm( |
| 3911 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3912 blink::WebCryptoAlgorithmIdSha256, |
| 3913 modulus_length, |
| 3914 public_exponent), |
| 3915 true, |
| 3916 bad_usages[i], |
| 3917 &public_key, |
| 3918 &private_key)); |
| 3919 } |
| 3920 } |
| 3921 |
| 3922 // Generate an RSA-SSA key pair. The public and private keys should select the |
| 3923 // key usages which are applicable, and not have the exact same usages as was |
| 3924 // specified to GenerateKey |
| 3925 TEST_F(SharedCryptoTest, MAYBE(GenerateRsaSsaKeyPairIntersectUsages)) { |
| 3926 const unsigned int modulus_length = 256; |
| 3927 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
| 3928 |
| 3929 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 3930 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 3931 |
| 3932 ASSERT_EQ(Status::Success(), |
| 3933 GenerateKeyPair( |
| 3934 CreateRsaHashedKeyGenAlgorithm( |
| 3935 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3936 blink::WebCryptoAlgorithmIdSha256, |
| 3937 modulus_length, |
| 3938 public_exponent), |
| 3939 true, |
| 3940 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, |
| 3941 &public_key, |
| 3942 &private_key)); |
| 3943 |
| 3944 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, public_key.usages()); |
| 3945 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); |
| 3946 |
| 3947 // Try again but this time without the Verify usages. |
| 3948 ASSERT_EQ(Status::Success(), |
| 3949 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm( |
| 3950 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 3951 blink::WebCryptoAlgorithmIdSha256, |
| 3952 modulus_length, |
| 3953 public_exponent), |
| 3954 true, |
| 3955 blink::WebCryptoKeyUsageSign, |
| 3956 &public_key, |
| 3957 &private_key)); |
| 3958 |
| 3959 EXPECT_EQ(0, public_key.usages()); |
| 3960 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); |
| 3961 } |
| 3962 |
3674 } // namespace webcrypto | 3963 } // namespace webcrypto |
3675 | 3964 |
3676 } // namespace content | 3965 } // namespace content |
OLD | NEW |