Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(58)

Side by Side Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 282133002: [webcryto] Validate key usages during key creation. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/shared_crypto.h" 5 #include "content/child/webcrypto/shared_crypto.h"
6 6
7 #include <algorithm> 7 #include <algorithm>
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
(...skipping 418 matching lines...) Expand 10 before | Expand all | Expand 10 after
429 EXPECT_EQ(algorithm.id(), key.algorithm().id()); 429 EXPECT_EQ(algorithm.id(), key.algorithm().id());
430 EXPECT_EQ(extractable, key.extractable()); 430 EXPECT_EQ(extractable, key.extractable());
431 EXPECT_EQ(usage, key.usages()); 431 EXPECT_EQ(usage, key.usages());
432 return key; 432 return key;
433 } 433 }
434 434
435 void ImportRsaKeyPair(const std::vector<uint8>& spki_der, 435 void ImportRsaKeyPair(const std::vector<uint8>& spki_der,
436 const std::vector<uint8>& pkcs8_der, 436 const std::vector<uint8>& pkcs8_der,
437 const blink::WebCryptoAlgorithm& algorithm, 437 const blink::WebCryptoAlgorithm& algorithm,
438 bool extractable, 438 bool extractable,
439 blink::WebCryptoKeyUsageMask usage_mask, 439 blink::WebCryptoKeyUsageMask public_key_usage_mask,
440 blink::WebCryptoKeyUsageMask private_key_usage_mask,
440 blink::WebCryptoKey* public_key, 441 blink::WebCryptoKey* public_key,
441 blink::WebCryptoKey* private_key) { 442 blink::WebCryptoKey* private_key) {
442 EXPECT_EQ(Status::Success(), 443 EXPECT_EQ(Status::Success(),
443 ImportKey(blink::WebCryptoKeyFormatSpki, 444 ImportKey(blink::WebCryptoKeyFormatSpki,
444 CryptoData(spki_der), 445 CryptoData(spki_der),
445 algorithm, 446 algorithm,
446 true, 447 true,
447 usage_mask, 448 public_key_usage_mask,
448 public_key)); 449 public_key));
449 EXPECT_FALSE(public_key->isNull()); 450 EXPECT_FALSE(public_key->isNull());
450 EXPECT_TRUE(public_key->handle()); 451 EXPECT_TRUE(public_key->handle());
451 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type()); 452 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key->type());
452 EXPECT_EQ(algorithm.id(), public_key->algorithm().id()); 453 EXPECT_EQ(algorithm.id(), public_key->algorithm().id());
453 EXPECT_EQ(extractable, extractable); 454 EXPECT_TRUE(public_key->extractable());
454 EXPECT_EQ(usage_mask, public_key->usages()); 455 EXPECT_EQ(public_key_usage_mask, public_key->usages());
455 456
456 EXPECT_EQ(Status::Success(), 457 EXPECT_EQ(Status::Success(),
457 ImportKey(blink::WebCryptoKeyFormatPkcs8, 458 ImportKey(blink::WebCryptoKeyFormatPkcs8,
458 CryptoData(pkcs8_der), 459 CryptoData(pkcs8_der),
459 algorithm, 460 algorithm,
460 extractable, 461 extractable,
461 usage_mask, 462 private_key_usage_mask,
462 private_key)); 463 private_key));
463 EXPECT_FALSE(private_key->isNull()); 464 EXPECT_FALSE(private_key->isNull());
464 EXPECT_TRUE(private_key->handle()); 465 EXPECT_TRUE(private_key->handle());
465 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type()); 466 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key->type());
466 EXPECT_EQ(algorithm.id(), private_key->algorithm().id()); 467 EXPECT_EQ(algorithm.id(), private_key->algorithm().id());
467 EXPECT_EQ(extractable, extractable); 468 EXPECT_EQ(extractable, private_key->extractable());
468 EXPECT_EQ(usage_mask, private_key->usages()); 469 EXPECT_EQ(private_key_usage_mask, private_key->usages());
469 } 470 }
470 471
471 Status AesGcmEncrypt(const blink::WebCryptoKey& key, 472 Status AesGcmEncrypt(const blink::WebCryptoKey& key,
472 const std::vector<uint8>& iv, 473 const std::vector<uint8>& iv,
473 const std::vector<uint8>& additional_data, 474 const std::vector<uint8>& additional_data,
474 unsigned int tag_length_bits, 475 unsigned int tag_length_bits,
475 const std::vector<uint8>& plain_text, 476 const std::vector<uint8>& plain_text,
476 std::vector<uint8>* cipher_text, 477 std::vector<uint8>* cipher_text,
477 std::vector<uint8>* authentication_tag) { 478 std::vector<uint8>* authentication_tag) {
478 EXPECT_TRUE(SupportsAesGcm()); 479 EXPECT_TRUE(SupportsAesGcm());
(...skipping 709 matching lines...) Expand 10 before | Expand all | Expand 10 after
1188 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported. 1189 // TODO(padolph): Add 'deriveBits' key_ops value once it is supported.
1189 const TestCase test_case[] = { 1190 const TestCase test_case[] = {
1190 {"encrypt", "A128CBC", aes_cbc_algorithm, 1191 {"encrypt", "A128CBC", aes_cbc_algorithm,
1191 blink::WebCryptoKeyUsageEncrypt}, 1192 blink::WebCryptoKeyUsageEncrypt},
1192 {"decrypt", "A128CBC", aes_cbc_algorithm, 1193 {"decrypt", "A128CBC", aes_cbc_algorithm,
1193 blink::WebCryptoKeyUsageDecrypt}, 1194 blink::WebCryptoKeyUsageDecrypt},
1194 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign}, 1195 {"sign", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageSign},
1195 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify}, 1196 {"verify", "HS256", hmac_algorithm, blink::WebCryptoKeyUsageVerify},
1196 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey}, 1197 {"wrapKey", "A128KW", aes_kw_algorithm, blink::WebCryptoKeyUsageWrapKey},
1197 {"unwrapKey", "A128KW", aes_kw_algorithm, 1198 {"unwrapKey", "A128KW", aes_kw_algorithm,
1198 blink::WebCryptoKeyUsageUnwrapKey}, 1199 blink::WebCryptoKeyUsageUnwrapKey}};
1199 {"deriveKey", "HS256", hmac_algorithm,
1200 blink::WebCryptoKeyUsageDeriveKey}};
1201 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case); 1200 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(test_case);
1202 ++test_index) { 1201 ++test_index) {
1203 SCOPED_TRACE(test_index); 1202 SCOPED_TRACE(test_index);
1204 dict.SetString("alg", test_case[test_index].jwk_alg); 1203 dict.SetString("alg", test_case[test_index].jwk_alg);
1205 key_ops->Clear(); 1204 key_ops->Clear();
1206 key_ops->AppendString(test_case[test_index].jwk_key_op); 1205 key_ops->AppendString(test_case[test_index].jwk_key_op);
1207 EXPECT_EQ(Status::Success(), 1206 EXPECT_EQ(Status::Success(),
1208 ImportKeyJwkFromDict(dict, 1207 ImportKeyJwkFromDict(dict,
1209 test_case[test_index].algorithm, 1208 test_case[test_index].algorithm,
1210 false, 1209 false,
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after
1281 // Test JWK composite use 'enc' usage 1280 // Test JWK composite use 'enc' usage
1282 dict.SetString("alg", "A128CBC"); 1281 dict.SetString("alg", "A128CBC");
1283 dict.SetString("use", "enc"); 1282 dict.SetString("use", "enc");
1284 EXPECT_EQ(Status::Success(), 1283 EXPECT_EQ(Status::Success(),
1285 ImportKeyJwkFromDict(dict, 1284 ImportKeyJwkFromDict(dict,
1286 aes_cbc_algorithm, 1285 aes_cbc_algorithm,
1287 false, 1286 false,
1288 blink::WebCryptoKeyUsageDecrypt | 1287 blink::WebCryptoKeyUsageDecrypt |
1289 blink::WebCryptoKeyUsageEncrypt | 1288 blink::WebCryptoKeyUsageEncrypt |
1290 blink::WebCryptoKeyUsageWrapKey | 1289 blink::WebCryptoKeyUsageWrapKey |
1291 blink::WebCryptoKeyUsageUnwrapKey | 1290 blink::WebCryptoKeyUsageUnwrapKey,
1292 blink::WebCryptoKeyUsageDeriveKey,
1293 &key)); 1291 &key));
1294 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | 1292 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
1295 blink::WebCryptoKeyUsageWrapKey | 1293 blink::WebCryptoKeyUsageWrapKey |
1296 blink::WebCryptoKeyUsageUnwrapKey | 1294 blink::WebCryptoKeyUsageUnwrapKey,
1297 blink::WebCryptoKeyUsageDeriveKey,
1298 key.usages()); 1295 key.usages());
1299 } 1296 }
1300 1297
1301 TEST_F(SharedCryptoTest, ImportJwkFailures) { 1298 TEST_F(SharedCryptoTest, ImportJwkFailures) {
1302 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 1299 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
1303 blink::WebCryptoAlgorithm algorithm = 1300 blink::WebCryptoAlgorithm algorithm =
1304 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); 1301 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
1305 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; 1302 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
1306 1303
1307 // Baseline pass: each test below breaks a single item, so we start with a 1304 // Baseline pass: each test below breaks a single item, so we start with a
(...skipping 147 matching lines...) Expand 10 before | Expand all | Expand 10 after
1455 const char* const jwk_alg; 1452 const char* const jwk_alg;
1456 }; 1453 };
1457 const TestCase kTests[] = { 1454 const TestCase kTests[] = {
1458 // RSAES-PKCS1-v1_5 1455 // RSAES-PKCS1-v1_5
1459 {CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), 1456 {CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
1460 blink::WebCryptoKeyUsageEncrypt, "RSA1_5"}, 1457 blink::WebCryptoKeyUsageEncrypt, "RSA1_5"},
1461 // RSASSA-PKCS1-v1_5 SHA-1 1458 // RSASSA-PKCS1-v1_5 SHA-1
1462 {CreateRsaHashedImportAlgorithm( 1459 {CreateRsaHashedImportAlgorithm(
1463 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1460 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1464 blink::WebCryptoAlgorithmIdSha1), 1461 blink::WebCryptoAlgorithmIdSha1),
1465 blink::WebCryptoKeyUsageSign, "RS1"}, 1462 blink::WebCryptoKeyUsageVerify, "RS1"},
1466 // RSASSA-PKCS1-v1_5 SHA-256 1463 // RSASSA-PKCS1-v1_5 SHA-256
1467 {CreateRsaHashedImportAlgorithm( 1464 {CreateRsaHashedImportAlgorithm(
1468 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1465 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1469 blink::WebCryptoAlgorithmIdSha256), 1466 blink::WebCryptoAlgorithmIdSha256),
1470 blink::WebCryptoKeyUsageSign, "RS256"}, 1467 blink::WebCryptoKeyUsageVerify, "RS256"},
1471 // RSASSA-PKCS1-v1_5 SHA-384 1468 // RSASSA-PKCS1-v1_5 SHA-384
1472 {CreateRsaHashedImportAlgorithm( 1469 {CreateRsaHashedImportAlgorithm(
1473 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1470 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1474 blink::WebCryptoAlgorithmIdSha384), 1471 blink::WebCryptoAlgorithmIdSha384),
1475 blink::WebCryptoKeyUsageSign, "RS384"}, 1472 blink::WebCryptoKeyUsageVerify, "RS384"},
1476 // RSASSA-PKCS1-v1_5 SHA-512 1473 // RSASSA-PKCS1-v1_5 SHA-512
1477 {CreateRsaHashedImportAlgorithm( 1474 {CreateRsaHashedImportAlgorithm(
1478 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 1475 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
1479 blink::WebCryptoAlgorithmIdSha512), 1476 blink::WebCryptoAlgorithmIdSha512),
1480 blink::WebCryptoKeyUsageSign, "RS512"}}; 1477 blink::WebCryptoKeyUsageVerify, "RS512"}};
1481 1478
1482 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests); 1479 for (size_t test_index = 0; test_index < ARRAYSIZE_UNSAFE(kTests);
1483 ++test_index) { 1480 ++test_index) {
1484 SCOPED_TRACE(test_index); 1481 SCOPED_TRACE(test_index);
1485 const TestCase& test = kTests[test_index]; 1482 const TestCase& test = kTests[test_index];
1486 1483
1487 // Import the spki to create a public key 1484 // Import the spki to create a public key
1488 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 1485 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
1489 ASSERT_EQ(Status::Success(), 1486 ASSERT_EQ(Status::Success(),
1490 ImportKey(blink::WebCryptoKeyFormatSpki, 1487 ImportKey(blink::WebCryptoKeyFormatSpki,
(...skipping 10 matching lines...) Expand all
1501 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage)); 1498 EXPECT_TRUE(VerifyPublicJwk(jwk, test.jwk_alg, n_hex, e_hex, test.usage));
1502 1499
1503 // Import the JWK back in to create a new key 1500 // Import the JWK back in to create a new key
1504 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); 1501 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull();
1505 EXPECT_EQ( 1502 EXPECT_EQ(
1506 Status::Success(), 1503 Status::Success(),
1507 ImportKeyJwk( 1504 ImportKeyJwk(
1508 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); 1505 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2));
1509 EXPECT_TRUE(public_key2.handle()); 1506 EXPECT_TRUE(public_key2.handle());
1510 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); 1507 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type());
1511 EXPECT_EQ(true, public_key2.extractable()); 1508 EXPECT_TRUE(public_key2.extractable());
1512 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); 1509 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id());
1513 1510
1514 // Export the new key as spki and compare to the original. 1511 // Export the new key as spki and compare to the original.
1515 std::vector<uint8> spki; 1512 std::vector<uint8> spki;
1516 ASSERT_EQ(Status::Success(), 1513 ASSERT_EQ(Status::Success(),
1517 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); 1514 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki));
1518 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); 1515 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki));
1519 } 1516 }
1520 } 1517 }
1521 1518
(...skipping 705 matching lines...) Expand 10 before | Expand all | Expand 10 after
2227 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), 2224 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2228 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); 2225 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
2229 } 2226 }
2230 2227
2231 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { 2228 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) {
2232 // Import a key pair. 2229 // Import a key pair.
2233 blink::WebCryptoAlgorithm algorithm = 2230 blink::WebCryptoAlgorithm algorithm =
2234 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2231 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2235 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2232 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2236 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2233 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2237 ImportRsaKeyPair( 2234 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2238 HexStringToBytes(kPublicKeySpkiDerHex), 2235 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2239 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2236 algorithm,
2240 algorithm, 2237 false,
2241 false, 2238 blink::WebCryptoKeyUsageEncrypt,
2242 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2239 blink::WebCryptoKeyUsageDecrypt,
2243 &public_key, 2240 &public_key,
2244 &private_key); 2241 &private_key);
2245 2242
2246 // Make a maximum-length data message. RSAES can operate on messages up to 2243 // Make a maximum-length data message. RSAES can operate on messages up to
2247 // length of k - 11 bytes, where k is the octet length of the RSA modulus. 2244 // length of k - 11 bytes, where k is the octet length of the RSA modulus.
2248 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; 2245 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11;
2249 // There are two hex chars for each byte. 2246 // There are two hex chars for each byte.
2250 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; 2247 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2;
2251 char max_data_hex[kMsgHexSize + 1]; 2248 char max_data_hex[kMsgHexSize + 1];
2252 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); 2249 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a');
2253 max_data_hex[kMsgHexSize] = '\0'; 2250 max_data_hex[kMsgHexSize] = '\0';
2254 2251
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after
2295 GetBytesFromHexString(test, "rsa_pkcs8_der"); 2292 GetBytesFromHexString(test, "rsa_pkcs8_der");
2296 const std::vector<uint8> ciphertext = 2293 const std::vector<uint8> ciphertext =
2297 GetBytesFromHexString(test, "ciphertext"); 2294 GetBytesFromHexString(test, "ciphertext");
2298 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); 2295 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext");
2299 2296
2300 // Import the key pair. 2297 // Import the key pair.
2301 blink::WebCryptoAlgorithm algorithm = 2298 blink::WebCryptoAlgorithm algorithm =
2302 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2299 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2303 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2300 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2304 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2301 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2305 ImportRsaKeyPair( 2302 ImportRsaKeyPair(rsa_spki_der,
2306 rsa_spki_der, 2303 rsa_pkcs8_der,
2307 rsa_pkcs8_der, 2304 algorithm,
2308 algorithm, 2305 false,
2309 false, 2306 blink::WebCryptoKeyUsageEncrypt,
2310 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2307 blink::WebCryptoKeyUsageDecrypt,
2311 &public_key, 2308 &public_key,
2312 &private_key); 2309 &private_key);
2313 2310
2314 // Decrypt the known-good ciphertext with the private key. As a check we must 2311 // Decrypt the known-good ciphertext with the private key. As a check we must
2315 // get the known original cleartext. 2312 // get the known original cleartext.
2316 std::vector<uint8> decrypted_data; 2313 std::vector<uint8> decrypted_data;
2317 ASSERT_EQ( 2314 ASSERT_EQ(
2318 Status::Success(), 2315 Status::Success(),
2319 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); 2316 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data));
2320 EXPECT_BYTES_EQ(cleartext, decrypted_data); 2317 EXPECT_BYTES_EQ(cleartext, decrypted_data);
2321 2318
2322 // Encrypt this decrypted data with the public key. 2319 // Encrypt this decrypted data with the public key.
(...skipping 13 matching lines...) Expand all
2336 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2333 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2337 EXPECT_EQ(cleartext, decrypted_data); 2334 EXPECT_EQ(cleartext, decrypted_data);
2338 } 2335 }
2339 2336
2340 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { 2337 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) {
2341 // Import a key pair. 2338 // Import a key pair.
2342 blink::WebCryptoAlgorithm algorithm = 2339 blink::WebCryptoAlgorithm algorithm =
2343 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2340 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2344 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2341 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2345 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2342 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2346 ImportRsaKeyPair( 2343 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2347 HexStringToBytes(kPublicKeySpkiDerHex), 2344 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2348 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2345 algorithm,
2349 algorithm, 2346 false,
2350 false, 2347 blink::WebCryptoKeyUsageEncrypt,
2351 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, 2348 blink::WebCryptoKeyUsageDecrypt,
2352 &public_key, 2349 &public_key,
2353 &private_key); 2350 &private_key);
2354 2351
2355 // Fail encrypt with a private key.
2356 std::vector<uint8> encrypted_data; 2352 std::vector<uint8> encrypted_data;
2357 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); 2353 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f");
2358 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); 2354 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str));
2359 EXPECT_EQ(
2360 Status::ErrorUnexpectedKeyType(),
2361 Encrypt(
2362 algorithm, private_key, CryptoData(message_hex), &encrypted_data));
2363 2355
2364 // Fail encrypt with empty message. 2356 // Fail encrypt with empty message.
2365 EXPECT_EQ(Status::ErrorDataTooSmall(), 2357 EXPECT_EQ(Status::ErrorDataTooSmall(),
2366 Encrypt(algorithm, 2358 Encrypt(algorithm,
2367 public_key, 2359 public_key,
2368 CryptoData(std::vector<uint8>()), 2360 CryptoData(std::vector<uint8>()),
2369 &encrypted_data)); 2361 &encrypted_data));
2370 2362
2371 // Fail encrypt with message too large. RSAES can operate on messages up to 2363 // Fail encrypt with message too large. RSAES can operate on messages up to
2372 // length of k - 11 bytes, where k is the octet length of the RSA modulus. 2364 // length of k - 11 bytes, where k is the octet length of the RSA modulus.
2373 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; 2365 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11;
2374 EXPECT_EQ(Status::ErrorDataTooLarge(), 2366 EXPECT_EQ(Status::ErrorDataTooLarge(),
2375 Encrypt(algorithm, 2367 Encrypt(algorithm,
2376 public_key, 2368 public_key,
2377 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), 2369 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')),
2378 &encrypted_data)); 2370 &encrypted_data));
2379 2371
2380 // Generate encrypted data. 2372 // Generate encrypted data.
2381 EXPECT_EQ( 2373 EXPECT_EQ(
2382 Status::Success(), 2374 Status::Success(),
2383 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); 2375 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data));
2384 2376
2385 // Fail decrypt with a public key.
2386 std::vector<uint8> decrypted_data; 2377 std::vector<uint8> decrypted_data;
2387 EXPECT_EQ(
2388 Status::ErrorUnexpectedKeyType(),
2389 Decrypt(
2390 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data));
2391 2378
2392 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. 2379 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted.
2393 EXPECT_EQ(Status::OperationError(), 2380 EXPECT_EQ(Status::OperationError(),
2394 Decrypt(algorithm, 2381 Decrypt(algorithm,
2395 private_key, 2382 private_key,
2396 CryptoData(Corrupted(encrypted_data)), 2383 CryptoData(Corrupted(encrypted_data)),
2397 &decrypted_data)); 2384 &decrypted_data));
2398 2385
2399 // TODO(padolph): Are there other specific data corruption scenarios to 2386 // TODO(padolph): Are there other specific data corruption scenarios to
2400 // consider? 2387 // consider?
2401 2388
2402 // Do a successful decrypt with good data just for confirmation. 2389 // Do a successful decrypt with good data just for confirmation.
2403 EXPECT_EQ( 2390 EXPECT_EQ(
2404 Status::Success(), 2391 Status::Success(),
2405 Decrypt( 2392 Decrypt(
2406 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); 2393 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data));
2407 EXPECT_BYTES_EQ_HEX(message_hex_str, decrypted_data); 2394 EXPECT_BYTES_EQ_HEX(message_hex_str, decrypted_data);
2408 } 2395 }
2409 2396
2410 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { 2397 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
2411 // Import a key pair. 2398 // Import a key pair.
2412 blink::WebCryptoKeyUsageMask usage_mask =
2413 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
2414 blink::WebCryptoAlgorithm importAlgorithm = 2399 blink::WebCryptoAlgorithm importAlgorithm =
2415 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2400 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2416 blink::WebCryptoAlgorithmIdSha1); 2401 blink::WebCryptoAlgorithmIdSha1);
2417 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2402 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2418 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2403 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2419 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), 2404 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2420 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2405 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2421 importAlgorithm, 2406 importAlgorithm,
2422 false, 2407 false,
2423 usage_mask, 2408 blink::WebCryptoKeyUsageVerify,
2409 blink::WebCryptoKeyUsageSign,
2424 &public_key, 2410 &public_key,
2425 &private_key); 2411 &private_key);
2426 2412
2427 blink::WebCryptoAlgorithm algorithm = 2413 blink::WebCryptoAlgorithm algorithm =
2428 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); 2414 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
2429 2415
2430 std::vector<uint8> signature; 2416 std::vector<uint8> signature;
2431 bool signature_match; 2417 bool signature_match;
2432 2418
2433 // Compute a signature. 2419 // Compute a signature.
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after
2470 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); 2456 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
2471 const unsigned char kLongSignature[long_message_size_bytes] = {0}; 2457 const unsigned char kLongSignature[long_message_size_bytes] = {0};
2472 EXPECT_EQ(Status::Success(), 2458 EXPECT_EQ(Status::Success(),
2473 VerifySignature(algorithm, 2459 VerifySignature(algorithm,
2474 public_key, 2460 public_key,
2475 CryptoData(kLongSignature, sizeof(kLongSignature)), 2461 CryptoData(kLongSignature, sizeof(kLongSignature)),
2476 CryptoData(data), 2462 CryptoData(data),
2477 &signature_match)); 2463 &signature_match));
2478 EXPECT_FALSE(signature_match); 2464 EXPECT_FALSE(signature_match);
2479 2465
2480 // Ensure that verifying using a private key, rather than a public key, fails.
2481 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2482 VerifySignature(algorithm,
2483 private_key,
2484 CryptoData(signature),
2485 CryptoData(data),
2486 &signature_match));
2487
2488 // Ensure that signing using a public key, rather than a private key, fails.
2489 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
2490 Sign(algorithm, public_key, CryptoData(data), &signature));
2491
2492 // Ensure that signing and verifying with an incompatible algorithm fails. 2466 // Ensure that signing and verifying with an incompatible algorithm fails.
2493 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 2467 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
2494 2468
2495 EXPECT_EQ(Status::ErrorUnexpected(), 2469 EXPECT_EQ(Status::ErrorUnexpected(),
2496 Sign(algorithm, private_key, CryptoData(data), &signature)); 2470 Sign(algorithm, private_key, CryptoData(data), &signature));
2497 EXPECT_EQ(Status::ErrorUnexpected(), 2471 EXPECT_EQ(Status::ErrorUnexpected(),
2498 VerifySignature(algorithm, 2472 VerifySignature(algorithm,
2499 public_key, 2473 public_key,
2500 CryptoData(signature), 2474 CryptoData(signature),
2501 CryptoData(data), 2475 CryptoData(data),
(...skipping 16 matching lines...) Expand all
2518 &signature)); 2492 &signature));
2519 2493
2520 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull(); 2494 blink::WebCryptoKey public_key_256 = blink::WebCryptoKey::createNull();
2521 EXPECT_EQ(Status::Success(), 2495 EXPECT_EQ(Status::Success(),
2522 ImportKey(blink::WebCryptoKeyFormatSpki, 2496 ImportKey(blink::WebCryptoKeyFormatSpki,
2523 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), 2497 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
2524 CreateRsaHashedImportAlgorithm( 2498 CreateRsaHashedImportAlgorithm(
2525 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2499 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2526 blink::WebCryptoAlgorithmIdSha256), 2500 blink::WebCryptoAlgorithmIdSha256),
2527 true, 2501 true,
2528 usage_mask, 2502 blink::WebCryptoKeyUsageVerify,
2529 &public_key_256)); 2503 &public_key_256));
2530 2504
2531 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The 2505 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The
2532 // signature should not verify. 2506 // signature should not verify.
2533 // NOTE: public_key was produced by generateKey, and so its associated 2507 // NOTE: public_key was produced by generateKey, and so its associated
2534 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus 2508 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus
2535 // it has no inner hash to conflict with the input algorithm. 2509 // it has no inner hash to conflict with the input algorithm.
2536 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, 2510 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
2537 private_key.algorithm().rsaHashedParams()->hash().id()); 2511 private_key.algorithm().rsaHashedParams()->hash().id());
2538 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, 2512 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
(...skipping 13 matching lines...) Expand all
2552 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { 2526 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
2553 scoped_ptr<base::ListValue> tests; 2527 scoped_ptr<base::ListValue> tests;
2554 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); 2528 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests));
2555 2529
2556 // Import the key pair. 2530 // Import the key pair.
2557 blink::WebCryptoAlgorithm importAlgorithm = 2531 blink::WebCryptoAlgorithm importAlgorithm =
2558 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, 2532 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
2559 blink::WebCryptoAlgorithmIdSha1); 2533 blink::WebCryptoAlgorithmIdSha1);
2560 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 2534 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
2561 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 2535 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
2562 ImportRsaKeyPair( 2536 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
2563 HexStringToBytes(kPublicKeySpkiDerHex), 2537 HexStringToBytes(kPrivateKeyPkcs8DerHex),
2564 HexStringToBytes(kPrivateKeyPkcs8DerHex), 2538 importAlgorithm,
2565 importAlgorithm, 2539 false,
2566 false, 2540 blink::WebCryptoKeyUsageVerify,
2567 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, 2541 blink::WebCryptoKeyUsageSign,
2568 &public_key, 2542 &public_key,
2569 &private_key); 2543 &private_key);
2570 2544
2571 blink::WebCryptoAlgorithm algorithm = 2545 blink::WebCryptoAlgorithm algorithm =
2572 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); 2546 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5);
2573 2547
2574 // Validate the signatures are computed and verified as expected. 2548 // Validate the signatures are computed and verified as expected.
2575 std::vector<uint8> signature; 2549 std::vector<uint8> signature;
2576 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { 2550 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
2577 SCOPED_TRACE(test_index); 2551 SCOPED_TRACE(test_index);
2578 2552
2579 base::DictionaryValue* test; 2553 base::DictionaryValue* test;
(...skipping 111 matching lines...) Expand 10 before | Expand all | Expand 10 after
2691 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) { 2665 TEST_F(SharedCryptoTest, MAYBE(UnwrapFailures)) {
2692 // This test exercises the code path common to all unwrap operations. 2666 // This test exercises the code path common to all unwrap operations.
2693 scoped_ptr<base::ListValue> tests; 2667 scoped_ptr<base::ListValue> tests;
2694 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); 2668 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
2695 base::DictionaryValue* test; 2669 base::DictionaryValue* test;
2696 ASSERT_TRUE(tests->GetDictionary(0, &test)); 2670 ASSERT_TRUE(tests->GetDictionary(0, &test));
2697 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); 2671 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
2698 const std::vector<uint8> test_ciphertext = 2672 const std::vector<uint8> test_ciphertext =
2699 GetBytesFromHexString(test, "ciphertext"); 2673 GetBytesFromHexString(test, "ciphertext");
2700 2674
2701 // Using a key that does not have unwrapKey usage should fail.
2702 blink::WebCryptoKey bad_wrapping_key = ImportSecretKeyFromRaw(
2703 test_kek,
2704 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2705 blink::WebCryptoKeyUsageDecrypt); // <-- should be UnwrapKey
2706 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 2675 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
2707 EXPECT_EQ(
2708 Status::ErrorUnexpected(),
2709 UnwrapKey(blink::WebCryptoKeyFormatRaw,
2710 CryptoData(test_ciphertext),
2711 bad_wrapping_key,
2712 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2713 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
2714 true,
2715 blink::WebCryptoKeyUsageEncrypt,
2716 &unwrapped_key));
2717 2676
2718 // Using a wrapping algorithm that does not match the wrapping key algorithm 2677 // Using a wrapping algorithm that does not match the wrapping key algorithm
2719 // should fail. 2678 // should fail.
2720 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw( 2679 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
2721 test_kek, 2680 test_kek,
2722 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), 2681 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
2723 blink::WebCryptoKeyUsageUnwrapKey); 2682 blink::WebCryptoKeyUsageUnwrapKey);
2724 EXPECT_EQ( 2683 EXPECT_EQ(
2725 Status::ErrorUnexpected(), 2684 Status::ErrorUnexpected(),
2726 UnwrapKey(blink::WebCryptoKeyFormatRaw, 2685 UnwrapKey(blink::WebCryptoKeyFormatRaw,
(...skipping 406 matching lines...) Expand 10 before | Expand all | Expand 10 after
3133 GetBytesFromHexString(test, "ciphertext"); 3092 GetBytesFromHexString(test, "ciphertext");
3134 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); 3093 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext");
3135 blink::WebCryptoAlgorithm key_algorithm = 3094 blink::WebCryptoAlgorithm key_algorithm =
3136 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 3095 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
3137 3096
3138 // Import the RSA key pair. 3097 // Import the RSA key pair.
3139 blink::WebCryptoAlgorithm algorithm = 3098 blink::WebCryptoAlgorithm algorithm =
3140 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3099 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3141 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 3100 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3142 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 3101 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3143 ImportRsaKeyPair( 3102 ImportRsaKeyPair(rsa_spki_der,
3144 rsa_spki_der, 3103 rsa_pkcs8_der,
3145 rsa_pkcs8_der, 3104 algorithm,
3146 algorithm, 3105 false,
3147 false, 3106 blink::WebCryptoKeyUsageWrapKey,
3148 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3107 blink::WebCryptoKeyUsageUnwrapKey,
3149 &public_key, 3108 &public_key,
3150 &private_key); 3109 &private_key);
3151 3110
3152 // Import the symmetric key. 3111 // Import the symmetric key.
3153 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3112 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3154 ASSERT_EQ(Status::Success(), 3113 ASSERT_EQ(Status::Success(),
3155 ImportKey(blink::WebCryptoKeyFormatRaw, 3114 ImportKey(blink::WebCryptoKeyFormatRaw,
3156 CryptoData(cleartext), 3115 CryptoData(cleartext),
3157 key_algorithm, 3116 key_algorithm,
3158 true, 3117 true,
3159 blink::WebCryptoKeyUsageSign, 3118 blink::WebCryptoKeyUsageSign,
3160 &key)); 3119 &key));
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after
3210 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { 3169 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) {
3211 const std::vector<uint8> data(64, 0); 3170 const std::vector<uint8> data(64, 0);
3212 blink::WebCryptoAlgorithm key_algorithm = 3171 blink::WebCryptoAlgorithm key_algorithm =
3213 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); 3172 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256);
3214 3173
3215 // Import the RSA key pair. 3174 // Import the RSA key pair.
3216 blink::WebCryptoAlgorithm wrapping_algorithm = 3175 blink::WebCryptoAlgorithm wrapping_algorithm =
3217 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3176 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3218 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); 3177 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3219 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); 3178 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3220 ImportRsaKeyPair( 3179 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
3221 HexStringToBytes(kPublicKeySpkiDerHex), 3180 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3222 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3181 wrapping_algorithm,
3223 wrapping_algorithm, 3182 false,
3224 false, 3183 blink::WebCryptoKeyUsageWrapKey,
3225 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3184 blink::WebCryptoKeyUsageUnwrapKey,
3226 &public_key, 3185 &public_key,
3227 &private_key); 3186 &private_key);
3228 3187
3229 // Import the symmetric key. 3188 // Import the symmetric key.
3230 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); 3189 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3231 ASSERT_EQ(Status::Success(), 3190 ASSERT_EQ(Status::Success(),
3232 ImportKey(blink::WebCryptoKeyFormatRaw, 3191 ImportKey(blink::WebCryptoKeyFormatRaw,
3233 CryptoData(data), 3192 CryptoData(data),
3234 key_algorithm, 3193 key_algorithm,
3235 true, 3194 true,
3236 blink::WebCryptoKeyUsageSign, 3195 blink::WebCryptoKeyUsageSign,
3237 &key)); 3196 &key));
3238 3197
3239 // Wrapping with a private key should fail.
3240 std::vector<uint8> wrapped_key; 3198 std::vector<uint8> wrapped_key;
3241 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3242 WrapKey(blink::WebCryptoKeyFormatRaw,
3243 key,
3244 private_key,
3245 wrapping_algorithm,
3246 &wrapped_key));
3247 3199
3248 // Wrapping a key whose raw keying material is too large for the wrapping key 3200 // Wrapping a key whose raw keying material is too large for the wrapping key
3249 // should fail. 3201 // should fail.
3250 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet 3202 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet
3251 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a 3203 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a
3252 // big piece of data here that fails both of these criteria, so it can be used 3204 // big piece of data here that fails both of these criteria, so it can be used
3253 // for both wrap and unwrap negative tests below. 3205 // for both wrap and unwrap negative tests below.
3254 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0); 3206 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0);
3255 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); 3207 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull();
3256 ASSERT_EQ(Status::Success(), 3208 ASSERT_EQ(Status::Success(),
3257 ImportKey(blink::WebCryptoKeyFormatRaw, 3209 ImportKey(blink::WebCryptoKeyFormatRaw,
3258 CryptoData(big_data), 3210 CryptoData(big_data),
3259 key_algorithm, 3211 key_algorithm,
3260 true, 3212 true,
3261 blink::WebCryptoKeyUsageSign, 3213 blink::WebCryptoKeyUsageSign,
3262 &big_key)); 3214 &big_key));
3263 EXPECT_EQ(Status::ErrorDataTooLarge(), 3215 EXPECT_EQ(Status::ErrorDataTooLarge(),
3264 WrapKey(blink::WebCryptoKeyFormatRaw, 3216 WrapKey(blink::WebCryptoKeyFormatRaw,
3265 big_key, 3217 big_key,
3266 public_key, 3218 public_key,
3267 wrapping_algorithm, 3219 wrapping_algorithm,
3268 &wrapped_key)); 3220 &wrapped_key));
3269 3221
3270 // Unwrapping with a public key should fail.
3271 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3222 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3272 EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
3273 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3274 CryptoData(data),
3275 public_key,
3276 wrapping_algorithm,
3277 key_algorithm,
3278 true,
3279 blink::WebCryptoKeyUsageSign,
3280 &unwrapped_key));
3281 3223
3282 // Unwrapping empty data should fail. 3224 // Unwrapping empty data should fail.
3283 const std::vector<uint8> emtpy_data; 3225 const std::vector<uint8> emtpy_data;
3284 EXPECT_EQ(Status::ErrorDataTooSmall(), 3226 EXPECT_EQ(Status::ErrorDataTooSmall(),
3285 UnwrapKey(blink::WebCryptoKeyFormatRaw, 3227 UnwrapKey(blink::WebCryptoKeyFormatRaw,
3286 CryptoData(emtpy_data), 3228 CryptoData(emtpy_data),
3287 private_key, 3229 private_key,
3288 wrapping_algorithm, 3230 wrapping_algorithm,
3289 key_algorithm, 3231 key_algorithm,
3290 true, 3232 true,
(...skipping 72 matching lines...) Expand 10 before | Expand all | Expand 10 after
3363 ASSERT_EQ( 3305 ASSERT_EQ(
3364 Status::Success(), 3306 Status::Success(),
3365 GenerateSecretKey( 3307 GenerateSecretKey(
3366 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); 3308 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap));
3367 3309
3368 // Import the wrapping key pair. 3310 // Import the wrapping key pair.
3369 const blink::WebCryptoAlgorithm wrapping_algorithm = 3311 const blink::WebCryptoAlgorithm wrapping_algorithm =
3370 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); 3312 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
3371 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); 3313 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull();
3372 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3314 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3373 ImportRsaKeyPair( 3315 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex),
3374 HexStringToBytes(kPublicKeySpkiDerHex), 3316 HexStringToBytes(kPrivateKeyPkcs8DerHex),
3375 HexStringToBytes(kPrivateKeyPkcs8DerHex), 3317 wrapping_algorithm,
3376 wrapping_algorithm, 3318 false,
3377 false, 3319 blink::WebCryptoKeyUsageWrapKey,
3378 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, 3320 blink::WebCryptoKeyUsageUnwrapKey,
3379 &public_wrapping_key, 3321 &public_wrapping_key,
3380 &private_wrapping_key); 3322 &private_wrapping_key);
3381 3323
3382 // Wrap the symkey in JWK format, using the public wrapping key. 3324 // Wrap the symkey in JWK format, using the public wrapping key.
3383 std::vector<uint8> wrapped_data; 3325 std::vector<uint8> wrapped_data;
3384 ASSERT_EQ(Status::Success(), 3326 ASSERT_EQ(Status::Success(),
3385 WrapKey(blink::WebCryptoKeyFormatJwk, 3327 WrapKey(blink::WebCryptoKeyFormatJwk,
3386 key_to_wrap, 3328 key_to_wrap,
3387 public_wrapping_key, 3329 public_wrapping_key,
3388 wrapping_algorithm, 3330 wrapping_algorithm,
3389 &wrapped_data)); 3331 &wrapped_data));
3390 3332
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after
3458 // it has unwrap rather than decrypt usage. 3400 // it has unwrap rather than decrypt usage.
3459 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); 3401 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull();
3460 ASSERT_EQ(Status::Success(), 3402 ASSERT_EQ(Status::Success(),
3461 ImportKey(blink::WebCryptoKeyFormatPkcs8, 3403 ImportKey(blink::WebCryptoKeyFormatPkcs8,
3462 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), 3404 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
3463 algorithm, 3405 algorithm,
3464 false, 3406 false,
3465 blink::WebCryptoKeyUsageUnwrapKey, 3407 blink::WebCryptoKeyUsageUnwrapKey,
3466 &private_wrapping_key)); 3408 &private_wrapping_key));
3467 3409
3468 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a 3410 // Treat the ciphertext as a wrapped key and try to unwrap it.
3469 // generic error is received. 3411 // Unwrapping fails because kty="foo" is invalid.
3470 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); 3412 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
3471 EXPECT_EQ(Status::OperationError(), 3413 EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
3472 UnwrapKey(blink::WebCryptoKeyFormatJwk, 3414 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3473 CryptoData(ciphertext), 3415 CryptoData(ciphertext),
3474 private_wrapping_key, 3416 private_wrapping_key,
3475 algorithm, 3417 algorithm,
3476 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), 3418 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
3477 true, 3419 true,
3478 blink::WebCryptoKeyUsageEncrypt, 3420 blink::WebCryptoKeyUsageEncrypt,
3479 &unwrapped_key)); 3421 &unwrapped_key));
3480 } 3422 }
3481 3423
3424 // Try importing an RSA-SSA public key with unsupported key usages using SPKI
3425 // format. RSA-SSA public keys only support the 'verify' usage.
3426 TEST_F(SharedCryptoTest, MAYBE(ImportRsaSsaPublicKeyBadUsage_SPKI)) {
3427 const blink::WebCryptoAlgorithm algorithm =
3428 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3429 blink::WebCryptoAlgorithmIdSha256);
3430
3431 blink::WebCryptoKeyUsageMask bad_usages[] = {
3432 blink::WebCryptoKeyUsageSign,
3433 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
3434 blink::WebCryptoKeyUsageEncrypt,
3435 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
3436 };
3437
3438 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3439 SCOPED_TRACE(i);
3440
3441 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3442 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3443 ImportKey(blink::WebCryptoKeyFormatSpki,
3444 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
3445 algorithm,
3446 false,
3447 bad_usages[i],
3448 &public_key));
3449 }
3450 }
3451
3452 // Try importing an RSA-SSA public key with unsupported key usages using JWK
3453 // format. RSA-SSA public keys only support the 'verify' usage.
3454 TEST_F(SharedCryptoTest, MAYBE(ImportRsaSsaPublicKeyBadUsage_JWK)) {
3455 const blink::WebCryptoAlgorithm algorithm =
3456 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3457 blink::WebCryptoAlgorithmIdSha256);
3458
3459 blink::WebCryptoKeyUsageMask bad_usages[] = {
3460 blink::WebCryptoKeyUsageSign,
3461 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
3462 blink::WebCryptoKeyUsageEncrypt,
3463 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
3464 };
3465
3466 base::DictionaryValue dict;
3467 RestoreJwkRsaDictionary(&dict);
3468 dict.Remove("use", NULL);
3469 dict.SetString("alg", "RS256");
3470
3471 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3472 SCOPED_TRACE(i);
3473
3474 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3475 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3476 ImportKeyJwkFromDict(
3477 dict, algorithm, false, bad_usages[i], &public_key));
3478 }
3479 }
3480
3481 // Try importing an AES-CBC key with unsupported key usages using raw
3482 // format. AES-CBC keys support the following usages:
3483 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
3484 TEST_F(SharedCryptoTest, MAYBE(ImportAesCbcKeyBadUsage_Raw)) {
3485 const blink::WebCryptoAlgorithm algorithm =
3486 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
3487
3488 blink::WebCryptoKeyUsageMask bad_usages[] = {
3489 blink::WebCryptoKeyUsageSign,
3490 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt,
3491 blink::WebCryptoKeyUsageDeriveBits,
3492 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify,
3493 };
3494
3495 std::vector<uint8> key_bytes(16);
3496
3497 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3498 SCOPED_TRACE(i);
3499
3500 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3501 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3502 ImportKey(blink::WebCryptoKeyFormatRaw,
3503 CryptoData(key_bytes),
3504 algorithm,
3505 true,
3506 bad_usages[i],
3507 &key));
3508 }
3509 }
3510
3511 // Try importing an AES-KW key with unsupported key usages using raw
3512 // format. AES-KW keys support the following usages:
3513 // 'wrapKey', 'unwrapKey'
3514 TEST_F(SharedCryptoTest, MAYBE(ImportAesKwKeyBadUsage_Raw)) {
3515 const blink::WebCryptoAlgorithm algorithm =
3516 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
3517
3518 blink::WebCryptoKeyUsageMask bad_usages[] = {
3519 blink::WebCryptoKeyUsageEncrypt,
3520 blink::WebCryptoKeyUsageDecrypt,
3521 blink::WebCryptoKeyUsageSign,
3522 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageUnwrapKey,
3523 blink::WebCryptoKeyUsageDeriveBits,
3524 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify,
3525 };
3526
3527 std::vector<uint8> key_bytes(16);
3528
3529 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3530 SCOPED_TRACE(i);
3531
3532 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3533 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3534 ImportKey(blink::WebCryptoKeyFormatRaw,
3535 CryptoData(key_bytes),
3536 algorithm,
3537 true,
3538 bad_usages[i],
3539 &key));
3540 }
3541 }
3542
3543 // Try unwrapping an HMAC key with unsupported usages using JWK format and
3544 // AES-KW. HMAC keys support the following usages:
3545 // 'sign', 'verify'
3546 TEST_F(SharedCryptoTest, MAYBE(UnwrapHmacKeyBadUsage_JWK)) {
3547 const blink::WebCryptoAlgorithm unwrap_algorithm =
3548 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
3549
3550 blink::WebCryptoKeyUsageMask bad_usages[] = {
3551 blink::WebCryptoKeyUsageEncrypt,
3552 blink::WebCryptoKeyUsageDecrypt,
3553 blink::WebCryptoKeyUsageWrapKey,
3554 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageWrapKey,
3555 blink::WebCryptoKeyUsageVerify | blink::WebCryptoKeyUsageDeriveKey,
3556 };
3557
3558 // Import the wrapping key.
3559 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull();
3560 ASSERT_EQ(Status::Success(),
3561 ImportKey(blink::WebCryptoKeyFormatRaw,
3562 CryptoData(std::vector<uint8>(16)),
3563 unwrap_algorithm,
3564 true,
3565 blink::WebCryptoKeyUsageUnwrapKey,
3566 &wrapping_key));
3567
3568 // The JWK plain text is:
3569 // { "kty": "oct","alg": "HS256","k": "GADWrMRHwQfoNaXU5fZvTg=="}
3570 const char* kWrappedJwk =
3571 "0AA245F17064FFB2A7A094436A39BEBFC962C627303D1327EA750CE9F917688C2782A943"
3572 "7AE7586547AC490E8AE7D5B02D63868D5C3BB57D36C4C8C5BF3962ACEC6F42E767E5706"
3573 "4";
3574
3575 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3576 SCOPED_TRACE(i);
3577
3578 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3579
3580 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3581 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3582 CryptoData(HexStringToBytes(kWrappedJwk)),
3583 wrapping_key,
3584 unwrap_algorithm,
3585 webcrypto::CreateHmacImportAlgorithm(
3586 blink::WebCryptoAlgorithmIdSha256),
3587 true,
3588 bad_usages[i],
3589 &key));
3590 }
3591 }
3592
3593 // Try unwrapping an RSA-SSA public key with unsupported usages using JWK format
3594 // and AES-KW. RSA-SSA public keys support the following usages:
3595 // 'verify'
3596 TEST_F(SharedCryptoTest, MAYBE(UnwrapRsaSsaPublicKeyBadUsage_JWK)) {
3597 const blink::WebCryptoAlgorithm unwrap_algorithm =
3598 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw);
3599
3600 blink::WebCryptoKeyUsageMask bad_usages[] = {
3601 blink::WebCryptoKeyUsageEncrypt,
3602 blink::WebCryptoKeyUsageSign,
3603 blink::WebCryptoKeyUsageDecrypt,
3604 blink::WebCryptoKeyUsageWrapKey,
3605 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageWrapKey,
3606 };
3607
3608 // Import the wrapping key.
3609 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull();
3610 ASSERT_EQ(Status::Success(),
3611 ImportKey(blink::WebCryptoKeyFormatRaw,
3612 CryptoData(std::vector<uint8>(16)),
3613 unwrap_algorithm,
3614 true,
3615 blink::WebCryptoKeyUsageUnwrapKey,
3616 &wrapping_key));
3617
3618 // The JWK plaintext is:
3619 // { "kty": "RSA","alg": "RS256","n": "...","e": "AQAB"}
3620
3621 const char* kWrappedJwk =
3622 "CE8DAEF99E977EE58958B8C4494755C846E883B2ECA575C5366622839AF71AB30875F152"
3623 "E8E33E15A7817A3A2874EB53EFE05C774D98BC936BA9BA29BEB8BB3F3C3CE2323CB3359D"
3624 "E3F426605CF95CCF0E01E870ABD7E35F62E030B5FB6E520A5885514D1D850FB64B57806D"
3625 "1ADA57C6E27DF345D8292D80F6B074F1BE51C4CF3D76ECC8886218551308681B44FAC60B"
3626 "8CF6EA439BC63239103D0AE81ADB96F908680586C6169284E32EB7DD09D31103EBDAC0C2"
3627 "40C72DCF0AEA454113CC47457B13305B25507CBEAB9BDC8D8E0F867F9167F9DCEF0D9F9B"
3628 "30F2EE83CEDFD51136852C8A5939B768";
3629
3630 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3631 SCOPED_TRACE(i);
3632
3633 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3634
3635 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3636 UnwrapKey(blink::WebCryptoKeyFormatJwk,
3637 CryptoData(HexStringToBytes(kWrappedJwk)),
3638 wrapping_key,
3639 unwrap_algorithm,
3640 webcrypto::CreateRsaHashedImportAlgorithm(
3641 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3642 blink::WebCryptoAlgorithmIdSha256),
3643 true,
3644 bad_usages[i],
3645 &key));
3646 }
3647 }
3648
3649 // Generate an AES-CBC key with invalid usages. AES-CBC supports:
3650 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
3651 TEST_F(SharedCryptoTest, MAYBE(GenerateAesKeyBadUsages)) {
3652 blink::WebCryptoKeyUsageMask bad_usages[] = {
3653 blink::WebCryptoKeyUsageSign, blink::WebCryptoKeyUsageVerify,
3654 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify,
3655 };
3656
3657 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3658 SCOPED_TRACE(i);
3659
3660 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
3661
3662 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3663 GenerateSecretKey(
3664 CreateAesCbcKeyGenAlgorithm(128), true, bad_usages[i], &key));
3665 }
3666 }
3667
3668 // Generate an RSA-SSA key pair with invalid usages. RSA-SSA supports:
3669 // 'sign', 'verify'
3670 TEST_F(SharedCryptoTest, MAYBE(GenerateRsaSsaBadUsages)) {
3671 blink::WebCryptoKeyUsageMask bad_usages[] = {
3672 blink::WebCryptoKeyUsageDecrypt,
3673 blink::WebCryptoKeyUsageVerify | blink::WebCryptoKeyUsageDecrypt,
3674 blink::WebCryptoKeyUsageWrapKey,
3675 };
3676
3677 const unsigned int modulus_length = 256;
3678 const std::vector<uint8> public_exponent = HexStringToBytes("010001");
3679
3680 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
3681 SCOPED_TRACE(i);
3682
3683 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3684 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3685
3686 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
3687 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm(
3688 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3689 blink::WebCryptoAlgorithmIdSha256,
3690 modulus_length,
3691 public_exponent),
3692 true,
3693 bad_usages[i],
3694 &public_key,
3695 &private_key));
3696 }
3697 }
3698
3699 // Generate an RSA-SSA key pair. The public and private keys should select the
3700 // key usages which are applicable, and not have the exact same usages as was
3701 // specified to GenerateKey
3702 TEST_F(SharedCryptoTest, MAYBE(GenerateRsaSsaKeyPairIntersectUsages)) {
3703 const unsigned int modulus_length = 256;
3704 const std::vector<uint8> public_exponent = HexStringToBytes("010001");
3705
3706 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
3707 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
3708
3709 ASSERT_EQ(Status::Success(),
3710 GenerateKeyPair(
3711 CreateRsaHashedKeyGenAlgorithm(
3712 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3713 blink::WebCryptoAlgorithmIdSha256,
3714 modulus_length,
3715 public_exponent),
3716 true,
3717 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
3718 &public_key,
3719 &private_key));
3720
3721 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, public_key.usages());
3722 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages());
3723
3724 // Try again but this time without the Verify usages.
3725 ASSERT_EQ(Status::Success(),
3726 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm(
3727 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
3728 blink::WebCryptoAlgorithmIdSha256,
3729 modulus_length,
3730 public_exponent),
3731 true,
3732 blink::WebCryptoKeyUsageSign,
3733 &public_key,
3734 &private_key));
3735
3736 EXPECT_EQ(0, public_key.usages());
3737 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages());
3738 }
3739
3482 } // namespace webcrypto 3740 } // namespace webcrypto
3483 3741
3484 } // namespace content 3742 } // namespace content
OLDNEW

Powered by Google App Engine
This is Rietveld 408576698