OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 106 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
117 #if defined(USE_OPENSSL) | 117 #if defined(USE_OPENSSL) |
118 return false; | 118 return false; |
119 #else | 119 #else |
120 if (!NSS_VersionCheck("3.16.2")) | 120 if (!NSS_VersionCheck("3.16.2")) |
121 return false; | 121 return false; |
122 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 122 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
123 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); | 123 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); |
124 #endif | 124 #endif |
125 } | 125 } |
126 | 126 |
127 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( | |
128 blink::WebCryptoAlgorithmId algorithm_id, | |
129 unsigned int modulus_length, | |
130 const std::vector<uint8>& public_exponent) { | |
131 DCHECK_EQ(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, algorithm_id); | |
132 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
133 algorithm_id, | |
134 new blink::WebCryptoRsaKeyGenParams( | |
135 modulus_length, | |
136 webcrypto::Uint8VectorStart(public_exponent), | |
137 public_exponent.size())); | |
138 } | |
139 | |
140 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( | 127 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( |
141 blink::WebCryptoAlgorithmId algorithm_id, | 128 blink::WebCryptoAlgorithmId algorithm_id, |
142 const blink::WebCryptoAlgorithmId hash_id, | 129 const blink::WebCryptoAlgorithmId hash_id, |
143 unsigned int modulus_length, | 130 unsigned int modulus_length, |
144 const std::vector<uint8>& public_exponent) { | 131 const std::vector<uint8>& public_exponent) { |
145 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 132 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
146 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 133 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
147 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 134 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
148 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 135 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
149 algorithm_id, | 136 algorithm_id, |
(...skipping 188 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
338 dict->SetString("use", "enc"); | 325 dict->SetString("use", "enc"); |
339 dict->SetBoolean("ext", false); | 326 dict->SetBoolean("ext", false); |
340 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 327 dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
341 } | 328 } |
342 | 329 |
343 // Helper for ImportJwkRsaFailures. Restores the JWK JSON | 330 // Helper for ImportJwkRsaFailures. Restores the JWK JSON |
344 // dictionary to a good state | 331 // dictionary to a good state |
345 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { | 332 void RestoreJwkRsaDictionary(base::DictionaryValue* dict) { |
346 dict->Clear(); | 333 dict->Clear(); |
347 dict->SetString("kty", "RSA"); | 334 dict->SetString("kty", "RSA"); |
348 dict->SetString("alg", "RSA1_5"); | 335 dict->SetString("alg", "RS256"); |
349 dict->SetString("use", "enc"); | 336 dict->SetString("use", "sig"); |
350 dict->SetBoolean("ext", false); | 337 dict->SetBoolean("ext", false); |
351 dict->SetString( | 338 dict->SetString( |
352 "n", | 339 "n", |
353 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 340 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
354 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 341 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
355 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 342 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
356 dict->SetString("e", "AQAB"); | 343 dict->SetString("e", "AQAB"); |
357 } | 344 } |
358 | 345 |
359 // Returns true if any of the vectors in the input list have identical content. | 346 // Returns true if any of the vectors in the input list have identical content. |
(...skipping 1118 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1478 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" | 1465 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" |
1479 << "tests."; | 1466 << "tests."; |
1480 } | 1467 } |
1481 | 1468 |
1482 struct TestCase { | 1469 struct TestCase { |
1483 const blink::WebCryptoAlgorithm algorithm; | 1470 const blink::WebCryptoAlgorithm algorithm; |
1484 const blink::WebCryptoKeyUsageMask usage; | 1471 const blink::WebCryptoKeyUsageMask usage; |
1485 const char* const jwk_alg; | 1472 const char* const jwk_alg; |
1486 }; | 1473 }; |
1487 const TestCase kTests[] = { | 1474 const TestCase kTests[] = { |
1488 // RSAES-PKCS1-v1_5 | |
1489 {CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | |
1490 blink::WebCryptoKeyUsageEncrypt, "RSA1_5"}, | |
1491 // RSASSA-PKCS1-v1_5 SHA-1 | 1475 // RSASSA-PKCS1-v1_5 SHA-1 |
1492 {CreateRsaHashedImportAlgorithm( | 1476 {CreateRsaHashedImportAlgorithm( |
1493 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1477 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1494 blink::WebCryptoAlgorithmIdSha1), | 1478 blink::WebCryptoAlgorithmIdSha1), |
1495 blink::WebCryptoKeyUsageSign, "RS1"}, | 1479 blink::WebCryptoKeyUsageSign, "RS1"}, |
1496 // RSASSA-PKCS1-v1_5 SHA-256 | 1480 // RSASSA-PKCS1-v1_5 SHA-256 |
1497 {CreateRsaHashedImportAlgorithm( | 1481 {CreateRsaHashedImportAlgorithm( |
1498 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1482 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1499 blink::WebCryptoAlgorithmIdSha256), | 1483 blink::WebCryptoAlgorithmIdSha256), |
1500 blink::WebCryptoKeyUsageSign, "RS256"}, | 1484 blink::WebCryptoKeyUsageSign, "RS256"}, |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1558 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); | 1542 blink::WebCryptoKey public_key2 = blink::WebCryptoKey::createNull(); |
1559 ASSERT_EQ( | 1543 ASSERT_EQ( |
1560 Status::Success(), | 1544 Status::Success(), |
1561 ImportKeyJwk( | 1545 ImportKeyJwk( |
1562 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); | 1546 CryptoData(jwk), test.algorithm, true, test.usage, &public_key2)); |
1563 ASSERT_TRUE(public_key2.handle()); | 1547 ASSERT_TRUE(public_key2.handle()); |
1564 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); | 1548 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key2.type()); |
1565 EXPECT_EQ(true, public_key2.extractable()); | 1549 EXPECT_EQ(true, public_key2.extractable()); |
1566 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); | 1550 EXPECT_EQ(test.algorithm.id(), public_key2.algorithm().id()); |
1567 | 1551 |
1568 // Only perform SPKI consistency test for RSA-ES and RSA-SSA, as their | 1552 // Only perform SPKI consistency test for RSA-SSA as its |
1569 // export format is the same as kPublicKeySpkiDerHex | 1553 // export format is the same as kPublicKeySpkiDerHex |
1570 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 1554 if (test.algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5) { |
1571 test.algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { | |
1572 // Export the new key as spki and compare to the original. | 1555 // Export the new key as spki and compare to the original. |
1573 std::vector<uint8> spki; | 1556 std::vector<uint8> spki; |
1574 ASSERT_EQ(Status::Success(), | 1557 ASSERT_EQ(Status::Success(), |
1575 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); | 1558 ExportKey(blink::WebCryptoKeyFormatSpki, public_key2, &spki)); |
1576 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); | 1559 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); |
1577 } | 1560 } |
1578 } | 1561 } |
1579 } | 1562 } |
1580 | 1563 |
1581 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { | 1564 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
1582 base::DictionaryValue dict; | 1565 base::DictionaryValue dict; |
1583 RestoreJwkRsaDictionary(&dict); | 1566 RestoreJwkRsaDictionary(&dict); |
1584 blink::WebCryptoAlgorithm algorithm = | 1567 blink::WebCryptoAlgorithm algorithm = |
1585 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1568 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1586 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 1569 blink::WebCryptoAlgorithmIdSha256); |
| 1570 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; |
1587 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1571 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1588 | 1572 |
1589 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) | 1573 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) |
1590 // entry, while an RSA private key must have those plus at least a "d" | 1574 // entry, while an RSA private key must have those plus at least a "d" |
1591 // (private exponent) entry. | 1575 // (private exponent) entry. |
1592 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, | 1576 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, |
1593 // section 6.3. | 1577 // section 6.3. |
1594 | 1578 |
1595 // Baseline pass. | 1579 // Baseline pass. |
1596 EXPECT_EQ(Status::Success(), | 1580 EXPECT_EQ(Status::Success(), |
1597 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1581 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
1598 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 1582 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
1599 EXPECT_FALSE(key.extractable()); | 1583 EXPECT_FALSE(key.extractable()); |
1600 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1584 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
1601 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1585 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1602 | 1586 |
1603 // The following are specific failure cases for when kty = "RSA". | 1587 // The following are specific failure cases for when kty = "RSA". |
1604 | 1588 |
1605 // Fail if either "n" or "e" is not present or malformed. | 1589 // Fail if either "n" or "e" is not present or malformed. |
1606 const std::string kKtyParmName[] = {"n", "e"}; | 1590 const std::string kKtyParmName[] = {"n", "e"}; |
1607 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { | 1591 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) { |
1608 // Fail on missing parameter. | 1592 // Fail on missing parameter. |
1609 dict.Remove(kKtyParmName[idx], NULL); | 1593 dict.Remove(kKtyParmName[idx], NULL); |
1610 EXPECT_NE(Status::Success(), | 1594 EXPECT_NE(Status::Success(), |
(...skipping 343 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1954 std::vector<uint8> exported_key_data; | 1938 std::vector<uint8> exported_key_data; |
1955 EXPECT_EQ(Status::Success(), | 1939 EXPECT_EQ(Status::Success(), |
1956 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); | 1940 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); |
1957 | 1941 |
1958 EXPECT_EQ(0u, exported_key_data.size()); | 1942 EXPECT_EQ(0u, exported_key_data.size()); |
1959 } | 1943 } |
1960 | 1944 |
1961 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1945 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
1962 // Passing case: Import a valid RSA key in SPKI format. | 1946 // Passing case: Import a valid RSA key in SPKI format. |
1963 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1947 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1964 ASSERT_EQ( | 1948 ASSERT_EQ(Status::Success(), |
1965 Status::Success(), | 1949 ImportKey(blink::WebCryptoKeyFormatSpki, |
1966 ImportKey(blink::WebCryptoKeyFormatSpki, | 1950 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
1967 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1951 CreateRsaHashedImportAlgorithm( |
1968 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1952 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
1969 true, | 1953 blink::WebCryptoAlgorithmIdSha256), |
1970 blink::WebCryptoKeyUsageEncrypt, | 1954 true, |
1971 &key)); | 1955 blink::WebCryptoKeyUsageVerify, |
| 1956 &key)); |
1972 EXPECT_TRUE(key.handle()); | 1957 EXPECT_TRUE(key.handle()); |
1973 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1958 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1974 EXPECT_TRUE(key.extractable()); | 1959 EXPECT_TRUE(key.extractable()); |
1975 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1960 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
1976 EXPECT_EQ(kModulusLengthBits, | 1961 EXPECT_EQ(kModulusLengthBits, |
1977 key.algorithm().rsaParams()->modulusLengthBits()); | 1962 key.algorithm().rsaHashedParams()->modulusLengthBits()); |
1978 EXPECT_BYTES_EQ_HEX( | 1963 EXPECT_BYTES_EQ_HEX( |
1979 "010001", CryptoData(key.algorithm().rsaParams()->publicExponent())); | 1964 "010001", |
| 1965 CryptoData(key.algorithm().rsaHashedParams()->publicExponent())); |
1980 | 1966 |
1981 // Failing case: Empty SPKI data | 1967 // Failing case: Empty SPKI data |
1982 EXPECT_EQ( | 1968 EXPECT_EQ( |
1983 Status::ErrorImportEmptyKeyData(), | 1969 Status::ErrorImportEmptyKeyData(), |
1984 ImportKey(blink::WebCryptoKeyFormatSpki, | 1970 ImportKey(blink::WebCryptoKeyFormatSpki, |
1985 CryptoData(std::vector<uint8>()), | 1971 CryptoData(std::vector<uint8>()), |
1986 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1972 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1987 true, | 1973 true, |
1988 blink::WebCryptoKeyUsageEncrypt, | 1974 blink::WebCryptoKeyUsageVerify, |
1989 &key)); | 1975 &key)); |
1990 | 1976 |
1991 // Failing case: Bad DER encoding. | 1977 // Failing case: Bad DER encoding. |
1992 EXPECT_EQ( | 1978 EXPECT_EQ( |
1993 Status::DataError(), | 1979 Status::DataError(), |
1994 ImportKey(blink::WebCryptoKeyFormatSpki, | 1980 ImportKey(blink::WebCryptoKeyFormatSpki, |
1995 CryptoData(HexStringToBytes("618333c4cb")), | 1981 CryptoData(HexStringToBytes("618333c4cb")), |
1996 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1982 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1997 true, | 1983 true, |
1998 blink::WebCryptoKeyUsageEncrypt, | 1984 blink::WebCryptoKeyUsageVerify, |
1999 &key)); | 1985 &key)); |
2000 | 1986 |
2001 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1987 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
2002 EXPECT_EQ(Status::DataError(), | 1988 EXPECT_EQ(Status::DataError(), |
2003 ImportKey(blink::WebCryptoKeyFormatSpki, | 1989 ImportKey(blink::WebCryptoKeyFormatSpki, |
2004 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 1990 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
2005 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1991 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
2006 true, | 1992 true, |
2007 blink::WebCryptoKeyUsageEncrypt, | 1993 blink::WebCryptoKeyUsageEncrypt, |
2008 &key)); | 1994 &key)); |
2009 | 1995 |
2010 // Passing case: Export a previously imported RSA public key in SPKI format | 1996 // Passing case: Export a previously imported RSA public key in SPKI format |
2011 // and compare to original data. | 1997 // and compare to original data. |
2012 std::vector<uint8> output; | 1998 std::vector<uint8> output; |
2013 ASSERT_EQ(Status::Success(), | 1999 ASSERT_EQ(Status::Success(), |
2014 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 2000 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
2015 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output); | 2001 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output); |
2016 | 2002 |
2017 // Failing case: Try to export a previously imported RSA public key in raw | 2003 // Failing case: Try to export a previously imported RSA public key in raw |
2018 // format (not allowed for a public key). | 2004 // format (not allowed for a public key). |
2019 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2005 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2020 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); | 2006 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
2021 | 2007 |
2022 // Failing case: Try to export a non-extractable key | 2008 // Failing case: Try to export a non-extractable key |
2023 ASSERT_EQ( | 2009 ASSERT_EQ(Status::Success(), |
2024 Status::Success(), | 2010 ImportKey(blink::WebCryptoKeyFormatSpki, |
2025 ImportKey(blink::WebCryptoKeyFormatSpki, | 2011 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
2026 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2012 CreateRsaHashedImportAlgorithm( |
2027 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 2013 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2028 false, | 2014 blink::WebCryptoAlgorithmIdSha256), |
2029 blink::WebCryptoKeyUsageEncrypt, | 2015 false, |
2030 &key)); | 2016 blink::WebCryptoKeyUsageVerify, |
| 2017 &key)); |
2031 EXPECT_TRUE(key.handle()); | 2018 EXPECT_TRUE(key.handle()); |
2032 EXPECT_FALSE(key.extractable()); | 2019 EXPECT_FALSE(key.extractable()); |
2033 EXPECT_EQ(Status::ErrorKeyNotExtractable(), | 2020 EXPECT_EQ(Status::ErrorKeyNotExtractable(), |
2034 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 2021 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
2035 | 2022 |
2036 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID | 2023 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID |
2037 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params | 2024 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params |
2038 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters | 2025 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters |
2039 // (e.g. SHA-1 in OID, SHA-256 in params) | 2026 // (e.g. SHA-1 in OID, SHA-256 in params) |
2040 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params | 2027 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params |
(...skipping 199 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2240 blink::WebCryptoAlgorithmIdSha1), | 2227 blink::WebCryptoAlgorithmIdSha1), |
2241 true, | 2228 true, |
2242 blink::WebCryptoKeyUsageSign, | 2229 blink::WebCryptoKeyUsageSign, |
2243 &key)); | 2230 &key)); |
2244 | 2231 |
2245 } | 2232 } |
2246 | 2233 |
2247 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { | 2234 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) { |
2248 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 2235 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
2249 | 2236 |
2250 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 2237 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) |
2251 const unsigned int modulus_length = 256; | 2238 const unsigned int modulus_length = 256; |
2252 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 2239 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
2253 blink::WebCryptoAlgorithm algorithm = | 2240 blink::WebCryptoAlgorithm algorithm = |
2254 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 2241 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2255 modulus_length, | 2242 blink::WebCryptoAlgorithmIdSha256, |
2256 public_exponent); | 2243 modulus_length, |
| 2244 public_exponent); |
2257 bool extractable = true; | 2245 bool extractable = true; |
2258 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 2246 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
2259 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2247 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2260 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2248 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2261 ASSERT_EQ(Status::Success(), | 2249 |
| 2250 EXPECT_EQ(Status::Success(), |
2262 GenerateKeyPair( | 2251 GenerateKeyPair( |
2263 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2252 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2264 EXPECT_FALSE(public_key.isNull()); | 2253 EXPECT_FALSE(public_key.isNull()); |
2265 EXPECT_FALSE(private_key.isNull()); | 2254 EXPECT_FALSE(private_key.isNull()); |
2266 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 2255 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
2267 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 2256 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 2257 EXPECT_EQ(modulus_length, |
| 2258 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2259 EXPECT_EQ(modulus_length, |
| 2260 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2261 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 2262 public_key.algorithm().rsaHashedParams()->hash().id()); |
| 2263 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 2264 private_key.algorithm().rsaHashedParams()->hash().id()); |
2268 EXPECT_TRUE(public_key.extractable()); | 2265 EXPECT_TRUE(public_key.extractable()); |
2269 EXPECT_EQ(extractable, private_key.extractable()); | 2266 EXPECT_EQ(extractable, private_key.extractable()); |
2270 EXPECT_EQ(usage_mask, public_key.usages()); | 2267 EXPECT_EQ(usage_mask, public_key.usages()); |
2271 EXPECT_EQ(usage_mask, private_key.usages()); | 2268 EXPECT_EQ(usage_mask, private_key.usages()); |
2272 | 2269 |
2273 // Try exporting the generated key pair, and then re-importing to verify that | 2270 // Try exporting the generated key pair, and then re-importing to verify that |
2274 // the exported data was valid. | 2271 // the exported data was valid. |
2275 std::vector<uint8> public_key_spki; | 2272 std::vector<uint8> public_key_spki; |
2276 EXPECT_EQ( | 2273 EXPECT_EQ( |
2277 Status::Success(), | 2274 Status::Success(), |
2278 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 2275 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
2279 public_key = blink::WebCryptoKey::createNull(); | 2276 public_key = blink::WebCryptoKey::createNull(); |
2280 EXPECT_EQ( | 2277 EXPECT_EQ(Status::Success(), |
2281 Status::Success(), | 2278 ImportKey(blink::WebCryptoKeyFormatSpki, |
2282 ImportKey(blink::WebCryptoKeyFormatSpki, | 2279 CryptoData(public_key_spki), |
2283 CryptoData(public_key_spki), | 2280 CreateRsaHashedImportAlgorithm( |
2284 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 2281 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2285 true, | 2282 blink::WebCryptoAlgorithmIdSha256), |
2286 usage_mask, | 2283 true, |
2287 &public_key)); | 2284 usage_mask, |
| 2285 &public_key)); |
2288 EXPECT_EQ(modulus_length, | 2286 EXPECT_EQ(modulus_length, |
2289 public_key.algorithm().rsaParams()->modulusLengthBits()); | 2287 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
2290 | 2288 |
2291 std::vector<uint8> private_key_pkcs8; | 2289 std::vector<uint8> private_key_pkcs8; |
2292 EXPECT_EQ( | 2290 EXPECT_EQ( |
2293 Status::Success(), | 2291 Status::Success(), |
2294 ExportKey( | 2292 ExportKey( |
2295 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 2293 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
2296 private_key = blink::WebCryptoKey::createNull(); | 2294 private_key = blink::WebCryptoKey::createNull(); |
2297 EXPECT_EQ( | 2295 EXPECT_EQ(Status::Success(), |
2298 Status::Success(), | 2296 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
2299 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2297 CryptoData(private_key_pkcs8), |
2300 CryptoData(private_key_pkcs8), | 2298 CreateRsaHashedImportAlgorithm( |
2301 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 2299 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2302 true, | 2300 blink::WebCryptoAlgorithmIdSha256), |
2303 usage_mask, | 2301 true, |
2304 &private_key)); | 2302 usage_mask, |
| 2303 &private_key)); |
2305 EXPECT_EQ(modulus_length, | 2304 EXPECT_EQ(modulus_length, |
2306 private_key.algorithm().rsaParams()->modulusLengthBits()); | 2305 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
2307 | 2306 |
2308 // Fail with bad modulus. | 2307 // Fail with bad modulus. |
2309 algorithm = CreateRsaKeyGenAlgorithm( | 2308 algorithm = |
2310 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 2309 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2310 blink::WebCryptoAlgorithmIdSha256, |
| 2311 0, |
| 2312 public_exponent); |
2311 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), | 2313 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), |
2312 GenerateKeyPair( | 2314 GenerateKeyPair( |
2313 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2315 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2314 | 2316 |
2315 // Fail with bad exponent: larger than unsigned long. | 2317 // Fail with bad exponent: larger than unsigned long. |
2316 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT | 2318 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT |
2317 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 2319 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
2318 algorithm = CreateRsaKeyGenAlgorithm( | 2320 algorithm = |
2319 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); | 2321 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2322 blink::WebCryptoAlgorithmIdSha256, |
| 2323 modulus_length, |
| 2324 long_exponent); |
2320 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 2325 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
2321 GenerateKeyPair( | 2326 GenerateKeyPair( |
2322 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2327 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2323 | 2328 |
2324 // Fail with bad exponent: empty. | 2329 // Fail with bad exponent: empty. |
2325 const std::vector<uint8> empty_exponent; | 2330 const std::vector<uint8> empty_exponent; |
2326 algorithm = | 2331 algorithm = |
2327 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 2332 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2328 modulus_length, | 2333 blink::WebCryptoAlgorithmIdSha256, |
2329 empty_exponent); | 2334 modulus_length, |
| 2335 empty_exponent); |
2330 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 2336 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
2331 GenerateKeyPair( | 2337 GenerateKeyPair( |
2332 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2338 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2333 | 2339 |
2334 // Fail with bad exponent: all zeros. | 2340 // Fail with bad exponent: all zeros. |
2335 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 2341 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
2336 algorithm = | 2342 algorithm = |
2337 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 2343 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2338 modulus_length, | 2344 blink::WebCryptoAlgorithmIdSha256, |
2339 exponent_with_leading_zeros); | 2345 modulus_length, |
| 2346 exponent_with_leading_zeros); |
2340 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 2347 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
2341 GenerateKeyPair( | 2348 GenerateKeyPair( |
2342 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2349 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2343 | 2350 |
2344 // Key generation success using exponent with leading zeros. | 2351 // Key generation success using exponent with leading zeros. |
2345 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 2352 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
2346 public_exponent.begin(), | 2353 public_exponent.begin(), |
2347 public_exponent.end()); | 2354 public_exponent.end()); |
2348 algorithm = | 2355 algorithm = |
2349 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
2350 modulus_length, | |
2351 exponent_with_leading_zeros); | |
2352 EXPECT_EQ(Status::Success(), | |
2353 GenerateKeyPair( | |
2354 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
2355 EXPECT_FALSE(public_key.isNull()); | |
2356 EXPECT_FALSE(private_key.isNull()); | |
2357 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | |
2358 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | |
2359 EXPECT_TRUE(public_key.extractable()); | |
2360 EXPECT_EQ(extractable, private_key.extractable()); | |
2361 EXPECT_EQ(usage_mask, public_key.usages()); | |
2362 EXPECT_EQ(usage_mask, private_key.usages()); | |
2363 | |
2364 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) | |
2365 algorithm = | |
2366 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2356 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2367 blink::WebCryptoAlgorithmIdSha256, | 2357 blink::WebCryptoAlgorithmIdSha256, |
2368 modulus_length, | 2358 modulus_length, |
2369 public_exponent); | 2359 exponent_with_leading_zeros); |
2370 EXPECT_EQ(Status::Success(), | 2360 EXPECT_EQ(Status::Success(), |
2371 GenerateKeyPair( | 2361 GenerateKeyPair( |
2372 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2362 algorithm, extractable, usage_mask, &public_key, &private_key)); |
2373 EXPECT_FALSE(public_key.isNull()); | 2363 EXPECT_FALSE(public_key.isNull()); |
2374 EXPECT_FALSE(private_key.isNull()); | 2364 EXPECT_FALSE(private_key.isNull()); |
2375 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 2365 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
2376 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 2366 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
2377 EXPECT_EQ(modulus_length, | |
2378 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
2379 EXPECT_EQ(modulus_length, | |
2380 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
2381 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
2382 public_key.algorithm().rsaHashedParams()->hash().id()); | |
2383 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | |
2384 private_key.algorithm().rsaHashedParams()->hash().id()); | |
2385 EXPECT_TRUE(public_key.extractable()); | 2367 EXPECT_TRUE(public_key.extractable()); |
2386 EXPECT_EQ(extractable, private_key.extractable()); | 2368 EXPECT_EQ(extractable, private_key.extractable()); |
2387 EXPECT_EQ(usage_mask, public_key.usages()); | 2369 EXPECT_EQ(usage_mask, public_key.usages()); |
2388 EXPECT_EQ(usage_mask, private_key.usages()); | 2370 EXPECT_EQ(usage_mask, private_key.usages()); |
2389 | 2371 |
2390 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 2372 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha1) |
2391 algorithm = | 2373 algorithm = |
2392 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2374 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2393 blink::WebCryptoAlgorithmIdSha1, | 2375 blink::WebCryptoAlgorithmIdSha1, |
2394 modulus_length, | 2376 modulus_length, |
2395 public_exponent); | 2377 public_exponent); |
2396 EXPECT_EQ( | 2378 EXPECT_EQ( |
2397 Status::Success(), | 2379 Status::Success(), |
2398 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); | 2380 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); |
2399 EXPECT_FALSE(public_key.isNull()); | 2381 EXPECT_FALSE(public_key.isNull()); |
2400 EXPECT_FALSE(private_key.isNull()); | 2382 EXPECT_FALSE(private_key.isNull()); |
(...skipping 22 matching lines...) Expand all Loading... |
2423 | 2405 |
2424 // Re-generate an extractable private_key and try to export it as SPKI format. | 2406 // Re-generate an extractable private_key and try to export it as SPKI format. |
2425 // This should fail since spki is for public keys. | 2407 // This should fail since spki is for public keys. |
2426 EXPECT_EQ( | 2408 EXPECT_EQ( |
2427 Status::Success(), | 2409 Status::Success(), |
2428 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); | 2410 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); |
2429 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2411 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2430 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 2412 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
2431 } | 2413 } |
2432 | 2414 |
2433 TEST_F(SharedCryptoTest, MAYBE(RsaEsRoundTrip)) { | |
2434 // Import a key pair. | |
2435 blink::WebCryptoAlgorithm algorithm = | |
2436 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
2437 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
2438 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
2439 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
2440 HexStringToBytes(kPublicKeySpkiDerHex), | |
2441 HexStringToBytes(kPrivateKeyPkcs8DerHex), | |
2442 algorithm, | |
2443 false, | |
2444 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
2445 &public_key, | |
2446 &private_key)); | |
2447 | |
2448 // Make a maximum-length data message. RSAES can operate on messages up to | |
2449 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | |
2450 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; | |
2451 // There are two hex chars for each byte. | |
2452 const unsigned int kMsgHexSize = kMaxMsgSizeBytes * 2; | |
2453 char max_data_hex[kMsgHexSize + 1]; | |
2454 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | |
2455 max_data_hex[kMsgHexSize] = '\0'; | |
2456 | |
2457 // Verify encrypt / decrypt round trip on a few messages. Note that RSA | |
2458 // encryption does not support empty input. | |
2459 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
2460 const char* const kTestDataHex[] = {"ff", "0102030405060708090a0b0c0d0e0f", | |
2461 max_data_hex}; | |
2462 std::vector<uint8> encrypted_data; | |
2463 std::vector<uint8> decrypted_data; | |
2464 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestDataHex); ++i) { | |
2465 SCOPED_TRACE(i); | |
2466 EXPECT_EQ(Status::Success(), | |
2467 Encrypt(algorithm, | |
2468 public_key, | |
2469 CryptoData(HexStringToBytes(kTestDataHex[i])), | |
2470 &encrypted_data)); | |
2471 EXPECT_EQ(kModulusLengthBits / 8, encrypted_data.size()); | |
2472 ASSERT_EQ(Status::Success(), | |
2473 Decrypt(algorithm, | |
2474 private_key, | |
2475 CryptoData(encrypted_data), | |
2476 &decrypted_data)); | |
2477 EXPECT_BYTES_EQ_HEX(kTestDataHex[i], decrypted_data); | |
2478 } | |
2479 } | |
2480 | |
2481 TEST_F(SharedCryptoTest, MAYBE(RsaEsKnownAnswer)) { | |
2482 scoped_ptr<base::Value> json; | |
2483 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); | |
2484 base::DictionaryValue* test = NULL; | |
2485 ASSERT_TRUE(json->GetAsDictionary(&test)); | |
2486 | |
2487 // Because the random data in PKCS1.5 padding makes the encryption output non- | |
2488 // deterministic, we cannot easily do a typical known-answer test for RSA | |
2489 // encryption / decryption. Instead we will take a known-good encrypted | |
2490 // message, decrypt it, re-encrypt it, then decrypt again, verifying that the | |
2491 // original known cleartext is the result. | |
2492 | |
2493 const std::vector<uint8> rsa_spki_der = | |
2494 GetBytesFromHexString(test, "rsa_spki_der"); | |
2495 | |
2496 const std::vector<uint8> rsa_pkcs8_der = | |
2497 GetBytesFromHexString(test, "rsa_pkcs8_der"); | |
2498 const std::vector<uint8> ciphertext = | |
2499 GetBytesFromHexString(test, "ciphertext"); | |
2500 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); | |
2501 | |
2502 // Import the key pair. | |
2503 blink::WebCryptoAlgorithm algorithm = | |
2504 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
2505 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
2506 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
2507 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
2508 rsa_spki_der, | |
2509 rsa_pkcs8_der, | |
2510 algorithm, | |
2511 false, | |
2512 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
2513 &public_key, | |
2514 &private_key)); | |
2515 | |
2516 // Decrypt the known-good ciphertext with the private key. As a check we must | |
2517 // get the known original cleartext. | |
2518 std::vector<uint8> decrypted_data; | |
2519 ASSERT_EQ( | |
2520 Status::Success(), | |
2521 Decrypt(algorithm, private_key, CryptoData(ciphertext), &decrypted_data)); | |
2522 EXPECT_BYTES_EQ(cleartext, decrypted_data); | |
2523 | |
2524 // Encrypt this decrypted data with the public key. | |
2525 std::vector<uint8> encrypted_data; | |
2526 ASSERT_EQ( | |
2527 Status::Success(), | |
2528 Encrypt( | |
2529 algorithm, public_key, CryptoData(decrypted_data), &encrypted_data)); | |
2530 EXPECT_EQ(128u, encrypted_data.size()); | |
2531 | |
2532 // Finally, decrypt the newly encrypted result with the private key, and | |
2533 // compare to the known original cleartext. | |
2534 decrypted_data.clear(); | |
2535 ASSERT_EQ( | |
2536 Status::Success(), | |
2537 Decrypt( | |
2538 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | |
2539 EXPECT_EQ(cleartext, decrypted_data); | |
2540 } | |
2541 | |
2542 TEST_F(SharedCryptoTest, MAYBE(RsaEsFailures)) { | |
2543 // Import a key pair. | |
2544 blink::WebCryptoAlgorithm algorithm = | |
2545 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
2546 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
2547 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
2548 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
2549 HexStringToBytes(kPublicKeySpkiDerHex), | |
2550 HexStringToBytes(kPrivateKeyPkcs8DerHex), | |
2551 algorithm, | |
2552 false, | |
2553 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
2554 &public_key, | |
2555 &private_key)); | |
2556 | |
2557 // Fail encrypt with a private key. | |
2558 std::vector<uint8> encrypted_data; | |
2559 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | |
2560 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | |
2561 EXPECT_EQ( | |
2562 Status::ErrorUnexpectedKeyType(), | |
2563 Encrypt( | |
2564 algorithm, private_key, CryptoData(message_hex), &encrypted_data)); | |
2565 | |
2566 // Fail encrypt with empty message. | |
2567 EXPECT_EQ(Status::ErrorDataTooSmall(), | |
2568 Encrypt(algorithm, | |
2569 public_key, | |
2570 CryptoData(std::vector<uint8>()), | |
2571 &encrypted_data)); | |
2572 | |
2573 // Fail encrypt with message too large. RSAES can operate on messages up to | |
2574 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | |
2575 const unsigned int kMaxMsgSizeBytes = kModulusLengthBits / 8 - 11; | |
2576 EXPECT_EQ(Status::ErrorDataTooLarge(), | |
2577 Encrypt(algorithm, | |
2578 public_key, | |
2579 CryptoData(std::vector<uint8>(kMaxMsgSizeBytes + 1, '0')), | |
2580 &encrypted_data)); | |
2581 | |
2582 // Generate encrypted data. | |
2583 EXPECT_EQ( | |
2584 Status::Success(), | |
2585 Encrypt(algorithm, public_key, CryptoData(message_hex), &encrypted_data)); | |
2586 | |
2587 // Fail decrypt with a public key. | |
2588 std::vector<uint8> decrypted_data; | |
2589 EXPECT_EQ( | |
2590 Status::ErrorUnexpectedKeyType(), | |
2591 Decrypt( | |
2592 algorithm, public_key, CryptoData(encrypted_data), &decrypted_data)); | |
2593 | |
2594 // Corrupt encrypted data; ensure decrypt fails because padding was disrupted. | |
2595 EXPECT_EQ(Status::OperationError(), | |
2596 Decrypt(algorithm, | |
2597 private_key, | |
2598 CryptoData(Corrupted(encrypted_data)), | |
2599 &decrypted_data)); | |
2600 | |
2601 // TODO(padolph): Are there other specific data corruption scenarios to | |
2602 // consider? | |
2603 | |
2604 // Do a successful decrypt with good data just for confirmation. | |
2605 EXPECT_EQ( | |
2606 Status::Success(), | |
2607 Decrypt( | |
2608 algorithm, private_key, CryptoData(encrypted_data), &decrypted_data)); | |
2609 EXPECT_BYTES_EQ_HEX(message_hex_str, decrypted_data); | |
2610 } | |
2611 | |
2612 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 2415 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
2613 // Import a key pair. | 2416 // Import a key pair. |
2614 blink::WebCryptoKeyUsageMask usage_mask = | 2417 blink::WebCryptoKeyUsageMask usage_mask = |
2615 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | 2418 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
2616 blink::WebCryptoAlgorithm importAlgorithm = | 2419 blink::WebCryptoAlgorithm importAlgorithm = |
2617 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2420 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
2618 blink::WebCryptoAlgorithmIdSha1); | 2421 blink::WebCryptoAlgorithmIdSha1); |
2619 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2422 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
2620 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2423 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
2621 ASSERT_NO_FATAL_FAILURE( | 2424 ASSERT_NO_FATAL_FAILURE( |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2686 private_key, | 2489 private_key, |
2687 CryptoData(signature), | 2490 CryptoData(signature), |
2688 CryptoData(data), | 2491 CryptoData(data), |
2689 &signature_match)); | 2492 &signature_match)); |
2690 | 2493 |
2691 // Ensure that signing using a public key, rather than a private key, fails. | 2494 // Ensure that signing using a public key, rather than a private key, fails. |
2692 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2495 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
2693 Sign(algorithm, public_key, CryptoData(data), &signature)); | 2496 Sign(algorithm, public_key, CryptoData(data), &signature)); |
2694 | 2497 |
2695 // Ensure that signing and verifying with an incompatible algorithm fails. | 2498 // Ensure that signing and verifying with an incompatible algorithm fails. |
2696 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 2499 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep); |
2697 | 2500 |
2698 EXPECT_EQ(Status::ErrorUnexpected(), | 2501 EXPECT_EQ(Status::ErrorUnexpected(), |
2699 Sign(algorithm, private_key, CryptoData(data), &signature)); | 2502 Sign(algorithm, private_key, CryptoData(data), &signature)); |
2700 EXPECT_EQ(Status::ErrorUnexpected(), | 2503 EXPECT_EQ(Status::ErrorUnexpected(), |
2701 VerifySignature(algorithm, | 2504 VerifySignature(algorithm, |
2702 public_key, | 2505 public_key, |
2703 CryptoData(signature), | 2506 CryptoData(signature), |
2704 CryptoData(data), | 2507 CryptoData(data), |
2705 &signature_match)); | 2508 &signature_match)); |
2706 | 2509 |
(...skipping 609 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
3316 test_iv, | 3119 test_iv, |
3317 test_additional_data, | 3120 test_additional_data, |
3318 wrong_tag_size_bits, | 3121 wrong_tag_size_bits, |
3319 test_cipher_text, | 3122 test_cipher_text, |
3320 test_authentication_tag, | 3123 test_authentication_tag, |
3321 &plain_text)); | 3124 &plain_text)); |
3322 } | 3125 } |
3323 } | 3126 } |
3324 } | 3127 } |
3325 | 3128 |
3326 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapKnownAnswer)) { | |
3327 scoped_ptr<base::Value> json; | |
3328 ASSERT_TRUE(ReadJsonTestFile("rsa_es.json", &json)); | |
3329 base::DictionaryValue* test = NULL; | |
3330 ASSERT_TRUE(json->GetAsDictionary(&test)); | |
3331 const std::vector<uint8> rsa_spki_der = | |
3332 GetBytesFromHexString(test, "rsa_spki_der"); | |
3333 const std::vector<uint8> rsa_pkcs8_der = | |
3334 GetBytesFromHexString(test, "rsa_pkcs8_der"); | |
3335 const std::vector<uint8> ciphertext = | |
3336 GetBytesFromHexString(test, "ciphertext"); | |
3337 const std::vector<uint8> cleartext = GetBytesFromHexString(test, "cleartext"); | |
3338 blink::WebCryptoAlgorithm key_algorithm = | |
3339 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | |
3340 | |
3341 // Import the RSA key pair. | |
3342 blink::WebCryptoAlgorithm algorithm = | |
3343 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
3344 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
3345 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
3346 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
3347 rsa_spki_der, | |
3348 rsa_pkcs8_der, | |
3349 algorithm, | |
3350 false, | |
3351 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
3352 &public_key, | |
3353 &private_key)); | |
3354 | |
3355 // Import the symmetric key. | |
3356 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
3357 ASSERT_EQ(Status::Success(), | |
3358 ImportKey(blink::WebCryptoKeyFormatRaw, | |
3359 CryptoData(cleartext), | |
3360 key_algorithm, | |
3361 true, | |
3362 blink::WebCryptoKeyUsageSign, | |
3363 &key)); | |
3364 | |
3365 // Wrap the symmetric key with raw format. | |
3366 std::vector<uint8> wrapped_key; | |
3367 ASSERT_EQ(Status::Success(), | |
3368 WrapKey(blink::WebCryptoKeyFormatRaw, | |
3369 key, | |
3370 public_key, | |
3371 algorithm, | |
3372 &wrapped_key)); | |
3373 | |
3374 // Unwrap the wrapped key. | |
3375 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
3376 ASSERT_EQ(Status::Success(), | |
3377 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
3378 CryptoData(wrapped_key), | |
3379 private_key, | |
3380 algorithm, | |
3381 key_algorithm, | |
3382 true, | |
3383 blink::WebCryptoKeyUsageSign, | |
3384 &unwrapped_key)); | |
3385 EXPECT_FALSE(key.isNull()); | |
3386 EXPECT_TRUE(key.handle()); | |
3387 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
3388 EXPECT_EQ(key_algorithm.id(), key.algorithm().id()); | |
3389 EXPECT_EQ(true, key.extractable()); | |
3390 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | |
3391 | |
3392 // Export the new key and compare its raw bytes with the original known data. | |
3393 std::vector<uint8> raw_key; | |
3394 EXPECT_EQ(Status::Success(), | |
3395 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | |
3396 EXPECT_BYTES_EQ(cleartext, raw_key); | |
3397 | |
3398 // Unwrap the known wrapped key and compare to the known cleartext. | |
3399 ASSERT_EQ(Status::Success(), | |
3400 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
3401 CryptoData(ciphertext), | |
3402 private_key, | |
3403 algorithm, | |
3404 key_algorithm, | |
3405 true, | |
3406 blink::WebCryptoKeyUsageSign, | |
3407 &unwrapped_key)); | |
3408 EXPECT_EQ(Status::Success(), | |
3409 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | |
3410 EXPECT_BYTES_EQ(cleartext, raw_key); | |
3411 } | |
3412 | |
3413 TEST_F(SharedCryptoTest, MAYBE(RsaEsRawSymkeyWrapUnwrapErrors)) { | |
3414 const std::vector<uint8> data(64, 0); | |
3415 blink::WebCryptoAlgorithm key_algorithm = | |
3416 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha256); | |
3417 | |
3418 // Import the RSA key pair. | |
3419 blink::WebCryptoAlgorithm wrapping_algorithm = | |
3420 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
3421 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
3422 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
3423 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
3424 HexStringToBytes(kPublicKeySpkiDerHex), | |
3425 HexStringToBytes(kPrivateKeyPkcs8DerHex), | |
3426 wrapping_algorithm, | |
3427 false, | |
3428 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
3429 &public_key, | |
3430 &private_key)); | |
3431 | |
3432 // Import the symmetric key. | |
3433 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
3434 ASSERT_EQ(Status::Success(), | |
3435 ImportKey(blink::WebCryptoKeyFormatRaw, | |
3436 CryptoData(data), | |
3437 key_algorithm, | |
3438 true, | |
3439 blink::WebCryptoKeyUsageSign, | |
3440 &key)); | |
3441 | |
3442 // Wrapping with a private key should fail. | |
3443 std::vector<uint8> wrapped_key; | |
3444 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | |
3445 WrapKey(blink::WebCryptoKeyFormatRaw, | |
3446 key, | |
3447 private_key, | |
3448 wrapping_algorithm, | |
3449 &wrapped_key)); | |
3450 | |
3451 // Wrapping a key whose raw keying material is too large for the wrapping key | |
3452 // should fail. | |
3453 // RSAES can encrypt data up to length of k - 11 bytes, where k is the octet | |
3454 // length of the RSA modulus, and can decrypt data up to length k. Fabricate a | |
3455 // big piece of data here that fails both of these criteria, so it can be used | |
3456 // for both wrap and unwrap negative tests below. | |
3457 const std::vector<uint8> big_data(kModulusLengthBits / 8 + 1, 0); | |
3458 blink::WebCryptoKey big_key = blink::WebCryptoKey::createNull(); | |
3459 ASSERT_EQ(Status::Success(), | |
3460 ImportKey(blink::WebCryptoKeyFormatRaw, | |
3461 CryptoData(big_data), | |
3462 key_algorithm, | |
3463 true, | |
3464 blink::WebCryptoKeyUsageSign, | |
3465 &big_key)); | |
3466 EXPECT_EQ(Status::ErrorDataTooLarge(), | |
3467 WrapKey(blink::WebCryptoKeyFormatRaw, | |
3468 big_key, | |
3469 public_key, | |
3470 wrapping_algorithm, | |
3471 &wrapped_key)); | |
3472 | |
3473 // Unwrapping with a public key should fail. | |
3474 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
3475 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | |
3476 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
3477 CryptoData(data), | |
3478 public_key, | |
3479 wrapping_algorithm, | |
3480 key_algorithm, | |
3481 true, | |
3482 blink::WebCryptoKeyUsageSign, | |
3483 &unwrapped_key)); | |
3484 | |
3485 // Unwrapping empty data should fail. | |
3486 const std::vector<uint8> emtpy_data; | |
3487 EXPECT_EQ(Status::ErrorDataTooSmall(), | |
3488 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
3489 CryptoData(emtpy_data), | |
3490 private_key, | |
3491 wrapping_algorithm, | |
3492 key_algorithm, | |
3493 true, | |
3494 blink::WebCryptoKeyUsageSign, | |
3495 &unwrapped_key)); | |
3496 | |
3497 // Unwrapping data too large for the wrapping key should fail. | |
3498 EXPECT_EQ(Status::ErrorDataTooLarge(), | |
3499 UnwrapKey(blink::WebCryptoKeyFormatRaw, | |
3500 CryptoData(big_data), | |
3501 private_key, | |
3502 wrapping_algorithm, | |
3503 key_algorithm, | |
3504 true, | |
3505 blink::WebCryptoKeyUsageSign, | |
3506 &unwrapped_key)); | |
3507 } | |
3508 | |
3509 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyUnwrapKnownAnswer)) { | |
3510 // The following data lists a known 128-bit AES-CBC key, then a JWK | |
3511 // representation of this key that was encrypted ("wrapped") using | |
3512 // RSAES-PKCS1-v1_5 and kPublicKeySpkiDerHex as the wrapping key. | |
3513 // For reference, the intermediate clear JWK is | |
3514 // {"alg":"A128CBC","ext":true,"k":<b64url>,"key_ops":["encrypt"],"kty":"oct"} | |
3515 const std::vector<uint8> key_data = | |
3516 HexStringToBytes("8f56a26e7e8b77dca15ed54339724bf5"); | |
3517 const std::vector<uint8> wrapped_key_data = HexStringToBytes( | |
3518 "9debcabd9c731d6a779622dbef38635419c409b3077af67b3cf0601b2da7054f2ec26156" | |
3519 "06bb764e4986f45dd09ce660432a7abbac48b5249924f12dea52275b6d67d8b8a2f63525" | |
3520 "fbbf67d61244c1afa9e30857b87b7a48cdc0b3196dc1477738cbf9e42ea65d5e0edc3b05" | |
3521 "afafadc7d7400e26a51270d251040d51ce46cecc"); | |
3522 const blink::WebCryptoAlgorithm wrapping_algorithm = | |
3523 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
3524 | |
3525 // Import the private wrapping key. | |
3526 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); | |
3527 ASSERT_EQ(Status::Success(), | |
3528 ImportKey(blink::WebCryptoKeyFormatPkcs8, | |
3529 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | |
3530 wrapping_algorithm, | |
3531 false, | |
3532 blink::WebCryptoKeyUsageDecrypt | | |
3533 blink::WebCryptoKeyUsageUnwrapKey, | |
3534 &private_wrapping_key)); | |
3535 | |
3536 // Unwrap the key. | |
3537 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
3538 EXPECT_EQ(Status::Success(), | |
3539 UnwrapKey(blink::WebCryptoKeyFormatJwk, | |
3540 CryptoData(wrapped_key_data), | |
3541 private_wrapping_key, | |
3542 wrapping_algorithm, | |
3543 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
3544 true, | |
3545 blink::WebCryptoKeyUsageEncrypt, | |
3546 &unwrapped_key)); | |
3547 EXPECT_FALSE(unwrapped_key.isNull()); | |
3548 EXPECT_TRUE(unwrapped_key.handle()); | |
3549 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, unwrapped_key.type()); | |
3550 EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, unwrapped_key.algorithm().id()); | |
3551 EXPECT_EQ(true, unwrapped_key.extractable()); | |
3552 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, unwrapped_key.usages()); | |
3553 | |
3554 // Export the unwrapped key and compare to the original. | |
3555 std::vector<uint8> raw_key; | |
3556 EXPECT_EQ(Status::Success(), | |
3557 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | |
3558 EXPECT_BYTES_EQ(key_data, raw_key); | |
3559 } | |
3560 | |
3561 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapRoundTrip)) { | |
3562 // Generate the symkey to be wrapped (256-bit AES-CBC key). | |
3563 const blink::WebCryptoAlgorithm gen_algorithm = | |
3564 CreateAesCbcKeyGenAlgorithm(256); | |
3565 blink::WebCryptoKey key_to_wrap = blink::WebCryptoKey::createNull(); | |
3566 ASSERT_EQ( | |
3567 Status::Success(), | |
3568 GenerateSecretKey( | |
3569 gen_algorithm, true, blink::WebCryptoKeyUsageEncrypt, &key_to_wrap)); | |
3570 | |
3571 // Import the wrapping key pair. | |
3572 const blink::WebCryptoAlgorithm wrapping_algorithm = | |
3573 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
3574 blink::WebCryptoKey public_wrapping_key = blink::WebCryptoKey::createNull(); | |
3575 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); | |
3576 ASSERT_NO_FATAL_FAILURE(ImportRsaKeyPair( | |
3577 HexStringToBytes(kPublicKeySpkiDerHex), | |
3578 HexStringToBytes(kPrivateKeyPkcs8DerHex), | |
3579 wrapping_algorithm, | |
3580 false, | |
3581 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | |
3582 &public_wrapping_key, | |
3583 &private_wrapping_key)); | |
3584 | |
3585 // Wrap the symkey in JWK format, using the public wrapping key. | |
3586 std::vector<uint8> wrapped_data; | |
3587 ASSERT_EQ(Status::Success(), | |
3588 WrapKey(blink::WebCryptoKeyFormatJwk, | |
3589 key_to_wrap, | |
3590 public_wrapping_key, | |
3591 wrapping_algorithm, | |
3592 &wrapped_data)); | |
3593 | |
3594 // Unwrap the key using the private wrapping key. | |
3595 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
3596 ASSERT_EQ(Status::Success(), | |
3597 UnwrapKey(blink::WebCryptoKeyFormatJwk, | |
3598 CryptoData(wrapped_data), | |
3599 private_wrapping_key, | |
3600 wrapping_algorithm, | |
3601 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
3602 true, | |
3603 blink::WebCryptoKeyUsageEncrypt, | |
3604 &unwrapped_key)); | |
3605 | |
3606 // Export the original symkey and the unwrapped key and compare. | |
3607 std::vector<uint8> raw_key1, raw_key2; | |
3608 EXPECT_EQ(Status::Success(), | |
3609 ExportKey(blink::WebCryptoKeyFormatRaw, key_to_wrap, &raw_key1)); | |
3610 EXPECT_EQ(Status::Success(), | |
3611 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key2)); | |
3612 EXPECT_BYTES_EQ(raw_key1, raw_key2); | |
3613 } | |
3614 | |
3615 TEST_F(SharedCryptoTest, MAYBE(RsaEsJwkSymkeyWrapUnwrapErrors)) { | |
3616 // Unwrap JWK-formatted data that can be successfully decrypted, but contains | |
3617 // an error in the plaintext JWK so it cannot be subsequently imported, and | |
3618 // ensure that a generic error is returned instead of some other more specific | |
3619 // error. This shows that information about the plaintext JWK inside the | |
3620 // encrypted data is not leaked. | |
3621 // Note that it is sufficient to consider just one JWK import failure mode | |
3622 // here; others are validated in the ImportJwkFailures Test. The specific | |
3623 // error in the cleartext data below is kty = "foo", which is an invalid kty | |
3624 // value. | |
3625 const std::string cleartext = | |
3626 "{\"alg\":\"A128CBC\",\"ext\":true,\"k\":" | |
3627 "\"j1aibn6Ld9yhXtVDOXJL9Q\",\"key_ops\":[\"encrypt\"],\"kty\":\"foo\"}"; | |
3628 // ciphertext is the cleartext above encrypted with kPublicKeySpkiDerHex, and | |
3629 // can be decrypted with kPrivateKeyPkcs8DerHex | |
3630 const std::vector<uint8> ciphertext = HexStringToBytes( | |
3631 "93bc7bb2ca8502fcf3224e19b12ba455ac32d01695611022c76d3dbdd797c044de047d44" | |
3632 "6c5ed5de5b8f79147ffe1df8da9c894b58881b238d39bd24cecd5c1a98a7c0b07354aee6" | |
3633 "24791b2d549b7ecf1219c49513a1bcbb0fac5c6b59d350b564c44dc3678dadf84b4ea3d1" | |
3634 "32e576e88f8d4a2d27c173e033a97bbda7e47bb9"); | |
3635 | |
3636 // Import the private decryption key. | |
3637 const blink::WebCryptoAlgorithm algorithm = | |
3638 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
3639 blink::WebCryptoKey private_decryption_key = | |
3640 blink::WebCryptoKey::createNull(); | |
3641 ASSERT_EQ(Status::Success(), | |
3642 ImportKey(blink::WebCryptoKeyFormatPkcs8, | |
3643 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | |
3644 algorithm, | |
3645 false, | |
3646 blink::WebCryptoKeyUsageDecrypt, | |
3647 &private_decryption_key)); | |
3648 | |
3649 // Decrypt the ciphertext and validate the result, to prove that decryption is | |
3650 // successful. | |
3651 std::vector<uint8> decrypted_data; | |
3652 ASSERT_EQ(Status::Success(), | |
3653 Decrypt(algorithm, | |
3654 private_decryption_key, | |
3655 CryptoData(ciphertext), | |
3656 &decrypted_data)); | |
3657 EXPECT_BYTES_EQ(cleartext, decrypted_data); | |
3658 | |
3659 // Import the private wrapping key. Note this is the same underlying keying | |
3660 // material used for private_decryption_key above. The only difference is that | |
3661 // it has unwrap rather than decrypt usage. | |
3662 blink::WebCryptoKey private_wrapping_key = blink::WebCryptoKey::createNull(); | |
3663 ASSERT_EQ(Status::Success(), | |
3664 ImportKey(blink::WebCryptoKeyFormatPkcs8, | |
3665 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | |
3666 algorithm, | |
3667 false, | |
3668 blink::WebCryptoKeyUsageUnwrapKey, | |
3669 &private_wrapping_key)); | |
3670 | |
3671 // Treat the ciphertext as a wrapped key and try to unwrap it. Ensure a | |
3672 // generic error is received. | |
3673 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | |
3674 EXPECT_EQ(Status::OperationError(), | |
3675 UnwrapKey(blink::WebCryptoKeyFormatJwk, | |
3676 CryptoData(ciphertext), | |
3677 private_wrapping_key, | |
3678 algorithm, | |
3679 CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)), | |
3680 true, | |
3681 blink::WebCryptoKeyUsageEncrypt, | |
3682 &unwrapped_key)); | |
3683 } | |
3684 | |
3685 class SharedCryptoRsaOaepTest : public ::testing::Test { | 3129 class SharedCryptoRsaOaepTest : public ::testing::Test { |
3686 public: | 3130 public: |
3687 SharedCryptoRsaOaepTest() { Init(); } | 3131 SharedCryptoRsaOaepTest() { Init(); } |
3688 | 3132 |
3689 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { | 3133 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { |
3690 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); | 3134 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); |
3691 jwk->SetString("kty", "RSA"); | 3135 jwk->SetString("kty", "RSA"); |
3692 jwk->SetString("n", | 3136 jwk->SetString("n", |
3693 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); | 3137 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); |
3694 jwk->SetString( | 3138 jwk->SetString( |
(...skipping 528 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
4223 | 3667 |
4224 std::vector<uint8> raw_key; | 3668 std::vector<uint8> raw_key; |
4225 ASSERT_EQ(Status::Success(), | 3669 ASSERT_EQ(Status::Success(), |
4226 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); | 3670 ExportKey(blink::WebCryptoKeyFormatRaw, unwrapped_key, &raw_key)); |
4227 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); | 3671 EXPECT_BYTES_EQ_HEX(key_hex, raw_key); |
4228 } | 3672 } |
4229 | 3673 |
4230 } // namespace webcrypto | 3674 } // namespace webcrypto |
4231 | 3675 |
4232 } // namespace content | 3676 } // namespace content |
OLD | NEW |