[webcrypto] Add JWK import/export of RSA private keys (NSS).

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 125 matching lines @@
           public_exponent.size()));
 }
 
 // Creates an AES-CBC algorithm.
 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(const std::vector<uint8>& iv) {
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesCbc,
       new blink::WebCryptoAesCbcParams(Uint8VectorStart(iv), iv.size()));
 }
 
-// Creates and AES-GCM algorithm.
+// Creates an AES-GCM algorithm.
 blink::WebCryptoAlgorithm CreateAesGcmAlgorithm(
     const std::vector<uint8>& iv,
     const std::vector<uint8>& additional_data,
     unsigned int tag_length_bits) {
   EXPECT_TRUE(SupportsAesGcm());
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       blink::WebCryptoAlgorithmIdAesGcm,
       new blink::WebCryptoAesGcmParams(Uint8VectorStart(iv),
                                        iv.size(),
                                        true,
@@ skipping 1400 matching lines @@
     EXPECT_NE(Status::Success(),
               ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on empty parameter.
     dict.SetString(kKtyParmName[idx], "");
     EXPECT_NE(Status::Success(),
               ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
   }
-
-  // Fail if "d" parameter is present, implying the JWK is a private key, which
-  // is not supported.
-  dict.SetString("d", "Qk3f0Dsyt");
-  EXPECT_EQ(Status::ErrorJwkRsaPrivateKeyUnsupported(),
-            ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
-  RestoreJwkRsaDictionary(&dict);
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
@@ skipping 451 matching lines @@
   // Failing case: Import RSA key but provide an inconsistent input algorithm.
   EXPECT_EQ(Status::DataError(),
             ImportKey(blink::WebCryptoKeyFormatPkcs8,
                       CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
                       CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
                       true,
                       blink::WebCryptoKeyUsageSign,
                       &key));
 }
 
+// Tests JWK import and export by doing a roundtrip key conversion and ensuring
+// it was lossless:
+//
+//   PKCS8 --> JWK --> PKCS8
+TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkToPkcs8RoundTrip)) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+  ASSERT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatPkcs8,
+                      CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
+                      CreateRsaHashedImportAlgorithm(
+                          blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                          blink::WebCryptoAlgorithmIdSha1),
+                      true,
+                      blink::WebCryptoKeyUsageSign,
+                      &key));
+
+  std::vector<uint8> exported_key_jwk;
+  ASSERT_EQ(Status::Success(),
+            ExportKey(blink::WebCryptoKeyFormatJwk, key, &exported_key_jwk));
+
+  // All of the optional parameters (p, q, dp, dq, qi) should be present in the
+  // output.
+  const char* expected_jwk =
+      "{\"alg\":\"RS1\",\"d\":\"M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
+      "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
+      "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU\",\"dp\":"
+      "\"KPoTk4ZVvh-"
+      "KFZy6ylpy6hkMMAieGc0nSlVvNsT24Z9VSzTAd3kEJ7vdjdPt4kSDKPOF2Bsw6OQ7L_-"
+      "gJ4YZeQ\",\"dq\":\"Gos485j6cSBJiY1_t57gp3ZoeRKZzfoJ78DlB6yyHtdDAe9b_Ui-"
+      "RV6utuFnglWCdYCo5OjhQVHRUQqCo_LnKQ\",\"e\":\"AQAB\",\"ext\":true,\"key_"
+      "ops\":[\"sign\"],\"kty\":\"RSA\",\"n\":"
+      "\"pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"
+      "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"
+      "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc\",\"p\":\"5-"
+      "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31WhU1vZs8w0Fg"
+      "s7bc0-2o5kQw\",\"q\":\"tp3KHPfU1-yB51uQ_MqHSrzeEj_"
+      "ScAGAqpBHm25I3o1n7ST58Z2FuidYdPVCzSDccj5pYzZKH5QlRSsmmmeZ_Q\",\"qi\":"
+      "\"JxVqukEm0kqB86Uoy_sn9WiG-"
+      "ECp9uhuF6RLlP6TGVhLjiL93h5aLjvYqluo2FhBlOshkKz4MrhH8To9JKefTQ\"}";
+
+  ASSERT_EQ(CryptoData(std::string(expected_jwk)),
+            CryptoData(exported_key_jwk));
+
+  ASSERT_EQ(Status::Success(),
+            ImportKey(blink::WebCryptoKeyFormatJwk,
+                      CryptoData(exported_key_jwk),
+                      CreateRsaHashedImportAlgorithm(
+                          blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                          blink::WebCryptoAlgorithmIdSha1),
+                      true,
+                      blink::WebCryptoKeyUsageSign,
+                      &key));
+
+  std::vector<uint8> exported_key_pkcs8;
+  ASSERT_EQ(
+      Status::Success(),
+      ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key_pkcs8));
+
+  ASSERT_EQ(CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
+            CryptoData(exported_key_pkcs8));
+}
+
+// Import a JWK RSA private key with some optional parameters missing (q, dp,
+// dq,
+// qi). The only optional parameter included is "p" (without this import fails).

[Ryan Sleevi, 2014/05/19 20:48:45]

1: Re-align this comment
2: Indicate via a clear TODO why P is required (feel free to file a bug against
me on this)

[eroman, 2014/05/19 21:04:54]

Done.

+TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkMissingOptionalParams)) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  base::DictionaryValue dict;
+  dict.SetString("kty", "RSA");
+  dict.SetString("alg", "RS1");
+
+  dict.SetString(
+      "n",
+      "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"
+      "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"
+      "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");
+  dict.SetString("e", "AQAB");
+  dict.SetString(
+      "d",
+      "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
+      "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
+      "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");
+
+  dict.SetString("p",
+                 "5-"
+                 "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W"
+                 "hU1vZs8w0Fgs7bc0-2o5kQw");
+
+  ASSERT_EQ(Status::Success(),
+            ImportKeyJwkFromDict(dict,
+                                 CreateRsaHashedImportAlgorithm(
+                                     blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1),
+                                 true,
+                                 blink::WebCryptoKeyUsageSign,
+                                 &key));
+
+  std::vector<uint8> exported_key_pkcs8;
+  ASSERT_EQ(
+      Status::Success(),
+      ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &exported_key_pkcs8));
+
+  ASSERT_EQ(CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
+            CryptoData(exported_key_pkcs8));
+}
+
+// Import a JWK RSA private key, with incorrect values for "p and
+// "q".
+//
+// The semantics for incorrect parameters are undefined by the spec (for
+// instance what if p was correct, but q was wrong?)

[Ryan Sleevi, 2014/05/19 20:48:45]

Update to point to https://www.w3.org/Bugs/Public/show_bug.cgi?id=25815

[eroman, 2014/05/19 21:04:54]

Done.

+TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptional)) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  base::DictionaryValue dict;
+  dict.SetString("kty", "RSA");
+  dict.SetString("alg", "RS1");
+
+  dict.SetString(
+      "n",
+      "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"
+      "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"
+      "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");
+  dict.SetString("e", "AQAB");
+  dict.SetString(
+      "d",
+      "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
+      "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
+      "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");
+  // These values are incorrect.
+  dict.SetString("p", "AQAB");
+  dict.SetString("q", "AQAB");
+
+  ASSERT_EQ(Status::OperationError(),
+            ImportKeyJwkFromDict(dict,
+                                 CreateRsaHashedImportAlgorithm(
+                                     blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1),
+                                 true,
+                                 blink::WebCryptoKeyUsageSign,
+                                 &key));
+}
+
+// Import a JWK RSA private key, with empty values for the optional "p" and
+// "q". Similar to test above, but exercises the empty data case in case it
+// is handled differently.

[Ryan Sleevi, 2014/05/19 20:48:45]

Update to point to https://www.w3.org/Bugs/Public/show_bug.cgi?id=25815

[eroman, 2014/05/19 21:04:54]

Done.

+TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) {
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  base::DictionaryValue dict;
+  dict.SetString("kty", "RSA");
+  dict.SetString("alg", "RS1");
+
+  dict.SetString(
+      "n",
+      "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"
+      "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"
+      "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");
+  dict.SetString("e", "AQAB");
+  dict.SetString(
+      "d",
+      "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
+      "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
+      "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");
+  dict.SetString("p", "");
+  dict.SetString("q", "");
+
+  ASSERT_EQ(Status::OperationError(),
+            ImportKeyJwkFromDict(dict,
+                                 CreateRsaHashedImportAlgorithm(
+                                     blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha1),
+                                 true,
+                                 blink::WebCryptoKeyUsageSign,
+                                 &key));
+}
+
 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
   // Note: using unrealistic short key lengths here to avoid bogging down tests.
 
   // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
   const unsigned int modulus_length = 256;
   const std::vector<uint8> public_exponent = HexStringToBytes("010001");
   blink::WebCryptoAlgorithm algorithm =
       CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
                                modulus_length,
                                public_exponent);
@@ skipping 1420 matching lines @@
                       algorithm,
                       CreateAesCbcAlgorithm(std::vector<uint8>(0, 16)),
                       true,
                       blink::WebCryptoKeyUsageEncrypt,
                       &unwrapped_key));
 }
 
 }  // namespace webcrypto
 
 }  // namespace content