Chromium Code Reviews Chromium Code Reviews
Issue 328903003:
[webcrypto] Remove support for AES 192-bit keys (2 of 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 1065 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1076 } | 1076 } |
| 1077 | 1077 |
| 1078 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { | 1078 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) { |
| 1079 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each | 1079 // Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each |
| 1080 // allowed key length. | 1080 // allowed key length. |
| 1081 std::vector<blink::WebCryptoAlgorithm> algorithm; | 1081 std::vector<blink::WebCryptoAlgorithm> algorithm; |
| 1082 const unsigned short kKeyLength[] = {128, 192, 256}; | 1082 const unsigned short kKeyLength[] = {128, 192, 256}; |
| 1083 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { | 1083 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) { |
| 1084 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); | 1084 algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i])); |
| 1085 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); | 1085 algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i])); |
| 1086 if (SupportsAesGcm()) | 1086 if (SupportsAesGcm() && kKeyLength[i] != 192) |
|
Ryan Sleevi
2014/06/10 23:44:21
ditto re: all AES
| |
| 1087 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); | 1087 algorithm.push_back(CreateAesGcmKeyGenAlgorithm(kKeyLength[i])); |
| 1088 } | 1088 } |
| 1089 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1089 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 1090 std::vector<std::vector<uint8> > keys; | 1090 std::vector<std::vector<uint8> > keys; |
| 1091 std::vector<uint8> key_bytes; | 1091 std::vector<uint8> key_bytes; |
| 1092 for (size_t i = 0; i < algorithm.size(); ++i) { | 1092 for (size_t i = 0; i < algorithm.size(); ++i) { |
| 1093 SCOPED_TRACE(i); | 1093 SCOPED_TRACE(i); |
| 1094 // Generate a small sample of keys. | 1094 // Generate a small sample of keys. |
| 1095 keys.clear(); | 1095 keys.clear(); |
| 1096 for (int j = 0; j < 16; ++j) { | 1096 for (int j = 0; j < 16; ++j) { |
| (...skipping 768 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1865 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1865 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 1866 "A128CBC"}, | 1866 "A128CBC"}, |
| 1867 // AES-CBC 192 | 1867 // AES-CBC 192 |
| 1868 {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"}, | 1868 {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"}, |
| 1869 // AES-CBC 256 | 1869 // AES-CBC 256 |
| 1870 {key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"}, | 1870 {key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"}, |
| 1871 // AES-GCM 128 | 1871 // AES-GCM 128 |
| 1872 {key_hex_128, aes_gcm_alg, | 1872 {key_hex_128, aes_gcm_alg, |
| 1873 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 1873 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 1874 "A128GCM"}, | 1874 "A128GCM"}, |
| 1875 // AES-CGM 192 | |
| 1876 {key_hex_192, aes_gcm_alg, blink::WebCryptoKeyUsageEncrypt, "A192GCM"}, | |
| 1877 // AES-GCM 256 | 1875 // AES-GCM 256 |
| 1878 {key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"}, | 1876 {key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"}, |
| 1879 // AES-KW 128 | 1877 // AES-KW 128 |
| 1880 {key_hex_128, aes_kw_alg, | 1878 {key_hex_128, aes_kw_alg, |
| 1881 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 1879 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 1882 "A128KW"}, | 1880 "A128KW"}, |
| 1883 // AES-KW 192 | 1881 // AES-KW 192 |
| 1884 {key_hex_192, aes_kw_alg, | 1882 {key_hex_192, aes_kw_alg, |
| 1885 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 1883 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 1886 "A192KW"}, | 1884 "A192KW"}, |
| (...skipping 1372 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 3259 test_iv, | 3257 test_iv, |
| 3260 test_additional_data, | 3258 test_additional_data, |
| 3261 wrong_tag_size_bits, | 3259 wrong_tag_size_bits, |
| 3262 test_cipher_text, | 3260 test_cipher_text, |
| 3263 test_authentication_tag, | 3261 test_authentication_tag, |
| 3264 &plain_text)); | 3262 &plain_text)); |
| 3265 } | 3263 } |
| 3266 } | 3264 } |
| 3267 } | 3265 } |
| 3268 | 3266 |
| 3267 // AES-GCM 192-bit is not allowed: http://crbug.com/381829 | |
| 3268 TEST_F(SharedCryptoTest, MAYBE(ImportAesGcm192Raw)) { | |
| 3269 // Some Linux test runners may not have a new enough version of NSS. | |
| 3270 if (!SupportsAesGcm()) { | |
| 3271 LOG(WARNING) << "AES GCM not supported, skipping tests"; | |
| 3272 return; | |
| 3273 } | |
| 3274 | |
| 3275 std::vector<uint8> key_raw(24, 0); | |
| 3276 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
| 3277 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, | |
| 3278 CryptoData(key_raw), | |
| 3279 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | |
| 3280 true, | |
| 3281 blink::WebCryptoKeyUsageEncrypt, | |
| 3282 &key); | |
| 3283 ASSERT_EQ(Status::ErrorAesGcm192Unsupported(), status); | |
| 3284 } | |
| 3285 | |
| 3286 // AES-GCM 192-bit is not allowed: http://crbug.com/381829 | |
| 3287 TEST_F(SharedCryptoTest, MAYBE(GenerateAesGcm192)) { | |
| 3288 // Some Linux test runners may not have a new enough version of NSS. | |
| 3289 if (!SupportsAesGcm()) { | |
| 3290 LOG(WARNING) << "AES GCM not supported, skipping tests"; | |
| 3291 return; | |
| 3292 } | |
| 3293 | |
| 3294 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
| 3295 Status status = GenerateSecretKey(CreateAesGcmKeyGenAlgorithm(192), | |
| 3296 true, | |
| 3297 blink::WebCryptoKeyUsageEncrypt, | |
| 3298 &key); | |
| 3299 ASSERT_EQ(Status::ErrorAesGcm192Unsupported(), status); | |
| 3300 } | |
| 3301 | |
| 3269 class SharedCryptoRsaOaepTest : public ::testing::Test { | 3302 class SharedCryptoRsaOaepTest : public ::testing::Test { |
| 3270 public: | 3303 public: |
| 3271 SharedCryptoRsaOaepTest() { Init(); } | 3304 SharedCryptoRsaOaepTest() { Init(); } |
| 3272 | 3305 |
| 3273 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { | 3306 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { |
| 3274 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); | 3307 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); |
| 3275 jwk->SetString("kty", "RSA"); | 3308 jwk->SetString("kty", "RSA"); |
| 3276 jwk->SetString("n", | 3309 jwk->SetString("n", |
| 3277 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); | 3310 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); |
| 3278 jwk->SetString( | 3311 jwk->SetString( |
| (...skipping 955 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 4234 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | 4267 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); |
| 4235 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | 4268 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); |
| 4236 | 4269 |
| 4237 EXPECT_NE(public_key_spki, wrapped_public_key); | 4270 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 4238 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 4271 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 4239 } | 4272 } |
| 4240 | 4273 |
| 4241 } // namespace webcrypto | 4274 } // namespace webcrypto |
| 4242 | 4275 |
| 4243 } // namespace content | 4276 } // namespace content |
| OLD | NEW |
