Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(706)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 328903003: [webcrypto] Remove support for AES 192-bit keys (2 of 2) (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: rebase onto master Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/shared_crypto_unittest.cc
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
index 8acadacbb1980c984cc9306745b218c1d2d116f5..3e3730c73bc7e305781826c2806c440d98396370 100644
--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -1079,7 +1079,7 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyAes)) {
// Check key generation for each of AES-CBC, AES-GCM, and AES-KW, and for each
// allowed key length.
std::vector<blink::WebCryptoAlgorithm> algorithm;
- const unsigned short kKeyLength[] = {128, 192, 256};
+ const unsigned short kKeyLength[] = {128, 256};
for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kKeyLength); ++i) {
algorithm.push_back(CreateAesCbcKeyGenAlgorithm(kKeyLength[i]));
algorithm.push_back(CreateAesKwKeyGenAlgorithm(kKeyLength[i]));
@@ -1826,8 +1826,6 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
// Raw keys are generated by openssl:
// % openssl rand -hex <key length bytes>
const char* const key_hex_128 = "3f1e7cd4f6f8543f6b1e16002e688623";
- const char* const key_hex_192 =
- "ed91f916dc034eba68a0f9e7f34ddd48b98bd2848109e243";
const char* const key_hex_256 =
"bd08286b81a74783fd1ccf46b7e05af84ee25ae021210074159e0c4d9d907692";
const char* const key_hex_384 =
@@ -1864,26 +1862,18 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkSymmetricKey)) {
{key_hex_128, aes_cbc_alg,
blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
"A128CBC"},
- // AES-CBC 192
- {key_hex_192, aes_cbc_alg, blink::WebCryptoKeyUsageEncrypt, "A192CBC"},
// AES-CBC 256
{key_hex_256, aes_cbc_alg, blink::WebCryptoKeyUsageDecrypt, "A256CBC"},
// AES-GCM 128
{key_hex_128, aes_gcm_alg,
blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
"A128GCM"},
- // AES-CGM 192
- {key_hex_192, aes_gcm_alg, blink::WebCryptoKeyUsageEncrypt, "A192GCM"},
// AES-GCM 256
{key_hex_256, aes_gcm_alg, blink::WebCryptoKeyUsageDecrypt, "A256GCM"},
// AES-KW 128
{key_hex_128, aes_kw_alg,
blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
"A128KW"},
- // AES-KW 192
- {key_hex_192, aes_kw_alg,
- blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
- "A192KW"},
// AES-KW 256
{key_hex_256, aes_kw_alg,
blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
@@ -2815,16 +2805,13 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) {
// Import a 192-bit KEK
key_raw_hex_in = "c0192c6466b2370decbb62b2cfef4384544ffeb4d2fbc103";
- ASSERT_EQ(Status::Success(),
+ ASSERT_EQ(Status::ErrorAes192BitUnsupported(),
ImportKey(blink::WebCryptoKeyFormatRaw,
CryptoData(HexStringToBytes(key_raw_hex_in)),
algorithm,
true,
blink::WebCryptoKeyUsageWrapKey,
&key));
- EXPECT_EQ(Status::Success(),
- ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_raw_out));
- EXPECT_BYTES_EQ_HEX(key_raw_hex_in, key_raw_out);
// Import a 256-bit Key Encryption Key (KEK)
key_raw_hex_in =
@@ -2935,8 +2922,8 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
// Import the key to be wrapped.
blink::WebCryptoKey key = ImportSecretKeyFromRaw(
test_key,
- webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
- blink::WebCryptoKeyUsageEncrypt);
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
+ blink::WebCryptoKeyUsageSign);
// Wrap the key and verify the ciphertext result against the known answer.
std::vector<uint8> wrapped_key;
@@ -2956,16 +2943,16 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapKnownAnswer)) {
CryptoData(test_ciphertext),
wrapping_key,
wrapping_algorithm,
- webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1),
true,
- blink::WebCryptoKeyUsageEncrypt,
+ blink::WebCryptoKeyUsageSign,
&unwrapped_key));
EXPECT_FALSE(key.isNull());
EXPECT_TRUE(key.handle());
EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
- EXPECT_EQ(blink::WebCryptoAlgorithmIdAesCbc, key.algorithm().id());
+ EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
EXPECT_EQ(true, key.extractable());
- EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+ EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
// Export the new key and compare its raw bytes with the original known key.
std::vector<uint8> raw_key;
@@ -3038,7 +3025,7 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
base::DictionaryValue* test;
// Use 256 bits of data with a 256-bit KEK
- ASSERT_TRUE(tests->GetDictionary(5, &test));
+ ASSERT_TRUE(tests->GetDictionary(3, &test));
const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
const std::vector<uint8> test_ciphertext =
@@ -3091,7 +3078,7 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapCorruptData)) {
ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests));
base::DictionaryValue* test;
// Use 256 bits of data with a 256-bit KEK
- ASSERT_TRUE(tests->GetDictionary(5, &test));
+ ASSERT_TRUE(tests->GetDictionary(3, &test));
const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek");
const std::vector<uint8> test_key = GetBytesFromHexString(test, "key");
const std::vector<uint8> test_ciphertext =
@@ -3298,6 +3285,70 @@ TEST_F(SharedCryptoTest, MAYBE(AesGcmSampleSets)) {
}
}
+// AES 192-bit is not allowed: http://crbug.com/381829
+TEST_F(SharedCryptoTest, MAYBE(ImportAesCbc192Raw)) {
+ std::vector<uint8> key_raw(24, 0);
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+ Status status = ImportKey(blink::WebCryptoKeyFormatRaw,
+ CryptoData(key_raw),
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ true,
+ blink::WebCryptoKeyUsageEncrypt,
+ &key);
+ ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status);
+}
+
+// AES 192-bit is not allowed: http://crbug.com/381829
+TEST_F(SharedCryptoTest, MAYBE(ImportAesCbc192Jwk)) {
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+ base::DictionaryValue dict;
+ dict.SetString("kty", "oct");
+ dict.SetString("alg", "A192CBC");
+ dict.SetString("k", "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh");
+
+ EXPECT_EQ(
+ Status::ErrorAes192BitUnsupported(),
+ ImportKeyJwkFromDict(dict,
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ false,
+ blink::WebCryptoKeyUsageEncrypt,
+ &key));
+}
+
+// AES 192-bit is not allowed: http://crbug.com/381829
+TEST_F(SharedCryptoTest, MAYBE(GenerateAesCbc192)) {
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+ Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192),
+ true,
+ blink::WebCryptoKeyUsageEncrypt,
+ &key);
+ ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status);
+}
+
+// AES 192-bit is not allowed: http://crbug.com/381829
+TEST_F(SharedCryptoTest, MAYBE(UnwrapAesCbc192)) {
+ std::vector<uint8> wrapping_key_data(16, 0);
+ std::vector<uint8> wrapped_key = HexStringToBytes(
+ "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F");
+
+ blink::WebCryptoKey wrapping_key =
+ ImportSecretKeyFromRaw(wrapping_key_data,
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
+ blink::WebCryptoKeyUsageUnwrapKey);
+
+ blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull();
+ ASSERT_EQ(Status::ErrorAes192BitUnsupported(),
+ UnwrapKey(blink::WebCryptoKeyFormatRaw,
+ CryptoData(wrapped_key),
+ wrapping_key,
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ true,
+ blink::WebCryptoKeyUsageEncrypt,
+ &unwrapped_key));
+}
+
class SharedCryptoRsaOaepTest : public ::testing::Test {
public:
SharedCryptoRsaOaepTest() { Init(); }
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698