[webcrypto] Restrict public exponent for RSA key generation to 3 or 65537.

content/child/webcrypto/shared_crypto_unittest.cc

Index: content/child/webcrypto/shared_crypto_unittest.cc
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
index a25db7760542b637480a8d077e1d5bb736771f95..8acadacbb1980c984cc9306745b218c1d2d116f5 100644
--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -2579,6 +2579,38 @@ TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsa)) {
             ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output));
 }
 
+// Try generating RSA key pairs using unsupported public exponents. Only
+// exponents of 3 and 65537 are supported. While both OpenSSL and NSS can
+// support other values, OpenSSL hangs when given invalid exponents, so use a
+// whitelist to validate the parameters.
+TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsaBadExponent)) {
+  const unsigned int modulus_length = 1024;
+
+  const char* const kPublicExponents[] = {
+      "11",  // 17 - This is a valid public exponent, but currently disallowed.
+      "00",
+      "01",
+      "02",
+      "010000",  // 65536
+  };
+
+  for (size_t i = 0; i < arraysize(kPublicExponents); ++i) {
+    SCOPED_TRACE(i);
+    blink::WebCryptoAlgorithm algorithm = CreateRsaHashedKeyGenAlgorithm(
+        blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+        blink::WebCryptoAlgorithmIdSha256,
+        modulus_length,
+        HexStringToBytes(kPublicExponents[i]));
+
+    blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
+    blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull();
+
+    EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(),
+              GenerateKeyPair(
+                  algorithm, true, 0, &public_key, &private_key));
+  }
+}
+
 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
   // Import a key pair.
   blink::WebCryptoAlgorithm import_algorithm =