| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 113 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 124 #else | 124 #else |
| 125 #if defined(USE_NSS) | 125 #if defined(USE_NSS) |
| 126 if (!NSS_VersionCheck("3.16.2")) | 126 if (!NSS_VersionCheck("3.16.2")) |
| 127 return false; | 127 return false; |
| 128 #endif | 128 #endif |
| 129 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 129 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 130 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); | 130 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); |
| 131 #endif | 131 #endif |
| 132 } | 132 } |
| 133 | 133 |
| 134 bool SupportsRsaKeyImport() { |
| 135 #if defined(USE_NSS) |
| 136 if (!NSS_VersionCheck("3.16.2")) { |
| 137 LOG(WARNING) << "RSA key import is not supported by this version of NSS. " |
| 138 "Skipping some tests"; |
| 139 return false; |
| 140 } |
| 141 #endif |
| 142 return true; |
| 143 } |
| 144 |
| 134 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( | 145 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( |
| 135 blink::WebCryptoAlgorithmId algorithm_id, | 146 blink::WebCryptoAlgorithmId algorithm_id, |
| 136 const blink::WebCryptoAlgorithmId hash_id, | 147 const blink::WebCryptoAlgorithmId hash_id, |
| 137 unsigned int modulus_length, | 148 unsigned int modulus_length, |
| 138 const std::vector<uint8>& public_exponent) { | 149 const std::vector<uint8>& public_exponent) { |
| 139 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 150 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 140 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 151 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 141 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 152 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
| 142 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 153 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 143 algorithm_id, | 154 algorithm_id, |
| (...skipping 1352 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1496 | 1507 |
| 1497 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg | 1508 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
| 1498 // value (128) for an AES key. | 1509 // value (128) for an AES key. |
| 1499 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); | 1510 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
| 1500 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(), | 1511 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(), |
| 1501 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1512 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1502 RestoreJwkOctDictionary(&dict); | 1513 RestoreJwkOctDictionary(&dict); |
| 1503 } | 1514 } |
| 1504 | 1515 |
| 1505 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { | 1516 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { |
| 1517 if (!SupportsRsaKeyImport()) |
| 1518 return; |
| 1519 |
| 1506 const bool supports_rsa_oaep = SupportsRsaOaep(); | 1520 const bool supports_rsa_oaep = SupportsRsaOaep(); |
| 1507 if (!supports_rsa_oaep) { | 1521 if (!supports_rsa_oaep) { |
| 1508 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" | 1522 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" |
| 1509 << "tests."; | 1523 << "tests."; |
| 1510 } | 1524 } |
| 1511 | 1525 |
| 1512 struct TestCase { | 1526 struct TestCase { |
| 1513 const blink::WebCryptoAlgorithm algorithm; | 1527 const blink::WebCryptoAlgorithm algorithm; |
| 1514 const blink::WebCryptoKeyUsageMask usage; | 1528 const blink::WebCryptoKeyUsageMask usage; |
| 1515 const char* const jwk_alg; | 1529 const char* const jwk_alg; |
| (...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1969 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); | 1983 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); |
| 1970 | 1984 |
| 1971 std::vector<uint8> exported_key_data; | 1985 std::vector<uint8> exported_key_data; |
| 1972 EXPECT_EQ(Status::Success(), | 1986 EXPECT_EQ(Status::Success(), |
| 1973 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); | 1987 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); |
| 1974 | 1988 |
| 1975 EXPECT_EQ(0u, exported_key_data.size()); | 1989 EXPECT_EQ(0u, exported_key_data.size()); |
| 1976 } | 1990 } |
| 1977 | 1991 |
| 1978 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1992 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
| 1993 if (!SupportsRsaKeyImport()) |
| 1994 return; |
| 1995 |
| 1979 // Passing case: Import a valid RSA key in SPKI format. | 1996 // Passing case: Import a valid RSA key in SPKI format. |
| 1980 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1997 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 1981 ASSERT_EQ(Status::Success(), | 1998 ASSERT_EQ(Status::Success(), |
| 1982 ImportKey(blink::WebCryptoKeyFormatSpki, | 1999 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1983 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2000 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 1984 CreateRsaHashedImportAlgorithm( | 2001 CreateRsaHashedImportAlgorithm( |
| 1985 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2002 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1986 blink::WebCryptoAlgorithmIdSha256), | 2003 blink::WebCryptoAlgorithmIdSha256), |
| 1987 true, | 2004 true, |
| 1988 blink::WebCryptoKeyUsageVerify, | 2005 blink::WebCryptoKeyUsageVerify, |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2055 | 2072 |
| 2056 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID | 2073 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID |
| 2057 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params | 2074 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params |
| 2058 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters | 2075 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters |
| 2059 // (e.g. SHA-1 in OID, SHA-256 in params) | 2076 // (e.g. SHA-1 in OID, SHA-256 in params) |
| 2060 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params | 2077 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params |
| 2061 // as OAEP/PSS | 2078 // as OAEP/PSS |
| 2062 } | 2079 } |
| 2063 | 2080 |
| 2064 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { | 2081 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { |
| 2082 if (!SupportsRsaKeyImport()) |
| 2083 return; |
| 2084 |
| 2065 // Passing case: Import a valid RSA key in PKCS#8 format. | 2085 // Passing case: Import a valid RSA key in PKCS#8 format. |
| 2066 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2086 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2067 ASSERT_EQ(Status::Success(), | 2087 ASSERT_EQ(Status::Success(), |
| 2068 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2088 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2069 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2089 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
| 2070 CreateRsaHashedImportAlgorithm( | 2090 CreateRsaHashedImportAlgorithm( |
| 2071 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2091 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2072 blink::WebCryptoAlgorithmIdSha1), | 2092 blink::WebCryptoAlgorithmIdSha1), |
| 2073 true, | 2093 true, |
| 2074 blink::WebCryptoKeyUsageSign, | 2094 blink::WebCryptoKeyUsageSign, |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2122 true, | 2142 true, |
| 2123 blink::WebCryptoKeyUsageSign, | 2143 blink::WebCryptoKeyUsageSign, |
| 2124 &key)); | 2144 &key)); |
| 2125 } | 2145 } |
| 2126 | 2146 |
| 2127 // Tests JWK import and export by doing a roundtrip key conversion and ensuring | 2147 // Tests JWK import and export by doing a roundtrip key conversion and ensuring |
| 2128 // it was lossless: | 2148 // it was lossless: |
| 2129 // | 2149 // |
| 2130 // PKCS8 --> JWK --> PKCS8 | 2150 // PKCS8 --> JWK --> PKCS8 |
| 2131 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkToPkcs8RoundTrip)) { | 2151 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkToPkcs8RoundTrip)) { |
| 2152 if (!SupportsRsaKeyImport()) |
| 2153 return; |
| 2154 |
| 2132 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2155 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2133 ASSERT_EQ(Status::Success(), | 2156 ASSERT_EQ(Status::Success(), |
| 2134 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2157 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2135 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2158 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
| 2136 CreateRsaHashedImportAlgorithm( | 2159 CreateRsaHashedImportAlgorithm( |
| 2137 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2160 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2138 blink::WebCryptoAlgorithmIdSha1), | 2161 blink::WebCryptoAlgorithmIdSha1), |
| 2139 true, | 2162 true, |
| 2140 blink::WebCryptoKeyUsageSign, | 2163 blink::WebCryptoKeyUsageSign, |
| 2141 &key)); | 2164 &key)); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2187 } | 2210 } |
| 2188 | 2211 |
| 2189 // Tests importing multiple RSA private keys from JWK, and then exporting to | 2212 // Tests importing multiple RSA private keys from JWK, and then exporting to |
| 2190 // PKCS8. | 2213 // PKCS8. |
| 2191 // | 2214 // |
| 2192 // This is a regression test for http://crbug.com/378315, for which importing | 2215 // This is a regression test for http://crbug.com/378315, for which importing |
| 2193 // a sequence of keys from JWK could yield the wrong key. The first key would | 2216 // a sequence of keys from JWK could yield the wrong key. The first key would |
| 2194 // be imported correctly, however every key after that would actually import | 2217 // be imported correctly, however every key after that would actually import |
| 2195 // the first key. | 2218 // the first key. |
| 2196 TEST_F(SharedCryptoTest, MAYBE(ImportMultipleRSAPrivateKeysJwk)) { | 2219 TEST_F(SharedCryptoTest, MAYBE(ImportMultipleRSAPrivateKeysJwk)) { |
| 2220 if (!SupportsRsaKeyImport()) |
| 2221 return; |
| 2222 |
| 2197 scoped_ptr<base::ListValue> key_list; | 2223 scoped_ptr<base::ListValue> key_list; |
| 2198 ASSERT_TRUE(ReadJsonTestFileToList("rsa_private_keys.json", &key_list)); | 2224 ASSERT_TRUE(ReadJsonTestFileToList("rsa_private_keys.json", &key_list)); |
| 2199 | 2225 |
| 2200 // For this test to be meaningful the keys MUST be kept alive before importing | 2226 // For this test to be meaningful the keys MUST be kept alive before importing |
| 2201 // new keys. | 2227 // new keys. |
| 2202 std::vector<blink::WebCryptoKey> live_keys; | 2228 std::vector<blink::WebCryptoKey> live_keys; |
| 2203 | 2229 |
| 2204 for (size_t key_index = 0; key_index < key_list->GetSize(); ++key_index) { | 2230 for (size_t key_index = 0; key_index < key_list->GetSize(); ++key_index) { |
| 2205 SCOPED_TRACE(key_index); | 2231 SCOPED_TRACE(key_index); |
| 2206 | 2232 |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2348 &key)); | 2374 &key)); |
| 2349 } | 2375 } |
| 2350 | 2376 |
| 2351 // Import a JWK RSA private key, without any of the optional parameters. | 2377 // Import a JWK RSA private key, without any of the optional parameters. |
| 2352 // | 2378 // |
| 2353 // This is expected to work, however based on the current NSS implementation it | 2379 // This is expected to work, however based on the current NSS implementation it |
| 2354 // does not. | 2380 // does not. |
| 2355 // | 2381 // |
| 2356 // TODO(eroman): http://crbug/com/374927 | 2382 // TODO(eroman): http://crbug/com/374927 |
| 2357 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { | 2383 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { |
| 2384 if (!SupportsRsaKeyImport()) |
| 2385 return; |
| 2386 |
| 2358 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2387 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2359 | 2388 |
| 2360 base::DictionaryValue dict; | 2389 base::DictionaryValue dict; |
| 2361 dict.SetString("kty", "RSA"); | 2390 dict.SetString("kty", "RSA"); |
| 2362 dict.SetString("alg", "RS1"); | 2391 dict.SetString("alg", "RS1"); |
| 2363 | 2392 |
| 2364 dict.SetString( | 2393 dict.SetString( |
| 2365 "n", | 2394 "n", |
| 2366 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_" | 2395 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_" |
| 2367 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_" | 2396 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_" |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2423 EXPECT_EQ(extractable, private_key.extractable()); | 2452 EXPECT_EQ(extractable, private_key.extractable()); |
| 2424 EXPECT_EQ(usage_mask, public_key.usages()); | 2453 EXPECT_EQ(usage_mask, public_key.usages()); |
| 2425 EXPECT_EQ(usage_mask, private_key.usages()); | 2454 EXPECT_EQ(usage_mask, private_key.usages()); |
| 2426 | 2455 |
| 2427 // Try exporting the generated key pair, and then re-importing to verify that | 2456 // Try exporting the generated key pair, and then re-importing to verify that |
| 2428 // the exported data was valid. | 2457 // the exported data was valid. |
| 2429 std::vector<uint8> public_key_spki; | 2458 std::vector<uint8> public_key_spki; |
| 2430 EXPECT_EQ( | 2459 EXPECT_EQ( |
| 2431 Status::Success(), | 2460 Status::Success(), |
| 2432 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 2461 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
| 2433 public_key = blink::WebCryptoKey::createNull(); | |
| 2434 EXPECT_EQ(Status::Success(), | |
| 2435 ImportKey(blink::WebCryptoKeyFormatSpki, | |
| 2436 CryptoData(public_key_spki), | |
| 2437 CreateRsaHashedImportAlgorithm( | |
| 2438 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 2439 blink::WebCryptoAlgorithmIdSha256), | |
| 2440 true, | |
| 2441 usage_mask, | |
| 2442 &public_key)); | |
| 2443 EXPECT_EQ(modulus_length, | |
| 2444 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
| 2445 | 2462 |
| 2446 std::vector<uint8> private_key_pkcs8; | 2463 if (SupportsRsaKeyImport()) { |
| 2447 EXPECT_EQ( | 2464 public_key = blink::WebCryptoKey::createNull(); |
| 2448 Status::Success(), | 2465 EXPECT_EQ(Status::Success(), |
| 2449 ExportKey( | 2466 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 2450 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 2467 CryptoData(public_key_spki), |
| 2451 private_key = blink::WebCryptoKey::createNull(); | 2468 CreateRsaHashedImportAlgorithm( |
| 2452 EXPECT_EQ(Status::Success(), | 2469 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2453 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2470 blink::WebCryptoAlgorithmIdSha256), |
| 2454 CryptoData(private_key_pkcs8), | 2471 true, |
| 2455 CreateRsaHashedImportAlgorithm( | 2472 usage_mask, |
| 2456 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2473 &public_key)); |
| 2457 blink::WebCryptoAlgorithmIdSha256), | 2474 EXPECT_EQ(modulus_length, |
| 2458 true, | 2475 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2459 usage_mask, | 2476 |
| 2460 &private_key)); | 2477 std::vector<uint8> private_key_pkcs8; |
| 2461 EXPECT_EQ(modulus_length, | 2478 EXPECT_EQ( |
| 2462 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 2479 Status::Success(), |
| 2480 ExportKey( |
| 2481 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
| 2482 private_key = blink::WebCryptoKey::createNull(); |
| 2483 EXPECT_EQ(Status::Success(), |
| 2484 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2485 CryptoData(private_key_pkcs8), |
| 2486 CreateRsaHashedImportAlgorithm( |
| 2487 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2488 blink::WebCryptoAlgorithmIdSha256), |
| 2489 true, |
| 2490 usage_mask, |
| 2491 &private_key)); |
| 2492 EXPECT_EQ(modulus_length, |
| 2493 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2494 } |
| 2463 | 2495 |
| 2464 // Fail with bad modulus. | 2496 // Fail with bad modulus. |
| 2465 algorithm = | 2497 algorithm = |
| 2466 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2498 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2467 blink::WebCryptoAlgorithmIdSha256, | 2499 blink::WebCryptoAlgorithmIdSha256, |
| 2468 0, | 2500 0, |
| 2469 public_exponent); | 2501 public_exponent); |
| 2470 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), | 2502 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), |
| 2471 GenerateKeyPair( | 2503 GenerateKeyPair( |
| 2472 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2504 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2595 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2627 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2596 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2628 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2597 | 2629 |
| 2598 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 2630 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
| 2599 GenerateKeyPair( | 2631 GenerateKeyPair( |
| 2600 algorithm, true, 0, &public_key, &private_key)); | 2632 algorithm, true, 0, &public_key, &private_key)); |
| 2601 } | 2633 } |
| 2602 } | 2634 } |
| 2603 | 2635 |
| 2604 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 2636 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
| 2637 if (!SupportsRsaKeyImport()) |
| 2638 return; |
| 2639 |
| 2605 // Import a key pair. | 2640 // Import a key pair. |
| 2606 blink::WebCryptoAlgorithm import_algorithm = | 2641 blink::WebCryptoAlgorithm import_algorithm = |
| 2607 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2642 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2608 blink::WebCryptoAlgorithmIdSha1); | 2643 blink::WebCryptoAlgorithmIdSha1); |
| 2609 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2644 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2610 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2645 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2611 ASSERT_NO_FATAL_FAILURE( | 2646 ASSERT_NO_FATAL_FAILURE( |
| 2612 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), | 2647 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
| 2613 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2648 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
| 2614 import_algorithm, | 2649 import_algorithm, |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2725 VerifySignature( | 2760 VerifySignature( |
| 2726 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2761 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 2727 public_key_256, | 2762 public_key_256, |
| 2728 CryptoData(signature), | 2763 CryptoData(signature), |
| 2729 CryptoData(data), | 2764 CryptoData(data), |
| 2730 &is_match)); | 2765 &is_match)); |
| 2731 EXPECT_FALSE(is_match); | 2766 EXPECT_FALSE(is_match); |
| 2732 } | 2767 } |
| 2733 | 2768 |
| 2734 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 2769 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
| 2770 if (!SupportsRsaKeyImport()) |
| 2771 return; |
| 2772 |
| 2735 scoped_ptr<base::ListValue> tests; | 2773 scoped_ptr<base::ListValue> tests; |
| 2736 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 2774 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
| 2737 | 2775 |
| 2738 // Import the key pair. | 2776 // Import the key pair. |
| 2739 blink::WebCryptoAlgorithm import_algorithm = | 2777 blink::WebCryptoAlgorithm import_algorithm = |
| 2740 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2778 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2741 blink::WebCryptoAlgorithmIdSha1); | 2779 blink::WebCryptoAlgorithmIdSha1); |
| 2742 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2780 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2743 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2781 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2744 ASSERT_NO_FATAL_FAILURE( | 2782 ASSERT_NO_FATAL_FAILURE( |
| (...skipping 1462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4207 &private_key)); | 4245 &private_key)); |
| 4208 | 4246 |
| 4209 EXPECT_EQ(0, public_key.usages()); | 4247 EXPECT_EQ(0, public_key.usages()); |
| 4210 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); | 4248 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); |
| 4211 } | 4249 } |
| 4212 | 4250 |
| 4213 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the | 4251 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the |
| 4214 // key pair (using SPKI format for public key, PKCS8 format for private key). | 4252 // key pair (using SPKI format for public key, PKCS8 format for private key). |
| 4215 // Then unwrap the wrapped key pair and verify that the key data is the same. | 4253 // Then unwrap the wrapped key pair and verify that the key data is the same. |
| 4216 TEST_F(SharedCryptoTest, MAYBE(WrapUnwrapRoundtripSpkiPkcs8UsingAesCbc)) { | 4254 TEST_F(SharedCryptoTest, MAYBE(WrapUnwrapRoundtripSpkiPkcs8UsingAesCbc)) { |
| 4255 if (!SupportsRsaKeyImport()) |
| 4256 return; |
| 4257 |
| 4217 // Generate the wrapping key. | 4258 // Generate the wrapping key. |
| 4218 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); | 4259 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); |
| 4219 ASSERT_EQ(Status::Success(), | 4260 ASSERT_EQ(Status::Success(), |
| 4220 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), | 4261 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), |
| 4221 true, | 4262 true, |
| 4222 blink::WebCryptoKeyUsageWrapKey | | 4263 blink::WebCryptoKeyUsageWrapKey | |
| 4223 blink::WebCryptoKeyUsageUnwrapKey, | 4264 blink::WebCryptoKeyUsageUnwrapKey, |
| 4224 &wrapping_key)); | 4265 &wrapping_key)); |
| 4225 | 4266 |
| 4226 // Generate an RSA key pair to be wrapped. | 4267 // Generate an RSA key pair to be wrapped. |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4317 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | 4358 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); |
| 4318 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | 4359 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); |
| 4319 | 4360 |
| 4320 EXPECT_NE(public_key_spki, wrapped_public_key); | 4361 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 4321 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 4362 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 4322 } | 4363 } |
| 4323 | 4364 |
| 4324 } // namespace webcrypto | 4365 } // namespace webcrypto |
| 4325 | 4366 |
| 4326 } // namespace content | 4367 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 334983006:
[webcrypto] Disable RSA key import for NSS versions less than 3.16.2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src