| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <string> | 8 #include <string> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| (...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 | 115 |
| 116 if (status.IsError()) | 116 if (status.IsError()) |
| 117 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type()); | 117 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type()); |
| 118 return status.IsSuccess(); | 118 return status.IsSuccess(); |
| 119 } | 119 } |
| 120 | 120 |
| 121 bool SupportsRsaOaep() { | 121 bool SupportsRsaOaep() { |
| 122 #if defined(USE_OPENSSL) | 122 #if defined(USE_OPENSSL) |
| 123 return false; | 123 return false; |
| 124 #else | 124 #else |
| 125 // TODO(eroman): Exclude version test for OS_CHROMEOS |
| 125 #if defined(USE_NSS) | 126 #if defined(USE_NSS) |
| 126 if (!NSS_VersionCheck("3.16.2")) | 127 if (!NSS_VersionCheck("3.16.2")) |
| 127 return false; | 128 return false; |
| 128 #endif | 129 #endif |
| 129 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 130 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 130 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); | 131 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); |
| 131 #endif | 132 #endif |
| 132 } | 133 } |
| 133 | 134 |
| 135 bool SupportsRsaKeyImport() { |
| 136 // TODO(eroman): Exclude version test for OS_CHROMEOS |
| 137 #if defined(USE_NSS) |
| 138 if (!NSS_VersionCheck("3.16.2")) { |
| 139 LOG(WARNING) << "RSA key import is not supported by this version of NSS. " |
| 140 "Skipping some tests"; |
| 141 return false; |
| 142 } |
| 143 #endif |
| 144 return true; |
| 145 } |
| 146 |
| 134 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( | 147 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( |
| 135 blink::WebCryptoAlgorithmId algorithm_id, | 148 blink::WebCryptoAlgorithmId algorithm_id, |
| 136 const blink::WebCryptoAlgorithmId hash_id, | 149 const blink::WebCryptoAlgorithmId hash_id, |
| 137 unsigned int modulus_length, | 150 unsigned int modulus_length, |
| 138 const std::vector<uint8>& public_exponent) { | 151 const std::vector<uint8>& public_exponent) { |
| 139 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 152 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 140 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 153 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 141 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 154 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
| 142 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 155 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 143 algorithm_id, | 156 algorithm_id, |
| (...skipping 1352 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1496 | 1509 |
| 1497 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg | 1510 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
| 1498 // value (128) for an AES key. | 1511 // value (128) for an AES key. |
| 1499 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); | 1512 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
| 1500 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(), | 1513 EXPECT_EQ(Status::ErrorJwkIncorrectKeyLength(), |
| 1501 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1514 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1502 RestoreJwkOctDictionary(&dict); | 1515 RestoreJwkOctDictionary(&dict); |
| 1503 } | 1516 } |
| 1504 | 1517 |
| 1505 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { | 1518 TEST_F(SharedCryptoTest, MAYBE(ImportExportJwkRsaPublicKey)) { |
| 1519 if (!SupportsRsaKeyImport()) |
| 1520 return; |
| 1521 |
| 1506 const bool supports_rsa_oaep = SupportsRsaOaep(); | 1522 const bool supports_rsa_oaep = SupportsRsaOaep(); |
| 1507 if (!supports_rsa_oaep) { | 1523 if (!supports_rsa_oaep) { |
| 1508 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" | 1524 LOG(WARNING) << "RSA-OAEP not supported on this platform. Skipping some" |
| 1509 << "tests."; | 1525 << "tests."; |
| 1510 } | 1526 } |
| 1511 | 1527 |
| 1512 struct TestCase { | 1528 struct TestCase { |
| 1513 const blink::WebCryptoAlgorithm algorithm; | 1529 const blink::WebCryptoAlgorithm algorithm; |
| 1514 const blink::WebCryptoKeyUsageMask usage; | 1530 const blink::WebCryptoKeyUsageMask usage; |
| 1515 const char* const jwk_alg; | 1531 const char* const jwk_alg; |
| (...skipping 453 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1969 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); | 1985 EXPECT_EQ(0u, key.algorithm().hmacParams()->lengthBits()); |
| 1970 | 1986 |
| 1971 std::vector<uint8> exported_key_data; | 1987 std::vector<uint8> exported_key_data; |
| 1972 EXPECT_EQ(Status::Success(), | 1988 EXPECT_EQ(Status::Success(), |
| 1973 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); | 1989 ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key_data)); |
| 1974 | 1990 |
| 1975 EXPECT_EQ(0u, exported_key_data.size()); | 1991 EXPECT_EQ(0u, exported_key_data.size()); |
| 1976 } | 1992 } |
| 1977 | 1993 |
| 1978 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { | 1994 TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) { |
| 1995 if (!SupportsRsaKeyImport()) |
| 1996 return; |
| 1997 |
| 1979 // Passing case: Import a valid RSA key in SPKI format. | 1998 // Passing case: Import a valid RSA key in SPKI format. |
| 1980 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1999 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 1981 ASSERT_EQ(Status::Success(), | 2000 ASSERT_EQ(Status::Success(), |
| 1982 ImportKey(blink::WebCryptoKeyFormatSpki, | 2001 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 1983 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2002 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 1984 CreateRsaHashedImportAlgorithm( | 2003 CreateRsaHashedImportAlgorithm( |
| 1985 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2004 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1986 blink::WebCryptoAlgorithmIdSha256), | 2005 blink::WebCryptoAlgorithmIdSha256), |
| 1987 true, | 2006 true, |
| 1988 blink::WebCryptoKeyUsageVerify, | 2007 blink::WebCryptoKeyUsageVerify, |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2055 | 2074 |
| 2056 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID | 2075 // TODO(eroman): Failing test: Import a SPKI with an unrecognized hash OID |
| 2057 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params | 2076 // TODO(eroman): Failing test: Import a SPKI with invalid algorithm params |
| 2058 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters | 2077 // TODO(eroman): Failing test: Import a SPKI with inconsistent parameters |
| 2059 // (e.g. SHA-1 in OID, SHA-256 in params) | 2078 // (e.g. SHA-1 in OID, SHA-256 in params) |
| 2060 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params | 2079 // TODO(eroman): Failing test: Import a SPKI for RSA-SSA, but with params |
| 2061 // as OAEP/PSS | 2080 // as OAEP/PSS |
| 2062 } | 2081 } |
| 2063 | 2082 |
| 2064 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { | 2083 TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) { |
| 2084 if (!SupportsRsaKeyImport()) |
| 2085 return; |
| 2086 |
| 2065 // Passing case: Import a valid RSA key in PKCS#8 format. | 2087 // Passing case: Import a valid RSA key in PKCS#8 format. |
| 2066 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2088 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2067 ASSERT_EQ(Status::Success(), | 2089 ASSERT_EQ(Status::Success(), |
| 2068 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2090 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2069 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2091 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
| 2070 CreateRsaHashedImportAlgorithm( | 2092 CreateRsaHashedImportAlgorithm( |
| 2071 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2093 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2072 blink::WebCryptoAlgorithmIdSha1), | 2094 blink::WebCryptoAlgorithmIdSha1), |
| 2073 true, | 2095 true, |
| 2074 blink::WebCryptoKeyUsageSign, | 2096 blink::WebCryptoKeyUsageSign, |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2122 true, | 2144 true, |
| 2123 blink::WebCryptoKeyUsageSign, | 2145 blink::WebCryptoKeyUsageSign, |
| 2124 &key)); | 2146 &key)); |
| 2125 } | 2147 } |
| 2126 | 2148 |
| 2127 // Tests JWK import and export by doing a roundtrip key conversion and ensuring | 2149 // Tests JWK import and export by doing a roundtrip key conversion and ensuring |
| 2128 // it was lossless: | 2150 // it was lossless: |
| 2129 // | 2151 // |
| 2130 // PKCS8 --> JWK --> PKCS8 | 2152 // PKCS8 --> JWK --> PKCS8 |
| 2131 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkToPkcs8RoundTrip)) { | 2153 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkToPkcs8RoundTrip)) { |
| 2154 if (!SupportsRsaKeyImport()) |
| 2155 return; |
| 2156 |
| 2132 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2157 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2133 ASSERT_EQ(Status::Success(), | 2158 ASSERT_EQ(Status::Success(), |
| 2134 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2159 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2135 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2160 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
| 2136 CreateRsaHashedImportAlgorithm( | 2161 CreateRsaHashedImportAlgorithm( |
| 2137 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2162 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2138 blink::WebCryptoAlgorithmIdSha1), | 2163 blink::WebCryptoAlgorithmIdSha1), |
| 2139 true, | 2164 true, |
| 2140 blink::WebCryptoKeyUsageSign, | 2165 blink::WebCryptoKeyUsageSign, |
| 2141 &key)); | 2166 &key)); |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2187 } | 2212 } |
| 2188 | 2213 |
| 2189 // Tests importing multiple RSA private keys from JWK, and then exporting to | 2214 // Tests importing multiple RSA private keys from JWK, and then exporting to |
| 2190 // PKCS8. | 2215 // PKCS8. |
| 2191 // | 2216 // |
| 2192 // This is a regression test for http://crbug.com/378315, for which importing | 2217 // This is a regression test for http://crbug.com/378315, for which importing |
| 2193 // a sequence of keys from JWK could yield the wrong key. The first key would | 2218 // a sequence of keys from JWK could yield the wrong key. The first key would |
| 2194 // be imported correctly, however every key after that would actually import | 2219 // be imported correctly, however every key after that would actually import |
| 2195 // the first key. | 2220 // the first key. |
| 2196 TEST_F(SharedCryptoTest, MAYBE(ImportMultipleRSAPrivateKeysJwk)) { | 2221 TEST_F(SharedCryptoTest, MAYBE(ImportMultipleRSAPrivateKeysJwk)) { |
| 2222 if (!SupportsRsaKeyImport()) |
| 2223 return; |
| 2224 |
| 2197 scoped_ptr<base::ListValue> key_list; | 2225 scoped_ptr<base::ListValue> key_list; |
| 2198 ASSERT_TRUE(ReadJsonTestFileToList("rsa_private_keys.json", &key_list)); | 2226 ASSERT_TRUE(ReadJsonTestFileToList("rsa_private_keys.json", &key_list)); |
| 2199 | 2227 |
| 2200 // For this test to be meaningful the keys MUST be kept alive before importing | 2228 // For this test to be meaningful the keys MUST be kept alive before importing |
| 2201 // new keys. | 2229 // new keys. |
| 2202 std::vector<blink::WebCryptoKey> live_keys; | 2230 std::vector<blink::WebCryptoKey> live_keys; |
| 2203 | 2231 |
| 2204 for (size_t key_index = 0; key_index < key_list->GetSize(); ++key_index) { | 2232 for (size_t key_index = 0; key_index < key_list->GetSize(); ++key_index) { |
| 2205 SCOPED_TRACE(key_index); | 2233 SCOPED_TRACE(key_index); |
| 2206 | 2234 |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2348 &key)); | 2376 &key)); |
| 2349 } | 2377 } |
| 2350 | 2378 |
| 2351 // Import a JWK RSA private key, without any of the optional parameters. | 2379 // Import a JWK RSA private key, without any of the optional parameters. |
| 2352 // | 2380 // |
| 2353 // This is expected to work, however based on the current NSS implementation it | 2381 // This is expected to work, however based on the current NSS implementation it |
| 2354 // does not. | 2382 // does not. |
| 2355 // | 2383 // |
| 2356 // TODO(eroman): http://crbug/com/374927 | 2384 // TODO(eroman): http://crbug/com/374927 |
| 2357 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { | 2385 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { |
| 2386 if (!SupportsRsaKeyImport()) |
| 2387 return; |
| 2388 |
| 2358 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2389 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2359 | 2390 |
| 2360 base::DictionaryValue dict; | 2391 base::DictionaryValue dict; |
| 2361 dict.SetString("kty", "RSA"); | 2392 dict.SetString("kty", "RSA"); |
| 2362 dict.SetString("alg", "RS1"); | 2393 dict.SetString("alg", "RS1"); |
| 2363 | 2394 |
| 2364 dict.SetString( | 2395 dict.SetString( |
| 2365 "n", | 2396 "n", |
| 2366 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_" | 2397 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_" |
| 2367 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_" | 2398 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_" |
| (...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2423 EXPECT_EQ(extractable, private_key.extractable()); | 2454 EXPECT_EQ(extractable, private_key.extractable()); |
| 2424 EXPECT_EQ(usage_mask, public_key.usages()); | 2455 EXPECT_EQ(usage_mask, public_key.usages()); |
| 2425 EXPECT_EQ(usage_mask, private_key.usages()); | 2456 EXPECT_EQ(usage_mask, private_key.usages()); |
| 2426 | 2457 |
| 2427 // Try exporting the generated key pair, and then re-importing to verify that | 2458 // Try exporting the generated key pair, and then re-importing to verify that |
| 2428 // the exported data was valid. | 2459 // the exported data was valid. |
| 2429 std::vector<uint8> public_key_spki; | 2460 std::vector<uint8> public_key_spki; |
| 2430 EXPECT_EQ( | 2461 EXPECT_EQ( |
| 2431 Status::Success(), | 2462 Status::Success(), |
| 2432 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 2463 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
| 2433 public_key = blink::WebCryptoKey::createNull(); | |
| 2434 EXPECT_EQ(Status::Success(), | |
| 2435 ImportKey(blink::WebCryptoKeyFormatSpki, | |
| 2436 CryptoData(public_key_spki), | |
| 2437 CreateRsaHashedImportAlgorithm( | |
| 2438 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 2439 blink::WebCryptoAlgorithmIdSha256), | |
| 2440 true, | |
| 2441 usage_mask, | |
| 2442 &public_key)); | |
| 2443 EXPECT_EQ(modulus_length, | |
| 2444 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | |
| 2445 | 2464 |
| 2446 std::vector<uint8> private_key_pkcs8; | 2465 if (SupportsRsaKeyImport()) { |
| 2447 EXPECT_EQ( | 2466 public_key = blink::WebCryptoKey::createNull(); |
| 2448 Status::Success(), | 2467 EXPECT_EQ(Status::Success(), |
| 2449 ExportKey( | 2468 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 2450 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 2469 CryptoData(public_key_spki), |
| 2451 private_key = blink::WebCryptoKey::createNull(); | 2470 CreateRsaHashedImportAlgorithm( |
| 2452 EXPECT_EQ(Status::Success(), | 2471 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2453 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2472 blink::WebCryptoAlgorithmIdSha256), |
| 2454 CryptoData(private_key_pkcs8), | 2473 true, |
| 2455 CreateRsaHashedImportAlgorithm( | 2474 usage_mask, |
| 2456 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2475 &public_key)); |
| 2457 blink::WebCryptoAlgorithmIdSha256), | 2476 EXPECT_EQ(modulus_length, |
| 2458 true, | 2477 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2459 usage_mask, | 2478 |
| 2460 &private_key)); | 2479 std::vector<uint8> private_key_pkcs8; |
| 2461 EXPECT_EQ(modulus_length, | 2480 EXPECT_EQ( |
| 2462 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 2481 Status::Success(), |
| 2482 ExportKey( |
| 2483 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
| 2484 private_key = blink::WebCryptoKey::createNull(); |
| 2485 EXPECT_EQ(Status::Success(), |
| 2486 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2487 CryptoData(private_key_pkcs8), |
| 2488 CreateRsaHashedImportAlgorithm( |
| 2489 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2490 blink::WebCryptoAlgorithmIdSha256), |
| 2491 true, |
| 2492 usage_mask, |
| 2493 &private_key)); |
| 2494 EXPECT_EQ(modulus_length, |
| 2495 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2496 } |
| 2463 | 2497 |
| 2464 // Fail with bad modulus. | 2498 // Fail with bad modulus. |
| 2465 algorithm = | 2499 algorithm = |
| 2466 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2500 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2467 blink::WebCryptoAlgorithmIdSha256, | 2501 blink::WebCryptoAlgorithmIdSha256, |
| 2468 0, | 2502 0, |
| 2469 public_exponent); | 2503 public_exponent); |
| 2470 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), | 2504 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), |
| 2471 GenerateKeyPair( | 2505 GenerateKeyPair( |
| 2472 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2506 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2595 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2629 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2596 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2630 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2597 | 2631 |
| 2598 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 2632 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
| 2599 GenerateKeyPair( | 2633 GenerateKeyPair( |
| 2600 algorithm, true, 0, &public_key, &private_key)); | 2634 algorithm, true, 0, &public_key, &private_key)); |
| 2601 } | 2635 } |
| 2602 } | 2636 } |
| 2603 | 2637 |
| 2604 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { | 2638 TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) { |
| 2639 if (!SupportsRsaKeyImport()) |
| 2640 return; |
| 2641 |
| 2605 // Import a key pair. | 2642 // Import a key pair. |
| 2606 blink::WebCryptoAlgorithm import_algorithm = | 2643 blink::WebCryptoAlgorithm import_algorithm = |
| 2607 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2644 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2608 blink::WebCryptoAlgorithmIdSha1); | 2645 blink::WebCryptoAlgorithmIdSha1); |
| 2609 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2646 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2610 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2647 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2611 ASSERT_NO_FATAL_FAILURE( | 2648 ASSERT_NO_FATAL_FAILURE( |
| 2612 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), | 2649 ImportRsaKeyPair(HexStringToBytes(kPublicKeySpkiDerHex), |
| 2613 HexStringToBytes(kPrivateKeyPkcs8DerHex), | 2650 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
| 2614 import_algorithm, | 2651 import_algorithm, |
| (...skipping 110 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2725 VerifySignature( | 2762 VerifySignature( |
| 2726 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2763 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 2727 public_key_256, | 2764 public_key_256, |
| 2728 CryptoData(signature), | 2765 CryptoData(signature), |
| 2729 CryptoData(data), | 2766 CryptoData(data), |
| 2730 &is_match)); | 2767 &is_match)); |
| 2731 EXPECT_FALSE(is_match); | 2768 EXPECT_FALSE(is_match); |
| 2732 } | 2769 } |
| 2733 | 2770 |
| 2734 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 2771 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
| 2772 if (!SupportsRsaKeyImport()) |
| 2773 return; |
| 2774 |
| 2735 scoped_ptr<base::ListValue> tests; | 2775 scoped_ptr<base::ListValue> tests; |
| 2736 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 2776 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
| 2737 | 2777 |
| 2738 // Import the key pair. | 2778 // Import the key pair. |
| 2739 blink::WebCryptoAlgorithm import_algorithm = | 2779 blink::WebCryptoAlgorithm import_algorithm = |
| 2740 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2780 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2741 blink::WebCryptoAlgorithmIdSha1); | 2781 blink::WebCryptoAlgorithmIdSha1); |
| 2742 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2782 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2743 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2783 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2744 ASSERT_NO_FATAL_FAILURE( | 2784 ASSERT_NO_FATAL_FAILURE( |
| (...skipping 1462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4207 &private_key)); | 4247 &private_key)); |
| 4208 | 4248 |
| 4209 EXPECT_EQ(0, public_key.usages()); | 4249 EXPECT_EQ(0, public_key.usages()); |
| 4210 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); | 4250 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); |
| 4211 } | 4251 } |
| 4212 | 4252 |
| 4213 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the | 4253 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the |
| 4214 // key pair (using SPKI format for public key, PKCS8 format for private key). | 4254 // key pair (using SPKI format for public key, PKCS8 format for private key). |
| 4215 // Then unwrap the wrapped key pair and verify that the key data is the same. | 4255 // Then unwrap the wrapped key pair and verify that the key data is the same. |
| 4216 TEST_F(SharedCryptoTest, MAYBE(WrapUnwrapRoundtripSpkiPkcs8UsingAesCbc)) { | 4256 TEST_F(SharedCryptoTest, MAYBE(WrapUnwrapRoundtripSpkiPkcs8UsingAesCbc)) { |
| 4257 if (!SupportsRsaKeyImport()) |
| 4258 return; |
| 4259 |
| 4217 // Generate the wrapping key. | 4260 // Generate the wrapping key. |
| 4218 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); | 4261 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); |
| 4219 ASSERT_EQ(Status::Success(), | 4262 ASSERT_EQ(Status::Success(), |
| 4220 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), | 4263 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), |
| 4221 true, | 4264 true, |
| 4222 blink::WebCryptoKeyUsageWrapKey | | 4265 blink::WebCryptoKeyUsageWrapKey | |
| 4223 blink::WebCryptoKeyUsageUnwrapKey, | 4266 blink::WebCryptoKeyUsageUnwrapKey, |
| 4224 &wrapping_key)); | 4267 &wrapping_key)); |
| 4225 | 4268 |
| 4226 // Generate an RSA key pair to be wrapped. | 4269 // Generate an RSA key pair to be wrapped. |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4317 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | 4360 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); |
| 4318 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | 4361 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); |
| 4319 | 4362 |
| 4320 EXPECT_NE(public_key_spki, wrapped_public_key); | 4363 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 4321 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 4364 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 4322 } | 4365 } |
| 4323 | 4366 |
| 4324 } // namespace webcrypto | 4367 } // namespace webcrypto |
| 4325 | 4368 |
| 4326 } // namespace content | 4369 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 334983006:
[webcrypto] Disable RSA key import for NSS versions less than 3.16.2. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src