[webcrypto] Add RSA key generation using NSS.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webcrypto_impl.h"
 
 #include "base/basictypes.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_number_conversions.h"
@@ skipping 59 matching lines @@
       new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size()));
 }
 
 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
     unsigned short key_length_bits) {
   return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
       WebKit::WebCryptoAlgorithmIdAesCbc,
       new WebKit::WebCryptoAesKeyGenParams(key_length_bits));
 }
 
+WebKit::WebCryptoAlgorithm CreateRsaAlgorithm(
+    WebKit::WebCryptoAlgorithmId algorithm_id,
+    unsigned modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep);
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+      new WebKit::WebCryptoRsaKeyGenParams(
+          modulus_length, Start(public_exponent), public_exponent.size()));
+}
+
 }  // namespace
 
 namespace content {
 
 class WebCryptoImplTest : public testing::Test {
  protected:
   WebKit::WebCryptoKey ImportSecretKeyFromRawHexString(
       const std::string& key_hex,
       const WebKit::WebCryptoAlgorithm& algorithm,
       WebKit::WebCryptoKeyUsageMask usage) {
@@ skipping 27 matching lines @@
     return crypto_.DigestInternal(algorithm, Start(data), data.size(), buffer);
   }
 
   bool GenerateKeyInternal(
       const WebKit::WebCryptoAlgorithm& algorithm,
       scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
       WebKit::WebCryptoKeyType* type) {
     return crypto_.GenerateKeyInternal(algorithm, handle, type);
   }
 
+  bool GenerateKeyPairInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      scoped_ptr<WebKit::WebCryptoKeyHandle>* public_key,
+      scoped_ptr<WebKit::WebCryptoKeyHandle>* private_key) {
+    return crypto_.GenerateKeyPairInternal(algorithm, public_key, private_key);
+  }
+
   bool ImportKeyInternal(
       WebKit::WebCryptoKeyFormat format,
       const std::vector<uint8>& key_data,
       const WebKit::WebCryptoAlgorithm& algorithm,
       WebKit::WebCryptoKeyUsageMask usage_mask,
       scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
       WebKit::WebCryptoKeyType* type) {
     return crypto_.ImportKeyInternal(format,
                                      Start(key_data),
                                      key_data.size(),
@@ skipping 512 matching lines @@
 TEST_F(WebCryptoImplTest, GenerateKeyHmacNoLength) {
   scoped_ptr<WebKit::WebCryptoKeyHandle> result;
   WebKit::WebCryptoKeyType type = WebKit::WebCryptoKeyTypePublic;
   WebKit::WebCryptoAlgorithm algorithm =
       CreateHmacKeyAlgorithm(WebKit::WebCryptoAlgorithmIdSha1, 0);
   ASSERT_TRUE(GenerateKeyInternal(algorithm, &result, &type));
   EXPECT_TRUE(result);
   EXPECT_EQ(type, WebKit::WebCryptoKeyTypeSecret);
 }
 
+#if !defined(USE_OPENSSL)
+
+TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
+
+  // Note: using unrealistic short key lengths here to avoid bogging down tests.
+
+  // happy WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key gen

[eroman, 2013/10/28 20:00:47]

Could you capitalize the comment and end with a period? Also "successful" or
"valid" is probably more descriptive than "happy" (although you can leave it
as-is).

[padolph, 2013/10/28 21:08:53]

Done.

+  unsigned modulus_length = 256;
+  std::vector<uint8> public_exponent = HexStringToBytes("010001");
+  WebKit::WebCryptoAlgorithm algorithm =
+      CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                         modulus_length,
+                         public_exponent);
+  scoped_ptr<WebKit::WebCryptoKeyHandle> public_key_handle;
+  scoped_ptr<WebKit::WebCryptoKeyHandle> private_key_handle;
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+  EXPECT_TRUE(public_key_handle);
+  EXPECT_TRUE(private_key_handle);
+
+  // bad modulus

[eroman, 2013/10/28 20:00:47]

Please capitalize for consistency throughout.

[padolph, 2013/10/28 21:08:53]

Done.

+  modulus_length = 0;
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 public_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+  modulus_length = 256;  // restore modulus_length for next test

[eroman, 2013/10/28 20:00:47]

[optional] I think it would be clearer to inline this into the
CreateRsaAlgorithm() call.

[padolph, 2013/10/28 21:08:53]

Done.

+
+  // bad exponent, larger than unsigned long
+  unsigned exponent_length = sizeof(unsigned long) + 1;
+  const std::vector<uint8> long_exponent(exponent_length, 0x01);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 long_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+
+  // bad exponent, empty
+  const std::vector<uint8> empty_exponent;
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 empty_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+
+  // bad exponent, all zeros
+  std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+
+  // good exponent with leading zeros
+  exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
+                                     public_exponent.begin(),
+                                     public_exponent.end());
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+  EXPECT_TRUE(public_key_handle);
+  EXPECT_TRUE(private_key_handle);
+
+  // happy WebCryptoAlgorithmIdRsaOaep
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaOaep,
+                                 modulus_length,
+                                 public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+  EXPECT_TRUE(public_key_handle);
+  EXPECT_TRUE(private_key_handle);
+
+  // happy WebCryptoAlgorithmIdRsaSsaPkcs1v1_5
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                 modulus_length,
+                                 public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, &public_key_handle, &private_key_handle));
+  EXPECT_TRUE(public_key_handle);
+  EXPECT_TRUE(private_key_handle);
+}
+
+#endif // #if !defined(USE_OPENSSL)
+
 }  // namespace content