Chromium Code Reviews Chromium Code Reviews
Issue 34583010:
[webcrypto] Add RSA key generation using NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "webcrypto_impl.h" | 5 #include "webcrypto_impl.h" |
| 6 | 6 |
| 7 #include "base/basictypes.h" | 7 #include "base/basictypes.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/memory/ref_counted.h" | 9 #include "base/memory/ref_counted.h" |
| 10 #include "base/strings/string_number_conversions.h" | 10 #include "base/strings/string_number_conversions.h" |
| 11 #include "content/public/renderer/content_renderer_client.h" | 11 #include "content/public/renderer/content_renderer_client.h" |
| 12 #include "content/renderer/renderer_webkitplatformsupport_impl.h" | 12 #include "content/renderer/renderer_webkitplatformsupport_impl.h" |
| 13 #include "content/renderer/webcrypto/webcrypto_impl.h" | 13 #include "content/renderer/webcrypto/webcrypto_impl.h" |
| 14 #include "testing/gtest/include/gtest/gtest.h" | 14 #include "testing/gtest/include/gtest/gtest.h" |
| 15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 15 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 18 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | |
| 18 | 19 |
| 19 namespace { | 20 namespace { |
| 20 | 21 |
| 21 std::vector<uint8> HexStringToBytes(const std::string& hex) { | 22 std::vector<uint8> HexStringToBytes(const std::string& hex) { |
| 22 std::vector<uint8> bytes; | 23 std::vector<uint8> bytes; |
| 23 base::HexStringToBytes(hex, &bytes); | 24 base::HexStringToBytes(hex, &bytes); |
| 24 return bytes; | 25 return bytes; |
| 25 } | 26 } |
| 26 | 27 |
| 27 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, | 28 void ExpectArrayBufferMatchesHex(const std::string& expected_hex, |
| (...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 70 new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size())); | 71 new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size())); |
| 71 } | 72 } |
| 72 | 73 |
| 73 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 74 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
| 74 unsigned short key_length_bits) { | 75 unsigned short key_length_bits) { |
| 75 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 76 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 76 WebKit::WebCryptoAlgorithmIdAesCbc, | 77 WebKit::WebCryptoAlgorithmIdAesCbc, |
| 77 new WebKit::WebCryptoAesKeyGenParams(key_length_bits)); | 78 new WebKit::WebCryptoAesKeyGenParams(key_length_bits)); |
| 78 } | 79 } |
| 79 | 80 |
| 81 WebKit::WebCryptoAlgorithm CreateRsaAlgorithm( | |
| 82 WebKit::WebCryptoAlgorithmId algorithm_id, | |
| 83 unsigned modulus_length, | |
| 84 const std::vector<uint8>& public_exponent) { | |
| 85 DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | |
| 86 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
| 87 algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep); | |
| 88 return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | |
| 89 algorithm_id, | |
| 90 new WebKit::WebCryptoRsaKeyGenParams( | |
| 91 modulus_length, Start(public_exponent), public_exponent.size())); | |
| 92 } | |
| 93 | |
| 80 } // namespace | 94 } // namespace |
| 81 | 95 |
| 82 namespace content { | 96 namespace content { |
| 83 | 97 |
| 84 class WebCryptoImplTest : public testing::Test { | 98 class WebCryptoImplTest : public testing::Test { |
| 85 protected: | 99 protected: |
| 86 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( | 100 WebKit::WebCryptoKey ImportSecretKeyFromRawHexString( |
| 87 const std::string& key_hex, | 101 const std::string& key_hex, |
| 88 const WebKit::WebCryptoAlgorithm& algorithm, | 102 const WebKit::WebCryptoAlgorithm& algorithm, |
| 89 WebKit::WebCryptoKeyUsageMask usage) { | 103 WebKit::WebCryptoKeyUsageMask usage) { |
| (...skipping 25 matching lines...) Expand all Loading... | |
| 115 } | 129 } |
| 116 | 130 |
| 117 bool GenerateKeyInternal( | 131 bool GenerateKeyInternal( |
| 118 const WebKit::WebCryptoAlgorithm& algorithm, | 132 const WebKit::WebCryptoAlgorithm& algorithm, |
| 119 WebKit::WebCryptoKey* key) { | 133 WebKit::WebCryptoKey* key) { |
| 120 bool extractable = true; | 134 bool extractable = true; |
| 121 WebKit::WebCryptoKeyUsageMask usage_mask = 0; | 135 WebKit::WebCryptoKeyUsageMask usage_mask = 0; |
| 122 return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key); | 136 return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key); |
| 123 } | 137 } |
| 124 | 138 |
| 139 bool GenerateKeyPairInternal( | |
| 140 const WebKit::WebCryptoAlgorithm& algorithm, | |
| 141 bool extractable, | |
| 142 WebKit::WebCryptoKeyUsageMask usage_mask, | |
| 143 WebKit::WebCryptoKey* public_key, | |
| 144 WebKit::WebCryptoKey* private_key) { | |
| 145 return crypto_.GenerateKeyPairInternal( | |
| 146 algorithm, extractable, usage_mask, public_key, private_key); | |
| 147 } | |
| 148 | |
| 125 bool ImportKeyInternal( | 149 bool ImportKeyInternal( |
| 126 WebKit::WebCryptoKeyFormat format, | 150 WebKit::WebCryptoKeyFormat format, |
| 127 const std::vector<uint8>& key_data, | 151 const std::vector<uint8>& key_data, |
| 128 const WebKit::WebCryptoAlgorithm& algorithm, | 152 const WebKit::WebCryptoAlgorithm& algorithm, |
| 129 WebKit::WebCryptoKeyUsageMask usage_mask, | 153 WebKit::WebCryptoKeyUsageMask usage_mask, |
| 130 WebKit::WebCryptoKey* key) { | 154 WebKit::WebCryptoKey* key) { |
| 131 bool extractable = true; | 155 bool extractable = true; |
| 132 return crypto_.ImportKeyInternal(format, | 156 return crypto_.ImportKeyInternal(format, |
| 133 Start(key_data), | 157 Start(key_data), |
| 134 key_data.size(), | 158 key_data.size(), |
| (...skipping 517 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 652 | 676 |
| 653 // This fails because the algorithm is null. | 677 // This fails because the algorithm is null. |
| 654 EXPECT_FALSE(ImportKeyInternal( | 678 EXPECT_FALSE(ImportKeyInternal( |
| 655 WebKit::WebCryptoKeyFormatRaw, | 679 WebKit::WebCryptoKeyFormatRaw, |
| 656 HexStringToBytes("00000000000000000000"), | 680 HexStringToBytes("00000000000000000000"), |
| 657 WebKit::WebCryptoAlgorithm::createNull(), | 681 WebKit::WebCryptoAlgorithm::createNull(), |
| 658 WebKit::WebCryptoKeyUsageSign, | 682 WebKit::WebCryptoKeyUsageSign, |
| 659 &key)); | 683 &key)); |
| 660 } | 684 } |
| 661 | 685 |
| 686 #if !defined(USE_OPENSSL) | |
| 687 | |
| 688 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { | |
| 689 | |
| 690 // Note: using unrealistic short key lengths here to avoid bogging down tests. | |
| 691 | |
| 692 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | |
| 693 const unsigned modulus_length = 256; | |
| 694 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | |
| 695 WebKit::WebCryptoAlgorithm algorithm = | |
| 696 CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
| 697 modulus_length, | |
| 698 public_exponent); | |
| 699 bool extractable = false; | |
| 700 WebKit::WebCryptoKeyUsageMask usage_mask = 0; | |
| 701 WebKit::WebCryptoKey public_key = WebCryptoImpl::NullKey(); | |
| 702 WebKit::WebCryptoKey private_key = WebCryptoImpl::NullKey(); | |
| 703 EXPECT_TRUE(GenerateKeyPairInternal( | |
| 704 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 705 EXPECT_TRUE(!public_key.isNull()); | |
| 706 EXPECT_TRUE(!private_key.isNull()); | |
| 707 // TODO(padolph): check key.extractable and key.usage_mask | |
|
eroman
2013/10/31 22:18:36
Any reason not to do that as part of this changeli
padolph
2013/11/01 20:35:31
Oops, meant to. Thanks.
| |
| 708 | |
| 709 // Fail with bad modulus. | |
| 710 algorithm = CreateRsaAlgorithm( | |
| 711 WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | |
| 712 EXPECT_FALSE(GenerateKeyPairInternal( | |
| 713 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 714 | |
| 715 // Fail with bad exponent: larger than unsigned long. | |
| 716 unsigned exponent_length = sizeof(unsigned long) + 1; | |
| 717 const std::vector<uint8> long_exponent(exponent_length, 0x01); | |
| 718 algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
| 719 modulus_length, | |
| 720 long_exponent); | |
| 721 EXPECT_FALSE(GenerateKeyPairInternal( | |
| 722 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 723 | |
| 724 // Fail with bad exponent: empty. | |
| 725 const std::vector<uint8> empty_exponent; | |
| 726 algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
| 727 modulus_length, | |
| 728 empty_exponent); | |
| 729 EXPECT_FALSE(GenerateKeyPairInternal( | |
| 730 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 731 | |
| 732 // Fail with bad exponent: all zeros. | |
| 733 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | |
| 734 algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
| 735 modulus_length, | |
| 736 exponent_with_leading_zeros); | |
| 737 EXPECT_FALSE(GenerateKeyPairInternal( | |
| 738 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 739 | |
| 740 // Key generation success using exponent with leading zeros. | |
| 741 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | |
| 742 public_exponent.begin(), | |
| 743 public_exponent.end()); | |
| 744 algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
| 745 modulus_length, | |
| 746 exponent_with_leading_zeros); | |
| 747 EXPECT_TRUE(GenerateKeyPairInternal( | |
| 748 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 749 EXPECT_TRUE(!public_key.isNull()); | |
| 750 EXPECT_TRUE(!private_key.isNull()); | |
| 751 // TODO(padolph): check key.extractable and key.usage_mask | |
|
eroman
2013/10/31 22:18:36
same question throughout. I guess in some sense th
padolph
2013/11/01 20:35:31
Those TODO's were to remind me to add these after
| |
| 752 | |
| 753 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | |
| 754 algorithm = CreateRsaAlgorithm( | |
| 755 WebKit::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | |
| 756 EXPECT_TRUE(GenerateKeyPairInternal( | |
| 757 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 758 EXPECT_TRUE(!public_key.isNull()); | |
| 759 EXPECT_TRUE(!private_key.isNull()); | |
| 760 // TODO(padolph): check key.extractable and key.usage_mask | |
| 761 | |
| 762 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | |
| 763 algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 764 modulus_length, | |
| 765 public_exponent); | |
| 766 EXPECT_TRUE(GenerateKeyPairInternal( | |
| 767 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 768 EXPECT_TRUE(!public_key.isNull()); | |
| 769 EXPECT_TRUE(!private_key.isNull()); | |
| 770 // TODO(padolph): check key.extractable and key.usage_mask | |
| 771 } | |
| 772 | |
| 773 #endif // #if !defined(USE_OPENSSL) | |
| 774 | |
| 662 } // namespace content | 775 } // namespace content |
| OLD | NEW |
