[webcrypto] Add RSA key generation using NSS.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "webcrypto_impl.h"
 
 #include "base/basictypes.h"
 #include "base/logging.h"
 #include "base/memory/ref_counted.h"
 #include "base/strings/string_number_conversions.h"
 #include "content/public/renderer/content_renderer_client.h"
 #include "content/renderer/renderer_webkitplatformsupport_impl.h"
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+#include "third_party/WebKit/public/platform/WebCryptoKey.h"
 
 namespace {
 
 std::vector<uint8> HexStringToBytes(const std::string& hex) {
   std::vector<uint8> bytes;
   base::HexStringToBytes(hex, &bytes);
   return bytes;
 }
 
 void ExpectArrayBufferMatchesHex(const std::string& expected_hex,
@@ skipping 42 matching lines @@
       new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size()));
 }
 
 WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
     unsigned short key_length_bits) {
   return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
       WebKit::WebCryptoAlgorithmIdAesCbc,
       new WebKit::WebCryptoAesKeyGenParams(key_length_bits));
 }
 
+WebKit::WebCryptoAlgorithm CreateRsaAlgorithm(
+    WebKit::WebCryptoAlgorithmId algorithm_id,
+    unsigned modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep);
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+      new WebKit::WebCryptoRsaKeyGenParams(
+          modulus_length, Start(public_exponent), public_exponent.size()));
+}
+
 }  // namespace
 
 namespace content {
 
 class WebCryptoImplTest : public testing::Test {
  protected:
   WebKit::WebCryptoKey ImportSecretKeyFromRawHexString(
       const std::string& key_hex,
       const WebKit::WebCryptoAlgorithm& algorithm,
       WebKit::WebCryptoKeyUsageMask usage) {
@@ skipping 25 matching lines @@
   }
 
   bool GenerateKeyInternal(
       const WebKit::WebCryptoAlgorithm& algorithm,
       WebKit::WebCryptoKey* key) {
     bool extractable = true;
     WebKit::WebCryptoKeyUsageMask usage_mask = 0;
     return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key);
   }
 
+  bool GenerateKeyPairInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      bool extractable,
+      WebKit::WebCryptoKeyUsageMask usage_mask,
+      WebKit::WebCryptoKey* public_key,
+      WebKit::WebCryptoKey* private_key) {
+    return crypto_.GenerateKeyPairInternal(
+        algorithm, extractable, usage_mask, public_key, private_key);
+  }
+
   bool ImportKeyInternal(
       WebKit::WebCryptoKeyFormat format,
       const std::vector<uint8>& key_data,
       const WebKit::WebCryptoAlgorithm& algorithm,
       WebKit::WebCryptoKeyUsageMask usage_mask,
       WebKit::WebCryptoKey* key) {
     bool extractable = true;
     return crypto_.ImportKeyInternal(format,
                                      Start(key_data),
                                      key_data.size(),
@@ skipping 517 matching lines @@
 
   // This fails because the algorithm is null.
   EXPECT_FALSE(ImportKeyInternal(
       WebKit::WebCryptoKeyFormatRaw,
       HexStringToBytes("00000000000000000000"),
       WebKit::WebCryptoAlgorithm::createNull(),
       WebKit::WebCryptoKeyUsageSign,
       &key));
 }
 
+#if !defined(USE_OPENSSL)
+
+TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
+
+  // Note: using unrealistic short key lengths here to avoid bogging down tests.
+
+  // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
+  const unsigned modulus_length = 256;
+  const std::vector<uint8> public_exponent = HexStringToBytes("010001");
+  WebKit::WebCryptoAlgorithm algorithm =
+      CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                         modulus_length,
+                         public_exponent);
+  const bool extractable = false;
+  const WebKit::WebCryptoKeyUsageMask usage_mask = 0;
+  WebKit::WebCryptoKey public_key = WebCryptoImpl::NullKey();

[eroman, 2013/11/01 21:07:26]

Can you use WebCryptoKey::createNull() throughout? Thanks!

[padolph, 2013/11/01 21:21:35]

Done.

+  WebKit::WebCryptoKey private_key = WebCryptoImpl::NullKey();
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, public_key.type());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type());
+  EXPECT_EQ(extractable, public_key.extractable());
+  EXPECT_EQ(extractable, private_key.extractable());
+  EXPECT_EQ(usage_mask, public_key.usages());
+  EXPECT_EQ(usage_mask, private_key.usages());
+
+  // Fail with bad modulus.
+  algorithm = CreateRsaAlgorithm(
+      WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: larger than unsigned long.
+  unsigned exponent_length = sizeof(unsigned long) + 1;
+  const std::vector<uint8> long_exponent(exponent_length, 0x01);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 long_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: empty.
+  const std::vector<uint8> empty_exponent;
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 empty_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: all zeros.
+  std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Key generation success using exponent with leading zeros.
+  exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
+                                     public_exponent.begin(),
+                                     public_exponent.end());
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());

[eroman, 2013/11/01 21:07:26]

Or alternately, EXPECT_FALSE(public_key.isNull());

[padolph, 2013/11/01 21:21:35]

Done.

+  EXPECT_TRUE(!private_key.isNull());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, public_key.type());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type());
+  EXPECT_EQ(extractable, public_key.extractable());
+  EXPECT_EQ(extractable, private_key.extractable());
+  EXPECT_EQ(usage_mask, public_key.usages());
+  EXPECT_EQ(usage_mask, private_key.usages());
+
+  // Successful WebCryptoAlgorithmIdRsaOaep key generation.
+  algorithm = CreateRsaAlgorithm(
+      WebKit::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, public_key.type());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type());
+  EXPECT_EQ(extractable, public_key.extractable());
+  EXPECT_EQ(extractable, private_key.extractable());
+  EXPECT_EQ(usage_mask, public_key.usages());
+  EXPECT_EQ(usage_mask, private_key.usages());
+
+  // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                 modulus_length,
+                                 public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, public_key.type());
+  EXPECT_EQ(WebKit::WebCryptoKeyTypePrivate, private_key.type());
+  EXPECT_EQ(extractable, public_key.extractable());
+  EXPECT_EQ(extractable, private_key.extractable());
+  EXPECT_EQ(usage_mask, public_key.usages());
+  EXPECT_EQ(usage_mask, private_key.usages());
+}
+
+#endif  // #if !defined(USE_OPENSSL)
+
 }  // namespace content