[webcrypto] Add RSA key generation using NSS.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc
diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
index 99d71ea395b3df2c06b78aa9528994568fd86178..c2c093379ce7286e1f60e32d8d96f900850cc7b8 100644
--- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc
+++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
@@ -15,6 +15,7 @@
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+#include "third_party/WebKit/public/platform/WebCryptoKey.h"
 
 namespace {
 
@@ -77,6 +78,19 @@ WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(
       new WebKit::WebCryptoAesKeyGenParams(key_length_bits));
 }
 
+WebKit::WebCryptoAlgorithm CreateRsaAlgorithm(
+    WebKit::WebCryptoAlgorithmId algorithm_id,
+    unsigned modulus_length,
+    const std::vector<uint8>& public_exponent) {
+  DCHECK(algorithm_id == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == WebKit::WebCryptoAlgorithmIdRsaOaep);
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id,
+      new WebKit::WebCryptoRsaKeyGenParams(
+          modulus_length, Start(public_exponent), public_exponent.size()));
+}
+
 }  // namespace
 
 namespace content {
@@ -122,6 +136,16 @@ class WebCryptoImplTest : public testing::Test {
     return crypto_.GenerateKeyInternal(algorithm, extractable, usage_mask, key);
   }
 
+  bool GenerateKeyPairInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      bool extractable,
+      WebKit::WebCryptoKeyUsageMask usage_mask,
+      WebKit::WebCryptoKey* public_key,
+      WebKit::WebCryptoKey* private_key) {
+    return crypto_.GenerateKeyPairInternal(
+        algorithm, extractable, usage_mask, public_key, private_key);
+  }
+
   bool ImportKeyInternal(
       WebKit::WebCryptoKeyFormat format,
       const std::vector<uint8>& key_data,
@@ -659,4 +683,93 @@ TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) {
       &key));
 }
 
+#if !defined(USE_OPENSSL)
+
+TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
+
+  // Note: using unrealistic short key lengths here to avoid bogging down tests.
+
+  // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation.
+  const unsigned modulus_length = 256;
+  const std::vector<uint8> public_exponent = HexStringToBytes("010001");
+  WebKit::WebCryptoAlgorithm algorithm =
+      CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                         modulus_length,
+                         public_exponent);
+  bool extractable = false;
+  WebKit::WebCryptoKeyUsageMask usage_mask = 0;
+  WebKit::WebCryptoKey public_key = WebCryptoImpl::NullKey();
+  WebKit::WebCryptoKey private_key = WebCryptoImpl::NullKey();
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  // TODO(padolph): check key.extractable and key.usage_mask

[eroman, 2013/10/31 22:18:36]

Any reason not to do that as part of this changelist?

[padolph, 2013/11/01 20:35:31]

Oops, meant to. Thanks.

+
+  // Fail with bad modulus.
+  algorithm = CreateRsaAlgorithm(
+      WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: larger than unsigned long.
+  unsigned exponent_length = sizeof(unsigned long) + 1;
+  const std::vector<uint8> long_exponent(exponent_length, 0x01);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 long_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: empty.
+  const std::vector<uint8> empty_exponent;
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 empty_exponent);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Fail with bad exponent: all zeros.
+  std::vector<uint8> exponent_with_leading_zeros(15, 0x00);
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_FALSE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+
+  // Key generation success using exponent with leading zeros.
+  exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(),
+                                     public_exponent.begin(),
+                                     public_exponent.end());
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
+                                 modulus_length,
+                                 exponent_with_leading_zeros);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  // TODO(padolph): check key.extractable and key.usage_mask

[eroman, 2013/10/31 22:18:36]

same question throughout. I guess in some sense the DCHECK()s in
webcrypto_impl.cc are also exercising this.

[padolph, 2013/11/01 20:35:31]

Those TODO's were to remind me to add these after the rebase. I'll get these in.

+
+  // Successful WebCryptoAlgorithmIdRsaOaep key generation.
+  algorithm = CreateRsaAlgorithm(
+      WebKit::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  // TODO(padolph): check key.extractable and key.usage_mask
+
+  // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation.
+  algorithm = CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                 modulus_length,
+                                 public_exponent);
+  EXPECT_TRUE(GenerateKeyPairInternal(
+      algorithm, extractable, usage_mask, &public_key, &private_key));
+  EXPECT_TRUE(!public_key.isNull());
+  EXPECT_TRUE(!private_key.isNull());
+  // TODO(padolph): check key.extractable and key.usage_mask
+}
+
+#endif  // #if !defined(USE_OPENSSL)
+
 }  // namespace content