Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(408)

Unified Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 379383002: Refactor WebCrypto code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase onto master (no longer has BoringSSL) Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/shared_crypto_unittest.cc
diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
index ea2c624b62ecded08856a059dd1712c06acf1614..bb581123a2c0fd1d9432933f0bc8d459fafcbe94 100644
--- a/content/child/webcrypto/shared_crypto_unittest.cc
+++ b/content/child/webcrypto/shared_crypto_unittest.cc
@@ -2,8 +2,6 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "content/child/webcrypto/shared_crypto.h"
-
#include <algorithm>
#include <string>
#include <vector>
@@ -18,6 +16,7 @@
#include "base/strings/string_number_conversions.h"
#include "base/strings/string_util.h"
#include "base/strings/stringprintf.h"
+#include "content/child/webcrypto/algorithm_dispatch.h"
#include "content/child/webcrypto/crypto_data.h"
#include "content/child/webcrypto/status.h"
#include "content/child/webcrypto/webcrypto_util.h"
@@ -33,6 +32,7 @@
#include <nss.h>
#include <pk11pub.h>
+#include "crypto/nss_util.h"
#include "crypto/scoped_nss_types.h"
#endif
@@ -122,6 +122,7 @@ bool SupportsRsaOaep() {
#if defined(USE_OPENSSL)
return false;
#else
+ crypto::EnsureNSSInit();
// TODO(eroman): Exclude version test for OS_CHROMEOS
#if defined(USE_NSS)
if (!NSS_VersionCheck("3.16.2"))
@@ -135,6 +136,7 @@ bool SupportsRsaOaep() {
bool SupportsRsaKeyImport() {
// TODO(eroman): Exclude version test for OS_CHROMEOS
#if defined(USE_NSS)
+ crypto::EnsureNSSInit();
if (!NSS_VersionCheck("3.16.2")) {
LOG(WARNING) << "RSA key import is not supported by this version of NSS. "
"Skipping some tests";
@@ -445,9 +447,8 @@ const char* const kPublicKeyModulusHex =
"6B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137";
const char* const kPublicKeyExponentHex = "010001";
+// TODO(eroman): Remove unnecessary test fixture.
class SharedCryptoTest : public testing::Test {
- protected:
- virtual void SetUp() OVERRIDE { Init(); }
};
blink::WebCryptoKey ImportSecretKeyFromRaw(
@@ -890,41 +891,39 @@ TEST_F(SharedCryptoTest, HMACSampleSets) {
bool signature_match = false;
EXPECT_EQ(Status::Success(),
- VerifySignature(algorithm,
- key,
- CryptoData(output),
- CryptoData(test_message),
- &signature_match));
+ Verify(algorithm,
+ key,
+ CryptoData(output),
+ CryptoData(test_message),
+ &signature_match));
EXPECT_TRUE(signature_match);
// Ensure truncated signature does not verify by passing one less byte.
- EXPECT_EQ(
- Status::Success(),
- VerifySignature(algorithm,
- key,
- CryptoData(Uint8VectorStart(output), output.size() - 1),
- CryptoData(test_message),
- &signature_match));
+ EXPECT_EQ(Status::Success(),
+ Verify(algorithm,
+ key,
+ CryptoData(Uint8VectorStart(output), output.size() - 1),
+ CryptoData(test_message),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure truncated signature does not verify by passing no bytes.
EXPECT_EQ(Status::Success(),
- VerifySignature(algorithm,
- key,
- CryptoData(),
- CryptoData(test_message),
- &signature_match));
+ Verify(algorithm,
+ key,
+ CryptoData(),
+ CryptoData(test_message),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure extra long signature does not cause issues and fails.
const unsigned char kLongSignature[1024] = {0};
- EXPECT_EQ(
- Status::Success(),
- VerifySignature(algorithm,
- key,
- CryptoData(kLongSignature, sizeof(kLongSignature)),
- CryptoData(test_message),
- &signature_match));
+ EXPECT_EQ(Status::Success(),
+ Verify(algorithm,
+ key,
+ CryptoData(kLongSignature, sizeof(kLongSignature)),
+ CryptoData(test_message),
+ &signature_match));
EXPECT_FALSE(signature_match);
}
}
@@ -1009,12 +1008,23 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
// Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
// keys).
- EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+ EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
- EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+ EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
}
+TEST_F(SharedCryptoTest, ImportAesCbcSpkiFailure) {
+ blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+ ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
+ ImportKey(blink::WebCryptoKeyFormatSpki,
+ CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ true,
+ blink::WebCryptoKeyUsageEncrypt,
+ &key));
+}
+
TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
scoped_ptr<base::ListValue> tests;
ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
@@ -1367,15 +1377,15 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) {
ImportKeyJwk(
CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
- // Fail on JWK alg present but unrecognized.
+ // Fail on JWK alg present but incorrect (expecting A128CBC).
dict.SetString("alg", "A127CBC");
- EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(),
+ EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
RestoreJwkOctDictionary(&dict);
// Fail on invalid kty.
dict.SetString("kty", "foo");
- EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
+ EXPECT_EQ(Status::ErrorJwkUnexpectedKty("oct"),
ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
RestoreJwkOctDictionary(&dict);
@@ -1734,7 +1744,19 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
// Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
// (HMAC SHA256).
- EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
+ dict.Clear();
+ dict.SetString("kty", "oct");
+ dict.SetString("alg", "HS256");
+ dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
+ EXPECT_EQ(
+ Status::ErrorJwkAlgorithmInconsistent(),
+ ImportKeyJwkFromDict(dict,
+ CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
+ extractable,
+ blink::WebCryptoKeyUsageEncrypt,
+ &key));
+ // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
+ EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
ImportKeyJwk(CryptoData(json_vec),
CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
extractable,
@@ -2037,7 +2059,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
&key));
// Failing case: Import RSA key but provide an inconsistent input algorithm.
- EXPECT_EQ(Status::DataError(),
+ EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
ImportKey(blink::WebCryptoKeyFormatSpki,
CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
@@ -2054,7 +2076,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
// Failing case: Try to export a previously imported RSA public key in raw
// format (not allowed for a public key).
- EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
+ EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
// Failing case: Try to export a non-extractable key
@@ -2137,7 +2159,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) {
// and usage. Several issues here:
// * AES-CBC doesn't support PKCS8 key format
// * AES-CBC doesn't support "sign" usage
- EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
+ EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
ImportKey(blink::WebCryptoKeyFormatPkcs8,
CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
@@ -2697,33 +2719,33 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
Sign(algorithm, private_key, CryptoData(data), &signature));
// Ensure truncated signature does not verify by passing one less byte.
- EXPECT_EQ(Status::Success(),
- VerifySignature(
- algorithm,
- public_key,
- CryptoData(Uint8VectorStart(signature), signature.size() - 1),
- CryptoData(data),
- &signature_match));
+ EXPECT_EQ(
+ Status::Success(),
+ Verify(algorithm,
+ public_key,
+ CryptoData(Uint8VectorStart(signature), signature.size() - 1),
+ CryptoData(data),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure truncated signature does not verify by passing no bytes.
EXPECT_EQ(Status::Success(),
- VerifySignature(algorithm,
- public_key,
- CryptoData(),
- CryptoData(data),
- &signature_match));
+ Verify(algorithm,
+ public_key,
+ CryptoData(),
+ CryptoData(data),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure corrupted signature does not verify.
std::vector<uint8> corrupt_sig = signature;
corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
EXPECT_EQ(Status::Success(),
- VerifySignature(algorithm,
- public_key,
- CryptoData(corrupt_sig),
- CryptoData(data),
- &signature_match));
+ Verify(algorithm,
+ public_key,
+ CryptoData(corrupt_sig),
+ CryptoData(data),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure signatures that are greater than the modulus size fail.
@@ -2731,11 +2753,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
const unsigned char kLongSignature[long_message_size_bytes] = {0};
EXPECT_EQ(Status::Success(),
- VerifySignature(algorithm,
- public_key,
- CryptoData(kLongSignature, sizeof(kLongSignature)),
- CryptoData(data),
- &signature_match));
+ Verify(algorithm,
+ public_key,
+ CryptoData(kLongSignature, sizeof(kLongSignature)),
+ CryptoData(data),
+ &signature_match));
EXPECT_FALSE(signature_match);
// Ensure that signing and verifying with an incompatible algorithm fails.
@@ -2744,11 +2766,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
EXPECT_EQ(Status::ErrorUnexpected(),
Sign(algorithm, private_key, CryptoData(data), &signature));
EXPECT_EQ(Status::ErrorUnexpected(),
- VerifySignature(algorithm,
- public_key,
- CryptoData(signature),
- CryptoData(data),
- &signature_match));
+ Verify(algorithm,
+ public_key,
+ CryptoData(signature),
+ CryptoData(data),
+ &signature_match));
// Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
// based solely on the contents of the input signature data. In the Web Crypto
@@ -2789,12 +2811,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
bool is_match;
EXPECT_EQ(Status::Success(),
- VerifySignature(
- CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
- public_key_256,
- CryptoData(signature),
- CryptoData(data),
- &is_match));
+ Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
+ public_key_256,
+ CryptoData(signature),
+ CryptoData(data),
+ &is_match));
EXPECT_FALSE(is_match);
}
@@ -2845,11 +2866,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
bool is_match = false;
ASSERT_EQ(Status::Success(),
- VerifySignature(algorithm,
- public_key,
- CryptoData(test_signature),
- CryptoData(test_message),
- &is_match));
+ Verify(algorithm,
+ public_key,
+ CryptoData(test_signature),
+ CryptoData(test_message),
+ &is_match));
EXPECT_TRUE(is_match);
}
}
@@ -3083,11 +3104,11 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapSignVerifyHmac)) {
bool verify_result;
ASSERT_EQ(Status::Success(),
- VerifySignature(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
- key,
- CryptoData(signature),
- CryptoData(test_message),
- &verify_result));
+ Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
+ key,
+ CryptoData(signature),
+ CryptoData(test_message),
+ &verify_result));
}
TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
@@ -3430,8 +3451,6 @@ TEST_F(SharedCryptoTest, MAYBE(UnwrapAesCbc192)) {
class SharedCryptoRsaOaepTest : public ::testing::Test {
public:
- SharedCryptoRsaOaepTest() { Init(); }
-
scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() {
scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue());
jwk->SetString("kty", "RSA");
@@ -3533,7 +3552,7 @@ TEST_F(SharedCryptoRsaOaepTest, ImportPublicJwkWithMismatchedTypeFails) {
jwk->SetString("alg", "RSA-OAEP");
blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
- ASSERT_EQ(Status::ErrorJwkPropertyMissing("k"),
+ ASSERT_EQ(Status::ErrorJwkUnexpectedKty("RSA"),
ImportKeyJwkFromDict(*jwk.get(),
CreateRsaHashedImportAlgorithm(
blink::WebCryptoAlgorithmIdRsaOaep,
« no previous file with comments | « content/child/webcrypto/shared_crypto.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698