| Index: content/child/webcrypto/shared_crypto_unittest.cc
|
| diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc
|
| index ea2c624b62ecded08856a059dd1712c06acf1614..bb581123a2c0fd1d9432933f0bc8d459fafcbe94 100644
|
| --- a/content/child/webcrypto/shared_crypto_unittest.cc
|
| +++ b/content/child/webcrypto/shared_crypto_unittest.cc
|
| @@ -2,8 +2,6 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "content/child/webcrypto/shared_crypto.h"
|
| -
|
| #include <algorithm>
|
| #include <string>
|
| #include <vector>
|
| @@ -18,6 +16,7 @@
|
| #include "base/strings/string_number_conversions.h"
|
| #include "base/strings/string_util.h"
|
| #include "base/strings/stringprintf.h"
|
| +#include "content/child/webcrypto/algorithm_dispatch.h"
|
| #include "content/child/webcrypto/crypto_data.h"
|
| #include "content/child/webcrypto/status.h"
|
| #include "content/child/webcrypto/webcrypto_util.h"
|
| @@ -33,6 +32,7 @@
|
| #include <nss.h>
|
| #include <pk11pub.h>
|
|
|
| +#include "crypto/nss_util.h"
|
| #include "crypto/scoped_nss_types.h"
|
| #endif
|
|
|
| @@ -122,6 +122,7 @@ bool SupportsRsaOaep() {
|
| #if defined(USE_OPENSSL)
|
| return false;
|
| #else
|
| + crypto::EnsureNSSInit();
|
| // TODO(eroman): Exclude version test for OS_CHROMEOS
|
| #if defined(USE_NSS)
|
| if (!NSS_VersionCheck("3.16.2"))
|
| @@ -135,6 +136,7 @@ bool SupportsRsaOaep() {
|
| bool SupportsRsaKeyImport() {
|
| // TODO(eroman): Exclude version test for OS_CHROMEOS
|
| #if defined(USE_NSS)
|
| + crypto::EnsureNSSInit();
|
| if (!NSS_VersionCheck("3.16.2")) {
|
| LOG(WARNING) << "RSA key import is not supported by this version of NSS. "
|
| "Skipping some tests";
|
| @@ -445,9 +447,8 @@ const char* const kPublicKeyModulusHex =
|
| "6B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137";
|
| const char* const kPublicKeyExponentHex = "010001";
|
|
|
| +// TODO(eroman): Remove unnecessary test fixture.
|
| class SharedCryptoTest : public testing::Test {
|
| - protected:
|
| - virtual void SetUp() OVERRIDE { Init(); }
|
| };
|
|
|
| blink::WebCryptoKey ImportSecretKeyFromRaw(
|
| @@ -890,41 +891,39 @@ TEST_F(SharedCryptoTest, HMACSampleSets) {
|
|
|
| bool signature_match = false;
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - key,
|
| - CryptoData(output),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + key,
|
| + CryptoData(output),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_TRUE(signature_match);
|
|
|
| // Ensure truncated signature does not verify by passing one less byte.
|
| - EXPECT_EQ(
|
| - Status::Success(),
|
| - VerifySignature(algorithm,
|
| - key,
|
| - CryptoData(Uint8VectorStart(output), output.size() - 1),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + EXPECT_EQ(Status::Success(),
|
| + Verify(algorithm,
|
| + key,
|
| + CryptoData(Uint8VectorStart(output), output.size() - 1),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure truncated signature does not verify by passing no bytes.
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - key,
|
| - CryptoData(),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + key,
|
| + CryptoData(),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure extra long signature does not cause issues and fails.
|
| const unsigned char kLongSignature[1024] = {0};
|
| - EXPECT_EQ(
|
| - Status::Success(),
|
| - VerifySignature(algorithm,
|
| - key,
|
| - CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| - CryptoData(test_message),
|
| - &signature_match));
|
| + EXPECT_EQ(Status::Success(),
|
| + Verify(algorithm,
|
| + key,
|
| + CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| + CryptoData(test_message),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
| }
|
| }
|
| @@ -1009,12 +1008,23 @@ TEST_F(SharedCryptoTest, AesCbcFailures) {
|
|
|
| // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
|
| // keys).
|
| - EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
|
| + EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
|
| ExportKey(blink::WebCryptoKeyFormatSpki, key, &output));
|
| - EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
|
| + EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
|
| ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output));
|
| }
|
|
|
| +TEST_F(SharedCryptoTest, ImportAesCbcSpkiFailure) {
|
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| + ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
|
| + ImportKey(blink::WebCryptoKeyFormatSpki,
|
| + CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + true,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| +}
|
| +
|
| TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) {
|
| scoped_ptr<base::ListValue> tests;
|
| ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
|
| @@ -1367,15 +1377,15 @@ TEST_F(SharedCryptoTest, ImportJwkFailures) {
|
| ImportKeyJwk(
|
| CryptoData(bad_json_vec), algorithm, false, usage_mask, &key));
|
|
|
| - // Fail on JWK alg present but unrecognized.
|
| + // Fail on JWK alg present but incorrect (expecting A128CBC).
|
| dict.SetString("alg", "A127CBC");
|
| - EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(),
|
| + EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
|
| ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| // Fail on invalid kty.
|
| dict.SetString("kty", "foo");
|
| - EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(),
|
| + EXPECT_EQ(Status::ErrorJwkUnexpectedKty("oct"),
|
| ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
|
| RestoreJwkOctDictionary(&dict);
|
|
|
| @@ -1734,7 +1744,19 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
|
|
|
| // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
|
| // (HMAC SHA256).
|
| - EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
|
| + dict.Clear();
|
| + dict.SetString("kty", "oct");
|
| + dict.SetString("alg", "HS256");
|
| + dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
|
| + EXPECT_EQ(
|
| + Status::ErrorJwkAlgorithmInconsistent(),
|
| + ImportKeyJwkFromDict(dict,
|
| + CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| + extractable,
|
| + blink::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| + // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
|
| + EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
|
| ImportKeyJwk(CryptoData(json_vec),
|
| CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| extractable,
|
| @@ -2037,7 +2059,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
|
| &key));
|
|
|
| // Failing case: Import RSA key but provide an inconsistent input algorithm.
|
| - EXPECT_EQ(Status::DataError(),
|
| + EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
|
| ImportKey(blink::WebCryptoKeyFormatSpki,
|
| CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)),
|
| CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| @@ -2054,7 +2076,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportSpki)) {
|
|
|
| // Failing case: Try to export a previously imported RSA public key in raw
|
| // format (not allowed for a public key).
|
| - EXPECT_EQ(Status::ErrorUnexpectedKeyType(),
|
| + EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(),
|
| ExportKey(blink::WebCryptoKeyFormatRaw, key, &output));
|
|
|
| // Failing case: Try to export a non-extractable key
|
| @@ -2137,7 +2159,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportExportPkcs8)) {
|
| // and usage. Several issues here:
|
| // * AES-CBC doesn't support PKCS8 key format
|
| // * AES-CBC doesn't support "sign" usage
|
| - EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
|
| + EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(),
|
| ImportKey(blink::WebCryptoKeyFormatPkcs8,
|
| CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)),
|
| CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
|
| @@ -2697,33 +2719,33 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| Sign(algorithm, private_key, CryptoData(data), &signature));
|
|
|
| // Ensure truncated signature does not verify by passing one less byte.
|
| - EXPECT_EQ(Status::Success(),
|
| - VerifySignature(
|
| - algorithm,
|
| - public_key,
|
| - CryptoData(Uint8VectorStart(signature), signature.size() - 1),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + EXPECT_EQ(
|
| + Status::Success(),
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(Uint8VectorStart(signature), signature.size() - 1),
|
| + CryptoData(data),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure truncated signature does not verify by passing no bytes.
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - public_key,
|
| - CryptoData(),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(),
|
| + CryptoData(data),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure corrupted signature does not verify.
|
| std::vector<uint8> corrupt_sig = signature;
|
| corrupt_sig[corrupt_sig.size() / 2] ^= 0x1;
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - public_key,
|
| - CryptoData(corrupt_sig),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(corrupt_sig),
|
| + CryptoData(data),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure signatures that are greater than the modulus size fail.
|
| @@ -2731,11 +2753,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8);
|
| const unsigned char kLongSignature[long_message_size_bytes] = {0};
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - public_key,
|
| - CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(kLongSignature, sizeof(kLongSignature)),
|
| + CryptoData(data),
|
| + &signature_match));
|
| EXPECT_FALSE(signature_match);
|
|
|
| // Ensure that signing and verifying with an incompatible algorithm fails.
|
| @@ -2744,11 +2766,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
| EXPECT_EQ(Status::ErrorUnexpected(),
|
| Sign(algorithm, private_key, CryptoData(data), &signature));
|
| EXPECT_EQ(Status::ErrorUnexpected(),
|
| - VerifySignature(algorithm,
|
| - public_key,
|
| - CryptoData(signature),
|
| - CryptoData(data),
|
| - &signature_match));
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(signature),
|
| + CryptoData(data),
|
| + &signature_match));
|
|
|
| // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash
|
| // based solely on the contents of the input signature data. In the Web Crypto
|
| @@ -2789,12 +2811,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSsaSignVerifyFailures)) {
|
|
|
| bool is_match;
|
| EXPECT_EQ(Status::Success(),
|
| - VerifySignature(
|
| - CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
|
| - public_key_256,
|
| - CryptoData(signature),
|
| - CryptoData(data),
|
| - &is_match));
|
| + Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5),
|
| + public_key_256,
|
| + CryptoData(signature),
|
| + CryptoData(data),
|
| + &is_match));
|
| EXPECT_FALSE(is_match);
|
| }
|
|
|
| @@ -2845,11 +2866,11 @@ TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) {
|
|
|
| bool is_match = false;
|
| ASSERT_EQ(Status::Success(),
|
| - VerifySignature(algorithm,
|
| - public_key,
|
| - CryptoData(test_signature),
|
| - CryptoData(test_message),
|
| - &is_match));
|
| + Verify(algorithm,
|
| + public_key,
|
| + CryptoData(test_signature),
|
| + CryptoData(test_message),
|
| + &is_match));
|
| EXPECT_TRUE(is_match);
|
| }
|
| }
|
| @@ -3083,11 +3104,11 @@ TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyUnwrapSignVerifyHmac)) {
|
|
|
| bool verify_result;
|
| ASSERT_EQ(Status::Success(),
|
| - VerifySignature(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
|
| - key,
|
| - CryptoData(signature),
|
| - CryptoData(test_message),
|
| - &verify_result));
|
| + Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac),
|
| + key,
|
| + CryptoData(signature),
|
| + CryptoData(test_message),
|
| + &verify_result));
|
| }
|
|
|
| TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) {
|
| @@ -3430,8 +3451,6 @@ TEST_F(SharedCryptoTest, MAYBE(UnwrapAesCbc192)) {
|
|
|
| class SharedCryptoRsaOaepTest : public ::testing::Test {
|
| public:
|
| - SharedCryptoRsaOaepTest() { Init(); }
|
| -
|
| scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() {
|
| scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue());
|
| jwk->SetString("kty", "RSA");
|
| @@ -3533,7 +3552,7 @@ TEST_F(SharedCryptoRsaOaepTest, ImportPublicJwkWithMismatchedTypeFails) {
|
| jwk->SetString("alg", "RSA-OAEP");
|
|
|
| blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull();
|
| - ASSERT_EQ(Status::ErrorJwkPropertyMissing("k"),
|
| + ASSERT_EQ(Status::ErrorJwkUnexpectedKty("RSA"),
|
| ImportKeyJwkFromDict(*jwk.get(),
|
| CreateRsaHashedImportAlgorithm(
|
| blink::WebCryptoAlgorithmIdRsaOaep,
|
|
|
Chromium Code Reviews
