| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <algorithm> | 5 #include <algorithm> |
| 6 #include <string> | 6 #include <string> |
| 7 #include <vector> | 7 #include <vector> |
| 8 | 8 |
| 9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
| 10 #include "base/file_util.h" | 10 #include "base/file_util.h" |
| (...skipping 2506 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2517 EXPECT_EQ(modulus_length, | 2517 EXPECT_EQ(modulus_length, |
| 2518 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 2518 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 2519 } | 2519 } |
| 2520 | 2520 |
| 2521 // Fail with bad modulus. | 2521 // Fail with bad modulus. |
| 2522 algorithm = | 2522 algorithm = |
| 2523 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2523 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2524 blink::WebCryptoAlgorithmIdSha256, | 2524 blink::WebCryptoAlgorithmIdSha256, |
| 2525 0, | 2525 0, |
| 2526 public_exponent); | 2526 public_exponent); |
| 2527 EXPECT_EQ(Status::ErrorGenerateRsaZeroModulus(), | 2527 EXPECT_EQ(Status::ErrorGenerateRsaUnsupportedModulus(), |
| 2528 GenerateKeyPair( | 2528 GenerateKeyPair( |
| 2529 algorithm, extractable, usage_mask, &public_key, &private_key)); | 2529 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 2530 | 2530 |
| 2531 // Fail with bad exponent: larger than unsigned long. | 2531 // Fail with bad exponent: larger than unsigned long. |
| 2532 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT | 2532 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT |
| 2533 const std::vector<uint8_t> long_exponent(exponent_length, 0x01); | 2533 const std::vector<uint8_t> long_exponent(exponent_length, 0x01); |
| 2534 algorithm = | 2534 algorithm = |
| 2535 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2535 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2536 blink::WebCryptoAlgorithmIdSha256, | 2536 blink::WebCryptoAlgorithmIdSha256, |
| 2537 modulus_length, | 2537 modulus_length, |
| (...skipping 82 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2620 // Re-generate an extractable private_key and try to export it as SPKI format. | 2620 // Re-generate an extractable private_key and try to export it as SPKI format. |
| 2621 // This should fail since spki is for public keys. | 2621 // This should fail since spki is for public keys. |
| 2622 EXPECT_EQ( | 2622 EXPECT_EQ( |
| 2623 Status::Success(), | 2623 Status::Success(), |
| 2624 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); | 2624 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); |
| 2625 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 2625 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 2626 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 2626 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 2627 } | 2627 } |
| 2628 | 2628 |
| 2629 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsaBadModulusLength)) { | 2629 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsaBadModulusLength)) { |
| 2630 const unsigned int kBadModulus[] = { | 2630 const unsigned int kBadModulusBits[] = { |
| 2631 0, | 2631 0, |
| 2632 255, // Not a multiple of 8. | 2632 248, // Too small. |
| 2633 257, // Not a multiple of 8. |
| 2633 1023, // Not a multiple of 8. | 2634 1023, // Not a multiple of 8. |
| 2634 0xFFFFFFFF, // Cannot fit in a signed int. | 2635 0xFFFFFFFF, // Too big. |
| 2635 16384 + 8, // 16384 is the maxmimum length that NSS succeeds for. | 2636 16384 + 8, // 16384 is the maxmimum length that NSS succeeds for. |
| 2636 }; | 2637 }; |
| 2637 | 2638 |
| 2638 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | 2639 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); |
| 2639 | 2640 |
| 2640 for (size_t i = 0; i < arraysize(kBadModulus); ++i) { | 2641 for (size_t i = 0; i < arraysize(kBadModulusBits); ++i) { |
| 2641 const unsigned int modulus_length = kBadModulus[i]; | 2642 const unsigned int modulus_length_bits = kBadModulusBits[i]; |
| 2642 blink::WebCryptoAlgorithm algorithm = CreateRsaHashedKeyGenAlgorithm( | 2643 blink::WebCryptoAlgorithm algorithm = CreateRsaHashedKeyGenAlgorithm( |
| 2643 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2644 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2644 blink::WebCryptoAlgorithmIdSha256, | 2645 blink::WebCryptoAlgorithmIdSha256, |
| 2645 modulus_length, | 2646 modulus_length_bits, |
| 2646 public_exponent); | 2647 public_exponent); |
| 2647 bool extractable = true; | 2648 bool extractable = true; |
| 2648 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 2649 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
| 2649 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 2650 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 2650 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 2651 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 2651 | 2652 |
| 2652 EXPECT_FALSE( | 2653 EXPECT_EQ( |
| 2654 Status::ErrorGenerateRsaUnsupportedModulus(), |
| 2653 GenerateKeyPair( | 2655 GenerateKeyPair( |
| 2654 algorithm, extractable, usage_mask, &public_key, &private_key) | 2656 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 2655 .IsSuccess()); | |
| 2656 } | 2657 } |
| 2657 } | 2658 } |
| 2658 | 2659 |
| 2659 // Try generating RSA key pairs using unsupported public exponents. Only | 2660 // Try generating RSA key pairs using unsupported public exponents. Only |
| 2660 // exponents of 3 and 65537 are supported. While both OpenSSL and NSS can | 2661 // exponents of 3 and 65537 are supported. While both OpenSSL and NSS can |
| 2661 // support other values, OpenSSL hangs when given invalid exponents, so use a | 2662 // support other values, OpenSSL hangs when given invalid exponents, so use a |
| 2662 // whitelist to validate the parameters. | 2663 // whitelist to validate the parameters. |
| 2663 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsaBadExponent)) { | 2664 TEST_F(SharedCryptoTest, MAYBE(GenerateKeyPairRsaBadExponent)) { |
| 2664 const unsigned int modulus_length = 1024; | 2665 const unsigned int modulus_length = 1024; |
| 2665 | 2666 |
| (...skipping 1743 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4409 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | 4410 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); |
| 4410 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | 4411 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); |
| 4411 | 4412 |
| 4412 EXPECT_NE(public_key_spki, wrapped_public_key); | 4413 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 4413 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 4414 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 4414 } | 4415 } |
| 4415 | 4416 |
| 4416 } // namespace webcrypto | 4417 } // namespace webcrypto |
| 4417 | 4418 |
| 4418 } // namespace content | 4419 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 401233004:
Refactor RSA key generation for WebCrypto's NSS implementation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src