| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 |
| 5 #include <algorithm> | 7 #include <algorithm> |
| 6 #include <string> | 8 #include <string> |
| 7 #include <vector> | 9 #include <vector> |
| 8 | 10 |
| 9 #include "base/basictypes.h" | 11 #include "base/basictypes.h" |
| 10 #include "base/file_util.h" | 12 #include "base/file_util.h" |
| 11 #include "base/json/json_reader.h" | 13 #include "base/json/json_reader.h" |
| 12 #include "base/json/json_writer.h" | 14 #include "base/json/json_writer.h" |
| 13 #include "base/logging.h" | 15 #include "base/logging.h" |
| 14 #include "base/memory/ref_counted.h" | 16 #include "base/memory/ref_counted.h" |
| 15 #include "base/path_service.h" | 17 #include "base/path_service.h" |
| 16 #include "base/strings/string_number_conversions.h" | 18 #include "base/strings/string_number_conversions.h" |
| 17 #include "base/strings/string_util.h" | 19 #include "base/strings/string_util.h" |
| 18 #include "base/strings/stringprintf.h" | 20 #include "base/strings/stringprintf.h" |
| 19 #include "content/child/webcrypto/algorithm_dispatch.h" | |
| 20 #include "content/child/webcrypto/crypto_data.h" | 21 #include "content/child/webcrypto/crypto_data.h" |
| 21 #include "content/child/webcrypto/status.h" | 22 #include "content/child/webcrypto/status.h" |
| 22 #include "content/child/webcrypto/webcrypto_util.h" | 23 #include "content/child/webcrypto/webcrypto_util.h" |
| 23 #include "content/public/common/content_paths.h" | 24 #include "content/public/common/content_paths.h" |
| 24 #include "testing/gtest/include/gtest/gtest.h" | 25 #include "testing/gtest/include/gtest/gtest.h" |
| 25 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 26 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 27 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 27 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 28 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
| 28 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 29 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 29 #include "third_party/re2/re2/re2.h" | 30 #include "third_party/re2/re2/re2.h" |
| 30 | 31 |
| 31 #if !defined(USE_OPENSSL) | 32 #if !defined(USE_OPENSSL) |
| 32 #include <nss.h> | 33 #include <nss.h> |
| 33 #include <pk11pub.h> | 34 #include <pk11pub.h> |
| 34 | 35 |
| 35 #include "crypto/nss_util.h" | |
| 36 #include "crypto/scoped_nss_types.h" | 36 #include "crypto/scoped_nss_types.h" |
| 37 #endif | 37 #endif |
| 38 | 38 |
| 39 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of | 39 // The OpenSSL implementation of WebCrypto is less complete, so don't run all of |
| 40 // the tests: http://crbug.com/267888 | 40 // the tests: http://crbug.com/267888 |
| 41 #if defined(USE_OPENSSL) | 41 #if defined(USE_OPENSSL) |
| 42 #define MAYBE(test_name) DISABLED_##test_name | 42 #define MAYBE(test_name) DISABLED_##test_name |
| 43 #else | 43 #else |
| 44 #define MAYBE(test_name) test_name | 44 #define MAYBE(test_name) test_name |
| 45 #endif | 45 #endif |
| (...skipping 69 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 115 | 115 |
| 116 if (status.IsError()) | 116 if (status.IsError()) |
| 117 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type()); | 117 EXPECT_EQ(blink::WebCryptoErrorTypeNotSupported, status.error_type()); |
| 118 return status.IsSuccess(); | 118 return status.IsSuccess(); |
| 119 } | 119 } |
| 120 | 120 |
| 121 bool SupportsRsaOaep() { | 121 bool SupportsRsaOaep() { |
| 122 #if defined(USE_OPENSSL) | 122 #if defined(USE_OPENSSL) |
| 123 return false; | 123 return false; |
| 124 #else | 124 #else |
| 125 crypto::EnsureNSSInit(); | |
| 126 // TODO(eroman): Exclude version test for OS_CHROMEOS | 125 // TODO(eroman): Exclude version test for OS_CHROMEOS |
| 127 #if defined(USE_NSS) | 126 #if defined(USE_NSS) |
| 128 if (!NSS_VersionCheck("3.16.2")) | 127 if (!NSS_VersionCheck("3.16.2")) |
| 129 return false; | 128 return false; |
| 130 #endif | 129 #endif |
| 131 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 130 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 132 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); | 131 return !!PK11_DoesMechanism(slot.get(), CKM_RSA_PKCS_OAEP); |
| 133 #endif | 132 #endif |
| 134 } | 133 } |
| 135 | 134 |
| 136 bool SupportsRsaKeyImport() { | 135 bool SupportsRsaKeyImport() { |
| 137 // TODO(eroman): Exclude version test for OS_CHROMEOS | 136 // TODO(eroman): Exclude version test for OS_CHROMEOS |
| 138 #if defined(USE_NSS) | 137 #if defined(USE_NSS) |
| 139 crypto::EnsureNSSInit(); | |
| 140 if (!NSS_VersionCheck("3.16.2")) { | 138 if (!NSS_VersionCheck("3.16.2")) { |
| 141 LOG(WARNING) << "RSA key import is not supported by this version of NSS. " | 139 LOG(WARNING) << "RSA key import is not supported by this version of NSS. " |
| 142 "Skipping some tests"; | 140 "Skipping some tests"; |
| 143 return false; | 141 return false; |
| 144 } | 142 } |
| 145 #endif | 143 #endif |
| 146 return true; | 144 return true; |
| 147 } | 145 } |
| 148 | 146 |
| 149 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( | 147 blink::WebCryptoAlgorithm CreateRsaHashedKeyGenAlgorithm( |
| (...skipping 290 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 440 "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24" | 438 "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24" |
| 441 "a79f4d"; | 439 "a79f4d"; |
| 442 // The modulus and exponent (in hex) of kPublicKeySpkiDerHex | 440 // The modulus and exponent (in hex) of kPublicKeySpkiDerHex |
| 443 const char* const kPublicKeyModulusHex = | 441 const char* const kPublicKeyModulusHex = |
| 444 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056" | 442 "A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C51056" |
| 445 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B" | 443 "FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B2B" |
| 446 "8B6DF5D671EF6377C0921CB23C270A70E2598E6FF89D19F105ACC2D3F0CB35F29280E138" | 444 "8B6DF5D671EF6377C0921CB23C270A70E2598E6FF89D19F105ACC2D3F0CB35F29280E138" |
| 447 "6B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137"; | 445 "6B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137"; |
| 448 const char* const kPublicKeyExponentHex = "010001"; | 446 const char* const kPublicKeyExponentHex = "010001"; |
| 449 | 447 |
| 450 // TODO(eroman): Remove unnecessary test fixture. | |
| 451 class SharedCryptoTest : public testing::Test { | 448 class SharedCryptoTest : public testing::Test { |
| 449 protected: |
| 450 virtual void SetUp() OVERRIDE { Init(); } |
| 452 }; | 451 }; |
| 453 | 452 |
| 454 blink::WebCryptoKey ImportSecretKeyFromRaw( | 453 blink::WebCryptoKey ImportSecretKeyFromRaw( |
| 455 const std::vector<uint8>& key_raw, | 454 const std::vector<uint8>& key_raw, |
| 456 const blink::WebCryptoAlgorithm& algorithm, | 455 const blink::WebCryptoAlgorithm& algorithm, |
| 457 blink::WebCryptoKeyUsageMask usage) { | 456 blink::WebCryptoKeyUsageMask usage) { |
| 458 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 457 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 459 bool extractable = true; | 458 bool extractable = true; |
| 460 EXPECT_EQ(Status::Success(), | 459 EXPECT_EQ(Status::Success(), |
| 461 ImportKey(blink::WebCryptoKeyFormatRaw, | 460 ImportKey(blink::WebCryptoKeyFormatRaw, |
| (...skipping 422 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 884 | 883 |
| 885 std::vector<uint8> output; | 884 std::vector<uint8> output; |
| 886 | 885 |
| 887 ASSERT_EQ(Status::Success(), | 886 ASSERT_EQ(Status::Success(), |
| 888 Sign(algorithm, key, CryptoData(test_message), &output)); | 887 Sign(algorithm, key, CryptoData(test_message), &output)); |
| 889 | 888 |
| 890 EXPECT_BYTES_EQ(test_mac, output); | 889 EXPECT_BYTES_EQ(test_mac, output); |
| 891 | 890 |
| 892 bool signature_match = false; | 891 bool signature_match = false; |
| 893 EXPECT_EQ(Status::Success(), | 892 EXPECT_EQ(Status::Success(), |
| 894 Verify(algorithm, | 893 VerifySignature(algorithm, |
| 895 key, | 894 key, |
| 896 CryptoData(output), | 895 CryptoData(output), |
| 897 CryptoData(test_message), | 896 CryptoData(test_message), |
| 898 &signature_match)); | 897 &signature_match)); |
| 899 EXPECT_TRUE(signature_match); | 898 EXPECT_TRUE(signature_match); |
| 900 | 899 |
| 901 // Ensure truncated signature does not verify by passing one less byte. | 900 // Ensure truncated signature does not verify by passing one less byte. |
| 902 EXPECT_EQ(Status::Success(), | 901 EXPECT_EQ( |
| 903 Verify(algorithm, | 902 Status::Success(), |
| 904 key, | 903 VerifySignature(algorithm, |
| 905 CryptoData(Uint8VectorStart(output), output.size() - 1), | 904 key, |
| 906 CryptoData(test_message), | 905 CryptoData(Uint8VectorStart(output), output.size() - 1), |
| 907 &signature_match)); | 906 CryptoData(test_message), |
| 907 &signature_match)); |
| 908 EXPECT_FALSE(signature_match); | 908 EXPECT_FALSE(signature_match); |
| 909 | 909 |
| 910 // Ensure truncated signature does not verify by passing no bytes. | 910 // Ensure truncated signature does not verify by passing no bytes. |
| 911 EXPECT_EQ(Status::Success(), | 911 EXPECT_EQ(Status::Success(), |
| 912 Verify(algorithm, | 912 VerifySignature(algorithm, |
| 913 key, | 913 key, |
| 914 CryptoData(), | 914 CryptoData(), |
| 915 CryptoData(test_message), | 915 CryptoData(test_message), |
| 916 &signature_match)); | 916 &signature_match)); |
| 917 EXPECT_FALSE(signature_match); | 917 EXPECT_FALSE(signature_match); |
| 918 | 918 |
| 919 // Ensure extra long signature does not cause issues and fails. | 919 // Ensure extra long signature does not cause issues and fails. |
| 920 const unsigned char kLongSignature[1024] = {0}; | 920 const unsigned char kLongSignature[1024] = {0}; |
| 921 EXPECT_EQ(Status::Success(), | 921 EXPECT_EQ( |
| 922 Verify(algorithm, | 922 Status::Success(), |
| 923 key, | 923 VerifySignature(algorithm, |
| 924 CryptoData(kLongSignature, sizeof(kLongSignature)), | 924 key, |
| 925 CryptoData(test_message), | 925 CryptoData(kLongSignature, sizeof(kLongSignature)), |
| 926 &signature_match)); | 926 CryptoData(test_message), |
| 927 &signature_match)); |
| 927 EXPECT_FALSE(signature_match); | 928 EXPECT_FALSE(signature_match); |
| 928 } | 929 } |
| 929 } | 930 } |
| 930 | 931 |
| 931 TEST_F(SharedCryptoTest, AesCbcFailures) { | 932 TEST_F(SharedCryptoTest, AesCbcFailures) { |
| 932 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; | 933 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c"; |
| 933 blink::WebCryptoKey key = ImportSecretKeyFromRaw( | 934 blink::WebCryptoKey key = ImportSecretKeyFromRaw( |
| 934 HexStringToBytes(key_hex), | 935 HexStringToBytes(key_hex), |
| 935 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 936 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 936 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); | 937 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt); |
| (...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1001 ImportKey(blink::WebCryptoKeyFormatRaw, | 1002 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 1002 CryptoData(key_raw), | 1003 CryptoData(key_raw), |
| 1003 CreateAesCbcAlgorithm(iv), | 1004 CreateAesCbcAlgorithm(iv), |
| 1004 true, | 1005 true, |
| 1005 blink::WebCryptoKeyUsageEncrypt, | 1006 blink::WebCryptoKeyUsageEncrypt, |
| 1006 &key)); | 1007 &key)); |
| 1007 } | 1008 } |
| 1008 | 1009 |
| 1009 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | 1010 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
| 1010 // keys). | 1011 // keys). |
| 1011 EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(), | 1012 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 1012 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 1013 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
| 1013 EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(), | 1014 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 1014 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); | 1015 ExportKey(blink::WebCryptoKeyFormatPkcs8, key, &output)); |
| 1015 } | 1016 } |
| 1016 | 1017 |
| 1017 TEST_F(SharedCryptoTest, ImportAesCbcSpkiFailure) { | |
| 1018 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | |
| 1019 ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(), | |
| 1020 ImportKey(blink::WebCryptoKeyFormatSpki, | |
| 1021 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | |
| 1022 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
| 1023 true, | |
| 1024 blink::WebCryptoKeyUsageEncrypt, | |
| 1025 &key)); | |
| 1026 } | |
| 1027 | |
| 1028 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { | 1018 TEST_F(SharedCryptoTest, MAYBE(AesCbcSampleSets)) { |
| 1029 scoped_ptr<base::ListValue> tests; | 1019 scoped_ptr<base::ListValue> tests; |
| 1030 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); | 1020 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests)); |
| 1031 | 1021 |
| 1032 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { | 1022 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
| 1033 SCOPED_TRACE(test_index); | 1023 SCOPED_TRACE(test_index); |
| 1034 base::DictionaryValue* test; | 1024 base::DictionaryValue* test; |
| 1035 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 1025 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
| 1036 | 1026 |
| 1037 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 1027 std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
| (...skipping 332 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1370 // Fail on invalid JSON. | 1360 // Fail on invalid JSON. |
| 1371 const std::vector<uint8> bad_json_vec = MakeJsonVector( | 1361 const std::vector<uint8> bad_json_vec = MakeJsonVector( |
| 1372 "{" | 1362 "{" |
| 1373 "\"kty\" : \"oct\"," | 1363 "\"kty\" : \"oct\"," |
| 1374 "\"alg\" : \"HS256\"," | 1364 "\"alg\" : \"HS256\"," |
| 1375 "\"use\" : "); | 1365 "\"use\" : "); |
| 1376 EXPECT_EQ(Status::ErrorJwkNotDictionary(), | 1366 EXPECT_EQ(Status::ErrorJwkNotDictionary(), |
| 1377 ImportKeyJwk( | 1367 ImportKeyJwk( |
| 1378 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); | 1368 CryptoData(bad_json_vec), algorithm, false, usage_mask, &key)); |
| 1379 | 1369 |
| 1380 // Fail on JWK alg present but incorrect (expecting A128CBC). | 1370 // Fail on JWK alg present but unrecognized. |
| 1381 dict.SetString("alg", "A127CBC"); | 1371 dict.SetString("alg", "A127CBC"); |
| 1382 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(), | 1372 EXPECT_EQ(Status::ErrorJwkUnrecognizedAlgorithm(), |
| 1383 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1373 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1384 RestoreJwkOctDictionary(&dict); | 1374 RestoreJwkOctDictionary(&dict); |
| 1385 | 1375 |
| 1386 // Fail on invalid kty. | 1376 // Fail on invalid kty. |
| 1387 dict.SetString("kty", "foo"); | 1377 dict.SetString("kty", "foo"); |
| 1388 EXPECT_EQ(Status::ErrorJwkUnexpectedKty("oct"), | 1378 EXPECT_EQ(Status::ErrorJwkUnrecognizedKty(), |
| 1389 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1379 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1390 RestoreJwkOctDictionary(&dict); | 1380 RestoreJwkOctDictionary(&dict); |
| 1391 | 1381 |
| 1392 // Fail on missing kty. | 1382 // Fail on missing kty. |
| 1393 dict.Remove("kty", NULL); | 1383 dict.Remove("kty", NULL); |
| 1394 EXPECT_EQ(Status::ErrorJwkPropertyMissing("kty"), | 1384 EXPECT_EQ(Status::ErrorJwkPropertyMissing("kty"), |
| 1395 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1385 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1396 RestoreJwkOctDictionary(&dict); | 1386 RestoreJwkOctDictionary(&dict); |
| 1397 | 1387 |
| 1398 // Fail on kty wrong type. | 1388 // Fail on kty wrong type. |
| (...skipping 338 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1737 EXPECT_EQ(Status::Success(), | 1727 EXPECT_EQ(Status::Success(), |
| 1738 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); | 1728 ImportKeyJwkFromDict(dict, algorithm, true, usage_mask, &key)); |
| 1739 EXPECT_TRUE(key.extractable()); | 1729 EXPECT_TRUE(key.extractable()); |
| 1740 EXPECT_EQ(Status::Success(), | 1730 EXPECT_EQ(Status::Success(), |
| 1741 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1731 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 1742 EXPECT_FALSE(key.extractable()); | 1732 EXPECT_FALSE(key.extractable()); |
| 1743 dict.SetBoolean("ext", true); // restore previous value | 1733 dict.SetBoolean("ext", true); // restore previous value |
| 1744 | 1734 |
| 1745 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value | 1735 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value |
| 1746 // (HMAC SHA256). | 1736 // (HMAC SHA256). |
| 1747 dict.Clear(); | 1737 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(), |
| 1748 dict.SetString("kty", "oct"); | |
| 1749 dict.SetString("alg", "HS256"); | |
| 1750 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg"); | |
| 1751 EXPECT_EQ( | |
| 1752 Status::ErrorJwkAlgorithmInconsistent(), | |
| 1753 ImportKeyJwkFromDict(dict, | |
| 1754 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | |
| 1755 extractable, | |
| 1756 blink::WebCryptoKeyUsageEncrypt, | |
| 1757 &key)); | |
| 1758 // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig). | |
| 1759 EXPECT_EQ(Status::ErrorJwkUseInconsistent(), | |
| 1760 ImportKeyJwk(CryptoData(json_vec), | 1738 ImportKeyJwk(CryptoData(json_vec), |
| 1761 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1739 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 1762 extractable, | 1740 extractable, |
| 1763 blink::WebCryptoKeyUsageEncrypt, | 1741 blink::WebCryptoKeyUsageEncrypt, |
| 1764 &key)); | 1742 &key)); |
| 1765 | 1743 |
| 1766 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value | 1744 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value |
| 1767 // (HMAC SHA256). | 1745 // (HMAC SHA256). |
| 1768 EXPECT_EQ( | 1746 EXPECT_EQ( |
| 1769 Status::ErrorJwkAlgorithmInconsistent(), | 1747 Status::ErrorJwkAlgorithmInconsistent(), |
| (...skipping 282 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2052 EXPECT_EQ( | 2030 EXPECT_EQ( |
| 2053 Status::DataError(), | 2031 Status::DataError(), |
| 2054 ImportKey(blink::WebCryptoKeyFormatSpki, | 2032 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 2055 CryptoData(HexStringToBytes("618333c4cb")), | 2033 CryptoData(HexStringToBytes("618333c4cb")), |
| 2056 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2034 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 2057 true, | 2035 true, |
| 2058 blink::WebCryptoKeyUsageVerify, | 2036 blink::WebCryptoKeyUsageVerify, |
| 2059 &key)); | 2037 &key)); |
| 2060 | 2038 |
| 2061 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 2039 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
| 2062 EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(), | 2040 EXPECT_EQ(Status::DataError(), |
| 2063 ImportKey(blink::WebCryptoKeyFormatSpki, | 2041 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 2064 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2042 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 2065 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2043 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 2066 true, | 2044 true, |
| 2067 blink::WebCryptoKeyUsageEncrypt, | 2045 blink::WebCryptoKeyUsageEncrypt, |
| 2068 &key)); | 2046 &key)); |
| 2069 | 2047 |
| 2070 // Passing case: Export a previously imported RSA public key in SPKI format | 2048 // Passing case: Export a previously imported RSA public key in SPKI format |
| 2071 // and compare to original data. | 2049 // and compare to original data. |
| 2072 std::vector<uint8> output; | 2050 std::vector<uint8> output; |
| 2073 ASSERT_EQ(Status::Success(), | 2051 ASSERT_EQ(Status::Success(), |
| 2074 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); | 2052 ExportKey(blink::WebCryptoKeyFormatSpki, key, &output)); |
| 2075 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output); | 2053 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, output); |
| 2076 | 2054 |
| 2077 // Failing case: Try to export a previously imported RSA public key in raw | 2055 // Failing case: Try to export a previously imported RSA public key in raw |
| 2078 // format (not allowed for a public key). | 2056 // format (not allowed for a public key). |
| 2079 EXPECT_EQ(Status::ErrorUnsupportedExportKeyFormat(), | 2057 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 2080 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); | 2058 ExportKey(blink::WebCryptoKeyFormatRaw, key, &output)); |
| 2081 | 2059 |
| 2082 // Failing case: Try to export a non-extractable key | 2060 // Failing case: Try to export a non-extractable key |
| 2083 ASSERT_EQ(Status::Success(), | 2061 ASSERT_EQ(Status::Success(), |
| 2084 ImportKey(blink::WebCryptoKeyFormatSpki, | 2062 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 2085 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 2063 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 2086 CreateRsaHashedImportAlgorithm( | 2064 CreateRsaHashedImportAlgorithm( |
| 2087 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 2065 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 2088 blink::WebCryptoAlgorithmIdSha256), | 2066 blink::WebCryptoAlgorithmIdSha256), |
| 2089 false, | 2067 false, |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2152 CryptoData(HexStringToBytes("618333c4cb")), | 2130 CryptoData(HexStringToBytes("618333c4cb")), |
| 2153 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2131 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 2154 true, | 2132 true, |
| 2155 blink::WebCryptoKeyUsageSign, | 2133 blink::WebCryptoKeyUsageSign, |
| 2156 &key)); | 2134 &key)); |
| 2157 | 2135 |
| 2158 // Failing case: Import RSA key but provide an inconsistent input algorithm | 2136 // Failing case: Import RSA key but provide an inconsistent input algorithm |
| 2159 // and usage. Several issues here: | 2137 // and usage. Several issues here: |
| 2160 // * AES-CBC doesn't support PKCS8 key format | 2138 // * AES-CBC doesn't support PKCS8 key format |
| 2161 // * AES-CBC doesn't support "sign" usage | 2139 // * AES-CBC doesn't support "sign" usage |
| 2162 EXPECT_EQ(Status::ErrorUnsupportedImportKeyFormat(), | 2140 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 2163 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 2141 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 2164 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), | 2142 CryptoData(HexStringToBytes(kPrivateKeyPkcs8DerHex)), |
| 2165 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 2143 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 2166 true, | 2144 true, |
| 2167 blink::WebCryptoKeyUsageSign, | 2145 blink::WebCryptoKeyUsageSign, |
| 2168 &key)); | 2146 &key)); |
| 2169 } | 2147 } |
| 2170 | 2148 |
| 2171 // Tests JWK import and export by doing a roundtrip key conversion and ensuring | 2149 // Tests JWK import and export by doing a roundtrip key conversion and ensuring |
| 2172 // it was lossless: | 2150 // it was lossless: |
| (...skipping 539 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 2712 | 2690 |
| 2713 std::vector<uint8> signature; | 2691 std::vector<uint8> signature; |
| 2714 bool signature_match; | 2692 bool signature_match; |
| 2715 | 2693 |
| 2716 // Compute a signature. | 2694 // Compute a signature. |
| 2717 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | 2695 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
| 2718 ASSERT_EQ(Status::Success(), | 2696 ASSERT_EQ(Status::Success(), |
| 2719 Sign(algorithm, private_key, CryptoData(data), &signature)); | 2697 Sign(algorithm, private_key, CryptoData(data), &signature)); |
| 2720 | 2698 |
| 2721 // Ensure truncated signature does not verify by passing one less byte. | 2699 // Ensure truncated signature does not verify by passing one less byte. |
| 2722 EXPECT_EQ( | 2700 EXPECT_EQ(Status::Success(), |
| 2723 Status::Success(), | 2701 VerifySignature( |
| 2724 Verify(algorithm, | 2702 algorithm, |
| 2725 public_key, | 2703 public_key, |
| 2726 CryptoData(Uint8VectorStart(signature), signature.size() - 1), | 2704 CryptoData(Uint8VectorStart(signature), signature.size() - 1), |
| 2727 CryptoData(data), | 2705 CryptoData(data), |
| 2728 &signature_match)); | 2706 &signature_match)); |
| 2729 EXPECT_FALSE(signature_match); | 2707 EXPECT_FALSE(signature_match); |
| 2730 | 2708 |
| 2731 // Ensure truncated signature does not verify by passing no bytes. | 2709 // Ensure truncated signature does not verify by passing no bytes. |
| 2732 EXPECT_EQ(Status::Success(), | 2710 EXPECT_EQ(Status::Success(), |
| 2733 Verify(algorithm, | 2711 VerifySignature(algorithm, |
| 2734 public_key, | 2712 public_key, |
| 2735 CryptoData(), | 2713 CryptoData(), |
| 2736 CryptoData(data), | 2714 CryptoData(data), |
| 2737 &signature_match)); | 2715 &signature_match)); |
| 2738 EXPECT_FALSE(signature_match); | 2716 EXPECT_FALSE(signature_match); |
| 2739 | 2717 |
| 2740 // Ensure corrupted signature does not verify. | 2718 // Ensure corrupted signature does not verify. |
| 2741 std::vector<uint8> corrupt_sig = signature; | 2719 std::vector<uint8> corrupt_sig = signature; |
| 2742 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | 2720 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
| 2743 EXPECT_EQ(Status::Success(), | 2721 EXPECT_EQ(Status::Success(), |
| 2744 Verify(algorithm, | 2722 VerifySignature(algorithm, |
| 2745 public_key, | 2723 public_key, |
| 2746 CryptoData(corrupt_sig), | 2724 CryptoData(corrupt_sig), |
| 2747 CryptoData(data), | 2725 CryptoData(data), |
| 2748 &signature_match)); | 2726 &signature_match)); |
| 2749 EXPECT_FALSE(signature_match); | 2727 EXPECT_FALSE(signature_match); |
| 2750 | 2728 |
| 2751 // Ensure signatures that are greater than the modulus size fail. | 2729 // Ensure signatures that are greater than the modulus size fail. |
| 2752 const unsigned int long_message_size_bytes = 1024; | 2730 const unsigned int long_message_size_bytes = 1024; |
| 2753 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); | 2731 DCHECK_GT(long_message_size_bytes, kModulusLengthBits / 8); |
| 2754 const unsigned char kLongSignature[long_message_size_bytes] = {0}; | 2732 const unsigned char kLongSignature[long_message_size_bytes] = {0}; |
| 2755 EXPECT_EQ(Status::Success(), | 2733 EXPECT_EQ(Status::Success(), |
| 2756 Verify(algorithm, | 2734 VerifySignature(algorithm, |
| 2757 public_key, | 2735 public_key, |
| 2758 CryptoData(kLongSignature, sizeof(kLongSignature)), | 2736 CryptoData(kLongSignature, sizeof(kLongSignature)), |
| 2759 CryptoData(data), | 2737 CryptoData(data), |
| 2760 &signature_match)); | 2738 &signature_match)); |
| 2761 EXPECT_FALSE(signature_match); | 2739 EXPECT_FALSE(signature_match); |
| 2762 | 2740 |
| 2763 // Ensure that signing and verifying with an incompatible algorithm fails. | 2741 // Ensure that signing and verifying with an incompatible algorithm fails. |
| 2764 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep); | 2742 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaOaep); |
| 2765 | 2743 |
| 2766 EXPECT_EQ(Status::ErrorUnexpected(), | 2744 EXPECT_EQ(Status::ErrorUnexpected(), |
| 2767 Sign(algorithm, private_key, CryptoData(data), &signature)); | 2745 Sign(algorithm, private_key, CryptoData(data), &signature)); |
| 2768 EXPECT_EQ(Status::ErrorUnexpected(), | 2746 EXPECT_EQ(Status::ErrorUnexpected(), |
| 2769 Verify(algorithm, | 2747 VerifySignature(algorithm, |
| 2770 public_key, | 2748 public_key, |
| 2771 CryptoData(signature), | 2749 CryptoData(signature), |
| 2772 CryptoData(data), | 2750 CryptoData(data), |
| 2773 &signature_match)); | 2751 &signature_match)); |
| 2774 | 2752 |
| 2775 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash | 2753 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash |
| 2776 // based solely on the contents of the input signature data. In the Web Crypto | 2754 // based solely on the contents of the input signature data. In the Web Crypto |
| 2777 // implementation, the inner hash should be specified uniquely by the key | 2755 // implementation, the inner hash should be specified uniquely by the key |
| 2778 // algorithm parameter. To validate this behavior, call Verify with a computed | 2756 // algorithm parameter. To validate this behavior, call Verify with a computed |
| 2779 // signature that used one hash type (SHA-1), but pass in a key with a | 2757 // signature that used one hash type (SHA-1), but pass in a key with a |
| 2780 // different inner hash type (SHA-256). If the hash type is determined by the | 2758 // different inner hash type (SHA-256). If the hash type is determined by the |
| 2781 // signature itself (undesired), the verify will pass, while if the hash type | 2759 // signature itself (undesired), the verify will pass, while if the hash type |
| 2782 // is specified by the key algorithm (desired), the verify will fail. | 2760 // is specified by the key algorithm (desired), the verify will fail. |
| 2783 | 2761 |
| (...skipping 20 matching lines...) Expand all Loading... |
| 2804 // NOTE: public_key was produced by generateKey, and so its associated | 2782 // NOTE: public_key was produced by generateKey, and so its associated |
| 2805 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | 2783 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus |
| 2806 // it has no inner hash to conflict with the input algorithm. | 2784 // it has no inner hash to conflict with the input algorithm. |
| 2807 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 2785 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 2808 private_key.algorithm().rsaHashedParams()->hash().id()); | 2786 private_key.algorithm().rsaHashedParams()->hash().id()); |
| 2809 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 2787 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 2810 public_key_256.algorithm().rsaHashedParams()->hash().id()); | 2788 public_key_256.algorithm().rsaHashedParams()->hash().id()); |
| 2811 | 2789 |
| 2812 bool is_match; | 2790 bool is_match; |
| 2813 EXPECT_EQ(Status::Success(), | 2791 EXPECT_EQ(Status::Success(), |
| 2814 Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 2792 VerifySignature( |
| 2815 public_key_256, | 2793 CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
| 2816 CryptoData(signature), | 2794 public_key_256, |
| 2817 CryptoData(data), | 2795 CryptoData(signature), |
| 2818 &is_match)); | 2796 CryptoData(data), |
| 2797 &is_match)); |
| 2819 EXPECT_FALSE(is_match); | 2798 EXPECT_FALSE(is_match); |
| 2820 } | 2799 } |
| 2821 | 2800 |
| 2822 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { | 2801 TEST_F(SharedCryptoTest, MAYBE(RsaSignVerifyKnownAnswer)) { |
| 2823 if (!SupportsRsaKeyImport()) | 2802 if (!SupportsRsaKeyImport()) |
| 2824 return; | 2803 return; |
| 2825 | 2804 |
| 2826 scoped_ptr<base::ListValue> tests; | 2805 scoped_ptr<base::ListValue> tests; |
| 2827 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); | 2806 ASSERT_TRUE(ReadJsonTestFileToList("pkcs1v15_sign.json", &tests)); |
| 2828 | 2807 |
| (...skipping 30 matching lines...) Expand all Loading... |
| 2859 GetBytesFromHexString(test, "signature_hex"); | 2838 GetBytesFromHexString(test, "signature_hex"); |
| 2860 | 2839 |
| 2861 signature.clear(); | 2840 signature.clear(); |
| 2862 ASSERT_EQ( | 2841 ASSERT_EQ( |
| 2863 Status::Success(), | 2842 Status::Success(), |
| 2864 Sign(algorithm, private_key, CryptoData(test_message), &signature)); | 2843 Sign(algorithm, private_key, CryptoData(test_message), &signature)); |
| 2865 EXPECT_BYTES_EQ(test_signature, signature); | 2844 EXPECT_BYTES_EQ(test_signature, signature); |
| 2866 | 2845 |
| 2867 bool is_match = false; | 2846 bool is_match = false; |
| 2868 ASSERT_EQ(Status::Success(), | 2847 ASSERT_EQ(Status::Success(), |
| 2869 Verify(algorithm, | 2848 VerifySignature(algorithm, |
| 2870 public_key, | 2849 public_key, |
| 2871 CryptoData(test_signature), | 2850 CryptoData(test_signature), |
| 2872 CryptoData(test_message), | 2851 CryptoData(test_message), |
| 2873 &is_match)); | 2852 &is_match)); |
| 2874 EXPECT_TRUE(is_match); | 2853 EXPECT_TRUE(is_match); |
| 2875 } | 2854 } |
| 2876 } | 2855 } |
| 2877 | 2856 |
| 2878 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { | 2857 TEST_F(SharedCryptoTest, MAYBE(AesKwKeyImport)) { |
| 2879 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2858 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| 2880 blink::WebCryptoAlgorithm algorithm = | 2859 blink::WebCryptoAlgorithm algorithm = |
| 2881 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | 2860 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
| 2882 | 2861 |
| 2883 // Import a 128-bit Key Encryption Key (KEK) | 2862 // Import a 128-bit Key Encryption Key (KEK) |
| (...skipping 213 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3097 ASSERT_EQ(Status::Success(), | 3076 ASSERT_EQ(Status::Success(), |
| 3098 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), | 3077 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), |
| 3099 key, | 3078 key, |
| 3100 CryptoData(test_message), | 3079 CryptoData(test_message), |
| 3101 &signature)); | 3080 &signature)); |
| 3102 | 3081 |
| 3103 EXPECT_GT(signature.size(), 0u); | 3082 EXPECT_GT(signature.size(), 0u); |
| 3104 | 3083 |
| 3105 bool verify_result; | 3084 bool verify_result; |
| 3106 ASSERT_EQ(Status::Success(), | 3085 ASSERT_EQ(Status::Success(), |
| 3107 Verify(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), | 3086 VerifySignature(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), |
| 3108 key, | 3087 key, |
| 3109 CryptoData(signature), | 3088 CryptoData(signature), |
| 3110 CryptoData(test_message), | 3089 CryptoData(test_message), |
| 3111 &verify_result)); | 3090 &verify_result)); |
| 3112 } | 3091 } |
| 3113 | 3092 |
| 3114 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { | 3093 TEST_F(SharedCryptoTest, MAYBE(AesKwRawSymkeyWrapUnwrapErrors)) { |
| 3115 scoped_ptr<base::ListValue> tests; | 3094 scoped_ptr<base::ListValue> tests; |
| 3116 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); | 3095 ASSERT_TRUE(ReadJsonTestFileToList("aes_kw.json", &tests)); |
| 3117 base::DictionaryValue* test; | 3096 base::DictionaryValue* test; |
| 3118 // Use 256 bits of data with a 256-bit KEK | 3097 // Use 256 bits of data with a 256-bit KEK |
| 3119 ASSERT_TRUE(tests->GetDictionary(3, &test)); | 3098 ASSERT_TRUE(tests->GetDictionary(3, &test)); |
| 3120 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); | 3099 const std::vector<uint8> test_kek = GetBytesFromHexString(test, "kek"); |
| 3121 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); | 3100 const std::vector<uint8> test_key = GetBytesFromHexString(test, "key"); |
| (...skipping 322 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3444 wrapping_key, | 3423 wrapping_key, |
| 3445 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | 3424 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), |
| 3446 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 3425 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 3447 true, | 3426 true, |
| 3448 blink::WebCryptoKeyUsageEncrypt, | 3427 blink::WebCryptoKeyUsageEncrypt, |
| 3449 &unwrapped_key)); | 3428 &unwrapped_key)); |
| 3450 } | 3429 } |
| 3451 | 3430 |
| 3452 class SharedCryptoRsaOaepTest : public ::testing::Test { | 3431 class SharedCryptoRsaOaepTest : public ::testing::Test { |
| 3453 public: | 3432 public: |
| 3433 SharedCryptoRsaOaepTest() { Init(); } |
| 3434 |
| 3454 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { | 3435 scoped_ptr<base::DictionaryValue> CreatePublicKeyJwkDict() { |
| 3455 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); | 3436 scoped_ptr<base::DictionaryValue> jwk(new base::DictionaryValue()); |
| 3456 jwk->SetString("kty", "RSA"); | 3437 jwk->SetString("kty", "RSA"); |
| 3457 jwk->SetString("n", | 3438 jwk->SetString("n", |
| 3458 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); | 3439 Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyModulusHex))); |
| 3459 jwk->SetString( | 3440 jwk->SetString( |
| 3460 "e", Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyExponentHex))); | 3441 "e", Base64EncodeUrlSafe(HexStringToBytes(kPublicKeyExponentHex))); |
| 3461 return jwk.Pass(); | 3442 return jwk.Pass(); |
| 3462 } | 3443 } |
| 3463 }; | 3444 }; |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 3545 if (!SupportsRsaOaep()) { | 3526 if (!SupportsRsaOaep()) { |
| 3546 LOG(WARNING) << "RSA-OAEP support not present; skipping."; | 3527 LOG(WARNING) << "RSA-OAEP support not present; skipping."; |
| 3547 return; | 3528 return; |
| 3548 } | 3529 } |
| 3549 | 3530 |
| 3550 scoped_ptr<base::DictionaryValue> jwk(CreatePublicKeyJwkDict()); | 3531 scoped_ptr<base::DictionaryValue> jwk(CreatePublicKeyJwkDict()); |
| 3551 jwk->SetString("kty", "oct"); | 3532 jwk->SetString("kty", "oct"); |
| 3552 jwk->SetString("alg", "RSA-OAEP"); | 3533 jwk->SetString("alg", "RSA-OAEP"); |
| 3553 | 3534 |
| 3554 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 3535 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 3555 ASSERT_EQ(Status::ErrorJwkUnexpectedKty("RSA"), | 3536 ASSERT_EQ(Status::ErrorJwkPropertyMissing("k"), |
| 3556 ImportKeyJwkFromDict(*jwk.get(), | 3537 ImportKeyJwkFromDict(*jwk.get(), |
| 3557 CreateRsaHashedImportAlgorithm( | 3538 CreateRsaHashedImportAlgorithm( |
| 3558 blink::WebCryptoAlgorithmIdRsaOaep, | 3539 blink::WebCryptoAlgorithmIdRsaOaep, |
| 3559 blink::WebCryptoAlgorithmIdSha1), | 3540 blink::WebCryptoAlgorithmIdSha1), |
| 3560 true, | 3541 true, |
| 3561 blink::WebCryptoKeyUsageEncrypt, | 3542 blink::WebCryptoKeyUsageEncrypt, |
| 3562 &public_key)); | 3543 &public_key)); |
| 3563 } | 3544 } |
| 3564 | 3545 |
| 3565 TEST_F(SharedCryptoRsaOaepTest, ExportPublicJwk) { | 3546 TEST_F(SharedCryptoRsaOaepTest, ExportPublicJwk) { |
| (...skipping 852 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 4418 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); | 4399 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki); |
| 4419 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); | 4400 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8); |
| 4420 | 4401 |
| 4421 EXPECT_NE(public_key_spki, wrapped_public_key); | 4402 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 4422 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 4403 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 4423 } | 4404 } |
| 4424 | 4405 |
| 4425 } // namespace webcrypto | 4406 } // namespace webcrypto |
| 4426 | 4407 |
| 4427 } // namespace content | 4408 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 401983002:
Revert 284192 due to a failing test. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src