content/child/webcrypto/shared_crypto_unittest.cc - Issue 416993009: [webcrypto] JWK: Reject keys with non-minimal bigintegers.

Side by Side Diff: content/child/webcrypto/shared_crypto_unittest.cc

Issue 416993009: [webcrypto] JWK: Reject keys with non-minimal bigintegers. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: improve a test Created 6 years, 4 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include <algorithm>	5 #include <algorithm>

6 #include <string>	6 #include <string>

7 #include <vector>	7 #include <vector>

8	8

9 #include "base/basictypes.h"	9 #include "base/basictypes.h"

10 #include "base/file_util.h"	10 #include "base/file_util.h"

(...skipping 1656 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1667 RestoreJwkRsaDictionary(&dict);	1667 RestoreJwkRsaDictionary(&dict);

1668	1668

1669 // Fail on bad b64 parameter encoding.	1669 // Fail on bad b64 parameter encoding.

1670 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");	1670 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");

1671 EXPECT_NE(Status::Success(),	1671 EXPECT_NE(Status::Success(),

1672 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));	1672 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));

1673 RestoreJwkRsaDictionary(&dict);	1673 RestoreJwkRsaDictionary(&dict);

1674	1674

1675 // Fail on empty parameter.	1675 // Fail on empty parameter.

1676 dict.SetString(kKtyParmName[idx], "");	1676 dict.SetString(kKtyParmName[idx], "");

1677 EXPECT_NE(Status::Success(),	1677 EXPECT_EQ(Status::ErrorJwkEmptyBigInteger(kKtyParmName[idx]),

1678 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));	1678 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));

1679 RestoreJwkRsaDictionary(&dict);	1679 RestoreJwkRsaDictionary(&dict);

1680 }	1680 }

1681 }	1681 }

1682	1682

1683 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {	1683 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {

1684 // The Web Crypto spec says that if a JWK value is present, but is	1684 // The Web Crypto spec says that if a JWK value is present, but is

1685 // inconsistent with the input value, the operation must fail.	1685 // inconsistent with the input value, the operation must fail.

1686	1686

1687 // Consistency rules when JWK value is not present: Inputs should be used.	1687 // Consistency rules when JWK value is not present: Inputs should be used.

(...skipping 695 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
2383 "d",	2383 "d",

2384 "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"	2384 "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"

2385 "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"	2385 "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"

2386 "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");	2386 "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");

2387	2387

2388 dict.SetString("p",	2388 dict.SetString("p",

2389 "5-"	2389 "5-"

2390 "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W"	2390 "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W"

2391 "hU1vZs8w0Fgs7bc0-2o5kQw");	2391 "hU1vZs8w0Fgs7bc0-2o5kQw");

2392	2392

2393 ASSERT_EQ(Status::ErrorJwkIncompleteOptionalRsaPrivateKey(),	2393 ASSERT_EQ(Status::ErrorJwkPropertyMissing("q"),

2394 ImportKeyJwkFromDict(dict,	2394 ImportKeyJwkFromDict(dict,

2395 CreateRsaHashedImportAlgorithm(	2395 CreateRsaHashedImportAlgorithm(

2396 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,	2396 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,

2397 blink::WebCryptoAlgorithmIdSha1),	2397 blink::WebCryptoAlgorithmIdSha1),

2398 true,	2398 true,

2399 blink::WebCryptoKeyUsageSign,	2399 blink::WebCryptoKeyUsageSign,

2400 &key));	2400 &key));

2401 }	2401 }

2402	2402

2403 // Import a JWK RSA private key, without any of the optional parameters.	2403 // Import a JWK RSA private key, without any of the optional parameters.

2404 //	2404 //

2405 // This is expected to work, however based on the current NSS implementation it	2405 // According to JWA such keys are valid, however Chromium's WebCrypto

2406 // does not.	2406 // implementation does not allow them. See http://crbug/com/374927
	Ryan Sleevi 2014/07/26 00:52:33 You can actually put a stronger message here if yo You can actually put a stronger message here if you want. // According to JWA, such keys are valid, but applications SHOULD // include all the parameters when sending, and recipients MAY // accept them, but are not required to. Chromium's WebCrypto does // not allow such degenerate keys. eroman 2014/07/26 00:57:12 Done. Show quoted text On 2014/07/26 00:52:33, Ryan Sleevi wrote: > You can actually put a stronger message here if you want. > > // According to JWA, such keys are valid, but applications SHOULD > // include all the parameters when sending, and recipients MAY > // accept them, but are not required to. Chromium's WebCrypto does > // not allow such degenerate keys. Done.
2407 //

2408 // TODO(eroman): http://crbug/com/374927

2409 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) {	2407 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) {

2410 if (!SupportsRsaKeyImport())	2408 if (!SupportsRsaKeyImport())

2411 return;	2409 return;

2412	2410

2413 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();	2411 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();

2414	2412

2415 base::DictionaryValue dict;	2413 base::DictionaryValue dict;

2416 dict.SetString("kty", "RSA");	2414 dict.SetString("kty", "RSA");

2417 dict.SetString("alg", "RS1");	2415 dict.SetString("alg", "RS1");

2418	2416

2419 dict.SetString(	2417 dict.SetString(

2420 "n",	2418 "n",

2421 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"	2419 "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"

2422 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"	2420 "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"

2423 "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");	2421 "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");

2424 dict.SetString("e", "AQAB");	2422 dict.SetString("e", "AQAB");

2425 dict.SetString(	2423 dict.SetString(

2426 "d",	2424 "d",

2427 "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"	2425 "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"

2428 "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"	2426 "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"

2429 "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");	2427 "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");

2430	2428

2431 // TODO(eroman): This should pass, see: http://crbug/com/374927	2429 ASSERT_EQ(Status::ErrorJwkPropertyMissing("p"),

2432 //

2433 // Technically it is OK to fail since JWA says that consumer are not required

2434 // to support lack of the optional parameters.

2435 ASSERT_EQ(Status::OperationError(),

2436 ImportKeyJwkFromDict(dict,	2430 ImportKeyJwkFromDict(dict,

2437 CreateRsaHashedImportAlgorithm(	2431 CreateRsaHashedImportAlgorithm(

2438 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,	2432 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,

2439 blink::WebCryptoAlgorithmIdSha1),	2433 blink::WebCryptoAlgorithmIdSha1),

2440 true,	2434 true,

2441 blink::WebCryptoKeyUsageSign,	2435 blink::WebCryptoKeyUsageSign,

2442 &key));	2436 &key));

2443 }	2437 }

2444	2438

	2439 // Tries importing a public RSA key whose exponent contains leading zeros.

	2440 TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaNonMinimalExponent)) {

	2441 base::DictionaryValue dict;

	2442

	2443 dict.SetString("kty", "RSA");

	2444 dict.SetString("e", "AAEAAQ"); // 00 01 00 01

	2445 dict.SetString(

	2446 "n",

	2447 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"

	2448 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"

	2449 "e7PUJHYW1PW6ENTP0ibeiNOfFvs");

	2450

	2451 blink::WebCryptoKey key = blink::WebCryptoKey::createNull();

	2452

	2453 EXPECT_EQ(Status::ErrorJwkBigIntegerHasLeadingZero("e"),

	2454 ImportKeyJwkFromDict(dict,

	2455 CreateRsaHashedImportAlgorithm(

	2456 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,

	2457 blink::WebCryptoAlgorithmIdSha256),

	2458 false,

	2459 blink::WebCryptoKeyUsageVerify,

	2460 &key));

	2461 }

	2462

2445 TEST_F(SharedCryptoTest, GenerateKeyPairRsa) {	2463 TEST_F(SharedCryptoTest, GenerateKeyPairRsa) {

2446 // Note: using unrealistic short key lengths here to avoid bogging down tests.	2464 // Note: using unrealistic short key lengths here to avoid bogging down tests.

2447	2465

2448 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256)	2466 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256)

2449 const unsigned int modulus_length = 256;	2467 const unsigned int modulus_length = 256;

2450 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001");	2468 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001");

2451 blink::WebCryptoAlgorithm algorithm =	2469 blink::WebCryptoAlgorithm algorithm =

2452 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,	2470 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,

2453 blink::WebCryptoAlgorithmIdSha256,	2471 blink::WebCryptoAlgorithmIdSha256,

2454 modulus_length,	2472 modulus_length,

(...skipping 1955 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
4410 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);	4428 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);

4411 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);	4429 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);

4412	4430

4413 EXPECT_NE(public_key_spki, wrapped_public_key);	4431 EXPECT_NE(public_key_spki, wrapped_public_key);

4414 EXPECT_NE(private_key_pkcs8, wrapped_private_key);	4432 EXPECT_NE(private_key_pkcs8, wrapped_private_key);

4415 }	4433 }

4416	4434

4417 } // namespace webcrypto	4435 } // namespace webcrypto

4418	4436

4419 } // namespace content	4437 } // namespace content

OLD	NEW

« no previous file with comments | « content/child/webcrypto/nss/rsa_key_nss.cc ('k') | content/child/webcrypto/status.h » ('j') | no next file with comments »