[webcrypto] JWK: Reject keys with non-minimal bigintegers.

content/child/webcrypto/shared_crypto_unittest.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
 #include "base/basictypes.h"
 #include "base/file_util.h"
@@ skipping 1656 matching lines @@
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on bad b64 parameter encoding.
     dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
     EXPECT_NE(Status::Success(),
               ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
 
     // Fail on empty parameter.
     dict.SetString(kKtyParmName[idx], "");
-    EXPECT_NE(Status::Success(),
+    EXPECT_EQ(Status::ErrorJwkEmptyBigInteger(kKtyParmName[idx]),
               ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key));
     RestoreJwkRsaDictionary(&dict);
   }
 }
 
 TEST_F(SharedCryptoTest, MAYBE(ImportJwkInputConsistency)) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
@@ skipping 695 matching lines @@
       "d",
       "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
       "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
       "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");
 
   dict.SetString("p",
                  "5-"
                  "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W"
                  "hU1vZs8w0Fgs7bc0-2o5kQw");
 
-  ASSERT_EQ(Status::ErrorJwkIncompleteOptionalRsaPrivateKey(),
+  ASSERT_EQ(Status::ErrorJwkPropertyMissing("q"),
             ImportKeyJwkFromDict(dict,
                                  CreateRsaHashedImportAlgorithm(
                                      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
                                      blink::WebCryptoAlgorithmIdSha1),
                                  true,
                                  blink::WebCryptoKeyUsageSign,
                                  &key));
 }
 
 // Import a JWK RSA private key, without any of the optional parameters.
 //
-// This is expected to work, however based on the current NSS implementation it
-// does not.
-//
-// TODO(eroman): http://crbug/com/374927
+// According to JWA, such keys are valid, but applications SHOULD
+// include all the parameters when sending, and recipients MAY
+// accept them, but are not required to. Chromium's WebCrypto does
+// not allow such degenerate keys.
 TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) {
   if (!SupportsRsaKeyImport())
     return;
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
 
   base::DictionaryValue dict;
   dict.SetString("kty", "RSA");
   dict.SetString("alg", "RS1");
 
   dict.SetString(
       "n",
       "pW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h962ZHYxRBW_-2xYrTA8oOhKoijlN_"
       "1JqtykcuzB86r_OCx39XNlQgJbVsri2311nHvY3fAkhyyPCcKcOJZjm_4nRnxBazC0_"
       "DLNfKSgOE4a29kxO8i4eHyDQzoz_siSb2aITc");
   dict.SetString("e", "AQAB");
   dict.SetString(
       "d",
       "M6UEKpCyfU9UUcqbu9C0R3GhAa-IQ0Cu-YhfKku-"
       "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ"
       "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU");
 
-  // TODO(eroman): This should pass, see: http://crbug/com/374927
-  //
-  // Technically it is OK to fail since JWA says that consumer are not required
-  // to support lack of the optional parameters.
-  ASSERT_EQ(Status::OperationError(),
+  ASSERT_EQ(Status::ErrorJwkPropertyMissing("p"),
             ImportKeyJwkFromDict(dict,
                                  CreateRsaHashedImportAlgorithm(
                                      blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
                                      blink::WebCryptoAlgorithmIdSha1),
                                  true,
                                  blink::WebCryptoKeyUsageSign,
                                  &key));
 }
 
+// Tries importing a public RSA key whose exponent contains leading zeros.
+TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaNonMinimalExponent)) {
+  base::DictionaryValue dict;
+
+  dict.SetString("kty", "RSA");
+  dict.SetString("e", "AAEAAQ");  // 00 01 00 01
+  dict.SetString(
+      "n",
+      "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
+      "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
+      "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
+
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  EXPECT_EQ(Status::ErrorJwkBigIntegerHasLeadingZero("e"),
+            ImportKeyJwkFromDict(dict,
+                                 CreateRsaHashedImportAlgorithm(
+                                     blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
+                                     blink::WebCryptoAlgorithmIdSha256),
+                                 false,
+                                 blink::WebCryptoKeyUsageVerify,
+                                 &key));
+}
+
 TEST_F(SharedCryptoTest, GenerateKeyPairRsa) {
   // Note: using unrealistic short key lengths here to avoid bogging down tests.
 
   // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256)
   const unsigned int modulus_length = 256;
   const std::vector<uint8_t> public_exponent = HexStringToBytes("010001");
   blink::WebCryptoAlgorithm algorithm =
       CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
                                      blink::WebCryptoAlgorithmIdSha256,
                                      modulus_length,
@@ skipping 1955 matching lines @@
   EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);
   EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);
 
   EXPECT_NE(public_key_spki, wrapped_public_key);
   EXPECT_NE(private_key_pkcs8, wrapped_private_key);
 }
 
 }  // namespace webcrypto
 
 }  // namespace content