Chromium Code Reviews Chromium Code Reviews
Issue 416993009:
[webcrypto] JWK: Reject keys with non-minimal bigintegers. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/child/webcrypto/shared_crypto_unittest.cc |
| diff --git a/content/child/webcrypto/shared_crypto_unittest.cc b/content/child/webcrypto/shared_crypto_unittest.cc |
| index 69f87f4919eb21349a2b9be07da6c3b5c15a5039..8b3b545b3e226316630a074ecd676ad8b3170cbc 100644 |
| --- a/content/child/webcrypto/shared_crypto_unittest.cc |
| +++ b/content/child/webcrypto/shared_crypto_unittest.cc |
| @@ -1674,7 +1674,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaFailures)) { |
| // Fail on empty parameter. |
| dict.SetString(kKtyParmName[idx], ""); |
| - EXPECT_NE(Status::Success(), |
| + EXPECT_EQ(Status::ErrorJwkEmptyBigInteger(kKtyParmName[idx]), |
| ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| RestoreJwkRsaDictionary(&dict); |
| } |
| @@ -2390,7 +2390,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkMissingOptionalParams)) { |
| "iUJyCod1Fyc6NWBT6iobwMlKpy1VxuhilrLfyWeUjApyy8zKfqyzVwbgmh31W" |
| "hU1vZs8w0Fgs7bc0-2o5kQw"); |
| - ASSERT_EQ(Status::ErrorJwkIncompleteOptionalRsaPrivateKey(), |
| + ASSERT_EQ(Status::ErrorJwkPropertyMissing("q"), |
| ImportKeyJwkFromDict(dict, |
| CreateRsaHashedImportAlgorithm( |
| blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| @@ -2402,10 +2402,8 @@ TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkMissingOptionalParams)) { |
| // Import a JWK RSA private key, without any of the optional parameters. |
| // |
| -// This is expected to work, however based on the current NSS implementation it |
| -// does not. |
| -// |
| -// TODO(eroman): http://crbug/com/374927 |
| +// According to JWA such keys are valid, however Chromium's WebCrypto |
| +// implementation does not allow them. See http://crbug/com/374927 |
|
Ryan Sleevi
2014/07/26 00:52:33
You can actually put a stronger message here if yo
eroman
2014/07/26 00:57:12
Done.
|
| TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { |
| if (!SupportsRsaKeyImport()) |
| return; |
| @@ -2428,11 +2426,7 @@ TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { |
| "kuiUpySsPFaMj5eFOtB8AmbIxqPKCSnx6PESMYhEKfxNmuVf7olqEM5wfD7X5zTkRyejlXRQ" |
| "GlMmgxCcKrrKuig8MbS9L1PD7jfjUs7jT55QO9gMBiKtecbc7og1R8ajsyU"); |
| - // TODO(eroman): This should pass, see: http://crbug/com/374927 |
| - // |
| - // Technically it is OK to fail since JWA says that consumer are not required |
| - // to support lack of the optional parameters. |
| - ASSERT_EQ(Status::OperationError(), |
| + ASSERT_EQ(Status::ErrorJwkPropertyMissing("p"), |
| ImportKeyJwkFromDict(dict, |
| CreateRsaHashedImportAlgorithm( |
| blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| @@ -2442,6 +2436,30 @@ TEST_F(SharedCryptoTest, MAYBE(ImportRsaPrivateKeyJwkIncorrectOptionalEmpty)) { |
| &key)); |
| } |
| +// Tries importing a public RSA key whose exponent contains leading zeros. |
| +TEST_F(SharedCryptoTest, MAYBE(ImportJwkRsaNonMinimalExponent)) { |
| + base::DictionaryValue dict; |
| + |
| + dict.SetString("kty", "RSA"); |
| + dict.SetString("e", "AAEAAQ"); // 00 01 00 01 |
| + dict.SetString( |
| + "n", |
| + "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
| + "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
| + "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
| + |
| + blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| + |
| + EXPECT_EQ(Status::ErrorJwkBigIntegerHasLeadingZero("e"), |
| + ImportKeyJwkFromDict(dict, |
| + CreateRsaHashedImportAlgorithm( |
| + blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| + blink::WebCryptoAlgorithmIdSha256), |
| + false, |
| + blink::WebCryptoKeyUsageVerify, |
| + &key)); |
| +} |
| + |
| TEST_F(SharedCryptoTest, GenerateKeyPairRsa) { |
| // Note: using unrealistic short key lengths here to avoid bogging down tests. |
