Chromium Code Reviews Chromium Code Reviews
Issue 62633004:
[webcrypto] Add RSA public key SPKI import/export for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc |
| diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
| index cacdd7f53e3b6f05563599f64150884f8f801966..a08105c93ecc130b4080b0c4fe435fd88edbec4d 100644 |
| --- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
| +++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc |
| @@ -153,9 +153,9 @@ class WebCryptoImplTest : public testing::Test { |
| WebKit::WebCryptoKeyFormat format, |
| const std::vector<uint8>& key_data, |
| const WebKit::WebCryptoAlgorithm& algorithm, |
| + bool extractable, |
| WebKit::WebCryptoKeyUsageMask usage_mask, |
| WebKit::WebCryptoKey* key) { |
| - bool extractable = true; |
| return crypto_.ImportKeyInternal(format, |
| Start(key_data), |
| key_data.size(), |
| @@ -165,6 +165,14 @@ class WebCryptoImplTest : public testing::Test { |
| key); |
| } |
| + bool ExportKeyInternal( |
| + WebKit::WebCryptoKeyFormat format, |
| + const WebKit::WebCryptoKey& key, |
| + WebKit::WebArrayBuffer* buffer) { |
| + return crypto_.ExportKeyInternal( |
| + format, key, buffer); |
|
eroman
2013/11/06 23:48:40
this should fit on one line.
padolph
2013/11/07 00:23:50
Done.
|
| + } |
| + |
| bool SignInternal( |
| const WebKit::WebCryptoAlgorithm& algorithm, |
| const WebKit::WebCryptoKey& key, |
| @@ -504,9 +512,14 @@ TEST_F(WebCryptoImplTest, AesCbcFailures) { |
| EXPECT_FALSE(ImportKeyInternal(WebKit::WebCryptoKeyFormatRaw, |
| key_raw, |
| CreateAesCbcAlgorithm(iv), |
| + true, |
| WebKit::WebCryptoKeyUsageDecrypt, |
| &key)); |
| } |
| + |
| + // Fail exporting the key in SPKI format (SPKI export not allowed for secret |
| + // keys) |
| + EXPECT_FALSE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output)); |
| } |
| TEST_F(WebCryptoImplTest, AesCbcSampleSets) { |
| @@ -682,12 +695,93 @@ TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) { |
| WebKit::WebCryptoKeyFormatRaw, |
| HexStringToBytes("00000000000000000000"), |
| WebKit::WebCryptoAlgorithm::createNull(), |
| + true, |
| WebKit::WebCryptoKeyUsageSign, |
| &key)); |
| } |
| #if !defined(USE_OPENSSL) |
| +TEST_F(WebCryptoImplTest, ImportExportSpki) { |
| + // openssl genrsa -out pair.pem 2048 |
| + // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout |
| + // xxd -p pubkey.der |
| + const std::string hex_rsa_spki_der = |
| + "30820122300d06092a864886f70d01010105000382010f003082010a0282" |
| + "010100f19e40f94e3780858701577a571cca000cb9795db89ddf8e98ab0e" |
| + "5eecfa47516cb08dc591cae5ab7fa43d6db402e95991d4a2de52e7cd3a66" |
| + "4f58284be2eb4675d5a849a2582c585d2b3c6c225a8f2c53a0414d5dbd06" |
| + "172371cefdf953e9ec3000fc9ad000743023f74e82d12aa93917a2c9b832" |
| + "696085ee0711154cf98a6d098f44cee00ea3b7584236503a5483ba8b6792" |
| + "fee588d1a8f4a0618333c4cb3447d760b43d5a0d9ed6ef79763df670cd8b" |
| + "5eb869a20833f1e3e6d8b88240a5d4335c73fd20487f2a7d112af8692357" |
| + "6425e44a273e5ad2e93d6b50a28e65f9e133958e4f0c7d12e0adc90fedd4" |
| + "f6b6848e7b6900666642a08b520a6534a35d4f0203010001"; |
| + |
| + // Passing case: Import a valid RSA key in SPKI format. |
| + WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
| + ASSERT_TRUE(ImportKeyInternal( |
| + WebKit::WebCryptoKeyFormatSpki, |
| + HexStringToBytes(hex_rsa_spki_der), |
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| + true, |
| + WebKit::WebCryptoKeyUsageEncrypt, |
| + &key)); |
| + EXPECT_TRUE(key.handle()); |
| + EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, key.type()); |
| + EXPECT_TRUE(key.extractable()); |
| + EXPECT_EQ(WebKit::WebCryptoKeyUsageEncrypt, key.usages()); |
| + |
| + // Failing case: Import RSA key with NULL input algorithm. This is not |
| + // allowed because the SPKI ASN.1 format for RSA keys is not specific enough |
| + // to map to a Web Crypto algorithm. |
| + EXPECT_FALSE(ImportKeyInternal( |
| + WebKit::WebCryptoKeyFormatSpki, |
| + HexStringToBytes(hex_rsa_spki_der), |
| + WebKit::WebCryptoAlgorithm::createNull(), |
| + true, |
| + WebKit::WebCryptoKeyUsageEncrypt, |
| + &key)); |
| + |
| + // Failing case: Bad DER encoding. |
| + EXPECT_FALSE(ImportKeyInternal( |
| + WebKit::WebCryptoKeyFormatSpki, |
| + HexStringToBytes("618333c4cb"), |
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| + true, |
| + WebKit::WebCryptoKeyUsageEncrypt, |
| + &key)); |
| + |
| + // Failing case: Import RSA key but provide an inconsistent input algorithm. |
| + EXPECT_FALSE(ImportKeyInternal( |
| + WebKit::WebCryptoKeyFormatSpki, |
| + HexStringToBytes(hex_rsa_spki_der), |
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc), |
| + true, |
| + WebKit::WebCryptoKeyUsageEncrypt, |
| + &key)); |
| + |
| + // Passing case: Export a previously imported RSA public key in SPKI format |
| + // and compare to original data. |
| + WebKit::WebArrayBuffer output; |
| + ASSERT_TRUE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output)); |
| + ExpectArrayBufferMatchesHex(hex_rsa_spki_der, output); |
| + |
| + // Failing case: Try to export a non-extractable key |
| + ASSERT_TRUE(ImportKeyInternal( |
| + WebKit::WebCryptoKeyFormatSpki, |
| + HexStringToBytes(hex_rsa_spki_der), |
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
| + false, |
| + WebKit::WebCryptoKeyUsageEncrypt, |
| + &key)); |
| + EXPECT_TRUE(key.handle()); |
| + EXPECT_FALSE(key.extractable()); |
| + EXPECT_FALSE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output)); |
| + |
| + // TODO(padolph): Import a RSA SPKI key and verify it works with an operation. |
| +} |
| + |
| TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
| // Note: using unrealistic short key lengths here to avoid bogging down tests. |
| @@ -698,7 +792,7 @@ TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
| CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| modulus_length, |
| public_exponent); |
| - bool extractable = false; |
| + bool extractable = true; |
| const WebKit::WebCryptoKeyUsageMask usage_mask = 0; |
| WebKit::WebCryptoKey public_key = WebKit::WebCryptoKey::createNull(); |
| WebKit::WebCryptoKey private_key = WebKit::WebCryptoKey::createNull(); |
| @@ -790,6 +884,13 @@ TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
| EXPECT_EQ(extractable, private_key.extractable()); |
| EXPECT_EQ(usage_mask, public_key.usages()); |
| EXPECT_EQ(usage_mask, private_key.usages()); |
| + |
| + // Fail SPKI export of private key. This is an ExportKey test, but do it here |
| + // since it is expensive to generate an RSA key pair and we already have a |
| + // private key here. |
| + WebKit::WebArrayBuffer output; |
| + EXPECT_FALSE( |
| + ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, private_key, &output)); |
| } |
| #endif // #if !defined(USE_OPENSSL) |
