| Index: content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| diff --git a/content/renderer/webcrypto/webcrypto_impl_unittest.cc b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| index cacdd7f53e3b6f05563599f64150884f8f801966..084bf0341ba31551a8a5c7a64a2205bbcfb735a6 100644
|
| --- a/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| +++ b/content/renderer/webcrypto/webcrypto_impl_unittest.cc
|
| @@ -153,9 +153,9 @@ class WebCryptoImplTest : public testing::Test {
|
| WebKit::WebCryptoKeyFormat format,
|
| const std::vector<uint8>& key_data,
|
| const WebKit::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| WebKit::WebCryptoKeyUsageMask usage_mask,
|
| WebKit::WebCryptoKey* key) {
|
| - bool extractable = true;
|
| return crypto_.ImportKeyInternal(format,
|
| Start(key_data),
|
| key_data.size(),
|
| @@ -165,6 +165,13 @@ class WebCryptoImplTest : public testing::Test {
|
| key);
|
| }
|
|
|
| + bool ExportKeyInternal(
|
| + WebKit::WebCryptoKeyFormat format,
|
| + const WebKit::WebCryptoKey& key,
|
| + WebKit::WebArrayBuffer* buffer) {
|
| + return crypto_.ExportKeyInternal(format, key, buffer);
|
| + }
|
| +
|
| bool SignInternal(
|
| const WebKit::WebCryptoAlgorithm& algorithm,
|
| const WebKit::WebCryptoKey& key,
|
| @@ -504,9 +511,14 @@ TEST_F(WebCryptoImplTest, AesCbcFailures) {
|
| EXPECT_FALSE(ImportKeyInternal(WebKit::WebCryptoKeyFormatRaw,
|
| key_raw,
|
| CreateAesCbcAlgorithm(iv),
|
| + true,
|
| WebKit::WebCryptoKeyUsageDecrypt,
|
| &key));
|
| }
|
| +
|
| + // Fail exporting the key in SPKI format (SPKI export not allowed for secret
|
| + // keys)
|
| + EXPECT_FALSE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output));
|
| }
|
|
|
| TEST_F(WebCryptoImplTest, AesCbcSampleSets) {
|
| @@ -682,12 +694,102 @@ TEST_F(WebCryptoImplTest, ImportSecretKeyNoAlgorithm) {
|
| WebKit::WebCryptoKeyFormatRaw,
|
| HexStringToBytes("00000000000000000000"),
|
| WebKit::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| WebKit::WebCryptoKeyUsageSign,
|
| &key));
|
| }
|
|
|
| #if !defined(USE_OPENSSL)
|
|
|
| +TEST_F(WebCryptoImplTest, ImportExportSpki) {
|
| + // openssl genrsa -out pair.pem 2048
|
| + // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout
|
| + // xxd -p pubkey.der
|
| + const std::string hex_rsa_spki_der =
|
| + "30820122300d06092a864886f70d01010105000382010f003082010a0282"
|
| + "010100f19e40f94e3780858701577a571cca000cb9795db89ddf8e98ab0e"
|
| + "5eecfa47516cb08dc591cae5ab7fa43d6db402e95991d4a2de52e7cd3a66"
|
| + "4f58284be2eb4675d5a849a2582c585d2b3c6c225a8f2c53a0414d5dbd06"
|
| + "172371cefdf953e9ec3000fc9ad000743023f74e82d12aa93917a2c9b832"
|
| + "696085ee0711154cf98a6d098f44cee00ea3b7584236503a5483ba8b6792"
|
| + "fee588d1a8f4a0618333c4cb3447d760b43d5a0d9ed6ef79763df670cd8b"
|
| + "5eb869a20833f1e3e6d8b88240a5d4335c73fd20487f2a7d112af8692357"
|
| + "6425e44a273e5ad2e93d6b50a28e65f9e133958e4f0c7d12e0adc90fedd4"
|
| + "f6b6848e7b6900666642a08b520a6534a35d4f0203010001";
|
| +
|
| + // Passing case: Import a valid RSA key in SPKI format.
|
| + WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull();
|
| + ASSERT_TRUE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(hex_rsa_spki_der),
|
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
|
| + true,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| + EXPECT_TRUE(key.handle());
|
| + EXPECT_EQ(WebKit::WebCryptoKeyTypePublic, key.type());
|
| + EXPECT_TRUE(key.extractable());
|
| + EXPECT_EQ(WebKit::WebCryptoKeyUsageEncrypt, key.usages());
|
| +
|
| + // Failing case: Empty SPKI data
|
| + EXPECT_FALSE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + std::vector<uint8>(),
|
| + WebKit::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| +
|
| + // Failing case: Import RSA key with NULL input algorithm. This is not
|
| + // allowed because the SPKI ASN.1 format for RSA keys is not specific enough
|
| + // to map to a Web Crypto algorithm.
|
| + EXPECT_FALSE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(hex_rsa_spki_der),
|
| + WebKit::WebCryptoAlgorithm::createNull(),
|
| + true,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| +
|
| + // Failing case: Bad DER encoding.
|
| + EXPECT_FALSE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes("618333c4cb"),
|
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
|
| + true,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| +
|
| + // Failing case: Import RSA key but provide an inconsistent input algorithm.
|
| + EXPECT_FALSE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(hex_rsa_spki_der),
|
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc),
|
| + true,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| +
|
| + // Passing case: Export a previously imported RSA public key in SPKI format
|
| + // and compare to original data.
|
| + WebKit::WebArrayBuffer output;
|
| + ASSERT_TRUE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output));
|
| + ExpectArrayBufferMatchesHex(hex_rsa_spki_der, output);
|
| +
|
| + // Failing case: Try to export a non-extractable key
|
| + ASSERT_TRUE(ImportKeyInternal(
|
| + WebKit::WebCryptoKeyFormatSpki,
|
| + HexStringToBytes(hex_rsa_spki_der),
|
| + CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5),
|
| + false,
|
| + WebKit::WebCryptoKeyUsageEncrypt,
|
| + &key));
|
| + EXPECT_TRUE(key.handle());
|
| + EXPECT_FALSE(key.extractable());
|
| + EXPECT_FALSE(ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, key, &output));
|
| +
|
| + // TODO(padolph): Import a RSA SPKI key and verify it works with an operation.
|
| +}
|
| +
|
| TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
|
| // Note: using unrealistic short key lengths here to avoid bogging down tests.
|
|
|
| @@ -698,7 +800,7 @@ TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
|
| CreateRsaAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5,
|
| modulus_length,
|
| public_exponent);
|
| - bool extractable = false;
|
| + bool extractable = true;
|
| const WebKit::WebCryptoKeyUsageMask usage_mask = 0;
|
| WebKit::WebCryptoKey public_key = WebKit::WebCryptoKey::createNull();
|
| WebKit::WebCryptoKey private_key = WebKit::WebCryptoKey::createNull();
|
| @@ -790,6 +892,13 @@ TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) {
|
| EXPECT_EQ(extractable, private_key.extractable());
|
| EXPECT_EQ(usage_mask, public_key.usages());
|
| EXPECT_EQ(usage_mask, private_key.usages());
|
| +
|
| + // Fail SPKI export of private key. This is an ExportKey test, but do it here
|
| + // since it is expensive to generate an RSA key pair and we already have a
|
| + // private key here.
|
| + WebKit::WebArrayBuffer output;
|
| + EXPECT_FALSE(
|
| + ExportKeyInternal(WebKit::WebCryptoKeyFormatSpki, private_key, &output));
|
| }
|
|
|
| #endif // #if !defined(USE_OPENSSL)
|
|
|
Chromium Code Reviews
Issue 62633004:
[webcrypto] Add RSA public key SPKI import/export for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master