| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/stl_util.h" | 5 #include "base/stl_util.h" |
| 6 #include "content/child/webcrypto/algorithm_dispatch.h" | 6 #include "content/child/webcrypto/algorithm_dispatch.h" |
| 7 #include "content/child/webcrypto/crypto_data.h" | 7 #include "content/child/webcrypto/crypto_data.h" |
| 8 #include "content/child/webcrypto/status.h" | 8 #include "content/child/webcrypto/status.h" |
| 9 #include "content/child/webcrypto/test/test_helpers.h" | 9 #include "content/child/webcrypto/test/test_helpers.h" |
| 10 #include "content/child/webcrypto/webcrypto_util.h" | 10 #include "content/child/webcrypto/webcrypto_util.h" |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 103 Decrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output)); | 103 Decrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output)); |
| 104 } | 104 } |
| 105 | 105 |
| 106 TEST(WebCryptoAesCbcTest, KeyTooSmall) { | 106 TEST(WebCryptoAesCbcTest, KeyTooSmall) { |
| 107 std::vector<uint8_t> output; | 107 std::vector<uint8_t> output; |
| 108 | 108 |
| 109 // Fail importing the key (too few bytes specified) | 109 // Fail importing the key (too few bytes specified) |
| 110 std::vector<uint8_t> key_raw(1); | 110 std::vector<uint8_t> key_raw(1); |
| 111 std::vector<uint8_t> iv(16); | 111 std::vector<uint8_t> iv(16); |
| 112 | 112 |
| 113 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 113 blink::WebCryptoKey key; |
| 114 EXPECT_EQ(Status::ErrorImportAesKeyLength(), | 114 EXPECT_EQ(Status::ErrorImportAesKeyLength(), |
| 115 ImportKey(blink::WebCryptoKeyFormatRaw, | 115 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 116 CryptoData(key_raw), | 116 CryptoData(key_raw), |
| 117 CreateAesCbcAlgorithm(iv), | 117 CreateAesCbcAlgorithm(iv), |
| 118 true, | 118 true, |
| 119 blink::WebCryptoKeyUsageEncrypt, | 119 blink::WebCryptoKeyUsageEncrypt, |
| 120 &key)); | 120 &key)); |
| 121 } | 121 } |
| 122 | 122 |
| 123 TEST(WebCryptoAesCbcTest, ExportKeyUnsupportedFormat) { | 123 TEST(WebCryptoAesCbcTest, ExportKeyUnsupportedFormat) { |
| 124 std::vector<uint8_t> output; | 124 std::vector<uint8_t> output; |
| 125 | 125 |
| 126 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret | 126 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret |
| 127 // keys). | 127 // keys). |
| 128 EXPECT_EQ( | 128 EXPECT_EQ( |
| 129 Status::ErrorUnsupportedExportKeyFormat(), | 129 Status::ErrorUnsupportedExportKeyFormat(), |
| 130 ExportKey(blink::WebCryptoKeyFormatSpki, GetTestAesCbcKey(), &output)); | 130 ExportKey(blink::WebCryptoKeyFormatSpki, GetTestAesCbcKey(), &output)); |
| 131 EXPECT_EQ( | 131 EXPECT_EQ( |
| 132 Status::ErrorUnsupportedExportKeyFormat(), | 132 Status::ErrorUnsupportedExportKeyFormat(), |
| 133 ExportKey(blink::WebCryptoKeyFormatPkcs8, GetTestAesCbcKey(), &output)); | 133 ExportKey(blink::WebCryptoKeyFormatPkcs8, GetTestAesCbcKey(), &output)); |
| 134 } | 134 } |
| 135 | 135 |
| 136 TEST(WebCryptoAesCbcTest, ImportKeyUnsupportedFormat) { | 136 TEST(WebCryptoAesCbcTest, ImportKeyUnsupportedFormat) { |
| 137 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 137 blink::WebCryptoKey key; |
| 138 ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(), | 138 ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(), |
| 139 ImportKey(blink::WebCryptoKeyFormatSpki, | 139 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 140 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 140 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| 141 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 141 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 142 true, | 142 true, |
| 143 blink::WebCryptoKeyUsageEncrypt, | 143 blink::WebCryptoKeyUsageEncrypt, |
| 144 &key)); | 144 &key)); |
| 145 ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(), | 145 ASSERT_EQ(Status::ErrorUnsupportedImportKeyFormat(), |
| 146 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 146 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 147 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), | 147 CryptoData(HexStringToBytes(kPublicKeySpkiDerHex)), |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 247 } | 247 } |
| 248 } | 248 } |
| 249 | 249 |
| 250 // TODO(eroman): Do this same test for AES-GCM, AES-KW, AES-CTR ? | 250 // TODO(eroman): Do this same test for AES-GCM, AES-KW, AES-CTR ? |
| 251 TEST(WebCryptoAesCbcTest, GenerateKeyIsRandom) { | 251 TEST(WebCryptoAesCbcTest, GenerateKeyIsRandom) { |
| 252 // Check key generation for each allowed key length. | 252 // Check key generation for each allowed key length. |
| 253 std::vector<blink::WebCryptoAlgorithm> algorithm; | 253 std::vector<blink::WebCryptoAlgorithm> algorithm; |
| 254 const unsigned short kKeyLength[] = {128, 256}; | 254 const unsigned short kKeyLength[] = {128, 256}; |
| 255 for (size_t key_length_i = 0; key_length_i < arraysize(kKeyLength); | 255 for (size_t key_length_i = 0; key_length_i < arraysize(kKeyLength); |
| 256 ++key_length_i) { | 256 ++key_length_i) { |
| 257 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 257 blink::WebCryptoKey key; |
| 258 | 258 |
| 259 std::vector<std::vector<uint8_t> > keys; | 259 std::vector<std::vector<uint8_t> > keys; |
| 260 std::vector<uint8_t> key_bytes; | 260 std::vector<uint8_t> key_bytes; |
| 261 | 261 |
| 262 // Generate a small sample of keys. | 262 // Generate a small sample of keys. |
| 263 for (int j = 0; j < 16; ++j) { | 263 for (int j = 0; j < 16; ++j) { |
| 264 ASSERT_EQ(Status::Success(), | 264 ASSERT_EQ(Status::Success(), |
| 265 GenerateSecretKey( | 265 GenerateSecretKey( |
| 266 CreateAesCbcKeyGenAlgorithm(kKeyLength[key_length_i]), | 266 CreateAesCbcKeyGenAlgorithm(kKeyLength[key_length_i]), |
| 267 true, | 267 true, |
| 268 0, | 268 0, |
| 269 &key)); | 269 &key)); |
| 270 EXPECT_TRUE(key.handle()); | 270 EXPECT_TRUE(key.handle()); |
| 271 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 271 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
| 272 ASSERT_EQ(Status::Success(), | 272 ASSERT_EQ(Status::Success(), |
| 273 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); | 273 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes)); |
| 274 EXPECT_EQ(key_bytes.size() * 8, | 274 EXPECT_EQ(key_bytes.size() * 8, |
| 275 key.algorithm().aesParams()->lengthBits()); | 275 key.algorithm().aesParams()->lengthBits()); |
| 276 keys.push_back(key_bytes); | 276 keys.push_back(key_bytes); |
| 277 } | 277 } |
| 278 // Ensure all entries in the key sample set are unique. This is a simplistic | 278 // Ensure all entries in the key sample set are unique. This is a simplistic |
| 279 // estimate of whether the generated keys appear random. | 279 // estimate of whether the generated keys appear random. |
| 280 EXPECT_FALSE(CopiesExist(keys)); | 280 EXPECT_FALSE(CopiesExist(keys)); |
| 281 } | 281 } |
| 282 } | 282 } |
| 283 | 283 |
| 284 TEST(WebCryptoAesCbcTest, GenerateKeyBadLength) { | 284 TEST(WebCryptoAesCbcTest, GenerateKeyBadLength) { |
| 285 const unsigned short kKeyLen[] = {0, 127, 257}; | 285 const unsigned short kKeyLen[] = {0, 127, 257}; |
| 286 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 286 blink::WebCryptoKey key; |
| 287 for (size_t i = 0; i < arraysize(kKeyLen); ++i) { | 287 for (size_t i = 0; i < arraysize(kKeyLen); ++i) { |
| 288 SCOPED_TRACE(i); | 288 SCOPED_TRACE(i); |
| 289 EXPECT_EQ(Status::ErrorGenerateKeyLength(), | 289 EXPECT_EQ(Status::ErrorGenerateKeyLength(), |
| 290 GenerateSecretKey( | 290 GenerateSecretKey( |
| 291 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); | 291 CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true, 0, &key)); |
| 292 } | 292 } |
| 293 } | 293 } |
| 294 | 294 |
| 295 // If key_ops is specified but empty, no key usages are allowed for the key. | 295 // If key_ops is specified but empty, no key usages are allowed for the key. |
| 296 TEST(WebCryptoAesCbcTest, ImportKeyJwkEmptyKeyOps) { | 296 TEST(WebCryptoAesCbcTest, ImportKeyJwkEmptyKeyOps) { |
| 297 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 297 blink::WebCryptoKey key; |
| 298 base::DictionaryValue dict; | 298 base::DictionaryValue dict; |
| 299 dict.SetString("kty", "oct"); | 299 dict.SetString("kty", "oct"); |
| 300 dict.SetBoolean("ext", false); | 300 dict.SetBoolean("ext", false); |
| 301 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 301 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 302 dict.Set("key_ops", new base::ListValue); // Takes ownership. | 302 dict.Set("key_ops", new base::ListValue); // Takes ownership. |
| 303 | 303 |
| 304 EXPECT_EQ( | 304 EXPECT_EQ( |
| 305 Status::Success(), | 305 Status::Success(), |
| 306 ImportKeyJwkFromDict(dict, | 306 ImportKeyJwkFromDict(dict, |
| 307 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 307 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| (...skipping 17 matching lines...) Expand all Loading... |
| 325 Status::ErrorCreateKeyBadUsages(), | 325 Status::ErrorCreateKeyBadUsages(), |
| 326 ImportKeyJwkFromDict(dict, | 326 ImportKeyJwkFromDict(dict, |
| 327 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 327 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 328 false, | 328 false, |
| 329 blink::WebCryptoKeyUsageSign, | 329 blink::WebCryptoKeyUsageSign, |
| 330 &key)); | 330 &key)); |
| 331 } | 331 } |
| 332 | 332 |
| 333 // If key_ops is missing, then any key usages can be specified. | 333 // If key_ops is missing, then any key usages can be specified. |
| 334 TEST(WebCryptoAesCbcTest, ImportKeyJwkNoKeyOps) { | 334 TEST(WebCryptoAesCbcTest, ImportKeyJwkNoKeyOps) { |
| 335 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 335 blink::WebCryptoKey key; |
| 336 base::DictionaryValue dict; | 336 base::DictionaryValue dict; |
| 337 dict.SetString("kty", "oct"); | 337 dict.SetString("kty", "oct"); |
| 338 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 338 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 339 | 339 |
| 340 EXPECT_EQ( | 340 EXPECT_EQ( |
| 341 Status::Success(), | 341 Status::Success(), |
| 342 ImportKeyJwkFromDict(dict, | 342 ImportKeyJwkFromDict(dict, |
| 343 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 343 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 344 false, | 344 false, |
| 345 blink::WebCryptoKeyUsageEncrypt, | 345 blink::WebCryptoKeyUsageEncrypt, |
| 346 &key)); | 346 &key)); |
| 347 | 347 |
| 348 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 348 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
| 349 | 349 |
| 350 // The JWK does not contain sign usage (nor is it applicable). | 350 // The JWK does not contain sign usage (nor is it applicable). |
| 351 EXPECT_EQ( | 351 EXPECT_EQ( |
| 352 Status::ErrorCreateKeyBadUsages(), | 352 Status::ErrorCreateKeyBadUsages(), |
| 353 ImportKeyJwkFromDict(dict, | 353 ImportKeyJwkFromDict(dict, |
| 354 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 354 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 355 false, | 355 false, |
| 356 blink::WebCryptoKeyUsageVerify, | 356 blink::WebCryptoKeyUsageVerify, |
| 357 &key)); | 357 &key)); |
| 358 } | 358 } |
| 359 | 359 |
| 360 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsEncryptDecrypt) { | 360 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsEncryptDecrypt) { |
| 361 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 361 blink::WebCryptoKey key; |
| 362 base::DictionaryValue dict; | 362 base::DictionaryValue dict; |
| 363 dict.SetString("kty", "oct"); | 363 dict.SetString("kty", "oct"); |
| 364 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 364 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 365 base::ListValue* key_ops = new base::ListValue; | 365 base::ListValue* key_ops = new base::ListValue; |
| 366 dict.Set("key_ops", key_ops); // Takes ownership. | 366 dict.Set("key_ops", key_ops); // Takes ownership. |
| 367 | 367 |
| 368 key_ops->AppendString("encrypt"); | 368 key_ops->AppendString("encrypt"); |
| 369 | 369 |
| 370 EXPECT_EQ( | 370 EXPECT_EQ( |
| 371 Status::Success(), | 371 Status::Success(), |
| (...skipping 25 matching lines...) Expand all Loading... |
| 397 false, | 397 false, |
| 398 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, | 398 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt, |
| 399 &key)); | 399 &key)); |
| 400 | 400 |
| 401 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 401 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 402 key.usages()); | 402 key.usages()); |
| 403 } | 403 } |
| 404 | 404 |
| 405 // Test failure if input usage is NOT a strict subset of the JWK usage. | 405 // Test failure if input usage is NOT a strict subset of the JWK usage. |
| 406 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsNotSuperset) { | 406 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsNotSuperset) { |
| 407 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 407 blink::WebCryptoKey key; |
| 408 base::DictionaryValue dict; | 408 base::DictionaryValue dict; |
| 409 dict.SetString("kty", "oct"); | 409 dict.SetString("kty", "oct"); |
| 410 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 410 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 411 base::ListValue* key_ops = new base::ListValue; | 411 base::ListValue* key_ops = new base::ListValue; |
| 412 dict.Set("key_ops", key_ops); // Takes ownership. | 412 dict.Set("key_ops", key_ops); // Takes ownership. |
| 413 | 413 |
| 414 key_ops->AppendString("encrypt"); | 414 key_ops->AppendString("encrypt"); |
| 415 | 415 |
| 416 EXPECT_EQ( | 416 EXPECT_EQ( |
| 417 Status::ErrorJwkKeyopsInconsistent(), | 417 Status::ErrorJwkKeyopsInconsistent(), |
| 418 ImportKeyJwkFromDict( | 418 ImportKeyJwkFromDict( |
| 419 dict, | 419 dict, |
| 420 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 420 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 421 false, | 421 false, |
| 422 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | 422 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
| 423 &key)); | 423 &key)); |
| 424 } | 424 } |
| 425 | 425 |
| 426 TEST(WebCryptoAesCbcTest, ImportKeyJwkUseEnc) { | 426 TEST(WebCryptoAesCbcTest, ImportKeyJwkUseEnc) { |
| 427 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 427 blink::WebCryptoKey key; |
| 428 base::DictionaryValue dict; | 428 base::DictionaryValue dict; |
| 429 dict.SetString("kty", "oct"); | 429 dict.SetString("kty", "oct"); |
| 430 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 430 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 431 | 431 |
| 432 // Test JWK composite use 'enc' usage | 432 // Test JWK composite use 'enc' usage |
| 433 dict.SetString("alg", "A128CBC"); | 433 dict.SetString("alg", "A128CBC"); |
| 434 dict.SetString("use", "enc"); | 434 dict.SetString("use", "enc"); |
| 435 EXPECT_EQ( | 435 EXPECT_EQ( |
| 436 Status::Success(), | 436 Status::Success(), |
| 437 ImportKeyJwkFromDict(dict, | 437 ImportKeyJwkFromDict(dict, |
| 438 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 438 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 439 false, | 439 false, |
| 440 blink::WebCryptoKeyUsageDecrypt | | 440 blink::WebCryptoKeyUsageDecrypt | |
| 441 blink::WebCryptoKeyUsageEncrypt | | 441 blink::WebCryptoKeyUsageEncrypt | |
| 442 blink::WebCryptoKeyUsageWrapKey | | 442 blink::WebCryptoKeyUsageWrapKey | |
| 443 blink::WebCryptoKeyUsageUnwrapKey, | 443 blink::WebCryptoKeyUsageUnwrapKey, |
| 444 &key)); | 444 &key)); |
| 445 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | | 445 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt | |
| 446 blink::WebCryptoKeyUsageWrapKey | | 446 blink::WebCryptoKeyUsageWrapKey | |
| 447 blink::WebCryptoKeyUsageUnwrapKey, | 447 blink::WebCryptoKeyUsageUnwrapKey, |
| 448 key.usages()); | 448 key.usages()); |
| 449 } | 449 } |
| 450 | 450 |
| 451 TEST(WebCryptoAesCbcTest, ImportJwkInvalidJson) { | 451 TEST(WebCryptoAesCbcTest, ImportJwkInvalidJson) { |
| 452 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 452 blink::WebCryptoKey key; |
| 453 // Fail on empty JSON. | 453 // Fail on empty JSON. |
| 454 EXPECT_EQ(Status::ErrorImportEmptyKeyData(), | 454 EXPECT_EQ(Status::ErrorImportEmptyKeyData(), |
| 455 ImportKey(blink::WebCryptoKeyFormatJwk, | 455 ImportKey(blink::WebCryptoKeyFormatJwk, |
| 456 CryptoData(MakeJsonVector("")), | 456 CryptoData(MakeJsonVector("")), |
| 457 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 457 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 458 false, | 458 false, |
| 459 blink::WebCryptoKeyUsageEncrypt, | 459 blink::WebCryptoKeyUsageEncrypt, |
| 460 &key)); | 460 &key)); |
| 461 | 461 |
| 462 // Fail on invalid JSON. | 462 // Fail on invalid JSON. |
| 463 const std::vector<uint8_t> bad_json_vec = MakeJsonVector( | 463 const std::vector<uint8_t> bad_json_vec = MakeJsonVector( |
| 464 "{" | 464 "{" |
| 465 "\"kty\" : \"oct\"," | 465 "\"kty\" : \"oct\"," |
| 466 "\"alg\" : \"HS256\"," | 466 "\"alg\" : \"HS256\"," |
| 467 "\"use\" : "); | 467 "\"use\" : "); |
| 468 EXPECT_EQ(Status::ErrorJwkNotDictionary(), | 468 EXPECT_EQ(Status::ErrorJwkNotDictionary(), |
| 469 ImportKey(blink::WebCryptoKeyFormatJwk, | 469 ImportKey(blink::WebCryptoKeyFormatJwk, |
| 470 CryptoData(bad_json_vec), | 470 CryptoData(bad_json_vec), |
| 471 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 471 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 472 false, | 472 false, |
| 473 blink::WebCryptoKeyUsageEncrypt, | 473 blink::WebCryptoKeyUsageEncrypt, |
| 474 &key)); | 474 &key)); |
| 475 } | 475 } |
| 476 | 476 |
| 477 // Fail on JWK alg present but incorrect (expecting A128CBC). | 477 // Fail on JWK alg present but incorrect (expecting A128CBC). |
| 478 TEST(WebCryptoAesCbcTest, ImportJwkIncorrectAlg) { | 478 TEST(WebCryptoAesCbcTest, ImportJwkIncorrectAlg) { |
| 479 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 479 blink::WebCryptoKey key; |
| 480 | 480 |
| 481 base::DictionaryValue dict; | 481 base::DictionaryValue dict; |
| 482 dict.SetString("kty", "oct"); | 482 dict.SetString("kty", "oct"); |
| 483 dict.SetString("alg", "A127CBC"); // Not valid. | 483 dict.SetString("alg", "A127CBC"); // Not valid. |
| 484 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 484 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 485 | 485 |
| 486 EXPECT_EQ( | 486 EXPECT_EQ( |
| 487 Status::ErrorJwkAlgorithmInconsistent(), | 487 Status::ErrorJwkAlgorithmInconsistent(), |
| 488 ImportKeyJwkFromDict(dict, | 488 ImportKeyJwkFromDict(dict, |
| 489 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 489 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 490 false, | 490 false, |
| 491 blink::WebCryptoKeyUsageEncrypt, | 491 blink::WebCryptoKeyUsageEncrypt, |
| 492 &key)); | 492 &key)); |
| 493 } | 493 } |
| 494 | 494 |
| 495 // Fail on invalid kty. | 495 // Fail on invalid kty. |
| 496 TEST(WebCryptoAesCbcTest, ImportJwkInvalidKty) { | 496 TEST(WebCryptoAesCbcTest, ImportJwkInvalidKty) { |
| 497 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 497 blink::WebCryptoKey key; |
| 498 | 498 |
| 499 base::DictionaryValue dict; | 499 base::DictionaryValue dict; |
| 500 dict.SetString("kty", "foo"); | 500 dict.SetString("kty", "foo"); |
| 501 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 501 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 502 EXPECT_EQ( | 502 EXPECT_EQ( |
| 503 Status::ErrorJwkUnexpectedKty("oct"), | 503 Status::ErrorJwkUnexpectedKty("oct"), |
| 504 ImportKeyJwkFromDict(dict, | 504 ImportKeyJwkFromDict(dict, |
| 505 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 505 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 506 false, | 506 false, |
| 507 blink::WebCryptoKeyUsageEncrypt, | 507 blink::WebCryptoKeyUsageEncrypt, |
| 508 &key)); | 508 &key)); |
| 509 } | 509 } |
| 510 | 510 |
| 511 // Fail on missing kty. | 511 // Fail on missing kty. |
| 512 TEST(WebCryptoAesCbcTest, ImportJwkMissingKty) { | 512 TEST(WebCryptoAesCbcTest, ImportJwkMissingKty) { |
| 513 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 513 blink::WebCryptoKey key; |
| 514 | 514 |
| 515 base::DictionaryValue dict; | 515 base::DictionaryValue dict; |
| 516 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 516 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 517 EXPECT_EQ( | 517 EXPECT_EQ( |
| 518 Status::ErrorJwkPropertyMissing("kty"), | 518 Status::ErrorJwkPropertyMissing("kty"), |
| 519 ImportKeyJwkFromDict(dict, | 519 ImportKeyJwkFromDict(dict, |
| 520 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 520 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 521 false, | 521 false, |
| 522 blink::WebCryptoKeyUsageEncrypt, | 522 blink::WebCryptoKeyUsageEncrypt, |
| 523 &key)); | 523 &key)); |
| 524 } | 524 } |
| 525 | 525 |
| 526 // Fail on kty wrong type. | 526 // Fail on kty wrong type. |
| 527 TEST(WebCryptoAesCbcTest, ImportJwkKtyWrongType) { | 527 TEST(WebCryptoAesCbcTest, ImportJwkKtyWrongType) { |
| 528 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 528 blink::WebCryptoKey key; |
| 529 | 529 |
| 530 base::DictionaryValue dict; | 530 base::DictionaryValue dict; |
| 531 dict.SetDouble("kty", 0.1); | 531 dict.SetDouble("kty", 0.1); |
| 532 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 532 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 533 | 533 |
| 534 EXPECT_EQ( | 534 EXPECT_EQ( |
| 535 Status::ErrorJwkPropertyWrongType("kty", "string"), | 535 Status::ErrorJwkPropertyWrongType("kty", "string"), |
| 536 ImportKeyJwkFromDict(dict, | 536 ImportKeyJwkFromDict(dict, |
| 537 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 537 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 538 false, | 538 false, |
| 539 blink::WebCryptoKeyUsageEncrypt, | 539 blink::WebCryptoKeyUsageEncrypt, |
| 540 &key)); | 540 &key)); |
| 541 } | 541 } |
| 542 | 542 |
| 543 // Fail on invalid use. | 543 // Fail on invalid use. |
| 544 TEST(WebCryptoAesCbcTest, ImportJwkUnrecognizedUse) { | 544 TEST(WebCryptoAesCbcTest, ImportJwkUnrecognizedUse) { |
| 545 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 545 blink::WebCryptoKey key; |
| 546 | 546 |
| 547 base::DictionaryValue dict; | 547 base::DictionaryValue dict; |
| 548 dict.SetString("kty", "oct"); | 548 dict.SetString("kty", "oct"); |
| 549 dict.SetString("use", "foo"); | 549 dict.SetString("use", "foo"); |
| 550 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 550 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 551 | 551 |
| 552 EXPECT_EQ( | 552 EXPECT_EQ( |
| 553 Status::ErrorJwkUnrecognizedUse(), | 553 Status::ErrorJwkUnrecognizedUse(), |
| 554 ImportKeyJwkFromDict(dict, | 554 ImportKeyJwkFromDict(dict, |
| 555 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 555 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 556 false, | 556 false, |
| 557 blink::WebCryptoKeyUsageEncrypt, | 557 blink::WebCryptoKeyUsageEncrypt, |
| 558 &key)); | 558 &key)); |
| 559 } | 559 } |
| 560 | 560 |
| 561 // Fail on invalid use (wrong type). | 561 // Fail on invalid use (wrong type). |
| 562 TEST(WebCryptoAesCbcTest, ImportJwkUseWrongType) { | 562 TEST(WebCryptoAesCbcTest, ImportJwkUseWrongType) { |
| 563 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 563 blink::WebCryptoKey key; |
| 564 | 564 |
| 565 base::DictionaryValue dict; | 565 base::DictionaryValue dict; |
| 566 dict.SetString("kty", "oct"); | 566 dict.SetString("kty", "oct"); |
| 567 dict.SetBoolean("use", true); | 567 dict.SetBoolean("use", true); |
| 568 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 568 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 569 | 569 |
| 570 EXPECT_EQ( | 570 EXPECT_EQ( |
| 571 Status::ErrorJwkPropertyWrongType("use", "string"), | 571 Status::ErrorJwkPropertyWrongType("use", "string"), |
| 572 ImportKeyJwkFromDict(dict, | 572 ImportKeyJwkFromDict(dict, |
| 573 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 573 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 574 false, | 574 false, |
| 575 blink::WebCryptoKeyUsageEncrypt, | 575 blink::WebCryptoKeyUsageEncrypt, |
| 576 &key)); | 576 &key)); |
| 577 } | 577 } |
| 578 | 578 |
| 579 // Fail on invalid extractable (wrong type). | 579 // Fail on invalid extractable (wrong type). |
| 580 TEST(WebCryptoAesCbcTest, ImportJwkExtWrongType) { | 580 TEST(WebCryptoAesCbcTest, ImportJwkExtWrongType) { |
| 581 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 581 blink::WebCryptoKey key; |
| 582 | 582 |
| 583 base::DictionaryValue dict; | 583 base::DictionaryValue dict; |
| 584 dict.SetString("kty", "oct"); | 584 dict.SetString("kty", "oct"); |
| 585 dict.SetInteger("ext", 0); | 585 dict.SetInteger("ext", 0); |
| 586 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 586 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 587 | 587 |
| 588 EXPECT_EQ( | 588 EXPECT_EQ( |
| 589 Status::ErrorJwkPropertyWrongType("ext", "boolean"), | 589 Status::ErrorJwkPropertyWrongType("ext", "boolean"), |
| 590 ImportKeyJwkFromDict(dict, | 590 ImportKeyJwkFromDict(dict, |
| 591 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 591 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 592 false, | 592 false, |
| 593 blink::WebCryptoKeyUsageEncrypt, | 593 blink::WebCryptoKeyUsageEncrypt, |
| 594 &key)); | 594 &key)); |
| 595 } | 595 } |
| 596 | 596 |
| 597 // Fail on invalid key_ops (wrong type). | 597 // Fail on invalid key_ops (wrong type). |
| 598 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsWrongType) { | 598 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsWrongType) { |
| 599 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 599 blink::WebCryptoKey key; |
| 600 | 600 |
| 601 base::DictionaryValue dict; | 601 base::DictionaryValue dict; |
| 602 dict.SetString("kty", "oct"); | 602 dict.SetString("kty", "oct"); |
| 603 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 603 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 604 dict.SetBoolean("key_ops", true); | 604 dict.SetBoolean("key_ops", true); |
| 605 | 605 |
| 606 EXPECT_EQ( | 606 EXPECT_EQ( |
| 607 Status::ErrorJwkPropertyWrongType("key_ops", "list"), | 607 Status::ErrorJwkPropertyWrongType("key_ops", "list"), |
| 608 ImportKeyJwkFromDict(dict, | 608 ImportKeyJwkFromDict(dict, |
| 609 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 609 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 610 false, | 610 false, |
| 611 blink::WebCryptoKeyUsageEncrypt, | 611 blink::WebCryptoKeyUsageEncrypt, |
| 612 &key)); | 612 &key)); |
| 613 } | 613 } |
| 614 | 614 |
| 615 // Fail on inconsistent key_ops - asking for "encrypt" however JWK contains | 615 // Fail on inconsistent key_ops - asking for "encrypt" however JWK contains |
| 616 // only "foo". | 616 // only "foo". |
| 617 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsLacksUsages) { | 617 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsLacksUsages) { |
| 618 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 618 blink::WebCryptoKey key; |
| 619 | 619 |
| 620 base::DictionaryValue dict; | 620 base::DictionaryValue dict; |
| 621 dict.SetString("kty", "oct"); | 621 dict.SetString("kty", "oct"); |
| 622 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 622 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 623 | 623 |
| 624 base::ListValue* key_ops = new base::ListValue; | 624 base::ListValue* key_ops = new base::ListValue; |
| 625 // Note: the following call makes dict assume ownership of key_ops. | 625 // Note: the following call makes dict assume ownership of key_ops. |
| 626 dict.Set("key_ops", key_ops); | 626 dict.Set("key_ops", key_ops); |
| 627 key_ops->AppendString("foo"); | 627 key_ops->AppendString("foo"); |
| 628 EXPECT_EQ( | 628 EXPECT_EQ( |
| 629 Status::ErrorJwkKeyopsInconsistent(), | 629 Status::ErrorJwkKeyopsInconsistent(), |
| 630 ImportKeyJwkFromDict(dict, | 630 ImportKeyJwkFromDict(dict, |
| 631 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 631 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 632 false, | 632 false, |
| 633 blink::WebCryptoKeyUsageEncrypt, | 633 blink::WebCryptoKeyUsageEncrypt, |
| 634 &key)); | 634 &key)); |
| 635 } | 635 } |
| 636 | 636 |
| 637 // Import a JWK with unrecognized values for "key_ops". | 637 // Import a JWK with unrecognized values for "key_ops". |
| 638 TEST(WebCryptoAesCbcTest, ImportJwkUnrecognizedKeyOps) { | 638 TEST(WebCryptoAesCbcTest, ImportJwkUnrecognizedKeyOps) { |
| 639 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 639 blink::WebCryptoKey key; |
| 640 blink::WebCryptoAlgorithm algorithm = | 640 blink::WebCryptoAlgorithm algorithm = |
| 641 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 641 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
| 642 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 642 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
| 643 | 643 |
| 644 base::DictionaryValue dict; | 644 base::DictionaryValue dict; |
| 645 dict.SetString("kty", "oct"); | 645 dict.SetString("kty", "oct"); |
| 646 dict.SetString("alg", "A128CBC"); | 646 dict.SetString("alg", "A128CBC"); |
| 647 dict.SetString("use", "enc"); | 647 dict.SetString("use", "enc"); |
| 648 dict.SetBoolean("ext", false); | 648 dict.SetBoolean("ext", false); |
| 649 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 649 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 650 | 650 |
| 651 base::ListValue* key_ops = new base::ListValue; | 651 base::ListValue* key_ops = new base::ListValue; |
| 652 dict.Set("key_ops", key_ops); | 652 dict.Set("key_ops", key_ops); |
| 653 key_ops->AppendString("foo"); | 653 key_ops->AppendString("foo"); |
| 654 key_ops->AppendString("bar"); | 654 key_ops->AppendString("bar"); |
| 655 key_ops->AppendString("baz"); | 655 key_ops->AppendString("baz"); |
| 656 key_ops->AppendString("encrypt"); | 656 key_ops->AppendString("encrypt"); |
| 657 EXPECT_EQ(Status::Success(), | 657 EXPECT_EQ(Status::Success(), |
| 658 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 658 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 659 } | 659 } |
| 660 | 660 |
| 661 // Import a JWK with a value in key_ops array that is not a string. | 661 // Import a JWK with a value in key_ops array that is not a string. |
| 662 TEST(WebCryptoAesCbcTest, ImportJwkNonStringKeyOp) { | 662 TEST(WebCryptoAesCbcTest, ImportJwkNonStringKeyOp) { |
| 663 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 663 blink::WebCryptoKey key; |
| 664 blink::WebCryptoAlgorithm algorithm = | 664 blink::WebCryptoAlgorithm algorithm = |
| 665 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); | 665 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc); |
| 666 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; | 666 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt; |
| 667 | 667 |
| 668 base::DictionaryValue dict; | 668 base::DictionaryValue dict; |
| 669 dict.SetString("kty", "oct"); | 669 dict.SetString("kty", "oct"); |
| 670 dict.SetString("alg", "A128CBC"); | 670 dict.SetString("alg", "A128CBC"); |
| 671 dict.SetString("use", "enc"); | 671 dict.SetString("use", "enc"); |
| 672 dict.SetBoolean("ext", false); | 672 dict.SetBoolean("ext", false); |
| 673 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); | 673 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg=="); |
| 674 | 674 |
| 675 base::ListValue* key_ops = new base::ListValue; | 675 base::ListValue* key_ops = new base::ListValue; |
| 676 dict.Set("key_ops", key_ops); | 676 dict.Set("key_ops", key_ops); |
| 677 key_ops->AppendString("encrypt"); | 677 key_ops->AppendString("encrypt"); |
| 678 key_ops->AppendInteger(3); | 678 key_ops->AppendInteger(3); |
| 679 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("key_ops[1]", "string"), | 679 EXPECT_EQ(Status::ErrorJwkPropertyWrongType("key_ops[1]", "string"), |
| 680 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 680 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); |
| 681 } | 681 } |
| 682 | 682 |
| 683 // Fail on missing k. | 683 // Fail on missing k. |
| 684 TEST(WebCryptoAesCbcTest, ImportJwkMissingK) { | 684 TEST(WebCryptoAesCbcTest, ImportJwkMissingK) { |
| 685 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 685 blink::WebCryptoKey key; |
| 686 | 686 |
| 687 base::DictionaryValue dict; | 687 base::DictionaryValue dict; |
| 688 dict.SetString("kty", "oct"); | 688 dict.SetString("kty", "oct"); |
| 689 | 689 |
| 690 EXPECT_EQ( | 690 EXPECT_EQ( |
| 691 Status::ErrorJwkPropertyMissing("k"), | 691 Status::ErrorJwkPropertyMissing("k"), |
| 692 ImportKeyJwkFromDict(dict, | 692 ImportKeyJwkFromDict(dict, |
| 693 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 693 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 694 false, | 694 false, |
| 695 blink::WebCryptoKeyUsageEncrypt, | 695 blink::WebCryptoKeyUsageEncrypt, |
| 696 &key)); | 696 &key)); |
| 697 } | 697 } |
| 698 | 698 |
| 699 // Fail on bad b64 encoding for k. | 699 // Fail on bad b64 encoding for k. |
| 700 TEST(WebCryptoAesCbcTest, ImportJwkBadB64ForK) { | 700 TEST(WebCryptoAesCbcTest, ImportJwkBadB64ForK) { |
| 701 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 701 blink::WebCryptoKey key; |
| 702 | 702 |
| 703 base::DictionaryValue dict; | 703 base::DictionaryValue dict; |
| 704 dict.SetString("kty", "oct"); | 704 dict.SetString("kty", "oct"); |
| 705 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); | 705 dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI="); |
| 706 EXPECT_EQ( | 706 EXPECT_EQ( |
| 707 Status::ErrorJwkBase64Decode("k"), | 707 Status::ErrorJwkBase64Decode("k"), |
| 708 ImportKeyJwkFromDict(dict, | 708 ImportKeyJwkFromDict(dict, |
| 709 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 709 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 710 false, | 710 false, |
| 711 blink::WebCryptoKeyUsageEncrypt, | 711 blink::WebCryptoKeyUsageEncrypt, |
| 712 &key)); | 712 &key)); |
| 713 } | 713 } |
| 714 | 714 |
| 715 // Fail on empty k. | 715 // Fail on empty k. |
| 716 TEST(WebCryptoAesCbcTest, ImportJwkEmptyK) { | 716 TEST(WebCryptoAesCbcTest, ImportJwkEmptyK) { |
| 717 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 717 blink::WebCryptoKey key; |
| 718 | 718 |
| 719 base::DictionaryValue dict; | 719 base::DictionaryValue dict; |
| 720 dict.SetString("kty", "oct"); | 720 dict.SetString("kty", "oct"); |
| 721 dict.SetString("k", ""); | 721 dict.SetString("k", ""); |
| 722 | 722 |
| 723 EXPECT_EQ( | 723 EXPECT_EQ( |
| 724 Status::ErrorImportAesKeyLength(), | 724 Status::ErrorImportAesKeyLength(), |
| 725 ImportKeyJwkFromDict(dict, | 725 ImportKeyJwkFromDict(dict, |
| 726 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 726 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 727 false, | 727 false, |
| 728 blink::WebCryptoKeyUsageEncrypt, | 728 blink::WebCryptoKeyUsageEncrypt, |
| 729 &key)); | 729 &key)); |
| 730 } | 730 } |
| 731 | 731 |
| 732 // Fail on empty k (with alg specified). | 732 // Fail on empty k (with alg specified). |
| 733 TEST(WebCryptoAesCbcTest, ImportJwkEmptyK2) { | 733 TEST(WebCryptoAesCbcTest, ImportJwkEmptyK2) { |
| 734 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 734 blink::WebCryptoKey key; |
| 735 | 735 |
| 736 base::DictionaryValue dict; | 736 base::DictionaryValue dict; |
| 737 dict.SetString("kty", "oct"); | 737 dict.SetString("kty", "oct"); |
| 738 dict.SetString("alg", "A128CBC"); | 738 dict.SetString("alg", "A128CBC"); |
| 739 dict.SetString("k", ""); | 739 dict.SetString("k", ""); |
| 740 | 740 |
| 741 EXPECT_EQ( | 741 EXPECT_EQ( |
| 742 Status::ErrorJwkIncorrectKeyLength(), | 742 Status::ErrorJwkIncorrectKeyLength(), |
| 743 ImportKeyJwkFromDict(dict, | 743 ImportKeyJwkFromDict(dict, |
| 744 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 744 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 745 false, | 745 false, |
| 746 blink::WebCryptoKeyUsageEncrypt, | 746 blink::WebCryptoKeyUsageEncrypt, |
| 747 &key)); | 747 &key)); |
| 748 } | 748 } |
| 749 | 749 |
| 750 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg | 750 // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg |
| 751 // value (128) for an AES key. | 751 // value (128) for an AES key. |
| 752 TEST(WebCryptoAesCbcTest, ImportJwkInconsistentKLength) { | 752 TEST(WebCryptoAesCbcTest, ImportJwkInconsistentKLength) { |
| 753 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 753 blink::WebCryptoKey key; |
| 754 | 754 |
| 755 base::DictionaryValue dict; | 755 base::DictionaryValue dict; |
| 756 dict.SetString("kty", "oct"); | 756 dict.SetString("kty", "oct"); |
| 757 dict.SetString("alg", "A128CBC"); | 757 dict.SetString("alg", "A128CBC"); |
| 758 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); | 758 dict.SetString("k", "AVj42h0Y5aqGtE3yluKL"); |
| 759 EXPECT_EQ( | 759 EXPECT_EQ( |
| 760 Status::ErrorJwkIncorrectKeyLength(), | 760 Status::ErrorJwkIncorrectKeyLength(), |
| 761 ImportKeyJwkFromDict(dict, | 761 ImportKeyJwkFromDict(dict, |
| 762 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 762 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 763 false, | 763 false, |
| 764 blink::WebCryptoKeyUsageEncrypt, | 764 blink::WebCryptoKeyUsageEncrypt, |
| 765 &key)); | 765 &key)); |
| 766 } | 766 } |
| 767 | 767 |
| 768 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg | 768 // Fail on k actual length (192 bits) inconsistent with the embedded JWK alg |
| 769 // value (128) for an AES key. | 769 // value (128) for an AES key. |
| 770 TEST(WebCryptoAesCbcTest, ImportJwkInconsistentKLength2) { | 770 TEST(WebCryptoAesCbcTest, ImportJwkInconsistentKLength2) { |
| 771 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 771 blink::WebCryptoKey key; |
| 772 | 772 |
| 773 base::DictionaryValue dict; | 773 base::DictionaryValue dict; |
| 774 dict.SetString("kty", "oct"); | 774 dict.SetString("kty", "oct"); |
| 775 dict.SetString("alg", "A128CBC"); | 775 dict.SetString("alg", "A128CBC"); |
| 776 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); | 776 dict.SetString("k", "dGhpcyAgaXMgIDI0ICBieXRlcyBsb25n"); |
| 777 EXPECT_EQ( | 777 EXPECT_EQ( |
| 778 Status::ErrorJwkIncorrectKeyLength(), | 778 Status::ErrorJwkIncorrectKeyLength(), |
| 779 ImportKeyJwkFromDict(dict, | 779 ImportKeyJwkFromDict(dict, |
| 780 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 780 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 781 false, | 781 false, |
| (...skipping 21 matching lines...) Expand all Loading... |
| 803 256, | 803 256, |
| 804 algorithm, | 804 algorithm, |
| 805 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | 805 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | |
| 806 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, | 806 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey, |
| 807 "A256CBC"); | 807 "A256CBC"); |
| 808 } | 808 } |
| 809 | 809 |
| 810 // AES 192-bit is not allowed: http://crbug.com/381829 | 810 // AES 192-bit is not allowed: http://crbug.com/381829 |
| 811 TEST(WebCryptoAesCbcTest, ImportAesCbc192Raw) { | 811 TEST(WebCryptoAesCbcTest, ImportAesCbc192Raw) { |
| 812 std::vector<uint8_t> key_raw(24, 0); | 812 std::vector<uint8_t> key_raw(24, 0); |
| 813 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 813 blink::WebCryptoKey key; |
| 814 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, | 814 Status status = ImportKey(blink::WebCryptoKeyFormatRaw, |
| 815 CryptoData(key_raw), | 815 CryptoData(key_raw), |
| 816 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 816 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 817 true, | 817 true, |
| 818 blink::WebCryptoKeyUsageEncrypt, | 818 blink::WebCryptoKeyUsageEncrypt, |
| 819 &key); | 819 &key); |
| 820 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status); | 820 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status); |
| 821 } | 821 } |
| 822 | 822 |
| 823 // AES 192-bit is not allowed: http://crbug.com/381829 | 823 // AES 192-bit is not allowed: http://crbug.com/381829 |
| 824 TEST(WebCryptoAesCbcTest, ImportAesCbc192Jwk) { | 824 TEST(WebCryptoAesCbcTest, ImportAesCbc192Jwk) { |
| 825 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 825 blink::WebCryptoKey key; |
| 826 | 826 |
| 827 base::DictionaryValue dict; | 827 base::DictionaryValue dict; |
| 828 dict.SetString("kty", "oct"); | 828 dict.SetString("kty", "oct"); |
| 829 dict.SetString("alg", "A192CBC"); | 829 dict.SetString("alg", "A192CBC"); |
| 830 dict.SetString("k", "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh"); | 830 dict.SetString("k", "YWFhYWFhYWFhYWFhYWFhYWFhYWFhYWFh"); |
| 831 | 831 |
| 832 EXPECT_EQ( | 832 EXPECT_EQ( |
| 833 Status::ErrorAes192BitUnsupported(), | 833 Status::ErrorAes192BitUnsupported(), |
| 834 ImportKeyJwkFromDict(dict, | 834 ImportKeyJwkFromDict(dict, |
| 835 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 835 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 836 false, | 836 false, |
| 837 blink::WebCryptoKeyUsageEncrypt, | 837 blink::WebCryptoKeyUsageEncrypt, |
| 838 &key)); | 838 &key)); |
| 839 } | 839 } |
| 840 | 840 |
| 841 // AES 192-bit is not allowed: http://crbug.com/381829 | 841 // AES 192-bit is not allowed: http://crbug.com/381829 |
| 842 TEST(WebCryptoAesCbcTest, GenerateAesCbc192) { | 842 TEST(WebCryptoAesCbcTest, GenerateAesCbc192) { |
| 843 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 843 blink::WebCryptoKey key; |
| 844 Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192), | 844 Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192), |
| 845 true, | 845 true, |
| 846 blink::WebCryptoKeyUsageEncrypt, | 846 blink::WebCryptoKeyUsageEncrypt, |
| 847 &key); | 847 &key); |
| 848 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status); | 848 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status); |
| 849 } | 849 } |
| 850 | 850 |
| 851 // AES 192-bit is not allowed: http://crbug.com/381829 | 851 // AES 192-bit is not allowed: http://crbug.com/381829 |
| 852 TEST(WebCryptoAesCbcTest, UnwrapAesCbc192) { | 852 TEST(WebCryptoAesCbcTest, UnwrapAesCbc192) { |
| 853 std::vector<uint8_t> wrapping_key_data(16, 0); | 853 std::vector<uint8_t> wrapping_key_data(16, 0); |
| 854 std::vector<uint8_t> wrapped_key = HexStringToBytes( | 854 std::vector<uint8_t> wrapped_key = HexStringToBytes( |
| 855 "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F"); | 855 "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F"); |
| 856 | 856 |
| 857 blink::WebCryptoKey wrapping_key = | 857 blink::WebCryptoKey wrapping_key = |
| 858 ImportSecretKeyFromRaw(wrapping_key_data, | 858 ImportSecretKeyFromRaw(wrapping_key_data, |
| 859 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | 859 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), |
| 860 blink::WebCryptoKeyUsageUnwrapKey); | 860 blink::WebCryptoKeyUsageUnwrapKey); |
| 861 | 861 |
| 862 blink::WebCryptoKey unwrapped_key = blink::WebCryptoKey::createNull(); | 862 blink::WebCryptoKey unwrapped_key; |
| 863 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), | 863 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), |
| 864 UnwrapKey(blink::WebCryptoKeyFormatRaw, | 864 UnwrapKey(blink::WebCryptoKeyFormatRaw, |
| 865 CryptoData(wrapped_key), | 865 CryptoData(wrapped_key), |
| 866 wrapping_key, | 866 wrapping_key, |
| 867 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), | 867 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw), |
| 868 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 868 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
| 869 true, | 869 true, |
| 870 blink::WebCryptoKeyUsageEncrypt, | 870 blink::WebCryptoKeyUsageEncrypt, |
| 871 &unwrapped_key)); | 871 &unwrapped_key)); |
| 872 } | 872 } |
| (...skipping 10 matching lines...) Expand all Loading... |
| 883 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt, | 883 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt, |
| 884 blink::WebCryptoKeyUsageDeriveBits, | 884 blink::WebCryptoKeyUsageDeriveBits, |
| 885 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify, | 885 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify, |
| 886 }; | 886 }; |
| 887 | 887 |
| 888 std::vector<uint8_t> key_bytes(16); | 888 std::vector<uint8_t> key_bytes(16); |
| 889 | 889 |
| 890 for (size_t i = 0; i < arraysize(bad_usages); ++i) { | 890 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 891 SCOPED_TRACE(i); | 891 SCOPED_TRACE(i); |
| 892 | 892 |
| 893 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 893 blink::WebCryptoKey key; |
| 894 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), | 894 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 895 ImportKey(blink::WebCryptoKeyFormatRaw, | 895 ImportKey(blink::WebCryptoKeyFormatRaw, |
| 896 CryptoData(key_bytes), | 896 CryptoData(key_bytes), |
| 897 algorithm, | 897 algorithm, |
| 898 true, | 898 true, |
| 899 bad_usages[i], | 899 bad_usages[i], |
| 900 &key)); | 900 &key)); |
| 901 } | 901 } |
| 902 } | 902 } |
| 903 | 903 |
| 904 // Generate an AES-CBC key with invalid usages. AES-CBC supports: | 904 // Generate an AES-CBC key with invalid usages. AES-CBC supports: |
| 905 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' | 905 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey' |
| 906 TEST(WebCryptoAesCbcTest, GenerateKeyBadUsages) { | 906 TEST(WebCryptoAesCbcTest, GenerateKeyBadUsages) { |
| 907 blink::WebCryptoKeyUsageMask bad_usages[] = { | 907 blink::WebCryptoKeyUsageMask bad_usages[] = { |
| 908 blink::WebCryptoKeyUsageSign, blink::WebCryptoKeyUsageVerify, | 908 blink::WebCryptoKeyUsageSign, blink::WebCryptoKeyUsageVerify, |
| 909 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify, | 909 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify, |
| 910 }; | 910 }; |
| 911 | 911 |
| 912 for (size_t i = 0; i < arraysize(bad_usages); ++i) { | 912 for (size_t i = 0; i < arraysize(bad_usages); ++i) { |
| 913 SCOPED_TRACE(i); | 913 SCOPED_TRACE(i); |
| 914 | 914 |
| 915 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 915 blink::WebCryptoKey key; |
| 916 | 916 |
| 917 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), | 917 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), |
| 918 GenerateSecretKey( | 918 GenerateSecretKey( |
| 919 CreateAesCbcKeyGenAlgorithm(128), true, bad_usages[i], &key)); | 919 CreateAesCbcKeyGenAlgorithm(128), true, bad_usages[i], &key)); |
| 920 } | 920 } |
| 921 } | 921 } |
| 922 | 922 |
| 923 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the | 923 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the |
| 924 // key pair (using SPKI format for public key, PKCS8 format for private key). | 924 // key pair (using SPKI format for public key, PKCS8 format for private key). |
| 925 // Then unwrap the wrapped key pair and verify that the key data is the same. | 925 // Then unwrap the wrapped key pair and verify that the key data is the same. |
| 926 TEST(WebCryptoAesCbcTest, WrapUnwrapRoundtripSpkiPkcs8) { | 926 TEST(WebCryptoAesCbcTest, WrapUnwrapRoundtripSpkiPkcs8) { |
| 927 if (!SupportsRsaPrivateKeyImport()) | 927 if (!SupportsRsaPrivateKeyImport()) |
| 928 return; | 928 return; |
| 929 | 929 |
| 930 // Generate the wrapping key. | 930 // Generate the wrapping key. |
| 931 blink::WebCryptoKey wrapping_key = blink::WebCryptoKey::createNull(); | 931 blink::WebCryptoKey wrapping_key; |
| 932 ASSERT_EQ(Status::Success(), | 932 ASSERT_EQ(Status::Success(), |
| 933 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), | 933 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), |
| 934 true, | 934 true, |
| 935 blink::WebCryptoKeyUsageWrapKey | | 935 blink::WebCryptoKeyUsageWrapKey | |
| 936 blink::WebCryptoKeyUsageUnwrapKey, | 936 blink::WebCryptoKeyUsageUnwrapKey, |
| 937 &wrapping_key)); | 937 &wrapping_key)); |
| 938 | 938 |
| 939 // Generate an RSA key pair to be wrapped. | 939 // Generate an RSA key pair to be wrapped. |
| 940 const unsigned int modulus_length = 256; | 940 const unsigned int modulus_length = 256; |
| 941 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | 941 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); |
| 942 | 942 |
| 943 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 943 blink::WebCryptoKey public_key; |
| 944 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 944 blink::WebCryptoKey private_key; |
| 945 ASSERT_EQ(Status::Success(), | 945 ASSERT_EQ(Status::Success(), |
| 946 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm( | 946 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm( |
| 947 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 947 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 948 blink::WebCryptoAlgorithmIdSha256, | 948 blink::WebCryptoAlgorithmIdSha256, |
| 949 modulus_length, | 949 modulus_length, |
| 950 public_exponent), | 950 public_exponent), |
| 951 true, | 951 true, |
| 952 0, | 952 0, |
| 953 &public_key, | 953 &public_key, |
| 954 &private_key)); | 954 &private_key)); |
| (...skipping 28 matching lines...) Expand all Loading... |
| 983 private_key, | 983 private_key, |
| 984 wrapping_key, | 984 wrapping_key, |
| 985 wrap_algorithm, | 985 wrap_algorithm, |
| 986 &wrapped_private_key)); | 986 &wrapped_private_key)); |
| 987 | 987 |
| 988 // Unwrap the key pair. | 988 // Unwrap the key pair. |
| 989 blink::WebCryptoAlgorithm rsa_import_algorithm = | 989 blink::WebCryptoAlgorithm rsa_import_algorithm = |
| 990 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 990 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 991 blink::WebCryptoAlgorithmIdSha256); | 991 blink::WebCryptoAlgorithmIdSha256); |
| 992 | 992 |
| 993 blink::WebCryptoKey unwrapped_public_key = blink::WebCryptoKey::createNull(); | 993 blink::WebCryptoKey unwrapped_public_key; |
| 994 | 994 |
| 995 ASSERT_EQ(Status::Success(), | 995 ASSERT_EQ(Status::Success(), |
| 996 UnwrapKey(blink::WebCryptoKeyFormatSpki, | 996 UnwrapKey(blink::WebCryptoKeyFormatSpki, |
| 997 CryptoData(wrapped_public_key), | 997 CryptoData(wrapped_public_key), |
| 998 wrapping_key, | 998 wrapping_key, |
| 999 wrap_algorithm, | 999 wrap_algorithm, |
| 1000 rsa_import_algorithm, | 1000 rsa_import_algorithm, |
| 1001 true, | 1001 true, |
| 1002 0, | 1002 0, |
| 1003 &unwrapped_public_key)); | 1003 &unwrapped_public_key)); |
| 1004 | 1004 |
| 1005 blink::WebCryptoKey unwrapped_private_key = blink::WebCryptoKey::createNull(); | 1005 blink::WebCryptoKey unwrapped_private_key; |
| 1006 | 1006 |
| 1007 ASSERT_EQ(Status::Success(), | 1007 ASSERT_EQ(Status::Success(), |
| 1008 UnwrapKey(blink::WebCryptoKeyFormatPkcs8, | 1008 UnwrapKey(blink::WebCryptoKeyFormatPkcs8, |
| 1009 CryptoData(wrapped_private_key), | 1009 CryptoData(wrapped_private_key), |
| 1010 wrapping_key, | 1010 wrapping_key, |
| 1011 wrap_algorithm, | 1011 wrap_algorithm, |
| 1012 rsa_import_algorithm, | 1012 rsa_import_algorithm, |
| 1013 true, | 1013 true, |
| 1014 0, | 1014 0, |
| 1015 &unwrapped_private_key)); | 1015 &unwrapped_private_key)); |
| (...skipping 16 matching lines...) Expand all Loading... |
| 1032 | 1032 |
| 1033 EXPECT_NE(public_key_spki, wrapped_public_key); | 1033 EXPECT_NE(public_key_spki, wrapped_public_key); |
| 1034 EXPECT_NE(private_key_pkcs8, wrapped_private_key); | 1034 EXPECT_NE(private_key_pkcs8, wrapped_private_key); |
| 1035 } | 1035 } |
| 1036 | 1036 |
| 1037 } // namespace | 1037 } // namespace |
| 1038 | 1038 |
| 1039 } // namespace webcrypto | 1039 } // namespace webcrypto |
| 1040 | 1040 |
| 1041 } // namespace content | 1041 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670433005:
Cleanup: Use default constructor for WebCryptoKey rather than createNull() factory method. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master