| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/logging.h" | 5 #include "base/logging.h" |
| 6 #include "base/stl_util.h" | 6 #include "base/stl_util.h" |
| 7 #include "content/child/webcrypto/algorithm_dispatch.h" | 7 #include "content/child/webcrypto/algorithm_dispatch.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/status.h" | 9 #include "content/child/webcrypto/status.h" |
| 10 #include "content/child/webcrypto/test/test_helpers.h" | 10 #include "content/child/webcrypto/test/test_helpers.h" |
| (...skipping 521 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 532 | 532 |
| 533 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) | 533 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) |
| 534 const unsigned int modulus_length = 256; | 534 const unsigned int modulus_length = 256; |
| 535 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | 535 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); |
| 536 blink::WebCryptoAlgorithm algorithm = | 536 blink::WebCryptoAlgorithm algorithm = |
| 537 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 537 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 538 blink::WebCryptoAlgorithmIdSha256, | 538 blink::WebCryptoAlgorithmIdSha256, |
| 539 modulus_length, | 539 modulus_length, |
| 540 public_exponent); | 540 public_exponent); |
| 541 bool extractable = true; | 541 bool extractable = true; |
| 542 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 542 const blink::WebCryptoKeyUsageMask usages = 0; |
| 543 blink::WebCryptoKey public_key; | 543 blink::WebCryptoKey public_key; |
| 544 blink::WebCryptoKey private_key; | 544 blink::WebCryptoKey private_key; |
| 545 | 545 |
| 546 EXPECT_EQ(Status::Success(), | 546 EXPECT_EQ(Status::Success(), |
| 547 GenerateKeyPair( | 547 GenerateKeyPair( |
| 548 algorithm, extractable, usage_mask, &public_key, &private_key)); | 548 algorithm, extractable, usages, &public_key, &private_key)); |
| 549 EXPECT_FALSE(public_key.isNull()); | 549 EXPECT_FALSE(public_key.isNull()); |
| 550 EXPECT_FALSE(private_key.isNull()); | 550 EXPECT_FALSE(private_key.isNull()); |
| 551 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 551 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 552 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 552 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 553 EXPECT_EQ(modulus_length, | 553 EXPECT_EQ(modulus_length, |
| 554 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 554 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 555 EXPECT_EQ(modulus_length, | 555 EXPECT_EQ(modulus_length, |
| 556 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 556 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 557 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 557 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 558 public_key.algorithm().rsaHashedParams()->hash().id()); | 558 public_key.algorithm().rsaHashedParams()->hash().id()); |
| 559 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 559 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 560 private_key.algorithm().rsaHashedParams()->hash().id()); | 560 private_key.algorithm().rsaHashedParams()->hash().id()); |
| 561 EXPECT_TRUE(public_key.extractable()); | 561 EXPECT_TRUE(public_key.extractable()); |
| 562 EXPECT_EQ(extractable, private_key.extractable()); | 562 EXPECT_EQ(extractable, private_key.extractable()); |
| 563 EXPECT_EQ(usage_mask, public_key.usages()); | 563 EXPECT_EQ(usages, public_key.usages()); |
| 564 EXPECT_EQ(usage_mask, private_key.usages()); | 564 EXPECT_EQ(usages, private_key.usages()); |
| 565 | 565 |
| 566 // Try exporting the generated key pair, and then re-importing to verify that | 566 // Try exporting the generated key pair, and then re-importing to verify that |
| 567 // the exported data was valid. | 567 // the exported data was valid. |
| 568 std::vector<uint8_t> public_key_spki; | 568 std::vector<uint8_t> public_key_spki; |
| 569 EXPECT_EQ( | 569 EXPECT_EQ( |
| 570 Status::Success(), | 570 Status::Success(), |
| 571 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 571 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
| 572 | 572 |
| 573 if (SupportsRsaPrivateKeyImport()) { | 573 if (SupportsRsaPrivateKeyImport()) { |
| 574 public_key = blink::WebCryptoKey::createNull(); | 574 public_key = blink::WebCryptoKey::createNull(); |
| 575 EXPECT_EQ(Status::Success(), | 575 EXPECT_EQ(Status::Success(), |
| 576 ImportKey(blink::WebCryptoKeyFormatSpki, | 576 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 577 CryptoData(public_key_spki), | 577 CryptoData(public_key_spki), |
| 578 CreateRsaHashedImportAlgorithm( | 578 CreateRsaHashedImportAlgorithm( |
| 579 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 579 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 580 blink::WebCryptoAlgorithmIdSha256), | 580 blink::WebCryptoAlgorithmIdSha256), |
| 581 true, | 581 true, |
| 582 usage_mask, | 582 usages, |
| 583 &public_key)); | 583 &public_key)); |
| 584 EXPECT_EQ(modulus_length, | 584 EXPECT_EQ(modulus_length, |
| 585 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 585 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 586 | 586 |
| 587 std::vector<uint8_t> private_key_pkcs8; | 587 std::vector<uint8_t> private_key_pkcs8; |
| 588 EXPECT_EQ( | 588 EXPECT_EQ( |
| 589 Status::Success(), | 589 Status::Success(), |
| 590 ExportKey( | 590 ExportKey( |
| 591 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 591 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
| 592 private_key = blink::WebCryptoKey::createNull(); | 592 private_key = blink::WebCryptoKey::createNull(); |
| 593 EXPECT_EQ(Status::Success(), | 593 EXPECT_EQ(Status::Success(), |
| 594 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 594 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 595 CryptoData(private_key_pkcs8), | 595 CryptoData(private_key_pkcs8), |
| 596 CreateRsaHashedImportAlgorithm( | 596 CreateRsaHashedImportAlgorithm( |
| 597 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 597 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 598 blink::WebCryptoAlgorithmIdSha256), | 598 blink::WebCryptoAlgorithmIdSha256), |
| 599 true, | 599 true, |
| 600 usage_mask, | 600 usages, |
| 601 &private_key)); | 601 &private_key)); |
| 602 EXPECT_EQ(modulus_length, | 602 EXPECT_EQ(modulus_length, |
| 603 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 603 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 604 } | 604 } |
| 605 | 605 |
| 606 // Fail with bad modulus. | 606 // Fail with bad modulus. |
| 607 algorithm = | 607 algorithm = |
| 608 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 608 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 609 blink::WebCryptoAlgorithmIdSha256, | 609 blink::WebCryptoAlgorithmIdSha256, |
| 610 0, | 610 0, |
| 611 public_exponent); | 611 public_exponent); |
| 612 EXPECT_EQ(Status::ErrorGenerateRsaUnsupportedModulus(), | 612 EXPECT_EQ(Status::ErrorGenerateRsaUnsupportedModulus(), |
| 613 GenerateKeyPair( | 613 GenerateKeyPair( |
| 614 algorithm, extractable, usage_mask, &public_key, &private_key)); | 614 algorithm, extractable, usages, &public_key, &private_key)); |
| 615 | 615 |
| 616 // Fail with bad exponent: larger than unsigned long. | 616 // Fail with bad exponent: larger than unsigned long. |
| 617 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT | 617 unsigned int exponent_length = sizeof(unsigned long) + 1; // NOLINT |
| 618 const std::vector<uint8_t> long_exponent(exponent_length, 0x01); | 618 const std::vector<uint8_t> long_exponent(exponent_length, 0x01); |
| 619 algorithm = | 619 algorithm = |
| 620 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 620 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 621 blink::WebCryptoAlgorithmIdSha256, | 621 blink::WebCryptoAlgorithmIdSha256, |
| 622 modulus_length, | 622 modulus_length, |
| 623 long_exponent); | 623 long_exponent); |
| 624 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 624 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
| 625 GenerateKeyPair( | 625 GenerateKeyPair( |
| 626 algorithm, extractable, usage_mask, &public_key, &private_key)); | 626 algorithm, extractable, usages, &public_key, &private_key)); |
| 627 | 627 |
| 628 // Fail with bad exponent: empty. | 628 // Fail with bad exponent: empty. |
| 629 const std::vector<uint8_t> empty_exponent; | 629 const std::vector<uint8_t> empty_exponent; |
| 630 algorithm = | 630 algorithm = |
| 631 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 631 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 632 blink::WebCryptoAlgorithmIdSha256, | 632 blink::WebCryptoAlgorithmIdSha256, |
| 633 modulus_length, | 633 modulus_length, |
| 634 empty_exponent); | 634 empty_exponent); |
| 635 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 635 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
| 636 GenerateKeyPair( | 636 GenerateKeyPair( |
| 637 algorithm, extractable, usage_mask, &public_key, &private_key)); | 637 algorithm, extractable, usages, &public_key, &private_key)); |
| 638 | 638 |
| 639 // Fail with bad exponent: all zeros. | 639 // Fail with bad exponent: all zeros. |
| 640 std::vector<uint8_t> exponent_with_leading_zeros(15, 0x00); | 640 std::vector<uint8_t> exponent_with_leading_zeros(15, 0x00); |
| 641 algorithm = | 641 algorithm = |
| 642 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 642 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 643 blink::WebCryptoAlgorithmIdSha256, | 643 blink::WebCryptoAlgorithmIdSha256, |
| 644 modulus_length, | 644 modulus_length, |
| 645 exponent_with_leading_zeros); | 645 exponent_with_leading_zeros); |
| 646 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), | 646 EXPECT_EQ(Status::ErrorGenerateKeyPublicExponent(), |
| 647 GenerateKeyPair( | 647 GenerateKeyPair( |
| 648 algorithm, extractable, usage_mask, &public_key, &private_key)); | 648 algorithm, extractable, usages, &public_key, &private_key)); |
| 649 | 649 |
| 650 // Key generation success using exponent with leading zeros. | 650 // Key generation success using exponent with leading zeros. |
| 651 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 651 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
| 652 public_exponent.begin(), | 652 public_exponent.begin(), |
| 653 public_exponent.end()); | 653 public_exponent.end()); |
| 654 algorithm = | 654 algorithm = |
| 655 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 655 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 656 blink::WebCryptoAlgorithmIdSha256, | 656 blink::WebCryptoAlgorithmIdSha256, |
| 657 modulus_length, | 657 modulus_length, |
| 658 exponent_with_leading_zeros); | 658 exponent_with_leading_zeros); |
| 659 EXPECT_EQ(Status::Success(), | 659 EXPECT_EQ(Status::Success(), |
| 660 GenerateKeyPair( | 660 GenerateKeyPair( |
| 661 algorithm, extractable, usage_mask, &public_key, &private_key)); | 661 algorithm, extractable, usages, &public_key, &private_key)); |
| 662 EXPECT_FALSE(public_key.isNull()); | 662 EXPECT_FALSE(public_key.isNull()); |
| 663 EXPECT_FALSE(private_key.isNull()); | 663 EXPECT_FALSE(private_key.isNull()); |
| 664 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 664 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 665 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 665 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 666 EXPECT_TRUE(public_key.extractable()); | 666 EXPECT_TRUE(public_key.extractable()); |
| 667 EXPECT_EQ(extractable, private_key.extractable()); | 667 EXPECT_EQ(extractable, private_key.extractable()); |
| 668 EXPECT_EQ(usage_mask, public_key.usages()); | 668 EXPECT_EQ(usages, public_key.usages()); |
| 669 EXPECT_EQ(usage_mask, private_key.usages()); | 669 EXPECT_EQ(usages, private_key.usages()); |
| 670 | 670 |
| 671 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha1) | 671 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha1) |
| 672 algorithm = | 672 algorithm = |
| 673 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 673 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 674 blink::WebCryptoAlgorithmIdSha1, | 674 blink::WebCryptoAlgorithmIdSha1, |
| 675 modulus_length, | 675 modulus_length, |
| 676 public_exponent); | 676 public_exponent); |
| 677 EXPECT_EQ( | 677 EXPECT_EQ( |
| 678 Status::Success(), | 678 Status::Success(), |
| 679 GenerateKeyPair(algorithm, false, usage_mask, &public_key, &private_key)); | 679 GenerateKeyPair(algorithm, false, usages, &public_key, &private_key)); |
| 680 EXPECT_FALSE(public_key.isNull()); | 680 EXPECT_FALSE(public_key.isNull()); |
| 681 EXPECT_FALSE(private_key.isNull()); | 681 EXPECT_FALSE(private_key.isNull()); |
| 682 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 682 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 683 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 683 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 684 EXPECT_EQ(modulus_length, | 684 EXPECT_EQ(modulus_length, |
| 685 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 685 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 686 EXPECT_EQ(modulus_length, | 686 EXPECT_EQ(modulus_length, |
| 687 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 687 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 688 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 688 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 689 public_key.algorithm().rsaHashedParams()->hash().id()); | 689 public_key.algorithm().rsaHashedParams()->hash().id()); |
| 690 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 690 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 691 private_key.algorithm().rsaHashedParams()->hash().id()); | 691 private_key.algorithm().rsaHashedParams()->hash().id()); |
| 692 // Even though "extractable" was set to false, the public key remains | 692 // Even though "extractable" was set to false, the public key remains |
| 693 // extractable. | 693 // extractable. |
| 694 EXPECT_TRUE(public_key.extractable()); | 694 EXPECT_TRUE(public_key.extractable()); |
| 695 EXPECT_FALSE(private_key.extractable()); | 695 EXPECT_FALSE(private_key.extractable()); |
| 696 EXPECT_EQ(usage_mask, public_key.usages()); | 696 EXPECT_EQ(usages, public_key.usages()); |
| 697 EXPECT_EQ(usage_mask, private_key.usages()); | 697 EXPECT_EQ(usages, private_key.usages()); |
| 698 | 698 |
| 699 // Exporting a private key as SPKI format doesn't make sense. However this | 699 // Exporting a private key as SPKI format doesn't make sense. However this |
| 700 // will first fail because the key is not extractable. | 700 // will first fail because the key is not extractable. |
| 701 std::vector<uint8_t> output; | 701 std::vector<uint8_t> output; |
| 702 EXPECT_EQ(Status::ErrorKeyNotExtractable(), | 702 EXPECT_EQ(Status::ErrorKeyNotExtractable(), |
| 703 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 703 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 704 | 704 |
| 705 // Re-generate an extractable private_key and try to export it as SPKI format. | 705 // Re-generate an extractable private_key and try to export it as SPKI format. |
| 706 // This should fail since spki is for public keys. | 706 // This should fail since spki is for public keys. |
| 707 EXPECT_EQ( | 707 EXPECT_EQ( |
| 708 Status::Success(), | 708 Status::Success(), |
| 709 GenerateKeyPair(algorithm, true, usage_mask, &public_key, &private_key)); | 709 GenerateKeyPair(algorithm, true, usages, &public_key, &private_key)); |
| 710 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 710 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 711 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 711 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 712 } | 712 } |
| 713 | 713 |
| 714 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadModulusLength) { | 714 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadModulusLength) { |
| 715 const unsigned int kBadModulusBits[] = { | 715 const unsigned int kBadModulusBits[] = { |
| 716 0, | 716 0, |
| 717 248, // Too small. | 717 248, // Too small. |
| 718 257, // Not a multiple of 8. | 718 257, // Not a multiple of 8. |
| 719 1023, // Not a multiple of 8. | 719 1023, // Not a multiple of 8. |
| 720 0xFFFFFFFF, // Too big. | 720 0xFFFFFFFF, // Too big. |
| 721 16384 + 8, // 16384 is the maxmimum length that NSS succeeds for. | 721 16384 + 8, // 16384 is the maxmimum length that NSS succeeds for. |
| 722 }; | 722 }; |
| 723 | 723 |
| 724 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | 724 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); |
| 725 | 725 |
| 726 for (size_t i = 0; i < arraysize(kBadModulusBits); ++i) { | 726 for (size_t i = 0; i < arraysize(kBadModulusBits); ++i) { |
| 727 const unsigned int modulus_length_bits = kBadModulusBits[i]; | 727 const unsigned int modulus_length_bits = kBadModulusBits[i]; |
| 728 blink::WebCryptoAlgorithm algorithm = CreateRsaHashedKeyGenAlgorithm( | 728 blink::WebCryptoAlgorithm algorithm = CreateRsaHashedKeyGenAlgorithm( |
| 729 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 729 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 730 blink::WebCryptoAlgorithmIdSha256, | 730 blink::WebCryptoAlgorithmIdSha256, |
| 731 modulus_length_bits, | 731 modulus_length_bits, |
| 732 public_exponent); | 732 public_exponent); |
| 733 bool extractable = true; | 733 bool extractable = true; |
| 734 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 734 const blink::WebCryptoKeyUsageMask usages = 0; |
| 735 blink::WebCryptoKey public_key; | 735 blink::WebCryptoKey public_key; |
| 736 blink::WebCryptoKey private_key; | 736 blink::WebCryptoKey private_key; |
| 737 | 737 |
| 738 EXPECT_EQ( | 738 EXPECT_EQ(Status::ErrorGenerateRsaUnsupportedModulus(), |
| 739 Status::ErrorGenerateRsaUnsupportedModulus(), | 739 GenerateKeyPair( |
| 740 GenerateKeyPair( | 740 algorithm, extractable, usages, &public_key, &private_key)); |
| 741 algorithm, extractable, usage_mask, &public_key, &private_key)); | |
| 742 } | 741 } |
| 743 } | 742 } |
| 744 | 743 |
| 745 // Try generating RSA key pairs using unsupported public exponents. Only | 744 // Try generating RSA key pairs using unsupported public exponents. Only |
| 746 // exponents of 3 and 65537 are supported. While both OpenSSL and NSS can | 745 // exponents of 3 and 65537 are supported. While both OpenSSL and NSS can |
| 747 // support other values, OpenSSL hangs when given invalid exponents, so use a | 746 // support other values, OpenSSL hangs when given invalid exponents, so use a |
| 748 // whitelist to validate the parameters. | 747 // whitelist to validate the parameters. |
| 749 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadExponent) { | 748 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadExponent) { |
| 750 const unsigned int modulus_length = 1024; | 749 const unsigned int modulus_length = 1024; |
| 751 | 750 |
| (...skipping 400 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1152 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); | 1151 EXPECT_BYTES_EQ_HEX(kPublicKeySpkiDerHex, CryptoData(spki)); |
| 1153 } | 1152 } |
| 1154 } | 1153 } |
| 1155 | 1154 |
| 1156 TEST(WebCryptoRsaSsaTest, ImportJwkRsaFailures) { | 1155 TEST(WebCryptoRsaSsaTest, ImportJwkRsaFailures) { |
| 1157 base::DictionaryValue dict; | 1156 base::DictionaryValue dict; |
| 1158 RestoreJwkRsaDictionary(&dict); | 1157 RestoreJwkRsaDictionary(&dict); |
| 1159 blink::WebCryptoAlgorithm algorithm = | 1158 blink::WebCryptoAlgorithm algorithm = |
| 1160 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1159 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1161 blink::WebCryptoAlgorithmIdSha256); | 1160 blink::WebCryptoAlgorithmIdSha256); |
| 1162 blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify; | 1161 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageVerify; |
| 1163 blink::WebCryptoKey key; | 1162 blink::WebCryptoKey key; |
| 1164 | 1163 |
| 1165 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) | 1164 // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent) |
| 1166 // entry, while an RSA private key must have those plus at least a "d" | 1165 // entry, while an RSA private key must have those plus at least a "d" |
| 1167 // (private exponent) entry. | 1166 // (private exponent) entry. |
| 1168 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, | 1167 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, |
| 1169 // section 6.3. | 1168 // section 6.3. |
| 1170 | 1169 |
| 1171 // Baseline pass. | 1170 // Baseline pass. |
| 1172 EXPECT_EQ(Status::Success(), | 1171 EXPECT_EQ(Status::Success(), |
| 1173 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1172 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key)); |
| 1174 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 1173 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
| 1175 EXPECT_FALSE(key.extractable()); | 1174 EXPECT_FALSE(key.extractable()); |
| 1176 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); | 1175 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages()); |
| 1177 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1176 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
| 1178 | 1177 |
| 1179 // The following are specific failure cases for when kty = "RSA". | 1178 // The following are specific failure cases for when kty = "RSA". |
| 1180 | 1179 |
| 1181 // Fail if either "n" or "e" is not present or malformed. | 1180 // Fail if either "n" or "e" is not present or malformed. |
| 1182 const std::string kKtyParmName[] = {"n", "e"}; | 1181 const std::string kKtyParmName[] = {"n", "e"}; |
| 1183 for (size_t idx = 0; idx < arraysize(kKtyParmName); ++idx) { | 1182 for (size_t idx = 0; idx < arraysize(kKtyParmName); ++idx) { |
| 1184 // Fail on missing parameter. | 1183 // Fail on missing parameter. |
| 1185 dict.Remove(kKtyParmName[idx], NULL); | 1184 dict.Remove(kKtyParmName[idx], NULL); |
| 1186 EXPECT_NE(Status::Success(), | 1185 EXPECT_NE(Status::Success(), |
| 1187 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1186 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key)); |
| 1188 RestoreJwkRsaDictionary(&dict); | 1187 RestoreJwkRsaDictionary(&dict); |
| 1189 | 1188 |
| 1190 // Fail on bad b64 parameter encoding. | 1189 // Fail on bad b64 parameter encoding. |
| 1191 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); | 1190 dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0"); |
| 1192 EXPECT_NE(Status::Success(), | 1191 EXPECT_NE(Status::Success(), |
| 1193 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1192 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key)); |
| 1194 RestoreJwkRsaDictionary(&dict); | 1193 RestoreJwkRsaDictionary(&dict); |
| 1195 | 1194 |
| 1196 // Fail on empty parameter. | 1195 // Fail on empty parameter. |
| 1197 dict.SetString(kKtyParmName[idx], ""); | 1196 dict.SetString(kKtyParmName[idx], ""); |
| 1198 EXPECT_EQ(Status::ErrorJwkEmptyBigInteger(kKtyParmName[idx]), | 1197 EXPECT_EQ(Status::ErrorJwkEmptyBigInteger(kKtyParmName[idx]), |
| 1199 ImportKeyJwkFromDict(dict, algorithm, false, usage_mask, &key)); | 1198 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key)); |
| 1200 RestoreJwkRsaDictionary(&dict); | 1199 RestoreJwkRsaDictionary(&dict); |
| 1201 } | 1200 } |
| 1202 } | 1201 } |
| 1203 | 1202 |
| 1204 } // namespace | 1203 } // namespace |
| 1205 | 1204 |
| 1206 } // namespace webcrypto | 1205 } // namespace webcrypto |
| 1207 | 1206 |
| 1208 } // namespace content | 1207 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670773003:
Cleanup: rename usage_mask --> usages. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master