| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
| 6 | 6 |
| 7 #include <string> | 7 #include <string> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 expected_hex.c_str(), | 33 expected_hex.c_str(), |
| 34 base::HexEncode( | 34 base::HexEncode( |
| 35 array_buffer.data(), array_buffer.byteLength()).c_str()); | 35 array_buffer.data(), array_buffer.byteLength()).c_str()); |
| 36 } | 36 } |
| 37 | 37 |
| 38 blink::WebCryptoAlgorithm CreateAlgorithm(blink::WebCryptoAlgorithmId id) { | 38 blink::WebCryptoAlgorithm CreateAlgorithm(blink::WebCryptoAlgorithmId id) { |
| 39 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); | 39 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); |
| 40 } | 40 } |
| 41 | 41 |
| 42 blink::WebCryptoAlgorithm CreateHmacAlgorithm( | 42 blink::WebCryptoAlgorithm CreateHmacAlgorithm( |
| 43 blink::WebCryptoAlgorithmId hashId) { | 43 blink::WebCryptoAlgorithmId hash_id) { |
| 44 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 44 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 45 blink::WebCryptoAlgorithmIdHmac, | 45 blink::WebCryptoAlgorithmIdHmac, |
| 46 new blink::WebCryptoHmacParams(CreateAlgorithm(hashId))); | 46 new blink::WebCryptoHmacParams(CreateAlgorithm(hash_id))); |
| 47 } | 47 } |
| 48 | 48 |
| 49 blink::WebCryptoAlgorithm CreateHmacKeyAlgorithm( | 49 blink::WebCryptoAlgorithm CreateHmacKeyAlgorithm( |
| 50 blink::WebCryptoAlgorithmId hashId, | 50 blink::WebCryptoAlgorithmId hash_id, |
| 51 unsigned hash_length) { | 51 unsigned hash_length) { |
| 52 // hash_length < 0 means unspecified | 52 // hash_length < 0 means unspecified |
| 53 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 53 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 54 blink::WebCryptoAlgorithmIdHmac, | 54 blink::WebCryptoAlgorithmIdHmac, |
| 55 new blink::WebCryptoHmacKeyParams(CreateAlgorithm(hashId), | 55 new blink::WebCryptoHmacKeyParams(CreateAlgorithm(hash_id), |
| 56 (hash_length != 0), | 56 (hash_length != 0), |
| 57 hash_length)); | 57 hash_length)); |
| 58 } | 58 } |
| 59 | 59 |
| 60 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a | 60 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a |
| 61 // convenience function for getting the pointer, and should not be used beyond | 61 // convenience function for getting the pointer, and should not be used beyond |
| 62 // the expected lifetime of |data|. | 62 // the expected lifetime of |data|. |
| 63 const uint8* Start(const std::vector<uint8>& data) { | 63 const uint8* Start(const std::vector<uint8>& data) { |
| 64 if (data.empty()) | 64 if (data.empty()) |
| 65 return NULL; | 65 return NULL; |
| 66 return &data[0]; | 66 return &data[0]; |
| 67 } | 67 } |
| 68 | 68 |
| 69 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 69 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
| 70 const std::vector<uint8>& iv) { | 70 const std::vector<uint8>& iv) { |
| 71 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 71 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 72 blink::WebCryptoAlgorithmIdAesCbc, | 72 blink::WebCryptoAlgorithmIdAesCbc, |
| 73 new blink::WebCryptoAesCbcParams(Start(iv), iv.size())); | 73 new blink::WebCryptoAesCbcParams(Start(iv), iv.size())); |
| 74 } | 74 } |
| 75 | 75 |
| 76 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 76 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
| 77 unsigned short key_length_bits) { // NOLINT | 77 unsigned short key_length_bits) { // NOLINT |
| 78 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 78 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 79 blink::WebCryptoAlgorithmIdAesCbc, | 79 blink::WebCryptoAlgorithmIdAesCbc, |
| 80 new blink::WebCryptoAesKeyGenParams(key_length_bits)); | 80 new blink::WebCryptoAesKeyGenParams(key_length_bits)); |
| 81 } | 81 } |
| 82 | 82 |
| 83 #if !defined(USE_OPENSSL) | 83 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( |
| 84 blink::WebCryptoAlgorithm CreateRsaAlgorithm( | |
| 85 blink::WebCryptoAlgorithmId algorithm_id, | 84 blink::WebCryptoAlgorithmId algorithm_id, |
| 86 unsigned modulus_length, | 85 unsigned modulus_length, |
| 87 const std::vector<uint8>& public_exponent) { | 86 const std::vector<uint8>& public_exponent) { |
| 88 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 87 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
| 89 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 88 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 90 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 89 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 91 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 90 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 92 algorithm_id, | 91 algorithm_id, |
| 93 new blink::WebCryptoRsaKeyGenParams( | 92 new blink::WebCryptoRsaKeyGenParams( |
| 94 modulus_length, Start(public_exponent), public_exponent.size())); | 93 modulus_length, Start(public_exponent), public_exponent.size())); |
| 95 } | 94 } |
| 96 #endif // !defined(USE_OPENSSL) | 95 |
| 96 // TODO(padolph): Move to webcrypto_util |
| 97 bool IsHashAlgorithm(blink::WebCryptoAlgorithmId alg_id) { |
| 98 return alg_id == blink::WebCryptoAlgorithmIdSha1 || |
| 99 alg_id == blink::WebCryptoAlgorithmIdSha224 || |
| 100 alg_id == blink::WebCryptoAlgorithmIdSha256 || |
| 101 alg_id == blink::WebCryptoAlgorithmIdSha384 || |
| 102 alg_id == blink::WebCryptoAlgorithmIdSha512; |
| 103 } |
| 104 |
| 105 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( |
| 106 blink::WebCryptoAlgorithmId algorithm_id, |
| 107 blink::WebCryptoAlgorithmId hash_id) { |
| 108 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 109 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 110 DCHECK(IsHashAlgorithm(hash_id)); |
| 111 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 112 algorithm_id, |
| 113 new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); |
| 114 } |
| 97 | 115 |
| 98 } // namespace | 116 } // namespace |
| 99 | 117 |
| 100 namespace content { | 118 namespace content { |
| 101 | 119 |
| 102 class WebCryptoImplTest : public testing::Test { | 120 class WebCryptoImplTest : public testing::Test { |
| 103 protected: | 121 protected: |
| 104 blink::WebCryptoKey ImportSecretKeyFromRawHexString( | 122 blink::WebCryptoKey ImportSecretKeyFromRawHexString( |
| 105 const std::string& key_hex, | 123 const std::string& key_hex, |
| 106 const blink::WebCryptoAlgorithm& algorithm, | 124 const blink::WebCryptoAlgorithm& algorithm, |
| (...skipping 583 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 690 | 708 |
| 691 #if !defined(USE_OPENSSL) | 709 #if !defined(USE_OPENSSL) |
| 692 | 710 |
| 693 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { | 711 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
| 694 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 712 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
| 695 | 713 |
| 696 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 714 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
| 697 const unsigned modulus_length = 256; | 715 const unsigned modulus_length = 256; |
| 698 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 716 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
| 699 blink::WebCryptoAlgorithm algorithm = | 717 blink::WebCryptoAlgorithm algorithm = |
| 700 CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 718 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| 701 modulus_length, | 719 modulus_length, |
| 702 public_exponent); | 720 public_exponent); |
| 703 bool extractable = false; | 721 bool extractable = false; |
| 704 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 722 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
| 705 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 723 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 706 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 724 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 707 EXPECT_TRUE(GenerateKeyPairInternal( | 725 EXPECT_TRUE(GenerateKeyPairInternal( |
| 708 algorithm, extractable, usage_mask, &public_key, &private_key)); | 726 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 709 EXPECT_FALSE(public_key.isNull()); | 727 EXPECT_FALSE(public_key.isNull()); |
| 710 EXPECT_FALSE(private_key.isNull()); | 728 EXPECT_FALSE(private_key.isNull()); |
| 711 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 729 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 712 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 730 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 713 EXPECT_EQ(extractable, public_key.extractable()); | 731 EXPECT_EQ(extractable, public_key.extractable()); |
| 714 EXPECT_EQ(extractable, private_key.extractable()); | 732 EXPECT_EQ(extractable, private_key.extractable()); |
| 715 EXPECT_EQ(usage_mask, public_key.usages()); | 733 EXPECT_EQ(usage_mask, public_key.usages()); |
| 716 EXPECT_EQ(usage_mask, private_key.usages()); | 734 EXPECT_EQ(usage_mask, private_key.usages()); |
| 717 | 735 |
| 718 // Fail with bad modulus. | 736 // Fail with bad modulus. |
| 719 algorithm = CreateRsaAlgorithm( | 737 algorithm = CreateRsaKeyGenAlgorithm( |
| 720 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 738 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
| 721 EXPECT_FALSE(GenerateKeyPairInternal( | 739 EXPECT_FALSE(GenerateKeyPairInternal( |
| 722 algorithm, extractable, usage_mask, &public_key, &private_key)); | 740 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 723 | 741 |
| 724 // Fail with bad exponent: larger than unsigned long. | 742 // Fail with bad exponent: larger than unsigned long. |
| 725 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT | 743 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT |
| 726 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 744 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
| 727 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 745 algorithm = CreateRsaKeyGenAlgorithm( |
| 728 modulus_length, | 746 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| 729 long_exponent); | 747 modulus_length, |
| 748 long_exponent); |
| 730 EXPECT_FALSE(GenerateKeyPairInternal( | 749 EXPECT_FALSE(GenerateKeyPairInternal( |
| 731 algorithm, extractable, usage_mask, &public_key, &private_key)); | 750 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 732 | 751 |
| 733 // Fail with bad exponent: empty. | 752 // Fail with bad exponent: empty. |
| 734 const std::vector<uint8> empty_exponent; | 753 const std::vector<uint8> empty_exponent; |
| 735 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 754 algorithm = CreateRsaKeyGenAlgorithm( |
| 736 modulus_length, | 755 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| 737 empty_exponent); | 756 modulus_length, |
| 757 empty_exponent); |
| 738 EXPECT_FALSE(GenerateKeyPairInternal( | 758 EXPECT_FALSE(GenerateKeyPairInternal( |
| 739 algorithm, extractable, usage_mask, &public_key, &private_key)); | 759 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 740 | 760 |
| 741 // Fail with bad exponent: all zeros. | 761 // Fail with bad exponent: all zeros. |
| 742 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 762 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
| 743 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 763 algorithm = CreateRsaKeyGenAlgorithm( |
| 744 modulus_length, | 764 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| 745 exponent_with_leading_zeros); | 765 modulus_length, |
| 766 exponent_with_leading_zeros); |
| 746 EXPECT_FALSE(GenerateKeyPairInternal( | 767 EXPECT_FALSE(GenerateKeyPairInternal( |
| 747 algorithm, extractable, usage_mask, &public_key, &private_key)); | 768 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 748 | 769 |
| 749 // Key generation success using exponent with leading zeros. | 770 // Key generation success using exponent with leading zeros. |
| 750 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 771 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
| 751 public_exponent.begin(), | 772 public_exponent.begin(), |
| 752 public_exponent.end()); | 773 public_exponent.end()); |
| 753 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 774 algorithm = CreateRsaKeyGenAlgorithm( |
| 754 modulus_length, | 775 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
| 755 exponent_with_leading_zeros); | 776 modulus_length, |
| 777 exponent_with_leading_zeros); |
| 756 EXPECT_TRUE(GenerateKeyPairInternal( | 778 EXPECT_TRUE(GenerateKeyPairInternal( |
| 757 algorithm, extractable, usage_mask, &public_key, &private_key)); | 779 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 758 EXPECT_FALSE(public_key.isNull()); | 780 EXPECT_FALSE(public_key.isNull()); |
| 759 EXPECT_FALSE(private_key.isNull()); | 781 EXPECT_FALSE(private_key.isNull()); |
| 760 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 782 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 761 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 783 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 762 EXPECT_EQ(extractable, public_key.extractable()); | 784 EXPECT_EQ(extractable, public_key.extractable()); |
| 763 EXPECT_EQ(extractable, private_key.extractable()); | 785 EXPECT_EQ(extractable, private_key.extractable()); |
| 764 EXPECT_EQ(usage_mask, public_key.usages()); | 786 EXPECT_EQ(usage_mask, public_key.usages()); |
| 765 EXPECT_EQ(usage_mask, private_key.usages()); | 787 EXPECT_EQ(usage_mask, private_key.usages()); |
| 766 | 788 |
| 767 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 789 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
| 768 algorithm = CreateRsaAlgorithm( | 790 algorithm = CreateRsaKeyGenAlgorithm( |
| 769 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 791 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); |
| 770 EXPECT_TRUE(GenerateKeyPairInternal( | 792 EXPECT_TRUE(GenerateKeyPairInternal( |
| 771 algorithm, extractable, usage_mask, &public_key, &private_key)); | 793 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 772 EXPECT_FALSE(public_key.isNull()); | 794 EXPECT_FALSE(public_key.isNull()); |
| 773 EXPECT_FALSE(private_key.isNull()); | 795 EXPECT_FALSE(private_key.isNull()); |
| 774 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 796 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 775 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 797 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 776 EXPECT_EQ(extractable, public_key.extractable()); | 798 EXPECT_EQ(extractable, public_key.extractable()); |
| 777 EXPECT_EQ(extractable, private_key.extractable()); | 799 EXPECT_EQ(extractable, private_key.extractable()); |
| 778 EXPECT_EQ(usage_mask, public_key.usages()); | 800 EXPECT_EQ(usage_mask, public_key.usages()); |
| 779 EXPECT_EQ(usage_mask, private_key.usages()); | 801 EXPECT_EQ(usage_mask, private_key.usages()); |
| 780 | 802 |
| 781 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 803 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
| 782 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 804 algorithm = CreateRsaKeyGenAlgorithm( |
| 783 modulus_length, | 805 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 784 public_exponent); | 806 modulus_length, |
| 807 public_exponent); |
| 785 EXPECT_TRUE(GenerateKeyPairInternal( | 808 EXPECT_TRUE(GenerateKeyPairInternal( |
| 786 algorithm, extractable, usage_mask, &public_key, &private_key)); | 809 algorithm, extractable, usage_mask, &public_key, &private_key)); |
| 787 EXPECT_FALSE(public_key.isNull()); | 810 EXPECT_FALSE(public_key.isNull()); |
| 788 EXPECT_FALSE(private_key.isNull()); | 811 EXPECT_FALSE(private_key.isNull()); |
| 789 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 812 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 790 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 813 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 791 EXPECT_EQ(extractable, public_key.extractable()); | 814 EXPECT_EQ(extractable, public_key.extractable()); |
| 792 EXPECT_EQ(extractable, private_key.extractable()); | 815 EXPECT_EQ(extractable, private_key.extractable()); |
| 793 EXPECT_EQ(usage_mask, public_key.usages()); | 816 EXPECT_EQ(usage_mask, public_key.usages()); |
| 794 EXPECT_EQ(usage_mask, private_key.usages()); | 817 EXPECT_EQ(usage_mask, private_key.usages()); |
| 795 } | 818 } |
| 796 | 819 |
| 820 TEST_F(WebCryptoImplTest, SignVerifyRsa) { |
| 821 |
| 822 // Generate an RSA key pair. |
| 823 blink::WebCryptoAlgorithm algorithm = |
| 824 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 825 1024, |
| 826 HexStringToBytes("010001")); |
| 827 const blink::WebCryptoKeyUsageMask usage_mask = |
| 828 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
| 829 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| 830 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| 831 EXPECT_TRUE(GenerateKeyPairInternal( |
| 832 algorithm, true, usage_mask, &public_key, &private_key)); |
| 833 EXPECT_FALSE(public_key.isNull()); |
| 834 EXPECT_FALSE(private_key.isNull()); |
| 835 |
| 836 algorithm = CreateRsaAlgorithmWithInnerHash( |
| 837 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 838 blink::WebCryptoAlgorithmIdSha1); |
| 839 blink::WebArrayBuffer signature; |
| 840 bool signature_match = false; |
| 841 |
| 842 const char* kTestData[] = {"", "00", "010203040506070809"}; |
| 843 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestData); ++i) { |
| 844 |
| 845 SCOPED_TRACE(i); |
| 846 |
| 847 // Sign data with the private key. |
| 848 const std::vector<uint8> data = HexStringToBytes(kTestData[i]); |
| 849 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); |
| 850 |
| 851 // Verify the signature with the public key. |
| 852 signature_match = false; |
| 853 EXPECT_TRUE(VerifySignatureInternal( |
| 854 algorithm, |
| 855 public_key, |
| 856 static_cast<const unsigned char*>(signature.data()), |
| 857 signature.byteLength(), |
| 858 data, |
| 859 &signature_match)); |
| 860 EXPECT_TRUE(signature_match); |
| 861 } |
| 862 |
| 863 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); |
| 864 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); |
| 865 |
| 866 // Ensure truncated signature does not verify by passing one less byte. |
| 867 signature_match = false; |
| 868 EXPECT_TRUE(VerifySignatureInternal( |
| 869 algorithm, |
| 870 public_key, |
| 871 static_cast<const unsigned char*>(signature.data()), |
| 872 signature.byteLength() - 1, |
| 873 data, |
| 874 &signature_match)); |
| 875 EXPECT_FALSE(signature_match); |
| 876 |
| 877 // Ensure corrupted signature does not verify. |
| 878 std::vector<uint8> corrupt_sig( |
| 879 static_cast<uint8*>(signature.data()), |
| 880 static_cast<uint8*>(signature.data()) + signature.byteLength()); |
| 881 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; |
| 882 signature_match = false; |
| 883 EXPECT_TRUE(VerifySignatureInternal( |
| 884 algorithm, |
| 885 public_key, |
| 886 Start(corrupt_sig), |
| 887 corrupt_sig.size(), |
| 888 data, |
| 889 &signature_match)); |
| 890 EXPECT_FALSE(signature_match); |
| 891 |
| 892 // Ensure extra long signature does not cause issues and fails. |
| 893 const unsigned char kLongSignature[1024] = { 0 }; |
| 894 EXPECT_TRUE(VerifySignatureInternal( |
| 895 algorithm, |
| 896 public_key, |
| 897 kLongSignature, |
| 898 sizeof(kLongSignature), |
| 899 data, |
| 900 &signature_match)); |
| 901 EXPECT_FALSE(signature_match); |
| 902 |
| 903 // Ensure can't verify using a private key. |
| 904 EXPECT_FALSE(VerifySignatureInternal( |
| 905 algorithm, |
| 906 private_key, |
| 907 static_cast<const unsigned char*>(signature.data()), |
| 908 signature.byteLength(), |
| 909 data, |
| 910 &signature_match)); |
| 911 |
| 912 // Ensure can't sign using a public key. |
| 913 EXPECT_FALSE(SignInternal(algorithm, public_key, data, &signature)); |
| 914 |
| 915 // TODO(padolph): Not sure this kind of test is required here, it might be |
| 916 // more appropriate on the Blink side. |
| 917 // Fail sign and verify with malformed algorithm (no inner hash) |
| 918 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); |
| 919 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); |
| 920 EXPECT_FALSE(VerifySignatureInternal( |
| 921 algorithm, |
| 922 public_key, |
| 923 static_cast<const unsigned char*>(signature.data()), |
| 924 signature.byteLength(), |
| 925 data, |
| 926 &signature_match)); |
| 927 |
| 928 // TODO(padolph): Not sure this kind of test is required here, it might be |
| 929 // more appropriate on the Blink side. |
| 930 // Fail sign and verify with incompatible algorithm |
| 931 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
| 932 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); |
| 933 EXPECT_FALSE(VerifySignatureInternal( |
| 934 algorithm, |
| 935 public_key, |
| 936 static_cast<const unsigned char*>(signature.data()), |
| 937 signature.byteLength(), |
| 938 data, |
| 939 &signature_match)); |
| 940 } |
| 941 |
| 942 // TODO(padolph): RSA sign sample sets. NIST RSA test keys are in discrete |
| 943 // format (primes and coefficients), so we need both public and private JWK key |
| 944 // import working first. |
| 945 |
| 797 #endif // #if !defined(USE_OPENSSL) | 946 #endif // #if !defined(USE_OPENSSL) |
| 798 | 947 |
| 799 } // namespace content | 948 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 68303009:
[webcrypto] Add RSASSA-PKCS1-v1_5 sign and verify for NSS. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master