OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <string> | 7 #include <string> |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 22 matching lines...) Expand all Loading... | |
33 expected_hex.c_str(), | 33 expected_hex.c_str(), |
34 base::HexEncode( | 34 base::HexEncode( |
35 array_buffer.data(), array_buffer.byteLength()).c_str()); | 35 array_buffer.data(), array_buffer.byteLength()).c_str()); |
36 } | 36 } |
37 | 37 |
38 blink::WebCryptoAlgorithm CreateAlgorithm(blink::WebCryptoAlgorithmId id) { | 38 blink::WebCryptoAlgorithm CreateAlgorithm(blink::WebCryptoAlgorithmId id) { |
39 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); | 39 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL); |
40 } | 40 } |
41 | 41 |
42 blink::WebCryptoAlgorithm CreateHmacAlgorithm( | 42 blink::WebCryptoAlgorithm CreateHmacAlgorithm( |
43 blink::WebCryptoAlgorithmId hashId) { | 43 blink::WebCryptoAlgorithmId hash_id) { |
44 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 44 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
45 blink::WebCryptoAlgorithmIdHmac, | 45 blink::WebCryptoAlgorithmIdHmac, |
46 new blink::WebCryptoHmacParams(CreateAlgorithm(hashId))); | 46 new blink::WebCryptoHmacParams(CreateAlgorithm(hash_id))); |
47 } | 47 } |
48 | 48 |
49 blink::WebCryptoAlgorithm CreateHmacKeyAlgorithm( | 49 blink::WebCryptoAlgorithm CreateHmacKeyAlgorithm( |
50 blink::WebCryptoAlgorithmId hashId, | 50 blink::WebCryptoAlgorithmId hash_id, |
51 unsigned hash_length) { | 51 unsigned hash_length) { |
52 // hash_length < 0 means unspecified | 52 // hash_length < 0 means unspecified |
53 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 53 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
54 blink::WebCryptoAlgorithmIdHmac, | 54 blink::WebCryptoAlgorithmIdHmac, |
55 new blink::WebCryptoHmacKeyParams(CreateAlgorithm(hashId), | 55 new blink::WebCryptoHmacKeyParams(CreateAlgorithm(hash_id), |
56 (hash_length != 0), | 56 (hash_length != 0), |
57 hash_length)); | 57 hash_length)); |
58 } | 58 } |
59 | 59 |
60 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a | 60 // Returns a pointer to the start of |data|, or NULL if it is empty. This is a |
61 // convenience function for getting the pointer, and should not be used beyond | 61 // convenience function for getting the pointer, and should not be used beyond |
62 // the expected lifetime of |data|. | 62 // the expected lifetime of |data|. |
63 const uint8* Start(const std::vector<uint8>& data) { | 63 const uint8* Start(const std::vector<uint8>& data) { |
64 if (data.empty()) | 64 if (data.empty()) |
65 return NULL; | 65 return NULL; |
66 return &data[0]; | 66 return &data[0]; |
67 } | 67 } |
68 | 68 |
69 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 69 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
70 const std::vector<uint8>& iv) { | 70 const std::vector<uint8>& iv) { |
71 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 71 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
72 blink::WebCryptoAlgorithmIdAesCbc, | 72 blink::WebCryptoAlgorithmIdAesCbc, |
73 new blink::WebCryptoAesCbcParams(Start(iv), iv.size())); | 73 new blink::WebCryptoAesCbcParams(Start(iv), iv.size())); |
74 } | 74 } |
75 | 75 |
76 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( | 76 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm( |
77 unsigned short key_length_bits) { // NOLINT | 77 unsigned short key_length_bits) { // NOLINT |
78 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 78 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
79 blink::WebCryptoAlgorithmIdAesCbc, | 79 blink::WebCryptoAlgorithmIdAesCbc, |
80 new blink::WebCryptoAesKeyGenParams(key_length_bits)); | 80 new blink::WebCryptoAesKeyGenParams(key_length_bits)); |
81 } | 81 } |
82 | 82 |
83 #if !defined(USE_OPENSSL) | 83 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm( |
84 blink::WebCryptoAlgorithm CreateRsaAlgorithm( | |
85 blink::WebCryptoAlgorithmId algorithm_id, | 84 blink::WebCryptoAlgorithmId algorithm_id, |
86 unsigned modulus_length, | 85 unsigned modulus_length, |
87 const std::vector<uint8>& public_exponent) { | 86 const std::vector<uint8>& public_exponent) { |
88 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 87 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
89 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 88 algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
90 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | 89 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); |
91 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 90 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
92 algorithm_id, | 91 algorithm_id, |
93 new blink::WebCryptoRsaKeyGenParams( | 92 new blink::WebCryptoRsaKeyGenParams( |
94 modulus_length, Start(public_exponent), public_exponent.size())); | 93 modulus_length, Start(public_exponent), public_exponent.size())); |
95 } | 94 } |
96 #endif // !defined(USE_OPENSSL) | 95 |
96 // TODO(padolph): Move to webcrypto_util | |
97 bool IsHashAlgorithm(blink::WebCryptoAlgorithmId alg_id) { | |
98 return alg_id == blink::WebCryptoAlgorithmIdSha1 || | |
99 alg_id == blink::WebCryptoAlgorithmIdSha224 || | |
100 alg_id == blink::WebCryptoAlgorithmIdSha256 || | |
101 alg_id == blink::WebCryptoAlgorithmIdSha384 || | |
102 alg_id == blink::WebCryptoAlgorithmIdSha512; | |
103 } | |
104 | |
105 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( | |
106 blink::WebCryptoAlgorithmId algorithm_id, | |
107 blink::WebCryptoAlgorithmId hash_id) { | |
108 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
109 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | |
110 DCHECK(IsHashAlgorithm(hash_id)); | |
111 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
112 algorithm_id, | |
113 new blink::WebCryptoRsaSsaParams(CreateAlgorithm(hash_id))); | |
114 } | |
97 | 115 |
98 } // namespace | 116 } // namespace |
99 | 117 |
100 namespace content { | 118 namespace content { |
101 | 119 |
102 class WebCryptoImplTest : public testing::Test { | 120 class WebCryptoImplTest : public testing::Test { |
103 protected: | 121 protected: |
104 blink::WebCryptoKey ImportSecretKeyFromRawHexString( | 122 blink::WebCryptoKey ImportSecretKeyFromRawHexString( |
105 const std::string& key_hex, | 123 const std::string& key_hex, |
106 const blink::WebCryptoAlgorithm& algorithm, | 124 const blink::WebCryptoAlgorithm& algorithm, |
(...skipping 583 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
690 | 708 |
691 #if !defined(USE_OPENSSL) | 709 #if !defined(USE_OPENSSL) |
692 | 710 |
693 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { | 711 TEST_F(WebCryptoImplTest, GenerateKeyPairRsa) { |
694 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 712 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
695 | 713 |
696 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 714 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
697 const unsigned modulus_length = 256; | 715 const unsigned modulus_length = 256; |
698 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); | 716 const std::vector<uint8> public_exponent = HexStringToBytes("010001"); |
699 blink::WebCryptoAlgorithm algorithm = | 717 blink::WebCryptoAlgorithm algorithm = |
700 CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 718 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
701 modulus_length, | 719 modulus_length, |
eroman
2013/11/20 23:57:44
indentation needs to change
padolph
2013/11/21 01:20:13
Done.
| |
702 public_exponent); | 720 public_exponent); |
703 bool extractable = false; | 721 bool extractable = false; |
704 const blink::WebCryptoKeyUsageMask usage_mask = 0; | 722 const blink::WebCryptoKeyUsageMask usage_mask = 0; |
705 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 723 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
706 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 724 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
707 EXPECT_TRUE(GenerateKeyPairInternal( | 725 EXPECT_TRUE(GenerateKeyPairInternal( |
708 algorithm, extractable, usage_mask, &public_key, &private_key)); | 726 algorithm, extractable, usage_mask, &public_key, &private_key)); |
709 EXPECT_FALSE(public_key.isNull()); | 727 EXPECT_FALSE(public_key.isNull()); |
710 EXPECT_FALSE(private_key.isNull()); | 728 EXPECT_FALSE(private_key.isNull()); |
711 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 729 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
712 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 730 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
713 EXPECT_EQ(extractable, public_key.extractable()); | 731 EXPECT_EQ(extractable, public_key.extractable()); |
714 EXPECT_EQ(extractable, private_key.extractable()); | 732 EXPECT_EQ(extractable, private_key.extractable()); |
715 EXPECT_EQ(usage_mask, public_key.usages()); | 733 EXPECT_EQ(usage_mask, public_key.usages()); |
716 EXPECT_EQ(usage_mask, private_key.usages()); | 734 EXPECT_EQ(usage_mask, private_key.usages()); |
717 | 735 |
718 // Fail with bad modulus. | 736 // Fail with bad modulus. |
719 algorithm = CreateRsaAlgorithm( | 737 algorithm = CreateRsaKeyGenAlgorithm( |
720 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 738 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
721 EXPECT_FALSE(GenerateKeyPairInternal( | 739 EXPECT_FALSE(GenerateKeyPairInternal( |
722 algorithm, extractable, usage_mask, &public_key, &private_key)); | 740 algorithm, extractable, usage_mask, &public_key, &private_key)); |
723 | 741 |
724 // Fail with bad exponent: larger than unsigned long. | 742 // Fail with bad exponent: larger than unsigned long. |
725 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT | 743 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT |
726 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 744 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
727 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 745 algorithm = CreateRsaKeyGenAlgorithm( |
728 modulus_length, | 746 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
729 long_exponent); | 747 modulus_length, |
748 long_exponent); | |
730 EXPECT_FALSE(GenerateKeyPairInternal( | 749 EXPECT_FALSE(GenerateKeyPairInternal( |
731 algorithm, extractable, usage_mask, &public_key, &private_key)); | 750 algorithm, extractable, usage_mask, &public_key, &private_key)); |
732 | 751 |
733 // Fail with bad exponent: empty. | 752 // Fail with bad exponent: empty. |
734 const std::vector<uint8> empty_exponent; | 753 const std::vector<uint8> empty_exponent; |
735 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 754 algorithm = CreateRsaKeyGenAlgorithm( |
736 modulus_length, | 755 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
737 empty_exponent); | 756 modulus_length, |
757 empty_exponent); | |
738 EXPECT_FALSE(GenerateKeyPairInternal( | 758 EXPECT_FALSE(GenerateKeyPairInternal( |
739 algorithm, extractable, usage_mask, &public_key, &private_key)); | 759 algorithm, extractable, usage_mask, &public_key, &private_key)); |
740 | 760 |
741 // Fail with bad exponent: all zeros. | 761 // Fail with bad exponent: all zeros. |
742 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); | 762 std::vector<uint8> exponent_with_leading_zeros(15, 0x00); |
743 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 763 algorithm = CreateRsaKeyGenAlgorithm( |
744 modulus_length, | 764 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
745 exponent_with_leading_zeros); | 765 modulus_length, |
766 exponent_with_leading_zeros); | |
746 EXPECT_FALSE(GenerateKeyPairInternal( | 767 EXPECT_FALSE(GenerateKeyPairInternal( |
747 algorithm, extractable, usage_mask, &public_key, &private_key)); | 768 algorithm, extractable, usage_mask, &public_key, &private_key)); |
748 | 769 |
749 // Key generation success using exponent with leading zeros. | 770 // Key generation success using exponent with leading zeros. |
750 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 771 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
751 public_exponent.begin(), | 772 public_exponent.begin(), |
752 public_exponent.end()); | 773 public_exponent.end()); |
753 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 774 algorithm = CreateRsaKeyGenAlgorithm( |
754 modulus_length, | 775 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
755 exponent_with_leading_zeros); | 776 modulus_length, |
777 exponent_with_leading_zeros); | |
756 EXPECT_TRUE(GenerateKeyPairInternal( | 778 EXPECT_TRUE(GenerateKeyPairInternal( |
757 algorithm, extractable, usage_mask, &public_key, &private_key)); | 779 algorithm, extractable, usage_mask, &public_key, &private_key)); |
758 EXPECT_FALSE(public_key.isNull()); | 780 EXPECT_FALSE(public_key.isNull()); |
759 EXPECT_FALSE(private_key.isNull()); | 781 EXPECT_FALSE(private_key.isNull()); |
760 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 782 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
761 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 783 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
762 EXPECT_EQ(extractable, public_key.extractable()); | 784 EXPECT_EQ(extractable, public_key.extractable()); |
763 EXPECT_EQ(extractable, private_key.extractable()); | 785 EXPECT_EQ(extractable, private_key.extractable()); |
764 EXPECT_EQ(usage_mask, public_key.usages()); | 786 EXPECT_EQ(usage_mask, public_key.usages()); |
765 EXPECT_EQ(usage_mask, private_key.usages()); | 787 EXPECT_EQ(usage_mask, private_key.usages()); |
766 | 788 |
767 // Successful WebCryptoAlgorithmIdRsaOaep key generation. | 789 // Successful WebCryptoAlgorithmIdRsaOaep key generation. |
768 algorithm = CreateRsaAlgorithm( | 790 algorithm = CreateRsaKeyGenAlgorithm( |
769 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); | 791 blink::WebCryptoAlgorithmIdRsaOaep, modulus_length, public_exponent); |
770 EXPECT_TRUE(GenerateKeyPairInternal( | 792 EXPECT_TRUE(GenerateKeyPairInternal( |
771 algorithm, extractable, usage_mask, &public_key, &private_key)); | 793 algorithm, extractable, usage_mask, &public_key, &private_key)); |
772 EXPECT_FALSE(public_key.isNull()); | 794 EXPECT_FALSE(public_key.isNull()); |
773 EXPECT_FALSE(private_key.isNull()); | 795 EXPECT_FALSE(private_key.isNull()); |
774 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 796 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
775 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 797 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
776 EXPECT_EQ(extractable, public_key.extractable()); | 798 EXPECT_EQ(extractable, public_key.extractable()); |
777 EXPECT_EQ(extractable, private_key.extractable()); | 799 EXPECT_EQ(extractable, private_key.extractable()); |
778 EXPECT_EQ(usage_mask, public_key.usages()); | 800 EXPECT_EQ(usage_mask, public_key.usages()); |
779 EXPECT_EQ(usage_mask, private_key.usages()); | 801 EXPECT_EQ(usage_mask, private_key.usages()); |
780 | 802 |
781 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. | 803 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation. |
782 algorithm = CreateRsaAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 804 algorithm = CreateRsaKeyGenAlgorithm( |
783 modulus_length, | 805 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
784 public_exponent); | 806 modulus_length, |
807 public_exponent); | |
785 EXPECT_TRUE(GenerateKeyPairInternal( | 808 EXPECT_TRUE(GenerateKeyPairInternal( |
786 algorithm, extractable, usage_mask, &public_key, &private_key)); | 809 algorithm, extractable, usage_mask, &public_key, &private_key)); |
787 EXPECT_FALSE(public_key.isNull()); | 810 EXPECT_FALSE(public_key.isNull()); |
788 EXPECT_FALSE(private_key.isNull()); | 811 EXPECT_FALSE(private_key.isNull()); |
789 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 812 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
790 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 813 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
791 EXPECT_EQ(extractable, public_key.extractable()); | 814 EXPECT_EQ(extractable, public_key.extractable()); |
792 EXPECT_EQ(extractable, private_key.extractable()); | 815 EXPECT_EQ(extractable, private_key.extractable()); |
793 EXPECT_EQ(usage_mask, public_key.usages()); | 816 EXPECT_EQ(usage_mask, public_key.usages()); |
794 EXPECT_EQ(usage_mask, private_key.usages()); | 817 EXPECT_EQ(usage_mask, private_key.usages()); |
795 } | 818 } |
796 | 819 |
820 TEST_F(WebCryptoImplTest, SignVerifyRsa) { | |
821 | |
822 // Generate an RSA key pair. | |
823 blink::WebCryptoAlgorithm algorithm = | |
824 CreateRsaKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
825 1024, | |
826 HexStringToBytes("010001")); | |
827 const blink::WebCryptoKeyUsageMask usage_mask = | |
828 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
829 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
830 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
831 EXPECT_TRUE(GenerateKeyPairInternal( | |
832 algorithm, true, usage_mask, &public_key, &private_key)); | |
833 EXPECT_FALSE(public_key.isNull()); | |
834 EXPECT_FALSE(private_key.isNull()); | |
835 | |
836 algorithm = CreateRsaAlgorithmWithInnerHash( | |
837 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
838 blink::WebCryptoAlgorithmIdSha1); | |
839 blink::WebArrayBuffer signature; | |
840 bool signature_match = false; | |
841 | |
842 const char* kTestData[] = {"", "00", "010203040506070809"}; | |
843 for (size_t i = 0; i < ARRAYSIZE_UNSAFE(kTestData); ++i) { | |
844 | |
845 SCOPED_TRACE(i); | |
846 | |
847 // Sign data with the private key. | |
848 const std::vector<uint8> data = HexStringToBytes(kTestData[i]); | |
849 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); | |
850 | |
851 // Verify the signature with the public key. | |
852 signature_match = false; | |
853 EXPECT_TRUE(VerifySignatureInternal( | |
854 algorithm, | |
855 public_key, | |
856 static_cast<const unsigned char*>(signature.data()), | |
857 signature.byteLength(), | |
858 data, | |
859 &signature_match)); | |
860 EXPECT_TRUE(signature_match); | |
861 } | |
862 | |
863 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | |
864 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); | |
865 | |
866 // Ensure truncated signature does not verify by passing one less byte. | |
867 signature_match = false; | |
868 EXPECT_TRUE(VerifySignatureInternal( | |
869 algorithm, | |
870 public_key, | |
871 static_cast<const unsigned char*>(signature.data()), | |
872 signature.byteLength() - 1, | |
873 data, | |
874 &signature_match)); | |
875 EXPECT_FALSE(signature_match); | |
876 | |
877 // Ensure corrupted signature does not verify. | |
878 std::vector<uint8> corrupt_sig( | |
879 static_cast<uint8*>(signature.data()), | |
880 static_cast<uint8*>(signature.data()) + signature.byteLength()); | |
881 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | |
882 signature_match = false; | |
883 EXPECT_TRUE(VerifySignatureInternal( | |
884 algorithm, | |
885 public_key, | |
886 Start(corrupt_sig), | |
887 corrupt_sig.size(), | |
888 data, | |
889 &signature_match)); | |
890 EXPECT_FALSE(signature_match); | |
891 | |
892 // Ensure extra long signature does not cause issues and fails. | |
893 const unsigned char kLongSignature[1024] = { 0 }; | |
894 EXPECT_TRUE(VerifySignatureInternal( | |
895 algorithm, | |
896 public_key, | |
897 kLongSignature, | |
898 sizeof(kLongSignature), | |
899 data, | |
900 &signature_match)); | |
901 EXPECT_FALSE(signature_match); | |
902 | |
903 // Ensure can't verify using a private key. | |
904 EXPECT_FALSE(VerifySignatureInternal( | |
905 algorithm, | |
906 private_key, | |
907 static_cast<const unsigned char*>(signature.data()), | |
908 signature.byteLength(), | |
909 data, | |
910 &signature_match)); | |
911 | |
912 // Ensure can't sign using a public key. | |
913 EXPECT_FALSE(SignInternal(algorithm, public_key, data, &signature)); | |
914 | |
915 // TODO(padolph): Not sure this kind of test is required here, it might be | |
916 // more appropriate on the Blink side. | |
917 // Fail sign and verify with malformed algorithm (no inner hash) | |
918 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5); | |
919 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); | |
920 EXPECT_FALSE(VerifySignatureInternal( | |
921 algorithm, | |
922 public_key, | |
923 static_cast<const unsigned char*>(signature.data()), | |
924 signature.byteLength(), | |
925 data, | |
926 &signature_match)); | |
927 | |
928 // TODO(padolph): Not sure this kind of test is required here, it might be | |
929 // more appropriate on the Blink side. | |
930 // Fail sign and verify with incompatible algorithm | |
931 algorithm = CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
932 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); | |
933 EXPECT_FALSE(VerifySignatureInternal( | |
934 algorithm, | |
935 public_key, | |
936 static_cast<const unsigned char*>(signature.data()), | |
937 signature.byteLength(), | |
938 data, | |
939 &signature_match)); | |
940 } | |
941 | |
942 // TODO(padolph): RSA sign sample sets. NIST RSA test keys are in discrete | |
943 // format (primes and coefficients), so we need both public and private JWK key | |
944 // import working first. | |
945 | |
797 #endif // #if !defined(USE_OPENSSL) | 946 #endif // #if !defined(USE_OPENSSL) |
798 | 947 |
799 } // namespace content | 948 } // namespace content |
OLD | NEW |