OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <algorithm> | 7 #include <algorithm> |
8 #include <string> | 8 #include <string> |
9 #include <vector> | 9 #include <vector> |
10 | 10 |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
76 dict->SetString("alg", "RSA1_5"); | 76 dict->SetString("alg", "RSA1_5"); |
77 dict->SetString("use", "enc"); | 77 dict->SetString("use", "enc"); |
78 dict->SetBoolean("extractable", false); | 78 dict->SetBoolean("extractable", false); |
79 dict->SetString("n", | 79 dict->SetString("n", |
80 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" | 80 "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk" |
81 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" | 81 "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm" |
82 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); | 82 "e7PUJHYW1PW6ENTP0ibeiNOfFvs"); |
83 dict->SetString("e", "AQAB"); | 83 dict->SetString("e", "AQAB"); |
84 } | 84 } |
85 | 85 |
86 blink::WebCryptoAlgorithm CreateRsaAlgorithmWithInnerHash( | |
87 blink::WebCryptoAlgorithmId algorithm_id, | |
88 blink::WebCryptoAlgorithmId hash_id) { | |
89 DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
90 algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep); | |
91 DCHECK(webcrypto::IsHashAlgorithm(hash_id)); | |
92 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | |
93 algorithm_id, | |
94 new blink::WebCryptoRsaSsaParams(webcrypto::CreateAlgorithm(hash_id))); | |
95 } | |
96 | |
86 // Determines if two ArrayBuffers have identical content. | 97 // Determines if two ArrayBuffers have identical content. |
87 bool ArrayBuffersEqual( | 98 bool ArrayBuffersEqual( |
88 const blink::WebArrayBuffer& a, | 99 const blink::WebArrayBuffer& a, |
89 const blink::WebArrayBuffer& b) { | 100 const blink::WebArrayBuffer& b) { |
90 return a.byteLength() == b.byteLength() && | 101 return a.byteLength() == b.byteLength() && |
91 memcmp(a.data(), b.data(), a.byteLength()) == 0; | 102 memcmp(a.data(), b.data(), a.byteLength()) == 0; |
92 } | 103 } |
93 | 104 |
94 // Given a vector of WebArrayBuffers, determines if there are any copies. | 105 // Given a vector of WebArrayBuffers, determines if there are any copies. |
95 bool CopiesExist(std::vector<blink::WebArrayBuffer> bufs) { | 106 bool CopiesExist(std::vector<blink::WebArrayBuffer> bufs) { |
(...skipping 24 matching lines...) Expand all Loading... | |
120 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm, | 131 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesGcm, |
121 key_length_bits); | 132 key_length_bits); |
122 } | 133 } |
123 | 134 |
124 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm( | 135 blink::WebCryptoAlgorithm CreateAesKwKeyGenAlgorithm( |
125 unsigned short key_length_bits) { | 136 unsigned short key_length_bits) { |
126 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw, | 137 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesKw, |
127 key_length_bits); | 138 key_length_bits); |
128 } | 139 } |
129 | 140 |
141 // The following key pair is comprised of the SPKI (public key) and PKCS#8 | |
142 // (private key) representations of the key pair provided in Example 1 of the | |
143 // NIST test vectors at | |
144 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt | |
145 const unsigned kModulusLength = 1024; | |
146 const std::string kPublicKeySpkiDerHex = | |
eroman
2014/01/15 23:10:02
Chromium style doesn't allow for non plain-old-dat
padolph
2014/01/16 02:02:04
Done.
| |
147 "30819f300d06092a864886f70d010101050003818d0030818902818100a5" | |
148 "6e4a0e701017589a5187dc7ea841d156f2ec0e36ad52a44dfeb1e61f7ad9" | |
149 "91d8c51056ffedb162b4c0f283a12a88a394dff526ab7291cbb307ceabfc" | |
150 "e0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921cb23c270a70e2598e" | |
151 "6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef22e1e1f20d0ce8cf" | |
152 "fb2249bd9a21370203010001"; | |
153 const std::string kPrivateKeyPkcs8DerHex = | |
154 "30820275020100300d06092a864886f70d01010105000482025f3082025b" | |
155 "02010002818100a56e4a0e701017589a5187dc7ea841d156f2ec0e36ad52" | |
156 "a44dfeb1e61f7ad991d8c51056ffedb162b4c0f283a12a88a394dff526ab" | |
157 "7291cbb307ceabfce0b1dfd5cd9508096d5b2b8b6df5d671ef6377c0921c" | |
158 "b23c270a70e2598e6ff89d19f105acc2d3f0cb35f29280e1386b6f64c4ef" | |
159 "22e1e1f20d0ce8cffb2249bd9a2137020301000102818033a5042a90b27d" | |
160 "4f5451ca9bbbd0b44771a101af884340aef9885f2a4bbe92e894a724ac3c" | |
161 "568c8f97853ad07c0266c8c6a3ca0929f1e8f11231884429fc4d9ae55fee" | |
162 "896a10ce707c3ed7e734e44727a39574501a532683109c2abacaba283c31" | |
163 "b4bd2f53c3ee37e352cee34f9e503bd80c0622ad79c6dcee883547c6a3b3" | |
164 "25024100e7e8942720a877517273a356053ea2a1bc0c94aa72d55c6e8629" | |
165 "6b2dfc967948c0a72cbccca7eacb35706e09a1df55a1535bd9b3cc34160b" | |
166 "3b6dcd3eda8e6443024100b69dca1cf7d4d7ec81e75b90fcca874abcde12" | |
167 "3fd2700180aa90479b6e48de8d67ed24f9f19d85ba275874f542cd20dc72" | |
168 "3e6963364a1f9425452b269a6799fd024028fa13938655be1f8a159cbaca" | |
169 "5a72ea190c30089e19cd274a556f36c4f6e19f554b34c077790427bbdd8d" | |
170 "d3ede2448328f385d81b30e8e43b2fffa02786197902401a8b38f398fa71" | |
171 "2049898d7fb79ee0a77668791299cdfa09efc0e507acb21ed74301ef5bfd" | |
172 "48be455eaeb6e1678255827580a8e4e8e14151d1510a82a3f2e729024027" | |
173 "156aba4126d24a81f3a528cbfb27f56886f840a9f6e86e17a44b94fe9319" | |
174 "584b8e22fdde1e5a2e3bd8aa5ba8d8584194eb2190acf832b847f13a3d24" | |
175 "a79f4d"; | |
176 | |
130 } // namespace | 177 } // namespace |
131 | 178 |
132 class WebCryptoImplTest : public testing::Test { | 179 class WebCryptoImplTest : public testing::Test { |
133 protected: | 180 protected: |
134 blink::WebCryptoKey ImportSecretKeyFromRawHexString( | 181 blink::WebCryptoKey ImportSecretKeyFromRawHexString( |
135 const std::string& key_hex, | 182 const std::string& key_hex, |
136 const blink::WebCryptoAlgorithm& algorithm, | 183 const blink::WebCryptoAlgorithm& algorithm, |
137 blink::WebCryptoKeyUsageMask usage) { | 184 blink::WebCryptoKeyUsageMask usage) { |
138 std::vector<uint8> key_raw = HexStringToBytes(key_hex); | 185 std::vector<uint8> key_raw = HexStringToBytes(key_hex); |
139 | 186 |
140 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 187 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
141 bool extractable = true; | 188 bool extractable = true; |
142 EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 189 EXPECT_TRUE(crypto_.ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
143 webcrypto::Uint8VectorStart(key_raw), | 190 webcrypto::Uint8VectorStart(key_raw), |
144 key_raw.size(), | 191 key_raw.size(), |
145 algorithm, | 192 algorithm, |
146 extractable, | 193 extractable, |
147 usage, | 194 usage, |
148 &key)); | 195 &key)); |
149 | 196 |
150 EXPECT_FALSE(key.isNull()); | 197 EXPECT_FALSE(key.isNull()); |
151 EXPECT_TRUE(key.handle()); | 198 EXPECT_TRUE(key.handle()); |
152 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 199 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
153 EXPECT_EQ(algorithm.id(), key.algorithm().id()); | 200 EXPECT_EQ(algorithm.id(), key.algorithm().id()); |
154 EXPECT_EQ(extractable, key.extractable()); | 201 EXPECT_EQ(extractable, key.extractable()); |
155 EXPECT_EQ(usage, key.usages()); | 202 EXPECT_EQ(usage, key.usages()); |
156 return key; | 203 return key; |
157 } | 204 } |
158 | 205 |
206 bool ImportRsaKeyPair( | |
207 const std::string& spki_der_hex, | |
208 const std::string& pkcs8_der_hex, | |
209 const blink::WebCryptoAlgorithm& algorithm, | |
210 bool extractable, | |
211 blink::WebCryptoKeyUsageMask usage_mask, | |
212 blink::WebCryptoKey* public_key, | |
213 blink::WebCryptoKey* private_key) { | |
214 if (!ImportKeyInternal( | |
215 blink::WebCryptoKeyFormatSpki, | |
216 HexStringToBytes(spki_der_hex), | |
217 algorithm, | |
218 true, | |
219 usage_mask, | |
220 public_key)) { | |
221 return false; | |
222 } | |
223 if (public_key->isNull() || !public_key->handle()) | |
eroman
2014/01/15 23:10:02
I don't be4lieve it is possible (or desirable) for
padolph
2014/01/16 02:02:04
I changed the logic to use EXPECT's to be consiste
| |
224 return false; | |
225 | |
226 if (!ImportKeyInternal( | |
227 blink::WebCryptoKeyFormatPkcs8, | |
228 HexStringToBytes(pkcs8_der_hex), | |
229 algorithm, | |
230 extractable, | |
231 usage_mask, | |
232 private_key)) { | |
233 return false; | |
234 } | |
235 if (private_key->isNull() || !private_key->handle()) | |
eroman
2014/01/15 23:10:02
Same comment here.
padolph
2014/01/16 02:02:04
Done.
| |
236 return false; | |
237 return true; | |
238 } | |
239 | |
159 // Forwarding methods to gain access to protected methods of | 240 // Forwarding methods to gain access to protected methods of |
160 // WebCryptoImpl. | 241 // WebCryptoImpl. |
161 | 242 |
162 bool DigestInternal( | 243 bool DigestInternal( |
163 const blink::WebCryptoAlgorithm& algorithm, | 244 const blink::WebCryptoAlgorithm& algorithm, |
164 const std::vector<uint8>& data, | 245 const std::vector<uint8>& data, |
165 blink::WebArrayBuffer* buffer) { | 246 blink::WebArrayBuffer* buffer) { |
166 return crypto_.DigestInternal( | 247 return crypto_.DigestInternal( |
167 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); | 248 algorithm, webcrypto::Uint8VectorStart(data), data.size(), buffer); |
168 } | 249 } |
(...skipping 57 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
226 bool* signature_match) { | 307 bool* signature_match) { |
227 return crypto_.VerifySignatureInternal(algorithm, | 308 return crypto_.VerifySignatureInternal(algorithm, |
228 key, | 309 key, |
229 signature, | 310 signature, |
230 signature_size, | 311 signature_size, |
231 webcrypto::Uint8VectorStart(data), | 312 webcrypto::Uint8VectorStart(data), |
232 data.size(), | 313 data.size(), |
233 signature_match); | 314 signature_match); |
234 } | 315 } |
235 | 316 |
317 bool VerifySignatureInternal( | |
318 const blink::WebCryptoAlgorithm& algorithm, | |
319 const blink::WebCryptoKey& key, | |
320 const std::vector<uint8>& signature, | |
321 const std::vector<uint8>& data, | |
322 bool* signature_match) { | |
323 return crypto_.VerifySignatureInternal( | |
324 algorithm, | |
325 key, | |
326 webcrypto::Uint8VectorStart(signature), | |
327 signature.size(), | |
328 webcrypto::Uint8VectorStart(data), | |
329 data.size(), | |
330 signature_match); | |
331 } | |
332 | |
236 bool EncryptInternal( | 333 bool EncryptInternal( |
237 const blink::WebCryptoAlgorithm& algorithm, | 334 const blink::WebCryptoAlgorithm& algorithm, |
238 const blink::WebCryptoKey& key, | 335 const blink::WebCryptoKey& key, |
239 const unsigned char* data, | 336 const unsigned char* data, |
240 unsigned data_size, | 337 unsigned data_size, |
241 blink::WebArrayBuffer* buffer) { | 338 blink::WebArrayBuffer* buffer) { |
242 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); | 339 return crypto_.EncryptInternal(algorithm, key, data, data_size, buffer); |
243 } | 340 } |
244 | 341 |
245 bool EncryptInternal( | 342 bool EncryptInternal( |
(...skipping 932 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1178 | 1275 |
1179 const std::string mac_raw = | 1276 const std::string mac_raw = |
1180 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; | 1277 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b"; |
1181 | 1278 |
1182 ExpectArrayBufferMatchesHex(mac_raw, output); | 1279 ExpectArrayBufferMatchesHex(mac_raw, output); |
1183 | 1280 |
1184 // TODO(padolph): Import an RSA public key JWK and use it | 1281 // TODO(padolph): Import an RSA public key JWK and use it |
1185 } | 1282 } |
1186 | 1283 |
1187 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) { | 1284 TEST_F(WebCryptoImplTest, MAYBE(ImportExportSpki)) { |
1188 // openssl genrsa -out pair.pem 2048 | |
1189 // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout | |
1190 // xxd -p pubkey.der | |
1191 const std::string hex_rsa_spki_der = | |
1192 "30820122300d06092a864886f70d01010105000382010f003082010a0282" | |
1193 "010100f19e40f94e3780858701577a571cca000cb9795db89ddf8e98ab0e" | |
1194 "5eecfa47516cb08dc591cae5ab7fa43d6db402e95991d4a2de52e7cd3a66" | |
1195 "4f58284be2eb4675d5a849a2582c585d2b3c6c225a8f2c53a0414d5dbd06" | |
1196 "172371cefdf953e9ec3000fc9ad000743023f74e82d12aa93917a2c9b832" | |
1197 "696085ee0711154cf98a6d098f44cee00ea3b7584236503a5483ba8b6792" | |
1198 "fee588d1a8f4a0618333c4cb3447d760b43d5a0d9ed6ef79763df670cd8b" | |
1199 "5eb869a20833f1e3e6d8b88240a5d4335c73fd20487f2a7d112af8692357" | |
1200 "6425e44a273e5ad2e93d6b50a28e65f9e133958e4f0c7d12e0adc90fedd4" | |
1201 "f6b6848e7b6900666642a08b520a6534a35d4f0203010001"; | |
1202 | |
1203 // Passing case: Import a valid RSA key in SPKI format. | 1285 // Passing case: Import a valid RSA key in SPKI format. |
1204 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1286 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1205 ASSERT_TRUE(ImportKeyInternal( | 1287 ASSERT_TRUE(ImportKeyInternal( |
1206 blink::WebCryptoKeyFormatSpki, | 1288 blink::WebCryptoKeyFormatSpki, |
1207 HexStringToBytes(hex_rsa_spki_der), | 1289 HexStringToBytes(kPublicKeySpkiDerHex), |
1208 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1290 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1209 true, | 1291 true, |
1210 blink::WebCryptoKeyUsageEncrypt, | 1292 blink::WebCryptoKeyUsageEncrypt, |
1211 &key)); | 1293 &key)); |
1212 EXPECT_TRUE(key.handle()); | 1294 EXPECT_TRUE(key.handle()); |
1213 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); | 1295 EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type()); |
1214 EXPECT_TRUE(key.extractable()); | 1296 EXPECT_TRUE(key.extractable()); |
1215 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); | 1297 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages()); |
1216 | 1298 |
1217 // Failing case: Empty SPKI data | 1299 // Failing case: Empty SPKI data |
1218 EXPECT_FALSE(ImportKeyInternal( | 1300 EXPECT_FALSE(ImportKeyInternal( |
1219 blink::WebCryptoKeyFormatSpki, | 1301 blink::WebCryptoKeyFormatSpki, |
1220 std::vector<uint8>(), | 1302 std::vector<uint8>(), |
1221 blink::WebCryptoAlgorithm::createNull(), | 1303 blink::WebCryptoAlgorithm::createNull(), |
1222 true, | 1304 true, |
1223 blink::WebCryptoKeyUsageEncrypt, | 1305 blink::WebCryptoKeyUsageEncrypt, |
1224 &key)); | 1306 &key)); |
1225 | 1307 |
1226 // Failing case: Import RSA key with NULL input algorithm. This is not | 1308 // Failing case: Import RSA key with NULL input algorithm. This is not |
1227 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough | 1309 // allowed because the SPKI ASN.1 format for RSA keys is not specific enough |
1228 // to map to a Web Crypto algorithm. | 1310 // to map to a Web Crypto algorithm. |
1229 EXPECT_FALSE(ImportKeyInternal( | 1311 EXPECT_FALSE(ImportKeyInternal( |
1230 blink::WebCryptoKeyFormatSpki, | 1312 blink::WebCryptoKeyFormatSpki, |
1231 HexStringToBytes(hex_rsa_spki_der), | 1313 HexStringToBytes(kPublicKeySpkiDerHex), |
1232 blink::WebCryptoAlgorithm::createNull(), | 1314 blink::WebCryptoAlgorithm::createNull(), |
1233 true, | 1315 true, |
1234 blink::WebCryptoKeyUsageEncrypt, | 1316 blink::WebCryptoKeyUsageEncrypt, |
1235 &key)); | 1317 &key)); |
1236 | 1318 |
1237 // Failing case: Bad DER encoding. | 1319 // Failing case: Bad DER encoding. |
1238 EXPECT_FALSE(ImportKeyInternal( | 1320 EXPECT_FALSE(ImportKeyInternal( |
1239 blink::WebCryptoKeyFormatSpki, | 1321 blink::WebCryptoKeyFormatSpki, |
1240 HexStringToBytes("618333c4cb"), | 1322 HexStringToBytes("618333c4cb"), |
1241 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1323 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1242 true, | 1324 true, |
1243 blink::WebCryptoKeyUsageEncrypt, | 1325 blink::WebCryptoKeyUsageEncrypt, |
1244 &key)); | 1326 &key)); |
1245 | 1327 |
1246 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1328 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1247 EXPECT_FALSE(ImportKeyInternal( | 1329 EXPECT_FALSE(ImportKeyInternal( |
1248 blink::WebCryptoKeyFormatSpki, | 1330 blink::WebCryptoKeyFormatSpki, |
1249 HexStringToBytes(hex_rsa_spki_der), | 1331 HexStringToBytes(kPublicKeySpkiDerHex), |
1250 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1332 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1251 true, | 1333 true, |
1252 blink::WebCryptoKeyUsageEncrypt, | 1334 blink::WebCryptoKeyUsageEncrypt, |
1253 &key)); | 1335 &key)); |
1254 | 1336 |
1255 // Passing case: Export a previously imported RSA public key in SPKI format | 1337 // Passing case: Export a previously imported RSA public key in SPKI format |
1256 // and compare to original data. | 1338 // and compare to original data. |
1257 blink::WebArrayBuffer output; | 1339 blink::WebArrayBuffer output; |
1258 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1340 ASSERT_TRUE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
1259 ExpectArrayBufferMatchesHex(hex_rsa_spki_der, output); | 1341 ExpectArrayBufferMatchesHex(kPublicKeySpkiDerHex, output); |
1260 | 1342 |
1261 // Failing case: Try to export a previously imported RSA public key in raw | 1343 // Failing case: Try to export a previously imported RSA public key in raw |
1262 // format (not allowed for a public key). | 1344 // format (not allowed for a public key). |
1263 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output)); | 1345 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatRaw, key, &output)); |
1264 | 1346 |
1265 // Failing case: Try to export a non-extractable key | 1347 // Failing case: Try to export a non-extractable key |
1266 ASSERT_TRUE(ImportKeyInternal( | 1348 ASSERT_TRUE(ImportKeyInternal( |
1267 blink::WebCryptoKeyFormatSpki, | 1349 blink::WebCryptoKeyFormatSpki, |
1268 HexStringToBytes(hex_rsa_spki_der), | 1350 HexStringToBytes(kPublicKeySpkiDerHex), |
1269 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), | 1351 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5), |
1270 false, | 1352 false, |
1271 blink::WebCryptoKeyUsageEncrypt, | 1353 blink::WebCryptoKeyUsageEncrypt, |
1272 &key)); | 1354 &key)); |
1273 EXPECT_TRUE(key.handle()); | 1355 EXPECT_TRUE(key.handle()); |
1274 EXPECT_FALSE(key.extractable()); | 1356 EXPECT_FALSE(key.extractable()); |
1275 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); | 1357 EXPECT_FALSE(ExportKeyInternal(blink::WebCryptoKeyFormatSpki, key, &output)); |
1276 } | 1358 } |
1277 | 1359 |
1278 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) { | 1360 TEST_F(WebCryptoImplTest, MAYBE(ImportPkcs8)) { |
1279 | |
1280 // The following is a DER-encoded PKCS#8 representation of the RSA key from | |
1281 // Example 1 of NIST's "Test vectors for RSA PKCS#1 v1.5 Signature". | |
1282 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt | |
1283 const std::string hex_rsa_pkcs8_der = | |
1284 "30820275020100300D06092A864886F70D01010105000482025F3082025B020100028181" | |
1285 "00A56E4A0E701017589A5187DC7EA841D156F2EC0E36AD52A44DFEB1E61F7AD991D8C510" | |
1286 "56FFEDB162B4C0F283A12A88A394DFF526AB7291CBB307CEABFCE0B1DFD5CD9508096D5B" | |
1287 "2B8B6DF5D671EF6377C0921CB23C270A70E2598E6FF89D19F105ACC2D3F0CB35F29280E1" | |
1288 "386B6F64C4EF22E1E1F20D0CE8CFFB2249BD9A2137020301000102818033A5042A90B27D" | |
1289 "4F5451CA9BBBD0B44771A101AF884340AEF9885F2A4BBE92E894A724AC3C568C8F97853A" | |
1290 "D07C0266C8C6A3CA0929F1E8F11231884429FC4D9AE55FEE896A10CE707C3ED7E734E447" | |
1291 "27A39574501A532683109C2ABACABA283C31B4BD2F53C3EE37E352CEE34F9E503BD80C06" | |
1292 "22AD79C6DCEE883547C6A3B325024100E7E8942720A877517273A356053EA2A1BC0C94AA" | |
1293 "72D55C6E86296B2DFC967948C0A72CBCCCA7EACB35706E09A1DF55A1535BD9B3CC34160B" | |
1294 "3B6DCD3EDA8E6443024100B69DCA1CF7D4D7EC81E75B90FCCA874ABCDE123FD2700180AA" | |
1295 "90479B6E48DE8D67ED24F9F19D85BA275874F542CD20DC723E6963364A1F9425452B269A" | |
1296 "6799FD024028FA13938655BE1F8A159CBACA5A72EA190C30089E19CD274A556F36C4F6E1" | |
1297 "9F554B34C077790427BBDD8DD3EDE2448328F385D81B30E8E43B2FFFA02786197902401A" | |
1298 "8B38F398FA712049898D7FB79EE0A77668791299CDFA09EFC0E507ACB21ED74301EF5BFD" | |
1299 "48BE455EAEB6E1678255827580A8E4E8E14151D1510A82A3F2E729024027156ABA4126D2" | |
1300 "4A81F3A528CBFB27F56886F840A9F6E86E17A44B94FE9319584B8E22FDDE1E5A2E3BD8AA" | |
1301 "5BA8D8584194EB2190ACF832B847F13A3D24A79F4D"; | |
1302 | |
1303 // Passing case: Import a valid RSA key in PKCS#8 format. | 1361 // Passing case: Import a valid RSA key in PKCS#8 format. |
1304 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 1362 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1305 ASSERT_TRUE(ImportKeyInternal( | 1363 ASSERT_TRUE(ImportKeyInternal( |
1306 blink::WebCryptoKeyFormatPkcs8, | 1364 blink::WebCryptoKeyFormatPkcs8, |
1307 HexStringToBytes(hex_rsa_pkcs8_der), | 1365 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1308 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1366 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1309 true, | 1367 true, |
1310 blink::WebCryptoKeyUsageSign, | 1368 blink::WebCryptoKeyUsageSign, |
1311 &key)); | 1369 &key)); |
1312 EXPECT_TRUE(key.handle()); | 1370 EXPECT_TRUE(key.handle()); |
1313 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); | 1371 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, key.type()); |
1314 EXPECT_TRUE(key.extractable()); | 1372 EXPECT_TRUE(key.extractable()); |
1315 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); | 1373 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages()); |
1316 | 1374 |
1317 // Failing case: Empty PKCS#8 data | 1375 // Failing case: Empty PKCS#8 data |
1318 EXPECT_FALSE(ImportKeyInternal( | 1376 EXPECT_FALSE(ImportKeyInternal( |
1319 blink::WebCryptoKeyFormatPkcs8, | 1377 blink::WebCryptoKeyFormatPkcs8, |
1320 std::vector<uint8>(), | 1378 std::vector<uint8>(), |
1321 blink::WebCryptoAlgorithm::createNull(), | 1379 blink::WebCryptoAlgorithm::createNull(), |
1322 true, | 1380 true, |
1323 blink::WebCryptoKeyUsageSign, | 1381 blink::WebCryptoKeyUsageSign, |
1324 &key)); | 1382 &key)); |
1325 | 1383 |
1326 // Failing case: Import RSA key with NULL input algorithm. This is not | 1384 // Failing case: Import RSA key with NULL input algorithm. This is not |
1327 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough | 1385 // allowed because the PKCS#8 ASN.1 format for RSA keys is not specific enough |
1328 // to map to a Web Crypto algorithm. | 1386 // to map to a Web Crypto algorithm. |
1329 EXPECT_FALSE(ImportKeyInternal( | 1387 EXPECT_FALSE(ImportKeyInternal( |
1330 blink::WebCryptoKeyFormatPkcs8, | 1388 blink::WebCryptoKeyFormatPkcs8, |
1331 HexStringToBytes(hex_rsa_pkcs8_der), | 1389 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1332 blink::WebCryptoAlgorithm::createNull(), | 1390 blink::WebCryptoAlgorithm::createNull(), |
1333 true, | 1391 true, |
1334 blink::WebCryptoKeyUsageSign, | 1392 blink::WebCryptoKeyUsageSign, |
1335 &key)); | 1393 &key)); |
1336 | 1394 |
1337 // Failing case: Bad DER encoding. | 1395 // Failing case: Bad DER encoding. |
1338 EXPECT_FALSE(ImportKeyInternal( | 1396 EXPECT_FALSE(ImportKeyInternal( |
1339 blink::WebCryptoKeyFormatPkcs8, | 1397 blink::WebCryptoKeyFormatPkcs8, |
1340 HexStringToBytes("618333c4cb"), | 1398 HexStringToBytes("618333c4cb"), |
1341 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), | 1399 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5), |
1342 true, | 1400 true, |
1343 blink::WebCryptoKeyUsageSign, | 1401 blink::WebCryptoKeyUsageSign, |
1344 &key)); | 1402 &key)); |
1345 | 1403 |
1346 // Failing case: Import RSA key but provide an inconsistent input algorithm. | 1404 // Failing case: Import RSA key but provide an inconsistent input algorithm. |
1347 EXPECT_FALSE(ImportKeyInternal( | 1405 EXPECT_FALSE(ImportKeyInternal( |
1348 blink::WebCryptoKeyFormatPkcs8, | 1406 blink::WebCryptoKeyFormatPkcs8, |
1349 HexStringToBytes(hex_rsa_pkcs8_der), | 1407 HexStringToBytes(kPrivateKeyPkcs8DerHex), |
1350 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), | 1408 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), |
1351 true, | 1409 true, |
1352 blink::WebCryptoKeyUsageSign, | 1410 blink::WebCryptoKeyUsageSign, |
1353 &key)); | 1411 &key)); |
1354 } | 1412 } |
1355 | 1413 |
1356 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) { | 1414 TEST_F(WebCryptoImplTest, MAYBE(GenerateKeyPairRsa)) { |
1357 // Note: using unrealistic short key lengths here to avoid bogging down tests. | 1415 // Note: using unrealistic short key lengths here to avoid bogging down tests. |
1358 | 1416 |
1359 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. | 1417 // Successful WebCryptoAlgorithmIdRsaEsPkcs1v1_5 key generation. |
(...skipping 21 matching lines...) Expand all Loading... | |
1381 // Fail with bad modulus. | 1439 // Fail with bad modulus. |
1382 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1440 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1383 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); | 1441 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, 0, public_exponent); |
1384 EXPECT_FALSE(GenerateKeyPairInternal( | 1442 EXPECT_FALSE(GenerateKeyPairInternal( |
1385 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1443 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1386 | 1444 |
1387 // Fail with bad exponent: larger than unsigned long. | 1445 // Fail with bad exponent: larger than unsigned long. |
1388 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT | 1446 unsigned exponent_length = sizeof(unsigned long) + 1; // NOLINT |
1389 const std::vector<uint8> long_exponent(exponent_length, 0x01); | 1447 const std::vector<uint8> long_exponent(exponent_length, 0x01); |
1390 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1448 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1391 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, modulus_length, long_exponent); | 1449 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1450 modulus_length, | |
1451 long_exponent); | |
1392 EXPECT_FALSE(GenerateKeyPairInternal( | 1452 EXPECT_FALSE(GenerateKeyPairInternal( |
1393 algorithm, extractable, usage_mask, &public_key, &private_key)); | 1453 algorithm, extractable, usage_mask, &public_key, &private_key)); |
1394 | 1454 |
1395 // Fail with bad exponent: empty. | 1455 // Fail with bad exponent: empty. |
1396 const std::vector<uint8> empty_exponent; | 1456 const std::vector<uint8> empty_exponent; |
1397 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( | 1457 algorithm = webcrypto::CreateRsaKeyGenAlgorithm( |
1398 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | 1458 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, |
1399 modulus_length, | 1459 modulus_length, |
1400 empty_exponent); | 1460 empty_exponent); |
1401 EXPECT_FALSE(GenerateKeyPairInternal( | 1461 EXPECT_FALSE(GenerateKeyPairInternal( |
(...skipping 59 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1461 | 1521 |
1462 // Fail SPKI export of private key. This is an ExportKey test, but do it here | 1522 // Fail SPKI export of private key. This is an ExportKey test, but do it here |
1463 // since it is expensive to generate an RSA key pair and we already have a | 1523 // since it is expensive to generate an RSA key pair and we already have a |
1464 // private key here. | 1524 // private key here. |
1465 blink::WebArrayBuffer output; | 1525 blink::WebArrayBuffer output; |
1466 EXPECT_FALSE( | 1526 EXPECT_FALSE( |
1467 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 1527 ExportKeyInternal(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
1468 } | 1528 } |
1469 | 1529 |
1470 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { | 1530 TEST_F(WebCryptoImplTest, MAYBE(RsaEsRoundTrip)) { |
1471 // Note: using unrealistic short key length here to avoid bogging down tests. | 1531 // Import a key pair. |
1472 | |
1473 // Create a key pair. | |
1474 const unsigned kModulusLength = 256; | |
1475 blink::WebCryptoAlgorithm algorithm = | 1532 blink::WebCryptoAlgorithm algorithm = |
1476 webcrypto::CreateRsaKeyGenAlgorithm( | 1533 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1477 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
1478 kModulusLength, | |
1479 HexStringToBytes("010001")); | |
1480 const blink::WebCryptoKeyUsageMask usage_mask = | |
1481 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; | |
1482 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1534 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1483 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1535 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1484 EXPECT_TRUE(GenerateKeyPairInternal( | 1536 EXPECT_TRUE(ImportRsaKeyPair( |
1485 algorithm, false, usage_mask, &public_key, &private_key)); | 1537 kPublicKeySpkiDerHex, |
1486 EXPECT_FALSE(public_key.isNull()); | 1538 kPrivateKeyPkcs8DerHex, |
1487 EXPECT_FALSE(private_key.isNull()); | 1539 algorithm, |
1540 false, | |
1541 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
1542 &public_key, | |
1543 &private_key)); | |
1488 | 1544 |
1489 // Make a maximum-length data message. RSAES can operate on messages up to | 1545 // Make a maximum-length data message. RSAES can operate on messages up to |
1490 // length of k - 11 bytes, where k is the octet length of the RSA modulus. | 1546 // length of k - 11 bytes, where k is the octet length of the RSA modulus. |
1491 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; | 1547 const unsigned kMaxMsgSizeBytes = kModulusLength / 8 - 11; |
1492 // There are two hex chars for each byte. | 1548 // There are two hex chars for each byte. |
1493 const unsigned kMsgHexSize = kMaxMsgSizeBytes * 2; | 1549 const unsigned kMsgHexSize = kMaxMsgSizeBytes * 2; |
1494 char max_data_hex[kMsgHexSize+1]; | 1550 char max_data_hex[kMsgHexSize+1]; |
1495 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); | 1551 std::fill(&max_data_hex[0], &max_data_hex[0] + kMsgHexSize, 'a'); |
1496 max_data_hex[kMsgHexSize] = '\0'; | 1552 max_data_hex[kMsgHexSize] = '\0'; |
1497 | 1553 |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1583 "ec358ed141c45d7e03d4c6338aebad718e8bcbbf8f8ee6f8d9f4b9ef06d8" | 1639 "ec358ed141c45d7e03d4c6338aebad718e8bcbbf8f8ee6f8d9f4b9ef06d8" |
1584 "84739a398c6bcbc688418b2ff64761dc0ccd40e7d52bed03e06946d0957a" | 1640 "84739a398c6bcbc688418b2ff64761dc0ccd40e7d52bed03e06946d0957a" |
1585 "eef9e822"; | 1641 "eef9e822"; |
1586 const std::string ciphertext_hex = | 1642 const std::string ciphertext_hex = |
1587 "6106441c2b7a4b1a16260ed1ae4fe6135247345dc8e674754bbda6588c6c" | 1643 "6106441c2b7a4b1a16260ed1ae4fe6135247345dc8e674754bbda6588c6c" |
1588 "0d95a3d4d26bb34cdbcbe327723e80343bd7a15cd4c91c3a44e6cb9c6cd6" | 1644 "0d95a3d4d26bb34cdbcbe327723e80343bd7a15cd4c91c3a44e6cb9c6cd6" |
1589 "7ad2e8bf41523188d9b36dc364a838642dcbc2c25e85dfb2106ba47578ca" | 1645 "7ad2e8bf41523188d9b36dc364a838642dcbc2c25e85dfb2106ba47578ca" |
1590 "3bbf8915055aea4fa7c3cbfdfbcc163f04c234fb6d847f39bab9612ecbee" | 1646 "3bbf8915055aea4fa7c3cbfdfbcc163f04c234fb6d847f39bab9612ecbee" |
1591 "04626e945c3ccf42"; | 1647 "04626e945c3ccf42"; |
1592 | 1648 |
1593 // Import the public key. | 1649 // Import the key pair. |
1594 const blink::WebCryptoAlgorithm algorithm = | 1650 blink::WebCryptoAlgorithm algorithm = |
1595 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | 1651 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1596 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1652 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1597 ASSERT_TRUE(ImportKeyInternal( | 1653 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1598 blink::WebCryptoKeyFormatSpki, | 1654 EXPECT_TRUE(ImportRsaKeyPair( |
1599 HexStringToBytes(rsa_spki_der_hex), | 1655 rsa_spki_der_hex, |
1656 rsa_pkcs8_der_hex, | |
1600 algorithm, | 1657 algorithm, |
1601 true, | 1658 false, |
1602 blink::WebCryptoKeyUsageEncrypt, | 1659 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, |
1603 &public_key)); | 1660 &public_key, |
1604 EXPECT_FALSE(public_key.isNull()); | |
1605 EXPECT_TRUE(public_key.handle()); | |
1606 | |
1607 // Import the private key. | |
1608 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
1609 ASSERT_TRUE(ImportKeyInternal( | |
1610 blink::WebCryptoKeyFormatPkcs8, | |
1611 HexStringToBytes(rsa_pkcs8_der_hex), | |
1612 algorithm, | |
1613 true, | |
1614 blink::WebCryptoKeyUsageDecrypt, | |
1615 &private_key)); | 1661 &private_key)); |
1616 EXPECT_FALSE(private_key.isNull()); | |
1617 EXPECT_TRUE(private_key.handle()); | |
1618 | 1662 |
1619 // Decrypt the known-good ciphertext with the private key. As a check we must | 1663 // Decrypt the known-good ciphertext with the private key. As a check we must |
1620 // get the known original cleartext. | 1664 // get the known original cleartext. |
1621 blink::WebArrayBuffer decrypted_data; | 1665 blink::WebArrayBuffer decrypted_data; |
1622 ASSERT_TRUE(DecryptInternal( | 1666 ASSERT_TRUE(DecryptInternal( |
1623 algorithm, | 1667 algorithm, |
1624 private_key, | 1668 private_key, |
1625 HexStringToBytes(ciphertext_hex), | 1669 HexStringToBytes(ciphertext_hex), |
1626 &decrypted_data)); | 1670 &decrypted_data)); |
1627 EXPECT_FALSE(decrypted_data.isNull()); | 1671 EXPECT_FALSE(decrypted_data.isNull()); |
(...skipping 16 matching lines...) Expand all Loading... | |
1644 algorithm, | 1688 algorithm, |
1645 private_key, | 1689 private_key, |
1646 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1690 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1647 encrypted_data.byteLength(), | 1691 encrypted_data.byteLength(), |
1648 &decrypted_data)); | 1692 &decrypted_data)); |
1649 EXPECT_FALSE(decrypted_data.isNull()); | 1693 EXPECT_FALSE(decrypted_data.isNull()); |
1650 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); | 1694 ExpectArrayBufferMatchesHex(cleartext_hex, decrypted_data); |
1651 } | 1695 } |
1652 | 1696 |
1653 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) { | 1697 TEST_F(WebCryptoImplTest, MAYBE(RsaEsFailures)) { |
1654 // Note: using unrealistic short key length here to avoid bogging down tests. | 1698 // Import a key pair. |
1655 | |
1656 // Create a key pair. | |
1657 const unsigned kModulusLength = 256; | |
1658 blink::WebCryptoAlgorithm algorithm = | 1699 blink::WebCryptoAlgorithm algorithm = |
1659 webcrypto::CreateRsaKeyGenAlgorithm( | 1700 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); |
1660 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5, | |
1661 kModulusLength, | |
1662 HexStringToBytes("010001")); | |
1663 const blink::WebCryptoKeyUsageMask usage_mask = | |
1664 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; | |
1665 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | 1701 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
1666 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | 1702 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
1667 EXPECT_TRUE(GenerateKeyPairInternal( | 1703 EXPECT_TRUE(ImportRsaKeyPair( |
1668 algorithm, false, usage_mask, &public_key, &private_key)); | 1704 kPublicKeySpkiDerHex, |
1669 EXPECT_FALSE(public_key.isNull()); | 1705 kPrivateKeyPkcs8DerHex, |
1670 EXPECT_FALSE(private_key.isNull()); | 1706 algorithm, |
1707 false, | |
1708 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt, | |
1709 &public_key, | |
1710 &private_key)); | |
1671 | 1711 |
1672 // Fail encrypt with a private key. | 1712 // Fail encrypt with a private key. |
1673 algorithm = | |
1674 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
1675 blink::WebArrayBuffer encrypted_data; | 1713 blink::WebArrayBuffer encrypted_data; |
1676 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); | 1714 const std::string message_hex_str("0102030405060708090a0b0c0d0e0f"); |
1677 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); | 1715 const std::vector<uint8> message_hex(HexStringToBytes(message_hex_str)); |
1678 EXPECT_FALSE( | 1716 EXPECT_FALSE( |
1679 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); | 1717 EncryptInternal(algorithm, private_key, message_hex, &encrypted_data)); |
1680 | 1718 |
1681 // Fail encrypt with empty message. | 1719 // Fail encrypt with empty message. |
1682 EXPECT_FALSE(EncryptInternal( | 1720 EXPECT_FALSE(EncryptInternal( |
1683 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); | 1721 algorithm, public_key, std::vector<uint8>(), &encrypted_data)); |
1684 | 1722 |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1717 // Do a successful decrypt with good data just for confirmation. | 1755 // Do a successful decrypt with good data just for confirmation. |
1718 EXPECT_TRUE(DecryptInternal( | 1756 EXPECT_TRUE(DecryptInternal( |
1719 algorithm, | 1757 algorithm, |
1720 private_key, | 1758 private_key, |
1721 reinterpret_cast<const unsigned char*>(encrypted_data.data()), | 1759 reinterpret_cast<const unsigned char*>(encrypted_data.data()), |
1722 encrypted_data.byteLength(), | 1760 encrypted_data.byteLength(), |
1723 &decrypted_data)); | 1761 &decrypted_data)); |
1724 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); | 1762 ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data); |
1725 } | 1763 } |
1726 | 1764 |
1765 TEST_F(WebCryptoImplTest, MAYBE(RsaSsaSignVerifyFailures)) { | |
1766 // Import a key pair. | |
1767 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | |
1768 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
1769 blink::WebCryptoAlgorithmIdSha1); | |
1770 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
1771 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
1772 EXPECT_TRUE(ImportRsaKeyPair( | |
1773 kPublicKeySpkiDerHex, | |
1774 kPrivateKeyPkcs8DerHex, | |
1775 algorithm, | |
1776 false, | |
1777 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | |
1778 &public_key, | |
1779 &private_key)); | |
1780 | |
1781 blink::WebArrayBuffer signature; | |
1782 bool signature_match; | |
1783 | |
1784 // Compute a signature. | |
1785 const std::vector<uint8> data = HexStringToBytes("010203040506070809"); | |
1786 ASSERT_TRUE(SignInternal(algorithm, private_key, data, &signature)); | |
1787 | |
1788 // Ensure truncated signature does not verify by passing one less byte. | |
1789 EXPECT_TRUE(VerifySignatureInternal( | |
1790 algorithm, | |
1791 public_key, | |
1792 static_cast<const unsigned char*>(signature.data()), | |
1793 signature.byteLength() - 1, | |
1794 data, | |
1795 &signature_match)); | |
1796 EXPECT_FALSE(signature_match); | |
1797 | |
1798 // Ensure corrupted signature does not verify. | |
1799 std::vector<uint8> corrupt_sig( | |
1800 static_cast<uint8*>(signature.data()), | |
1801 static_cast<uint8*>(signature.data()) + signature.byteLength()); | |
1802 corrupt_sig[corrupt_sig.size() / 2] ^= 0x1; | |
1803 EXPECT_TRUE(VerifySignatureInternal( | |
1804 algorithm, | |
1805 public_key, | |
1806 webcrypto::Uint8VectorStart(corrupt_sig), | |
1807 corrupt_sig.size(), | |
1808 data, | |
1809 &signature_match)); | |
1810 EXPECT_FALSE(signature_match); | |
1811 | |
1812 // Ensure signatures that are greater than the modulus size fail. | |
1813 const unsigned long_message_size_bytes = 1024; | |
1814 DCHECK_GT(long_message_size_bytes, kModulusLength/8); | |
1815 const unsigned char kLongSignature[long_message_size_bytes] = { 0 }; | |
1816 EXPECT_TRUE(VerifySignatureInternal( | |
1817 algorithm, | |
1818 public_key, | |
1819 kLongSignature, | |
1820 sizeof(kLongSignature), | |
1821 data, | |
1822 &signature_match)); | |
1823 EXPECT_FALSE(signature_match); | |
1824 | |
1825 // Ensure that verifying using a private key, rather than a public key, fails. | |
1826 EXPECT_FALSE(VerifySignatureInternal( | |
1827 algorithm, | |
1828 private_key, | |
1829 static_cast<const unsigned char*>(signature.data()), | |
1830 signature.byteLength(), | |
1831 data, | |
1832 &signature_match)); | |
1833 | |
1834 // Ensure that signing using a public key, rather than a private key, fails. | |
1835 EXPECT_FALSE(SignInternal(algorithm, public_key, data, &signature)); | |
1836 | |
1837 // Ensure that signing and verifying with an incompatible algorithm fails. | |
1838 algorithm = | |
1839 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5); | |
1840 EXPECT_FALSE(SignInternal(algorithm, private_key, data, &signature)); | |
1841 EXPECT_FALSE(VerifySignatureInternal( | |
1842 algorithm, | |
1843 public_key, | |
1844 static_cast<const unsigned char*>(signature.data()), | |
1845 signature.byteLength(), | |
1846 data, | |
1847 &signature_match)); | |
1848 | |
1849 // Some crypto libraries (NSS) can automatically select the RSA SSA inner hash | |
1850 // based solely on the contents of the input signature data. In the Web Crypto | |
1851 // implementation, the inner hash should be specified uniquely by the input | |
1852 // algorithm parameter. To validate this behavior, call Verify with a computed | |
1853 // signature that used one hash type (SHA-1), but pass in an algorithm with a | |
1854 // different inner hash type (SHA-256). If the hash type is determined by the | |
1855 // signature itself (undesired), the verify will pass, while if the hash type | |
1856 // is specified by the input algorithm (desired), the verify will fail. | |
1857 | |
1858 // Compute a signature using SHA-1 as the inner hash. | |
1859 EXPECT_TRUE(SignInternal(CreateRsaAlgorithmWithInnerHash( | |
1860 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
1861 blink::WebCryptoAlgorithmIdSha1), | |
1862 private_key, | |
1863 data, | |
1864 &signature)); | |
1865 | |
1866 // Now verify using an algorithm whose inner hash is SHA-256, not SHA-1. The | |
1867 // signature should not verify. | |
1868 // NOTE: public_key was produced by generateKey, and so its associated | |
1869 // algorithm has WebCryptoRsaKeyGenParams and not WebCryptoRsaSsaParams. Thus | |
1870 // it has no inner hash to conflict with the input algorithm. | |
1871 bool is_match; | |
1872 EXPECT_TRUE(VerifySignatureInternal( | |
1873 CreateRsaAlgorithmWithInnerHash( | |
1874 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
1875 blink::WebCryptoAlgorithmIdSha256), | |
1876 public_key, | |
1877 static_cast<const unsigned char*>(signature.data()), | |
1878 signature.byteLength(), | |
1879 data, | |
1880 &is_match)); | |
1881 EXPECT_FALSE(is_match); | |
1882 } | |
1883 | |
1884 TEST_F(WebCryptoImplTest, MAYBE(RsaSignVerifyKnownAnswer)) { | |
1885 // Use the NIST test vectors from Example 1 of | |
1886 // ftp://ftp.rsa.com/pub/rsalabs/tmp/pkcs1v15sign-vectors.txt | |
1887 // These vectors are known answers for RSA PKCS#1 v1.5 Signature with a SHA-1 | |
1888 // digest, using a predefined key pair. | |
1889 | |
1890 struct TestCase { | |
1891 const std::string message_hex; | |
1892 const std::string signature_hex; | |
1893 }; | |
1894 | |
1895 // The following data are the input messages and corresponding computed RSA | |
1896 // PKCS#1 v1.5 signatures from the NIST link above. | |
1897 const TestCase kTests[] = { | |
1898 // PKCS#1 v1.5 Signature Example 1.1 | |
1899 {"cdc87da223d786df3b45e0bbbc721326d1ee2af806cc315475cc6f0d9c66e1b6" | |
1900 "2371d45ce2392e1ac92844c310102f156a0d8d52c1f4c40ba3aa65095786cb76" | |
1901 "9757a6563ba958fed0bcc984e8b517a3d5f515b23b8a41e74aa867693f90dfb0" | |
1902 "61a6e86dfaaee64472c00e5f20945729cbebe77f06ce78e08f4098fba41f9d61" | |
1903 "93c0317e8b60d4b6084acb42d29e3808a3bc372d85e331170fcbf7cc72d0b71c" | |
1904 "296648b3a4d10f416295d0807aa625cab2744fd9ea8fd223c42537029828bd16" | |
1905 "be02546f130fd2e33b936d2676e08aed1b73318b750a0167d0", | |
1906 "6bc3a06656842930a247e30d5864b4d819236ba7c68965862ad7dbc4e24af28e" | |
1907 "86bb531f03358be5fb74777c6086f850caef893f0d6fcc2d0c91ec013693b4ea" | |
1908 "00b80cd49aac4ecb5f8911afe539ada4a8f3823d1d13e472d1490547c659c761" | |
1909 "7f3d24087ddb6f2b72096167fc097cab18e9a458fcb634cdce8ee35894c484d7"}, | |
1910 // PKCS#1 v1.5 Signature Example 1.2 | |
1911 {"851384cdfe819c22ed6c4ccb30daeb5cf059bc8e1166b7e3530c4c233e2b5f8f" | |
1912 "71a1cca582d43ecc72b1bca16dfc7013226b9e", | |
1913 "84fd2ce734ec1da828d0f15bf49a8707c15d05948136de537a3db421384167c8" | |
1914 "6fae022587ee9e137daee754738262932d271c744c6d3a189ad4311bdb020492" | |
1915 "e322fbddc40406ea860d4e8ea2a4084aa98b9622a446756fdb740ddb3d91db76" | |
1916 "70e211661bbf8709b11c08a70771422d1a12def29f0688a192aebd89e0f896f8"}, | |
1917 // PKCS#1 v1.5 Signature Example1.3 | |
1918 {"a4b159941761c40c6a82f2b80d1b94f5aa2654fd17e12d588864679b54cd04ef" | |
1919 "8bd03012be8dc37f4b83af7963faff0dfa225477437c48017ff2be8191cf3955" | |
1920 "fc07356eab3f322f7f620e21d254e5db4324279fe067e0910e2e81ca2cab31c7" | |
1921 "45e67a54058eb50d993cdb9ed0b4d029c06d21a94ca661c3ce27fae1d6cb20f4" | |
1922 "564d66ce4767583d0e5f060215b59017be85ea848939127bd8c9c4d47b51056c" | |
1923 "031cf336f17c9980f3b8f5b9b6878e8b797aa43b882684333e17893fe9caa6aa" | |
1924 "299f7ed1a18ee2c54864b7b2b99b72618fb02574d139ef50f019c9eef4169713" | |
1925 "38e7d470", | |
1926 "0b1f2e5180e5c7b4b5e672929f664c4896e50c35134b6de4d5a934252a3a245f" | |
1927 "f48340920e1034b7d5a5b524eb0e1cf12befef49b27b732d2c19e1c43217d6e1" | |
1928 "417381111a1d36de6375cf455b3c9812639dbc27600c751994fb61799ecf7da6" | |
1929 "bcf51540afd0174db4033188556675b1d763360af46feeca5b60f882829ee7b2"}, | |
1930 // PKCS#1 v1.5 Signature Example 1.4 | |
1931 {"bc656747fa9eafb3f0", | |
1932 "45607ad611cf5747a41ac94d0ffec878bdaf63f6b57a4b088bf36e34e109f840" | |
1933 "f24b742ada16102dabf951cbc44f8982e94ed4cd09448d20ec0efa73545f80b6" | |
1934 "5406bed6194a61c340b4ad1568cbb75851049f11af1734964076e02029aee200" | |
1935 "e40e80be0f4361f69841c4f92a4450a2286d43289b405554c54d25c6ecb584f4"}, | |
1936 // PKCS#1 v1.5 Signature Example 1.5 | |
1937 {"b45581547e5427770c768e8b82b75564e0ea4e9c32594d6bff706544de0a8776" | |
1938 "c7a80b4576550eee1b2acabc7e8b7d3ef7bb5b03e462c11047eadd00629ae575" | |
1939 "480ac1470fe046f13a2bf5af17921dc4b0aa8b02bee6334911651d7f8525d10f" | |
1940 "32b51d33be520d3ddf5a709955a3dfe78283b9e0ab54046d150c177f037fdccc" | |
1941 "5be4ea5f68b5e5a38c9d7edcccc4975f455a6909b4", | |
1942 "54be9d90877515f450279c15b5f61ad6f15ecc95f18cbed82b65b1667a575809" | |
1943 "587994668044f3bc2ae7f884501f64f0b43f588cfa205a6ab704328c2d4ab92a" | |
1944 "7ae13440614d3e085f401da9ad28e2105e4a0edb681a6424df047388ce051ee9" | |
1945 "df7bc2163fe347520ad51ccd518064383e741acad3cbdc2cb5a7c68e868464c2"}, | |
1946 // PKCS#1 v1.5 Signature Example 1.6 | |
1947 {"10aae9a0ab0b595d0841207b700d48d75faedde3b775cd6b4cc88ae06e4694ec" | |
1948 "74ba18f8520d4f5ea69cbbe7cc2beba43efdc10215ac4eb32dc302a1f53dc6c4" | |
1949 "352267e7936cfebf7c8d67035784a3909fa859c7b7b59b8e39c5c2349f1886b7" | |
1950 "05a30267d402f7486ab4f58cad5d69adb17ab8cd0ce1caf5025af4ae24b1fb87" | |
1951 "94c6070cc09a51e2f9911311e3877d0044c71c57a993395008806b723ac38373" | |
1952 "d395481818528c1e7053739282053529510e935cd0fa77b8fa53cc2d474bd4fb" | |
1953 "3cc5c672d6ffdc90a00f9848712c4bcfe46c60573659b11e6457e861f0f604b6" | |
1954 "138d144f8ce4e2da73", | |
1955 "0e6ff63a856b9cbd5dbe423183122047dd39d6f76d1b2310e546fe9ee73b33ef" | |
1956 "a7c78f9474455c9e5b88cb383aafc3698668e7b7a59a9cbb5b0897b6c5afb7f8" | |
1957 "bac4b924e98d760a15fc43d2814ab2d5187f79bed9915a93397ebc22a7677506" | |
1958 "a02e076d3ffdc0441dbd4db00453dc28d830e0573f77b817b505c38b4a4bb5d0"}, | |
1959 // PKCS#1 v1.5 Signature Example 1.7 | |
1960 {"efb5da1b4d1e6d9a5dff92d0184da7e31f877d1281ddda625664869e8379e67a" | |
1961 "d3b75eae74a580e9827abd6eb7a002cb5411f5266797768fb8e95ae40e3e8b34" | |
1962 "66f5ab15d69553952939ec23e61d58497fac76aa1c0bb5a3cb4a54383587c7bb" | |
1963 "78d13eefda205443e6ce4365802df55c64713497984e7ca96722b3edf84d56", | |
1964 "8385d58533a995f72df262b70f40b391ddf515f464b9d2cc2d66398fc05689d8" | |
1965 "11632946d62eabdca7a31fcf6cd6c981d28bbc29083e4a6d5b2b378ca4e540f0" | |
1966 "60b96d53ad2693f82178b94e2e2f86b9accfa02025107e062ab7080175684501" | |
1967 "028f676461d81c008fe4750671649970878fc175cf98e96b2ecbf6874d77dacb"}, | |
1968 // PKCS#1 v1.5 Signature Example 1.8 | |
1969 {"53bb58ce42f1984940552657233b14969af365c0a561a4132af18af39432280e" | |
1970 "3e437082434b19231837184f02cf2b2e726bebf74d7ae3256d8b72f3eafdb134" | |
1971 "d33de06f2991d299d59f5468d43b9958d6a968f5969edbbc6e7185cbc716c7c9" | |
1972 "45dafa9cc71ddfaaa01094a452ddf5e2407320400bf05ea9729cafbf0600e788" | |
1973 "07ef9462e3fde32ed7d981a56f4751ef64fb4549910ecc911d728053b3994300" | |
1974 "4740e6f5821fe8d75c0617bf2c6b24bbfc34013fc95f0dedf5ba297f504fb833" | |
1975 "da2a436d1d8ff1cc5193e2a64389fced918e7feb6716330f66801db9497549cf" | |
1976 "1d3bd97cf1bc6255", | |
1977 "8e1f3d26ec7c6bbb8c54c5d25f3120587803af6d3c2b99a37ced6a3657d4ae54" | |
1978 "266f63fffde660c866d65d0ab0589e1d12d9ce6054b05c8668ae127171ccaae7" | |
1979 "f1cd409677f52157b6123ab227f27a00966d1439b42a32169d1070394026fc8b" | |
1980 "c93545b1ac252d0f7da751c02e33a47831fbd71514c2bbbd3adb6740c0fd68ad"}, | |
1981 // PKCS#1 v1.5 Signature Example 1.9 | |
1982 {"27cadc698450945f204ec3cf8c6cbd8ceb4cc0cbe312274fa96b04deac855160" | |
1983 "c0e04e4ac5d38210c27c", | |
1984 "7b63f9223356f35f6117f68c8f8220034fc2384ab5dc6904141f139314d6ee89" | |
1985 "f54ec6ffd18c413a23c5931c7fbb13c555ccfd590e0eaa853c8c94d2520cd425" | |
1986 "0d9a05a193b65dc749b82478af0156ee1de55ddad33ec1f0099cad6c891a3617" | |
1987 "c7393d05fbfbbb00528a001df0b204ebdf1a341090dea89f870a877458427f7b"}, | |
1988 // PKCS#1 v1.5 Signature Example 1.10 | |
1989 {"716407e901b9ef92d761b013fd13eb7ad72aed", | |
1990 "2a22dbe3774d5b297201b55a0f17f42dce63b7845cb325cfe951d0badb5c5a14" | |
1991 "472143d896c86cc339f83671164215abc97862f2151654e75a3b357c37311b3d" | |
1992 "7268cab540202e23bee52736f2cd86cce0c7dbde95e1c600a47395dc5eb0a472" | |
1993 "153fbc4fb21b643e0c04ae14dd37e97e617a7567c89652219781001ba6f83298"}, | |
1994 // PKCS#1 v1.5 Signature Example 1.11 | |
1995 {"46c24e4103001629c712dd4ce8d747ee595d6c744ccc4f71347d9b8abf49d1b8" | |
1996 "fb2ef91b95dc899d4c0e3d2997e638f4cf3f68e0498de5aabd13f0dfe02ff26b" | |
1997 "a4379104e78ffa95ffbd15067ef8cbd7eb7860fecc71abe13d5c720a66851f2d" | |
1998 "efd4e795054d7bec024bb422a46a7368b56d95b47aebafbeadd612812593a70d" | |
1999 "b9f96d451ee15edb299308d777f4bb68ed3377c32156b41b7a9c92a14c8b8114" | |
2000 "4399c56a5a432f4f770aa97da8415d0bda2e813206031e70620031c881d616bf" | |
2001 "fd5f03bf147c1e73766c26246208", | |
2002 "12235b0b406126d9d260d447e923a11051fb243079f446fd73a70181d53634d7" | |
2003 "a0968e4ee27777eda63f6e4a3a91ad5985998a4848da59ce697b24bb332fa2ad" | |
2004 "9ce462ca4affdc21dab908e8ce15af6eb9105b1abcf39142aa17b34c4c092386" | |
2005 "a7abbfe028afdbebc14f2ce26fbee5edeca11502d39a6b7403154843d98a62a7"}, | |
2006 // PKCS#1 v1.5 Signature Example 1.12 | |
2007 {"bc99a932aa16d622bfff79c50b4c42358673261129e28d6a918ff1b0f1c4f46a" | |
2008 "d8afa98b0ca0f56f967975b0a29be882e93b6cd3fc33e1faef72e52b2ae0a3f1" | |
2009 "2024506e25690e902e782982145556532284cf505789738f4da31fa1333d3af8" | |
2010 "62b2ba6b6ce7ab4cce6aba", | |
2011 "872ec5ad4f1846256f17e9936ac50e43e9963ea8c1e76f15879b7874d77d122a" | |
2012 "609dc8c561145b94bf4ffdffdeb17e6e76ffc6c10c0747f5e37a9f434f5609e7" | |
2013 "9da5250215a457afdf12c6507cc1551f54a28010595826a2c9b97fa0aa851cc6" | |
2014 "8b705d7a06d720ba027e4a1c0b019500fb63b78071684dcfa9772700b982dc66"}, | |
2015 // PKCS#1 v1.5 Signature Example 1.13 | |
2016 {"731e172ac063992c5b11ba170dfb23bb000d47ba195329cf278061037381514c" | |
2017 "146064c5285db130dd5bae98b772225950eab05d3ea996f6fffb9a8c8622913f" | |
2018 "279914c89ada4f3dd77666a868bfcbff2b95b7daf453d4e2c9d75beee7f8e709" | |
2019 "05e4066a4f73aecc67f956aa5a3292b8488c917d317cfdc86253e690381e15ab", | |
2020 "76204eacc1d63ec1d6ad5bd0692e1a2f686df6e64ca945c77a824de212efa6d9" | |
2021 "782d81b4591403ff4020620298c07ebd3a8a61c5bf4dad62cbfc4ae6a03937be" | |
2022 "4b49a216d570fc6e81872937876e27bd19cf601effc30ddca573c9d56cd4569b" | |
2023 "db4851c450c42cb21e738cdd61027b8be5e9b410fc46aa3f29e4be9e64451346"}, | |
2024 // PKCS#1 v1.5 Signature Example 1.14 | |
2025 {"0211382683a74d8d2a2cb6a06550563be1c26ca62821e4ff163b720464fc3a28" | |
2026 "d91bedddc62749a5538eaf41fbe0c82a77e06ad99383c9e985ffb8a93fd4d7c5" | |
2027 "8db51ad91ba461d69a8fd7ddabe2496757a0c49122c1a79a85cc0553e8214d03" | |
2028 "6dfe0185efa0d05860c612fa0882c82d246e5830a67355dff18a2c36b732f988" | |
2029 "cfedc562264c6254b40fcabb97b760947568dcd6a17cda6ee8855bddbab93702" | |
2030 "471aa0cfb1bed2e13118eba1175b73c96253c108d0b2aba05ab8e17e84392e20" | |
2031 "085f47404d8365527dc3fb8f2bb48a50038e71361ccf973407", | |
2032 "525500918331f1042eae0c5c2054aa7f92deb26991b5796634f229daf9b49eb2" | |
2033 "054d87319f3cfa9b466bd075ef6699aea4bd4a195a1c52968b5e2b75e092d846" | |
2034 "ea1b5cc27905a8e1d5e5de0edfdb21391ebb951864ebd9f0b0ec35b654287136" | |
2035 "0a317b7ef13ae06af684e38e21b1e19bc7298e5d6fe0013a164bfa25d3e7313d"}, | |
2036 // PKCS#1 v1.5 Signature Example 1.15 | |
2037 {"fc6b700d22583388ab2f8dafcaf1a05620698020da4bae44dafbd0877b501250" | |
2038 "6dc3181d5c66bf023f348b41fd9f94795ab96452a4219f2d39d72af359cf1956" | |
2039 "51c7", | |
2040 "4452a6cc2626b01e95ab306df0d0cc7484fbab3c22e9703283567f66eadc248d" | |
2041 "bda58fce7dd0c70cce3f150fca4b369dff3b6237e2b16281ab55b53fb13089c8" | |
2042 "5cd265056b3d62a88bfc2135b16791f7fbcab9fd2dc33becb617be419d2c0461" | |
2043 "42a4d47b338314552edd4b6fe9ce1104ecec4a9958d7331e930fc09bf08a6e64"}, | |
2044 // PKCS#1 v1.5 Signature Example 1.16 | |
2045 {"13ba086d709cfa5fedaa557a89181a6140f2300ed6d7c3febb6cf68abebcbc67" | |
2046 "8f2bca3dc2330295eec45bb1c4075f3ada987eae88b39c51606cb80429e649d9" | |
2047 "8acc8441b1f8897db86c5a4ce0abf28b1b81dca3667697b850696b74a5ebd85d" | |
2048 "ec56c90f8abe513efa857853720be319607921bca947522cd8fac8cace5b827c" | |
2049 "3e5a129e7ee57f6b84932f14141ac4274e8cbb46e6912b0d3e2177d499d1840c" | |
2050 "d47d4d7ae0b4cdc4d3", | |
2051 "1f3b5a87db72a2c97bb3eff2a65a301268eacd89f42abc1098c1f2de77b0832a" | |
2052 "65d7815feb35070063f221bb3453bd434386c9a3fde18e3ca1687fb649e86c51" | |
2053 "d658619dde5debb86fe15491ff77ab748373f1be508880d66ea81e870e91cdf1" | |
2054 "704875c17f0b10103188bc64eef5a3551b414c733670215b1a22702562581ab1"}, | |
2055 // PKCS#1 v1.5 Signature Example 1.17 | |
2056 {"eb1e5935", | |
2057 "370cb9839ae6074f84b2acd6e6f6b7921b4b523463757f6446716140c4e6c0e7" | |
2058 "5bec6ad0197ebfa86bf46d094f5f6cd36dca3a5cc73c8bbb70e2c7c9ab5d964e" | |
2059 "c8e3dfde481b4a1beffd01b4ad15b31ae7aebb9b70344a9411083165fdf9c375" | |
2060 "4bbb8b94dd34bd4813dfada1f6937de4267d5597ca09a31e83d7f1a79dd19b5e"}, | |
2061 // PKCS#1 v1.5 Signature Example 1.18 | |
2062 {"6346b153e889c8228209630071c8a57783f368760b8eb908cfc2b276", | |
2063 "2479c975c5b1ae4c4e940f473a9045b8bf5b0bfca78ec29a38dfbedc8a749b7a" | |
2064 "2692f7c52d5bc7c831c7232372a00fed3b6b49e760ec99e074ff2eead5134e83" | |
2065 "05725dfa39212b84bd4b8d80bc8bc17a512823a3beb18fc08e45ed19c26c8177" | |
2066 "07d67fb05832ef1f12a33e90cd93b8a780319e2963ca25a2af7b09ad8f595c21"}, | |
2067 // PKCS#1 v1.5 Signature Example 1.19 | |
2068 {"64702db9f825a0f3abc361974659f5e9d30c3aa4f56feac69050c72905e77fe0" | |
2069 "c22f88a378c21fcf45fe8a5c717302093929", | |
2070 "152f3451c858d69594e6567dfb31291c1ee7860b9d15ebd5a5edd276ac3e6f7a" | |
2071 "8d1480e42b3381d2be023acf7ebbdb28de3d2163ae44259c6df98c335d045b61" | |
2072 "dac9dba9dbbb4e6ab4a083cd76b580cbe472206a1a9fd60680ceea1a570a29b0" | |
2073 "881c775eaef5525d6d2f344c28837d0aca422bbb0f1aba8f6861ae18bd73fe44"}, | |
2074 // PKCS#1 v1.5 Signature Example 1.20 | |
2075 {"941921de4a1c9c1618d6f3ca3c179f6e29bae6ddf9a6a564f929e3ce82cf3265" | |
2076 "d7837d5e692be8dcc9e86c", | |
2077 "7076c287fc6fff2b20537435e5a3107ce4da10716186d01539413e609d27d1da" | |
2078 "6fd952c61f4bab91c045fa4f8683ecc4f8dde74227f773cff3d96db84718c494" | |
2079 "4b06affeba94b725f1b07d3928b2490a85c2f1abf492a9177a7cd2ea0c966875" | |
2080 "6f825bbec900fa8ac3824e114387ef573780ca334882387b94e5aad7a27a28dc"}}; | |
2081 | |
2082 // Import the key pair. | |
2083 blink::WebCryptoAlgorithm algorithm = CreateRsaAlgorithmWithInnerHash( | |
2084 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
2085 blink::WebCryptoAlgorithmIdSha1); | |
2086 blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); | |
2087 blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); | |
2088 EXPECT_TRUE(ImportRsaKeyPair( | |
2089 kPublicKeySpkiDerHex, | |
2090 kPrivateKeyPkcs8DerHex, | |
2091 algorithm, | |
2092 false, | |
2093 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, | |
2094 &public_key, | |
2095 &private_key)); | |
2096 | |
2097 // Validate the signatures are computed and verified as expected. | |
2098 blink::WebArrayBuffer signature; | |
2099 for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kTests); ++idx) { | |
2100 SCOPED_TRACE(idx); | |
2101 const TestCase& test = kTests[idx]; | |
2102 const std::vector<uint8> message = HexStringToBytes(test.message_hex); | |
2103 | |
2104 signature.reset(); | |
2105 ASSERT_TRUE(SignInternal(algorithm, private_key, message, &signature)); | |
2106 ExpectArrayBufferMatchesHex(test.signature_hex, signature); | |
2107 | |
2108 bool is_match = false; | |
2109 ASSERT_TRUE(VerifySignatureInternal( | |
2110 algorithm, | |
2111 public_key, | |
2112 HexStringToBytes(test.signature_hex), | |
2113 message, | |
2114 &is_match)); | |
2115 EXPECT_TRUE(is_match); | |
2116 } | |
2117 } | |
2118 | |
1727 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { | 2119 TEST_F(WebCryptoImplTest, MAYBE(AesKwKeyImport)) { |
1728 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 2120 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
1729 blink::WebCryptoAlgorithm algorithm = | 2121 blink::WebCryptoAlgorithm algorithm = |
1730 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); | 2122 webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw); |
1731 | 2123 |
1732 // Import a 128-bit Key Encryption Key (KEK) | 2124 // Import a 128-bit Key Encryption Key (KEK) |
1733 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; | 2125 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939"; |
1734 ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2126 ASSERT_TRUE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
1735 HexStringToBytes(key_raw_hex_in), | 2127 HexStringToBytes(key_raw_hex_in), |
1736 algorithm, | 2128 algorithm, |
(...skipping 64 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1801 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; | 2193 "72d4e475ff34215416c9ad9c8281247a4d730c5f275ac23f376e73e3bce8d7d5a"; |
1802 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | 2194 EXPECT_FALSE(ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
1803 HexStringToBytes(key_raw_hex_in), | 2195 HexStringToBytes(key_raw_hex_in), |
1804 algorithm, | 2196 algorithm, |
1805 true, | 2197 true, |
1806 blink::WebCryptoKeyUsageWrapKey, | 2198 blink::WebCryptoKeyUsageWrapKey, |
1807 &key)); | 2199 &key)); |
1808 } | 2200 } |
1809 | 2201 |
1810 } // namespace content | 2202 } // namespace content |
OLD | NEW |