Chromium Code Reviews Chromium Code Reviews
Issue 745443002:
Check that usage isn't empty when generateKey() is called (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "base/logging.h" | 5 #include "base/logging.h" |
| 6 #include "base/stl_util.h" | 6 #include "base/stl_util.h" |
| 7 #include "content/child/webcrypto/algorithm_dispatch.h" | 7 #include "content/child/webcrypto/algorithm_dispatch.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/status.h" | 9 #include "content/child/webcrypto/status.h" |
| 10 #include "content/child/webcrypto/test/test_helpers.h" | 10 #include "content/child/webcrypto/test/test_helpers.h" |
| (...skipping 327 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 338 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) | 338 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha256) |
| 339 const unsigned int modulus_length = 256; | 339 const unsigned int modulus_length = 256; |
| 340 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | 340 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); |
| 341 blink::WebCryptoAlgorithm algorithm = | 341 blink::WebCryptoAlgorithm algorithm = |
| 342 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 342 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 343 blink::WebCryptoAlgorithmIdSha256, | 343 blink::WebCryptoAlgorithmIdSha256, |
| 344 modulus_length, | 344 modulus_length, |
| 345 public_exponent); | 345 public_exponent); |
| 346 bool extractable = true; | 346 bool extractable = true; |
| 347 const blink::WebCryptoKeyUsageMask usages = 0; | 347 const blink::WebCryptoKeyUsageMask usages = 0; |
| 348 const blink::WebCryptoKeyUsageMask public_usages = | |
| 349 blink::WebCryptoKeyUsageVerify; | |
| 350 const blink::WebCryptoKeyUsageMask private_usages = | |
| 351 blink::WebCryptoKeyUsageSign; | |
| 348 blink::WebCryptoKey public_key; | 352 blink::WebCryptoKey public_key; |
| 349 blink::WebCryptoKey private_key; | 353 blink::WebCryptoKey private_key; |
| 350 | 354 |
| 351 EXPECT_EQ(Status::Success(), | 355 EXPECT_EQ(Status::Success(), |
| 352 GenerateKeyPair( | 356 GenerateKeyPair( |
| 353 algorithm, extractable, usages, &public_key, &private_key)); | 357 algorithm, extractable, |
| 354 EXPECT_FALSE(public_key.isNull()); | 358 public_usages | private_usages, |
| 355 EXPECT_FALSE(private_key.isNull()); | 359 &public_key, &private_key)); |
| 360 ASSERT_FALSE(public_key.isNull()); | |
| 361 ASSERT_FALSE(private_key.isNull()); | |
| 356 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 362 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 357 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 363 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 358 EXPECT_EQ(modulus_length, | 364 EXPECT_EQ(modulus_length, |
| 359 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 365 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 360 EXPECT_EQ(modulus_length, | 366 EXPECT_EQ(modulus_length, |
| 361 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 367 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 362 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 368 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 363 public_key.algorithm().rsaHashedParams()->hash().id()); | 369 public_key.algorithm().rsaHashedParams()->hash().id()); |
| 364 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, | 370 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256, |
| 365 private_key.algorithm().rsaHashedParams()->hash().id()); | 371 private_key.algorithm().rsaHashedParams()->hash().id()); |
| 366 EXPECT_TRUE(public_key.extractable()); | 372 EXPECT_TRUE(public_key.extractable()); |
| 367 EXPECT_EQ(extractable, private_key.extractable()); | 373 EXPECT_EQ(extractable, private_key.extractable()); |
| 368 EXPECT_EQ(usages, public_key.usages()); | 374 EXPECT_EQ(public_usages, public_key.usages()); |
| 369 EXPECT_EQ(usages, private_key.usages()); | 375 EXPECT_EQ(private_usages, private_key.usages()); |
| 370 | 376 |
| 371 // Try exporting the generated key pair, and then re-importing to verify that | 377 // Try exporting the generated key pair, and then re-importing to verify that |
| 372 // the exported data was valid. | 378 // the exported data was valid. |
| 373 std::vector<uint8_t> public_key_spki; | 379 std::vector<uint8_t> public_key_spki; |
| 374 EXPECT_EQ( | 380 EXPECT_EQ( |
| 375 Status::Success(), | 381 Status::Success(), |
| 376 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); | 382 ExportKey(blink::WebCryptoKeyFormatSpki, public_key, &public_key_spki)); |
| 377 | 383 |
| 378 if (SupportsRsaPrivateKeyImport()) { | 384 if (SupportsRsaPrivateKeyImport()) { |
| 379 public_key = blink::WebCryptoKey::createNull(); | 385 public_key = blink::WebCryptoKey::createNull(); |
| 380 EXPECT_EQ(Status::Success(), | 386 ASSERT_EQ(Status::Success(), |
| 381 ImportKey(blink::WebCryptoKeyFormatSpki, | 387 ImportKey(blink::WebCryptoKeyFormatSpki, |
| 382 CryptoData(public_key_spki), | 388 CryptoData(public_key_spki), |
| 383 CreateRsaHashedImportAlgorithm( | 389 CreateRsaHashedImportAlgorithm( |
| 384 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 390 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 385 blink::WebCryptoAlgorithmIdSha256), | 391 blink::WebCryptoAlgorithmIdSha256), |
| 386 true, | 392 true, |
| 387 usages, | 393 usages, |
| 388 &public_key)); | 394 &public_key)); |
| 389 EXPECT_EQ(modulus_length, | 395 EXPECT_EQ(modulus_length, |
| 390 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 396 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 391 | 397 |
| 392 std::vector<uint8_t> private_key_pkcs8; | 398 std::vector<uint8_t> private_key_pkcs8; |
| 393 EXPECT_EQ( | 399 EXPECT_EQ( |
| 394 Status::Success(), | 400 Status::Success(), |
| 395 ExportKey( | 401 ExportKey( |
| 396 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); | 402 blink::WebCryptoKeyFormatPkcs8, private_key, &private_key_pkcs8)); |
| 397 private_key = blink::WebCryptoKey::createNull(); | 403 private_key = blink::WebCryptoKey::createNull(); |
| 398 EXPECT_EQ(Status::Success(), | 404 ASSERT_EQ(Status::Success(), |
| 399 ImportKey(blink::WebCryptoKeyFormatPkcs8, | 405 ImportKey(blink::WebCryptoKeyFormatPkcs8, |
| 400 CryptoData(private_key_pkcs8), | 406 CryptoData(private_key_pkcs8), |
| 401 CreateRsaHashedImportAlgorithm( | 407 CreateRsaHashedImportAlgorithm( |
| 402 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 408 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 403 blink::WebCryptoAlgorithmIdSha256), | 409 blink::WebCryptoAlgorithmIdSha256), |
| 404 true, | 410 true, |
| 405 usages, | 411 private_usages, |
| 406 &private_key)); | 412 &private_key)); |
| 407 EXPECT_EQ(modulus_length, | 413 EXPECT_EQ(modulus_length, |
| 408 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 414 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 409 } | 415 } |
| 410 | 416 |
| 411 // Fail with bad modulus. | 417 // Fail with bad modulus. |
| 412 algorithm = | 418 algorithm = |
| 413 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 419 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 414 blink::WebCryptoAlgorithmIdSha256, | 420 blink::WebCryptoAlgorithmIdSha256, |
| 415 0, | 421 0, |
| (...skipping 39 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 455 // Key generation success using exponent with leading zeros. | 461 // Key generation success using exponent with leading zeros. |
| 456 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), | 462 exponent_with_leading_zeros.insert(exponent_with_leading_zeros.end(), |
| 457 public_exponent.begin(), | 463 public_exponent.begin(), |
| 458 public_exponent.end()); | 464 public_exponent.end()); |
| 459 algorithm = | 465 algorithm = |
| 460 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 466 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 461 blink::WebCryptoAlgorithmIdSha256, | 467 blink::WebCryptoAlgorithmIdSha256, |
| 462 modulus_length, | 468 modulus_length, |
| 463 exponent_with_leading_zeros); | 469 exponent_with_leading_zeros); |
| 464 EXPECT_EQ(Status::Success(), | 470 EXPECT_EQ(Status::Success(), |
| 465 GenerateKeyPair( | 471 GenerateKeyPair(algorithm, extractable, |
| 466 algorithm, extractable, usages, &public_key, &private_key)); | 472 public_usages | private_usages, &public_key, |
| 473 &private_key)); | |
| 467 EXPECT_FALSE(public_key.isNull()); | 474 EXPECT_FALSE(public_key.isNull()); |
| 468 EXPECT_FALSE(private_key.isNull()); | 475 EXPECT_FALSE(private_key.isNull()); |
| 469 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 476 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 470 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 477 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 471 EXPECT_TRUE(public_key.extractable()); | 478 EXPECT_TRUE(public_key.extractable()); |
| 472 EXPECT_EQ(extractable, private_key.extractable()); | 479 EXPECT_EQ(extractable, private_key.extractable()); |
| 473 EXPECT_EQ(usages, public_key.usages()); | 480 EXPECT_EQ(public_usages, public_key.usages()); |
| 474 EXPECT_EQ(usages, private_key.usages()); | 481 EXPECT_EQ(private_usages, private_key.usages()); |
| 475 | 482 |
| 476 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha1) | 483 // Successful WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 key generation (sha1) |
| 477 algorithm = | 484 algorithm = |
| 478 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 485 CreateRsaHashedKeyGenAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 479 blink::WebCryptoAlgorithmIdSha1, | 486 blink::WebCryptoAlgorithmIdSha1, |
| 480 modulus_length, | 487 modulus_length, |
| 481 public_exponent); | 488 public_exponent); |
| 482 EXPECT_EQ( | 489 EXPECT_EQ( |
| 483 Status::Success(), | 490 Status::Success(), |
| 484 GenerateKeyPair(algorithm, false, usages, &public_key, &private_key)); | 491 GenerateKeyPair(algorithm, false, public_usages | private_usages, |
| 492 &public_key, &private_key)); | |
| 485 EXPECT_FALSE(public_key.isNull()); | 493 EXPECT_FALSE(public_key.isNull()); |
| 486 EXPECT_FALSE(private_key.isNull()); | 494 EXPECT_FALSE(private_key.isNull()); |
| 487 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); | 495 EXPECT_EQ(blink::WebCryptoKeyTypePublic, public_key.type()); |
| 488 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); | 496 EXPECT_EQ(blink::WebCryptoKeyTypePrivate, private_key.type()); |
| 489 EXPECT_EQ(modulus_length, | 497 EXPECT_EQ(modulus_length, |
| 490 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 498 public_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 491 EXPECT_EQ(modulus_length, | 499 EXPECT_EQ(modulus_length, |
| 492 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); | 500 private_key.algorithm().rsaHashedParams()->modulusLengthBits()); |
| 493 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 501 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 494 public_key.algorithm().rsaHashedParams()->hash().id()); | 502 public_key.algorithm().rsaHashedParams()->hash().id()); |
| 495 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, | 503 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1, |
| 496 private_key.algorithm().rsaHashedParams()->hash().id()); | 504 private_key.algorithm().rsaHashedParams()->hash().id()); |
| 497 // Even though "extractable" was set to false, the public key remains | 505 // Even though "extractable" was set to false, the public key remains |
| 498 // extractable. | 506 // extractable. |
| 499 EXPECT_TRUE(public_key.extractable()); | 507 EXPECT_TRUE(public_key.extractable()); |
| 500 EXPECT_FALSE(private_key.extractable()); | 508 EXPECT_FALSE(private_key.extractable()); |
| 501 EXPECT_EQ(usages, public_key.usages()); | 509 EXPECT_EQ(public_usages, public_key.usages()); |
| 502 EXPECT_EQ(usages, private_key.usages()); | 510 EXPECT_EQ(private_usages, private_key.usages()); |
| 503 | 511 |
| 504 // Exporting a private key as SPKI format doesn't make sense. However this | 512 // Exporting a private key as SPKI format doesn't make sense. However this |
| 505 // will first fail because the key is not extractable. | 513 // will first fail because the key is not extractable. |
| 506 std::vector<uint8_t> output; | 514 std::vector<uint8_t> output; |
| 507 EXPECT_EQ(Status::ErrorKeyNotExtractable(), | 515 EXPECT_EQ(Status::ErrorKeyNotExtractable(), |
| 508 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 516 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 509 | 517 |
| 510 // Re-generate an extractable private_key and try to export it as SPKI format. | 518 // Re-generate an extractable private_key and try to export it as SPKI format. |
| 511 // This should fail since spki is for public keys. | 519 // This should fail since spki is for public keys. |
| 512 EXPECT_EQ( | 520 EXPECT_EQ( |
| 513 Status::Success(), | 521 Status::Success(), |
| 514 GenerateKeyPair(algorithm, true, usages, &public_key, &private_key)); | 522 GenerateKeyPair(algorithm, true, public_usages | private_usages, |
| 523 &public_key, &private_key)); | |
| 515 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), | 524 EXPECT_EQ(Status::ErrorUnexpectedKeyType(), |
| 516 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); | 525 ExportKey(blink::WebCryptoKeyFormatSpki, private_key, &output)); |
| 517 } | 526 } |
| 518 | 527 |
| 519 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadModulusLength) { | 528 TEST(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadModulusLength) { |
| 520 const unsigned int kBadModulusBits[] = { | 529 const unsigned int kBadModulusBits[] = { |
| 521 0, | 530 0, |
| 522 248, // Too small. | 531 248, // Too small. |
| 523 257, // Not a multiple of 8. | 532 257, // Not a multiple of 8. |
| 524 1023, // Not a multiple of 8. | 533 1023, // Not a multiple of 8. |
| (...skipping 360 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 885 public_exponent), | 894 public_exponent), |
| 886 true, | 895 true, |
| 887 blink::WebCryptoKeyUsageSign, | 896 blink::WebCryptoKeyUsageSign, |
| 888 &public_key, | 897 &public_key, |
| 889 &private_key)); | 898 &private_key)); |
| 890 | 899 |
| 891 EXPECT_EQ(0, public_key.usages()); | 900 EXPECT_EQ(0, public_key.usages()); |
| 892 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); | 901 EXPECT_EQ(blink::WebCryptoKeyUsageSign, private_key.usages()); |
| 893 } | 902 } |
| 894 | 903 |
| 904 TEST(WebCryptoRsaSsaTest, GenerateKeyPairEmptyUsages) { | |
| 905 const unsigned int modulus_length = 256; | |
| 906 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001"); | |
| 907 | |
| 908 blink::WebCryptoKey public_key; | |
| 909 blink::WebCryptoKey private_key; | |
| 910 | |
| 911 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(), | |
| 912 GenerateKeyPair( | |
| 913 CreateRsaHashedKeyGenAlgorithm( | |
| 914 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | |
| 915 blink::WebCryptoAlgorithmIdSha256, | |
| 916 modulus_length, | |
| 917 public_exponent), | |
| 918 true, 0, &public_key, &private_key)); | |
| 919 } | |
| 920 | |
| 895 TEST(WebCryptoRsaSsaTest, ImportExportJwkRsaPublicKey) { | 921 TEST(WebCryptoRsaSsaTest, ImportExportJwkRsaPublicKey) { |
| 896 struct TestCase { | 922 struct TestCase { |
| 897 const blink::WebCryptoAlgorithmId hash; | 923 const blink::WebCryptoAlgorithmId hash; |
| 898 const blink::WebCryptoKeyUsageMask usage; | 924 const blink::WebCryptoKeyUsageMask usage; |
| 899 const char* const jwk_alg; | 925 const char* const jwk_alg; |
| 900 }; | 926 }; |
| 901 const TestCase kTests[] = { | 927 const TestCase kTests[] = { |
| 902 {blink::WebCryptoAlgorithmIdSha1, blink::WebCryptoKeyUsageVerify, "RS1"}, | 928 {blink::WebCryptoAlgorithmIdSha1, blink::WebCryptoKeyUsageVerify, "RS1"}, |
| 903 {blink::WebCryptoAlgorithmIdSha256, blink::WebCryptoKeyUsageVerify, | 929 {blink::WebCryptoAlgorithmIdSha256, blink::WebCryptoKeyUsageVerify, |
| 904 "RS256"}, | 930 "RS256"}, |
| (...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 1044 | 1070 |
| 1045 const base::DictionaryValue* test; | 1071 const base::DictionaryValue* test; |
| 1046 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); | 1072 ASSERT_TRUE(tests->GetDictionary(test_index, &test)); |
| 1047 | 1073 |
| 1048 blink::WebCryptoKeyFormat key_format = GetKeyFormatFromJsonTestCase(test); | 1074 blink::WebCryptoKeyFormat key_format = GetKeyFormatFromJsonTestCase(test); |
| 1049 std::vector<uint8_t> key_data = | 1075 std::vector<uint8_t> key_data = |
| 1050 GetKeyDataFromJsonTestCase(test, key_format); | 1076 GetKeyDataFromJsonTestCase(test, key_format); |
| 1051 std::string test_error; | 1077 std::string test_error; |
| 1052 ASSERT_TRUE(test->GetString("error", &test_error)); | 1078 ASSERT_TRUE(test->GetString("error", &test_error)); |
| 1053 | 1079 |
| 1080 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign; | |
| 1081 if (key_format == blink::WebCryptoKeyFormatSpki) { | |
|
eroman
2014/11/20 23:40:10
Omit the curlies.
nharper
2014/11/21 22:12:01
Done.
| |
| 1082 usages = blink::WebCryptoKeyUsageVerify; | |
| 1083 } | |
| 1054 blink::WebCryptoKey key; | 1084 blink::WebCryptoKey key; |
| 1055 Status status = ImportKey(key_format, CryptoData(key_data), | 1085 Status status = ImportKey(key_format, CryptoData(key_data), |
| 1056 CreateRsaHashedImportAlgorithm( | 1086 CreateRsaHashedImportAlgorithm( |
| 1057 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, | 1087 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, |
| 1058 blink::WebCryptoAlgorithmIdSha256), | 1088 blink::WebCryptoAlgorithmIdSha256), |
| 1059 true, 0, &key); | 1089 true, usages, &key); |
| 1060 EXPECT_EQ(test_error, StatusToString(status)); | 1090 EXPECT_EQ(test_error, StatusToString(status)); |
| 1061 } | 1091 } |
| 1062 } | 1092 } |
| 1063 | 1093 |
| 1064 } // namespace | 1094 } // namespace |
| 1065 | 1095 |
| 1066 } // namespace webcrypto | 1096 } // namespace webcrypto |
| 1067 | 1097 |
| 1068 } // namespace content | 1098 } // namespace content |
| OLD | NEW |
