[webcrypto] Add JWK import of RSA public key for NSS.

content/renderer/webcrypto/webcrypto_impl_unittest.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <algorithm>
 #include <string>
 #include <vector>
 
@@ skipping 31 matching lines @@
 std::vector<uint8> MakeJsonVector(const std::string& json_string) {
   return std::vector<uint8>(json_string.begin(), json_string.end());
 }
 
 std::vector<uint8> MakeJsonVector(const base::DictionaryValue& dict) {
   std::string json;
   base::JSONWriter::Write(&dict, &json);
   return MakeJsonVector(json);
 }
 
-// Helper for ImportJwkBadJwk; restores JWK JSON dictionary to a good state
-void RestoreDictionaryForImportBadJwkTest(base::DictionaryValue* dict) {
+// Helper for ImportJwkFailures and ImportJwkOctFailures. Restores the JWK JSON
+// dictionary to a good state
+void RestoreJwkOctDictionary(base::DictionaryValue* dict) {
   dict->Clear();
   dict->SetString("kty", "oct");
   dict->SetString("alg", "A128CBC");
   dict->SetString("use", "enc");
   dict->SetBoolean("extractable", false);
   dict->SetString("k", "GADWrMRHwQfoNaXU5fZvTg==");
 }
+
 #if !defined(USE_OPENSSL)
 
+// Helper for ImportJwkRsaFailures. Restores the JWK JSON
+// dictionary to a good state
+void RestoreJwkRsaDictionary(base::DictionaryValue* dict) {
+  dict->Clear();
+  dict->SetString("kty", "RSA");
+  dict->SetString("alg", "RSA1_5");
+  dict->SetString("use", "enc");
+  dict->SetBoolean("extractable", false);
+  dict->SetString("n",
+      "qLOyhK-OtQs4cDSoYPFGxJGfMYdjzWxVmMiuSBGh4KvEx-CwgtaTpef87Wdc9GaFEncsDLxk"
+      "p0LGxjD1M8jMcvYq6DPEC_JYQumEu3i9v5fAEH1VvbZi9cTg-rmEXLUUjvc5LdOq_5OuHmtm"
+      "e7PUJHYW1PW6ENTP0ibeiNOfFvs");
+  dict->SetString("e", "AQAB");
+}
+
 blink::WebCryptoAlgorithm CreateRsaKeyGenAlgorithm(
     blink::WebCryptoAlgorithmId algorithm_id,
     unsigned modulus_length,
     const std::vector<uint8>& public_exponent) {
   DCHECK(algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
          algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
          algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep);
   return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
       algorithm_id,
       new blink::WebCryptoRsaKeyGenParams(
@@ skipping 627 matching lines @@
       blink::WebCryptoKeyFormatRaw,
       HexStringToBytes("00000000000000000000"),
       blink::WebCryptoAlgorithm::createNull(),
       true,
       blink::WebCryptoKeyUsageEncrypt,
       &key));
 }
 
 #endif  //#if !defined(USE_OPENSSL)
 
-TEST_F(WebCryptoImplTest, ImportJwkBadJwk) {
+TEST_F(WebCryptoImplTest, ImportJwkFailures) {
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
 
   // Baseline pass: each test below breaks a single item, so we start with a
   // passing case to make sure each failure is caused by the isolated break.
   // Each breaking subtest below resets the dictionary to this passing case when
   // complete.
   base::DictionaryValue dict;
-  RestoreDictionaryForImportBadJwkTest(&dict);
-  std::vector<uint8> json_vec = MakeJsonVector(dict);
-  EXPECT_TRUE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+  EXPECT_TRUE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
 
   // Fail on empty JSON.
-  EXPECT_FALSE(
-      ImportKeyJwk(MakeJsonVector(""), algorithm, false, usage_mask, &key));
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(""), algorithm, false, usage_mask, &key));
 
   // Fail on invalid JSON.
   const std::vector<uint8> bad_json_vec = MakeJsonVector(
       "{"
         "\"kty\"         : \"oct\","
         "\"alg\"         : \"HS256\","
         "\"use\"         : "
   );
   EXPECT_FALSE(ImportKeyJwk(bad_json_vec, algorithm, false, usage_mask, &key));
 
   // Fail on JWK alg present but unrecognized.
   dict.SetString("alg", "A127CBC");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on both JWK and input algorithm missing.
   dict.Remove("alg", NULL);
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec,
+  EXPECT_FALSE(ImportKeyJwk(MakeJsonVector(dict),
                             blink::WebCryptoAlgorithm::createNull(),
                             false,
                             usage_mask,
                             &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid kty.
   dict.SetString("kty", "foo");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on missing kty.
   dict.Remove("kty", NULL);
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on invalid use.
   dict.SetString("use", "foo");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+}
 
-  // Fail on missing k when kty = "oct".
+TEST_F(WebCryptoImplTest, ImportJwkOctFailures) {
+
+  base::DictionaryValue dict;
+  RestoreJwkOctDictionary(&dict);
+  blink::WebCryptoAlgorithm algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
+  blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  // Baseline pass.
+  EXPECT_TRUE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  EXPECT_EQ(algorithm.id(), key.algorithm().id());
+  EXPECT_FALSE(key.extractable());
+  EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+  EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
+
+  // The following are specific failure cases for when kty = "oct".
+
+  // Fail on missing k.
   dict.Remove("k", NULL);
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on bad b64 encoding for k.
   dict.SetString("k", "Qk3f0DsytU8lfza2au #$% Htaw2xpop9GYyTuH0p5GghxTI=");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on empty k.
   dict.SetString("k", "");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
 
   // Fail on k actual length (120 bits) inconsistent with the embedded JWK alg
   // value (128) for an AES key.
   dict.SetString("k", "AVj42h0Y5aqGtE3yluKL");
-  json_vec = MakeJsonVector(dict);
-  EXPECT_FALSE(ImportKeyJwk(json_vec, algorithm, false, usage_mask, &key));
-  RestoreDictionaryForImportBadJwkTest(&dict);
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkOctDictionary(&dict);
+}
 
-  // TODO(padolph) RSA public key bad data:
-  // Missing n or e when kty = "RSA"
-  // Bad encoding for n or e
-  // Size check on n??
-  // Value check on e??
+#if !defined(USE_OPENSSL)
+
+TEST_F(WebCryptoImplTest, ImportJwkRsaFailures) {
+
+  base::DictionaryValue dict;
+  RestoreJwkRsaDictionary(&dict);
+  blink::WebCryptoAlgorithm algorithm =
+      webcrypto::CreateAlgorithm(blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+  blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageEncrypt;
+  blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+
+  // An RSA public key JWK _must_ have an "n" (modulus) and an "e" (exponent)
+  // entry, while an RSA private key must have those plus at least a "d"
+  // (private exponent) entry.
+  // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18,
+  // section 6.3.
+
+  // Baseline pass.
+  EXPECT_TRUE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  EXPECT_EQ(algorithm.id(), key.algorithm().id());
+  EXPECT_FALSE(key.extractable());
+  EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
+  EXPECT_EQ(blink::WebCryptoKeyTypePublic, key.type());
+
+  // The following are specific failure cases for when kty = "RSA".
+
+  // Fail if either "n" or "e" is not present or malformed.
+  const std::string kKtyParmName[] = {"n", "e"};
+  for (size_t idx = 0; idx < ARRAYSIZE_UNSAFE(kKtyParmName); ++idx) {
+
+    // Fail on missing parameter.
+    dict.Remove(kKtyParmName[idx], NULL);
+    EXPECT_FALSE(ImportKeyJwk(
+        MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+    RestoreJwkRsaDictionary(&dict);
+
+    // Fail on bad b64 parameter encoding.
+    dict.SetString(kKtyParmName[idx], "Qk3f0DsytU8lfza2au #$% Htaw2xpop9yTuH0");
+    EXPECT_FALSE(ImportKeyJwk(
+        MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+    RestoreJwkRsaDictionary(&dict);
+
+    // Fail on empty parameter.
+    dict.SetString(kKtyParmName[idx], "");
+    EXPECT_FALSE(ImportKeyJwk(
+        MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+    RestoreJwkRsaDictionary(&dict);
+  }
+
+  // Fail if "d" parameter is present, implying the JWK is a private key, which
+  // is not supported.
+  dict.SetString("d", "Qk3f0Dsyt");
+  EXPECT_FALSE(ImportKeyJwk(
+      MakeJsonVector(dict), algorithm, false, usage_mask, &key));
+  RestoreJwkRsaDictionary(&dict);
 }
 
+#endif  // #if !defined(USE_OPENSSL)
+
 TEST_F(WebCryptoImplTest, ImportJwkInputConsistency) {
   // The Web Crypto spec says that if a JWK value is present, but is
   // inconsistent with the input value, the operation must fail.
 
   // Consistency rules when JWK value is not present: Inputs should be used.
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
       webcrypto::CreateHmacAlgorithmByHashId(blink::WebCryptoAlgorithmIdSha256);
   blink::WebCryptoKeyUsageMask usage_mask = blink::WebCryptoKeyUsageVerify;
@@ skipping 82 matching lines @@
   EXPECT_FALSE(ImportKeyJwk(
       json_vec, algorithm, extractable, blink::WebCryptoKeyUsageEncrypt, &key));
 
   // Fail: Input usage_mask (encrypt|sign|verify) is not a subset of the JWK
   // value (sign|verify)
   usage_mask = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
                blink::WebCryptoKeyUsageVerify;
   EXPECT_FALSE(
       ImportKeyJwk(json_vec, algorithm, extractable, usage_mask, &key));
   usage_mask = blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
+
+  // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
+  // only certain alg values are permitted. For example, when kty = "RSA" alg
+  // must be of the RSA family, or when kty = "oct" alg must be symmetric
+  // algorithm.
 }
 
 TEST_F(WebCryptoImplTest, ImportJwkHappy) {
 
   // This test verifies the happy path of JWK import, including the application
   // of the imported key material.
 
   blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
   bool extractable = false;
   blink::WebCryptoAlgorithm algorithm =
@@ skipping 21 matching lines @@
 
   blink::WebArrayBuffer output;
 
   ASSERT_TRUE(SignInternal(algorithm, key, message_raw, &output));
 
   const std::string mac_raw =
       "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
 
   ExpectArrayBufferMatchesHex(mac_raw, output);
 
-  // TODO(padolph)
-  // Import an RSA public key JWK and use it
+  // TODO(padolph): Import an RSA public key JWK and use it
 }
 
 #if !defined(USE_OPENSSL)
 
 TEST_F(WebCryptoImplTest, ImportExportSpki) {
   // openssl genrsa -out pair.pem 2048
   // openssl rsa -in pair.pem -out pubkey.der -outform DER -pubout
   // xxd -p pubkey.der
   const std::string hex_rsa_spki_der =
       "30820122300d06092a864886f70d01010105000382010f003082010a0282"
@@ skipping 521 matching lines @@
       private_key,
       reinterpret_cast<const unsigned char*>(encrypted_data.data()),
       encrypted_data.byteLength(),
       &decrypted_data));
   ExpectArrayBufferMatchesHex(message_hex_str, decrypted_data);
 }
 
 #endif  // #if !defined(USE_OPENSSL)
 
 }  // namespace content