OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/stl_util.h" | 5 #include "base/stl_util.h" |
6 #include "content/child/webcrypto/algorithm_dispatch.h" | 6 #include "content/child/webcrypto/algorithm_dispatch.h" |
7 #include "content/child/webcrypto/crypto_data.h" | 7 #include "content/child/webcrypto/crypto_data.h" |
8 #include "content/child/webcrypto/jwk.h" | 8 #include "content/child/webcrypto/jwk.h" |
9 #include "content/child/webcrypto/status.h" | 9 #include "content/child/webcrypto/status.h" |
10 #include "content/child/webcrypto/test/test_helpers.h" | 10 #include "content/child/webcrypto/test/test_helpers.h" |
(...skipping 108 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
119 std::vector<uint8_t> expected_bytes = | 119 std::vector<uint8_t> expected_bytes = |
120 GetBytesFromHexString(test, "derived_bytes"); | 120 GetBytesFromHexString(test, "derived_bytes"); |
121 | 121 |
122 EXPECT_EQ(CryptoData(expected_bytes), CryptoData(derived_bytes)); | 122 EXPECT_EQ(CryptoData(expected_bytes), CryptoData(derived_bytes)); |
123 } | 123 } |
124 } | 124 } |
125 | 125 |
126 // Loads up a test ECDH public and private key for P-521. The keys | 126 // Loads up a test ECDH public and private key for P-521. The keys |
127 // come from different key pairs, and can be used for key derivation of up to | 127 // come from different key pairs, and can be used for key derivation of up to |
128 // 528 bits. | 128 // 528 bits. |
129 void LoadTestKeys(blink::WebCryptoKey* public_key, | 129 ::testing::AssertionResult LoadTestKeys(blink::WebCryptoKey* public_key, |
130 blink::WebCryptoKey* private_key) { | 130 blink::WebCryptoKey* private_key) { |
131 // Assume that the 7th key in the test data is for P-521. | |
132 scoped_ptr<base::ListValue> tests; | 131 scoped_ptr<base::ListValue> tests; |
133 ASSERT_TRUE(ReadJsonTestFileToList("ecdh.json", &tests)); | 132 if (!ReadJsonTestFileToList("ecdh.json", &tests)) |
| 133 return ::testing::AssertionFailure() << "Failed loading ecdh.json"; |
134 | 134 |
135 const base::DictionaryValue* test; | 135 const base::DictionaryValue* test = NULL; |
136 ASSERT_TRUE(tests->GetDictionary(6, &test)); | 136 bool valid_p521_keys = false; |
| 137 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) { |
| 138 SCOPED_TRACE(test_index); |
| 139 EXPECT_TRUE(tests->GetDictionary(test_index, &test)); |
| 140 test->GetBoolean("valid_p521_keys", &valid_p521_keys); |
| 141 if (valid_p521_keys) |
| 142 break; |
| 143 } |
| 144 if (!valid_p521_keys) { |
| 145 return ::testing::AssertionFailure() |
| 146 << "The P-521 test are missing in ecdh.json"; |
| 147 } |
137 | 148 |
138 ImportKeysFromTest(test, public_key, private_key); | 149 ImportKeysFromTest(test, public_key, private_key); |
139 | 150 |
140 ASSERT_EQ(blink::WebCryptoNamedCurveP521, | 151 EXPECT_EQ(blink::WebCryptoNamedCurveP521, |
141 public_key->algorithm().ecParams()->namedCurve()); | 152 public_key->algorithm().ecParams()->namedCurve()); |
| 153 |
| 154 return ::testing::AssertionSuccess(); |
142 } | 155 } |
143 | 156 |
144 // Try deriving an AES key of length 129 bits. | 157 // Try deriving an AES key of length 129 bits. |
145 TEST(WebCryptoEcdhTest, DeriveKeyBadAesLength) { | 158 TEST(WebCryptoEcdhTest, DeriveKeyBadAesLength) { |
146 if (!SupportsEcdh()) | 159 if (!SupportsEcdh()) |
147 return; | 160 return; |
148 | 161 |
149 blink::WebCryptoKey public_key; | 162 blink::WebCryptoKey public_key; |
150 blink::WebCryptoKey base_key; | 163 blink::WebCryptoKey base_key; |
151 LoadTestKeys(&public_key, &base_key); | 164 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
152 | 165 |
153 blink::WebCryptoKey derived_key; | 166 blink::WebCryptoKey derived_key; |
154 | 167 |
155 ASSERT_EQ(Status::ErrorGetAesKeyLength(), | 168 ASSERT_EQ(Status::ErrorGetAesKeyLength(), |
156 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 169 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
157 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 170 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
158 CreateAesGcmDerivedKeyParams(129), true, | 171 CreateAesGcmDerivedKeyParams(129), true, |
159 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 172 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
160 } | 173 } |
161 | 174 |
162 // Try deriving an AES key of length 192 bits. | 175 // Try deriving an AES key of length 192 bits. |
163 TEST(WebCryptoEcdhTest, DeriveKeyUnsupportedAesLength) { | 176 TEST(WebCryptoEcdhTest, DeriveKeyUnsupportedAesLength) { |
164 if (!SupportsEcdh()) | 177 if (!SupportsEcdh()) |
165 return; | 178 return; |
166 | 179 |
167 blink::WebCryptoKey public_key; | 180 blink::WebCryptoKey public_key; |
168 blink::WebCryptoKey base_key; | 181 blink::WebCryptoKey base_key; |
169 LoadTestKeys(&public_key, &base_key); | 182 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
170 | 183 |
171 blink::WebCryptoKey derived_key; | 184 blink::WebCryptoKey derived_key; |
172 | 185 |
173 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), | 186 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), |
174 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 187 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
175 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 188 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
176 CreateAesGcmDerivedKeyParams(192), true, | 189 CreateAesGcmDerivedKeyParams(192), true, |
177 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 190 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
178 } | 191 } |
179 | 192 |
180 // Try deriving an HMAC key of length 0 bits. | 193 // Try deriving an HMAC key of length 0 bits. |
181 TEST(WebCryptoEcdhTest, DeriveKeyZeroLengthHmac) { | 194 TEST(WebCryptoEcdhTest, DeriveKeyZeroLengthHmac) { |
182 if (!SupportsEcdh()) | 195 if (!SupportsEcdh()) |
183 return; | 196 return; |
184 | 197 |
185 blink::WebCryptoKey public_key; | 198 blink::WebCryptoKey public_key; |
186 blink::WebCryptoKey base_key; | 199 blink::WebCryptoKey base_key; |
187 LoadTestKeys(&public_key, &base_key); | 200 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
188 | 201 |
189 blink::WebCryptoKey derived_key; | 202 blink::WebCryptoKey derived_key; |
190 | 203 |
191 const blink::WebCryptoAlgorithm import_algorithm = | 204 const blink::WebCryptoAlgorithm import_algorithm = |
192 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); | 205 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0); |
193 | 206 |
194 ASSERT_EQ(Status::ErrorGetHmacKeyLengthZero(), | 207 ASSERT_EQ(Status::ErrorGetHmacKeyLengthZero(), |
195 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 208 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
196 import_algorithm, import_algorithm, true, | 209 import_algorithm, import_algorithm, true, |
197 blink::WebCryptoKeyUsageSign, &derived_key)); | 210 blink::WebCryptoKeyUsageSign, &derived_key)); |
198 } | 211 } |
199 | 212 |
200 // Derive an HMAC key of length 19 bits. | 213 // Derive an HMAC key of length 19 bits. |
201 TEST(WebCryptoEcdhTest, DeriveKeyHmac19Bits) { | 214 TEST(WebCryptoEcdhTest, DeriveKeyHmac19Bits) { |
202 if (!SupportsEcdh()) | 215 if (!SupportsEcdh()) |
203 return; | 216 return; |
204 | 217 |
205 blink::WebCryptoKey public_key; | 218 blink::WebCryptoKey public_key; |
206 blink::WebCryptoKey base_key; | 219 blink::WebCryptoKey base_key; |
207 LoadTestKeys(&public_key, &base_key); | 220 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
208 | 221 |
209 blink::WebCryptoKey derived_key; | 222 blink::WebCryptoKey derived_key; |
210 | 223 |
211 const blink::WebCryptoAlgorithm import_algorithm = | 224 const blink::WebCryptoAlgorithm import_algorithm = |
212 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 19); | 225 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 19); |
213 | 226 |
214 ASSERT_EQ(Status::Success(), | 227 ASSERT_EQ(Status::Success(), |
215 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 228 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
216 import_algorithm, import_algorithm, true, | 229 import_algorithm, import_algorithm, true, |
217 blink::WebCryptoKeyUsageSign, &derived_key)); | 230 blink::WebCryptoKeyUsageSign, &derived_key)); |
(...skipping 12 matching lines...) Expand all Loading... |
230 EXPECT_EQ(0, raw_key[raw_key.size() - 1] & 0x1f); | 243 EXPECT_EQ(0, raw_key[raw_key.size() - 1] & 0x1f); |
231 } | 244 } |
232 | 245 |
233 // Derive an HMAC key with no specified length (just the hash of SHA-256). | 246 // Derive an HMAC key with no specified length (just the hash of SHA-256). |
234 TEST(WebCryptoEcdhTest, DeriveKeyHmacSha256NoLength) { | 247 TEST(WebCryptoEcdhTest, DeriveKeyHmacSha256NoLength) { |
235 if (!SupportsEcdh()) | 248 if (!SupportsEcdh()) |
236 return; | 249 return; |
237 | 250 |
238 blink::WebCryptoKey public_key; | 251 blink::WebCryptoKey public_key; |
239 blink::WebCryptoKey base_key; | 252 blink::WebCryptoKey base_key; |
240 LoadTestKeys(&public_key, &base_key); | 253 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
241 | 254 |
242 blink::WebCryptoKey derived_key; | 255 blink::WebCryptoKey derived_key; |
243 | 256 |
244 const blink::WebCryptoAlgorithm import_algorithm = | 257 const blink::WebCryptoAlgorithm import_algorithm = |
245 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256); | 258 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256); |
246 | 259 |
247 ASSERT_EQ(Status::Success(), | 260 ASSERT_EQ(Status::Success(), |
248 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 261 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
249 import_algorithm, import_algorithm, true, | 262 import_algorithm, import_algorithm, true, |
250 blink::WebCryptoKeyUsageSign, &derived_key)); | 263 blink::WebCryptoKeyUsageSign, &derived_key)); |
(...skipping 18 matching lines...) Expand all Loading... |
269 // In practice, authors won't be directly generating keys from key agreement | 282 // In practice, authors won't be directly generating keys from key agreement |
270 // schemes, as that is frequently insecure, and instead be using KDFs to expand | 283 // schemes, as that is frequently insecure, and instead be using KDFs to expand |
271 // and generate keys. For simplicity of testing, however, test using an HMAC | 284 // and generate keys. For simplicity of testing, however, test using an HMAC |
272 // key. | 285 // key. |
273 TEST(WebCryptoEcdhTest, DeriveKeyHmacSha512NoLength) { | 286 TEST(WebCryptoEcdhTest, DeriveKeyHmacSha512NoLength) { |
274 if (!SupportsEcdh()) | 287 if (!SupportsEcdh()) |
275 return; | 288 return; |
276 | 289 |
277 blink::WebCryptoKey public_key; | 290 blink::WebCryptoKey public_key; |
278 blink::WebCryptoKey base_key; | 291 blink::WebCryptoKey base_key; |
279 LoadTestKeys(&public_key, &base_key); | 292 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
280 | 293 |
281 blink::WebCryptoKey derived_key; | 294 blink::WebCryptoKey derived_key; |
282 | 295 |
283 const blink::WebCryptoAlgorithm import_algorithm = | 296 const blink::WebCryptoAlgorithm import_algorithm = |
284 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512); | 297 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512); |
285 | 298 |
286 ASSERT_EQ(Status::ErrorEcdhLengthTooBig(528), | 299 ASSERT_EQ(Status::ErrorEcdhLengthTooBig(528), |
287 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 300 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
288 import_algorithm, import_algorithm, true, | 301 import_algorithm, import_algorithm, true, |
289 blink::WebCryptoKeyUsageSign, &derived_key)); | 302 blink::WebCryptoKeyUsageSign, &derived_key)); |
290 } | 303 } |
291 | 304 |
292 // Try deriving an AES key of length 128 bits. | 305 // Try deriving an AES key of length 128 bits. |
293 TEST(WebCryptoEcdhTest, DeriveKeyAes128) { | 306 TEST(WebCryptoEcdhTest, DeriveKeyAes128) { |
294 if (!SupportsEcdh()) | 307 if (!SupportsEcdh()) |
295 return; | 308 return; |
296 | 309 |
297 blink::WebCryptoKey public_key; | 310 blink::WebCryptoKey public_key; |
298 blink::WebCryptoKey base_key; | 311 blink::WebCryptoKey base_key; |
299 LoadTestKeys(&public_key, &base_key); | 312 ASSERT_TRUE(LoadTestKeys(&public_key, &base_key)); |
300 | 313 |
301 blink::WebCryptoKey derived_key; | 314 blink::WebCryptoKey derived_key; |
302 | 315 |
303 ASSERT_EQ(Status::Success(), | 316 ASSERT_EQ(Status::Success(), |
304 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, | 317 DeriveKey(CreateEcdhDeriveParams(public_key), base_key, |
305 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), | 318 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesGcm), |
306 CreateAesGcmDerivedKeyParams(128), true, | 319 CreateAesGcmDerivedKeyParams(128), true, |
307 blink::WebCryptoKeyUsageEncrypt, &derived_key)); | 320 blink::WebCryptoKeyUsageEncrypt, &derived_key)); |
308 | 321 |
309 ASSERT_EQ(blink::WebCryptoAlgorithmIdAesGcm, derived_key.algorithm().id()); | 322 ASSERT_EQ(blink::WebCryptoAlgorithmIdAesGcm, derived_key.algorithm().id()); |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
348 CryptoData(MakeJsonVector(*private_key_json)), | 361 CryptoData(MakeJsonVector(*private_key_json)), |
349 CreateEcdhImportAlgorithm(curve), true, | 362 CreateEcdhImportAlgorithm(curve), true, |
350 0, &key)); | 363 0, &key)); |
351 } | 364 } |
352 | 365 |
353 } // namespace | 366 } // namespace |
354 | 367 |
355 } // namespace webcrypto | 368 } // namespace webcrypto |
356 | 369 |
357 } // namespace content | 370 } // namespace content |
OLD | NEW |