// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include <stddef.h> #include <stdint.h> #include <string_view> #include "base/check_op.h" #include "base/containers/span.h" #include "base/strings/string_util.h" #include "base/values.h" #include "components/webcrypto/algorithm_dispatch.h" #include "components/webcrypto/algorithms/test_helpers.h" #include "components/webcrypto/status.h" #include "testing/gtest/include/gtest/gtest.h" #include "third_party/blink/public/platform/web_crypto_algorithm_params.h" #include "third_party/blink/public/platform/web_crypto_key.h" #include "third_party/blink/public/platform/web_crypto_key_algorithm.h" namespace webcrypto { namespace { // Helper for ImportJwkRsaFailures. Restores the JWK JSON // dictionary to a good state base::Value::Dict BuildTestJwkPublicKey() { … } base::Value::Dict BuildTestJwkPrivateKey() { … } void SwapDictMembers(base::Value::Dict& d, const char* a, const char* b) { … } std::string FlipHexByte(std::string_view hex, size_t index) { … } blink::WebCryptoAlgorithm RS256Algorithm() { … } blink::WebCryptoKey ImportJwkRS256OrDie(std::string_view jwk) { … } blink::WebCryptoKey ImportJwkRS256OrDie(const base::Value::Dict& jwk) { … } Status ImportJwkRS256MustFail(std::string_view jwk) { … } Status ImportJwkRS256MustFail(const base::Value::Dict& jwk) { … } Status ImportSpkiRS256MustFail(std::string_view spki) { … } Status ImportPkcs8RS256MustFail(std::string_view pkcs8) { … } std::vector<uint8_t> ExportPkcs8OrDie(blink::WebCryptoKey key) { … } class WebCryptoRsaSsaTest : public WebCryptoTestBase { … }; TEST_F(WebCryptoRsaSsaTest, ImportExportSpki) { … } TEST_F(WebCryptoRsaSsaTest, ImportExportPkcs8) { … } // Tests JWK import and export by doing a roundtrip key conversion and ensuring // it was lossless: // // PKCS8 --> JWK --> PKCS8 TEST_F(WebCryptoRsaSsaTest, ImportRsaPrivateKeyJwkToPkcs8RoundTrip) { … } const char kRsa512Jwk_0[] = …; // Note that the first letter of "d" has been changed. const char kRsa512Jwk_0_Damaged[] = …; const char kRsa512Pkcs8_0[] = …; const char kRsa512Jwk_1[] = …; const char kRsa512Pkcs8_1[] = …; // This is a regression test for http://crbug.com/378315, for which importing // a sequence of keys from JWK could yield the wrong key. The first key would // be imported correctly, however every key after that would actually import // the first key. TEST_F(WebCryptoRsaSsaTest, ImportMultipleRsaKeysJwk) { … } // Import an RSA private key using JWK. Next import a JWK containing the same // modulus, but mismatched parameters for the rest. It should NOT be possible // that the second import retrieves the first key. See http://crbug.com/378315 // for how that could happen. TEST_F(WebCryptoRsaSsaTest, ImportCorruptKeyReusedModulus) { … } TEST_F(WebCryptoRsaSsaTest, GenerateKeyPairRsa) { … } TEST_F(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadModulusLength) { … } // Try generating RSA key pairs using unsupported public exponents. Only // exponents of 3 and 65537 are supported. Although OpenSSL can support other // values, it can also hang when given invalid exponents. To avoid hanging, use // a whitelist of known safe exponents. TEST_F(WebCryptoRsaSsaTest, GenerateKeyPairRsaBadExponent) { … } TEST_F(WebCryptoRsaSsaTest, SignVerifyFailures) { … } // Try importing an RSA-SSA public key with unsupported key usages using SPKI // format. RSA-SSA public keys only support the 'verify' usage. TEST_F(WebCryptoRsaSsaTest, ImportRsaSsaPublicKeyBadUsage_SPKI) { … } // Try importing an RSA-SSA public key with unsupported key usages using JWK // format. RSA-SSA public keys only support the 'verify' usage. TEST_F(WebCryptoRsaSsaTest, ImportRsaSsaPublicKeyBadUsage_JWK) { … } // Generate an RSA-SSA key pair with invalid usages. RSA-SSA supports: // 'sign', 'verify' TEST_F(WebCryptoRsaSsaTest, GenerateKeyBadUsages) { … } // Generate an RSA-SSA key pair. The public and private keys should select the // key usages which are applicable, and not have the exact same usages as was // specified to GenerateKey TEST_F(WebCryptoRsaSsaTest, GenerateKeyPairIntersectUsages) { … } TEST_F(WebCryptoRsaSsaTest, GenerateKeyPairEmptyUsages) { … } TEST_F(WebCryptoRsaSsaTest, ImportKeyEmptyUsages) { … } TEST_F(WebCryptoRsaSsaTest, ImportExportJwkRsaPublicKey) { … } TEST_F(WebCryptoRsaSsaTest, ImportJwkRsaFailures) { … } // Try importing an RSA-SSA key from JWK format, having specified both Sign and // Verify usage, AND an invalid JWK. // // Parsing the invalid JWK will fail before the usage check is done. TEST_F(WebCryptoRsaSsaTest, ImportRsaSsaJwkBadUsageAndData) { … } TEST_F(WebCryptoRsaSsaTest, ImportValidJwkPrivateKey) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_SwapPQ) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_SwapPQDPDQ) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_MissingMostOptionals) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_MissingAllOptionals) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_LeadingZeroesOnE) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_Base64PaddingInD) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_Base64UrlInN) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidJwkPrivateKey_Base64UrlInDQ) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidSpki_Empty) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidSpki_BadDER) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidSpki_NotRSA) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidSpki_TrailingData) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_Empty) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_BadDER) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_CRTValuesAreZero) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_NotRSA) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_TrailingData) { … } TEST_F(WebCryptoRsaSsaTest, ImportInvalidPkcs8_CorruptFields) { … } } // namespace } // namespace webcrypto
Codebase Browser
chromium