search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Allow only one bookmark to be added for multiple fast starring
[chromium-blink-merge.git] / components / webcrypto / test / hmac_unittest.cc
blobf00c76433a43d8094d0c0927b08460c46783caa7
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/logging.h"
6 #include "base/stl_util.h"
7 #include "components/webcrypto/algorithm_dispatch.h"
8 #include "components/webcrypto/crypto_data.h"
9 #include "components/webcrypto/status.h"
10 #include "components/webcrypto/test/test_helpers.h"
11 #include "components/webcrypto/webcrypto_util.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
15
16 namespace webcrypto {
17
18 namespace {
19
20 // Creates an HMAC algorithm whose parameters struct is compatible with key
21 // generation. It is an error to call this with a hash_id that is not a SHA*.
22 // The key_length_bits parameter is optional, with zero meaning unspecified.
23 blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
24 blink::WebCryptoAlgorithmId hash_id,
25 unsigned int key_length_bits) {
26 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
27 // key_length_bytes == 0 means unspecified
28 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
29 blink::WebCryptoAlgorithmIdHmac,
30 new blink::WebCryptoHmacKeyGenParams(
31 CreateAlgorithm(hash_id), (key_length_bits != 0), key_length_bits));
32 }
33
34 blink::WebCryptoAlgorithm CreateHmacImportAlgorithmWithLength(
35 blink::WebCryptoAlgorithmId hash_id,
36 unsigned int length_bits) {
37 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
38 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
39 blink::WebCryptoAlgorithmIdHmac,
40 new blink::WebCryptoHmacImportParams(CreateAlgorithm(hash_id), true,
41 length_bits));
42 }
43
44 TEST(WebCryptoHmacTest, HMACSampleSets) {
45 scoped_ptr<base::ListValue> tests;
46 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
47 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
48 SCOPED_TRACE(test_index);
49 base::DictionaryValue* test;
50 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
51
52 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
53 const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
54 const std::vector<uint8_t> test_message =
55 GetBytesFromHexString(test, "message");
56 const std::vector<uint8_t> test_mac = GetBytesFromHexString(test, "mac");
57
58 blink::WebCryptoAlgorithm algorithm =
59 CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
60
61 blink::WebCryptoAlgorithm import_algorithm =
62 CreateHmacImportAlgorithmNoLength(test_hash.id());
63
64 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
65 test_key, import_algorithm,
66 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
67
68 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
69 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
70
71 // Verify exported raw key is identical to the imported data
72 std::vector<uint8_t> raw_key;
73 EXPECT_EQ(Status::Success(),
74 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
75 EXPECT_BYTES_EQ(test_key, raw_key);
76
77 std::vector<uint8_t> output;
78
79 ASSERT_EQ(Status::Success(),
80 Sign(algorithm, key, CryptoData(test_message), &output));
81
82 EXPECT_BYTES_EQ(test_mac, output);
83
84 bool signature_match = false;
85 EXPECT_EQ(Status::Success(),
86 Verify(algorithm, key, CryptoData(output),
87 CryptoData(test_message), &signature_match));
88 EXPECT_TRUE(signature_match);
89
90 // Ensure truncated signature does not verify by passing one less byte.
91 EXPECT_EQ(Status::Success(),
92 Verify(algorithm, key,
93 CryptoData(vector_as_array(&output),
94 static_cast<unsigned int>(output.size()) - 1),
95 CryptoData(test_message), &signature_match));
96 EXPECT_FALSE(signature_match);
97
98 // Ensure truncated signature does not verify by passing no bytes.
99 EXPECT_EQ(Status::Success(),
100 Verify(algorithm, key, CryptoData(), CryptoData(test_message),
101 &signature_match));
102 EXPECT_FALSE(signature_match);
103
104 // Ensure extra long signature does not cause issues and fails.
105 const unsigned char kLongSignature[1024] = {0};
106 EXPECT_EQ(Status::Success(),
107 Verify(algorithm, key,
108 CryptoData(kLongSignature, sizeof(kLongSignature)),
109 CryptoData(test_message), &signature_match));
110 EXPECT_FALSE(signature_match);
111 }
112 }
113
114 TEST(WebCryptoHmacTest, GenerateKeyIsRandom) {
115 // Generate a small sample of HMAC keys.
116 std::vector<std::vector<uint8_t>> keys;
117 for (int i = 0; i < 16; ++i) {
118 std::vector<uint8_t> key_bytes;
119 blink::WebCryptoKey key;
120 blink::WebCryptoAlgorithm algorithm =
121 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
122 ASSERT_EQ(
123 Status::Success(),
124 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
125 EXPECT_FALSE(key.isNull());
126 EXPECT_TRUE(key.handle());
127 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
128 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
129 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
130 key.algorithm().hmacParams()->hash().id());
131 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
132
133 std::vector<uint8_t> raw_key;
134 ASSERT_EQ(Status::Success(),
135 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
136 EXPECT_EQ(64U, raw_key.size());
137 keys.push_back(raw_key);
138 }
139 // Ensure all entries in the key sample set are unique. This is a simplistic
140 // estimate of whether the generated keys appear random.
141 EXPECT_FALSE(CopiesExist(keys));
142 }
143
144 // If the key length is not provided, then the block size is used.
145 TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha1) {
146 blink::WebCryptoKey key;
147 blink::WebCryptoAlgorithm algorithm =
148 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
149 ASSERT_EQ(
150 Status::Success(),
151 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
152 EXPECT_TRUE(key.handle());
153 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
154 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
155 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
156 key.algorithm().hmacParams()->hash().id());
157 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
158 std::vector<uint8_t> raw_key;
159 ASSERT_EQ(Status::Success(),
160 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
161 EXPECT_EQ(64U, raw_key.size());
162 }
163
164 // If the key length is not provided, then the block size is used.
165 TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha512) {
166 blink::WebCryptoKey key;
167 blink::WebCryptoAlgorithm algorithm =
168 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
169 ASSERT_EQ(
170 Status::Success(),
171 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
172 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
173 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
174 key.algorithm().hmacParams()->hash().id());
175 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
176 std::vector<uint8_t> raw_key;
177 ASSERT_EQ(Status::Success(),
178 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
179 EXPECT_EQ(128U, raw_key.size());
180 }
181
182 TEST(WebCryptoHmacTest, GenerateKeyEmptyUsage) {
183 blink::WebCryptoKey key;
184 blink::WebCryptoAlgorithm algorithm =
185 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
186 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
187 GenerateSecretKey(algorithm, true, 0, &key));
188 }
189
190 // Generate a 1 bit key. The exported key is 1 byte long, and 7 of the bits are
191 // guaranteed to be zero.
192 TEST(WebCryptoHmacTest, Generate1BitKey) {
193 blink::WebCryptoKey key;
194 blink::WebCryptoAlgorithm algorithm =
195 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 1);
196
197 ASSERT_EQ(
198 Status::Success(),
199 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
200 EXPECT_EQ(1u, key.algorithm().hmacParams()->lengthBits());
201
202 std::vector<uint8_t> raw_key;
203 ASSERT_EQ(Status::Success(),
204 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
205 ASSERT_EQ(1U, raw_key.size());
206
207 EXPECT_FALSE(raw_key[0] & 0x7F);
208 }
209
210 TEST(WebCryptoHmacTest, ImportKeyEmptyUsage) {
211 blink::WebCryptoKey key;
212 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
213 EXPECT_EQ(Status::ErrorCreateKeyEmptyUsages(),
214 ImportKey(blink::WebCryptoKeyFormatRaw,
215 CryptoData(HexStringToBytes(key_raw_hex_in)),
216 CreateHmacImportAlgorithmNoLength(
217 blink::WebCryptoAlgorithmIdSha1),
218 true, 0, &key));
219 }
220
221 TEST(WebCryptoHmacTest, ImportKeyJwkKeyOpsSignVerify) {
222 blink::WebCryptoKey key;
223 base::DictionaryValue dict;
224 dict.SetString("kty", "oct");
225 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
226 base::ListValue* key_ops = new base::ListValue;
227 dict.Set("key_ops", key_ops); // Takes ownership.
228
229 key_ops->AppendString("sign");
230
231 EXPECT_EQ(Status::Success(),
232 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
233 blink::WebCryptoAlgorithmIdSha256),
234 false, blink::WebCryptoKeyUsageSign, &key));
235
236 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
237
238 key_ops->AppendString("verify");
239
240 EXPECT_EQ(Status::Success(),
241 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
242 blink::WebCryptoAlgorithmIdSha256),
243 false, blink::WebCryptoKeyUsageVerify, &key));
244
245 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
246 }
247
248 // Test 'use' inconsistent with 'key_ops'.
249 TEST(WebCryptoHmacTest, ImportKeyJwkUseInconsisteWithKeyOps) {
250 blink::WebCryptoKey key;
251 base::DictionaryValue dict;
252 dict.SetString("kty", "oct");
253 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
254 base::ListValue* key_ops = new base::ListValue;
255 dict.Set("key_ops", key_ops); // Takes ownership.
256
257 dict.SetString("alg", "HS256");
258 dict.SetString("use", "sig");
259 key_ops->AppendString("sign");
260 key_ops->AppendString("verify");
261 key_ops->AppendString("encrypt");
262 EXPECT_EQ(
263 Status::ErrorJwkUseAndKeyopsInconsistent(),
264 ImportKeyJwkFromDict(
265 dict,
266 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
267 false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
268 &key));
269 }
270
271 // Test JWK composite 'sig' use
272 TEST(WebCryptoHmacTest, ImportKeyJwkUseSig) {
273 blink::WebCryptoKey key;
274 base::DictionaryValue dict;
275 dict.SetString("kty", "oct");
276 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
277
278 dict.SetString("use", "sig");
279 EXPECT_EQ(
280 Status::Success(),
281 ImportKeyJwkFromDict(
282 dict,
283 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
284 false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
285 &key));
286
287 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
288 key.usages());
289 }
290
291 TEST(WebCryptoHmacTest, ImportJwkInputConsistency) {
292 // The Web Crypto spec says that if a JWK value is present, but is
293 // inconsistent with the input value, the operation must fail.
294
295 // Consistency rules when JWK value is not present: Inputs should be used.
296 blink::WebCryptoKey key;
297 bool extractable = false;
298 blink::WebCryptoAlgorithm algorithm =
299 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
300 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageVerify;
301 base::DictionaryValue dict;
302 dict.SetString("kty", "oct");
303 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
304 std::vector<uint8_t> json_vec = MakeJsonVector(dict);
305 EXPECT_EQ(Status::Success(),
306 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
307 algorithm, extractable, usages, &key));
308 EXPECT_TRUE(key.handle());
309 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
310 EXPECT_EQ(extractable, key.extractable());
311 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
312 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
313 key.algorithm().hmacParams()->hash().id());
314 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
315 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
316 key = blink::WebCryptoKey::createNull();
317
318 // Consistency rules when JWK value exists: Fail if inconsistency is found.
319
320 // Pass: All input values are consistent with the JWK values.
321 dict.Clear();
322 dict.SetString("kty", "oct");
323 dict.SetString("alg", "HS256");
324 dict.SetString("use", "sig");
325 dict.SetBoolean("ext", false);
326 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
327 json_vec = MakeJsonVector(dict);
328 EXPECT_EQ(Status::Success(),
329 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
330 algorithm, extractable, usages, &key));
331
332 // Extractable cases:
333 // 1. input=T, JWK=F ==> fail (inconsistent)
334 // 4. input=F, JWK=F ==> pass, result extractable is F
335 // 2. input=T, JWK=T ==> pass, result extractable is T
336 // 3. input=F, JWK=T ==> pass, result extractable is F
337 EXPECT_EQ(Status::ErrorJwkExtInconsistent(),
338 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
339 algorithm, true, usages, &key));
340 EXPECT_EQ(Status::Success(),
341 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
342 algorithm, false, usages, &key));
343 EXPECT_FALSE(key.extractable());
344 dict.SetBoolean("ext", true);
345 EXPECT_EQ(Status::Success(),
346 ImportKeyJwkFromDict(dict, algorithm, true, usages, &key));
347 EXPECT_TRUE(key.extractable());
348 EXPECT_EQ(Status::Success(),
349 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key));
350 EXPECT_FALSE(key.extractable());
351 dict.SetBoolean("ext", true); // restore previous value
352
353 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
354 // (HMAC SHA256).
355 dict.Clear();
356 dict.SetString("kty", "oct");
357 dict.SetString("alg", "HS256");
358 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
359 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
360 ImportKeyJwkFromDict(
361 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
362 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
363 // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
364 EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
365 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
366 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
367 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
368
369 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
370 // (HMAC SHA256).
371 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
372 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
373 CreateHmacImportAlgorithmNoLength(
374 blink::WebCryptoAlgorithmIdSha1),
375 extractable, usages, &key));
376
377 // Pass: JWK alg missing but input algorithm specified: use input value
378 dict.Remove("alg", NULL);
379 EXPECT_EQ(Status::Success(),
380 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
381 blink::WebCryptoAlgorithmIdSha256),
382 extractable, usages, &key));
383 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
384 dict.SetString("alg", "HS256");
385
386 // Fail: Input usages (encrypt) is not a subset of the JWK value
387 // (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
388 EXPECT_EQ(
389 Status::ErrorCreateKeyBadUsages(),
390 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec), algorithm,
391 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
392
393 // Fail: Input usages (encrypt|sign|verify) is not a subset of the JWK
394 // value (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
395 usages = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
396 blink::WebCryptoKeyUsageVerify;
397 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
398 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
399 algorithm, extractable, usages, &key));
400
401 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
402 // only certain alg values are permitted. For example, when kty = "RSA" alg
403 // must be of the RSA family, or when kty = "oct" alg must be symmetric
404 // algorithm.
405
406 // TODO(padolph): key_ops consistency tests
407 }
408
409 TEST(WebCryptoHmacTest, ImportJwkHappy) {
410 // This test verifies the happy path of JWK import, including the application
411 // of the imported key material.
412
413 blink::WebCryptoKey key;
414 bool extractable = false;
415 blink::WebCryptoAlgorithm algorithm =
416 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
417 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
418
419 // Import a symmetric key JWK and HMAC-SHA256 sign()
420 // Uses the first SHA256 test vector from the HMAC sample set above.
421
422 base::DictionaryValue dict;
423 dict.SetString("kty", "oct");
424 dict.SetString("alg", "HS256");
425 dict.SetString("use", "sig");
426 dict.SetBoolean("ext", false);
427 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
428
429 ASSERT_EQ(Status::Success(),
430 ImportKeyJwkFromDict(dict, algorithm, extractable, usages, &key));
431
432 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
433 key.algorithm().hmacParams()->hash().id());
434
435 const std::vector<uint8_t> message_raw = HexStringToBytes(
436 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
437 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
438 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
439 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
440
441 std::vector<uint8_t> output;
442
443 ASSERT_EQ(Status::Success(),
444 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), key,
445 CryptoData(message_raw), &output));
446
447 const std::string mac_raw =
448 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
449
450 EXPECT_BYTES_EQ_HEX(mac_raw, output);
451
452 // TODO(padolph): Import an RSA public key JWK and use it
453 }
454
455 TEST(WebCryptoHmacTest, ImportExportJwk) {
456 // HMAC SHA-1
457 ImportExportJwkSymmetricKey(
458 256, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1),
459 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS1");
460
461 // HMAC SHA-384
462 ImportExportJwkSymmetricKey(
463 384, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha384),
464 blink::WebCryptoKeyUsageSign, "HS384");
465
466 // HMAC SHA-512
467 ImportExportJwkSymmetricKey(
468 512, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512),
469 blink::WebCryptoKeyUsageVerify, "HS512");
470 }
471
472 TEST(WebCryptoHmacTest, ExportJwkEmptyKey) {
473 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
474
475 // Importing empty HMAC key is no longer allowed. However such a key can be
476 // created via de-serialization.
477 blink::WebCryptoKey key;
478 ASSERT_TRUE(DeserializeKeyForClone(blink::WebCryptoKeyAlgorithm::createHmac(
479 blink::WebCryptoAlgorithmIdSha1, 0),
480 blink::WebCryptoKeyTypeSecret, true,
481 usages, CryptoData(), &key));
482
483 // Export the key in JWK format and validate.
484 std::vector<uint8_t> json;
485 ASSERT_EQ(Status::Success(),
486 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
487 EXPECT_TRUE(VerifySecretJwk(json, "HS1", "", usages));
488
489 // Now try re-importing the JWK key.
490 key = blink::WebCryptoKey::createNull();
491 EXPECT_EQ(Status::ErrorHmacImportEmptyKey(),
492 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json),
493 CreateHmacImportAlgorithmNoLength(
494 blink::WebCryptoAlgorithmIdSha1),
495 true, usages, &key));
496 }
497
498 // Imports an HMAC key contaning no byte data.
499 TEST(WebCryptoHmacTest, ImportRawEmptyKey) {
500 const blink::WebCryptoAlgorithm import_algorithm =
501 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1);
502
503 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
504 blink::WebCryptoKey key;
505
506 ASSERT_EQ(Status::ErrorHmacImportEmptyKey(),
507 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(),
508 import_algorithm, true, usages, &key));
509 }
510
511 // Imports an HMAC key contaning 1 byte data, however the length was set to 0.
512 TEST(WebCryptoHmacTest, ImportRawKeyWithZeroLength) {
513 const blink::WebCryptoAlgorithm import_algorithm =
514 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
515
516 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
517 blink::WebCryptoKey key;
518
519 std::vector<uint8_t> key_data(1);
520 ASSERT_EQ(Status::ErrorHmacImportBadLength(),
521 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_data),
522 import_algorithm, true, usages, &key));
523 }
524
525 // Import a huge hmac key (UINT_MAX bytes). This will fail before actually
526 // reading the bytes, as the key is too large.
527 TEST(WebCryptoHmacTest, ImportRawKeyTooLarge) {
528 CryptoData big_data(NULL, UINT_MAX); // Invalid data of big length.
529
530 blink::WebCryptoKey key;
531 EXPECT_EQ(Status::ErrorDataTooLarge(),
532 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(big_data),
533 CreateHmacImportAlgorithmNoLength(
534 blink::WebCryptoAlgorithmIdSha1),
535 true, blink::WebCryptoKeyUsageSign, &key));
536 }
537
538 // Import an HMAC key with 120 bits of data, however request 128 bits worth.
539 TEST(WebCryptoHmacTest, ImportRawKeyLengthTooLarge) {
540 blink::WebCryptoKey key;
541 EXPECT_EQ(Status::ErrorHmacImportBadLength(),
542 ImportKey(blink::WebCryptoKeyFormatRaw,
543 CryptoData(std::vector<uint8_t>(15)),
544 CreateHmacImportAlgorithmWithLength(
545 blink::WebCryptoAlgorithmIdSha1, 128),
546 true, blink::WebCryptoKeyUsageSign, &key));
547 }
548
549 // Import an HMAC key with 128 bits of data, however request 120 bits worth.
550 TEST(WebCryptoHmacTest, ImportRawKeyLengthTooSmall) {
551 blink::WebCryptoKey key;
552 EXPECT_EQ(Status::ErrorHmacImportBadLength(),
553 ImportKey(blink::WebCryptoKeyFormatRaw,
554 CryptoData(std::vector<uint8_t>(16)),
555 CreateHmacImportAlgorithmWithLength(
556 blink::WebCryptoAlgorithmIdSha1, 120),
557 true, blink::WebCryptoKeyUsageSign, &key));
558 }
559
560 // Import an HMAC key with 16 bits of data and request a 12 bit key, using the
561 // "raw" format.
562 TEST(WebCryptoHmacTest, ImportRawKeyTruncation) {
563 const std::vector<uint8_t> data = HexStringToBytes("b1ff");
564
565 blink::WebCryptoKey key;
566 EXPECT_EQ(Status::Success(),
567 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(data),
568 CreateHmacImportAlgorithmWithLength(
569 blink::WebCryptoAlgorithmIdSha1, 12),
570 true, blink::WebCryptoKeyUsageSign, &key));
571
572 // On export the last 4 bits has been set to zero.
573 std::vector<uint8_t> raw_key;
574 EXPECT_EQ(Status::Success(),
575 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
576 EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
577 }
578
579 // The same test as above, but using the JWK format.
580 TEST(WebCryptoHmacTest, ImportJwkKeyTruncation) {
581 base::DictionaryValue dict;
582 dict.SetString("kty", "oct");
583 dict.SetString("k", "sf8"); // 0xB1FF
584
585 blink::WebCryptoKey key;
586 EXPECT_EQ(Status::Success(),
587 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmWithLength(
588 blink::WebCryptoAlgorithmIdSha1, 12),
589 true, blink::WebCryptoKeyUsageSign, &key));
590
591 // On export the last 4 bits has been set to zero.
592 std::vector<uint8_t> raw_key;
593 EXPECT_EQ(Status::Success(),
594 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
595 EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
596 }
597
598 } // namespace
599
600 } // namespace webcrypto