search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Don't preload rarely seen large images
[chromium-blink-merge.git] / components / webcrypto / test / aes_cbc_unittest.cc
blob0f6ae8585a6ed535618f23816888d1462b78e90c
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/stl_util.h"
6 #include "components/webcrypto/algorithm_dispatch.h"
7 #include "components/webcrypto/crypto_data.h"
8 #include "components/webcrypto/status.h"
9 #include "components/webcrypto/test/test_helpers.h"
10 #include "components/webcrypto/webcrypto_util.h"
11 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
12 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
13
14 namespace webcrypto {
15
16 namespace {
17
18 // Creates an AES-CBC algorithm.
19 blink::WebCryptoAlgorithm CreateAesCbcAlgorithm(
20 const std::vector<uint8_t>& iv) {
21 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
22 blink::WebCryptoAlgorithmIdAesCbc,
23 new blink::WebCryptoAesCbcParams(vector_as_array(&iv),
24 static_cast<unsigned int>(iv.size())));
25 }
26
27 blink::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm(
28 unsigned short key_length_bits) {
29 return CreateAesKeyGenAlgorithm(blink::WebCryptoAlgorithmIdAesCbc,
30 key_length_bits);
31 }
32
33 blink::WebCryptoKey GetTestAesCbcKey() {
34 const std::string key_hex = "2b7e151628aed2a6abf7158809cf4f3c";
35 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
36 HexStringToBytes(key_hex),
37 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
38 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt);
39
40 // Verify exported raw key is identical to the imported data
41 std::vector<uint8_t> raw_key;
42 EXPECT_EQ(Status::Success(),
43 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
44 EXPECT_BYTES_EQ_HEX(key_hex, raw_key);
45 return key;
46 }
47
48 TEST(WebCryptoAesCbcTest, InputTooLarge) {
49 std::vector<uint8_t> output;
50
51 // Give an input that is too large (would cause integer overflow when
52 // narrowing to an int). Note that both OpenSSL and NSS operate on signed int
53 // lengths.
54 std::vector<uint8_t> iv(16);
55
56 // Pretend the input is large. Don't pass data pointer as NULL in case that
57 // is special cased; the implementation shouldn't actually dereference the
58 // data.
59 CryptoData input(&iv[0], INT_MAX - 3);
60
61 EXPECT_EQ(
62 Status::ErrorDataTooLarge(),
63 Encrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output));
64 EXPECT_EQ(
65 Status::ErrorDataTooLarge(),
66 Decrypt(CreateAesCbcAlgorithm(iv), GetTestAesCbcKey(), input, &output));
67 }
68
69 TEST(WebCryptoAesCbcTest, ExportKeyUnsupportedFormat) {
70 std::vector<uint8_t> output;
71
72 // Fail exporting the key in SPKI and PKCS#8 formats (not allowed for secret
73 // keys).
74 EXPECT_EQ(
75 Status::ErrorUnsupportedExportKeyFormat(),
76 ExportKey(blink::WebCryptoKeyFormatSpki, GetTestAesCbcKey(), &output));
77 EXPECT_EQ(
78 Status::ErrorUnsupportedExportKeyFormat(),
79 ExportKey(blink::WebCryptoKeyFormatPkcs8, GetTestAesCbcKey(), &output));
80 }
81
82 // Tests importing of keys (in a variety of formats), errors during import,
83 // encryption, and decryption, using known answers.
84 TEST(WebCryptoAesCbcTest, KnownAnswerEncryptDecrypt) {
85 scoped_ptr<base::ListValue> tests;
86 ASSERT_TRUE(ReadJsonTestFileToList("aes_cbc.json", &tests));
87
88 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
89 SCOPED_TRACE(test_index);
90 base::DictionaryValue* test;
91 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
92
93 blink::WebCryptoKeyFormat key_format = GetKeyFormatFromJsonTestCase(test);
94 std::vector<uint8_t> key_data =
95 GetKeyDataFromJsonTestCase(test, key_format);
96 std::string import_error = "Success";
97 test->GetString("import_error", &import_error);
98
99 // Import the key.
100 blink::WebCryptoKey key;
101 Status status = ImportKey(
102 key_format, CryptoData(key_data),
103 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true,
104 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
105 &key);
106 ASSERT_EQ(import_error, StatusToString(status));
107 if (status.IsError())
108 continue;
109
110 // Test encryption.
111 if (test->HasKey("plain_text")) {
112 std::vector<uint8_t> test_plain_text =
113 GetBytesFromHexString(test, "plain_text");
114
115 std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
116
117 std::string encrypt_error = "Success";
118 test->GetString("encrypt_error", &encrypt_error);
119
120 std::vector<uint8_t> output;
121 status = Encrypt(CreateAesCbcAlgorithm(test_iv), key,
122 CryptoData(test_plain_text), &output);
123 ASSERT_EQ(encrypt_error, StatusToString(status));
124 if (status.IsError())
125 continue;
126
127 std::vector<uint8_t> test_cipher_text =
128 GetBytesFromHexString(test, "cipher_text");
129
130 EXPECT_BYTES_EQ(test_cipher_text, output);
131 }
132
133 // Test decryption.
134 if (test->HasKey("cipher_text")) {
135 std::vector<uint8_t> test_cipher_text =
136 GetBytesFromHexString(test, "cipher_text");
137
138 std::vector<uint8_t> test_iv = GetBytesFromHexString(test, "iv");
139
140 std::string decrypt_error = "Success";
141 test->GetString("decrypt_error", &decrypt_error);
142
143 std::vector<uint8_t> output;
144 status = Decrypt(CreateAesCbcAlgorithm(test_iv), key,
145 CryptoData(test_cipher_text), &output);
146 ASSERT_EQ(decrypt_error, StatusToString(status));
147 if (status.IsError())
148 continue;
149
150 std::vector<uint8_t> test_plain_text =
151 GetBytesFromHexString(test, "plain_text");
152
153 EXPECT_BYTES_EQ(test_plain_text, output);
154 }
155 }
156 }
157
158 // TODO(eroman): Do this same test for AES-GCM, AES-KW, AES-CTR ?
159 TEST(WebCryptoAesCbcTest, GenerateKeyIsRandom) {
160 // Check key generation for each allowed key length.
161 std::vector<blink::WebCryptoAlgorithm> algorithm;
162 const unsigned short kKeyLength[] = {128, 256};
163 for (size_t key_length_i = 0; key_length_i < arraysize(kKeyLength);
164 ++key_length_i) {
165 blink::WebCryptoKey key;
166
167 std::vector<std::vector<uint8_t>> keys;
168 std::vector<uint8_t> key_bytes;
169
170 // Generate a small sample of keys.
171 for (int j = 0; j < 16; ++j) {
172 ASSERT_EQ(Status::Success(),
173 GenerateSecretKey(
174 CreateAesCbcKeyGenAlgorithm(kKeyLength[key_length_i]), true,
175 blink::WebCryptoKeyUsageEncrypt, &key));
176 EXPECT_TRUE(key.handle());
177 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
178 ASSERT_EQ(Status::Success(),
179 ExportKey(blink::WebCryptoKeyFormatRaw, key, &key_bytes));
180 EXPECT_EQ(key_bytes.size() * 8,
181 key.algorithm().aesParams()->lengthBits());
182 keys.push_back(key_bytes);
183 }
184 // Ensure all entries in the key sample set are unique. This is a simplistic
185 // estimate of whether the generated keys appear random.
186 EXPECT_FALSE(CopiesExist(keys));
187 }
188 }
189
190 TEST(WebCryptoAesCbcTest, GenerateKeyBadLength) {
191 const unsigned short kKeyLen[] = {0, 127, 257};
192 blink::WebCryptoKey key;
193 for (size_t i = 0; i < arraysize(kKeyLen); ++i) {
194 SCOPED_TRACE(i);
195 EXPECT_EQ(Status::ErrorGenerateAesKeyLength(),
196 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(kKeyLen[i]), true,
197 blink::WebCryptoKeyUsageEncrypt, &key));
198 }
199 }
200
201 TEST(WebCryptoAesCbcTest, ImportKeyEmptyUsage) {
202 blink::WebCryptoKey key;
203 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
204 ImportKey(blink::WebCryptoKeyFormatRaw,
205 CryptoData(std::vector<uint8_t>(16)),
206 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true,
207 0, &key));
208 }
209
210 // If key_ops is specified but empty, no key usages are allowed for the key.
211 TEST(WebCryptoAesCbcTest, ImportKeyJwkEmptyKeyOps) {
212 blink::WebCryptoKey key;
213 base::DictionaryValue dict;
214 dict.SetString("kty", "oct");
215 dict.SetBoolean("ext", false);
216 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
217 dict.Set("key_ops", new base::ListValue); // Takes ownership.
218
219 // The JWK does not contain encrypt usages.
220 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
221 ImportKeyJwkFromDict(
222 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
223 blink::WebCryptoKeyUsageEncrypt, &key));
224
225 // The JWK does not contain sign usage (nor is it applicable).
226 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
227 ImportKeyJwkFromDict(
228 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
229 blink::WebCryptoKeyUsageSign, &key));
230 }
231
232 // If key_ops is missing, then any key usages can be specified.
233 TEST(WebCryptoAesCbcTest, ImportKeyJwkNoKeyOps) {
234 blink::WebCryptoKey key;
235 base::DictionaryValue dict;
236 dict.SetString("kty", "oct");
237 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
238
239 EXPECT_EQ(Status::Success(),
240 ImportKeyJwkFromDict(
241 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
242 blink::WebCryptoKeyUsageEncrypt, &key));
243
244 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
245
246 // The JWK does not contain sign usage (nor is it applicable).
247 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
248 ImportKeyJwkFromDict(
249 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
250 blink::WebCryptoKeyUsageVerify, &key));
251 }
252
253 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsEncryptDecrypt) {
254 blink::WebCryptoKey key;
255 base::DictionaryValue dict;
256 dict.SetString("kty", "oct");
257 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
258 base::ListValue* key_ops = new base::ListValue;
259 dict.Set("key_ops", key_ops); // Takes ownership.
260
261 key_ops->AppendString("encrypt");
262
263 EXPECT_EQ(Status::Success(),
264 ImportKeyJwkFromDict(
265 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
266 blink::WebCryptoKeyUsageEncrypt, &key));
267
268 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt, key.usages());
269
270 key_ops->AppendString("decrypt");
271
272 EXPECT_EQ(Status::Success(),
273 ImportKeyJwkFromDict(
274 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
275 blink::WebCryptoKeyUsageDecrypt, &key));
276
277 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt, key.usages());
278
279 EXPECT_EQ(
280 Status::Success(),
281 ImportKeyJwkFromDict(
282 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
283 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt,
284 &key));
285
286 EXPECT_EQ(blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
287 key.usages());
288 }
289
290 // Test failure if input usage is NOT a strict subset of the JWK usage.
291 TEST(WebCryptoAesCbcTest, ImportKeyJwkKeyOpsNotSuperset) {
292 blink::WebCryptoKey key;
293 base::DictionaryValue dict;
294 dict.SetString("kty", "oct");
295 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
296 base::ListValue* key_ops = new base::ListValue;
297 dict.Set("key_ops", key_ops); // Takes ownership.
298
299 key_ops->AppendString("encrypt");
300
301 EXPECT_EQ(
302 Status::ErrorJwkKeyopsInconsistent(),
303 ImportKeyJwkFromDict(
304 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
305 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
306 &key));
307 }
308
309 TEST(WebCryptoAesCbcTest, ImportKeyJwkUseEnc) {
310 blink::WebCryptoKey key;
311 base::DictionaryValue dict;
312 dict.SetString("kty", "oct");
313 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
314
315 // Test JWK composite use 'enc' usage
316 dict.SetString("alg", "A128CBC");
317 dict.SetString("use", "enc");
318 EXPECT_EQ(
319 Status::Success(),
320 ImportKeyJwkFromDict(
321 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
322 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
323 blink::WebCryptoKeyUsageWrapKey |
324 blink::WebCryptoKeyUsageUnwrapKey,
325 &key));
326 EXPECT_EQ(blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageEncrypt |
327 blink::WebCryptoKeyUsageWrapKey |
328 blink::WebCryptoKeyUsageUnwrapKey,
329 key.usages());
330 }
331
332 TEST(WebCryptoAesCbcTest, ImportJwkInvalidJson) {
333 blink::WebCryptoKey key;
334 // Fail on empty JSON.
335 EXPECT_EQ(
336 Status::ErrorJwkNotDictionary(),
337 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(MakeJsonVector("")),
338 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
339 blink::WebCryptoKeyUsageEncrypt, &key));
340
341 // Fail on invalid JSON.
342 const std::vector<uint8_t> bad_json_vec = MakeJsonVector(
343 "{"
344 "\"kty\" : \"oct\","
345 "\"alg\" : \"HS256\","
346 "\"use\" : ");
347 EXPECT_EQ(Status::ErrorJwkNotDictionary(),
348 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(bad_json_vec),
349 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
350 blink::WebCryptoKeyUsageEncrypt, &key));
351 }
352
353 // Fail on inconsistent key_ops - asking for "encrypt" however JWK contains
354 // only "foo".
355 TEST(WebCryptoAesCbcTest, ImportJwkKeyOpsLacksUsages) {
356 blink::WebCryptoKey key;
357
358 base::DictionaryValue dict;
359 dict.SetString("kty", "oct");
360 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
361
362 base::ListValue* key_ops = new base::ListValue;
363 // Note: the following call makes dict assume ownership of key_ops.
364 dict.Set("key_ops", key_ops);
365 key_ops->AppendString("foo");
366 EXPECT_EQ(Status::ErrorJwkKeyopsInconsistent(),
367 ImportKeyJwkFromDict(
368 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), false,
369 blink::WebCryptoKeyUsageEncrypt, &key));
370 }
371
372 TEST(WebCryptoAesCbcTest, ImportExportJwk) {
373 const blink::WebCryptoAlgorithm algorithm =
374 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
375
376 // AES-CBC 128
377 ImportExportJwkSymmetricKey(
378 128, algorithm,
379 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt,
380 "A128CBC");
381
382 // AES-CBC 256
383 ImportExportJwkSymmetricKey(256, algorithm, blink::WebCryptoKeyUsageDecrypt,
384 "A256CBC");
385
386 // Large usage value
387 ImportExportJwkSymmetricKey(
388 256, algorithm,
389 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
390 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
391 "A256CBC");
392 }
393
394 // AES 192-bit is not allowed: http://crbug.com/381829
395 TEST(WebCryptoAesCbcTest, GenerateAesCbc192) {
396 blink::WebCryptoKey key;
397 Status status = GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(192), true,
398 blink::WebCryptoKeyUsageEncrypt, &key);
399 ASSERT_EQ(Status::ErrorAes192BitUnsupported(), status);
400 }
401
402 // AES 192-bit is not allowed: http://crbug.com/381829
403 TEST(WebCryptoAesCbcTest, UnwrapAesCbc192) {
404 std::vector<uint8_t> wrapping_key_data(16, 0);
405 std::vector<uint8_t> wrapped_key = HexStringToBytes(
406 "1A07ACAB6C906E50883173C29441DB1DE91D34F45C435B5F99C822867FB3956F");
407
408 blink::WebCryptoKey wrapping_key = ImportSecretKeyFromRaw(
409 wrapping_key_data, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
410 blink::WebCryptoKeyUsageUnwrapKey);
411
412 blink::WebCryptoKey unwrapped_key;
413 ASSERT_EQ(
414 Status::ErrorAes192BitUnsupported(),
415 UnwrapKey(blink::WebCryptoKeyFormatRaw, CryptoData(wrapped_key),
416 wrapping_key, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesKw),
417 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc), true,
418 blink::WebCryptoKeyUsageEncrypt, &unwrapped_key));
419 }
420
421 // Try importing an AES-CBC key with unsupported key usages using raw
422 // format. AES-CBC keys support the following usages:
423 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
424 TEST(WebCryptoAesCbcTest, ImportKeyBadUsage_Raw) {
425 const blink::WebCryptoAlgorithm algorithm =
426 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc);
427
428 blink::WebCryptoKeyUsageMask bad_usages[] = {
429 blink::WebCryptoKeyUsageSign,
430 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageDecrypt,
431 blink::WebCryptoKeyUsageDeriveBits,
432 blink::WebCryptoKeyUsageUnwrapKey | blink::WebCryptoKeyUsageVerify,
433 };
434
435 std::vector<uint8_t> key_bytes(16);
436
437 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
438 SCOPED_TRACE(i);
439
440 blink::WebCryptoKey key;
441 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
442 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_bytes),
443 algorithm, true, bad_usages[i], &key));
444 }
445 }
446
447 // Generate an AES-CBC key with invalid usages. AES-CBC supports:
448 // 'encrypt', 'decrypt', 'wrapKey', 'unwrapKey'
449 TEST(WebCryptoAesCbcTest, GenerateKeyBadUsages) {
450 blink::WebCryptoKeyUsageMask bad_usages[] = {
451 blink::WebCryptoKeyUsageSign,
452 blink::WebCryptoKeyUsageVerify,
453 blink::WebCryptoKeyUsageDecrypt | blink::WebCryptoKeyUsageVerify,
454 };
455
456 for (size_t i = 0; i < arraysize(bad_usages); ++i) {
457 SCOPED_TRACE(i);
458
459 blink::WebCryptoKey key;
460
461 ASSERT_EQ(Status::ErrorCreateKeyBadUsages(),
462 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true,
463 bad_usages[i], &key));
464 }
465 }
466
467 // Generate an AES-CBC key with no usages.
468 TEST(WebCryptoAesCbcTest, GenerateKeyEmptyUsages) {
469 blink::WebCryptoKey key;
470
471 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
472 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true, 0, &key));
473 }
474
475 // Generate an AES-CBC key and an RSA key pair. Use the AES-CBC key to wrap the
476 // key pair (using SPKI format for public key, PKCS8 format for private key).
477 // Then unwrap the wrapped key pair and verify that the key data is the same.
478 TEST(WebCryptoAesCbcTest, WrapUnwrapRoundtripSpkiPkcs8) {
479 if (!SupportsRsaPrivateKeyImport())
480 return;
481
482 // Generate the wrapping key.
483 blink::WebCryptoKey wrapping_key;
484 ASSERT_EQ(Status::Success(),
485 GenerateSecretKey(CreateAesCbcKeyGenAlgorithm(128), true,
486 blink::WebCryptoKeyUsageWrapKey |
487 blink::WebCryptoKeyUsageUnwrapKey,
488 &wrapping_key));
489
490 // Generate an RSA key pair to be wrapped.
491 const unsigned int modulus_length = 256;
492 const std::vector<uint8_t> public_exponent = HexStringToBytes("010001");
493
494 blink::WebCryptoKey public_key;
495 blink::WebCryptoKey private_key;
496 ASSERT_EQ(Status::Success(),
497 GenerateKeyPair(CreateRsaHashedKeyGenAlgorithm(
498 blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
499 blink::WebCryptoAlgorithmIdSha256,
500 modulus_length, public_exponent),
501 true, blink::WebCryptoKeyUsageSign, &public_key,
502 &private_key));
503
504 // Export key pair as SPKI + PKCS8
505 std::vector<uint8_t> public_key_spki;
506 ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatSpki,
507 public_key, &public_key_spki));
508
509 std::vector<uint8_t> private_key_pkcs8;
510 ASSERT_EQ(Status::Success(), ExportKey(blink::WebCryptoKeyFormatPkcs8,
511 private_key, &private_key_pkcs8));
512
513 // Wrap the key pair.
514 blink::WebCryptoAlgorithm wrap_algorithm =
515 CreateAesCbcAlgorithm(std::vector<uint8_t>(16, 0));
516
517 std::vector<uint8_t> wrapped_public_key;
518 ASSERT_EQ(Status::Success(),
519 WrapKey(blink::WebCryptoKeyFormatSpki, public_key, wrapping_key,
520 wrap_algorithm, &wrapped_public_key));
521
522 std::vector<uint8_t> wrapped_private_key;
523 ASSERT_EQ(Status::Success(),
524 WrapKey(blink::WebCryptoKeyFormatPkcs8, private_key, wrapping_key,
525 wrap_algorithm, &wrapped_private_key));
526
527 // Unwrap the key pair.
528 blink::WebCryptoAlgorithm rsa_import_algorithm =
529 CreateRsaHashedImportAlgorithm(blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5,
530 blink::WebCryptoAlgorithmIdSha256);
531
532 blink::WebCryptoKey unwrapped_public_key;
533
534 ASSERT_EQ(
535 Status::Success(),
536 UnwrapKey(blink::WebCryptoKeyFormatSpki, CryptoData(wrapped_public_key),
537 wrapping_key, wrap_algorithm, rsa_import_algorithm, true,
538 blink::WebCryptoKeyUsageVerify, &unwrapped_public_key));
539
540 blink::WebCryptoKey unwrapped_private_key;
541
542 ASSERT_EQ(
543 Status::Success(),
544 UnwrapKey(blink::WebCryptoKeyFormatPkcs8, CryptoData(wrapped_private_key),
545 wrapping_key, wrap_algorithm, rsa_import_algorithm, true,
546 blink::WebCryptoKeyUsageSign, &unwrapped_private_key));
547
548 // Export unwrapped key pair as SPKI + PKCS8
549 std::vector<uint8_t> unwrapped_public_key_spki;
550 ASSERT_EQ(Status::Success(),
551 ExportKey(blink::WebCryptoKeyFormatSpki, unwrapped_public_key,
552 &unwrapped_public_key_spki));
553
554 std::vector<uint8_t> unwrapped_private_key_pkcs8;
555 ASSERT_EQ(Status::Success(),
556 ExportKey(blink::WebCryptoKeyFormatPkcs8, unwrapped_private_key,
557 &unwrapped_private_key_pkcs8));
558
559 EXPECT_EQ(public_key_spki, unwrapped_public_key_spki);
560 EXPECT_EQ(private_key_pkcs8, unwrapped_private_key_pkcs8);
561
562 EXPECT_NE(public_key_spki, wrapped_public_key);
563 EXPECT_NE(private_key_pkcs8, wrapped_private_key);
564 }
565
566 } // namespace
567
568 } // namespace webcrypto