search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit f36d5e0:68b67cd (svn 193299:193303)
[chromium-blink-merge.git] / content / child / webcrypto / test / hmac_unittest.cc
blob070171ed0a9fb644745f176820a6453692ec50b6
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "base/logging.h"
6 #include "base/stl_util.h"
7 #include "content/child/webcrypto/algorithm_dispatch.h"
8 #include "content/child/webcrypto/crypto_data.h"
9 #include "content/child/webcrypto/status.h"
10 #include "content/child/webcrypto/test/test_helpers.h"
11 #include "content/child/webcrypto/webcrypto_util.h"
12 #include "testing/gtest/include/gtest/gtest.h"
13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
15
16 namespace content {
17
18 namespace webcrypto {
19
20 namespace {
21
22 // Creates an HMAC algorithm whose parameters struct is compatible with key
23 // generation. It is an error to call this with a hash_id that is not a SHA*.
24 // The key_length_bits parameter is optional, with zero meaning unspecified.
25 blink::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
26 blink::WebCryptoAlgorithmId hash_id,
27 unsigned int key_length_bits) {
28 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
29 // key_length_bytes == 0 means unspecified
30 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
31 blink::WebCryptoAlgorithmIdHmac,
32 new blink::WebCryptoHmacKeyGenParams(
33 CreateAlgorithm(hash_id), (key_length_bits != 0), key_length_bits));
34 }
35
36 blink::WebCryptoAlgorithm CreateHmacImportAlgorithmWithLength(
37 blink::WebCryptoAlgorithmId hash_id,
38 unsigned int length_bits) {
39 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id));
40 return blink::WebCryptoAlgorithm::adoptParamsAndCreate(
41 blink::WebCryptoAlgorithmIdHmac,
42 new blink::WebCryptoHmacImportParams(CreateAlgorithm(hash_id), true,
43 length_bits));
44 }
45
46 TEST(WebCryptoHmacTest, HMACSampleSets) {
47 scoped_ptr<base::ListValue> tests;
48 ASSERT_TRUE(ReadJsonTestFileToList("hmac.json", &tests));
49 for (size_t test_index = 0; test_index < tests->GetSize(); ++test_index) {
50 SCOPED_TRACE(test_index);
51 base::DictionaryValue* test;
52 ASSERT_TRUE(tests->GetDictionary(test_index, &test));
53
54 blink::WebCryptoAlgorithm test_hash = GetDigestAlgorithm(test, "hash");
55 const std::vector<uint8_t> test_key = GetBytesFromHexString(test, "key");
56 const std::vector<uint8_t> test_message =
57 GetBytesFromHexString(test, "message");
58 const std::vector<uint8_t> test_mac = GetBytesFromHexString(test, "mac");
59
60 blink::WebCryptoAlgorithm algorithm =
61 CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac);
62
63 blink::WebCryptoAlgorithm import_algorithm =
64 CreateHmacImportAlgorithmNoLength(test_hash.id());
65
66 blink::WebCryptoKey key = ImportSecretKeyFromRaw(
67 test_key, import_algorithm,
68 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify);
69
70 EXPECT_EQ(test_hash.id(), key.algorithm().hmacParams()->hash().id());
71 EXPECT_EQ(test_key.size() * 8, key.algorithm().hmacParams()->lengthBits());
72
73 // Verify exported raw key is identical to the imported data
74 std::vector<uint8_t> raw_key;
75 EXPECT_EQ(Status::Success(),
76 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
77 EXPECT_BYTES_EQ(test_key, raw_key);
78
79 std::vector<uint8_t> output;
80
81 ASSERT_EQ(Status::Success(),
82 Sign(algorithm, key, CryptoData(test_message), &output));
83
84 EXPECT_BYTES_EQ(test_mac, output);
85
86 bool signature_match = false;
87 EXPECT_EQ(Status::Success(),
88 Verify(algorithm, key, CryptoData(output),
89 CryptoData(test_message), &signature_match));
90 EXPECT_TRUE(signature_match);
91
92 // Ensure truncated signature does not verify by passing one less byte.
93 EXPECT_EQ(Status::Success(),
94 Verify(algorithm, key,
95 CryptoData(vector_as_array(&output), output.size() - 1),
96 CryptoData(test_message), &signature_match));
97 EXPECT_FALSE(signature_match);
98
99 // Ensure truncated signature does not verify by passing no bytes.
100 EXPECT_EQ(Status::Success(),
101 Verify(algorithm, key, CryptoData(), CryptoData(test_message),
102 &signature_match));
103 EXPECT_FALSE(signature_match);
104
105 // Ensure extra long signature does not cause issues and fails.
106 const unsigned char kLongSignature[1024] = {0};
107 EXPECT_EQ(Status::Success(),
108 Verify(algorithm, key,
109 CryptoData(kLongSignature, sizeof(kLongSignature)),
110 CryptoData(test_message), &signature_match));
111 EXPECT_FALSE(signature_match);
112 }
113 }
114
115 TEST(WebCryptoHmacTest, GenerateKeyIsRandom) {
116 // Generate a small sample of HMAC keys.
117 std::vector<std::vector<uint8_t>> keys;
118 for (int i = 0; i < 16; ++i) {
119 std::vector<uint8_t> key_bytes;
120 blink::WebCryptoKey key;
121 blink::WebCryptoAlgorithm algorithm =
122 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 512);
123 ASSERT_EQ(
124 Status::Success(),
125 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
126 EXPECT_FALSE(key.isNull());
127 EXPECT_TRUE(key.handle());
128 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
129 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
130 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
131 key.algorithm().hmacParams()->hash().id());
132 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
133
134 std::vector<uint8_t> raw_key;
135 ASSERT_EQ(Status::Success(),
136 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
137 EXPECT_EQ(64U, raw_key.size());
138 keys.push_back(raw_key);
139 }
140 // Ensure all entries in the key sample set are unique. This is a simplistic
141 // estimate of whether the generated keys appear random.
142 EXPECT_FALSE(CopiesExist(keys));
143 }
144
145 // If the key length is not provided, then the block size is used.
146 TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha1) {
147 blink::WebCryptoKey key;
148 blink::WebCryptoAlgorithm algorithm =
149 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
150 ASSERT_EQ(
151 Status::Success(),
152 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
153 EXPECT_TRUE(key.handle());
154 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
155 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
156 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha1,
157 key.algorithm().hmacParams()->hash().id());
158 EXPECT_EQ(512u, key.algorithm().hmacParams()->lengthBits());
159 std::vector<uint8_t> raw_key;
160 ASSERT_EQ(Status::Success(),
161 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
162 EXPECT_EQ(64U, raw_key.size());
163 }
164
165 // If the key length is not provided, then the block size is used.
166 TEST(WebCryptoHmacTest, GenerateKeyNoLengthSha512) {
167 blink::WebCryptoKey key;
168 blink::WebCryptoAlgorithm algorithm =
169 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
170 ASSERT_EQ(
171 Status::Success(),
172 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
173 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
174 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha512,
175 key.algorithm().hmacParams()->hash().id());
176 EXPECT_EQ(1024u, key.algorithm().hmacParams()->lengthBits());
177 std::vector<uint8_t> raw_key;
178 ASSERT_EQ(Status::Success(),
179 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
180 EXPECT_EQ(128U, raw_key.size());
181 }
182
183 TEST(WebCryptoHmacTest, GenerateKeyEmptyUsage) {
184 blink::WebCryptoKey key;
185 blink::WebCryptoAlgorithm algorithm =
186 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha512, 0);
187 ASSERT_EQ(Status::ErrorCreateKeyEmptyUsages(),
188 GenerateSecretKey(algorithm, true, 0, &key));
189 }
190
191 // Generate a 1 bit key. The exported key is 1 byte long, and 7 of the bits are
192 // guaranteed to be zero.
193 TEST(WebCryptoHmacTest, Generate1BitKey) {
194 blink::WebCryptoKey key;
195 blink::WebCryptoAlgorithm algorithm =
196 CreateHmacKeyGenAlgorithm(blink::WebCryptoAlgorithmIdSha1, 1);
197
198 ASSERT_EQ(
199 Status::Success(),
200 GenerateSecretKey(algorithm, true, blink::WebCryptoKeyUsageSign, &key));
201 EXPECT_EQ(1u, key.algorithm().hmacParams()->lengthBits());
202
203 std::vector<uint8_t> raw_key;
204 ASSERT_EQ(Status::Success(),
205 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
206 ASSERT_EQ(1U, raw_key.size());
207
208 EXPECT_FALSE(raw_key[0] & 0x7F);
209 }
210
211 TEST(WebCryptoHmacTest, ImportKeyEmptyUsage) {
212 blink::WebCryptoKey key;
213 std::string key_raw_hex_in = "025a8cf3f08b4f6c5f33bbc76a471939";
214 EXPECT_EQ(
215 Status::ErrorCreateKeyEmptyUsages(),
216 ImportKey(blink::WebCryptoKeyFormatRaw,
217 CryptoData(HexStringToBytes(key_raw_hex_in)),
218 CreateHmacImportAlgorithmNoLength(
219 blink::WebCryptoAlgorithmIdSha1),
220 true, 0, &key));
221 }
222
223 TEST(WebCryptoHmacTest, ImportKeyJwkKeyOpsSignVerify) {
224 blink::WebCryptoKey key;
225 base::DictionaryValue dict;
226 dict.SetString("kty", "oct");
227 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
228 base::ListValue* key_ops = new base::ListValue;
229 dict.Set("key_ops", key_ops); // Takes ownership.
230
231 key_ops->AppendString("sign");
232
233 EXPECT_EQ(Status::Success(),
234 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
235 blink::WebCryptoAlgorithmIdSha256),
236 false, blink::WebCryptoKeyUsageSign, &key));
237
238 EXPECT_EQ(blink::WebCryptoKeyUsageSign, key.usages());
239
240 key_ops->AppendString("verify");
241
242 EXPECT_EQ(Status::Success(),
243 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
244 blink::WebCryptoAlgorithmIdSha256),
245 false, blink::WebCryptoKeyUsageVerify, &key));
246
247 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
248 }
249
250 // Test 'use' inconsistent with 'key_ops'.
251 TEST(WebCryptoHmacTest, ImportKeyJwkUseInconsisteWithKeyOps) {
252 blink::WebCryptoKey key;
253 base::DictionaryValue dict;
254 dict.SetString("kty", "oct");
255 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
256 base::ListValue* key_ops = new base::ListValue;
257 dict.Set("key_ops", key_ops); // Takes ownership.
258
259 dict.SetString("alg", "HS256");
260 dict.SetString("use", "sig");
261 key_ops->AppendString("sign");
262 key_ops->AppendString("verify");
263 key_ops->AppendString("encrypt");
264 EXPECT_EQ(
265 Status::ErrorJwkUseAndKeyopsInconsistent(),
266 ImportKeyJwkFromDict(
267 dict,
268 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
269 false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
270 &key));
271 }
272
273 // Test JWK composite 'sig' use
274 TEST(WebCryptoHmacTest, ImportKeyJwkUseSig) {
275 blink::WebCryptoKey key;
276 base::DictionaryValue dict;
277 dict.SetString("kty", "oct");
278 dict.SetString("k", "GADWrMRHwQfoNaXU5fZvTg");
279
280 dict.SetString("use", "sig");
281 EXPECT_EQ(
282 Status::Success(),
283 ImportKeyJwkFromDict(
284 dict,
285 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256),
286 false, blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
287 &key));
288
289 EXPECT_EQ(blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify,
290 key.usages());
291 }
292
293 TEST(WebCryptoHmacTest, ImportJwkInputConsistency) {
294 // The Web Crypto spec says that if a JWK value is present, but is
295 // inconsistent with the input value, the operation must fail.
296
297 // Consistency rules when JWK value is not present: Inputs should be used.
298 blink::WebCryptoKey key;
299 bool extractable = false;
300 blink::WebCryptoAlgorithm algorithm =
301 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
302 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageVerify;
303 base::DictionaryValue dict;
304 dict.SetString("kty", "oct");
305 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
306 std::vector<uint8_t> json_vec = MakeJsonVector(dict);
307 EXPECT_EQ(Status::Success(),
308 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
309 algorithm, extractable, usages, &key));
310 EXPECT_TRUE(key.handle());
311 EXPECT_EQ(blink::WebCryptoKeyTypeSecret, key.type());
312 EXPECT_EQ(extractable, key.extractable());
313 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, key.algorithm().id());
314 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
315 key.algorithm().hmacParams()->hash().id());
316 EXPECT_EQ(320u, key.algorithm().hmacParams()->lengthBits());
317 EXPECT_EQ(blink::WebCryptoKeyUsageVerify, key.usages());
318 key = blink::WebCryptoKey::createNull();
319
320 // Consistency rules when JWK value exists: Fail if inconsistency is found.
321
322 // Pass: All input values are consistent with the JWK values.
323 dict.Clear();
324 dict.SetString("kty", "oct");
325 dict.SetString("alg", "HS256");
326 dict.SetString("use", "sig");
327 dict.SetBoolean("ext", false);
328 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
329 json_vec = MakeJsonVector(dict);
330 EXPECT_EQ(Status::Success(),
331 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
332 algorithm, extractable, usages, &key));
333
334 // Extractable cases:
335 // 1. input=T, JWK=F ==> fail (inconsistent)
336 // 4. input=F, JWK=F ==> pass, result extractable is F
337 // 2. input=T, JWK=T ==> pass, result extractable is T
338 // 3. input=F, JWK=T ==> pass, result extractable is F
339 EXPECT_EQ(Status::ErrorJwkExtInconsistent(),
340 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
341 algorithm, true, usages, &key));
342 EXPECT_EQ(Status::Success(),
343 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
344 algorithm, false, usages, &key));
345 EXPECT_FALSE(key.extractable());
346 dict.SetBoolean("ext", true);
347 EXPECT_EQ(Status::Success(),
348 ImportKeyJwkFromDict(dict, algorithm, true, usages, &key));
349 EXPECT_TRUE(key.extractable());
350 EXPECT_EQ(Status::Success(),
351 ImportKeyJwkFromDict(dict, algorithm, false, usages, &key));
352 EXPECT_FALSE(key.extractable());
353 dict.SetBoolean("ext", true); // restore previous value
354
355 // Fail: Input algorithm (AES-CBC) is inconsistent with JWK value
356 // (HMAC SHA256).
357 dict.Clear();
358 dict.SetString("kty", "oct");
359 dict.SetString("alg", "HS256");
360 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
361 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
362 ImportKeyJwkFromDict(
363 dict, CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
364 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
365 // Fail: Input usage (encrypt) is inconsistent with JWK value (use=sig).
366 EXPECT_EQ(Status::ErrorJwkUseInconsistent(),
367 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
368 CreateAlgorithm(blink::WebCryptoAlgorithmIdAesCbc),
369 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
370
371 // Fail: Input algorithm (HMAC SHA1) is inconsistent with JWK value
372 // (HMAC SHA256).
373 EXPECT_EQ(Status::ErrorJwkAlgorithmInconsistent(),
374 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
375 CreateHmacImportAlgorithmNoLength(
376 blink::WebCryptoAlgorithmIdSha1),
377 extractable, usages, &key));
378
379 // Pass: JWK alg missing but input algorithm specified: use input value
380 dict.Remove("alg", NULL);
381 EXPECT_EQ(Status::Success(),
382 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmNoLength(
383 blink::WebCryptoAlgorithmIdSha256),
384 extractable, usages, &key));
385 EXPECT_EQ(blink::WebCryptoAlgorithmIdHmac, algorithm.id());
386 dict.SetString("alg", "HS256");
387
388 // Fail: Input usages (encrypt) is not a subset of the JWK value
389 // (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
390 EXPECT_EQ(
391 Status::ErrorCreateKeyBadUsages(),
392 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec), algorithm,
393 extractable, blink::WebCryptoKeyUsageEncrypt, &key));
394
395 // Fail: Input usages (encrypt|sign|verify) is not a subset of the JWK
396 // value (sign|verify). Moreover "encrypt" is not a valid usage for HMAC.
397 usages = blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageSign |
398 blink::WebCryptoKeyUsageVerify;
399 EXPECT_EQ(Status::ErrorCreateKeyBadUsages(),
400 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json_vec),
401 algorithm, extractable, usages, &key));
402
403 // TODO(padolph): kty vs alg consistency tests: Depending on the kty value,
404 // only certain alg values are permitted. For example, when kty = "RSA" alg
405 // must be of the RSA family, or when kty = "oct" alg must be symmetric
406 // algorithm.
407
408 // TODO(padolph): key_ops consistency tests
409 }
410
411 TEST(WebCryptoHmacTest, ImportJwkHappy) {
412 // This test verifies the happy path of JWK import, including the application
413 // of the imported key material.
414
415 blink::WebCryptoKey key;
416 bool extractable = false;
417 blink::WebCryptoAlgorithm algorithm =
418 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha256);
419 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
420
421 // Import a symmetric key JWK and HMAC-SHA256 sign()
422 // Uses the first SHA256 test vector from the HMAC sample set above.
423
424 base::DictionaryValue dict;
425 dict.SetString("kty", "oct");
426 dict.SetString("alg", "HS256");
427 dict.SetString("use", "sig");
428 dict.SetBoolean("ext", false);
429 dict.SetString("k", "l3nZEgZCeX8XRwJdWyK3rGB8qwjhdY8vOkbIvh4lxTuMao9Y_--hdg");
430
431 ASSERT_EQ(Status::Success(),
432 ImportKeyJwkFromDict(dict, algorithm, extractable, usages, &key));
433
434 EXPECT_EQ(blink::WebCryptoAlgorithmIdSha256,
435 key.algorithm().hmacParams()->hash().id());
436
437 const std::vector<uint8_t> message_raw = HexStringToBytes(
438 "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
439 "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
440 "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
441 "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e");
442
443 std::vector<uint8_t> output;
444
445 ASSERT_EQ(Status::Success(),
446 Sign(CreateAlgorithm(blink::WebCryptoAlgorithmIdHmac), key,
447 CryptoData(message_raw), &output));
448
449 const std::string mac_raw =
450 "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b";
451
452 EXPECT_BYTES_EQ_HEX(mac_raw, output);
453
454 // TODO(padolph): Import an RSA public key JWK and use it
455 }
456
457 TEST(WebCryptoHmacTest, ImportExportJwk) {
458 // HMAC SHA-1
459 ImportExportJwkSymmetricKey(
460 256, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1),
461 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify, "HS1");
462
463 // HMAC SHA-384
464 ImportExportJwkSymmetricKey(
465 384, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha384),
466 blink::WebCryptoKeyUsageSign, "HS384");
467
468 // HMAC SHA-512
469 ImportExportJwkSymmetricKey(
470 512, CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha512),
471 blink::WebCryptoKeyUsageVerify, "HS512");
472 }
473
474 TEST(WebCryptoHmacTest, ExportJwkEmptyKey) {
475 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
476
477 // Importing empty HMAC key is no longer allowed. However such a key can be
478 // created via de-serialization.
479 blink::WebCryptoKey key;
480 ASSERT_TRUE(DeserializeKeyForClone(blink::WebCryptoKeyAlgorithm::createHmac(
481 blink::WebCryptoAlgorithmIdSha1, 0),
482 blink::WebCryptoKeyTypeSecret, true,
483 usages, CryptoData(), &key));
484
485 // Export the key in JWK format and validate.
486 std::vector<uint8_t> json;
487 ASSERT_EQ(Status::Success(),
488 ExportKey(blink::WebCryptoKeyFormatJwk, key, &json));
489 EXPECT_TRUE(VerifySecretJwk(json, "HS1", "", usages));
490
491 // Now try re-importing the JWK key.
492 key = blink::WebCryptoKey::createNull();
493 EXPECT_EQ(Status::ErrorHmacImportEmptyKey(),
494 ImportKey(blink::WebCryptoKeyFormatJwk, CryptoData(json),
495 CreateHmacImportAlgorithmNoLength(
496 blink::WebCryptoAlgorithmIdSha1),
497 true, usages, &key));
498 }
499
500 // Imports an HMAC key contaning no byte data.
501 TEST(WebCryptoHmacTest, ImportRawEmptyKey) {
502 const blink::WebCryptoAlgorithm import_algorithm =
503 CreateHmacImportAlgorithmNoLength(blink::WebCryptoAlgorithmIdSha1);
504
505 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
506 blink::WebCryptoKey key;
507
508 ASSERT_EQ(Status::ErrorHmacImportEmptyKey(),
509 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(),
510 import_algorithm, true, usages, &key));
511 }
512
513 // Imports an HMAC key contaning 1 byte data, however the length was set to 0.
514 TEST(WebCryptoHmacTest, ImportRawKeyWithZeroLength) {
515 const blink::WebCryptoAlgorithm import_algorithm =
516 CreateHmacImportAlgorithm(blink::WebCryptoAlgorithmIdSha1, 0);
517
518 blink::WebCryptoKeyUsageMask usages = blink::WebCryptoKeyUsageSign;
519 blink::WebCryptoKey key;
520
521 std::vector<uint8_t> key_data(1);
522 ASSERT_EQ(Status::ErrorHmacImportBadLength(),
523 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(key_data),
524 import_algorithm, true, usages, &key));
525 }
526
527 // Import a huge hmac key (UINT_MAX bytes). This will fail before actually
528 // reading the bytes, as the key is too large.
529 TEST(WebCryptoHmacTest, ImportRawKeyTooLarge) {
530 CryptoData big_data(NULL, UINT_MAX); // Invalid data of big length.
531
532 blink::WebCryptoKey key;
533 EXPECT_EQ(Status::ErrorDataTooLarge(),
534 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(big_data),
535 CreateHmacImportAlgorithmNoLength(
536 blink::WebCryptoAlgorithmIdSha1),
537 true, blink::WebCryptoKeyUsageSign, &key));
538 }
539
540 // Import an HMAC key with 120 bits of data, however request 128 bits worth.
541 TEST(WebCryptoHmacTest, ImportRawKeyLengthTooLarge) {
542 blink::WebCryptoKey key;
543 EXPECT_EQ(Status::ErrorHmacImportBadLength(),
544 ImportKey(blink::WebCryptoKeyFormatRaw,
545 CryptoData(std::vector<uint8_t>(15)),
546 CreateHmacImportAlgorithmWithLength(
547 blink::WebCryptoAlgorithmIdSha1, 128),
548 true, blink::WebCryptoKeyUsageSign, &key));
549 }
550
551 // Import an HMAC key with 128 bits of data, however request 120 bits worth.
552 TEST(WebCryptoHmacTest, ImportRawKeyLengthTooSmall) {
553 blink::WebCryptoKey key;
554 EXPECT_EQ(Status::ErrorHmacImportBadLength(),
555 ImportKey(blink::WebCryptoKeyFormatRaw,
556 CryptoData(std::vector<uint8_t>(16)),
557 CreateHmacImportAlgorithmWithLength(
558 blink::WebCryptoAlgorithmIdSha1, 120),
559 true, blink::WebCryptoKeyUsageSign, &key));
560 }
561
562 // Import an HMAC key with 16 bits of data and request a 12 bit key, using the
563 // "raw" format.
564 TEST(WebCryptoHmacTest, ImportRawKeyTruncation) {
565 const std::vector<uint8_t> data = HexStringToBytes("b1ff");
566
567 blink::WebCryptoKey key;
568 EXPECT_EQ(Status::Success(),
569 ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(data),
570 CreateHmacImportAlgorithmWithLength(
571 blink::WebCryptoAlgorithmIdSha1, 12),
572 true, blink::WebCryptoKeyUsageSign, &key));
573
574 // On export the last 4 bits has been set to zero.
575 std::vector<uint8_t> raw_key;
576 EXPECT_EQ(Status::Success(),
577 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
578 EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
579 }
580
581 // The same test as above, but using the JWK format.
582 TEST(WebCryptoHmacTest, ImportJwkKeyTruncation) {
583 base::DictionaryValue dict;
584 dict.SetString("kty", "oct");
585 dict.SetString("k", "sf8"); // 0xB1FF
586
587 blink::WebCryptoKey key;
588 EXPECT_EQ(Status::Success(),
589 ImportKeyJwkFromDict(dict, CreateHmacImportAlgorithmWithLength(
590 blink::WebCryptoAlgorithmIdSha1, 12),
591 true, blink::WebCryptoKeyUsageSign, &key));
592
593 // On export the last 4 bits has been set to zero.
594 std::vector<uint8_t> raw_key;
595 EXPECT_EQ(Status::Success(),
596 ExportKey(blink::WebCryptoKeyFormatRaw, key, &raw_key));
597 EXPECT_BYTES_EQ(HexStringToBytes("b1f0"), raw_key);
598 }
599
600 } // namespace
601
602 } // namespace webcrypto
603
604 } // namespace content