OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/shared_crypto.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/renderer/webcrypto/crypto_data.h" | 8 #include "content/renderer/webcrypto/crypto_data.h" |
9 #include "content/renderer/webcrypto/platform_crypto.h" | 9 #include "content/renderer/webcrypto/platform_crypto.h" |
10 #include "content/renderer/webcrypto/webcrypto_util.h" | 10 #include "content/renderer/webcrypto/webcrypto_util.h" |
(...skipping 462 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
473 case blink::WebCryptoAlgorithmIdHmac: | 473 case blink::WebCryptoAlgorithmIdHmac: |
474 return VerifyHmac(algorithm, key, signature, data, signature_match); | 474 return VerifyHmac(algorithm, key, signature, data, signature_match); |
475 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 475 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
476 return VerifyRsaSsaPkcs1v1_5( | 476 return VerifyRsaSsaPkcs1v1_5( |
477 algorithm, key, signature, data, signature_match); | 477 algorithm, key, signature, data, signature_match); |
478 default: | 478 default: |
479 return Status::ErrorUnsupported(); | 479 return Status::ErrorUnsupported(); |
480 } | 480 } |
481 } | 481 } |
482 | 482 |
| 483 Status WrapKey(blink::WebCryptoKeyFormat format, |
| 484 const blink::WebCryptoKey& wrapping_key, |
| 485 const blink::WebCryptoKey& key_to_wrap, |
| 486 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 487 blink::WebArrayBuffer* buffer) { |
| 488 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 489 return Status::ErrorUnexpected(); |
| 490 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 491 return Status::ErrorUnexpected(); |
| 492 |
| 493 // TODO (padolph): Handle formats other than raw |
| 494 if (format != blink::WebCryptoKeyFormatRaw) |
| 495 return Status::ErrorUnsupported(); |
| 496 // TODO (padolph): Handle key-to-wrap types other than secret/symmetric |
| 497 if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) |
| 498 return Status::ErrorUnsupported(); |
| 499 |
| 500 platform::SymKey* platform_wrapping_key; |
| 501 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 502 if (status.IsError()) |
| 503 return status; |
| 504 platform::SymKey* platform_key; |
| 505 status = ToPlatformSymKey(key_to_wrap, &platform_key); |
| 506 if (status.IsError()) |
| 507 return status; |
| 508 |
| 509 // TODO(padolph): Handle other wrapping algorithms |
| 510 switch (wrapping_algorithm.id()) { |
| 511 case blink::WebCryptoAlgorithmIdAesKw: |
| 512 return platform::WrapSymKeyAesKw( |
| 513 platform_wrapping_key, platform_key, buffer); |
| 514 default: |
| 515 return Status::ErrorUnsupported(); |
| 516 } |
| 517 } |
| 518 |
| 519 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
| 520 const CryptoData& wrapped_key_data, |
| 521 const blink::WebCryptoKey& wrapping_key, |
| 522 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 523 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 524 bool extractable, |
| 525 blink::WebCryptoKeyUsageMask usage_mask, |
| 526 blink::WebCryptoKey* key) { |
| 527 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 528 return Status::ErrorUnexpected(); |
| 529 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 530 return Status::ErrorUnexpected(); |
| 531 |
| 532 // TODO(padolph): Handle formats other than raw |
| 533 if (format != blink::WebCryptoKeyFormatRaw) |
| 534 return Status::ErrorUnsupported(); |
| 535 |
| 536 // Must provide an algorithm when unwrapping a raw key |
| 537 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) |
| 538 return Status::ErrorMissingAlgorithmUnwrapRawKey(); |
| 539 |
| 540 platform::SymKey* platform_wrapping_key; |
| 541 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 542 if (status.IsError()) |
| 543 return status; |
| 544 |
| 545 // TODO(padolph): Handle other wrapping algorithms |
| 546 switch (wrapping_algorithm.id()) { |
| 547 case blink::WebCryptoAlgorithmIdAesKw: { |
| 548 // AES-KW requires the wrapped key data size must be at least 24 bytes and |
| 549 // also a multiple of 8 bytes. |
| 550 if (wrapped_key_data.byte_length() < 24) |
| 551 return Status::ErrorDataTooSmall(); |
| 552 if (wrapped_key_data.byte_length() % 8) |
| 553 return Status::ErrorInvalidAesKwDataLength(); |
| 554 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
| 555 platform_wrapping_key, |
| 556 algorithm_or_null, |
| 557 extractable, |
| 558 usage_mask, |
| 559 key); |
| 560 } |
| 561 default: |
| 562 return Status::ErrorUnsupported(); |
| 563 } |
| 564 } |
| 565 |
483 } // namespace webcrypto | 566 } // namespace webcrypto |
484 | 567 |
485 } // namespace content | 568 } // namespace content |
OLD | NEW |