Index: content/renderer/webcrypto/platform_crypto_nss.cc |
diff --git a/content/renderer/webcrypto/platform_crypto_nss.cc b/content/renderer/webcrypto/platform_crypto_nss.cc |
index b694de6ba20e3614ce360a5d8af1187db663caa3..6d12063f9b0ec0be8a18c29faaea28bdcd90ba63 100644 |
--- a/content/renderer/webcrypto/platform_crypto_nss.cc |
+++ b/content/renderer/webcrypto/platform_crypto_nss.cc |
@@ -453,57 +453,67 @@ bool CreatePrivateKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
} |
#endif |
-} // namespace |
- |
-Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
- const CryptoData& key_data, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- blink::WebCryptoKey* key) { |
- |
- DCHECK(!algorithm.isNull()); |
- |
- // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. |
- // Currently only supporting symmetric. |
- CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; |
- // Flags are verified at the Blink layer; here the flags are set to all |
- // possible operations for this key type. |
- CK_FLAGS flags = 0; |
- |
+// The Default IV for AES-KW. See http://www.ietf.org/rfc/rfc3394.txt |
+// Section 2.2.3.1. |
+// TODO(padolph): Move to common place to be shared with OpenSSL implementation. |
+const unsigned char kAesIv[] = {0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6, 0xA6}; |
+ |
+// Sets NSS CK_MECHANISM_TYPE and CK_FLAGS corresponding to the input Web Crypto |
+// algorithm ID. |
+Status WebCryptoAlgorithmToNssMechFlags( |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ CK_MECHANISM_TYPE* mechanism, |
+ CK_FLAGS* flags) { |
switch (algorithm.id()) { |
case blink::WebCryptoAlgorithmIdHmac: { |
const blink::WebCryptoAlgorithm& hash = GetInnerHashAlgorithm(algorithm); |
- |
- mechanism = WebCryptoHashToHMACMechanism(hash); |
- if (mechanism == CKM_INVALID_MECHANISM) |
+ *mechanism = WebCryptoHashToHMACMechanism(hash); |
+ if (*mechanism == CKM_INVALID_MECHANISM) |
return Status::ErrorUnsupported(); |
- |
- flags |= CKF_SIGN | CKF_VERIFY; |
+ *flags = CKF_SIGN | CKF_VERIFY; |
break; |
} |
case blink::WebCryptoAlgorithmIdAesCbc: { |
- mechanism = CKM_AES_CBC; |
- flags |= CKF_ENCRYPT | CKF_DECRYPT; |
+ *mechanism = CKM_AES_CBC; |
+ *flags = CKF_ENCRYPT | CKF_DECRYPT; |
break; |
} |
case blink::WebCryptoAlgorithmIdAesKw: { |
- mechanism = CKM_NSS_AES_KEY_WRAP; |
- flags |= CKF_WRAP | CKF_WRAP; |
+ *mechanism = CKM_NSS_AES_KEY_WRAP; |
+ *flags = CKF_WRAP | CKF_WRAP; |
break; |
} |
case blink::WebCryptoAlgorithmIdAesGcm: { |
if (!g_aes_gcm_support.Get().IsSupported()) |
return Status::ErrorUnsupported(); |
- mechanism = CKM_AES_GCM; |
- flags |= CKF_ENCRYPT | CKF_DECRYPT; |
+ *mechanism = CKM_AES_GCM; |
+ *flags = CKF_ENCRYPT | CKF_DECRYPT; |
break; |
} |
default: |
return Status::ErrorUnsupported(); |
} |
+ return Status::Success(); |
+} |
+ |
+} // namespace |
- DCHECK_NE(CKM_INVALID_MECHANISM, mechanism); |
- DCHECK_NE(0ul, flags); |
+Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
+ const CryptoData& key_data, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) { |
+ |
+ DCHECK(!algorithm.isNull()); |
+ |
+ CK_MECHANISM_TYPE mechanism; |
+ // Flags are verified at the Blink layer; here the flags are set to all |
+ // possible operations for this key type. |
+ CK_FLAGS flags; |
+ Status status = |
+ WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
+ if (status.IsError()) |
+ return status; |
SECItem key_item = MakeSECItemForBuffer(key_data); |
@@ -1132,6 +1142,106 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
return Status::Success(); |
} |
+Status WrapSymKeyAesKw(SymKey* wrapping_key, |
+ SymKey* key, |
+ blink::WebArrayBuffer* buffer) { |
+ // The data size must be at least 16 bytes and a multiple of 8 bytes. |
+ // RFC 3394 does not specify a maximum allowed data length, but since only |
+ // keys are being wrapped in this application (which are small), a reasonable |
+ // max limit is whatever will fit into an unsigned. For the max size test, |
+ // note that AES Key Wrap always adds 8 bytes to the input data size. |
+ const unsigned int input_length = PK11_GetKeyLength(key->key()); |
+ if (input_length < 16) |
+ return Status::ErrorDataTooSmall(); |
+ if (input_length > UINT_MAX - 8) |
+ return Status::ErrorDataTooLarge(); |
+ if (input_length % 8) |
+ return Status::ErrorInvalidAesKwDataLength(); |
+ |
+ SECItem iv_item = |
+ MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
+ crypto::ScopedSECItem param_item( |
+ PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
+ if (!param_item) |
+ return Status::ErrorUnexpected(); |
+ |
+ const unsigned int output_length = input_length + 8; |
+ *buffer = blink::WebArrayBuffer::create(output_length, 1); |
+ unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
+ SECItem wrapped_key_item = {siBuffer, buffer_data, output_length}; |
+ |
+ if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
+ param_item.get(), |
+ wrapping_key->key(), |
+ key->key(), |
+ &wrapped_key_item)) { |
+ return Status::Error(); |
+ } |
+ if (output_length != wrapped_key_item.len) |
+ return Status::ErrorUnexpected(); |
+ |
+ return Status::Success(); |
+} |
+ |
+Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
+ SymKey* wrapping_key, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) { |
+ // The wrapped key data size must be at least 24 bytes and a multiple of 8 |
+ // bytes. |
+ if (wrapped_key_data.byte_length() < 24) |
+ return Status::ErrorDataTooSmall(); |
+ if (wrapped_key_data.byte_length() % 8) |
+ return Status::ErrorInvalidAesKwDataLength(); |
+ |
+ SECItem iv_item = |
+ MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
+ crypto::ScopedSECItem param_item( |
+ PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
+ if (!param_item) |
+ return Status::ErrorUnexpected(); |
+ |
+ SECItem cipher_text = MakeSECItemForBuffer(wrapped_key_data); |
+ |
+ // The plaintext length is always 64 bits less than the data size. |
+ const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8; |
+ |
+ // Determine the proper NSS key properties from the input algorithm. |
+ CK_MECHANISM_TYPE mechanism; |
+ CK_FLAGS flags; |
+ Status status = |
+ WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
+ if (status.IsError()) |
+ return status; |
+ |
+ crypto::ScopedPK11SymKey unwrapped_key(PK11_UnwrapSymKey(wrapping_key->key(), |
+ CKM_NSS_AES_KEY_WRAP, |
+ param_item.get(), |
+ &cipher_text, |
+ mechanism, |
+ flags, |
+ plaintext_length)); |
+ if (!unwrapped_key) |
+ return Status::Error(); |
+ |
+#ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
eroman
2014/03/01 01:13:54
No need for the ifdef anymore
padolph
2014/03/01 01:55:01
Done.
|
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreateSecretKeyAlgorithm(algorithm, plaintext_length, &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+#else |
+ const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
+#endif |
+ |
+ *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
+ blink::WebCryptoKeyTypeSecret, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
+ return Status::Success(); |
+} |
+ |
} // namespace platform |
} // namespace webcrypto |