[webcrypto] Add raw symmetric key AES-KW wrap/unwrap for NSS.

content/renderer/webcrypto/shared_crypto.cc

Index: content/renderer/webcrypto/shared_crypto.cc
diff --git a/content/renderer/webcrypto/shared_crypto.cc b/content/renderer/webcrypto/shared_crypto.cc
index 1d6c94a2a5f24c29029a8db7baa936cdbf421c63..02285754272fe5e8ef1db1b766f8193b16c46ec0 100644
--- a/content/renderer/webcrypto/shared_crypto.cc
+++ b/content/renderer/webcrypto/shared_crypto.cc
@@ -507,6 +507,82 @@ Status VerifySignature(const blink::WebCryptoAlgorithm& algorithm,
   }
 }
 
+Status WrapKey(blink::WebCryptoKeyFormat format,
+               const blink::WebCryptoKey& wrapping_key,
+               const blink::WebCryptoKey& key_to_wrap,
+               const blink::WebCryptoAlgorithm& wrapping_algorithm,
+               blink::WebArrayBuffer* buffer) {
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
+    return Status::ErrorUnexpected();
+  if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  // TODO (padolph): Handle formats other than raw
+  if (format != blink::WebCryptoKeyFormatRaw)
+    return Status::ErrorUnsupported();
+  // TODO (padolph): Handle key-to-wrap types other than secret/symmetric
+  if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret)
+    return Status::ErrorUnsupported();
+
+  platform::SymKey* platform_wrapping_key;
+  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+  if (status.IsError())
+    return status;
+  platform::SymKey* platform_key;
+  status = ToPlatformSymKey(key_to_wrap, &platform_key);
+  if (status.IsError())
+    return status;
+
+  // TODO(padolph): Handle other wrapping algorithms
+  switch (wrapping_algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return platform::WrapSymKeyAesKw(
+          platform_wrapping_key, platform_key, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status Unwrapkey(blink::WebCryptoKeyFormat format,

[eroman, 2014/03/01 01:13:54]

nit: Can you capitalize Key

[padolph, 2014/03/01 01:55:01]

Done.

+                 const CryptoData& wrapped_key_data,
+                 const blink::WebCryptoKey& wrapping_key,
+                 const blink::WebCryptoAlgorithm& wrapping_algorithm,
+                 const blink::WebCryptoAlgorithm& algorithm_or_null,
+                 bool extractable,
+                 blink::WebCryptoKeyUsageMask usage_mask,
+                 blink::WebCryptoKey* key) {
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
+    return Status::ErrorUnexpected();
+  if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
+    return Status::ErrorUnexpected();
+
+  // TODO (padolph): Handle formats other than raw

[eroman, 2014/03/01 01:13:54]

nit: remove space after TODO

[padolph, 2014/03/01 01:55:01]

Done.

+  if (format != blink::WebCryptoKeyFormatRaw)
+    return Status::ErrorUnsupported();
+
+  // Must provide an algorithm when unwrapping a raw key
+  if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull())
+    return Status::ErrorMissingAlgorithmUnwrapRawKey();
+
+  platform::SymKey* platform_wrapping_key;
+  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+  if (status.IsError())
+    return status;
+
+  // TODO(padolph): Handle other wrapping algorithms
+  switch (wrapping_algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return platform::UnwrapSymKeyAesKw(wrapped_key_data,
+                                         platform_wrapping_key,
+                                         algorithm_or_null,
+                                         extractable,
+                                         usage_mask,
+                                         key);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
 }  // namespace webcrypto
 
 }  // namespace content