OLD | NEW |
(Empty) | |
| 1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #ifndef CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 6 #define CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 7 |
| 8 #include "base/basictypes.h" |
| 9 #include "base/compiler_specific.h" |
| 10 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| 11 #include "third_party/WebKit/public/platform/WebCrypto.h" |
| 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 13 |
| 14 namespace content { |
| 15 |
| 16 enum EncryptOrDecrypt { |
| 17 ENCRYPT, |
| 18 DECRYPT |
| 19 }; |
| 20 |
| 21 namespace webcrypto { |
| 22 |
| 23 class CryptoData; |
| 24 class Status; |
| 25 |
| 26 // Functions in the webcrypto::platform namespace are intended to be those |
| 27 // which are OpenSSL/NSS specific. |
| 28 // |
| 29 // The general purpose code which applies to both OpenSSL and NSS |
| 30 // implementations of webcrypto should live in the outter webcrypto namespace, |
| 31 // and the crypto library specific bits in the "platform" namespace. |
| 32 namespace platform { |
| 33 |
| 34 class SymKey; |
| 35 class PublicKey; |
| 36 class PrivateKey; |
| 37 |
| 38 // Base key class for all platform keys, used to safely cast between types. |
| 39 class Key : public blink::WebCryptoKeyHandle { |
| 40 public: |
| 41 virtual SymKey* AsSymKey() = 0; |
| 42 virtual PublicKey* AsPublicKey() = 0; |
| 43 virtual PrivateKey* AsPrivateKey() = 0; |
| 44 }; |
| 45 |
| 46 // Do any one-time initialization. Note that this can be called MULTIPLE times |
| 47 // (once per instantiation of WebCryptoImpl). |
| 48 void Init(); |
| 49 |
| 50 // Preconditions: |
| 51 // * |key| is a non-null AES-CBC key. |
| 52 // * |iv| is exactly 16 bytes long |
| 53 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
| 54 SymKey* key, |
| 55 const CryptoData& data, |
| 56 const CryptoData& iv, |
| 57 blink::WebArrayBuffer* buffer); |
| 58 |
| 59 // Preconditions: |
| 60 // * |key| is a non-null AES-GCM key. |
| 61 // * |tag_length_bits| is in the range [0, 128]. |
| 62 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
| 63 SymKey* key, |
| 64 const CryptoData& data, |
| 65 const CryptoData& iv, |
| 66 const CryptoData& additional_data, |
| 67 unsigned int tag_length_bits, |
| 68 blink::WebArrayBuffer* buffer); |
| 69 |
| 70 // Preconditions: |
| 71 // * |key| is non-null. |
| 72 // * |data| is not empty. |
| 73 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| 74 const CryptoData& data, |
| 75 blink::WebArrayBuffer* buffer); |
| 76 |
| 77 // Preconditions: |
| 78 // * |key| is non-null. |
| 79 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| 80 const CryptoData& data, |
| 81 blink::WebArrayBuffer* buffer); |
| 82 |
| 83 // Preconditions: |
| 84 // * |key| is a non-null HMAC key. |
| 85 // * |hash| is a digest algorithm. |
| 86 Status SignHmac(SymKey* key, |
| 87 const blink::WebCryptoAlgorithm& hash, |
| 88 const CryptoData& data, |
| 89 blink::WebArrayBuffer* buffer); |
| 90 |
| 91 // Preconditions: |
| 92 // * |algorithm| is a SHA function. |
| 93 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
| 94 const CryptoData& data, |
| 95 blink::WebArrayBuffer* buffer); |
| 96 |
| 97 // Preconditions: |
| 98 // * |key| is non-null. |
| 99 // * |hash| is a digest algorithm. |
| 100 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
| 101 const blink::WebCryptoAlgorithm& hash, |
| 102 const CryptoData& data, |
| 103 blink::WebArrayBuffer* buffer); |
| 104 |
| 105 // Preconditions: |
| 106 // * |key| is non-null. |
| 107 // * |hash| is a digest algorithm. |
| 108 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, |
| 109 const blink::WebCryptoAlgorithm& hash, |
| 110 const CryptoData& signature, |
| 111 const CryptoData& data, |
| 112 bool* signature_match); |
| 113 |
| 114 // |keylen_bytes| is the desired length of the key in bits. |
| 115 // |
| 116 // Preconditions: |
| 117 // * algorithm.id() is for a symmetric key algorithm. |
| 118 // * keylen_bytes is non-zero (TODO(eroman): revisit this). |
| 119 // * For AES algorithms |keylen_bytes| is either 16, 24, or 32 bytes long. |
| 120 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
| 121 bool extractable, |
| 122 blink::WebCryptoKeyUsageMask usage_mask, |
| 123 unsigned keylen_bytes, |
| 124 blink::WebCryptoKey* key); |
| 125 |
| 126 // Preconditions: |
| 127 // * algorithm.id() is for an RSA algorithm. |
| 128 // * algorithm.rsaKeyGenParams() is non-null. |
| 129 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
| 130 bool extractable, |
| 131 blink::WebCryptoKeyUsageMask usage_mask, |
| 132 blink::WebCryptoKey* public_key, |
| 133 blink::WebCryptoKey* private_key); |
| 134 |
| 135 // Preconditions: |
| 136 // * |key| is non-null. |
| 137 // * |algorithm.id()| is for a symmetric key algorithm. |
| 138 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
| 139 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| 140 const CryptoData& key_data, |
| 141 bool extractable, |
| 142 blink::WebCryptoKeyUsageMask usage_mask, |
| 143 blink::WebCryptoKey* key); |
| 144 |
| 145 // Preconditions: |
| 146 // * algorithm.id() is for an RSA algorithm. |
| 147 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| 148 bool extractable, |
| 149 blink::WebCryptoKeyUsageMask usage_mask, |
| 150 const CryptoData& modulus_data, |
| 151 const CryptoData& exponent_data, |
| 152 blink::WebCryptoKey* key); |
| 153 |
| 154 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 155 const CryptoData& key_data, |
| 156 bool extractable, |
| 157 blink::WebCryptoKeyUsageMask usage_mask, |
| 158 blink::WebCryptoKey* key); |
| 159 |
| 160 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 161 const CryptoData& key_data, |
| 162 bool extractable, |
| 163 blink::WebCryptoKeyUsageMask usage_mask, |
| 164 blink::WebCryptoKey* key); |
| 165 |
| 166 // Preconditions: |
| 167 // * |key| is non-null. |
| 168 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer); |
| 169 |
| 170 // Preconditions: |
| 171 // * |key| is non-null. |
| 172 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer); |
| 173 |
| 174 } // namespace platform |
| 175 |
| 176 } // namespace webcrypto |
| 177 |
| 178 } // namespace content |
| 179 |
| 180 #endif // CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
OLD | NEW |