OLD | NEW |
---|---|
(Empty) | |
1 // Copyright (c) 2014 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #ifndef CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ | |
6 #define CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ | |
7 | |
8 #include "base/basictypes.h" | |
9 #include "base/compiler_specific.h" | |
10 #include "content/common/content_export.h" | |
11 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | |
12 #include "third_party/WebKit/public/platform/WebCrypto.h" | |
13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
14 | |
15 namespace content { | |
16 | |
17 namespace webcrypto { | |
18 | |
19 class CryptoData; | |
20 | |
21 class Status; | |
22 | |
23 class PlatformSymKey; | |
Ryan Sleevi
2014/02/07 01:19:21
Don't use whitespace on lines 20/22
| |
24 class PlatformPublicKey; | |
25 class PlatformPrivateKey; | |
26 | |
27 // PlatformCrypto is a wrapper around either NSS or OpenSSL for doing | |
28 // synchronous crypto operations. | |
29 // | |
30 // The common code in platform_crypto.cc does various input validations and | |
31 // extracts the relevant information from the blink data types. It then calls | |
32 // one of the "Platform*()" methods for the platform specific implementation. | |
33 class CONTENT_EXPORT PlatformCrypto { | |
Ryan Sleevi
2014/02/07 01:19:21
Use a namespace.
There's no reason to make this a
eroman
2014/02/07 21:15:57
Done.
| |
34 public: | |
35 PlatformCrypto(); | |
36 | |
37 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
38 const blink::WebCryptoKey& key, | |
39 const CryptoData& data, | |
40 blink::WebArrayBuffer* buffer); | |
41 | |
42 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
43 const blink::WebCryptoKey& key, | |
44 const CryptoData& data, | |
45 blink::WebArrayBuffer* buffer); | |
46 | |
47 Status Digest(const blink::WebCryptoAlgorithm& algorithm, | |
48 const CryptoData& data, | |
49 blink::WebArrayBuffer* buffer); | |
50 | |
51 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, | |
52 bool extractable, | |
53 blink::WebCryptoKeyUsageMask usage_mask, | |
54 blink::WebCryptoKey* key); | |
55 | |
56 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, | |
57 bool extractable, | |
58 blink::WebCryptoKeyUsageMask usage_mask, | |
59 blink::WebCryptoKey* public_key, | |
60 blink::WebCryptoKey* private_key); | |
61 | |
62 Status ImportKey(blink::WebCryptoKeyFormat format, | |
63 const CryptoData& key_data, | |
64 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
65 bool extractable, | |
66 blink::WebCryptoKeyUsageMask usage_mask, | |
67 blink::WebCryptoKey* key); | |
68 | |
69 Status ExportKey(blink::WebCryptoKeyFormat format, | |
70 const blink::WebCryptoKey& key, | |
71 blink::WebArrayBuffer* buffer); | |
72 | |
73 Status Sign(const blink::WebCryptoAlgorithm& algorithm, | |
74 const blink::WebCryptoKey& key, | |
75 const CryptoData& data, | |
76 blink::WebArrayBuffer* buffer); | |
77 | |
78 Status VerifySignature(const blink::WebCryptoAlgorithm& algorithm, | |
79 const blink::WebCryptoKey& key, | |
80 const CryptoData& signature, | |
81 const CryptoData& data, | |
82 bool* signature_match); | |
83 | |
84 Status ImportKeyJwk(const CryptoData& key_data, | |
85 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
86 bool extractable, | |
87 blink::WebCryptoKeyUsageMask usage_mask, | |
88 blink::WebCryptoKey* key); | |
89 | |
90 // TODO(eroman): Make the following methods private. | |
91 | |
92 //----------------------------------------------------------------------- | |
93 // These are the methods that the OpenSSL vs NSS versions must implement | |
94 //----------------------------------------------------------------------- | |
95 | |
96 // Safely converts a WebCryptoKey to more specifc key type. If the conversion | |
97 // failed, returns NULL. | |
98 // The handle pointer is controlled by the implementor of PlatformCrypto. | |
99 PlatformSymKey* ToSymKey(const blink::WebCryptoKey& key); | |
100 PlatformPublicKey* ToPublicKey(const blink::WebCryptoKey& key); | |
101 PlatformPrivateKey* ToPrivateKey(const blink::WebCryptoKey& key); | |
102 | |
103 // Guarantees: | |
104 // * algorithm.id() is for an RSA algorithm. | |
105 // * algorithm.rsaKeyGenParams() is non-null. | |
106 Status PlatformGenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | |
107 bool extractable, | |
108 blink::WebCryptoKeyUsageMask usage_mask, | |
109 blink::WebCryptoKey* public_key, | |
110 blink::WebCryptoKey* private_key); | |
111 | |
112 Status PlatformImportRsaPublicKey(const CryptoData& modulus_data, | |
113 const CryptoData& exponent_data, | |
114 const blink::WebCryptoAlgorithm& algorithm, | |
115 bool extractable, | |
116 blink::WebCryptoKeyUsageMask usage_mask, | |
117 blink::WebCryptoKey* key); | |
118 | |
119 // |keylen_bytes| is the desired length of the key in bits. | |
120 // | |
121 // Guarantees: | |
122 // * algorithm.id() is for a symmetric key algorithm. | |
123 // * keylen_bytes is non-zero (TODO(eroman): revisit this). | |
124 // * If the algorithm is AES-CBC, the key length is either 128 bits, 192 | |
125 // bits, 256 bits. | |
126 Status PlatformGenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, | |
127 bool extractable, | |
128 blink::WebCryptoKeyUsageMask usage_mask, | |
129 unsigned keylen_bytes, | |
130 blink::WebCryptoKey* key); | |
131 | |
132 // Guarantees: | |
133 // * |key| is a non-null AES-CBC key. | |
134 // * |iv| is exactly 16 bytes long | |
135 Status PlatformEncryptAesCbc(PlatformSymKey* key, | |
136 const CryptoData& iv, | |
137 const CryptoData& data, | |
138 blink::WebArrayBuffer* buffer); | |
139 | |
140 // Guarantees: | |
141 // * |key| is a non-null AES-CBC key. | |
142 // * |iv| is exactly 16 bytes long | |
143 Status PlatformDecryptAesCbc(PlatformSymKey* key, | |
144 const CryptoData& iv, | |
145 const CryptoData& data, | |
146 blink::WebArrayBuffer* buffer); | |
147 | |
148 // Guarantees: | |
149 // * |key| is a non-null AES-GCM key. | |
150 // * |params| is non-null | |
151 Status PlatformEncryptAesGcm(PlatformSymKey* key, | |
152 const blink::WebCryptoAesGcmParams* params, | |
153 const CryptoData& data, | |
154 blink::WebArrayBuffer* buffer); | |
155 | |
156 // Guarantees: | |
157 // * |key| is a non-null AES-GCM key. | |
158 // * |params| is non-null | |
159 Status PlatformDecryptAesGcm(PlatformSymKey* key, | |
160 const blink::WebCryptoAesGcmParams* params, | |
161 const CryptoData& data, | |
162 blink::WebArrayBuffer* buffer); | |
163 | |
164 // Guarantees: | |
165 // * |key| is non-null. | |
166 Status PlatformEncryptRsaEsPkcs1v1_5(PlatformPublicKey* key, | |
167 const CryptoData& data, | |
168 blink::WebArrayBuffer* buffer); | |
169 | |
170 // Guarantees: | |
171 // * |key| is non-null. | |
172 Status PlatformDecryptRsaEsPkcs1v1_5(PlatformPrivateKey* key, | |
173 const CryptoData& data, | |
174 blink::WebArrayBuffer* buffer); | |
175 | |
176 // Guarantees: | |
177 // * |key| is a non-null HMAC key. | |
178 // * |hash| is a digest algorithm. | |
179 Status PlatformSignHmac(PlatformSymKey* key, | |
180 const blink::WebCryptoAlgorithm& hash, | |
181 const CryptoData& data, | |
182 blink::WebArrayBuffer* buffer); | |
183 | |
184 // Guarantees: | |
185 // * |algorithm| is a Sha function. | |
186 Status PlatformDigestSha(blink::WebCryptoAlgorithmId algorithm, | |
187 const CryptoData& data, | |
188 blink::WebArrayBuffer* buffer); | |
189 | |
190 // Guarantees: | |
191 // * |key| is non-null. | |
192 // * |hash| is a digest algorithm. | |
193 Status PlatformSignRsaSsaPkcs1v1_5(PlatformPrivateKey* key, | |
194 const blink::WebCryptoAlgorithm& hash, | |
195 const CryptoData& data, | |
196 blink::WebArrayBuffer* buffer); | |
197 | |
198 // Guarantees: | |
199 // * |key| is non-null. | |
200 // * |hash| is a digest algorithm. | |
201 Status PlatformVerifyRsaSsaPkcs1v1_5(PlatformPublicKey* key, | |
202 const blink::WebCryptoAlgorithm& hash, | |
203 const CryptoData& signature, | |
204 const CryptoData& data, | |
205 bool* signature_match); | |
206 | |
207 // Guarantees: | |
208 // * |key| is non-null. | |
209 // * |algorithm.id()| is for a symmetric key algorithm. | |
210 Status PlatformImportKeyRaw(const CryptoData& key_data, | |
211 const blink::WebCryptoAlgorithm& algorithm, | |
212 bool extractable, | |
213 blink::WebCryptoKeyUsageMask usage_mask, | |
214 blink::WebCryptoKey* key); | |
215 | |
216 Status PlatformImportKeySpki( | |
217 const CryptoData& key_data, | |
218 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
219 bool extractable, | |
220 blink::WebCryptoKeyUsageMask usage_mask, | |
221 blink::WebCryptoKey* key); | |
222 | |
223 Status PlatformImportKeyPkcs8( | |
224 const CryptoData& key_data, | |
225 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
226 bool extractable, | |
227 blink::WebCryptoKeyUsageMask usage_mask, | |
228 blink::WebCryptoKey* key); | |
229 | |
230 // Guarantees: | |
231 // * |key| is non-null. | |
232 Status PlatformExportKeyRaw(PlatformSymKey* key, | |
233 blink::WebArrayBuffer* buffer); | |
234 | |
235 // Guarantees: | |
236 // * |key| is non-null. | |
237 Status PlatformExportKeySpki(PlatformPublicKey* key, | |
238 blink::WebArrayBuffer* buffer); | |
239 | |
240 private: | |
241 DISALLOW_COPY_AND_ASSIGN(PlatformCrypto); | |
242 }; | |
243 | |
244 } // namespace webcrypto | |
245 | |
246 } // namespace content | |
247 | |
248 #endif // CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ | |
OLD | NEW |