Index: content/renderer/webcrypto/platform_crypto.h |
diff --git a/content/renderer/webcrypto/platform_crypto.h b/content/renderer/webcrypto/platform_crypto.h |
new file mode 100644 |
index 0000000000000000000000000000000000000000..50a40421fbf97f06475e04367a4c265e594273cc |
--- /dev/null |
+++ b/content/renderer/webcrypto/platform_crypto.h |
@@ -0,0 +1,248 @@ |
+// Copyright (c) 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#ifndef CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
+#define CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
+ |
+#include "base/basictypes.h" |
+#include "base/compiler_specific.h" |
+#include "content/common/content_export.h" |
+#include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
+#include "third_party/WebKit/public/platform/WebCrypto.h" |
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
+ |
+namespace content { |
+ |
+namespace webcrypto { |
+ |
+class CryptoData; |
+ |
+class Status; |
+ |
+class PlatformSymKey; |
Ryan Sleevi
2014/02/07 01:19:21
Don't use whitespace on lines 20/22
|
+class PlatformPublicKey; |
+class PlatformPrivateKey; |
+ |
+// PlatformCrypto is a wrapper around either NSS or OpenSSL for doing |
+// synchronous crypto operations. |
+// |
+// The common code in platform_crypto.cc does various input validations and |
+// extracts the relevant information from the blink data types. It then calls |
+// one of the "Platform*()" methods for the platform specific implementation. |
+class CONTENT_EXPORT PlatformCrypto { |
Ryan Sleevi
2014/02/07 01:19:21
Use a namespace.
There's no reason to make this a
eroman
2014/02/07 21:15:57
Done.
|
+ public: |
+ PlatformCrypto(); |
+ |
+ Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ Status Digest(const blink::WebCryptoAlgorithm& algorithm, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* public_key, |
+ blink::WebCryptoKey* private_key); |
+ |
+ Status ImportKey(blink::WebCryptoKeyFormat format, |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm_or_null, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ Status ExportKey(blink::WebCryptoKeyFormat format, |
+ const blink::WebCryptoKey& key, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ Status Sign(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ Status VerifySignature(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& signature, |
+ const CryptoData& data, |
+ bool* signature_match); |
+ |
+ Status ImportKeyJwk(const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm_or_null, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ // TODO(eroman): Make the following methods private. |
+ |
+ //----------------------------------------------------------------------- |
+ // These are the methods that the OpenSSL vs NSS versions must implement |
+ //----------------------------------------------------------------------- |
+ |
+ // Safely converts a WebCryptoKey to more specifc key type. If the conversion |
+ // failed, returns NULL. |
+ // The handle pointer is controlled by the implementor of PlatformCrypto. |
+ PlatformSymKey* ToSymKey(const blink::WebCryptoKey& key); |
+ PlatformPublicKey* ToPublicKey(const blink::WebCryptoKey& key); |
+ PlatformPrivateKey* ToPrivateKey(const blink::WebCryptoKey& key); |
+ |
+ // Guarantees: |
+ // * algorithm.id() is for an RSA algorithm. |
+ // * algorithm.rsaKeyGenParams() is non-null. |
+ Status PlatformGenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* public_key, |
+ blink::WebCryptoKey* private_key); |
+ |
+ Status PlatformImportRsaPublicKey(const CryptoData& modulus_data, |
+ const CryptoData& exponent_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ // |keylen_bytes| is the desired length of the key in bits. |
+ // |
+ // Guarantees: |
+ // * algorithm.id() is for a symmetric key algorithm. |
+ // * keylen_bytes is non-zero (TODO(eroman): revisit this). |
+ // * If the algorithm is AES-CBC, the key length is either 128 bits, 192 |
+ // bits, 256 bits. |
+ Status PlatformGenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ unsigned keylen_bytes, |
+ blink::WebCryptoKey* key); |
+ |
+ // Guarantees: |
+ // * |key| is a non-null AES-CBC key. |
+ // * |iv| is exactly 16 bytes long |
+ Status PlatformEncryptAesCbc(PlatformSymKey* key, |
+ const CryptoData& iv, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is a non-null AES-CBC key. |
+ // * |iv| is exactly 16 bytes long |
+ Status PlatformDecryptAesCbc(PlatformSymKey* key, |
+ const CryptoData& iv, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is a non-null AES-GCM key. |
+ // * |params| is non-null |
+ Status PlatformEncryptAesGcm(PlatformSymKey* key, |
+ const blink::WebCryptoAesGcmParams* params, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is a non-null AES-GCM key. |
+ // * |params| is non-null |
+ Status PlatformDecryptAesGcm(PlatformSymKey* key, |
+ const blink::WebCryptoAesGcmParams* params, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ Status PlatformEncryptRsaEsPkcs1v1_5(PlatformPublicKey* key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ Status PlatformDecryptRsaEsPkcs1v1_5(PlatformPrivateKey* key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is a non-null HMAC key. |
+ // * |hash| is a digest algorithm. |
+ Status PlatformSignHmac(PlatformSymKey* key, |
+ const blink::WebCryptoAlgorithm& hash, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |algorithm| is a Sha function. |
+ Status PlatformDigestSha(blink::WebCryptoAlgorithmId algorithm, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ // * |hash| is a digest algorithm. |
+ Status PlatformSignRsaSsaPkcs1v1_5(PlatformPrivateKey* key, |
+ const blink::WebCryptoAlgorithm& hash, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ // * |hash| is a digest algorithm. |
+ Status PlatformVerifyRsaSsaPkcs1v1_5(PlatformPublicKey* key, |
+ const blink::WebCryptoAlgorithm& hash, |
+ const CryptoData& signature, |
+ const CryptoData& data, |
+ bool* signature_match); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ // * |algorithm.id()| is for a symmetric key algorithm. |
+ Status PlatformImportKeyRaw(const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ Status PlatformImportKeySpki( |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm_or_null, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ Status PlatformImportKeyPkcs8( |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm_or_null, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ Status PlatformExportKeyRaw(PlatformSymKey* key, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ // Guarantees: |
+ // * |key| is non-null. |
+ Status PlatformExportKeySpki(PlatformPublicKey* key, |
+ blink::WebArrayBuffer* buffer); |
+ |
+ private: |
+ DISALLOW_COPY_AND_ASSIGN(PlatformCrypto); |
+}; |
+ |
+} // namespace webcrypto |
+ |
+} // namespace content |
+ |
+#endif // CONTENT_RENDERER_WEBCRYPTO_PLATFORM_CRYPTO_H_ |