| Index: content/renderer/webcrypto/platform_crypto_nss.cc
|
| diff --git a/content/renderer/webcrypto/platform_crypto_nss.cc b/content/renderer/webcrypto/platform_crypto_nss.cc
|
| index f68c4c999c98829a3faabba652b41ac0f74e58d1..c297c204c023c2bc3428fe10fcb706ddcc1e95f6 100644
|
| --- a/content/renderer/webcrypto/platform_crypto_nss.cc
|
| +++ b/content/renderer/webcrypto/platform_crypto_nss.cc
|
| @@ -57,18 +57,19 @@ struct CK_GCM_PARAMS {
|
| #endif // !defined(CKM_AES_GCM)
|
|
|
| // Signature for PK11_Encrypt and PK11_Decrypt.
|
| -typedef SECStatus
|
| -(*PK11_EncryptDecryptFunction)(
|
| - PK11SymKey*, CK_MECHANISM_TYPE, SECItem*,
|
| - unsigned char*, unsigned int*, unsigned int,
|
| - const unsigned char*, unsigned int);
|
| +typedef SECStatus (*PK11_EncryptDecryptFunction)(PK11SymKey*,
|
| + CK_MECHANISM_TYPE,
|
| + SECItem*,
|
| + unsigned char*,
|
| + unsigned int*,
|
| + unsigned int,
|
| + const unsigned char*,
|
| + unsigned int);
|
|
|
| // Singleton to abstract away dynamically loading libnss3.so
|
| class AesGcmSupport {
|
| public:
|
| - bool IsSupported() const {
|
| - return pk11_encrypt_func_ && pk11_decrypt_func_;
|
| - }
|
| + bool IsSupported() const { return pk11_encrypt_func_ && pk11_decrypt_func_; }
|
|
|
| // Returns NULL if unsupported.
|
| PK11_EncryptDecryptFunction pk11_encrypt_func() const {
|
| @@ -94,12 +95,10 @@ class AesGcmSupport {
|
|
|
| // If PK11_Encrypt() was successfully resolved, then NSS will support
|
| // AES-GCM directly. This was introduced in NSS 3.15.
|
| - pk11_encrypt_func_ =
|
| - reinterpret_cast<PK11_EncryptDecryptFunction>(
|
| - dlsym(RTLD_DEFAULT, "PK11_Encrypt"));
|
| - pk11_decrypt_func_ =
|
| - reinterpret_cast<PK11_EncryptDecryptFunction>(
|
| - dlsym(RTLD_DEFAULT, "PK11_Decrypt"));
|
| + pk11_encrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
|
| + dlsym(RTLD_DEFAULT, "PK11_Encrypt"));
|
| + pk11_decrypt_func_ = reinterpret_cast<PK11_EncryptDecryptFunction>(
|
| + dlsym(RTLD_DEFAULT, "PK11_Decrypt"));
|
| #endif
|
| }
|
|
|
| @@ -172,9 +171,7 @@ SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
|
| SECItem item = {
|
| siBuffer,
|
| // NSS requires non-const data even though it is just for input.
|
| - const_cast<unsigned char*>(buffer.bytes()),
|
| - buffer.byte_length()
|
| - };
|
| + const_cast<unsigned char*>(buffer.bytes()), buffer.byte_length()};
|
| return item;
|
| }
|
|
|
| @@ -286,14 +283,13 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
|
| // Helper to either encrypt or decrypt for AES-GCM. The result of encryption is
|
| // the concatenation of the ciphertext and the authentication tag. Similarly,
|
| // this is the expectation for the input to decryption.
|
| -Status AesGcmEncryptDecrypt(
|
| - EncryptOrDecrypt mode,
|
| - SymKey* key,
|
| - const CryptoData& data,
|
| - const CryptoData& iv,
|
| - const CryptoData& additional_data,
|
| - unsigned int tag_length_bits,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
|
| + SymKey* key,
|
| + const CryptoData& data,
|
| + const CryptoData& iv,
|
| + const CryptoData& additional_data,
|
| + unsigned int tag_length_bits,
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!g_aes_gcm_support.Get().IsSupported())
|
| return Status::ErrorUnsupported();
|
|
|
| @@ -343,13 +339,18 @@ Status AesGcmEncryptDecrypt(
|
| unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data());
|
|
|
| PK11_EncryptDecryptFunction func =
|
| - (mode == ENCRYPT) ? g_aes_gcm_support.Get().pk11_encrypt_func() :
|
| - g_aes_gcm_support.Get().pk11_decrypt_func();
|
| + (mode == ENCRYPT) ? g_aes_gcm_support.Get().pk11_encrypt_func()
|
| + : g_aes_gcm_support.Get().pk11_decrypt_func();
|
|
|
| unsigned int output_len = 0;
|
| - SECStatus result = func(key->key(), CKM_AES_GCM, ¶m,
|
| - buffer_data, &output_len, buffer->byteLength(),
|
| - data.bytes(), data.byte_length());
|
| + SECStatus result = func(key->key(),
|
| + CKM_AES_GCM,
|
| + ¶m,
|
| + buffer_data,
|
| + &output_len,
|
| + buffer->byteLength(),
|
| + data.bytes(),
|
| + data.byte_length());
|
|
|
| if (result != SECSuccess)
|
| return Status::Error();
|
| @@ -405,12 +406,11 @@ bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) {
|
|
|
| } // namespace
|
|
|
| -Status ImportKeyRaw(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - const CryptoData& key_data,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* key) {
|
| +Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,
|
| + const CryptoData& key_data,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) {
|
|
|
| DCHECK(!algorithm.isNull());
|
|
|
| @@ -482,9 +482,7 @@ Status ImportKeyRaw(
|
| return Status::Success();
|
| }
|
|
|
| -Status ExportKeyRaw(
|
| - SymKey* key,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) {
|
| if (PK11_ExtractKeyValue(key->key()) != SECSuccess)
|
| return Status::Error();
|
|
|
| @@ -536,12 +534,11 @@ blink::WebCryptoAlgorithm ResolveNssKeyTypeWithInputAlgorithm(
|
|
|
| } // namespace
|
|
|
| -Status ImportKeySpki(
|
| - const blink::WebCryptoAlgorithm& algorithm_or_null,
|
| - const CryptoData& key_data,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* key) {
|
| +Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm_or_null,
|
| + const CryptoData& key_data,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) {
|
|
|
| DCHECK(key);
|
|
|
| @@ -568,19 +565,16 @@ Status ImportKeySpki(
|
| if (algorithm.isNull())
|
| return Status::Error();
|
|
|
| - *key = blink::WebCryptoKey::create(
|
| - new PublicKey(sec_public_key.Pass()),
|
| - blink::WebCryptoKeyTypePublic,
|
| - extractable,
|
| - algorithm,
|
| - usage_mask);
|
| + *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()),
|
| + blink::WebCryptoKeyTypePublic,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask);
|
|
|
| return Status::Success();
|
| }
|
|
|
| -Status ExportKeySpki(
|
| - PublicKey* key,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) {
|
| const crypto::ScopedSECItem spki_der(
|
| SECKEY_EncodeDERSubjectPublicKeyInfo(key->key()));
|
| if (!spki_der)
|
| @@ -594,12 +588,11 @@ Status ExportKeySpki(
|
| return Status::Success();
|
| }
|
|
|
| -Status ImportKeyPkcs8(
|
| - const blink::WebCryptoAlgorithm& algorithm_or_null,
|
| - const CryptoData& key_data,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* key) {
|
| +Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm_or_null,
|
| + const CryptoData& key_data,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) {
|
|
|
| DCHECK(key);
|
|
|
| @@ -613,16 +606,15 @@ Status ImportKeyPkcs8(
|
|
|
| SECKEYPrivateKey* seckey_private_key = NULL;
|
| crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
|
| - if (PK11_ImportDERPrivateKeyInfoAndReturnKey(
|
| - slot.get(),
|
| - &pki_der,
|
| - NULL, // nickname
|
| - NULL, // publicValue
|
| - false, // isPerm
|
| - false, // isPrivate
|
| - KU_ALL, // usage
|
| - &seckey_private_key,
|
| - NULL) != SECSuccess) {
|
| + if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(),
|
| + &pki_der,
|
| + NULL, // nickname
|
| + NULL, // publicValue
|
| + false, // isPerm
|
| + false, // isPrivate
|
| + KU_ALL, // usage
|
| + &seckey_private_key,
|
| + NULL) != SECSuccess) {
|
| return Status::Error();
|
| }
|
| DCHECK(seckey_private_key);
|
| @@ -634,12 +626,11 @@ Status ImportKeyPkcs8(
|
| if (algorithm.isNull())
|
| return Status::Error();
|
|
|
| - *key = blink::WebCryptoKey::create(
|
| - new PrivateKey(private_key.Pass()),
|
| - blink::WebCryptoKeyTypePrivate,
|
| - extractable,
|
| - algorithm,
|
| - usage_mask);
|
| + *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()),
|
| + blink::WebCryptoKeyTypePrivate,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask);
|
|
|
| return Status::Success();
|
| }
|
| @@ -648,17 +639,16 @@ Status ImportKeyPkcs8(
|
| // Hmac
|
| // -----------------------------------
|
|
|
| -Status SignHmac(
|
| - SymKey* key,
|
| - const blink::WebCryptoAlgorithm& hash,
|
| - const CryptoData& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status SignHmac(SymKey* key,
|
| + const blink::WebCryptoAlgorithm& hash,
|
| + const CryptoData& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| DCHECK_EQ(PK11_GetMechanism(key->key()), WebCryptoHashToHMACMechanism(hash));
|
|
|
| - SECItem param_item = { siBuffer, NULL, 0 };
|
| + SECItem param_item = {siBuffer, NULL, 0};
|
| SECItem data_item = MakeSECItemForBuffer(data);
|
| // First call is to figure out the length.
|
| - SECItem signature_item = { siBuffer, NULL, 0 };
|
| + SECItem signature_item = {siBuffer, NULL, 0};
|
|
|
| if (PK11_SignWithSymKey(key->key(),
|
| PK11_GetMechanism(key->key()),
|
| @@ -689,10 +679,9 @@ Status SignHmac(
|
| // RsaEsPkcs1v1_5
|
| // -----------------------------------
|
|
|
| -Status EncryptRsaEsPkcs1v1_5(
|
| - PublicKey* key,
|
| - const CryptoData& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
|
| + const CryptoData& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| const unsigned int encrypted_length_bytes =
|
| SECKEY_PublicKeyStrength(key->key());
|
|
|
| @@ -716,10 +705,9 @@ Status EncryptRsaEsPkcs1v1_5(
|
| return Status::Success();
|
| }
|
|
|
| -Status DecryptRsaEsPkcs1v1_5(
|
| - PrivateKey* key,
|
| - const CryptoData& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
|
| + const CryptoData& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key());
|
| if (modulus_length_bytes <= 0)
|
| return Status::ErrorUnexpected();
|
| @@ -747,11 +735,10 @@ Status DecryptRsaEsPkcs1v1_5(
|
| // RsaSsaPkcs1v1_5
|
| // -----------------------------------
|
|
|
| -Status SignRsaSsaPkcs1v1_5(
|
| - PrivateKey* key,
|
| - const blink::WebCryptoAlgorithm& hash,
|
| - const CryptoData& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
|
| + const blink::WebCryptoAlgorithm& hash,
|
| + const CryptoData& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| // Pick the NSS signing algorithm by combining RSA-SSA (RSA PKCS1) and the
|
| // inner hash of the input Web Crypto algorithm.
|
| SECOidTag sign_alg_tag;
|
| @@ -788,12 +775,11 @@ Status SignRsaSsaPkcs1v1_5(
|
| return Status::Success();
|
| }
|
|
|
| -Status VerifyRsaSsaPkcs1v1_5(
|
| - PublicKey* key,
|
| - const blink::WebCryptoAlgorithm& hash,
|
| - const CryptoData& signature,
|
| - const CryptoData& data,
|
| - bool* signature_match) {
|
| +Status VerifyRsaSsaPkcs1v1_5(PublicKey* key,
|
| + const blink::WebCryptoAlgorithm& hash,
|
| + const CryptoData& signature,
|
| + const CryptoData& data,
|
| + bool* signature_match) {
|
| const SECItem signature_item = MakeSECItemForBuffer(signature);
|
|
|
| SECOidTag hash_alg_tag;
|
| @@ -854,12 +840,11 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
|
| // Key generation
|
| // -----------------------------------
|
|
|
| -Status GenerateRsaKeyPair(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* public_key,
|
| - blink::WebCryptoKey* private_key) {
|
| +Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* public_key,
|
| + blink::WebCryptoKey* private_key) {
|
| const blink::WebCryptoRsaKeyGenParams* const params =
|
| algorithm.rsaKeyGenParams();
|
| DCHECK(params);
|
| @@ -874,7 +859,8 @@ Status GenerateRsaKeyPair(
|
|
|
| if (!BigIntegerToLong(params->publicExponent().data(),
|
| params->publicExponent().size(),
|
| - &public_exponent) || !public_exponent) {
|
| + &public_exponent) ||
|
| + !public_exponent) {
|
| return Status::ErrorGenerateKeyPublicExponent();
|
| }
|
|
|
| @@ -897,9 +883,8 @@ Status GenerateRsaKeyPair(
|
| NOTREACHED();
|
| return Status::ErrorUnexpected();
|
| }
|
| - const CK_FLAGS operation_flags_mask = CKF_ENCRYPT | CKF_DECRYPT |
|
| - CKF_SIGN | CKF_VERIFY | CKF_WRAP |
|
| - CKF_UNWRAP;
|
| + const CK_FLAGS operation_flags_mask =
|
| + CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP;
|
| const PK11AttrFlags attribute_flags = 0; // Default all PK11_ATTR_ flags.
|
|
|
| // Note: NSS does not generate an sec_public_key if the call below fails,
|
| @@ -923,24 +908,21 @@ Status GenerateRsaKeyPair(
|
| true,
|
| algorithm,
|
| usage_mask);
|
| - *private_key = blink::WebCryptoKey::create(
|
| - new PrivateKey(scoped_sec_private_key.Pass()),
|
| - blink::WebCryptoKeyTypePrivate,
|
| - extractable,
|
| - algorithm,
|
| - usage_mask);
|
| + *private_key =
|
| + blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()),
|
| + blink::WebCryptoKeyTypePrivate,
|
| + extractable,
|
| + algorithm,
|
| + usage_mask);
|
|
|
| return Status::Success();
|
| }
|
|
|
| -void Init() {
|
| - crypto::EnsureNSSInit();
|
| -}
|
| +void Init() { crypto::EnsureNSSInit(); }
|
|
|
| -Status DigestSha(
|
| - blink::WebCryptoAlgorithmId algorithm,
|
| - const CryptoData& data,
|
| - blink::WebArrayBuffer* buffer) {
|
| +Status DigestSha(blink::WebCryptoAlgorithmId algorithm,
|
| + const CryptoData& data,
|
| + blink::WebArrayBuffer* buffer) {
|
| HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm);
|
| if (hash_type == HASH_AlgNULL)
|
| return Status::ErrorUnsupported();
|
| @@ -970,12 +952,11 @@ Status DigestSha(
|
| return Status::Success();
|
| }
|
|
|
| -Status GenerateSecretKey(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - unsigned keylen_bytes,
|
| - blink::WebCryptoKey* key) {
|
| +Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + unsigned keylen_bytes,
|
| + blink::WebCryptoKey* key) {
|
| CK_MECHANISM_TYPE mech = WebCryptoAlgorithmToGenMechanism(algorithm);
|
| blink::WebCryptoKeyType key_type = blink::WebCryptoKeyTypeSecret;
|
|
|
| @@ -1000,13 +981,12 @@ Status GenerateSecretKey(
|
| return Status::Success();
|
| }
|
|
|
| -Status ImportRsaPublicKey(
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - const CryptoData& modulus_data,
|
| - const CryptoData& exponent_data,
|
| - blink::WebCryptoKey* key) {
|
| +Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + const CryptoData& modulus_data,
|
| + const CryptoData& exponent_data,
|
| + blink::WebCryptoKey* key) {
|
|
|
| if (!modulus_data.byte_length())
|
| return Status::ErrorImportRsaEmptyModulus();
|
|
|
Chromium Code Reviews
Issue 171503006:
[style] Run webcrypto files through clang-format. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src