OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/platform_crypto.h" | 5 #include "content/renderer/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 | 10 |
11 #include <vector> | 11 #include <vector> |
12 | 12 |
13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "content/renderer/webcrypto/crypto_data.h" | 15 #include "content/renderer/webcrypto/crypto_data.h" |
16 #include "content/renderer/webcrypto/webcrypto_util.h" | 16 #include "content/renderer/webcrypto/webcrypto_util.h" |
17 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
18 #include "crypto/scoped_nss_types.h" | 18 #include "crypto/scoped_nss_types.h" |
19 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 19 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 22 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 23 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 24 #endif |
22 | 25 |
23 #if defined(USE_NSS) | 26 #if defined(USE_NSS) |
24 #include <dlfcn.h> | 27 #include <dlfcn.h> |
25 #endif | 28 #endif |
26 | 29 |
27 // At the time of this writing: | 30 // At the time of this writing: |
28 // * Windows and Mac builds ship with their own copy of NSS (3.15+) | 31 // * Windows and Mac builds ship with their own copy of NSS (3.15+) |
29 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+ | 32 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+ |
30 // on other distros). | 33 // on other distros). |
31 // | 34 // |
(...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
360 } | 363 } |
361 | 364 |
362 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( | 365 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( |
363 const blink::WebCryptoAlgorithm& algorithm) { | 366 const blink::WebCryptoAlgorithm& algorithm) { |
364 switch (algorithm.id()) { | 367 switch (algorithm.id()) { |
365 case blink::WebCryptoAlgorithmIdAesCbc: | 368 case blink::WebCryptoAlgorithmIdAesCbc: |
366 case blink::WebCryptoAlgorithmIdAesGcm: | 369 case blink::WebCryptoAlgorithmIdAesGcm: |
367 case blink::WebCryptoAlgorithmIdAesKw: | 370 case blink::WebCryptoAlgorithmIdAesKw: |
368 return CKM_AES_KEY_GEN; | 371 return CKM_AES_KEY_GEN; |
369 case blink::WebCryptoAlgorithmIdHmac: | 372 case blink::WebCryptoAlgorithmIdHmac: |
| 373 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 374 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash()); |
| 375 #else |
370 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); | 376 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); |
| 377 #endif |
371 default: | 378 default: |
372 return CKM_INVALID_MECHANISM; | 379 return CKM_INVALID_MECHANISM; |
373 } | 380 } |
374 } | 381 } |
375 | 382 |
376 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | 383 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, |
377 // to unsigned long. | 384 // to unsigned long. |
378 bool BigIntegerToLong(const uint8* data, | 385 bool BigIntegerToLong(const uint8* data, |
379 unsigned int data_size, | 386 unsigned int data_size, |
380 unsigned long* result) { | 387 unsigned long* result) { |
(...skipping 13 matching lines...) Expand all Loading... |
394 } | 401 } |
395 return true; | 402 return true; |
396 } | 403 } |
397 | 404 |
398 bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) { | 405 bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) { |
399 return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 406 return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
400 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep || | 407 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep || |
401 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; | 408 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
402 } | 409 } |
403 | 410 |
| 411 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 412 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
| 413 SECKEYPublicKey* key, |
| 414 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 415 // TODO(eroman): What about other key types rsaPss, rsaOaep. |
| 416 if (!key || key->keyType != rsaKey) |
| 417 return false; |
| 418 |
| 419 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; |
| 420 CryptoData public_exponent(key->u.rsa.publicExponent.data, |
| 421 key->u.rsa.publicExponent.len); |
| 422 |
| 423 switch (algorithm.paramsType()) { |
| 424 case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams: |
| 425 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: |
| 426 *key_algorithm = blink::WebCryptoKeyAlgorithm::adoptParamsAndCreate( |
| 427 algorithm.id(), |
| 428 new blink::WebCryptoRsaHashedKeyAlgorithmParams( |
| 429 modulus_length_bits, |
| 430 public_exponent.bytes(), |
| 431 public_exponent.byte_length(), |
| 432 GetInnerHashAlgorithm(algorithm))); |
| 433 return true; |
| 434 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: |
| 435 case blink::WebCryptoAlgorithmParamsTypeNone: |
| 436 *key_algorithm = blink::WebCryptoKeyAlgorithm::adoptParamsAndCreate( |
| 437 algorithm.id(), |
| 438 new blink::WebCryptoRsaKeyAlgorithmParams( |
| 439 modulus_length_bits, |
| 440 public_exponent.bytes(), |
| 441 public_exponent.byte_length())); |
| 442 return true; |
| 443 default: |
| 444 return false; |
| 445 } |
| 446 } |
| 447 |
| 448 bool CreatePrivateKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
| 449 SECKEYPrivateKey* key, |
| 450 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 451 return CreatePublicKeyAlgorithm( |
| 452 algorithm, SECKEY_ConvertToPublicKey(key), key_algorithm); |
| 453 } |
| 454 #endif |
| 455 |
404 } // namespace | 456 } // namespace |
405 | 457 |
406 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 458 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
407 const CryptoData& key_data, | 459 const CryptoData& key_data, |
408 bool extractable, | 460 bool extractable, |
409 blink::WebCryptoKeyUsageMask usage_mask, | 461 blink::WebCryptoKeyUsageMask usage_mask, |
410 blink::WebCryptoKey* key) { | 462 blink::WebCryptoKey* key) { |
411 | 463 |
412 DCHECK(!algorithm.isNull()); | 464 DCHECK(!algorithm.isNull()); |
413 | 465 |
414 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. | 466 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. |
415 // Currently only supporting symmetric. | 467 // Currently only supporting symmetric. |
416 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; | 468 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; |
417 // Flags are verified at the Blink layer; here the flags are set to all | 469 // Flags are verified at the Blink layer; here the flags are set to all |
418 // possible operations for this key type. | 470 // possible operations for this key type. |
419 CK_FLAGS flags = 0; | 471 CK_FLAGS flags = 0; |
420 | 472 |
421 switch (algorithm.id()) { | 473 switch (algorithm.id()) { |
422 case blink::WebCryptoAlgorithmIdHmac: { | 474 case blink::WebCryptoAlgorithmIdHmac: { |
423 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 475 const blink::WebCryptoAlgorithm& hash = GetInnerHashAlgorithm(algorithm); |
424 if (!params) | |
425 return Status::ErrorUnexpected(); | |
426 | 476 |
427 mechanism = WebCryptoHashToHMACMechanism(params->hash()); | 477 mechanism = WebCryptoHashToHMACMechanism(hash); |
428 if (mechanism == CKM_INVALID_MECHANISM) | 478 if (mechanism == CKM_INVALID_MECHANISM) |
429 return Status::ErrorUnsupported(); | 479 return Status::ErrorUnsupported(); |
430 | 480 |
431 flags |= CKF_SIGN | CKF_VERIFY; | 481 flags |= CKF_SIGN | CKF_VERIFY; |
432 | |
433 break; | 482 break; |
434 } | 483 } |
435 case blink::WebCryptoAlgorithmIdAesCbc: { | 484 case blink::WebCryptoAlgorithmIdAesCbc: { |
436 mechanism = CKM_AES_CBC; | 485 mechanism = CKM_AES_CBC; |
437 flags |= CKF_ENCRYPT | CKF_DECRYPT; | 486 flags |= CKF_ENCRYPT | CKF_DECRYPT; |
438 break; | 487 break; |
439 } | 488 } |
440 case blink::WebCryptoAlgorithmIdAesKw: { | 489 case blink::WebCryptoAlgorithmIdAesKw: { |
441 mechanism = CKM_NSS_AES_KEY_WRAP; | 490 mechanism = CKM_NSS_AES_KEY_WRAP; |
442 flags |= CKF_WRAP | CKF_WRAP; | 491 flags |= CKF_WRAP | CKF_WRAP; |
(...skipping 21 matching lines...) Expand all Loading... |
464 mechanism, | 513 mechanism, |
465 PK11_OriginUnwrap, | 514 PK11_OriginUnwrap, |
466 CKA_FLAGS_ONLY, | 515 CKA_FLAGS_ONLY, |
467 &key_item, | 516 &key_item, |
468 flags, | 517 flags, |
469 false, | 518 false, |
470 NULL)); | 519 NULL)); |
471 if (!pk11_sym_key.get()) | 520 if (!pk11_sym_key.get()) |
472 return Status::Error(); | 521 return Status::Error(); |
473 | 522 |
| 523 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 524 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 525 if (!CreateSecretKeyAlgorithm( |
| 526 algorithm, key_data.byte_length(), &key_algorithm)) |
| 527 return Status::ErrorUnexpected(); |
| 528 #else |
| 529 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 530 #endif |
| 531 |
474 *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), | 532 *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), |
475 blink::WebCryptoKeyTypeSecret, | 533 blink::WebCryptoKeyTypeSecret, |
476 extractable, | 534 extractable, |
477 algorithm, | 535 key_algorithm, |
478 usage_mask); | 536 usage_mask); |
479 return Status::Success(); | 537 return Status::Success(); |
480 } | 538 } |
481 | 539 |
482 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { | 540 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
483 if (PK11_ExtractKeyValue(key->key()) != SECSuccess) | 541 if (PK11_ExtractKeyValue(key->key()) != SECSuccess) |
484 return Status::Error(); | 542 return Status::Error(); |
485 | 543 |
486 const SECItem* key_data = PK11_GetKeyData(key->key()); | 544 const SECItem* key_data = PK11_GetKeyData(key->key()); |
487 if (!key_data) | 545 if (!key_data) |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
555 SECKEY_ExtractPublicKey(spki.get())); | 613 SECKEY_ExtractPublicKey(spki.get())); |
556 if (!sec_public_key) | 614 if (!sec_public_key) |
557 return Status::Error(); | 615 return Status::Error(); |
558 | 616 |
559 const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get()); | 617 const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get()); |
560 blink::WebCryptoAlgorithm algorithm = | 618 blink::WebCryptoAlgorithm algorithm = |
561 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); | 619 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); |
562 if (algorithm.isNull()) | 620 if (algorithm.isNull()) |
563 return Status::Error(); | 621 return Status::Error(); |
564 | 622 |
| 623 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 624 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 625 if (!CreatePublicKeyAlgorithm( |
| 626 algorithm, sec_public_key.get(), &key_algorithm)) |
| 627 return Status::ErrorUnexpected(); |
| 628 #else |
| 629 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 630 #endif |
| 631 |
565 *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), | 632 *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), |
566 blink::WebCryptoKeyTypePublic, | 633 blink::WebCryptoKeyTypePublic, |
567 extractable, | 634 extractable, |
568 algorithm, | 635 key_algorithm, |
569 usage_mask); | 636 usage_mask); |
570 | 637 |
571 return Status::Success(); | 638 return Status::Success(); |
572 } | 639 } |
573 | 640 |
574 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { | 641 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
575 const crypto::ScopedSECItem spki_der( | 642 const crypto::ScopedSECItem spki_der( |
576 SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); | 643 SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); |
577 if (!spki_der) | 644 if (!spki_der) |
578 return Status::Error(); | 645 return Status::Error(); |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
616 } | 683 } |
617 DCHECK(seckey_private_key); | 684 DCHECK(seckey_private_key); |
618 crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key); | 685 crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key); |
619 | 686 |
620 const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get()); | 687 const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get()); |
621 blink::WebCryptoAlgorithm algorithm = | 688 blink::WebCryptoAlgorithm algorithm = |
622 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); | 689 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); |
623 if (algorithm.isNull()) | 690 if (algorithm.isNull()) |
624 return Status::Error(); | 691 return Status::Error(); |
625 | 692 |
| 693 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 694 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 695 if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm)) |
| 696 return Status::ErrorUnexpected(); |
| 697 #else |
| 698 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 699 #endif |
| 700 |
626 *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), | 701 *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), |
627 blink::WebCryptoKeyTypePrivate, | 702 blink::WebCryptoKeyTypePrivate, |
628 extractable, | 703 extractable, |
629 algorithm, | 704 key_algorithm, |
630 usage_mask); | 705 usage_mask); |
631 | 706 |
632 return Status::Success(); | 707 return Status::Success(); |
633 } | 708 } |
634 | 709 |
635 // ----------------------------------- | 710 // ----------------------------------- |
636 // Hmac | 711 // Hmac |
637 // ----------------------------------- | 712 // ----------------------------------- |
638 | 713 |
639 Status SignHmac(SymKey* key, | 714 Status SignHmac(SymKey* key, |
(...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
833 mode, key, data, iv, additional_data, tag_length_bits, buffer); | 908 mode, key, data, iv, additional_data, tag_length_bits, buffer); |
834 } | 909 } |
835 | 910 |
836 // ----------------------------------- | 911 // ----------------------------------- |
837 // Key generation | 912 // Key generation |
838 // ----------------------------------- | 913 // ----------------------------------- |
839 | 914 |
840 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 915 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
841 bool extractable, | 916 bool extractable, |
842 blink::WebCryptoKeyUsageMask usage_mask, | 917 blink::WebCryptoKeyUsageMask usage_mask, |
| 918 unsigned int modulus_length_bits, |
| 919 const CryptoData& public_exponent, |
| 920 const blink::WebCryptoAlgorithm& hash_or_null, |
843 blink::WebCryptoKey* public_key, | 921 blink::WebCryptoKey* public_key, |
844 blink::WebCryptoKey* private_key) { | 922 blink::WebCryptoKey* private_key) { |
845 const blink::WebCryptoRsaKeyGenParams* const params = | |
846 algorithm.rsaKeyGenParams(); | |
847 DCHECK(params); | |
848 | |
849 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 923 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
850 if (!slot) | 924 if (!slot) |
851 return Status::Error(); | 925 return Status::Error(); |
852 | 926 |
853 unsigned long public_exponent; | 927 unsigned long public_exponent_long; |
854 if (!params->modulusLengthBits()) | 928 if (!BigIntegerToLong(public_exponent.bytes(), |
855 return Status::ErrorGenerateRsaZeroModulus(); | 929 public_exponent.byte_length(), |
856 | 930 &public_exponent_long) || |
857 if (!BigIntegerToLong(params->publicExponent().data(), | 931 !public_exponent_long) { |
858 params->publicExponent().size(), | |
859 &public_exponent) || | |
860 !public_exponent) { | |
861 return Status::ErrorGenerateKeyPublicExponent(); | 932 return Status::ErrorGenerateKeyPublicExponent(); |
862 } | 933 } |
863 | 934 |
864 PK11RSAGenParams rsa_gen_params; | 935 PK11RSAGenParams rsa_gen_params; |
865 rsa_gen_params.keySizeInBits = params->modulusLengthBits(); | 936 rsa_gen_params.keySizeInBits = modulus_length_bits; |
866 rsa_gen_params.pe = public_exponent; | 937 rsa_gen_params.pe = public_exponent_long; |
867 | 938 |
868 // Flags are verified at the Blink layer; here the flags are set to all | 939 // Flags are verified at the Blink layer; here the flags are set to all |
869 // possible operations for the given key type. | 940 // possible operations for the given key type. |
870 CK_FLAGS operation_flags; | 941 CK_FLAGS operation_flags; |
871 switch (algorithm.id()) { | 942 switch (algorithm.id()) { |
872 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | 943 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
873 case blink::WebCryptoAlgorithmIdRsaOaep: | 944 case blink::WebCryptoAlgorithmIdRsaOaep: |
874 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; | 945 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; |
875 break; | 946 break; |
876 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 947 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
(...skipping 15 matching lines...) Expand all Loading... |
892 CKM_RSA_PKCS_KEY_PAIR_GEN, | 963 CKM_RSA_PKCS_KEY_PAIR_GEN, |
893 &rsa_gen_params, | 964 &rsa_gen_params, |
894 &sec_public_key, | 965 &sec_public_key, |
895 attribute_flags, | 966 attribute_flags, |
896 operation_flags, | 967 operation_flags, |
897 operation_flags_mask, | 968 operation_flags_mask, |
898 NULL)); | 969 NULL)); |
899 if (!private_key) | 970 if (!private_key) |
900 return Status::Error(); | 971 return Status::Error(); |
901 | 972 |
| 973 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 974 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 975 if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm)) |
| 976 return Status::ErrorUnexpected(); |
| 977 #else |
| 978 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 979 #endif |
| 980 |
902 *public_key = blink::WebCryptoKey::create( | 981 *public_key = blink::WebCryptoKey::create( |
903 new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), | 982 new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), |
904 blink::WebCryptoKeyTypePublic, | 983 blink::WebCryptoKeyTypePublic, |
905 true, | 984 true, |
906 algorithm, | 985 key_algorithm, |
907 usage_mask); | 986 usage_mask); |
908 *private_key = | 987 *private_key = |
909 blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), | 988 blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), |
910 blink::WebCryptoKeyTypePrivate, | 989 blink::WebCryptoKeyTypePrivate, |
911 extractable, | 990 extractable, |
912 algorithm, | 991 key_algorithm, |
913 usage_mask); | 992 usage_mask); |
914 | 993 |
915 return Status::Success(); | 994 return Status::Success(); |
916 } | 995 } |
917 | 996 |
918 void Init() { crypto::EnsureNSSInit(); } | 997 void Init() { crypto::EnsureNSSInit(); } |
919 | 998 |
920 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, | 999 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
921 const CryptoData& data, | 1000 const CryptoData& data, |
922 blink::WebArrayBuffer* buffer) { | 1001 blink::WebArrayBuffer* buffer) { |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
963 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 1042 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
964 if (!slot) | 1043 if (!slot) |
965 return Status::Error(); | 1044 return Status::Error(); |
966 | 1045 |
967 crypto::ScopedPK11SymKey pk11_key( | 1046 crypto::ScopedPK11SymKey pk11_key( |
968 PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL)); | 1047 PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL)); |
969 | 1048 |
970 if (!pk11_key) | 1049 if (!pk11_key) |
971 return Status::Error(); | 1050 return Status::Error(); |
972 | 1051 |
| 1052 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 1053 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 1054 if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm)) |
| 1055 return Status::ErrorUnexpected(); |
| 1056 #else |
| 1057 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 1058 #endif |
| 1059 |
973 *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), | 1060 *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), |
974 key_type, | 1061 key_type, |
975 extractable, | 1062 extractable, |
976 algorithm, | 1063 key_algorithm, |
977 usage_mask); | 1064 usage_mask); |
978 return Status::Success(); | 1065 return Status::Success(); |
979 } | 1066 } |
980 | 1067 |
981 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 1068 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
982 bool extractable, | 1069 bool extractable, |
983 blink::WebCryptoKeyUsageMask usage_mask, | 1070 blink::WebCryptoKeyUsageMask usage_mask, |
984 const CryptoData& modulus_data, | 1071 const CryptoData& modulus_data, |
985 const CryptoData& exponent_data, | 1072 const CryptoData& exponent_data, |
986 blink::WebCryptoKey* key) { | 1073 blink::WebCryptoKey* key) { |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1022 SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template)); | 1109 SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template)); |
1023 if (!pubkey_der) | 1110 if (!pubkey_der) |
1024 return Status::Error(); | 1111 return Status::Error(); |
1025 | 1112 |
1026 // Import the DER-encoded public key to create an RSA SECKEYPublicKey. | 1113 // Import the DER-encoded public key to create an RSA SECKEYPublicKey. |
1027 crypto::ScopedSECKEYPublicKey pubkey( | 1114 crypto::ScopedSECKEYPublicKey pubkey( |
1028 SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); | 1115 SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); |
1029 if (!pubkey) | 1116 if (!pubkey) |
1030 return Status::Error(); | 1117 return Status::Error(); |
1031 | 1118 |
| 1119 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 1120 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 1121 if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm)) |
| 1122 return Status::ErrorUnexpected(); |
| 1123 #else |
| 1124 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 1125 #endif |
| 1126 |
1032 *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), | 1127 *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), |
1033 blink::WebCryptoKeyTypePublic, | 1128 blink::WebCryptoKeyTypePublic, |
1034 extractable, | 1129 extractable, |
1035 algorithm, | 1130 key_algorithm, |
1036 usage_mask); | 1131 usage_mask); |
1037 return Status::Success(); | 1132 return Status::Success(); |
1038 } | 1133 } |
1039 | 1134 |
1040 } // namespace platform | 1135 } // namespace platform |
1041 | 1136 |
1042 } // namespace webcrypto | 1137 } // namespace webcrypto |
1043 | 1138 |
1044 } // namespace content | 1139 } // namespace content |
OLD | NEW |