| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/platform_crypto.h" | 5 #include "content/renderer/webcrypto/platform_crypto.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 #include <sechash.h> | 9 #include <sechash.h> |
| 10 | 10 |
| 11 #include <vector> | 11 #include <vector> |
| 12 | 12 |
| 13 #include "base/lazy_instance.h" | 13 #include "base/lazy_instance.h" |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "content/renderer/webcrypto/crypto_data.h" | 15 #include "content/renderer/webcrypto/crypto_data.h" |
| 16 #include "content/renderer/webcrypto/webcrypto_util.h" | 16 #include "content/renderer/webcrypto/webcrypto_util.h" |
| 17 #include "crypto/nss_util.h" | 17 #include "crypto/nss_util.h" |
| 18 #include "crypto/scoped_nss_types.h" | 18 #include "crypto/scoped_nss_types.h" |
| 19 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 19 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 22 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 23 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 24 #endif |
| 22 | 25 |
| 23 #if defined(USE_NSS) | 26 #if defined(USE_NSS) |
| 24 #include <dlfcn.h> | 27 #include <dlfcn.h> |
| 25 #endif | 28 #endif |
| 26 | 29 |
| 27 // At the time of this writing: | 30 // At the time of this writing: |
| 28 // * Windows and Mac builds ship with their own copy of NSS (3.15+) | 31 // * Windows and Mac builds ship with their own copy of NSS (3.15+) |
| 29 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+ | 32 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+ |
| 30 // on other distros). | 33 // on other distros). |
| 31 // | 34 // |
| (...skipping 328 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 360 } | 363 } |
| 361 | 364 |
| 362 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( | 365 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( |
| 363 const blink::WebCryptoAlgorithm& algorithm) { | 366 const blink::WebCryptoAlgorithm& algorithm) { |
| 364 switch (algorithm.id()) { | 367 switch (algorithm.id()) { |
| 365 case blink::WebCryptoAlgorithmIdAesCbc: | 368 case blink::WebCryptoAlgorithmIdAesCbc: |
| 366 case blink::WebCryptoAlgorithmIdAesGcm: | 369 case blink::WebCryptoAlgorithmIdAesGcm: |
| 367 case blink::WebCryptoAlgorithmIdAesKw: | 370 case blink::WebCryptoAlgorithmIdAesKw: |
| 368 return CKM_AES_KEY_GEN; | 371 return CKM_AES_KEY_GEN; |
| 369 case blink::WebCryptoAlgorithmIdHmac: | 372 case blink::WebCryptoAlgorithmIdHmac: |
| 373 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 374 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash()); |
| 375 #else |
| 370 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); | 376 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); |
| 377 #endif |
| 371 default: | 378 default: |
| 372 return CKM_INVALID_MECHANISM; | 379 return CKM_INVALID_MECHANISM; |
| 373 } | 380 } |
| 374 } | 381 } |
| 375 | 382 |
| 376 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | 383 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, |
| 377 // to unsigned long. | 384 // to unsigned long. |
| 378 bool BigIntegerToLong(const uint8* data, | 385 bool BigIntegerToLong(const uint8* data, |
| 379 unsigned int data_size, | 386 unsigned int data_size, |
| 380 unsigned long* result) { | 387 unsigned long* result) { |
| (...skipping 13 matching lines...) Expand all Loading... |
| 394 } | 401 } |
| 395 return true; | 402 return true; |
| 396 } | 403 } |
| 397 | 404 |
| 398 bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) { | 405 bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) { |
| 399 return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 406 return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
| 400 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep || | 407 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep || |
| 401 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; | 408 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
| 402 } | 409 } |
| 403 | 410 |
| 411 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 412 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
| 413 SECKEYPublicKey* key, |
| 414 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 415 // TODO(eroman): What about other key types rsaPss, rsaOaep. |
| 416 if (!key || key->keyType != rsaKey) |
| 417 return false; |
| 418 |
| 419 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; |
| 420 CryptoData public_exponent(key->u.rsa.publicExponent.data, |
| 421 key->u.rsa.publicExponent.len); |
| 422 |
| 423 switch (algorithm.paramsType()) { |
| 424 case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams: |
| 425 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: |
| 426 *key_algorithm = blink::WebCryptoKeyAlgorithm::adoptParamsAndCreate( |
| 427 algorithm.id(), |
| 428 new blink::WebCryptoRsaHashedKeyAlgorithmParams( |
| 429 modulus_length_bits, |
| 430 public_exponent.bytes(), |
| 431 public_exponent.byte_length(), |
| 432 GetInnerHashAlgorithm(algorithm))); |
| 433 return true; |
| 434 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: |
| 435 case blink::WebCryptoAlgorithmParamsTypeNone: |
| 436 *key_algorithm = blink::WebCryptoKeyAlgorithm::adoptParamsAndCreate( |
| 437 algorithm.id(), |
| 438 new blink::WebCryptoRsaKeyAlgorithmParams( |
| 439 modulus_length_bits, |
| 440 public_exponent.bytes(), |
| 441 public_exponent.byte_length())); |
| 442 return true; |
| 443 default: |
| 444 return false; |
| 445 } |
| 446 } |
| 447 |
| 448 bool CreatePrivateKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
| 449 SECKEYPrivateKey* key, |
| 450 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 451 return CreatePublicKeyAlgorithm( |
| 452 algorithm, SECKEY_ConvertToPublicKey(key), key_algorithm); |
| 453 } |
| 454 #endif |
| 455 |
| 404 } // namespace | 456 } // namespace |
| 405 | 457 |
| 406 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 458 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| 407 const CryptoData& key_data, | 459 const CryptoData& key_data, |
| 408 bool extractable, | 460 bool extractable, |
| 409 blink::WebCryptoKeyUsageMask usage_mask, | 461 blink::WebCryptoKeyUsageMask usage_mask, |
| 410 blink::WebCryptoKey* key) { | 462 blink::WebCryptoKey* key) { |
| 411 | 463 |
| 412 DCHECK(!algorithm.isNull()); | 464 DCHECK(!algorithm.isNull()); |
| 413 | 465 |
| 414 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. | 466 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. |
| 415 // Currently only supporting symmetric. | 467 // Currently only supporting symmetric. |
| 416 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; | 468 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM; |
| 417 // Flags are verified at the Blink layer; here the flags are set to all | 469 // Flags are verified at the Blink layer; here the flags are set to all |
| 418 // possible operations for this key type. | 470 // possible operations for this key type. |
| 419 CK_FLAGS flags = 0; | 471 CK_FLAGS flags = 0; |
| 420 | 472 |
| 421 switch (algorithm.id()) { | 473 switch (algorithm.id()) { |
| 422 case blink::WebCryptoAlgorithmIdHmac: { | 474 case blink::WebCryptoAlgorithmIdHmac: { |
| 423 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 475 const blink::WebCryptoAlgorithm& hash = GetInnerHashAlgorithm(algorithm); |
| 424 if (!params) | |
| 425 return Status::ErrorUnexpected(); | |
| 426 | 476 |
| 427 mechanism = WebCryptoHashToHMACMechanism(params->hash()); | 477 mechanism = WebCryptoHashToHMACMechanism(hash); |
| 428 if (mechanism == CKM_INVALID_MECHANISM) | 478 if (mechanism == CKM_INVALID_MECHANISM) |
| 429 return Status::ErrorUnsupported(); | 479 return Status::ErrorUnsupported(); |
| 430 | 480 |
| 431 flags |= CKF_SIGN | CKF_VERIFY; | 481 flags |= CKF_SIGN | CKF_VERIFY; |
| 432 | |
| 433 break; | 482 break; |
| 434 } | 483 } |
| 435 case blink::WebCryptoAlgorithmIdAesCbc: { | 484 case blink::WebCryptoAlgorithmIdAesCbc: { |
| 436 mechanism = CKM_AES_CBC; | 485 mechanism = CKM_AES_CBC; |
| 437 flags |= CKF_ENCRYPT | CKF_DECRYPT; | 486 flags |= CKF_ENCRYPT | CKF_DECRYPT; |
| 438 break; | 487 break; |
| 439 } | 488 } |
| 440 case blink::WebCryptoAlgorithmIdAesKw: { | 489 case blink::WebCryptoAlgorithmIdAesKw: { |
| 441 mechanism = CKM_NSS_AES_KEY_WRAP; | 490 mechanism = CKM_NSS_AES_KEY_WRAP; |
| 442 flags |= CKF_WRAP | CKF_WRAP; | 491 flags |= CKF_WRAP | CKF_WRAP; |
| (...skipping 21 matching lines...) Expand all Loading... |
| 464 mechanism, | 513 mechanism, |
| 465 PK11_OriginUnwrap, | 514 PK11_OriginUnwrap, |
| 466 CKA_FLAGS_ONLY, | 515 CKA_FLAGS_ONLY, |
| 467 &key_item, | 516 &key_item, |
| 468 flags, | 517 flags, |
| 469 false, | 518 false, |
| 470 NULL)); | 519 NULL)); |
| 471 if (!pk11_sym_key.get()) | 520 if (!pk11_sym_key.get()) |
| 472 return Status::Error(); | 521 return Status::Error(); |
| 473 | 522 |
| 523 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 524 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 525 if (!CreateSecretKeyAlgorithm( |
| 526 algorithm, key_data.byte_length(), &key_algorithm)) |
| 527 return Status::ErrorUnexpected(); |
| 528 #else |
| 529 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 530 #endif |
| 531 |
| 474 *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), | 532 *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), |
| 475 blink::WebCryptoKeyTypeSecret, | 533 blink::WebCryptoKeyTypeSecret, |
| 476 extractable, | 534 extractable, |
| 477 algorithm, | 535 key_algorithm, |
| 478 usage_mask); | 536 usage_mask); |
| 479 return Status::Success(); | 537 return Status::Success(); |
| 480 } | 538 } |
| 481 | 539 |
| 482 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { | 540 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
| 483 if (PK11_ExtractKeyValue(key->key()) != SECSuccess) | 541 if (PK11_ExtractKeyValue(key->key()) != SECSuccess) |
| 484 return Status::Error(); | 542 return Status::Error(); |
| 485 | 543 |
| 486 const SECItem* key_data = PK11_GetKeyData(key->key()); | 544 const SECItem* key_data = PK11_GetKeyData(key->key()); |
| 487 if (!key_data) | 545 if (!key_data) |
| (...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 555 SECKEY_ExtractPublicKey(spki.get())); | 613 SECKEY_ExtractPublicKey(spki.get())); |
| 556 if (!sec_public_key) | 614 if (!sec_public_key) |
| 557 return Status::Error(); | 615 return Status::Error(); |
| 558 | 616 |
| 559 const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get()); | 617 const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get()); |
| 560 blink::WebCryptoAlgorithm algorithm = | 618 blink::WebCryptoAlgorithm algorithm = |
| 561 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); | 619 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); |
| 562 if (algorithm.isNull()) | 620 if (algorithm.isNull()) |
| 563 return Status::Error(); | 621 return Status::Error(); |
| 564 | 622 |
| 623 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 624 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 625 if (!CreatePublicKeyAlgorithm( |
| 626 algorithm, sec_public_key.get(), &key_algorithm)) |
| 627 return Status::ErrorUnexpected(); |
| 628 #else |
| 629 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 630 #endif |
| 631 |
| 565 *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), | 632 *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), |
| 566 blink::WebCryptoKeyTypePublic, | 633 blink::WebCryptoKeyTypePublic, |
| 567 extractable, | 634 extractable, |
| 568 algorithm, | 635 key_algorithm, |
| 569 usage_mask); | 636 usage_mask); |
| 570 | 637 |
| 571 return Status::Success(); | 638 return Status::Success(); |
| 572 } | 639 } |
| 573 | 640 |
| 574 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { | 641 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
| 575 const crypto::ScopedSECItem spki_der( | 642 const crypto::ScopedSECItem spki_der( |
| 576 SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); | 643 SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); |
| 577 if (!spki_der) | 644 if (!spki_der) |
| 578 return Status::Error(); | 645 return Status::Error(); |
| (...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 616 } | 683 } |
| 617 DCHECK(seckey_private_key); | 684 DCHECK(seckey_private_key); |
| 618 crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key); | 685 crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key); |
| 619 | 686 |
| 620 const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get()); | 687 const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get()); |
| 621 blink::WebCryptoAlgorithm algorithm = | 688 blink::WebCryptoAlgorithm algorithm = |
| 622 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); | 689 ResolveNssKeyTypeWithInputAlgorithm(sec_key_type, algorithm_or_null); |
| 623 if (algorithm.isNull()) | 690 if (algorithm.isNull()) |
| 624 return Status::Error(); | 691 return Status::Error(); |
| 625 | 692 |
| 693 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 694 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 695 if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm)) |
| 696 return Status::ErrorUnexpected(); |
| 697 #else |
| 698 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 699 #endif |
| 700 |
| 626 *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), | 701 *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), |
| 627 blink::WebCryptoKeyTypePrivate, | 702 blink::WebCryptoKeyTypePrivate, |
| 628 extractable, | 703 extractable, |
| 629 algorithm, | 704 key_algorithm, |
| 630 usage_mask); | 705 usage_mask); |
| 631 | 706 |
| 632 return Status::Success(); | 707 return Status::Success(); |
| 633 } | 708 } |
| 634 | 709 |
| 635 // ----------------------------------- | 710 // ----------------------------------- |
| 636 // Hmac | 711 // Hmac |
| 637 // ----------------------------------- | 712 // ----------------------------------- |
| 638 | 713 |
| 639 Status SignHmac(SymKey* key, | 714 Status SignHmac(SymKey* key, |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 833 mode, key, data, iv, additional_data, tag_length_bits, buffer); | 908 mode, key, data, iv, additional_data, tag_length_bits, buffer); |
| 834 } | 909 } |
| 835 | 910 |
| 836 // ----------------------------------- | 911 // ----------------------------------- |
| 837 // Key generation | 912 // Key generation |
| 838 // ----------------------------------- | 913 // ----------------------------------- |
| 839 | 914 |
| 840 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 915 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
| 841 bool extractable, | 916 bool extractable, |
| 842 blink::WebCryptoKeyUsageMask usage_mask, | 917 blink::WebCryptoKeyUsageMask usage_mask, |
| 918 unsigned int modulus_length_bits, |
| 919 const CryptoData& public_exponent, |
| 920 const blink::WebCryptoAlgorithm& hash_or_null, |
| 843 blink::WebCryptoKey* public_key, | 921 blink::WebCryptoKey* public_key, |
| 844 blink::WebCryptoKey* private_key) { | 922 blink::WebCryptoKey* private_key) { |
| 845 const blink::WebCryptoRsaKeyGenParams* const params = | |
| 846 algorithm.rsaKeyGenParams(); | |
| 847 DCHECK(params); | |
| 848 | |
| 849 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 923 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 850 if (!slot) | 924 if (!slot) |
| 851 return Status::Error(); | 925 return Status::Error(); |
| 852 | 926 |
| 853 unsigned long public_exponent; | 927 unsigned long public_exponent_long; |
| 854 if (!params->modulusLengthBits()) | 928 if (!BigIntegerToLong(public_exponent.bytes(), |
| 855 return Status::ErrorGenerateRsaZeroModulus(); | 929 public_exponent.byte_length(), |
| 856 | 930 &public_exponent_long) || |
| 857 if (!BigIntegerToLong(params->publicExponent().data(), | 931 !public_exponent_long) { |
| 858 params->publicExponent().size(), | |
| 859 &public_exponent) || | |
| 860 !public_exponent) { | |
| 861 return Status::ErrorGenerateKeyPublicExponent(); | 932 return Status::ErrorGenerateKeyPublicExponent(); |
| 862 } | 933 } |
| 863 | 934 |
| 864 PK11RSAGenParams rsa_gen_params; | 935 PK11RSAGenParams rsa_gen_params; |
| 865 rsa_gen_params.keySizeInBits = params->modulusLengthBits(); | 936 rsa_gen_params.keySizeInBits = modulus_length_bits; |
| 866 rsa_gen_params.pe = public_exponent; | 937 rsa_gen_params.pe = public_exponent_long; |
| 867 | 938 |
| 868 // Flags are verified at the Blink layer; here the flags are set to all | 939 // Flags are verified at the Blink layer; here the flags are set to all |
| 869 // possible operations for the given key type. | 940 // possible operations for the given key type. |
| 870 CK_FLAGS operation_flags; | 941 CK_FLAGS operation_flags; |
| 871 switch (algorithm.id()) { | 942 switch (algorithm.id()) { |
| 872 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | 943 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
| 873 case blink::WebCryptoAlgorithmIdRsaOaep: | 944 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 874 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; | 945 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; |
| 875 break; | 946 break; |
| 876 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 947 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
| (...skipping 15 matching lines...) Expand all Loading... |
| 892 CKM_RSA_PKCS_KEY_PAIR_GEN, | 963 CKM_RSA_PKCS_KEY_PAIR_GEN, |
| 893 &rsa_gen_params, | 964 &rsa_gen_params, |
| 894 &sec_public_key, | 965 &sec_public_key, |
| 895 attribute_flags, | 966 attribute_flags, |
| 896 operation_flags, | 967 operation_flags, |
| 897 operation_flags_mask, | 968 operation_flags_mask, |
| 898 NULL)); | 969 NULL)); |
| 899 if (!private_key) | 970 if (!private_key) |
| 900 return Status::Error(); | 971 return Status::Error(); |
| 901 | 972 |
| 973 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 974 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 975 if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm)) |
| 976 return Status::ErrorUnexpected(); |
| 977 #else |
| 978 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 979 #endif |
| 980 |
| 902 *public_key = blink::WebCryptoKey::create( | 981 *public_key = blink::WebCryptoKey::create( |
| 903 new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), | 982 new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), |
| 904 blink::WebCryptoKeyTypePublic, | 983 blink::WebCryptoKeyTypePublic, |
| 905 true, | 984 true, |
| 906 algorithm, | 985 key_algorithm, |
| 907 usage_mask); | 986 usage_mask); |
| 908 *private_key = | 987 *private_key = |
| 909 blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), | 988 blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), |
| 910 blink::WebCryptoKeyTypePrivate, | 989 blink::WebCryptoKeyTypePrivate, |
| 911 extractable, | 990 extractable, |
| 912 algorithm, | 991 key_algorithm, |
| 913 usage_mask); | 992 usage_mask); |
| 914 | 993 |
| 915 return Status::Success(); | 994 return Status::Success(); |
| 916 } | 995 } |
| 917 | 996 |
| 918 void Init() { crypto::EnsureNSSInit(); } | 997 void Init() { crypto::EnsureNSSInit(); } |
| 919 | 998 |
| 920 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, | 999 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
| 921 const CryptoData& data, | 1000 const CryptoData& data, |
| 922 blink::WebArrayBuffer* buffer) { | 1001 blink::WebArrayBuffer* buffer) { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 963 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 1042 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
| 964 if (!slot) | 1043 if (!slot) |
| 965 return Status::Error(); | 1044 return Status::Error(); |
| 966 | 1045 |
| 967 crypto::ScopedPK11SymKey pk11_key( | 1046 crypto::ScopedPK11SymKey pk11_key( |
| 968 PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL)); | 1047 PK11_KeyGen(slot.get(), mech, NULL, keylen_bytes, NULL)); |
| 969 | 1048 |
| 970 if (!pk11_key) | 1049 if (!pk11_key) |
| 971 return Status::Error(); | 1050 return Status::Error(); |
| 972 | 1051 |
| 1052 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 1053 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 1054 if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm)) |
| 1055 return Status::ErrorUnexpected(); |
| 1056 #else |
| 1057 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 1058 #endif |
| 1059 |
| 973 *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), | 1060 *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), |
| 974 key_type, | 1061 key_type, |
| 975 extractable, | 1062 extractable, |
| 976 algorithm, | 1063 key_algorithm, |
| 977 usage_mask); | 1064 usage_mask); |
| 978 return Status::Success(); | 1065 return Status::Success(); |
| 979 } | 1066 } |
| 980 | 1067 |
| 981 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 1068 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| 982 bool extractable, | 1069 bool extractable, |
| 983 blink::WebCryptoKeyUsageMask usage_mask, | 1070 blink::WebCryptoKeyUsageMask usage_mask, |
| 984 const CryptoData& modulus_data, | 1071 const CryptoData& modulus_data, |
| 985 const CryptoData& exponent_data, | 1072 const CryptoData& exponent_data, |
| 986 blink::WebCryptoKey* key) { | 1073 blink::WebCryptoKey* key) { |
| (...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1022 SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template)); | 1109 SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template)); |
| 1023 if (!pubkey_der) | 1110 if (!pubkey_der) |
| 1024 return Status::Error(); | 1111 return Status::Error(); |
| 1025 | 1112 |
| 1026 // Import the DER-encoded public key to create an RSA SECKEYPublicKey. | 1113 // Import the DER-encoded public key to create an RSA SECKEYPublicKey. |
| 1027 crypto::ScopedSECKEYPublicKey pubkey( | 1114 crypto::ScopedSECKEYPublicKey pubkey( |
| 1028 SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); | 1115 SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); |
| 1029 if (!pubkey) | 1116 if (!pubkey) |
| 1030 return Status::Error(); | 1117 return Status::Error(); |
| 1031 | 1118 |
| 1119 #ifdef WEBCRYPTO_HAS_KEY_ALGORITHM |
| 1120 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 1121 if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm)) |
| 1122 return Status::ErrorUnexpected(); |
| 1123 #else |
| 1124 const blink::WebCryptoAlgorithm& key_algorithm = algorithm; |
| 1125 #endif |
| 1126 |
| 1032 *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), | 1127 *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), |
| 1033 blink::WebCryptoKeyTypePublic, | 1128 blink::WebCryptoKeyTypePublic, |
| 1034 extractable, | 1129 extractable, |
| 1035 algorithm, | 1130 key_algorithm, |
| 1036 usage_mask); | 1131 usage_mask); |
| 1037 return Status::Success(); | 1132 return Status::Success(); |
| 1038 } | 1133 } |
| 1039 | 1134 |
| 1040 } // namespace platform | 1135 } // namespace platform |
| 1041 | 1136 |
| 1042 } // namespace webcrypto | 1137 } // namespace webcrypto |
| 1043 | 1138 |
| 1044 } // namespace content | 1139 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 178073007:
[webcrypto] Update to use the KeyAlgorithm. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src