OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <algorithm> | 5 #include <algorithm> |
6 #include <functional> | 6 #include <functional> |
7 #include <map> | 7 #include <map> |
8 #include "base/base64.h" | |
8 #include "base/json/json_reader.h" | 9 #include "base/json/json_reader.h" |
10 #include "base/json/json_writer.h" | |
9 #include "base/lazy_instance.h" | 11 #include "base/lazy_instance.h" |
10 #include "base/logging.h" | 12 #include "base/logging.h" |
11 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
12 #include "base/strings/string_piece.h" | 14 #include "base/strings/string_piece.h" |
13 #include "base/values.h" | 15 #include "base/strings/stringprintf.h" |
14 #include "content/child/webcrypto/crypto_data.h" | 16 #include "content/child/webcrypto/crypto_data.h" |
15 #include "content/child/webcrypto/platform_crypto.h" | 17 #include "content/child/webcrypto/platform_crypto.h" |
16 #include "content/child/webcrypto/shared_crypto.h" | 18 #include "content/child/webcrypto/shared_crypto.h" |
17 #include "content/child/webcrypto/webcrypto_util.h" | 19 #include "content/child/webcrypto/webcrypto_util.h" |
20 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
18 | 21 |
19 namespace content { | 22 namespace content { |
20 | 23 |
21 namespace webcrypto { | 24 namespace webcrypto { |
22 | 25 |
23 namespace { | 26 namespace { |
24 | 27 |
28 // Web Crypto equivalent usage mask for JWK 'use' = 'enc'. | |
29 // TODO(padolph): Add 'deriveBits' once supported by Blink. | |
30 const blink::WebCryptoKeyUsageMask kJwkEncUsage = | |
31 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | |
32 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey | | |
33 blink::WebCryptoKeyUsageDeriveKey; | |
34 // Web Crypto equivalent usage mask for JWK 'use' = 'sig'. | |
35 const blink::WebCryptoKeyUsageMask kJwkSigUsage = | |
36 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
37 | |
25 typedef blink::WebCryptoAlgorithm (*AlgorithmCreationFunc)(); | 38 typedef blink::WebCryptoAlgorithm (*AlgorithmCreationFunc)(); |
26 | 39 |
27 class JwkAlgorithmInfo { | 40 class JwkAlgorithmInfo { |
28 public: | 41 public: |
29 JwkAlgorithmInfo() | 42 JwkAlgorithmInfo() |
30 : creation_func_(NULL), | 43 : creation_func_(NULL), |
31 required_key_length_bytes_(NO_KEY_SIZE_REQUIREMENT) {} | 44 required_key_length_bytes_(NO_KEY_SIZE_REQUIREMENT) {} |
32 | 45 |
33 explicit JwkAlgorithmInfo(AlgorithmCreationFunc algorithm_creation_func) | 46 explicit JwkAlgorithmInfo(AlgorithmCreationFunc algorithm_creation_func) |
34 : creation_func_(algorithm_creation_func), | 47 : creation_func_(algorithm_creation_func), |
(...skipping 28 matching lines...) Expand all Loading... | |
63 | 76 |
64 typedef std::map<std::string, JwkAlgorithmInfo> JwkAlgorithmInfoMap; | 77 typedef std::map<std::string, JwkAlgorithmInfo> JwkAlgorithmInfoMap; |
65 | 78 |
66 class JwkAlgorithmRegistry { | 79 class JwkAlgorithmRegistry { |
67 public: | 80 public: |
68 JwkAlgorithmRegistry() { | 81 JwkAlgorithmRegistry() { |
69 // TODO(eroman): | 82 // TODO(eroman): |
70 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-20 | 83 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-20 |
71 // says HMAC with SHA-2 should have a key size at least as large as the | 84 // says HMAC with SHA-2 should have a key size at least as large as the |
72 // hash output. | 85 // hash output. |
86 alg_to_info_["HS1"] = | |
87 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, | |
88 blink::WebCryptoAlgorithmIdSha1>); | |
89 alg_to_info_["HS224"] = | |
90 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, | |
91 blink::WebCryptoAlgorithmIdSha224>); | |
73 alg_to_info_["HS256"] = | 92 alg_to_info_["HS256"] = |
74 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, | 93 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, |
75 blink::WebCryptoAlgorithmIdSha256>); | 94 blink::WebCryptoAlgorithmIdSha256>); |
76 alg_to_info_["HS384"] = | 95 alg_to_info_["HS384"] = |
77 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, | 96 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, |
78 blink::WebCryptoAlgorithmIdSha384>); | 97 blink::WebCryptoAlgorithmIdSha384>); |
79 alg_to_info_["HS512"] = | 98 alg_to_info_["HS512"] = |
80 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, | 99 JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm, |
81 blink::WebCryptoAlgorithmIdSha512>); | 100 blink::WebCryptoAlgorithmIdSha512>); |
82 alg_to_info_["RS256"] = | 101 alg_to_info_["RS256"] = |
83 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, | 102 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, |
84 blink::WebCryptoAlgorithmIdSha256>); | 103 blink::WebCryptoAlgorithmIdSha256>); |
85 alg_to_info_["RS384"] = | 104 alg_to_info_["RS384"] = |
86 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, | 105 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, |
87 blink::WebCryptoAlgorithmIdSha384>); | 106 blink::WebCryptoAlgorithmIdSha384>); |
88 alg_to_info_["RS512"] = | 107 alg_to_info_["RS512"] = |
89 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, | 108 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm, |
90 blink::WebCryptoAlgorithmIdSha512>); | 109 blink::WebCryptoAlgorithmIdSha512>); |
91 alg_to_info_["RSA1_5"] = JwkAlgorithmInfo( | 110 alg_to_info_["RSA1_5"] = JwkAlgorithmInfo( |
92 &BindAlgorithmId<CreateAlgorithm, | 111 &BindAlgorithmId<CreateAlgorithm, |
93 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>); | 112 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>); |
94 alg_to_info_["RSA-OAEP"] = | 113 alg_to_info_["RSA-OAEP"] = |
95 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm, | 114 JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm, |
96 blink::WebCryptoAlgorithmIdSha1>); | 115 blink::WebCryptoAlgorithmIdSha1>); |
97 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet | 116 alg_to_info_["A128KW"] = JwkAlgorithmInfo( |
98 alg_to_info_["A128KW"] = | 117 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesKw>, |
99 JwkAlgorithmInfo(&blink::WebCryptoAlgorithm::createNull, 128); | 118 128); |
100 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet | 119 alg_to_info_["A192KW"] = JwkAlgorithmInfo( |
101 alg_to_info_["A256KW"] = | 120 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesKw>, |
102 JwkAlgorithmInfo(&blink::WebCryptoAlgorithm::createNull, 256); | 121 192); |
122 alg_to_info_["A256KW"] = JwkAlgorithmInfo( | |
123 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesKw>, | |
124 256); | |
103 alg_to_info_["A128GCM"] = JwkAlgorithmInfo( | 125 alg_to_info_["A128GCM"] = JwkAlgorithmInfo( |
104 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesGcm>, | 126 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesGcm>, |
105 128); | 127 128); |
128 alg_to_info_["A192GCM"] = JwkAlgorithmInfo( | |
129 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesGcm>, | |
130 192); | |
106 alg_to_info_["A256GCM"] = JwkAlgorithmInfo( | 131 alg_to_info_["A256GCM"] = JwkAlgorithmInfo( |
107 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesGcm>, | 132 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesGcm>, |
108 256); | 133 256); |
109 alg_to_info_["A128CBC"] = JwkAlgorithmInfo( | 134 alg_to_info_["A128CBC"] = JwkAlgorithmInfo( |
110 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesCbc>, | 135 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesCbc>, |
111 128); | 136 128); |
112 alg_to_info_["A192CBC"] = JwkAlgorithmInfo( | 137 alg_to_info_["A192CBC"] = JwkAlgorithmInfo( |
113 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesCbc>, | 138 &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesCbc>, |
114 192); | 139 192); |
115 alg_to_info_["A256CBC"] = JwkAlgorithmInfo( | 140 alg_to_info_["A256CBC"] = JwkAlgorithmInfo( |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
190 if (!dict->Get(path, &value)) | 215 if (!dict->Get(path, &value)) |
191 return Status::Success(); | 216 return Status::Success(); |
192 | 217 |
193 if (!value->GetAsString(result)) | 218 if (!value->GetAsString(result)) |
194 return Status::ErrorJwkPropertyWrongType(path, "string"); | 219 return Status::ErrorJwkPropertyWrongType(path, "string"); |
195 | 220 |
196 *property_exists = true; | 221 *property_exists = true; |
197 return Status::Success(); | 222 return Status::Success(); |
198 } | 223 } |
199 | 224 |
225 // Extracts the optional array property with key |path| from |dict| and saves | |
226 // the result to |*result| if it was found. If the property exists and is not an | |
227 // array, returns an error. Otherwise returns success, and sets | |
228 // |*property_exists| if it was found. Note that |*result| is owned by |dict|. | |
229 Status GetOptionalJwkList(base::DictionaryValue* dict, | |
230 const std::string& path, | |
231 base::ListValue** result, | |
232 bool* property_exists) { | |
233 *property_exists = false; | |
234 base::Value* value = NULL; | |
235 if (!dict->Get(path, &value)) | |
236 return Status::Success(); | |
237 | |
238 if (!value->GetAsList(result)) | |
239 return Status::ErrorJwkPropertyWrongType(path, "list"); | |
240 | |
241 *property_exists = true; | |
242 return Status::Success(); | |
243 } | |
244 | |
200 // Extracts the required string property with key |path| from |dict| and saves | 245 // Extracts the required string property with key |path| from |dict| and saves |
201 // the base64-decoded bytes to |*result|. If the property does not exist or is | 246 // the base64url-decoded bytes to |*result|. If the property does not exist or |
202 // not a string, or could not be base64-decoded, returns an error. | 247 // is not a string, or could not be base64url-decoded, returns an error. |
203 Status GetJwkBytes(base::DictionaryValue* dict, | 248 Status GetJwkBytes(base::DictionaryValue* dict, |
204 const std::string& path, | 249 const std::string& path, |
205 std::string* result) { | 250 std::string* result) { |
206 std::string base64_string; | 251 std::string base64_string; |
207 Status status = GetJwkString(dict, path, &base64_string); | 252 Status status = GetJwkString(dict, path, &base64_string); |
208 if (status.IsError()) | 253 if (status.IsError()) |
209 return status; | 254 return status; |
210 | 255 |
211 if (!Base64DecodeUrlSafe(base64_string, result)) | 256 if (!Base64DecodeUrlSafe(base64_string, result)) |
212 return Status::ErrorJwkBase64Decode(path); | 257 return Status::ErrorJwkBase64Decode(path); |
(...skipping 14 matching lines...) Expand all Loading... | |
227 if (!dict->Get(path, &value)) | 272 if (!dict->Get(path, &value)) |
228 return Status::Success(); | 273 return Status::Success(); |
229 | 274 |
230 if (!value->GetAsBoolean(result)) | 275 if (!value->GetAsBoolean(result)) |
231 return Status::ErrorJwkPropertyWrongType(path, "boolean"); | 276 return Status::ErrorJwkPropertyWrongType(path, "boolean"); |
232 | 277 |
233 *property_exists = true; | 278 *property_exists = true; |
234 return Status::Success(); | 279 return Status::Success(); |
235 } | 280 } |
236 | 281 |
282 // Returns true if the set bits in b make up a subset of the set bits in a. | |
283 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, | |
284 blink::WebCryptoKeyUsageMask b) { | |
285 return (a & b) == b; | |
286 } | |
287 | |
288 // Writes a secret/symmetric key to a JWK dictionary. | |
289 void WriteSecretKey(const blink::WebArrayBuffer& raw_key, | |
290 base::DictionaryValue* jwk_dict) { | |
291 DCHECK(jwk_dict); | |
292 jwk_dict->SetString("kty", "oct"); | |
293 // For a secret/symmetric key, the only extra JWK field is 'k', containing the | |
294 // base64url encoding of the raw key. | |
295 DCHECK(!raw_key.isNull()); | |
296 DCHECK(raw_key.data()); | |
297 DCHECK(raw_key.byteLength()); | |
298 unsigned int key_length_bytes = raw_key.byteLength(); | |
299 const base::StringPiece key_str(static_cast<const char*>(raw_key.data()), | |
300 key_length_bytes); | |
301 jwk_dict->SetString("k", webcrypto::Base64EncodeUrlSafe(key_str)); | |
eroman
2014/03/10 21:55:34
no need for webcrypto:: prefix
padolph
2014/03/11 01:27:53
Done.
| |
302 } | |
303 | |
304 // Writes a Web Crypto usage mask to a JWK dictionary. | |
305 void WriteKeyOps(blink::WebCryptoKeyUsageMask key_usages, | |
306 base::DictionaryValue* jwk_dict) { | |
307 base::ListValue* key_ops = CreateJwkKeyOpsFromWebCryptoUsages(key_usages); | |
eroman
2014/03/10 21:55:34
[optional] inline this directly into the Set() cal
padolph
2014/03/11 01:27:53
Done.
| |
308 // The following call transfers ownership of key_ops to jwk_dict. | |
309 jwk_dict->Set("key_ops", key_ops); | |
310 } | |
311 | |
312 // Writes a Web Crypto extractable value to a JWK dictionary. | |
313 void WriteExt(bool extractable, base::DictionaryValue* jwk_dict) { | |
314 jwk_dict->SetBoolean("ext", extractable); | |
315 } | |
316 | |
317 // Writes a Web Crypto algorithm to a JWK dictionary. | |
318 Status WriteAlg(const blink::WebCryptoKeyAlgorithm& algorithm, | |
319 unsigned int raw_key_length_bytes, | |
320 base::DictionaryValue* jwk_dict) { | |
321 switch (algorithm.paramsType()) { | |
322 case blink::WebCryptoKeyAlgorithmParamsTypeAes: { | |
323 const char* aes_prefix = ""; | |
324 switch (raw_key_length_bytes) { | |
325 case 16: | |
326 aes_prefix = "A128"; | |
327 break; | |
328 case 24: | |
329 aes_prefix = "A192"; | |
330 break; | |
331 case 32: | |
332 aes_prefix = "A256"; | |
333 break; | |
334 default: | |
335 NOTREACHED(); // bad key length means algorithm was built improperly | |
336 return Status::ErrorUnexpected(); | |
337 } | |
338 switch (algorithm.id()) { | |
339 case blink::WebCryptoAlgorithmIdAesCbc: | |
340 jwk_dict->SetString("alg", | |
341 base::StringPrintf("%s%s", aes_prefix, "CBC")); | |
eroman
2014/03/10 21:55:34
I suggest extracting the "base::StringPrintf("%s%s
padolph
2014/03/11 01:27:53
Done.
| |
342 break; | |
343 case blink::WebCryptoAlgorithmIdAesCtr: | |
344 jwk_dict->SetString("alg", | |
345 base::StringPrintf("%s%s", aes_prefix, "CTR")); | |
346 break; | |
347 case blink::WebCryptoAlgorithmIdAesGcm: | |
348 jwk_dict->SetString("alg", | |
349 base::StringPrintf("%s%s", aes_prefix, "GCM")); | |
350 break; | |
351 case blink::WebCryptoAlgorithmIdAesKw: | |
352 jwk_dict->SetString("alg", | |
353 base::StringPrintf("%s%s", aes_prefix, "KW")); | |
354 break; | |
355 default: | |
356 return Status::ErrorUnsupported(); | |
357 } | |
358 break; | |
359 } | |
360 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: { | |
361 DCHECK(algorithm.hmacParams()); | |
362 switch (algorithm.hmacParams()->hash().id()) { | |
363 case blink::WebCryptoAlgorithmIdSha1: | |
364 jwk_dict->SetString("alg", "HS1"); | |
365 break; | |
366 case blink::WebCryptoAlgorithmIdSha224: | |
367 jwk_dict->SetString("alg", "HS224"); | |
368 break; | |
369 case blink::WebCryptoAlgorithmIdSha256: | |
370 jwk_dict->SetString("alg", "HS256"); | |
371 break; | |
372 case blink::WebCryptoAlgorithmIdSha384: | |
373 jwk_dict->SetString("alg", "HS384"); | |
374 break; | |
375 case blink::WebCryptoAlgorithmIdSha512: | |
376 jwk_dict->SetString("alg", "HS512"); | |
377 break; | |
378 default: | |
379 NOTREACHED(); | |
380 return Status::ErrorUnexpected(); | |
381 } | |
382 break; | |
383 } | |
384 case blink::WebCryptoKeyAlgorithmParamsTypeRsa: | |
385 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: | |
386 // TODO(padolph): Handle RSA key | |
387 return Status::ErrorUnsupported(); | |
388 default: | |
389 return Status::ErrorUnsupported(); | |
390 } | |
391 return Status::Success(); | |
392 } | |
393 | |
237 } // namespace | 394 } // namespace |
238 | 395 |
239 Status ImportKeyJwk(const CryptoData& key_data, | 396 Status ImportKeyJwk(const CryptoData& key_data, |
240 const blink::WebCryptoAlgorithm& algorithm_or_null, | 397 const blink::WebCryptoAlgorithm& algorithm_or_null, |
241 bool extractable, | 398 bool extractable, |
242 blink::WebCryptoKeyUsageMask usage_mask, | 399 blink::WebCryptoKeyUsageMask usage_mask, |
243 blink::WebCryptoKey* key) { | 400 blink::WebCryptoKey* key) { |
244 | 401 |
402 // TODO(padolph): Generalize this comment to include export, and move to top | |
403 // of file. | |
404 | |
245 // The goal of this method is to extract key material and meta data from the | 405 // The goal of this method is to extract key material and meta data from the |
246 // incoming JWK, combine them with the input parameters, and ultimately import | 406 // incoming JWK, combine them with the input parameters, and ultimately import |
247 // a Web Crypto Key. | 407 // a Web Crypto Key. |
248 // | 408 // |
249 // JSON Web Key Format (JWK) | 409 // JSON Web Key Format (JWK) |
250 // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16 | 410 // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-21 |
251 // TODO(padolph): Not all possible values are handled by this code right now | |
252 // | 411 // |
253 // A JWK is a simple JSON dictionary with the following entries | 412 // A JWK is a simple JSON dictionary with the following entries |
254 // - "kty" (Key Type) Parameter, REQUIRED | 413 // - "kty" (Key Type) Parameter, REQUIRED |
255 // - <kty-specific parameters, see below>, REQUIRED | 414 // - <kty-specific parameters, see below>, REQUIRED |
256 // - "use" (Key Use) Parameter, OPTIONAL | 415 // - "use" (Key Use) Parameter, OPTIONAL |
416 // - "key_ops" (Key Operations) Parameter, OPTIONAL | |
257 // - "alg" (Algorithm) Parameter, OPTIONAL | 417 // - "alg" (Algorithm) Parameter, OPTIONAL |
258 // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE, | 418 // - "ext" (Key Exportability), OPTIONAL |
259 // see https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796] | |
260 // (all other entries are ignored) | 419 // (all other entries are ignored) |
261 // | 420 // |
262 // OPTIONAL here means that this code does not require the entry to be present | 421 // OPTIONAL here means that this code does not require the entry to be present |
263 // in the incoming JWK, because the method input parameters contain similar | 422 // in the incoming JWK, because the method input parameters contain similar |
264 // information. If the optional JWK entry is present, it will be validated | 423 // information. If the optional JWK entry is present, it will be validated |
265 // against the corresponding input parameter for consistency and combined with | 424 // against the corresponding input parameter for consistency and combined with |
266 // it according to rules defined below. A special case is that the method | 425 // it according to rules defined below. A special case is that the method |
267 // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg' | 426 // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg' |
268 // value (if present) is used as a fallback. | 427 // value (if present) is used as a fallback. |
269 // | 428 // |
270 // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK | 429 // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK |
271 // values are parsed out and combined with the method input parameters to | 430 // values are parsed out and combined with the method input parameters to |
272 // build a Web Crypto Key: | 431 // build a Web Crypto Key: |
273 // Web Crypto Key type <-- (deduced) | 432 // Web Crypto Key type <-- (deduced) |
274 // Web Crypto Key extractable <-- JWK extractable + input extractable | 433 // Web Crypto Key extractable <-- JWK ext + input extractable |
275 // Web Crypto Key algorithm <-- JWK alg + input algorithm | 434 // Web Crypto Key algorithm <-- JWK alg + input algorithm |
276 // Web Crypto Key keyUsage <-- JWK use + input usage_mask | 435 // Web Crypto Key keyUsage <-- JWK use, key_ops + input usage_mask |
277 // Web Crypto Key keying material <-- kty-specific parameters | 436 // Web Crypto Key keying material <-- kty-specific parameters |
278 // | 437 // |
279 // Values for each JWK entry are case-sensitive and defined in | 438 // Values for each JWK entry are case-sensitive and defined in |
280 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16. | 439 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18. |
281 // Note that not all values specified by JOSE are handled by this code. Only | 440 // Note that not all values specified by JOSE are handled by this code. Only |
282 // handled values are listed. | 441 // handled values are listed. |
283 // - kty (Key Type) | 442 // - kty (Key Type) |
284 // +-------+--------------------------------------------------------------+ | 443 // +-------+--------------------------------------------------------------+ |
285 // | "RSA" | RSA [RFC3447] | | 444 // | "RSA" | RSA [RFC3447] | |
286 // | "oct" | Octet sequence (used to represent symmetric keys) | | 445 // | "oct" | Octet sequence (used to represent symmetric keys) | |
287 // +-------+--------------------------------------------------------------+ | 446 // +-------+--------------------------------------------------------------+ |
447 // | |
448 // - key_ops (Key Use Details) | |
449 // The key_ops field is an array that contains one or more strings from | |
450 // the table below, and describes the operations for which this key may be | |
451 // used. | |
452 // +-------+--------------------------------------------------------------+ | |
453 // | "encrypt" | encrypt operations | | |
454 // | "decrypt" | decrypt operations | | |
455 // | "sign" | sign (MAC) operations | | |
456 // | "verify" | verify (MAC) operations | | |
457 // | "wrapKey" | key wrap | | |
458 // | "unwrapKey" | key unwrap | | |
459 // | "deriveKey" | key derivation | | |
460 // | "deriveBits" | key derivation TODO(padolph): not currently supported | | |
461 // +-------+--------------------------------------------------------------+ | |
462 // | |
288 // - use (Key Use) | 463 // - use (Key Use) |
464 // The use field contains a single entry from the table below. | |
289 // +-------+--------------------------------------------------------------+ | 465 // +-------+--------------------------------------------------------------+ |
290 // | "enc" | encrypt and decrypt operations | | 466 // | "sig" | equivalent to key_ops of [sign, verify] | |
291 // | "sig" | sign and verify (MAC) operations | | 467 // | "enc" | equivalent to key_ops of [encrypt, decrypt, wrapKey, | |
292 // | "wrap"| key wrap and unwrap [not yet part of JOSE] | | 468 // | | unwrapKey, deriveKey, deriveBits] | |
293 // +-------+--------------------------------------------------------------+ | 469 // +-------+--------------------------------------------------------------+ |
294 // - extractable (Key Exportability) | 470 // |
471 // NOTE: If both "use" and "key_ops" JWK members are present, the usages | |
472 // specified by them MUST be consistent. In particular, the "use" value | |
473 // "sig" corresponds to "sign" and/or "verify". The "use" value "enc" | |
474 // corresponds to all other values defined above. If "key_ops" values | |
475 // corresponding to both "sig" and "enc" "use" values are present, the "use" | |
476 // member SHOULD NOT be present, and if present, its value MUST NOT be | |
477 // either "sig" or "enc". | |
478 // | |
479 // - ext (Key Exportability) | |
295 // +-------+--------------------------------------------------------------+ | 480 // +-------+--------------------------------------------------------------+ |
296 // | true | Key may be exported from the trusted environment | | 481 // | true | Key may be exported from the trusted environment | |
297 // | false | Key cannot exit the trusted environment | | 482 // | false | Key cannot exit the trusted environment | |
298 // +-------+--------------------------------------------------------------+ | 483 // +-------+--------------------------------------------------------------+ |
484 // | |
299 // - alg (Algorithm) | 485 // - alg (Algorithm) |
300 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16 | 486 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18 |
301 // +--------------+-------------------------------------------------------+ | 487 // +--------------+-------------------------------------------------------+ |
302 // | Digital Signature or MAC Algorithm | | 488 // | Digital Signature or MAC Algorithm | |
303 // +--------------+-------------------------------------------------------+ | 489 // +--------------+-------------------------------------------------------+ |
490 // | "HS1" | HMAC using SHA-1 hash algorithm | | |
491 // | "HS224" | HMAC using SHA-224 hash algorithm | | |
Ryan Sleevi
2014/03/11 00:43:15
Note: This is being removed (all of SHA-224)
padolph
2014/03/11 01:27:53
Done.
| |
304 // | "HS256" | HMAC using SHA-256 hash algorithm | | 492 // | "HS256" | HMAC using SHA-256 hash algorithm | |
305 // | "HS384" | HMAC using SHA-384 hash algorithm | | 493 // | "HS384" | HMAC using SHA-384 hash algorithm | |
306 // | "HS512" | HMAC using SHA-512 hash algorithm | | 494 // | "HS512" | HMAC using SHA-512 hash algorithm | |
307 // | "RS256" | RSASSA using SHA-256 hash algorithm | | 495 // | "RS256" | RSASSA using SHA-256 hash algorithm | |
308 // | "RS384" | RSASSA using SHA-384 hash algorithm | | 496 // | "RS384" | RSASSA using SHA-384 hash algorithm | |
309 // | "RS512" | RSASSA using SHA-512 hash algorithm | | 497 // | "RS512" | RSASSA using SHA-512 hash algorithm | |
310 // +--------------+-------------------------------------------------------| | 498 // +--------------+-------------------------------------------------------| |
311 // | Key Management Algorithm | | 499 // | Key Management Algorithm | |
312 // +--------------+-------------------------------------------------------+ | 500 // +--------------+-------------------------------------------------------+ |
313 // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | | 501 // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | |
314 // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | | 502 // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | |
315 // | | (OAEP) [RFC3447], with the default parameters | | 503 // | | (OAEP) [RFC3447], with the default parameters | |
316 // | | specified by RFC3447 in Section A.2.1 | | 504 // | | specified by RFC3447 in Section A.2.1 | |
317 // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | | 505 // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | |
318 // | | [RFC3394] using 128 bit keys | | 506 // | | [RFC3394] using 128 bit keys | |
507 // | "A192KW" | AES Key Wrap Algorithm using 192 bit keys | | |
319 // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | | 508 // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | |
320 // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | | 509 // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | |
321 // | | 128 bit keys | | 510 // | | 128 bit keys | |
511 // | "A192GCM" | AES GCM using 192 bit keys | | |
322 // | "A256GCM" | AES GCM using 256 bit keys | | 512 // | "A256GCM" | AES GCM using 256 bit keys | |
323 // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | | 513 // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | |
324 // | | padding [NIST.800-38A] [not yet part of JOSE, see | | 514 // | | padding [NIST.800-38A] [not yet part of JOSE, see | |
325 // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 | | 515 // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 | |
Ryan Sleevi
2014/03/11 00:43:15
Remove this comment as well? [the not yet part]
padolph
2014/03/11 01:27:53
Done.
| |
326 // | "A192CBC" | AES CBC using 192 bit keys [not yet part of JOSE] | | 516 // | "A192CBC" | AES CBC using 192 bit keys | |
327 // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] | | 517 // | "A256CBC" | AES CBC using 256 bit keys | |
328 // +--------------+-------------------------------------------------------+ | 518 // +--------------+-------------------------------------------------------+ |
329 // | 519 // |
330 // kty-specific parameters | 520 // kty-specific parameters |
331 // The value of kty determines the type and content of the keying material | 521 // The value of kty determines the type and content of the keying material |
332 // carried in the JWK to be imported. Currently only two possibilities are | 522 // carried in the JWK to be imported. Currently only two possibilities are |
333 // supported: a raw key or an RSA public key. RSA private keys are not | 523 // supported: a raw key or an RSA public key. RSA private keys are not |
334 // supported because typical applications seldom need to import a private key, | 524 // supported because typical applications seldom need to import a private key, |
335 // and the large number of JWK parameters required to describe one. | 525 // and the large number of JWK parameters required to describe one. |
336 // - kty == "oct" (symmetric or other raw key) | 526 // - kty == "oct" (symmetric or other raw key) |
337 // +-------+--------------------------------------------------------------+ | 527 // +-------+--------------------------------------------------------------+ |
(...skipping 21 matching lines...) Expand all Loading... | |
359 // | 549 // |
360 // algorithm | 550 // algorithm |
361 // If an algorithm is provided by both the input parameter and the JWK, | 551 // If an algorithm is provided by both the input parameter and the JWK, |
362 // consistency between the two is based only on algorithm ID's (including an | 552 // consistency between the two is based only on algorithm ID's (including an |
363 // inner hash algorithm if present). In this case if the consistency | 553 // inner hash algorithm if present). In this case if the consistency |
364 // check is passed, the input algorithm is used. If only one of either the | 554 // check is passed, the input algorithm is used. If only one of either the |
365 // input algorithm and JWK alg is provided, it is used as the final | 555 // input algorithm and JWK alg is provided, it is used as the final |
366 // algorithm. | 556 // algorithm. |
367 // | 557 // |
368 // extractable | 558 // extractable |
369 // If the JWK extractable is true but the input parameter is false, make the | 559 // If the JWK ext field is true but the input parameter is false, make the |
370 // Web Crypto Key non-extractable. Conversely, if the JWK extractable is | 560 // Web Crypto Key non-extractable. Conversely, if the JWK ext field is |
371 // false but the input parameter is true, it is an inconsistency. If both | 561 // false but the input parameter is true, it is an inconsistency. If both |
372 // are true or both are false, use that value. | 562 // are true or both are false, use that value. |
373 // | 563 // |
374 // usage_mask | 564 // usage_mask |
375 // The input usage_mask must be a strict subset of the interpreted JWK use | 565 // The input usage_mask must be a strict subset of the interpreted JWK use |
376 // value, else it is judged inconsistent. In all cases the input usage_mask | 566 // value, else it is judged inconsistent. In all cases the input usage_mask |
377 // is used as the final usage_mask. | 567 // is used as the final usage_mask. |
378 // | 568 // |
379 | 569 |
380 if (!key_data.byte_length()) | 570 if (!key_data.byte_length()) |
381 return Status::ErrorImportEmptyKeyData(); | 571 return Status::ErrorImportEmptyKeyData(); |
382 DCHECK(key); | 572 DCHECK(key); |
383 | 573 |
384 // Parse the incoming JWK JSON. | 574 // Parse the incoming JWK JSON. |
385 base::StringPiece json_string(reinterpret_cast<const char*>(key_data.bytes()), | 575 base::StringPiece json_string(reinterpret_cast<const char*>(key_data.bytes()), |
386 key_data.byte_length()); | 576 key_data.byte_length()); |
387 scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); | 577 scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); |
388 // Note, bare pointer dict_value is ok since it points into scoped value. | 578 // Note, bare pointer dict_value is ok since it points into scoped value. |
389 base::DictionaryValue* dict_value = NULL; | 579 base::DictionaryValue* dict_value = NULL; |
390 if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) | 580 if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) |
391 return Status::ErrorJwkNotDictionary(); | 581 return Status::ErrorJwkNotDictionary(); |
392 | 582 |
393 // JWK "kty". Exit early if this required JWK parameter is missing. | 583 // JWK "kty". Exit early if this required JWK parameter is missing. |
394 std::string jwk_kty_value; | 584 std::string jwk_kty_value; |
395 Status status = GetJwkString(dict_value, "kty", &jwk_kty_value); | 585 Status status = GetJwkString(dict_value, "kty", &jwk_kty_value); |
396 if (status.IsError()) | 586 if (status.IsError()) |
397 return status; | 587 return status; |
398 | 588 |
399 // JWK "extractable" (optional) --> extractable parameter | 589 // JWK "ext" (optional) --> extractable parameter |
400 { | 590 { |
401 bool jwk_extractable_value = false; | 591 bool jwk_ext_value = false; |
402 bool has_jwk_extractable; | 592 bool has_jwk_ext; |
403 status = GetOptionalJwkBool(dict_value, | 593 status = |
404 "extractable", | 594 GetOptionalJwkBool(dict_value, "ext", &jwk_ext_value, &has_jwk_ext); |
405 &jwk_extractable_value, | |
406 &has_jwk_extractable); | |
407 if (status.IsError()) | 595 if (status.IsError()) |
408 return status; | 596 return status; |
409 if (has_jwk_extractable && !jwk_extractable_value && extractable) | 597 if (has_jwk_ext && !jwk_ext_value && extractable) |
410 return Status::ErrorJwkExtractableInconsistent(); | 598 return Status::ErrorJwkExtInconsistent(); |
411 } | 599 } |
412 | 600 |
413 // JWK "alg" (optional) --> algorithm parameter | 601 // JWK "alg" (optional) --> algorithm parameter |
414 // Note: input algorithm is also optional, so we have six cases to handle. | 602 // Note: input algorithm is also optional, so we have six cases to handle. |
415 // 1. JWK alg present but unrecognized: error | 603 // 1. JWK alg present but unrecognized: error |
416 // 2. JWK alg valid AND input algorithm isNull: use JWK value | 604 // 2. JWK alg valid AND input algorithm isNull: use JWK value |
417 // 3. JWK alg valid AND input algorithm specified, but JWK value | 605 // 3. JWK alg valid AND input algorithm specified, but JWK value |
418 // inconsistent with input: error | 606 // inconsistent with input: error |
419 // 4. JWK alg valid AND input algorithm specified, both consistent: use | 607 // 4. JWK alg valid AND input algorithm specified, both consistent: use |
420 // input value (because it has potentially more details) | 608 // input value (because it has potentially more details) |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
453 algorithm = algorithm_or_null; // case 4 | 641 algorithm = algorithm_or_null; // case 4 |
454 } | 642 } |
455 } else { | 643 } else { |
456 // JWK alg missing | 644 // JWK alg missing |
457 if (algorithm_or_null.isNull()) | 645 if (algorithm_or_null.isNull()) |
458 return Status::ErrorJwkAlgorithmMissing(); // case 5 | 646 return Status::ErrorJwkAlgorithmMissing(); // case 5 |
459 algorithm = algorithm_or_null; // case 6 | 647 algorithm = algorithm_or_null; // case 6 |
460 } | 648 } |
461 DCHECK(!algorithm.isNull()); | 649 DCHECK(!algorithm.isNull()); |
462 | 650 |
651 // JWK "key_ops" (optional) --> usage_mask parameter | |
652 base::ListValue* jwk_key_ops_value = NULL; | |
653 bool has_jwk_key_ops; | |
654 status = GetOptionalJwkList( | |
655 dict_value, "key_ops", &jwk_key_ops_value, &has_jwk_key_ops); | |
656 if (status.IsError()) | |
657 return status; | |
658 blink::WebCryptoKeyUsageMask jwk_key_ops_mask = 0; | |
659 if (has_jwk_key_ops) { | |
660 status = | |
661 GetWebCryptoUsagesFromJwkKeyOps(jwk_key_ops_value, &jwk_key_ops_mask); | |
662 if (status.IsError()) | |
663 return status; | |
664 // The input usage_mask must be a subset of jwk_key_ops_mask. | |
665 if (!ContainsKeyUsages(jwk_key_ops_mask, usage_mask)) | |
666 return Status::ErrorJwkKeyopsInconsistent(); | |
667 } | |
668 | |
463 // JWK "use" (optional) --> usage_mask parameter | 669 // JWK "use" (optional) --> usage_mask parameter |
464 std::string jwk_use_value; | 670 std::string jwk_use_value; |
465 bool has_jwk_use; | 671 bool has_jwk_use; |
466 status = | 672 status = |
467 GetOptionalJwkString(dict_value, "use", &jwk_use_value, &has_jwk_use); | 673 GetOptionalJwkString(dict_value, "use", &jwk_use_value, &has_jwk_use); |
468 if (status.IsError()) | 674 if (status.IsError()) |
469 return status; | 675 return status; |
676 blink::WebCryptoKeyUsageMask jwk_use_mask = 0; | |
470 if (has_jwk_use) { | 677 if (has_jwk_use) { |
471 blink::WebCryptoKeyUsageMask jwk_usage_mask = 0; | 678 if (jwk_use_value == "enc") |
472 if (jwk_use_value == "enc") { | 679 jwk_use_mask = kJwkEncUsage; |
473 jwk_usage_mask = | 680 else if (jwk_use_value == "sig") |
474 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; | 681 jwk_use_mask = kJwkSigUsage; |
475 } else if (jwk_use_value == "sig") { | 682 else |
476 jwk_usage_mask = | 683 return Status::ErrorJwkUnrecognizedUse(); |
477 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | 684 // The input usage_mask must be a subset of jwk_use_mask. |
478 } else if (jwk_use_value == "wrap") { | 685 if (!ContainsKeyUsages(jwk_use_mask, usage_mask)) |
479 jwk_usage_mask = | 686 return Status::ErrorJwkUseInconsistent(); |
480 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey; | |
481 } else { | |
482 return Status::ErrorJwkUnrecognizedUsage(); | |
483 } | |
484 if ((jwk_usage_mask & usage_mask) != usage_mask) { | |
485 // A usage_mask must be a subset of jwk_usage_mask. | |
486 return Status::ErrorJwkUsageInconsistent(); | |
487 } | |
488 } | 687 } |
489 | 688 |
689 // If both 'key_ops' and 'use' are present, ensure they are consistent. | |
690 if (has_jwk_key_ops && has_jwk_use && | |
691 !ContainsKeyUsages(jwk_use_mask, jwk_key_ops_mask)) | |
692 return Status::ErrorJwkUseAndKeyopsInconsistent(); | |
693 | |
490 // JWK keying material --> ImportKeyInternal() | 694 // JWK keying material --> ImportKeyInternal() |
491 if (jwk_kty_value == "oct") { | 695 if (jwk_kty_value == "oct") { |
492 | 696 |
493 std::string jwk_k_value; | 697 std::string jwk_k_value; |
494 status = GetJwkBytes(dict_value, "k", &jwk_k_value); | 698 status = GetJwkBytes(dict_value, "k", &jwk_k_value); |
495 if (status.IsError()) | 699 if (status.IsError()) |
496 return status; | 700 return status; |
497 | 701 |
498 // Some JWK alg ID's embed information about the key length in the alg ID | 702 // Some JWK alg ID's embed information about the key length in the alg ID |
499 // string. For example "A128CBC" implies the JWK carries 128 bits | 703 // string. For example "A128CBC" implies the JWK carries 128 bits |
(...skipping 42 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
542 CryptoData(jwk_e_value), | 746 CryptoData(jwk_e_value), |
543 key); | 747 key); |
544 | 748 |
545 } else { | 749 } else { |
546 return Status::ErrorJwkUnrecognizedKty(); | 750 return Status::ErrorJwkUnrecognizedKty(); |
547 } | 751 } |
548 | 752 |
549 return Status::Success(); | 753 return Status::Success(); |
550 } | 754 } |
551 | 755 |
756 Status ExportKeyJwk(const blink::WebCryptoKey& key, | |
757 blink::WebArrayBuffer* buffer) { | |
758 base::DictionaryValue jwk_dict; | |
759 Status status = Status::Error(); | |
760 blink::WebArrayBuffer exported_key; | |
761 | |
762 if (key.type() == blink::WebCryptoKeyTypeSecret) { | |
763 status = ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key); | |
764 if (status.IsError()) | |
765 return status; | |
766 WriteSecretKey(exported_key, &jwk_dict); | |
767 } else { | |
768 // TODO(padolph): Handle asymmetric keys, at least the public key. | |
769 return Status::ErrorUnsupported(); | |
770 } | |
771 | |
772 WriteKeyOps(key.usages(), &jwk_dict); | |
773 WriteExt(key.extractable(), &jwk_dict); | |
774 status = WriteAlg(key.algorithm(), exported_key.byteLength(), &jwk_dict); | |
775 if (status.IsError()) | |
776 return status; | |
777 | |
778 std::string json; | |
779 base::JSONWriter::Write(&jwk_dict, &json); | |
780 *buffer = webcrypto::CreateArrayBuffer( | |
eroman
2014/03/10 21:55:34
no need for "webcrypto::" prefix
padolph
2014/03/11 01:27:53
Done.
| |
781 reinterpret_cast<const uint8*>(json.data()), json.size()); | |
782 return Status::Success(); | |
783 } | |
784 | |
552 } // namespace webcrypto | 785 } // namespace webcrypto |
553 | 786 |
554 } // namespace content | 787 } // namespace content |
OLD | NEW |