content/child/webcrypto/platform_crypto_nss.cc - Issue 184043021: [webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys

Side by Side Diff: content/child/webcrypto/platform_crypto_nss.cc

Issue 184043021: [webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@wcAesKw_nss1

Patch Set: rebase Created 6 years, 9 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/child/webcrypto/platform_crypto.h"	5 #include "content/child/webcrypto/platform_crypto.h"

6	6

7 #include <cryptohi.h>	7 #include <cryptohi.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9 #include <sechash.h>	9 #include <sechash.h>

10	10

(...skipping 1185 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1196 return Status::ErrorUnexpected();	1196 return Status::ErrorUnexpected();

1197	1197

1198 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()),	1198 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()),

1199 blink::WebCryptoKeyTypeSecret,	1199 blink::WebCryptoKeyTypeSecret,

1200 extractable,	1200 extractable,

1201 key_algorithm,	1201 key_algorithm,

1202 usage_mask);	1202 usage_mask);

1203 return Status::Success();	1203 return Status::Success();

1204 }	1204 }

1205	1205

1206 Status WrapSymKeyAesKw(SymKey* wrapping_key,
eroman 2014/03/10 21:55:34 IMPORTANT: Why is this showing as removed? IMPORTANT: Why is this showing as removed? padolph 2014/03/11 01:27:53 This was a rebase problem that unfortunately got u Show quoted text On 2014/03/10 21:55:34, eroman wrote: > IMPORTANT: Why is this showing as removed? This was a rebase problem that unfortunately got uploaded. This deleted code is an old copy of the same functions that are already in the file, above here. Sorry for the confusion.
1207 SymKey* key,

1208 blink::WebArrayBuffer* buffer) {

1209 // The data size must be at least 16 bytes and a multiple of 8 bytes.

1210 // RFC 3394 does not specify a maximum allowed data length, but since only

1211 // keys are being wrapped in this application (which are small), a reasonable

1212 // max limit is whatever will fit into an unsigned. For the max size test,

1213 // note that AES Key Wrap always adds 8 bytes to the input data size.

1214 const unsigned int input_length = PK11_GetKeyLength(key->key());

1215 if (input_length < 16)

1216 return Status::ErrorDataTooSmall();

1217 if (input_length > UINT_MAX - 8)

1218 return Status::ErrorDataTooLarge();

1219 if (input_length % 8)

1220 return Status::ErrorInvalidAesKwDataLength();

1221

1222 SECItem iv_item =

1223 MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv)));

1224 crypto::ScopedSECItem param_item(

1225 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item));

1226 if (!param_item)

1227 return Status::ErrorUnexpected();

1228

1229 const unsigned int output_length = input_length + 8;

1230 *buffer = blink::WebArrayBuffer::create(output_length, 1);

1231 unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data());

1232 SECItem wrapped_key_item = {siBuffer, buffer_data, output_length};

1233

1234 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP,

1235 param_item.get(),

1236 wrapping_key->key(),

1237 key->key(),

1238 &wrapped_key_item)) {

1239 return Status::Error();

1240 }

1241 if (output_length != wrapped_key_item.len)

1242 return Status::ErrorUnexpected();

1243

1244 return Status::Success();

1245 }

1246

1247 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data,

1248 SymKey* wrapping_key,

1249 const blink::WebCryptoAlgorithm& algorithm,

1250 bool extractable,

1251 blink::WebCryptoKeyUsageMask usage_mask,

1252 blink::WebCryptoKey* key) {

1253 DCHECK(wrapped_key_data.byte_length() >= 24);

1254 DCHECK(wrapped_key_data.byte_length() % 8 == 0);

1255

1256 SECItem iv_item =

1257 MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv)));

1258 crypto::ScopedSECItem param_item(

1259 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item));

1260 if (!param_item)

1261 return Status::ErrorUnexpected();

1262

1263 SECItem cipher_text = MakeSECItemForBuffer(wrapped_key_data);

1264

1265 // The plaintext length is always 64 bits less than the data size.

1266 const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8;

1267

1268 // Determine the proper NSS key properties from the input algorithm.

1269 CK_MECHANISM_TYPE mechanism;

1270 CK_FLAGS flags;

1271 Status status =

1272 WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags);

1273 if (status.IsError())

1274 return status;

1275

1276 crypto::ScopedPK11SymKey unwrapped_key(PK11_UnwrapSymKey(wrapping_key->key(),

1277 CKM_NSS_AES_KEY_WRAP,

1278 param_item.get(),

1279 &cipher_text,

1280 mechanism,

1281 flags,

1282 plaintext_length));

1283 if (!unwrapped_key)

1284 return Status::Error();

1285

1286 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()),

1287 blink::WebCryptoKeyTypeSecret,

1288 extractable,

1289 algorithm,

1290 usage_mask);

1291 return Status::Success();

1292 }

1293

1294 } // namespace platform	1206 } // namespace platform

1295	1207

1296 } // namespace webcrypto	1208 } // namespace webcrypto

1297	1209

1298 } // namespace content	1210 } // namespace content

OLD	NEW

« content/child/webcrypto/jwk.cc ('K') | « content/child/webcrypto/jwk.cc ('k') | content/child/webcrypto/shared_crypto.h » ('j') | content/child/webcrypto/shared_crypto_unittest.cc » ('J')