Chromium Code Reviews Chromium Code Reviews
Issue 184043021:
[webcrypto] JWK: Updated import(ext, key_ops) and added export of symmetric keys (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@wcAesKw_nss1| Index: content/child/webcrypto/platform_crypto_nss.cc |
| diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc |
| index 8a66a828e8127c1cbece0a96a26ab9dd97f0db33..4cc6cb117b3013060dedc1183fdf486728c916f9 100644 |
| --- a/content/child/webcrypto/platform_crypto_nss.cc |
| +++ b/content/child/webcrypto/platform_crypto_nss.cc |
| @@ -1203,94 +1203,6 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| return Status::Success(); |
| } |
| -Status WrapSymKeyAesKw(SymKey* wrapping_key, |
|
eroman
2014/03/10 21:55:34
IMPORTANT: Why is this showing as removed?
padolph
2014/03/11 01:27:53
This was a rebase problem that unfortunately got u
|
| - SymKey* key, |
| - blink::WebArrayBuffer* buffer) { |
| - // The data size must be at least 16 bytes and a multiple of 8 bytes. |
| - // RFC 3394 does not specify a maximum allowed data length, but since only |
| - // keys are being wrapped in this application (which are small), a reasonable |
| - // max limit is whatever will fit into an unsigned. For the max size test, |
| - // note that AES Key Wrap always adds 8 bytes to the input data size. |
| - const unsigned int input_length = PK11_GetKeyLength(key->key()); |
| - if (input_length < 16) |
| - return Status::ErrorDataTooSmall(); |
| - if (input_length > UINT_MAX - 8) |
| - return Status::ErrorDataTooLarge(); |
| - if (input_length % 8) |
| - return Status::ErrorInvalidAesKwDataLength(); |
| - |
| - SECItem iv_item = |
| - MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
| - crypto::ScopedSECItem param_item( |
| - PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
| - if (!param_item) |
| - return Status::ErrorUnexpected(); |
| - |
| - const unsigned int output_length = input_length + 8; |
| - *buffer = blink::WebArrayBuffer::create(output_length, 1); |
| - unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
| - SECItem wrapped_key_item = {siBuffer, buffer_data, output_length}; |
| - |
| - if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
| - param_item.get(), |
| - wrapping_key->key(), |
| - key->key(), |
| - &wrapped_key_item)) { |
| - return Status::Error(); |
| - } |
| - if (output_length != wrapped_key_item.len) |
| - return Status::ErrorUnexpected(); |
| - |
| - return Status::Success(); |
| -} |
| - |
| -Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| - SymKey* wrapping_key, |
| - const blink::WebCryptoAlgorithm& algorithm, |
| - bool extractable, |
| - blink::WebCryptoKeyUsageMask usage_mask, |
| - blink::WebCryptoKey* key) { |
| - DCHECK(wrapped_key_data.byte_length() >= 24); |
| - DCHECK(wrapped_key_data.byte_length() % 8 == 0); |
| - |
| - SECItem iv_item = |
| - MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
| - crypto::ScopedSECItem param_item( |
| - PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
| - if (!param_item) |
| - return Status::ErrorUnexpected(); |
| - |
| - SECItem cipher_text = MakeSECItemForBuffer(wrapped_key_data); |
| - |
| - // The plaintext length is always 64 bits less than the data size. |
| - const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8; |
| - |
| - // Determine the proper NSS key properties from the input algorithm. |
| - CK_MECHANISM_TYPE mechanism; |
| - CK_FLAGS flags; |
| - Status status = |
| - WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
| - if (status.IsError()) |
| - return status; |
| - |
| - crypto::ScopedPK11SymKey unwrapped_key(PK11_UnwrapSymKey(wrapping_key->key(), |
| - CKM_NSS_AES_KEY_WRAP, |
| - param_item.get(), |
| - &cipher_text, |
| - mechanism, |
| - flags, |
| - plaintext_length)); |
| - if (!unwrapped_key) |
| - return Status::Error(); |
| - |
| - *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
| - blink::WebCryptoKeyTypeSecret, |
| - extractable, |
| - algorithm, |
| - usage_mask); |
| - return Status::Success(); |
| -} |
| - |
| } // namespace platform |
| } // namespace webcrypto |
