Index: content/child/webcrypto/platform_crypto_nss.cc |
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc |
index 8a66a828e8127c1cbece0a96a26ab9dd97f0db33..4cc6cb117b3013060dedc1183fdf486728c916f9 100644 |
--- a/content/child/webcrypto/platform_crypto_nss.cc |
+++ b/content/child/webcrypto/platform_crypto_nss.cc |
@@ -1203,94 +1203,6 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
return Status::Success(); |
} |
-Status WrapSymKeyAesKw(SymKey* wrapping_key, |
eroman
2014/03/10 21:55:34
IMPORTANT: Why is this showing as removed?
padolph
2014/03/11 01:27:53
This was a rebase problem that unfortunately got u
|
- SymKey* key, |
- blink::WebArrayBuffer* buffer) { |
- // The data size must be at least 16 bytes and a multiple of 8 bytes. |
- // RFC 3394 does not specify a maximum allowed data length, but since only |
- // keys are being wrapped in this application (which are small), a reasonable |
- // max limit is whatever will fit into an unsigned. For the max size test, |
- // note that AES Key Wrap always adds 8 bytes to the input data size. |
- const unsigned int input_length = PK11_GetKeyLength(key->key()); |
- if (input_length < 16) |
- return Status::ErrorDataTooSmall(); |
- if (input_length > UINT_MAX - 8) |
- return Status::ErrorDataTooLarge(); |
- if (input_length % 8) |
- return Status::ErrorInvalidAesKwDataLength(); |
- |
- SECItem iv_item = |
- MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
- crypto::ScopedSECItem param_item( |
- PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
- if (!param_item) |
- return Status::ErrorUnexpected(); |
- |
- const unsigned int output_length = input_length + 8; |
- *buffer = blink::WebArrayBuffer::create(output_length, 1); |
- unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
- SECItem wrapped_key_item = {siBuffer, buffer_data, output_length}; |
- |
- if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
- param_item.get(), |
- wrapping_key->key(), |
- key->key(), |
- &wrapped_key_item)) { |
- return Status::Error(); |
- } |
- if (output_length != wrapped_key_item.len) |
- return Status::ErrorUnexpected(); |
- |
- return Status::Success(); |
-} |
- |
-Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
- SymKey* wrapping_key, |
- const blink::WebCryptoAlgorithm& algorithm, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- blink::WebCryptoKey* key) { |
- DCHECK(wrapped_key_data.byte_length() >= 24); |
- DCHECK(wrapped_key_data.byte_length() % 8 == 0); |
- |
- SECItem iv_item = |
- MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); |
- crypto::ScopedSECItem param_item( |
- PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
- if (!param_item) |
- return Status::ErrorUnexpected(); |
- |
- SECItem cipher_text = MakeSECItemForBuffer(wrapped_key_data); |
- |
- // The plaintext length is always 64 bits less than the data size. |
- const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8; |
- |
- // Determine the proper NSS key properties from the input algorithm. |
- CK_MECHANISM_TYPE mechanism; |
- CK_FLAGS flags; |
- Status status = |
- WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
- if (status.IsError()) |
- return status; |
- |
- crypto::ScopedPK11SymKey unwrapped_key(PK11_UnwrapSymKey(wrapping_key->key(), |
- CKM_NSS_AES_KEY_WRAP, |
- param_item.get(), |
- &cipher_text, |
- mechanism, |
- flags, |
- plaintext_length)); |
- if (!unwrapped_key) |
- return Status::Error(); |
- |
- *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
- blink::WebCryptoKeyTypeSecret, |
- extractable, |
- algorithm, |
- usage_mask); |
- return Status::Success(); |
-} |
- |
} // namespace platform |
} // namespace webcrypto |