OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/platform_crypto.h" | 9 #include "content/child/webcrypto/platform_crypto.h" |
10 #include "content/child/webcrypto/webcrypto_util.h" | 10 #include "content/child/webcrypto/webcrypto_util.h" |
(...skipping 486 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
497 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 497 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
498 return Status::ErrorUnexpected(); | 498 return Status::ErrorUnexpected(); |
499 | 499 |
500 // TODO (padolph): Handle formats other than raw | 500 // TODO (padolph): Handle formats other than raw |
501 if (format != blink::WebCryptoKeyFormatRaw) | 501 if (format != blink::WebCryptoKeyFormatRaw) |
502 return Status::ErrorUnsupported(); | 502 return Status::ErrorUnsupported(); |
503 // TODO (padolph): Handle key-to-wrap types other than secret/symmetric | 503 // TODO (padolph): Handle key-to-wrap types other than secret/symmetric |
504 if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) | 504 if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) |
505 return Status::ErrorUnsupported(); | 505 return Status::ErrorUnsupported(); |
506 | 506 |
507 platform::SymKey* platform_wrapping_key; | |
508 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
509 if (status.IsError()) | |
510 return status; | |
511 platform::SymKey* platform_key; | 507 platform::SymKey* platform_key; |
512 status = ToPlatformSymKey(key_to_wrap, &platform_key); | 508 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
513 if (status.IsError()) | 509 if (status.IsError()) |
514 return status; | 510 return status; |
515 | 511 |
516 // TODO(padolph): Handle other wrapping algorithms | 512 // TODO(padolph): Handle other wrapping algorithms |
517 switch (wrapping_algorithm.id()) { | 513 switch (wrapping_algorithm.id()) { |
518 case blink::WebCryptoAlgorithmIdAesKw: | 514 case blink::WebCryptoAlgorithmIdAesKw: { |
| 515 platform::SymKey* platform_wrapping_key; |
| 516 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 517 if (status.IsError()) |
| 518 return status; |
519 return platform::WrapSymKeyAesKw( | 519 return platform::WrapSymKeyAesKw( |
520 platform_wrapping_key, platform_key, buffer); | 520 platform_wrapping_key, platform_key, buffer); |
| 521 } |
| 522 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
| 523 platform::PublicKey* platform_wrapping_key; |
| 524 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); |
| 525 if (status.IsError()) |
| 526 return status; |
| 527 return platform::WrapSymKeyRsaEs( |
| 528 platform_wrapping_key, platform_key, buffer); |
| 529 } |
521 default: | 530 default: |
522 return Status::ErrorUnsupported(); | 531 return Status::ErrorUnsupported(); |
523 } | 532 } |
524 } | 533 } |
525 | 534 |
526 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 535 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
527 const CryptoData& wrapped_key_data, | 536 const CryptoData& wrapped_key_data, |
528 const blink::WebCryptoKey& wrapping_key, | 537 const blink::WebCryptoKey& wrapping_key, |
529 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 538 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
530 const blink::WebCryptoAlgorithm& algorithm_or_null, | 539 const blink::WebCryptoAlgorithm& algorithm_or_null, |
531 bool extractable, | 540 bool extractable, |
532 blink::WebCryptoKeyUsageMask usage_mask, | 541 blink::WebCryptoKeyUsageMask usage_mask, |
533 blink::WebCryptoKey* key) { | 542 blink::WebCryptoKey* key) { |
534 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 543 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
535 return Status::ErrorUnexpected(); | 544 return Status::ErrorUnexpected(); |
536 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 545 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
537 return Status::ErrorUnexpected(); | 546 return Status::ErrorUnexpected(); |
538 | 547 |
539 // TODO(padolph): Handle formats other than raw | 548 // TODO(padolph): Handle formats other than raw |
540 if (format != blink::WebCryptoKeyFormatRaw) | 549 if (format != blink::WebCryptoKeyFormatRaw) |
541 return Status::ErrorUnsupported(); | 550 return Status::ErrorUnsupported(); |
542 | 551 |
543 // Must provide an algorithm when unwrapping a raw key | 552 // Must provide an algorithm when unwrapping a raw key |
544 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) | 553 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) |
545 return Status::ErrorMissingAlgorithmUnwrapRawKey(); | 554 return Status::ErrorMissingAlgorithmUnwrapRawKey(); |
546 | 555 |
547 platform::SymKey* platform_wrapping_key; | |
548 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
549 if (status.IsError()) | |
550 return status; | |
551 | |
552 // TODO(padolph): Handle other wrapping algorithms | 556 // TODO(padolph): Handle other wrapping algorithms |
553 switch (wrapping_algorithm.id()) { | 557 switch (wrapping_algorithm.id()) { |
554 case blink::WebCryptoAlgorithmIdAesKw: { | 558 case blink::WebCryptoAlgorithmIdAesKw: { |
| 559 platform::SymKey* platform_wrapping_key; |
| 560 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 561 if (status.IsError()) |
| 562 return status; |
555 // AES-KW requires the wrapped key data size must be at least 24 bytes and | 563 // AES-KW requires the wrapped key data size must be at least 24 bytes and |
556 // also a multiple of 8 bytes. | 564 // also a multiple of 8 bytes. |
557 if (wrapped_key_data.byte_length() < 24) | 565 if (wrapped_key_data.byte_length() < 24) |
558 return Status::ErrorDataTooSmall(); | 566 return Status::ErrorDataTooSmall(); |
559 if (wrapped_key_data.byte_length() % 8) | 567 if (wrapped_key_data.byte_length() % 8) |
560 return Status::ErrorInvalidAesKwDataLength(); | 568 return Status::ErrorInvalidAesKwDataLength(); |
561 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 569 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
562 platform_wrapping_key, | 570 platform_wrapping_key, |
563 algorithm_or_null, | 571 algorithm_or_null, |
564 extractable, | 572 extractable, |
565 usage_mask, | 573 usage_mask, |
566 key); | 574 key); |
567 } | 575 } |
| 576 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
| 577 platform::PrivateKey* platform_wrapping_key; |
| 578 Status status = |
| 579 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); |
| 580 if (status.IsError()) |
| 581 return status; |
| 582 if (!wrapped_key_data.byte_length()) |
| 583 return Status::ErrorDataTooSmall(); |
| 584 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, |
| 585 platform_wrapping_key, |
| 586 algorithm_or_null, |
| 587 extractable, |
| 588 usage_mask, |
| 589 key); |
| 590 } |
568 default: | 591 default: |
569 return Status::ErrorUnsupported(); | 592 return Status::ErrorUnsupported(); |
570 } | 593 } |
571 } | 594 } |
572 | 595 |
573 } // namespace webcrypto | 596 } // namespace webcrypto |
574 | 597 |
575 } // namespace content | 598 } // namespace content |
OLD | NEW |