[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS.

content/renderer/webcrypto/shared_crypto.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/shared_crypto.h"
 
 #include "base/logging.h"
 #include "content/renderer/webcrypto/crypto_data.h"
 #include "content/renderer/webcrypto/platform_crypto.h"
 #include "content/renderer/webcrypto/webcrypto_util.h"
@@ skipping 479 matching lines @@
   if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
     return Status::ErrorUnexpected();
 
   // TODO (padolph): Handle formats other than raw
   if (format != blink::WebCryptoKeyFormatRaw)
     return Status::ErrorUnsupported();
   // TODO (padolph): Handle key-to-wrap types other than secret/symmetric
   if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret)
     return Status::ErrorUnsupported();
 
-  platform::SymKey* platform_wrapping_key;
-  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-  if (status.IsError())
-    return status;
   platform::SymKey* platform_key;
-  status = ToPlatformSymKey(key_to_wrap, &platform_key);
+  Status status = ToPlatformSymKey(key_to_wrap, &platform_key);
   if (status.IsError())
     return status;
 
   // TODO(padolph): Handle other wrapping algorithms
   switch (wrapping_algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesKw:
+    case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
       return platform::WrapSymKeyAesKw(
           platform_wrapping_key, platform_key, buffer);
+    }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      if (wrapping_key.type() != blink::WebCryptoKeyTypePublic)

[eroman, 2014/03/06 04:31:16]

This extra check shouldn't be necessary (ToPlatformPubKey() already does it)

[padolph, 2014/03/10 19:02:54]

Done.

+        return Status::Error();
+      platform::PublicKey* platform_wrapping_key;
+      status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::WrapSymKeyRsaEs(
+          platform_wrapping_key, platform_key, buffer);
+    }
     default:
       return Status::ErrorUnsupported();
   }
 }
 
 Status UnwrapKey(blink::WebCryptoKeyFormat format,
                  const CryptoData& wrapped_key_data,
                  const blink::WebCryptoKey& wrapping_key,
                  const blink::WebCryptoAlgorithm& wrapping_algorithm,
                  const blink::WebCryptoAlgorithm& algorithm_or_null,
                  bool extractable,
                  blink::WebCryptoKeyUsageMask usage_mask,
                  blink::WebCryptoKey* key) {
   if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
     return Status::ErrorUnexpected();
   if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
     return Status::ErrorUnexpected();
 
   // TODO(padolph): Handle formats other than raw
   if (format != blink::WebCryptoKeyFormatRaw)
     return Status::ErrorUnsupported();
 
   // Must provide an algorithm when unwrapping a raw key
   if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull())
     return Status::ErrorMissingAlgorithmUnwrapRawKey();
 
-  platform::SymKey* platform_wrapping_key;
-  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-  if (status.IsError())
-    return status;
-
   // TODO(padolph): Handle other wrapping algorithms
   switch (wrapping_algorithm.id()) {
     case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
       // AES-KW requires the wrapped key data size must be at least 24 bytes and
       // also a multiple of 8 bytes.
       if (wrapped_key_data.byte_length() < 24)
         return Status::ErrorDataTooSmall();
       if (wrapped_key_data.byte_length() % 8)
         return Status::ErrorInvalidAesKwDataLength();
       return platform::UnwrapSymKeyAesKw(wrapped_key_data,
                                          platform_wrapping_key,
                                          algorithm_or_null,
                                          extractable,
                                          usage_mask,
                                          key);
     }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      if (wrapping_key.type() != blink::WebCryptoKeyTypePrivate)

[eroman, 2014/03/06 04:31:16]

Same here

[padolph, 2014/03/10 19:02:54]

Done.

+        return Status::Error();
+      platform::PrivateKey* platform_wrapping_key;
+      Status status =
+          ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::UnwrapSymKeyRsaEs(wrapped_key_data,
+                                         platform_wrapping_key,
+                                         algorithm_or_null,
+                                         extractable,
+                                         usage_mask,
+                                         key);
+    }
     default:
       return Status::ErrorUnsupported();
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content