OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/shared_crypto.h" | 5 #include "content/renderer/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/renderer/webcrypto/crypto_data.h" | 8 #include "content/renderer/webcrypto/crypto_data.h" |
9 #include "content/renderer/webcrypto/platform_crypto.h" | 9 #include "content/renderer/webcrypto/platform_crypto.h" |
10 #include "content/renderer/webcrypto/webcrypto_util.h" | 10 #include "content/renderer/webcrypto/webcrypto_util.h" |
(...skipping 479 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
490 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 490 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
491 return Status::ErrorUnexpected(); | 491 return Status::ErrorUnexpected(); |
492 | 492 |
493 // TODO (padolph): Handle formats other than raw | 493 // TODO (padolph): Handle formats other than raw |
494 if (format != blink::WebCryptoKeyFormatRaw) | 494 if (format != blink::WebCryptoKeyFormatRaw) |
495 return Status::ErrorUnsupported(); | 495 return Status::ErrorUnsupported(); |
496 // TODO (padolph): Handle key-to-wrap types other than secret/symmetric | 496 // TODO (padolph): Handle key-to-wrap types other than secret/symmetric |
497 if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) | 497 if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) |
498 return Status::ErrorUnsupported(); | 498 return Status::ErrorUnsupported(); |
499 | 499 |
500 platform::SymKey* platform_wrapping_key; | |
501 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
502 if (status.IsError()) | |
503 return status; | |
504 platform::SymKey* platform_key; | 500 platform::SymKey* platform_key; |
505 status = ToPlatformSymKey(key_to_wrap, &platform_key); | 501 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
506 if (status.IsError()) | 502 if (status.IsError()) |
507 return status; | 503 return status; |
508 | 504 |
509 // TODO(padolph): Handle other wrapping algorithms | 505 // TODO(padolph): Handle other wrapping algorithms |
510 switch (wrapping_algorithm.id()) { | 506 switch (wrapping_algorithm.id()) { |
511 case blink::WebCryptoAlgorithmIdAesKw: | 507 case blink::WebCryptoAlgorithmIdAesKw: { |
508 platform::SymKey* platform_wrapping_key; | |
509 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
510 if (status.IsError()) | |
511 return status; | |
512 return platform::WrapSymKeyAesKw( | 512 return platform::WrapSymKeyAesKw( |
513 platform_wrapping_key, platform_key, buffer); | 513 platform_wrapping_key, platform_key, buffer); |
514 } | |
515 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
516 if (wrapping_key.type() != blink::WebCryptoKeyTypePublic) | |
eroman
2014/03/06 04:31:16
This extra check shouldn't be necessary (ToPlatfor
padolph
2014/03/10 19:02:54
Done.
| |
517 return Status::Error(); | |
518 platform::PublicKey* platform_wrapping_key; | |
519 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); | |
520 if (status.IsError()) | |
521 return status; | |
522 return platform::WrapSymKeyRsaEs( | |
523 platform_wrapping_key, platform_key, buffer); | |
524 } | |
514 default: | 525 default: |
515 return Status::ErrorUnsupported(); | 526 return Status::ErrorUnsupported(); |
516 } | 527 } |
517 } | 528 } |
518 | 529 |
519 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 530 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
520 const CryptoData& wrapped_key_data, | 531 const CryptoData& wrapped_key_data, |
521 const blink::WebCryptoKey& wrapping_key, | 532 const blink::WebCryptoKey& wrapping_key, |
522 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 533 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
523 const blink::WebCryptoAlgorithm& algorithm_or_null, | 534 const blink::WebCryptoAlgorithm& algorithm_or_null, |
524 bool extractable, | 535 bool extractable, |
525 blink::WebCryptoKeyUsageMask usage_mask, | 536 blink::WebCryptoKeyUsageMask usage_mask, |
526 blink::WebCryptoKey* key) { | 537 blink::WebCryptoKey* key) { |
527 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 538 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
528 return Status::ErrorUnexpected(); | 539 return Status::ErrorUnexpected(); |
529 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 540 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
530 return Status::ErrorUnexpected(); | 541 return Status::ErrorUnexpected(); |
531 | 542 |
532 // TODO(padolph): Handle formats other than raw | 543 // TODO(padolph): Handle formats other than raw |
533 if (format != blink::WebCryptoKeyFormatRaw) | 544 if (format != blink::WebCryptoKeyFormatRaw) |
534 return Status::ErrorUnsupported(); | 545 return Status::ErrorUnsupported(); |
535 | 546 |
536 // Must provide an algorithm when unwrapping a raw key | 547 // Must provide an algorithm when unwrapping a raw key |
537 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) | 548 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) |
538 return Status::ErrorMissingAlgorithmUnwrapRawKey(); | 549 return Status::ErrorMissingAlgorithmUnwrapRawKey(); |
539 | 550 |
540 platform::SymKey* platform_wrapping_key; | |
541 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
542 if (status.IsError()) | |
543 return status; | |
544 | |
545 // TODO(padolph): Handle other wrapping algorithms | 551 // TODO(padolph): Handle other wrapping algorithms |
546 switch (wrapping_algorithm.id()) { | 552 switch (wrapping_algorithm.id()) { |
547 case blink::WebCryptoAlgorithmIdAesKw: { | 553 case blink::WebCryptoAlgorithmIdAesKw: { |
554 platform::SymKey* platform_wrapping_key; | |
555 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | |
556 if (status.IsError()) | |
557 return status; | |
548 // AES-KW requires the wrapped key data size must be at least 24 bytes and | 558 // AES-KW requires the wrapped key data size must be at least 24 bytes and |
549 // also a multiple of 8 bytes. | 559 // also a multiple of 8 bytes. |
550 if (wrapped_key_data.byte_length() < 24) | 560 if (wrapped_key_data.byte_length() < 24) |
551 return Status::ErrorDataTooSmall(); | 561 return Status::ErrorDataTooSmall(); |
552 if (wrapped_key_data.byte_length() % 8) | 562 if (wrapped_key_data.byte_length() % 8) |
553 return Status::ErrorInvalidAesKwDataLength(); | 563 return Status::ErrorInvalidAesKwDataLength(); |
554 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 564 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
555 platform_wrapping_key, | 565 platform_wrapping_key, |
556 algorithm_or_null, | 566 algorithm_or_null, |
557 extractable, | 567 extractable, |
558 usage_mask, | 568 usage_mask, |
559 key); | 569 key); |
560 } | 570 } |
571 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
572 if (wrapping_key.type() != blink::WebCryptoKeyTypePrivate) | |
eroman
2014/03/06 04:31:16
Same here
padolph
2014/03/10 19:02:54
Done.
| |
573 return Status::Error(); | |
574 platform::PrivateKey* platform_wrapping_key; | |
575 Status status = | |
576 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); | |
577 if (status.IsError()) | |
578 return status; | |
579 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, | |
580 platform_wrapping_key, | |
581 algorithm_or_null, | |
582 extractable, | |
583 usage_mask, | |
584 key); | |
585 } | |
561 default: | 586 default: |
562 return Status::ErrorUnsupported(); | 587 return Status::ErrorUnsupported(); |
563 } | 588 } |
564 } | 589 } |
565 | 590 |
566 } // namespace webcrypto | 591 } // namespace webcrypto |
567 | 592 |
568 } // namespace content | 593 } // namespace content |
OLD | NEW |