[webcrypto] Add raw symmetric key RSAES-PKCS1-v1_5 wrap/unwrap for NSS.

content/renderer/webcrypto/shared_crypto.cc

Index: content/renderer/webcrypto/shared_crypto.cc
diff --git a/content/renderer/webcrypto/shared_crypto.cc b/content/renderer/webcrypto/shared_crypto.cc
index 1428f541760ab871c9f118e6751c36f84bd5ee73..e1f9bd22b72815a7897229248f02d697a6aa84d3 100644
--- a/content/renderer/webcrypto/shared_crypto.cc
+++ b/content/renderer/webcrypto/shared_crypto.cc
@@ -497,20 +497,31 @@ Status WrapKey(blink::WebCryptoKeyFormat format,
   if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret)
     return Status::ErrorUnsupported();
 
-  platform::SymKey* platform_wrapping_key;
-  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-  if (status.IsError())
-    return status;
   platform::SymKey* platform_key;
-  status = ToPlatformSymKey(key_to_wrap, &platform_key);
+  Status status = ToPlatformSymKey(key_to_wrap, &platform_key);
   if (status.IsError())
     return status;
 
   // TODO(padolph): Handle other wrapping algorithms
   switch (wrapping_algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesKw:
+    case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
       return platform::WrapSymKeyAesKw(
           platform_wrapping_key, platform_key, buffer);
+    }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      if (wrapping_key.type() != blink::WebCryptoKeyTypePublic)

[eroman, 2014/03/06 04:31:16]

This extra check shouldn't be necessary (ToPlatformPubKey() already does it)

[padolph, 2014/03/10 19:02:54]

Done.

+        return Status::Error();
+      platform::PublicKey* platform_wrapping_key;
+      status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::WrapSymKeyRsaEs(
+          platform_wrapping_key, platform_key, buffer);
+    }
     default:
       return Status::ErrorUnsupported();
   }
@@ -537,14 +548,13 @@ Status UnwrapKey(blink::WebCryptoKeyFormat format,
   if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull())
     return Status::ErrorMissingAlgorithmUnwrapRawKey();
 
-  platform::SymKey* platform_wrapping_key;
-  Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-  if (status.IsError())
-    return status;
-
   // TODO(padolph): Handle other wrapping algorithms
   switch (wrapping_algorithm.id()) {
     case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
       // AES-KW requires the wrapped key data size must be at least 24 bytes and
       // also a multiple of 8 bytes.
       if (wrapped_key_data.byte_length() < 24)
@@ -558,6 +568,21 @@ Status UnwrapKey(blink::WebCryptoKeyFormat format,
                                          usage_mask,
                                          key);
     }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      if (wrapping_key.type() != blink::WebCryptoKeyTypePrivate)

[eroman, 2014/03/06 04:31:16]

Same here

[padolph, 2014/03/10 19:02:54]

Done.

+        return Status::Error();
+      platform::PrivateKey* platform_wrapping_key;
+      Status status =
+          ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::UnwrapSymKeyRsaEs(wrapped_key_data,
+                                         platform_wrapping_key,
+                                         algorithm_or_null,
+                                         extractable,
+                                         usage_mask,
+                                         key);
+    }
     default:
       return Status::ErrorUnsupported();
   }