[webcrypto] Implement structured clone of keys (blink-side).

Source/bindings/v8/SerializedScriptValue.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 11 matching lines @@
  * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "bindings/v8/SerializedScriptValue.h"

[jsbell, 2014/03/13 20:16:07]

You'll want to bump the wire format version in SerializedScriptValue.h which
defends against version skew (trying to read data written by v.5 with v.4 code,
for example.).

[eroman, 2014/03/14 05:24:33]

Done.

However I believe reading this with v4 would be safe -- since the CryptoKeyTag
would be unrecognized by v4, it would simply fail deserialization by virtue of
not finding a matching tag.

Similarly if I extend the enums setup in this changelist to add new algorithm
IDs, will that require bumping the version? (it should fail gracefully).

Thanks

[jsbell, 2014/03/14 16:33:46]

Safe for the browser, but a web app that wrote data won't get the same data back
when it reads; since we're dealing with the user's persisted data, subtle
corruption like that is bad. We actually persist the wire format version in the
database and refuse to open it if a user has gone "back in time" to an older
version. Yeah, not a supported scenario, but we still got bug reports, so we try
and defend against it.
Ideally we'd bump it, but it's defending against an unsupported scenario and
usage is unlikely to be high... so we can make that call later.

 
 #include "V8Blob.h"
 #include "V8DOMFileSystem.h"
 #include "V8File.h"
 #include "V8FileList.h"
 #include "V8ImageData.h"
+#include "V8Key.h"
 #include "V8MessagePort.h"
 #include "bindings/v8/ExceptionState.h"
 #include "bindings/v8/ScriptScope.h"
 #include "bindings/v8/ScriptState.h"
 #include "bindings/v8/V8Binding.h"
 #include "bindings/v8/WorkerScriptController.h"
 #include "bindings/v8/custom/V8ArrayBufferCustom.h"
 #include "bindings/v8/custom/V8ArrayBufferViewCustom.h"
 #include "bindings/v8/custom/V8DataViewCustom.h"
 #include "bindings/v8/custom/V8Float32ArrayCustom.h"
 #include "bindings/v8/custom/V8Float64ArrayCustom.h"
 #include "bindings/v8/custom/V8Int16ArrayCustom.h"
 #include "bindings/v8/custom/V8Int32ArrayCustom.h"
 #include "bindings/v8/custom/V8Int8ArrayCustom.h"
 #include "bindings/v8/custom/V8Uint16ArrayCustom.h"
 #include "bindings/v8/custom/V8Uint32ArrayCustom.h"
 #include "bindings/v8/custom/V8Uint8ArrayCustom.h"
 #include "bindings/v8/custom/V8Uint8ClampedArrayCustom.h"
 #include "core/dom/ExceptionCode.h"
 #include "core/dom/MessagePort.h"
 #include "core/fileapi/Blob.h"
 #include "core/fileapi/File.h"
 #include "core/fileapi/FileList.h"
 #include "core/html/ImageData.h"
 #include "core/html/canvas/DataView.h"
 #include "heap/Handle.h"
 #include "platform/SharedBuffer.h"
+#include "public/platform/Platform.h"
+#include "public/platform/WebCrypto.h"
+#include "public/platform/WebCryptoKey.h"
+#include "public/platform/WebCryptoKeyAlgorithm.h"
 #include "wtf/ArrayBuffer.h"
 #include "wtf/ArrayBufferContents.h"
 #include "wtf/ArrayBufferView.h"
 #include "wtf/Assertions.h"
 #include "wtf/ByteOrder.h"
 #include "wtf/Float32Array.h"
 #include "wtf/Float64Array.h"
 #include "wtf/Int16Array.h"
 #include "wtf/Int32Array.h"
 #include "wtf/Int8Array.h"
@@ skipping 126 matching lines @@
     ObjectTag = '{', // numProperties:uint32_t -> pops the last object from the open stack;
                      //                           fills it with the last numProperties name,value pairs pushed onto the deserialization stack
     SparseArrayTag = '@', // numProperties:uint32_t, length:uint32_t -> pops the last object from the open stack;
                           //                                            fills it with the last numProperties name,value pairs pushed onto the deserialization stack
     DenseArrayTag = '$', // numProperties:uint32_t, length:uint32_t -> pops the last object from the open stack;
                          //                                            fills it with the last length elements and numProperties name,value pairs pushed onto deserialization stack
     RegExpTag = 'R', // pattern:RawString, flags:uint32_t -> RegExp (ref)
     ArrayBufferTag = 'B', // byteLength:uint32_t, data:byte[byteLength] -> ArrayBuffer (ref)
     ArrayBufferTransferTag = 't', // index:uint32_t -> ArrayBuffer. For ArrayBuffer transfer
     ArrayBufferViewTag = 'V', // subtag:byte, byteOffset:uint32_t, byteLength:uint32_t -> ArrayBufferView (ref). Consumes an ArrayBuffer from the top of the deserialization stack.
+    CryptoKeyTag = 'K', // subtag:byte, props, usages:uint32_t, keyDataLength:uint32_t, keyData:byte[keyDataLength]
+                        //   If subtag=AesKeyTag:
+                        //       props = keyLengthBytes:uint32_t, algorithmId:uint32_t
+                        //   If subtag=HmacKeyTag:
+                        //       props = hashId:uint32_t
+                        //   If subtag=RsaKeyTag:
+                        //       props = algorithmId:uint32_t, type:uint32_t, modulusLengthBits:uint32_t, publicExponentLength:uint32_t, publicExponent:byte[publicExponentLength]
+                        //   If subtag=RsaHashedKeyTag:
+                        //       props = <same as for RsaKeyTag>, hashId:uint32_t
     ObjectReferenceTag = '^', // ref:uint32_t -> reference table[ref]
     GenerateFreshObjectTag = 'o', // -> empty object allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshSparseArrayTag = 'a', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshDenseArrayTag = 'A', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     ReferenceCountTag = '?', // refTableSize:uint32_t -> If the reference table is not refTableSize big, fails.
     StringObjectTag = 's', //  string:RawString -> new String(string) (ref)
     NumberObjectTag = 'n', // value:double -> new Number(value) (ref)
     TrueObjectTag = 'y', // new Boolean(true) (ref)
     FalseObjectTag = 'x', // new Boolean(false) (ref)
     VersionTag = 0xFF // version:uint32_t -> Uses this as the file version.
 };
 
 enum ArrayBufferViewSubTag {
     ByteArrayTag = 'b',
     UnsignedByteArrayTag = 'B',
     UnsignedByteClampedArrayTag = 'C',
     ShortArrayTag = 'w',
     UnsignedShortArrayTag = 'W',
     IntArrayTag = 'd',
     UnsignedIntArrayTag = 'D',
     FloatArrayTag = 'f',
     DoubleArrayTag = 'F',
     DataViewTag = '?'
 };
 
+enum CryptoKeySubTag {
+    AesKeyTag = 1,
+    HmacKeyTag = 2,
+    RsaKeyTag = 3,
+    RsaHashedKeyTag = 4,
+    // Maximum allowed value is 255

[jsbell, 2014/03/13 20:16:07]

(C++11 enum classes, some day!)

+};
+
+enum AssymetricCryptoKeyType {
+    PublicKeyType = 1,
+    PrivateKeyType = 2,
+    // Maximum allowed value is 2^32-1
+};
+
+enum CryptoKeyAlgorithmTag {
+    AesCbcTag = 1,
+    HmacTag = 2,
+    RsaSsaPkcs1v1_5Tag = 3,
+    RsaEsPkcs1v1_5Tag = 4,
+    Sha1Tag = 5,
+    Sha224Tag = 6,
+    Sha256Tag = 7,
+    Sha384Tag = 8,
+    Sha512Tag = 9,
+    AesGcmTag = 10,
+    RsaOaepTag = 11,
+    AesCtrTag = 12,
+    AesKwTag = 13,
+    // Maximum allowed value is 2^32-1
+};
+
+enum CryptoKeyUsage {
+    // Extractability is not a "usage" in the WebCryptoKeyUsages sense, however
+    // it fits conveniently into this bitfield.
+    ExtractableUsage = 1 << 0,
+
+    EncryptUsage = 1 << 1,
+    DecryptUsage = 1 << 2,
+    SignUsage = 1 << 3,
+    VerifyUsage = 1 << 4,
+    DeriveKeyUsage = 1 << 5,
+    WrapKeyUsage = 1 << 6,
+    UnwrapKeyUsage = 1 << 7,
+    // Maximum allowed value is 1 << 31
+};
+
 static bool shouldCheckForCycles(int depth)
 {
     ASSERT(depth >= 0);
     // Since we are not required to spot the cycle as soon as it
     // happens we can check for cycles only when the current depth
     // is a power of two.
     return !(depth & (depth - 1));
 }
 
 static const int maxDepth = 20000;
@@ skipping 168 matching lines @@
 
     void writeFileList(const FileList& fileList)
     {
         append(FileListTag);
         uint32_t length = fileList.length();
         doWriteUint32(length);
         for (unsigned i = 0; i < length; ++i)
             doWriteFile(*fileList.item(i));
     }
 
+    bool writeCryptoKey(const blink::WebCryptoKey& key, String& errorMessage)
+    {
+        append(static_cast<uint8_t>(CryptoKeyTag));

[jsbell, 2014/03/13 20:16:07]

None of the other append(XXXXTag) calls bother with a cast. Just paranoia?

[eroman, 2014/03/14 05:24:33]

I copied this from surrounding code where I see lots of
append(static_cast<uint8_t>(...)). There aren't currently any overloads on the
one-parameter append() so I agree it is safe to remove, but figured I should
match the style from the file.

+
+        switch (key.algorithm().paramsType()) {
+        case blink::WebCryptoKeyAlgorithmParamsTypeAes:
+            doWriteAesKey(key);
+            break;
+        case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
+            doWriteHmacKey(key);
+            break;
+        case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
+        case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
+            doWriteRsaKey(key);
+            break;
+        case blink::WebCryptoKeyAlgorithmParamsTypeNone:
+            ASSERT_NOT_REACHED();
+            return false;
+        }
+
+        doWriteKeyUsages(key.usages(), key.extractable());
+
+        blink::WebVector<uint8_t> keyData;
+        if (!blink::Platform::current()->crypto()->serializeKeyForClone(key, keyData)) {
+            errorMessage = "Couldn't export the key data";
+            return false;
+        }
+
+        doWriteUint32(keyData.size());
+        append(keyData.data(), keyData.size());
+        return true;
+    }
+
     void writeArrayBuffer(const ArrayBuffer& arrayBuffer)
     {
         append(ArrayBufferTag);
         doWriteArrayBuffer(arrayBuffer);
     }
 
     void writeArrayBufferView(const ArrayBufferView& arrayBufferView)
     {
         append(ArrayBufferViewTag);
 #ifndef NDEBUG
@@ skipping 151 matching lines @@
         doWriteUint32(static_cast<uint32_t>(length));
         append(reinterpret_cast<const uint8_t*>(data), length);
     }
 
     void doWriteWebCoreString(const String& string)
     {
         StringUTF8Adaptor stringUTF8(string);
         doWriteString(stringUTF8.data(), stringUTF8.length());
     }
 
+    void doWriteHmacKey(const blink::WebCryptoKey& key)
+    {
+        ASSERT(key.algorithm().paramsType() == blink::WebCryptoKeyAlgorithmParamsTypeHmac);
+
+        append(static_cast<uint8_t>(HmacKeyTag));
+        doWriteAlgorithmId(key.algorithm().hmacParams()->hash().id());
+    }
+
+    void doWriteAesKey(const blink::WebCryptoKey& key)
+    {
+        ASSERT(key.algorithm().paramsType() == blink::WebCryptoKeyAlgorithmParamsTypeAes);
+
+        append(static_cast<uint8_t>(AesKeyTag));
+        doWriteAlgorithmId(key.algorithm().id());
+        // Converting the key length from bits to bytes is lossless and makes

[jsbell, 2014/03/13 20:16:07]

ASSERT((key.algorithm().aesParams()->lengthBits() % 8) == 0) ?

[eroman, 2014/03/14 05:24:33]

Done.

+        // it fit in 1 byte.
+        doWriteUint32(static_cast<uint8_t>(key.algorithm().aesParams()->lengthBits() / 8));
+    }
+
+    void doWriteRsaKey(const blink::WebCryptoKey& key)
+    {
+        if (key.algorithm().rsaHashedParams())
+            append(static_cast<uint8_t>(RsaHashedKeyTag));
+        else
+            append(static_cast<uint8_t>(RsaKeyTag));
+
+        doWriteAlgorithmId(key.algorithm().id());
+
+        switch (key.type()) {
+        case blink::WebCryptoKeyTypePublic:
+            doWriteUint32(PublicKeyType);
+            break;
+        case blink::WebCryptoKeyTypePrivate:
+            doWriteUint32(PrivateKeyType);
+            break;
+        case blink::WebCryptoKeyTypeSecret:
+            ASSERT_NOT_REACHED();
+        }
+
+        const blink::WebCryptoRsaKeyAlgorithmParams* params = key.algorithm().rsaParams();
+        doWriteUint32(params->modulusLengthBits());
+        doWriteUint32(params->publicExponent().size());
+        append(params->publicExponent().data(), params->publicExponent().size());
+
+        if (key.algorithm().rsaHashedParams())
+            doWriteAlgorithmId(key.algorithm().rsaHashedParams()->hash().id());
+    }
+
+    void doWriteAlgorithmId(blink::WebCryptoAlgorithmId id)
+    {
+        switch (id) {
+        case blink::WebCryptoAlgorithmIdAesCbc:
+            return doWriteUint32(AesCbcTag);
+        case blink::WebCryptoAlgorithmIdHmac:
+            return doWriteUint32(HmacTag);
+        case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
+            return doWriteUint32(RsaSsaPkcs1v1_5Tag);
+        case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+            return doWriteUint32(RsaEsPkcs1v1_5Tag);
+        case blink::WebCryptoAlgorithmIdSha1:
+            return doWriteUint32(Sha1Tag);
+        case blink::WebCryptoAlgorithmIdSha224:
+            return doWriteUint32(Sha224Tag);
+        case blink::WebCryptoAlgorithmIdSha256:
+            return doWriteUint32(Sha256Tag);
+        case blink::WebCryptoAlgorithmIdSha384:
+            return doWriteUint32(Sha384Tag);
+        case blink::WebCryptoAlgorithmIdSha512:
+            return doWriteUint32(Sha512Tag);
+        case blink::WebCryptoAlgorithmIdAesGcm:
+            return doWriteUint32(AesGcmTag);
+        case blink::WebCryptoAlgorithmIdRsaOaep:
+            return doWriteUint32(RsaOaepTag);
+        case blink::WebCryptoAlgorithmIdAesCtr:
+            return doWriteUint32(AesCtrTag);
+        case blink::WebCryptoAlgorithmIdAesKw:
+            return doWriteUint32(AesKwTag);
+        }
+        ASSERT_NOT_REACHED();
+    }
+
+    void doWriteKeyUsages(const blink::WebCryptoKeyUsageMask usages, bool extractable)
+    {
+        // Reminder to update this when adding new key usages.
+        COMPILE_ASSERT(blink::EndOfWebCryptoKeyUsage == (1 << 7) + 1, UpdateMe);
+
+        uint32_t value = 0;
+
+        if (extractable)
+            value |= ExtractableUsage;
+
+        if (usages & blink::WebCryptoKeyUsageEncrypt)
+            value |= EncryptUsage;
+        if (usages & blink::WebCryptoKeyUsageDecrypt)
+            value |= DecryptUsage;
+        if (usages & blink::WebCryptoKeyUsageSign)
+            value |= SignUsage;
+        if (usages & blink::WebCryptoKeyUsageVerify)
+            value |= VerifyUsage;
+        if (usages & blink::WebCryptoKeyUsageDeriveKey)
+            value |= DeriveKeyUsage;
+        if (usages & blink::WebCryptoKeyUsageWrapKey)
+            value |= WrapKeyUsage;
+        if (usages & blink::WebCryptoKeyUsageUnwrapKey)
+            value |= UnwrapKeyUsage;
+
+        doWriteUint32(value);
+    }
+
     int bytesNeededToWireEncode(uint32_t value)
     {
         int bytes = 1;
         while (true) {
             value >>= varIntShift;
             if (!value)
                 break;
             ++bytes;
         }
 
@@ skipping 485 matching lines @@
     {
         FileList* fileList = V8FileList::toNative(value.As<v8::Object>());
         if (!fileList)
             return;
         m_writer.writeFileList(*fileList);
         unsigned length = fileList->length();
         for (unsigned i = 0; i < length; ++i)
             m_blobDataHandles.add(fileList->item(i)->uuid(), fileList->item(i)->blobDataHandle());
     }
 
+    StateBase* writeCryptoKey(v8::Handle<v8::Value> value, StateBase* next)
+    {
+        Key* key = V8Key::toNative(value.As<v8::Object>());
+        if (!key)
+            return 0;
+
+        String errorMessage;
+        if (!m_writer.writeCryptoKey(key->key(), errorMessage))
+            return handleError(DataCloneError, errorMessage, next);
+        return 0;
+    }
+
     void writeImageData(v8::Handle<v8::Value> value)
     {
         ImageData* imageData = V8ImageData::toNative(value.As<v8::Object>());
         if (!imageData)
             return;
         Uint8ClampedArray* pixelArray = imageData->data();
         m_writer.writeImageData(imageData->width(), imageData->height(), pixelArray->data(), pixelArray->length());
     }
 
     void writeRegExp(v8::Handle<v8::Value> value)
@@ skipping 175 matching lines @@
         else if (value->IsArray()) {
             return startArrayState(value.As<v8::Array>(), next);
         } else if (V8File::hasInstance(value, m_isolate))
             return writeFile(value, next);
         else if (V8Blob::hasInstance(value, m_isolate))
             return writeBlob(value, next);
         else if (V8DOMFileSystem::hasInstance(value, m_isolate))
             return writeDOMFileSystem(value, next);
         else if (V8FileList::hasInstance(value, m_isolate))
             writeFileList(value);
+        else if (V8Key::hasInstance(value, m_isolate))
+            return writeCryptoKey(value, next);

[jsbell, 2014/03/13 20:16:07]

The only reason StateBase is passed to/returned from writeCryptoKey is so it can
call handleError() with the error message. Most of the other places here that
generate errors call handleError() here (see the IsEmpty cases above). Since the
message doesn't vary, that would simplify writeCryptoKey to just return a bool.

[eroman, 2014/03/14 05:24:33]

Done.

         else if (V8ImageData::hasInstance(value, m_isolate))
             writeImageData(value);
         else if (value->IsRegExp())
             writeRegExp(value);
         else if (V8ArrayBuffer::hasInstance(value, m_isolate))
             return writeArrayBuffer(value, next);
         else if (value->IsObject()) {
             if (isHostObject(jsObject) || jsObject->IsCallable() || value->IsNativeError())
                 return handleError(DataCloneError, "An object could not be cloned.", next);
             return startObjectState(jsObject, next);
@@ skipping 133 matching lines @@
         case DOMFileSystemTag:
             if (!readDOMFileSystem(value))
                 return false;
             creator.pushObjectReference(*value);
             break;
         case FileListTag:
             if (!readFileList(value))
                 return false;
             creator.pushObjectReference(*value);
             break;
+        case CryptoKeyTag:
+            if (!readCryptoKey(value))
+                return false;
+            creator.pushObjectReference(*value);
+            break;
         case ImageDataTag:
             if (!readImageData(value))
                 return false;
             creator.pushObjectReference(*value);
             break;
 
         case RegExpTag:
             if (!readRegExp(value))
                 return false;
             creator.pushObjectReference(*value);
@@ skipping 443 matching lines @@
         for (unsigned i = 0; i < length; ++i) {
             RefPtrWillBeRawPtr<File> file = doReadFileHelper();
             if (!file)
                 return false;
             fileList->append(file.release());
         }
         *value = toV8(fileList.release(), v8::Handle<v8::Object>(), m_isolate);
         return true;
     }
 
+    bool readCryptoKey(v8::Handle<v8::Value>* value)
+    {
+        uint32_t rawKeyType;
+        if (!doReadUint32(&rawKeyType))
+            return false;
+
+        blink::WebCryptoKeyAlgorithm algorithm;
+        blink::WebCryptoKeyType type;
+
+        switch (static_cast<CryptoKeySubTag>(rawKeyType)) {
+        case AesKeyTag:
+            if (!doReadAesKey(algorithm, type))
+                return false;
+            break;
+        case HmacKeyTag:
+            if (!doReadHmacKey(algorithm, type))
+                return false;
+            break;
+        case RsaKeyTag:
+            if (!doReadRsaKey(false, algorithm, type))
+                return false;
+            break;
+        case RsaHashedKeyTag:
+            if (!doReadRsaKey(true, algorithm, type))
+                return false;
+            break;
+        default:
+            return false;
+        }
+
+        blink::WebCryptoKeyUsageMask usages;
+        bool extractable;
+        if (!doReadKeyUsages(usages, extractable))
+            return false;
+
+        uint32_t keyDataLength;
+        if (!doReadUint32(&keyDataLength))
+            return false;
+
+        if (m_position + keyDataLength > m_length)
+            return false;
+
+        const uint8_t* keyData = m_buffer + m_position;
+        m_position += keyDataLength;
+
+        blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
+        if (!blink::Platform::current()->crypto()->deserializeKeyForClone(
+            algorithm, type, extractable, usages, keyData, keyDataLength, key)) {
+            return false;
+        }
+
+        RefPtrWillBeRawPtr<Key> k = Key::create(key);
+        *value = toV8(k.release(), v8::Handle<v8::Object>(), m_isolate);
+        return true;
+    }
+
     PassRefPtrWillBeRawPtr<File> doReadFileHelper()
     {
         if (m_version < 3)
             return nullptr;
         String path;
         String name;
         String relativePath;
         String uuid;
         String type;
         uint32_t hasSnapshot = 0;
@@ skipping 69 matching lines @@
         // the blob in the src process happens to still exist at the time the dest process is deserializing.
         // For example in sharedWorker.postMesssage(...).
         BlobDataHandleMap::const_iterator it = m_blobDataHandles.find(uuid);
         if (it != m_blobDataHandles.end()) {
             // make assertions about type and size?
             return it->value;
         }
         return BlobDataHandle::create(uuid, type, size);
     }
 
+    bool doReadHmacKey(blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType& type)
+    {
+        blink::WebCryptoAlgorithmId hash;
+        if (!doReadAlgorithmId(hash))
+            return false;
+        algorithm = blink::WebCryptoKeyAlgorithm::createHmac(hash);
+        type = blink::WebCryptoKeyTypeSecret;
+        return !algorithm.isNull();
+    }
+
+    bool doReadAesKey(blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType& type)
+    {
+        blink::WebCryptoAlgorithmId id;
+        if (!doReadAlgorithmId(id))
+            return false;
+        uint32_t lengthBytes;
+        if (!doReadUint32(&lengthBytes))
+            return false;
+        algorithm = blink::WebCryptoKeyAlgorithm::createAes(id, lengthBytes * 8);
+        type = blink::WebCryptoKeyTypeSecret;
+        return !algorithm.isNull();
+    }
+
+    bool doReadRsaKey(bool hasHash, blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType& type)
+    {
+        blink::WebCryptoAlgorithmId id;
+        if (!doReadAlgorithmId(id))
+            return false;
+
+        uint32_t rawType;
+        if (!doReadUint32(&rawType))
+            return false;
+
+        switch (static_cast<AssymetricCryptoKeyType>(rawType)) {
+        case PublicKeyType:
+            type = blink::WebCryptoKeyTypePublic;
+            break;
+        case PrivateKeyType:
+            type = blink::WebCryptoKeyTypePrivate;
+            break;
+        default:
+            return false;
+        }
+
+        uint32_t modulusLengthBits;
+        if (!doReadUint32(&modulusLengthBits))
+            return false;
+
+        uint32_t publicExponentSize;
+        if (!doReadUint32(&publicExponentSize))
+            return false;
+
+        if (m_position + publicExponentSize > m_length)
+            return false;
+
+        const uint8_t* publicExponent = m_buffer + m_position;
+        m_position += publicExponentSize;
+
+        if (hasHash) {
+            blink::WebCryptoAlgorithmId hash;
+            if (!doReadAlgorithmId(hash))
+                return false;
+            algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed(id, modulusLengthBits, publicExponent, publicExponentSize, hash);
+        } else {
+            algorithm = blink::WebCryptoKeyAlgorithm::createRsa(id, modulusLengthBits, publicExponent, publicExponentSize);
+        }
+
+        return !algorithm.isNull();
+    }
+
+    bool doReadAlgorithmId(blink::WebCryptoAlgorithmId& id)
+    {
+        uint32_t rawId;
+        if (!doReadUint32(&rawId))
+            return false;
+
+        switch (static_cast<CryptoKeyAlgorithmTag>(rawId)) {
+        case AesCbcTag:
+            id = blink::WebCryptoAlgorithmIdAesCbc;
+            return true;
+        case HmacTag:
+            id = blink::WebCryptoAlgorithmIdHmac;
+            return true;
+        case RsaSsaPkcs1v1_5Tag:
+            id = blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
+            return true;
+        case RsaEsPkcs1v1_5Tag:
+            id = blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5;
+            return true;
+        case Sha1Tag:
+            id = blink::WebCryptoAlgorithmIdSha1;
+            return true;
+        case Sha224Tag:
+            id = blink::WebCryptoAlgorithmIdSha224;
+            return true;
+        case Sha256Tag:
+            id = blink::WebCryptoAlgorithmIdSha256;
+            return true;
+        case Sha384Tag:
+            id = blink::WebCryptoAlgorithmIdSha384;
+            return true;
+        case Sha512Tag:
+            id = blink::WebCryptoAlgorithmIdSha512;
+            return true;
+        case AesGcmTag:
+            id = blink::WebCryptoAlgorithmIdAesGcm;
+            return true;
+        case RsaOaepTag:
+            id = blink::WebCryptoAlgorithmIdRsaOaep;
+            return true;
+        case AesCtrTag:
+            id = blink::WebCryptoAlgorithmIdAesCtr;
+            return true;
+        case AesKwTag:
+            id = blink::WebCryptoAlgorithmIdAesKw;
+            return true;
+        }
+
+        return false;
+    }
+
+    bool doReadKeyUsages(blink::WebCryptoKeyUsageMask& usages, bool& extractable)
+    {
+        // Reminder to update this when adding new key usages.
+        COMPILE_ASSERT(blink::EndOfWebCryptoKeyUsage == (1 << 7) + 1, UpdateMe);
+
+        uint32_t rawUsages;
+        if (!doReadUint32(&rawUsages))
+            return false;
+
+        usages = 0;
+
+        extractable = rawUsages & ExtractableUsage;
+
+        if (rawUsages & EncryptUsage)
+            usages |= blink::WebCryptoKeyUsageEncrypt;
+        if (rawUsages & DecryptUsage)
+            usages |= blink::WebCryptoKeyUsageDecrypt;
+        if (rawUsages & SignUsage)
+            usages |= blink::WebCryptoKeyUsageSign;
+        if (rawUsages & VerifyUsage)
+            usages |= blink::WebCryptoKeyUsageVerify;
+        if (rawUsages & DeriveKeyUsage)
+            usages |= blink::WebCryptoKeyUsageDeriveKey;
+        if (rawUsages & WrapKeyUsage)
+            usages |= blink::WebCryptoKeyUsageWrapKey;
+        if (rawUsages & UnwrapKeyUsage)
+            usages |= blink::WebCryptoKeyUsageUnwrapKey;
+
+        // Note that if the serialized data contained an unrecognized usage it
+        // is silenty discarded here rather than erroring.

[jsbell, 2014/03/13 20:16:07]

Why? If that's the case, there could be subtle differences when deserializing.
Why not just error?

There are two cases: (1) corrupt data, where you want to error, and (2) reading
data "from the future", e.g. user has a database written by browser v.Y and but
has rolled back to v.X. While the latter isn't supported, it's still better to
error than proceed.

[eroman, 2014/03/14 05:24:33]

Done.

Sorry, it was laziness on my part.

Do you want layout tests that try deserializing corrupted data? (if so can I do
that as a follow-up, getting a bit lost navigating which bits are best to
corrupt :)

[jsbell, 2014/03/14 16:33:46]

I don't think we have those elsewhere. File a tracking bug and get to it
whenever? fast/storage/serialized-script-value.html perhaps?
 

+
+        return true;
+    }
+
     const uint8_t* m_buffer;
     const unsigned m_length;
     unsigned m_position;
     uint32_t m_version;
     v8::Isolate* m_isolate;
     const BlobDataHandleMap& m_blobDataHandles;
 };
 
 
 typedef Vector<WTF::ArrayBufferContents, 1> ArrayBufferContentsArray;
@@ skipping 499 matching lines @@
     // If the allocated memory was not registered before, then this class is likely
     // used in a context other then Worker's onmessage environment and the presence of
     // current v8 context is not guaranteed. Avoid calling v8 then.
     if (m_externallyAllocatedMemory) {
         ASSERT(v8::Isolate::GetCurrent());
         v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(-m_externallyAllocatedMemory);
     }
 }
 
 } // namespace WebCore