[webcrypto] Add JWK symmetric key RSAES-PKCS1-v1_5 wrap / unwrap for NSS.

content/child/webcrypto/jwk.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/lazy_instance.h"
@@ skipping 147 matching lines @@
 
 base::LazyInstance<JwkAlgorithmRegistry> jwk_alg_registry =
     LAZY_INSTANCE_INITIALIZER;
 
 bool ImportAlgorithmsConsistent(const blink::WebCryptoAlgorithm& alg1,
                                 const blink::WebCryptoAlgorithm& alg2) {
   DCHECK(!alg1.isNull());
   DCHECK(!alg2.isNull());
   if (alg1.id() != alg2.id())
     return false;
-  if (alg1.paramsType() != alg2.paramsType())
-    return false;
-  switch (alg1.paramsType()) {
-    case blink::WebCryptoAlgorithmParamsTypeNone:
-      return true;
-    case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams:
-      return ImportAlgorithmsConsistent(alg1.rsaHashedImportParams()->hash(),
-                                        alg2.rsaHashedImportParams()->hash());
-    case blink::WebCryptoAlgorithmParamsTypeHmacImportParams:
-      return ImportAlgorithmsConsistent(alg1.hmacImportParams()->hash(),
-                                        alg2.hmacImportParams()->hash());
-    default:
+  // Inner hash algorithms must be compared too, but only if present.
+  if (alg1.paramsType() ==

[eroman, 2014/03/18 06:18:39]

I am not sure that I understand the change made here, can you explain?

[padolph, 2014/03/18 17:52:19]

Without this change the RsaEsJwkSymkeyWrapUnwrapRoundTrip test fails. The use
case is to call GenerateKey() to create a key, call WrapKey() to wrap it, then
UnwrapKey() to get it back.

During the unwrap, since this test uses JWK format, this function is called to
compare the key algorithm extracted from the JWK to the algorithm passed into
the UnwrapKey() method. In this case the algorithm passed into UnwrapKey() is
the same instance that was used to generate the symkey; namely, one produced by
CreateAesCbcKeyGenAlgorithm().

Prior to this change, ImportAlgorithmsConsistent() failed because the paramsType
of a key produced by CreateAesCbcKeyGenAlgorithm() is different from the
paramsType of a key produced by CreateAlgorithm() (as jwk.c does with
CreateImportAlgorithm()).

I think the paramsType check is not relevant in this case, since there is no
inner hash. Indeed I think using generated symmetric keys is a typical use case
for ephemeral keys, and wrap/JWK import/export on such keys is sometimes used
for persistence or exchange.

I confess I have not followed your changes around 'key' algorithms too closely,
so there might be a better way to address this.

[eroman, 2014/03/19 04:04:00]

I see thanks for explaining.

That sounds like a problem with the test then:

  UnwrapKey() should get called with an "import algorithm" rather than a
"generate algorithm". I will point out the changes I suggest in that file.

From a high level perspective, Blink will guarantee that the WebCryptoAlgorithm
passed in is appropriate for the algorithm+operation. So we can be certain that
only import algorithms will be given to unwrap key, and hence no need for our
unit-tests to check otherwise.

To see what types are expected you can look at the data tables in the spec and
see the name of the parameters. For instance:

https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#aes-cbc

I realize that interpreting the WebCryptoAlgorithm is pretty tedious and
magical. I have a refactor which does the fan-out at the blink layer, so the
interfaces on the chromium side don't even take WebCryptoAlgorithm anymore, they
take the parameters directly (i.e. what platform_crypto.h is today). But it is a
very large change and I wouldn't dare push it right now as we are actively
working on things, as it will be a merging nightmare :)

+          blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams ||
+      alg1.paramsType() ==
+          blink::WebCryptoAlgorithmParamsTypeHmacImportParams) {
+    if (alg1.paramsType() != alg2.paramsType())
       return false;
+    switch (alg1.paramsType()) {
+      case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams:
+        return ImportAlgorithmsConsistent(alg1.rsaHashedImportParams()->hash(),
+                                          alg2.rsaHashedImportParams()->hash());
+      case blink::WebCryptoAlgorithmParamsTypeHmacImportParams:
+        return ImportAlgorithmsConsistent(alg1.hmacImportParams()->hash(),
+                                          alg2.hmacImportParams()->hash());
+      default:
+        return false;
+    }
   }
+  return true;
 }
 
 // Extracts the required string property with key |path| from |dict| and saves
 // the result to |*result|. If the property does not exist or is not a string,
 // returns an error.
 Status GetJwkString(base::DictionaryValue* dict,
                     const std::string& path,
                     std::string* result) {
   base::Value* value = NULL;
   if (!dict->Get(path, &value))
@@ skipping 192 matching lines @@
 }  // namespace
 
 Status ImportKeyJwk(const CryptoData& key_data,
                     const blink::WebCryptoAlgorithm& algorithm_or_null,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usage_mask,
                     blink::WebCryptoKey* key) {
   // TODO(padolph): Generalize this comment to include export, and move to top
   // of file.
 
-  // TODO(padolph): Generalize this comment to include export, and move to top
-  // of file.
-
   // The goal of this method is to extract key material and meta data from the
   // incoming JWK, combine them with the input parameters, and ultimately import
   // a Web Crypto Key.
   //
   // JSON Web Key Format (JWK)
   // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-21
   //
   // A JWK is a simple JSON dictionary with the following entries
   // - "kty" (Key Type) Parameter, REQUIRED
   // - <kty-specific parameters, see below>, REQUIRED
@@ skipping 359 matching lines @@
   std::string json;
   base::JSONWriter::Write(&jwk_dict, &json);
   *buffer = CreateArrayBuffer(reinterpret_cast<const uint8*>(json.data()),
                               json.size());
   return Status::Success();
 }
 
 }  // namespace webcrypto
 
 }  // namespace content