[webcrypto] Add JWK symmetric key RSAES-PKCS1-v1_5 wrap / unwrap for NSS.

content/child/webcrypto/shared_crypto.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include "base/logging.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/platform_crypto.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "crypto/secure_util.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
 // TODO(eroman): Move this helper to WebCryptoKey.
 bool KeyUsageAllows(const blink::WebCryptoKey& key,
                     const blink::WebCryptoKeyUsage usage) {
   return ((key.usages() & usage) != 0);
 }
 
-bool KeyUsageAllowsAnyOf(const blink::WebCryptoKey& key,

[eroman, 2014/03/18 06:18:39]

this probably needs to be rebased, these diffs shouldn't be here

[padolph, 2014/03/18 17:52:19]

'git cl rebase' does not work for me. I get the error
update-index --refresh: command returned error: 1
third_party/WebKit: needs update
I searched the forums and a few people also see this problem, but no solutions
are offered as far as I found.

For this CL, instead of 'cl rebase' I did a 'cl patch' from the other CL, and
when I uploaded I did 'git cl upload HEAD~'. I'm not sure why this diff got
uploaded.

In any event, this diff will go away once that other CL lands and I rebase from
that.

-                         const blink::WebCryptoKeyUsageMask usage_mask) {
-  return ((key.usages() & usage_mask) != 0);
-}
-
 bool IsValidAesKeyLengthBits(unsigned int length_bits) {
   return length_bits == 128 || length_bits == 192 || length_bits == 256;
 }
 
 bool IsValidAesKeyLengthBytes(unsigned int length_bytes) {
   return length_bytes == 16 || length_bytes == 24 || length_bytes == 32;
 }
 
 Status ToPlatformSymKey(const blink::WebCryptoKey& key,
                         platform::SymKey** out) {
@@ skipping 245 matching lines @@
                                          algorithm_or_null,
                                          extractable,
                                          usage_mask,
                                          key);
     }
     default:
       return Status::ErrorUnsupported();
   }
 }
 
+Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key,
+                  const blink::WebCryptoKey& key_to_wrap,
+                  const blink::WebCryptoAlgorithm& wrapping_algorithm,
+                  blink::WebArrayBuffer* buffer) {
+  // A raw key is always a symmetric key.
+  platform::SymKey* platform_key;
+  Status status = ToPlatformSymKey(key_to_wrap, &platform_key);
+  if (status.IsError())
+    return status;
+
+  // TODO(padolph): Handle other wrapping algorithms
+  switch (wrapping_algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::WrapSymKeyAesKw(
+          platform_wrapping_key, platform_key, buffer);
+    }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      platform::PublicKey* platform_wrapping_key;
+      status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      return platform::WrapSymKeyRsaEs(
+          platform_wrapping_key, platform_key, buffer);
+    }
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm,
                     const blink::WebCryptoKey& key,
                     const CryptoData& data,
                     blink::WebArrayBuffer* buffer) {
   platform::SymKey* sym_key;
   Status status = ToPlatformSymKey(key, &sym_key);
   if (status.IsError())
     return status;
   status = CheckAesKwInputSize(data);
   if (status.IsError())
@@ skipping 14 matching lines @@
       return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
     case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
       return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
     case blink::WebCryptoAlgorithmIdAesKw:
       return DecryptAesKw(algorithm, key, data, buffer);
     default:
       return Status::ErrorUnsupported();
   }
 }
 
+Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
+                             const blink::WebCryptoKey& key,
+                             const CryptoData& data,
+                             blink::WebArrayBuffer* buffer) {
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+      return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesGcm:
+      return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+      return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
 Status UnwrapKeyDecryptAndImport(
     blink::WebCryptoKeyFormat format,
     const CryptoData& wrapped_key_data,
     const blink::WebCryptoKey& wrapping_key,
     const blink::WebCryptoAlgorithm& wrapping_algorithm,
     const blink::WebCryptoAlgorithm& algorithm_or_null,
     bool extractable,
     blink::WebCryptoKeyUsageMask usage_mask,
     blink::WebCryptoKey* key) {
-  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
-    return Status::ErrorUnexpected();
   blink::WebArrayBuffer buffer;
   Status status = DecryptDontCheckKeyUsage(
       wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer);
   if (status.IsError())
     return status;
   status = ImportKey(format,
                      CryptoData(buffer),
                      algorithm_or_null,
                      extractable,
                      usage_mask,
                      key);
   // NOTE! Returning the details of any ImportKey() failure here would leak
   // information about the plaintext internals of the encrypted key. Instead,
   // collapse any error into the generic Status::Error().
   return status.IsError() ? Status::Error() : Status::Success();
 }
 
+Status WrapKeyExportAndEncrypt(
+    blink::WebCryptoKeyFormat format,
+    const blink::WebCryptoKey& wrapping_key,
+    const blink::WebCryptoKey& key_to_wrap,
+    const blink::WebCryptoAlgorithm& wrapping_algorithm,
+    blink::WebArrayBuffer* buffer) {
+  blink::WebArrayBuffer exported_data;
+  Status status = ExportKey(format, key_to_wrap, &exported_data);
+  if (status.IsError())
+    return status;
+  return EncryptDontCheckUsage(
+      wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer);
+}
+
 }  // namespace
 
 void Init() { platform::Init(); }
 
 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
                const blink::WebCryptoKey& key,
                const CryptoData& data,
                blink::WebArrayBuffer* buffer) {
   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))
     return Status::ErrorUnexpected();
-  if (algorithm.id() != key.algorithm().id())
-    return Status::ErrorUnexpected();
-
-  switch (algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesCbc:
-      return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer);
-    case blink::WebCryptoAlgorithmIdAesGcm:
-      return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
-    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
-      return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
-    default:
-      return Status::ErrorUnsupported();
-  }
+  return EncryptDontCheckUsage(algorithm, key, data, buffer);
 }
 
 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
                const blink::WebCryptoKey& key,
                const CryptoData& data,
                blink::WebArrayBuffer* buffer) {
   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt))
     return Status::ErrorUnexpected();
   return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
 }
@@ skipping 199 matching lines @@
     default:
       return Status::ErrorUnsupported();
   }
 }
 
 Status WrapKey(blink::WebCryptoKeyFormat format,
                const blink::WebCryptoKey& wrapping_key,
                const blink::WebCryptoKey& key_to_wrap,
                const blink::WebCryptoAlgorithm& wrapping_algorithm,
                blink::WebArrayBuffer* buffer) {
-  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey))

[eroman, 2014/03/18 06:18:39]

hah! these checks are mainly a precaution, since the blink side should have
already verified usages before calling in.

[padolph, 2014/03/18 17:52:19]

Was hoping I could sneak this fix in unnoticed ;-)

     return Status::ErrorUnexpected();
   if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
     return Status::ErrorUnexpected();
 
-  // TODO (padolph): Handle formats other than raw
-  if (format != blink::WebCryptoKeyFormatRaw)
-    return Status::ErrorUnsupported();
-  // TODO (padolph): Handle key-to-wrap types other than secret/symmetric
-  if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret)
-    return Status::ErrorUnsupported();
-
-  platform::SymKey* platform_key;
-  Status status = ToPlatformSymKey(key_to_wrap, &platform_key);
-  if (status.IsError())
-    return status;
-
-  // TODO(padolph): Handle other wrapping algorithms
-  switch (wrapping_algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesKw: {
-      platform::SymKey* platform_wrapping_key;
-      status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-      if (status.IsError())
-        return status;
-      return platform::WrapSymKeyAesKw(
-          platform_wrapping_key, platform_key, buffer);
-    }
-    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
-      platform::PublicKey* platform_wrapping_key;
-      status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key);
-      if (status.IsError())
-        return status;
-      return platform::WrapSymKeyRsaEs(
-          platform_wrapping_key, platform_key, buffer);
-    }
+  switch (format) {
+    case blink::WebCryptoKeyFormatRaw:
+      return WrapKeyRaw(wrapping_key, key_to_wrap, wrapping_algorithm, buffer);
+    case blink::WebCryptoKeyFormatJwk:
+      return WrapKeyExportAndEncrypt(
+          format, wrapping_key, key_to_wrap, wrapping_algorithm, buffer);
+    case blink::WebCryptoKeyFormatSpki:
+    case blink::WebCryptoKeyFormatPkcs8:
+      return Status::ErrorUnsupported();  // TODO(padolph)
     default:
+      NOTREACHED();
       return Status::ErrorUnsupported();
   }
 }
 
 Status UnwrapKey(blink::WebCryptoKeyFormat format,
                  const CryptoData& wrapped_key_data,
                  const blink::WebCryptoKey& wrapping_key,
                  const blink::WebCryptoAlgorithm& wrapping_algorithm,
                  const blink::WebCryptoAlgorithm& algorithm_or_null,
                  bool extractable,
@@ skipping 27 matching lines @@
       return Status::ErrorUnsupported();  // TODO(padolph)
     default:
       NOTREACHED();
       return Status::ErrorUnsupported();
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content