Index: content/child/webcrypto/shared_crypto.cc |
diff --git a/content/child/webcrypto/shared_crypto.cc b/content/child/webcrypto/shared_crypto.cc |
index 63af5768b33c756b31bdcb4082716135b460ac3e..0ccf04a7bdb72d18511cee08708962ea0e9d7fef 100644 |
--- a/content/child/webcrypto/shared_crypto.cc |
+++ b/content/child/webcrypto/shared_crypto.cc |
@@ -368,6 +368,39 @@ Status UnwrapKeyRaw(const CryptoData& wrapped_key_data, |
} |
} |
+Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key, |
+ const blink::WebCryptoKey& key_to_wrap, |
+ const blink::WebCryptoAlgorithm& wrapping_algorithm, |
+ blink::WebArrayBuffer* buffer) { |
+ // A raw key is always a symmetric key. |
+ platform::SymKey* platform_key; |
+ Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
+ if (status.IsError()) |
+ return status; |
+ |
+ // TODO(padolph): Handle other wrapping algorithms |
+ switch (wrapping_algorithm.id()) { |
+ case blink::WebCryptoAlgorithmIdAesKw: { |
+ platform::SymKey* platform_wrapping_key; |
+ status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
+ if (status.IsError()) |
+ return status; |
+ return platform::WrapSymKeyAesKw( |
+ platform_wrapping_key, platform_key, buffer); |
+ } |
+ case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
+ platform::PublicKey* platform_wrapping_key; |
+ status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); |
+ if (status.IsError()) |
+ return status; |
+ return platform::WrapSymKeyRsaEs( |
+ platform_wrapping_key, platform_key, buffer); |
+ } |
+ default: |
+ return Status::ErrorUnsupported(); |
+ } |
+} |
+ |
Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
@@ -402,6 +435,24 @@ Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm, |
} |
} |
+Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, |
+ const blink::WebCryptoKey& key, |
+ const CryptoData& data, |
+ blink::WebArrayBuffer* buffer) { |
+ if (algorithm.id() != key.algorithm().id()) |
+ return Status::ErrorUnexpected(); |
+ switch (algorithm.id()) { |
+ case blink::WebCryptoAlgorithmIdAesCbc: |
+ return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); |
+ case blink::WebCryptoAlgorithmIdAesGcm: |
+ return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); |
+ case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
+ return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); |
+ default: |
+ return Status::ErrorUnsupported(); |
+ } |
+} |
+ |
Status UnwrapKeyDecryptAndImport( |
blink::WebCryptoKeyFormat format, |
const CryptoData& wrapped_key_data, |
@@ -411,8 +462,6 @@ Status UnwrapKeyDecryptAndImport( |
bool extractable, |
blink::WebCryptoKeyUsageMask usage_mask, |
blink::WebCryptoKey* key) { |
- if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
- return Status::ErrorUnexpected(); |
blink::WebArrayBuffer buffer; |
Status status = DecryptDontCheckKeyUsage( |
wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); |
@@ -430,6 +479,20 @@ Status UnwrapKeyDecryptAndImport( |
return status.IsError() ? Status::Error() : Status::Success(); |
} |
+Status WrapKeyExportAndEncrypt( |
+ blink::WebCryptoKeyFormat format, |
+ const blink::WebCryptoKey& wrapping_key, |
+ const blink::WebCryptoKey& key_to_wrap, |
+ const blink::WebCryptoAlgorithm& wrapping_algorithm, |
+ blink::WebArrayBuffer* buffer) { |
+ blink::WebArrayBuffer exported_data; |
+ Status status = ExportKey(format, key_to_wrap, &exported_data); |
+ if (status.IsError()) |
+ return status; |
+ return EncryptDontCheckUsage( |
+ wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer); |
+} |
+ |
} // namespace |
void Init() { platform::Init(); } |
@@ -440,19 +503,7 @@ Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
blink::WebArrayBuffer* buffer) { |
if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt)) |
return Status::ErrorUnexpected(); |
- if (algorithm.id() != key.algorithm().id()) |
- return Status::ErrorUnexpected(); |
- |
- switch (algorithm.id()) { |
- case blink::WebCryptoAlgorithmIdAesCbc: |
- return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); |
- case blink::WebCryptoAlgorithmIdAesGcm: |
- return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); |
- case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
- return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); |
- default: |
- return Status::ErrorUnsupported(); |
- } |
+ return EncryptDontCheckUsage(algorithm, key, data, buffer); |
} |
Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, |
@@ -678,42 +729,22 @@ Status WrapKey(blink::WebCryptoKeyFormat format, |
const blink::WebCryptoKey& key_to_wrap, |
const blink::WebCryptoAlgorithm& wrapping_algorithm, |
blink::WebArrayBuffer* buffer) { |
- if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
+ if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
return Status::ErrorUnexpected(); |
if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
return Status::ErrorUnexpected(); |
- // TODO (padolph): Handle formats other than raw |
- if (format != blink::WebCryptoKeyFormatRaw) |
- return Status::ErrorUnsupported(); |
- // TODO (padolph): Handle key-to-wrap types other than secret/symmetric |
- if (key_to_wrap.type() != blink::WebCryptoKeyTypeSecret) |
- return Status::ErrorUnsupported(); |
- |
- platform::SymKey* platform_key; |
- Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
- if (status.IsError()) |
- return status; |
- |
- // TODO(padolph): Handle other wrapping algorithms |
- switch (wrapping_algorithm.id()) { |
- case blink::WebCryptoAlgorithmIdAesKw: { |
- platform::SymKey* platform_wrapping_key; |
- status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
- if (status.IsError()) |
- return status; |
- return platform::WrapSymKeyAesKw( |
- platform_wrapping_key, platform_key, buffer); |
- } |
- case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
- platform::PublicKey* platform_wrapping_key; |
- status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); |
- if (status.IsError()) |
- return status; |
- return platform::WrapSymKeyRsaEs( |
- platform_wrapping_key, platform_key, buffer); |
- } |
+ switch (format) { |
+ case blink::WebCryptoKeyFormatRaw: |
+ return WrapKeyRaw(wrapping_key, key_to_wrap, wrapping_algorithm, buffer); |
+ case blink::WebCryptoKeyFormatJwk: |
+ return WrapKeyExportAndEncrypt( |
+ format, wrapping_key, key_to_wrap, wrapping_algorithm, buffer); |
+ case blink::WebCryptoKeyFormatSpki: |
+ case blink::WebCryptoKeyFormatPkcs8: |
+ return Status::ErrorUnsupported(); // TODO(padolph) |
default: |
+ NOTREACHED(); |
return Status::ErrorUnsupported(); |
} |
} |