[webcrypto] Add JWK symmetric key AES-KW unwrap for NSS.

content/child/webcrypto/shared_crypto.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/shared_crypto.h"
 
 #include "base/logging.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/platform_crypto.h"
 #include "content/child/webcrypto/webcrypto_util.h"
 #include "crypto/secure_util.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
 // TODO(eroman): Move this helper to WebCryptoKey.
 bool KeyUsageAllows(const blink::WebCryptoKey& key,
                     const blink::WebCryptoKeyUsage usage) {
   return ((key.usages() & usage) != 0);
 }
 
+bool KeyUsageAllowsAnyOf(const blink::WebCryptoKey& key,

[eroman, 2014/03/18 01:02:13]

This is unused, and why the commit queue failed it

[padolph, 2014/03/18 01:23:02]

Done.

+                         const blink::WebCryptoKeyUsageMask usage_mask) {
+  return ((key.usages() & usage_mask) != 0);
+}
+
 bool IsValidAesKeyLengthBits(unsigned int length_bits) {
   return length_bits == 128 || length_bits == 192 || length_bits == 256;
 }
 
 bool IsValidAesKeyLengthBytes(unsigned int length_bytes) {
   return length_bytes == 16 || length_bytes == 24 || length_bytes == 32;
 }
 
 Status ToPlatformSymKey(const blink::WebCryptoKey& key,
                         platform::SymKey** out) {
@@ skipping 187 matching lines @@
         return Status::Error();
     // Fallthrough intentional!
     case blink::WebCryptoAlgorithmIdHmac:
       return platform::ImportKeyRaw(
           algorithm_or_null, key_data, extractable, usage_mask, key);
     default:
       return Status::ErrorUnsupported();
   }
 }
 
+// Validates the size of data input to AES-KW. AES-KW requires the input data
+// size to be at least 24 bytes and a multiple of 8 bytes.
+Status CheckAesKwInputSize(const CryptoData& aeskw_input_data) {
+  if (aeskw_input_data.byte_length() < 24)
+    return Status::ErrorDataTooSmall();
+  if (aeskw_input_data.byte_length() % 8)
+    return Status::ErrorInvalidAesKwDataLength();
+  return Status::Success();
+}
+
+Status UnwrapKeyRaw(const CryptoData& wrapped_key_data,
+                    const blink::WebCryptoKey& wrapping_key,
+                    const blink::WebCryptoAlgorithm& wrapping_algorithm,
+                    const blink::WebCryptoAlgorithm& algorithm_or_null,
+                    bool extractable,
+                    blink::WebCryptoKeyUsageMask usage_mask,
+                    blink::WebCryptoKey* key) {
+  // Must provide an algorithm when unwrapping a raw key
+  if (algorithm_or_null.isNull())
+    return Status::ErrorMissingAlgorithmUnwrapRawKey();
+
+  // TODO(padolph): Handle other wrapping algorithms
+  switch (wrapping_algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesKw: {
+      platform::SymKey* platform_wrapping_key;
+      Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      status = CheckAesKwInputSize(wrapped_key_data);
+      if (status.IsError())
+        return status;
+      return platform::UnwrapSymKeyAesKw(wrapped_key_data,
+                                         platform_wrapping_key,
+                                         algorithm_or_null,
+                                         extractable,
+                                         usage_mask,
+                                         key);
+    }
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
+      platform::PrivateKey* platform_wrapping_key;
+      Status status =
+          ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key);
+      if (status.IsError())
+        return status;
+      if (!wrapped_key_data.byte_length())
+        return Status::ErrorDataTooSmall();
+      return platform::UnwrapSymKeyRsaEs(wrapped_key_data,
+                                         platform_wrapping_key,
+                                         algorithm_or_null,
+                                         extractable,
+                                         usage_mask,
+                                         key);
+    }
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm,
+                    const blink::WebCryptoKey& key,
+                    const CryptoData& data,
+                    blink::WebArrayBuffer* buffer) {
+  platform::SymKey* sym_key;
+  Status status = ToPlatformSymKey(key, &sym_key);
+  if (status.IsError())
+    return status;
+  status = CheckAesKwInputSize(data);
+  if (status.IsError())
+    return status;
+  return platform::DecryptAesKw(sym_key, data, buffer);
+}
+
+Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
+                                const blink::WebCryptoKey& key,
+                                const CryptoData& data,
+                                blink::WebArrayBuffer* buffer) {
+  if (algorithm.id() != key.algorithm().id())
+    return Status::ErrorUnexpected();
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdAesCbc:
+      return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesGcm:
+      return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+      return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdAesKw:
+      return DecryptAesKw(algorithm, key, data, buffer);
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+Status UnwrapKeyDecryptAndImport(
+    blink::WebCryptoKeyFormat format,
+    const CryptoData& wrapped_key_data,
+    const blink::WebCryptoKey& wrapping_key,
+    const blink::WebCryptoAlgorithm& wrapping_algorithm,
+    const blink::WebCryptoAlgorithm& algorithm_or_null,
+    bool extractable,
+    blink::WebCryptoKeyUsageMask usage_mask,
+    blink::WebCryptoKey* key) {
+  if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
+    return Status::ErrorUnexpected();
+  blink::WebArrayBuffer buffer;
+  Status status = DecryptDontCheckKeyUsage(
+      wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer);
+  if (status.IsError())
+    return status;
+  status = ImportKey(format,
+                     CryptoData(buffer),
+                     algorithm_or_null,
+                     extractable,
+                     usage_mask,
+                     key);
+  // NOTE! Returning the details of any ImportKey() failure here would leak
+  // information about the plaintext internals of the encrypted key. Instead,
+  // collapse any error into the generic Status::Error().
+  return status.IsError() ? Status::Error() : Status::Success();
+}
+
 }  // namespace
 
 void Init() { platform::Init(); }
 
 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
                const blink::WebCryptoKey& key,
                const CryptoData& data,
                blink::WebArrayBuffer* buffer) {
   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))
     return Status::ErrorUnexpected();
@@ skipping 11 matching lines @@
       return Status::ErrorUnsupported();
   }
 }
 
 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
                const blink::WebCryptoKey& key,
                const CryptoData& data,
                blink::WebArrayBuffer* buffer) {
   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt))
     return Status::ErrorUnexpected();
-  if (algorithm.id() != key.algorithm().id())
-    return Status::ErrorUnexpected();
-
-  switch (algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesCbc:
-      return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer);
-    case blink::WebCryptoAlgorithmIdAesGcm:
-      return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
-    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
-      return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
-    default:
-      return Status::ErrorUnsupported();
-  }
+  return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
 }
 
 Status Digest(const blink::WebCryptoAlgorithm& algorithm,
               const CryptoData& data,
               blink::WebArrayBuffer* buffer) {
   switch (algorithm.id()) {
     case blink::WebCryptoAlgorithmIdSha1:
     case blink::WebCryptoAlgorithmIdSha256:
     case blink::WebCryptoAlgorithmIdSha384:
     case blink::WebCryptoAlgorithmIdSha512:
@@ skipping 127 matching lines @@
         return status;
       return platform::ExportKeyRaw(sym_key, buffer);
     }
     case blink::WebCryptoKeyFormatSpki: {
       platform::PublicKey* public_key;
       Status status = ToPlatformPublicKey(key, &public_key);
       if (status.IsError())
         return status;
       return platform::ExportKeySpki(public_key, buffer);
     }
+    case blink::WebCryptoKeyFormatJwk:
+      return ExportKeyJwk(key, buffer);
     case blink::WebCryptoKeyFormatPkcs8:
-    case blink::WebCryptoKeyFormatJwk:
       // TODO(eroman):
       return Status::ErrorUnsupported();
     default:
       return Status::ErrorUnsupported();
   }
 }
 
 Status Sign(const blink::WebCryptoAlgorithm& algorithm,
             const blink::WebCryptoKey& key,
             const CryptoData& data,
@@ skipping 93 matching lines @@
                  const blink::WebCryptoAlgorithm& wrapping_algorithm,
                  const blink::WebCryptoAlgorithm& algorithm_or_null,
                  bool extractable,
                  blink::WebCryptoKeyUsageMask usage_mask,
                  blink::WebCryptoKey* key) {
   if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
     return Status::ErrorUnexpected();
   if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
     return Status::ErrorUnexpected();
 
-  // TODO(padolph): Handle formats other than raw
-  if (format != blink::WebCryptoKeyFormatRaw)
-    return Status::ErrorUnsupported();
-
-  // Must provide an algorithm when unwrapping a raw key
-  if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull())
-    return Status::ErrorMissingAlgorithmUnwrapRawKey();
-
-  // TODO(padolph): Handle other wrapping algorithms
-  switch (wrapping_algorithm.id()) {
-    case blink::WebCryptoAlgorithmIdAesKw: {
-      platform::SymKey* platform_wrapping_key;
-      Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key);
-      if (status.IsError())
-        return status;
-      // AES-KW requires the wrapped key data size must be at least 24 bytes and
-      // also a multiple of 8 bytes.
-      if (wrapped_key_data.byte_length() < 24)
-        return Status::ErrorDataTooSmall();
-      if (wrapped_key_data.byte_length() % 8)
-        return Status::ErrorInvalidAesKwDataLength();
-      return platform::UnwrapSymKeyAesKw(wrapped_key_data,
-                                         platform_wrapping_key,
-                                         algorithm_or_null,
-                                         extractable,
-                                         usage_mask,
-                                         key);
-    }
-    case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
-      platform::PrivateKey* platform_wrapping_key;
-      Status status =
-          ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key);
-      if (status.IsError())
-        return status;
-      if (!wrapped_key_data.byte_length())
-        return Status::ErrorDataTooSmall();
-      return platform::UnwrapSymKeyRsaEs(wrapped_key_data,
-                                         platform_wrapping_key,
-                                         algorithm_or_null,
-                                         extractable,
-                                         usage_mask,
-                                         key);
-    }
+  switch (format) {
+    case blink::WebCryptoKeyFormatRaw:
+      return UnwrapKeyRaw(wrapped_key_data,
+                          wrapping_key,
+                          wrapping_algorithm,
+                          algorithm_or_null,
+                          extractable,
+                          usage_mask,
+                          key);
+    case blink::WebCryptoKeyFormatJwk:
+      return UnwrapKeyDecryptAndImport(format,
+                                       wrapped_key_data,
+                                       wrapping_key,
+                                       wrapping_algorithm,
+                                       algorithm_or_null,
+                                       extractable,
+                                       usage_mask,
+                                       key);
+    case blink::WebCryptoKeyFormatSpki:
+    case blink::WebCryptoKeyFormatPkcs8:
+      return Status::ErrorUnsupported();  // TODO(padolph)
     default:
+      NOTREACHED();
       return Status::ErrorUnsupported();
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content