OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/platform_crypto.h" | 9 #include "content/child/webcrypto/platform_crypto.h" |
10 #include "content/child/webcrypto/webcrypto_util.h" | 10 #include "content/child/webcrypto/webcrypto_util.h" |
(...skipping 192 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
203 | 203 |
204 return platform::VerifyRsaSsaPkcs1v1_5( | 204 return platform::VerifyRsaSsaPkcs1v1_5( |
205 public_key, | 205 public_key, |
206 key.algorithm().rsaHashedParams()->hash(), | 206 key.algorithm().rsaHashedParams()->hash(), |
207 signature, | 207 signature, |
208 data, | 208 data, |
209 signature_match); | 209 signature_match); |
210 } | 210 } |
211 | 211 |
212 Status ImportKeyRaw(const CryptoData& key_data, | 212 Status ImportKeyRaw(const CryptoData& key_data, |
213 const blink::WebCryptoAlgorithm& algorithm_or_null, | 213 const blink::WebCryptoAlgorithm& algorithm, |
214 bool extractable, | 214 bool extractable, |
215 blink::WebCryptoKeyUsageMask usage_mask, | 215 blink::WebCryptoKeyUsageMask usage_mask, |
216 blink::WebCryptoKey* key) { | 216 blink::WebCryptoKey* key) { |
217 if (algorithm_or_null.isNull()) | 217 switch (algorithm.id()) { |
218 return Status::ErrorMissingAlgorithmImportRawKey(); | |
219 | |
220 switch (algorithm_or_null.id()) { | |
221 case blink::WebCryptoAlgorithmIdAesCtr: | 218 case blink::WebCryptoAlgorithmIdAesCtr: |
222 case blink::WebCryptoAlgorithmIdAesCbc: | 219 case blink::WebCryptoAlgorithmIdAesCbc: |
223 case blink::WebCryptoAlgorithmIdAesGcm: | 220 case blink::WebCryptoAlgorithmIdAesGcm: |
224 case blink::WebCryptoAlgorithmIdAesKw: | 221 case blink::WebCryptoAlgorithmIdAesKw: |
225 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) | 222 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) |
226 return Status::Error(); | 223 return Status::Error(); |
227 // Fallthrough intentional! | 224 // Fallthrough intentional! |
228 case blink::WebCryptoAlgorithmIdHmac: | 225 case blink::WebCryptoAlgorithmIdHmac: |
229 return platform::ImportKeyRaw( | 226 return platform::ImportKeyRaw( |
230 algorithm_or_null, key_data, extractable, usage_mask, key); | 227 algorithm, key_data, extractable, usage_mask, key); |
231 default: | 228 default: |
232 return Status::ErrorUnsupported(); | 229 return Status::ErrorUnsupported(); |
233 } | 230 } |
234 } | 231 } |
235 | 232 |
236 } // namespace | 233 } // namespace |
237 | 234 |
238 void Init() { platform::Init(); } | 235 void Init() { platform::Init(); } |
239 | 236 |
240 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | 237 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
(...skipping 139 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
380 public_key, | 377 public_key, |
381 private_key); | 378 private_key); |
382 } | 379 } |
383 default: | 380 default: |
384 return Status::ErrorUnsupported(); | 381 return Status::ErrorUnsupported(); |
385 } | 382 } |
386 } | 383 } |
387 | 384 |
388 Status ImportKey(blink::WebCryptoKeyFormat format, | 385 Status ImportKey(blink::WebCryptoKeyFormat format, |
389 const CryptoData& key_data, | 386 const CryptoData& key_data, |
390 const blink::WebCryptoAlgorithm& algorithm_or_null, | 387 const blink::WebCryptoAlgorithm& algorithm, |
391 bool extractable, | 388 bool extractable, |
392 blink::WebCryptoKeyUsageMask usage_mask, | 389 blink::WebCryptoKeyUsageMask usage_mask, |
393 blink::WebCryptoKey* key) { | 390 blink::WebCryptoKey* key) { |
394 switch (format) { | 391 switch (format) { |
395 case blink::WebCryptoKeyFormatRaw: | 392 case blink::WebCryptoKeyFormatRaw: |
396 return ImportKeyRaw( | 393 return ImportKeyRaw( |
397 key_data, algorithm_or_null, extractable, usage_mask, key); | 394 key_data, algorithm, extractable, usage_mask, key); |
398 case blink::WebCryptoKeyFormatSpki: | 395 case blink::WebCryptoKeyFormatSpki: |
399 return platform::ImportKeySpki( | 396 return platform::ImportKeySpki( |
400 algorithm_or_null, key_data, extractable, usage_mask, key); | 397 algorithm, key_data, extractable, usage_mask, key); |
401 case blink::WebCryptoKeyFormatPkcs8: | 398 case blink::WebCryptoKeyFormatPkcs8: |
402 return platform::ImportKeyPkcs8( | 399 return platform::ImportKeyPkcs8( |
403 algorithm_or_null, key_data, extractable, usage_mask, key); | 400 algorithm, key_data, extractable, usage_mask, key); |
404 case blink::WebCryptoKeyFormatJwk: | 401 case blink::WebCryptoKeyFormatJwk: |
405 return ImportKeyJwk( | 402 return ImportKeyJwk( |
406 key_data, algorithm_or_null, extractable, usage_mask, key); | 403 key_data, algorithm, extractable, usage_mask, key); |
407 default: | 404 default: |
408 return Status::ErrorUnsupported(); | 405 return Status::ErrorUnsupported(); |
409 } | 406 } |
410 } | 407 } |
411 | 408 |
412 Status ExportKey(blink::WebCryptoKeyFormat format, | 409 Status ExportKey(blink::WebCryptoKeyFormat format, |
413 const blink::WebCryptoKey& key, | 410 const blink::WebCryptoKey& key, |
414 blink::WebArrayBuffer* buffer) { | 411 blink::WebArrayBuffer* buffer) { |
415 if (!key.extractable()) | 412 if (!key.extractable()) |
416 return Status::ErrorKeyNotExtractable(); | 413 return Status::ErrorKeyNotExtractable(); |
(...skipping 103 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
520 platform_wrapping_key, platform_key, buffer); | 517 platform_wrapping_key, platform_key, buffer); |
521 default: | 518 default: |
522 return Status::ErrorUnsupported(); | 519 return Status::ErrorUnsupported(); |
523 } | 520 } |
524 } | 521 } |
525 | 522 |
526 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 523 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
527 const CryptoData& wrapped_key_data, | 524 const CryptoData& wrapped_key_data, |
528 const blink::WebCryptoKey& wrapping_key, | 525 const blink::WebCryptoKey& wrapping_key, |
529 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 526 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
530 const blink::WebCryptoAlgorithm& algorithm_or_null, | 527 const blink::WebCryptoAlgorithm& algorithm, |
531 bool extractable, | 528 bool extractable, |
532 blink::WebCryptoKeyUsageMask usage_mask, | 529 blink::WebCryptoKeyUsageMask usage_mask, |
533 blink::WebCryptoKey* key) { | 530 blink::WebCryptoKey* key) { |
534 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 531 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
535 return Status::ErrorUnexpected(); | 532 return Status::ErrorUnexpected(); |
536 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 533 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
537 return Status::ErrorUnexpected(); | 534 return Status::ErrorUnexpected(); |
538 | 535 |
539 // TODO(padolph): Handle formats other than raw | 536 // TODO(padolph): Handle formats other than raw |
540 if (format != blink::WebCryptoKeyFormatRaw) | 537 if (format != blink::WebCryptoKeyFormatRaw) |
541 return Status::ErrorUnsupported(); | 538 return Status::ErrorUnsupported(); |
542 | 539 |
543 // Must provide an algorithm when unwrapping a raw key | |
544 if (format == blink::WebCryptoKeyFormatRaw && algorithm_or_null.isNull()) | |
545 return Status::ErrorMissingAlgorithmUnwrapRawKey(); | |
546 | |
547 platform::SymKey* platform_wrapping_key; | 540 platform::SymKey* platform_wrapping_key; |
548 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | 541 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
549 if (status.IsError()) | 542 if (status.IsError()) |
550 return status; | 543 return status; |
551 | 544 |
552 // TODO(padolph): Handle other wrapping algorithms | 545 // TODO(padolph): Handle other wrapping algorithms |
553 switch (wrapping_algorithm.id()) { | 546 switch (wrapping_algorithm.id()) { |
554 case blink::WebCryptoAlgorithmIdAesKw: { | 547 case blink::WebCryptoAlgorithmIdAesKw: { |
555 // AES-KW requires the wrapped key data size must be at least 24 bytes and | 548 // AES-KW requires the wrapped key data size must be at least 24 bytes and |
556 // also a multiple of 8 bytes. | 549 // also a multiple of 8 bytes. |
557 if (wrapped_key_data.byte_length() < 24) | 550 if (wrapped_key_data.byte_length() < 24) |
558 return Status::ErrorDataTooSmall(); | 551 return Status::ErrorDataTooSmall(); |
559 if (wrapped_key_data.byte_length() % 8) | 552 if (wrapped_key_data.byte_length() % 8) |
560 return Status::ErrorInvalidAesKwDataLength(); | 553 return Status::ErrorInvalidAesKwDataLength(); |
561 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 554 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
562 platform_wrapping_key, | 555 platform_wrapping_key, |
563 algorithm_or_null, | 556 algorithm, |
564 extractable, | 557 extractable, |
565 usage_mask, | 558 usage_mask, |
566 key); | 559 key); |
567 } | 560 } |
568 default: | 561 default: |
569 return Status::ErrorUnsupported(); | 562 return Status::ErrorUnsupported(); |
570 } | 563 } |
571 } | 564 } |
572 | 565 |
573 } // namespace webcrypto | 566 } // namespace webcrypto |
574 | 567 |
575 } // namespace content | 568 } // namespace content |
OLD | NEW |