[webcrypto] Add JWK RSA public key export for NSS.

content/child/webcrypto/jwk.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <algorithm>
 #include <functional>
 #include <map>
 #include "base/json/json_reader.h"
 #include "base/json/json_writer.h"
 #include "base/lazy_instance.h"
@@ skipping 74 matching lines @@
                                           blink::WebCryptoAlgorithmIdSha1>);
     alg_to_info_["HS256"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha256>);
     alg_to_info_["HS384"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha384>);
     alg_to_info_["HS512"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateHmacImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha512>);
+    alg_to_info_["RS1"] =
+        JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm,
+                                          blink::WebCryptoAlgorithmIdSha1>);
     alg_to_info_["RS256"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha256>);
     alg_to_info_["RS384"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha384>);
     alg_to_info_["RS512"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha512>);
     alg_to_info_["RSA1_5"] = JwkAlgorithmInfo(
@@ skipping 183 matching lines @@
   // base64url encoding of the raw key.
   DCHECK(!raw_key.isNull());
   DCHECK(raw_key.data());
   DCHECK(raw_key.byteLength());
   unsigned int key_length_bytes = raw_key.byteLength();
   const base::StringPiece key_str(static_cast<const char*>(raw_key.data()),
                                   key_length_bytes);
   jwk_dict->SetString("k", Base64EncodeUrlSafe(key_str));
 }
 
+// Writes an RSA public key to a JWK dictionary
+void WriteRsaPublicKey(const blink::WebArrayBuffer& modulus,
+                       const blink::WebArrayBuffer& public_exponent,
+                       base::DictionaryValue* jwk_dict) {
+  DCHECK(jwk_dict);
+  jwk_dict->SetString("kty", "RSA");
+
+  DCHECK(!modulus.isNull());
+  DCHECK(modulus.data());
+  DCHECK(modulus.byteLength());
+  const unsigned int modulus_length_bytes = modulus.byteLength();
+  const base::StringPiece modulus_str(static_cast<const char*>(modulus.data()),

[eroman, 2014/03/21 02:30:51]

There are now 3 places in the code which do this in the file. I suggest either
adding a helper:

base::StringPiece ToStringPiece(const blink::WebArrayBuffer&);

Or adding an overload for Base64EncodeUrlSafe

[padolph, 2014/03/24 04:28:28]

Done.

+                                      modulus_length_bytes);
+  jwk_dict->SetString("n", Base64EncodeUrlSafe(modulus_str));
+
+  DCHECK(!public_exponent.isNull());

[eroman, 2014/03/21 02:30:51]

my preference is to put all input dchecks at the top of the function

[padolph, 2014/03/24 04:28:28]

Done.

+  DCHECK(public_exponent.data());
+  DCHECK(public_exponent.byteLength());
+  const unsigned int public_exponent_length_bytes =
+      public_exponent.byteLength();
+  const base::StringPiece public_exponent_str(
+      static_cast<const char*>(public_exponent.data()),
+      public_exponent_length_bytes);
+  jwk_dict->SetString("e", Base64EncodeUrlSafe(public_exponent_str));
+}
+
 // Writes a Web Crypto usage mask to a JWK dictionary.
 void WriteKeyOps(blink::WebCryptoKeyUsageMask key_usages,
                  base::DictionaryValue* jwk_dict) {
   jwk_dict->Set("key_ops", CreateJwkKeyOpsFromWebCryptoUsages(key_usages));
 }
 
 // Writes a Web Crypto extractable value to a JWK dictionary.
 void WriteExt(bool extractable, base::DictionaryValue* jwk_dict) {
   jwk_dict->SetBoolean("ext", extractable);
 }
@@ skipping 55 matching lines @@
         case blink::WebCryptoAlgorithmIdSha512:
           jwk_dict->SetString("alg", "HS512");
           break;
         default:
           NOTREACHED();
           return Status::ErrorUnexpected();
       }
       break;
     }
     case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
+      switch (algorithm.id()) {
+        case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+          jwk_dict->SetString("alg", "RSA1_5");
+          break;
+        case blink::WebCryptoAlgorithmIdRsaOaep:

[eroman, 2014/03/21 02:30:51]

I don't believe this is correct.

In WebCrypto RSA-OAEP must be imported with a hash, so its algorithm params type
will be TypeRsaHashed and not TypeRsa.

[padolph, 2014/03/24 04:28:28]

Done.

+          jwk_dict->SetString("alg", "RSA-OAEP");
+          break;
+        default:
+          NOTREACHED();
+          return Status::ErrorUnexpected();
+      }
+      break;
     case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
-      // TODO(padolph): Handle RSA key
-      return Status::ErrorUnsupported();
+      switch (algorithm.rsaHashedParams()->hash().id()) {
+        case blink::WebCryptoAlgorithmIdSha1:
+          jwk_dict->SetString("alg", "RS1");
+          break;
+        case blink::WebCryptoAlgorithmIdSha256:
+          jwk_dict->SetString("alg", "RS256");
+          break;
+        case blink::WebCryptoAlgorithmIdSha384:
+          jwk_dict->SetString("alg", "RS384");
+          break;
+        case blink::WebCryptoAlgorithmIdSha512:
+          jwk_dict->SetString("alg", "RS512");
+          break;
+        default:
+          NOTREACHED();
+          return Status::ErrorUnexpected();
+      }
+      break;
     default:
       return Status::ErrorUnsupported();
   }
   return Status::Success();
 }
 
+bool IsRsaPublicKey(const blink::WebCryptoKey& key) {
+  if (key.type() != blink::WebCryptoKeyTypePublic)
+    return false;
+  const blink::WebCryptoAlgorithmId algorithm_id = key.algorithm().id();
+  return algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
+         algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
+         algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep;
+}
+
+// TODO(padolph): This function is duplicated in shared_crypto.cc
+Status ToPlatformPublicKey(const blink::WebCryptoKey& key,
+                           platform::PublicKey** out) {
+  *out = static_cast<platform::Key*>(key.handle())->AsPublicKey();
+  if (!*out)
+    return Status::ErrorUnexpectedKeyType();
+  return Status::Success();
+}
+
 }  // namespace
 
 Status ImportKeyJwk(const CryptoData& key_data,
                     const blink::WebCryptoAlgorithm& algorithm,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usage_mask,
                     blink::WebCryptoKey* key) {
   // TODO(padolph): Generalize this comment to include export, and move to top
   // of file.
 
@@ skipping 79 matching lines @@
   //
   // - alg (Algorithm)
   //   See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18
   //   +--------------+-------------------------------------------------------+
   //   | Digital Signature or MAC Algorithm                                   |
   //   +--------------+-------------------------------------------------------+
   //   | "HS1"        | HMAC using SHA-1 hash algorithm                       |
   //   | "HS256"      | HMAC using SHA-256 hash algorithm                     |
   //   | "HS384"      | HMAC using SHA-384 hash algorithm                     |
   //   | "HS512"      | HMAC using SHA-512 hash algorithm                     |
+  //   | "RS1"        | RSASSA using SHA-1 hash algorithm
   //   | "RS256"      | RSASSA using SHA-256 hash algorithm                   |
   //   | "RS384"      | RSASSA using SHA-384 hash algorithm                   |
   //   | "RS512"      | RSASSA using SHA-512 hash algorithm                   |
   //   +--------------+-------------------------------------------------------|
   //   | Key Management Algorithm                                             |
   //   +--------------+-------------------------------------------------------+
   //   | "RSA1_5"     | RSAES-PKCS1-V1_5 [RFC3447]                            |
   //   | "RSA-OAEP"   | RSAES using Optimal Asymmetric Encryption Padding     |
   //   |              | (OAEP) [RFC3447], with the default parameters         |
   //   |              | specified by RFC3447 in Section A.2.1                 |
@@ skipping 216 matching lines @@
                                         CryptoData(jwk_e_value),
                                         key);
 
   }
 
   return Status::ErrorJwkUnrecognizedKty();
 }
 
 Status ExportKeyJwk(const blink::WebCryptoKey& key,
                     blink::WebArrayBuffer* buffer) {
+  DCHECK(key.extractable());
   base::DictionaryValue jwk_dict;
   Status status = Status::Error();
-  blink::WebArrayBuffer exported_key;
 
-  if (key.type() == blink::WebCryptoKeyTypeSecret) {
-    status = ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key);
-    if (status.IsError())
-      return status;
-    WriteSecretKey(exported_key, &jwk_dict);
-  } else {
-    // TODO(padolph): Handle asymmetric keys, at least the public key.
-    return Status::ErrorUnsupported();
+  unsigned int key_length_bytes = 0;
+  switch (key.type()) {
+    case blink::WebCryptoKeyTypeSecret: {
+      blink::WebArrayBuffer exported_key;
+      status = ExportKey(blink::WebCryptoKeyFormatRaw, key, &exported_key);
+      if (status.IsError())
+        return status;
+      key_length_bytes = exported_key.byteLength();
+      WriteSecretKey(exported_key, &jwk_dict);
+      break;
+    }
+    case blink::WebCryptoKeyTypePublic: {
+      // Currently only RSA public key export is supported.
+      if (!IsRsaPublicKey(key))
+        return Status::ErrorUnsupported();
+      platform::PublicKey* public_key;
+      status = ToPlatformPublicKey(key, &public_key);
+      if (status.IsError())
+        return status;
+      blink::WebArrayBuffer modulus, public_exponent;
+      status =
+          platform::ExportRsaPublicKey(public_key, &modulus, &public_exponent);
+      if (status.IsError())
+        return status;
+      WriteRsaPublicKey(modulus, public_exponent, &jwk_dict);
+      break;
+    }
+    case blink::WebCryptoKeyTypePrivate:  // TODO(padolph)
+    default:
+      return Status::ErrorUnsupported();
   }
 
   WriteKeyOps(key.usages(), &jwk_dict);
   WriteExt(key.extractable(), &jwk_dict);
-  status = WriteAlg(key.algorithm(), exported_key.byteLength(), &jwk_dict);
+  status = WriteAlg(key.algorithm(), key_length_bytes, &jwk_dict);
   if (status.IsError())
     return status;
 
   std::string json;
   base::JSONWriter::Write(&jwk_dict, &json);
   *buffer = CreateArrayBuffer(reinterpret_cast<const uint8*>(json.data()),
                               json.size());
   return Status::Success();
 }
 
 }  // namespace webcrypto
 
 }  // namespace content