Chromium Code Reviews Chromium Code Reviews
Issue 20843008:
WebCrypto: Check that the key can be used for given operation. (Closed)
Base URL: svn://svn.chromium.org/blink/trunk| OLD | NEW |
|---|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 33 | 33 |
| 34 #include "bindings/v8/ExceptionState.h" | 34 #include "bindings/v8/ExceptionState.h" |
| 35 #include "core/dom/ExceptionCode.h" | 35 #include "core/dom/ExceptionCode.h" |
| 36 #include "core/platform/NotImplemented.h" | 36 #include "core/platform/NotImplemented.h" |
| 37 #include "modules/crypto/CryptoOperation.h" | 37 #include "modules/crypto/CryptoOperation.h" |
| 38 #include "modules/crypto/Key.h" | 38 #include "modules/crypto/Key.h" |
| 39 #include "modules/crypto/KeyOperation.h" | 39 #include "modules/crypto/KeyOperation.h" |
| 40 #include "modules/crypto/NormalizeAlgorithm.h" | 40 #include "modules/crypto/NormalizeAlgorithm.h" |
| 41 #include "public/platform/Platform.h" | 41 #include "public/platform/Platform.h" |
| 42 #include "public/platform/WebCrypto.h" | 42 #include "public/platform/WebCrypto.h" |
| 43 #include "public/platform/WebCryptoAlgorithmParams.h" | |
| 43 #include "wtf/ArrayBufferView.h" | 44 #include "wtf/ArrayBufferView.h" |
| 44 | 45 |
| 45 namespace WebCore { | 46 namespace WebCore { |
| 46 | 47 |
| 47 // FIXME: Outstanding KeyOperations and CryptoOperations should be aborted when | 48 // FIXME: Outstanding KeyOperations and CryptoOperations should be aborted when |
| 48 // tearing down SubtleCrypto (to avoid problems completing a | 49 // tearing down SubtleCrypto (to avoid problems completing a |
| 49 // ScriptPromiseResolver which is no longer valid). | 50 // ScriptPromiseResolver which is no longer valid). |
| 50 | 51 |
| 51 namespace { | 52 namespace { |
| 52 | 53 |
| 53 bool keyCanBeUsedForAlgorithm(const WebKit::WebCryptoKey& key, const WebKit::Web CryptoAlgorithm& algorithm, ExceptionState& es) | 54 WebKit::WebCryptoKeyUsageMask toKeyUsage(AlgorithmOperation operation) |
| 54 { | 55 { |
| 55 // FIXME: Need to enforce that the key's algorithm matches the operation, | 56 switch (operation) { |
| 56 // and that the key's usages allow it to be used with this operation. | 57 case Encrypt: |
| 57 notImplemented(); | 58 return WebKit::WebCryptoKeyUsageEncrypt; |
| 58 return true; | 59 case Decrypt: |
| 60 return WebKit::WebCryptoKeyUsageDecrypt; | |
| 61 case Sign: | |
| 62 return WebKit::WebCryptoKeyUsageSign; | |
| 63 case Verify: | |
| 64 return WebKit::WebCryptoKeyUsageVerify; | |
| 65 case DeriveKey: | |
| 66 return WebKit::WebCryptoKeyUsageDeriveKey; | |
| 67 case WrapKey: | |
| 68 return WebKit::WebCryptoKeyUsageWrapKey; | |
| 69 case UnwrapKey: | |
| 70 return WebKit::WebCryptoKeyUsageUnwrapKey; | |
| 71 case Digest: | |
| 72 case GenerateKey: | |
| 73 case ImportKey: | |
| 74 case NumberOfAlgorithmOperations: | |
| 75 break; | |
| 76 } | |
| 77 | |
| 78 ASSERT_NOT_REACHED(); | |
| 79 return 0; | |
| 80 } | |
| 81 | |
| 82 bool keyCanBeUsedForAlgorithm(const WebKit::WebCryptoKey& key, const WebKit::Web CryptoAlgorithm& algorithm, AlgorithmOperation op) | |
| 83 { | |
| 84 if ((key.usages() & toKeyUsage(op)) == 0) | |
|
abarth-chromium
2013/08/01 02:01:22
(key.usages() & toKeyUsage(op)) == 0 -> !(k
eroman
2013/08/01 02:57:43
Done.
| |
| 85 return false; | |
| 86 | |
| 87 if (key.algorithm().id() != algorithm.id()) | |
| 88 return false; | |
| 89 | |
| 90 if (key.algorithm().paramsType() == WebKit::WebCryptoAlgorithmParamsTypeNone ) | |
| 91 return true; | |
| 92 | |
| 93 // Verify that the algorithm-specific parameters for the key conform to the | |
| 94 // algorithm. | |
| 95 | |
| 96 if (key.algorithm().paramsType() == WebKit::WebCryptoAlgorithmParamsTypeHmac Params) { | |
| 97 return key.algorithm().hmacParams()->hash().id() == algorithm.hmacParams ()->hash().id(); | |
| 98 } | |
| 99 | |
| 100 ASSERT_NOT_REACHED(); | |
| 101 return false; | |
| 59 } | 102 } |
| 60 | 103 |
| 61 PassRefPtr<CryptoOperation> createCryptoOperation(const Dictionary& rawAlgorithm , Key* key, AlgorithmOperation operationType, ExceptionState& es) | 104 PassRefPtr<CryptoOperation> createCryptoOperation(const Dictionary& rawAlgorithm , Key* key, AlgorithmOperation operationType, ExceptionState& es) |
| 62 { | 105 { |
| 63 WebKit::WebCrypto* platformCrypto = WebKit::Platform::current()->crypto(); | 106 WebKit::WebCrypto* platformCrypto = WebKit::Platform::current()->crypto(); |
| 64 if (!platformCrypto) { | 107 if (!platformCrypto) { |
| 65 es.throwDOMException(NotSupportedError); | 108 es.throwDOMException(NotSupportedError); |
| 66 return 0; | 109 return 0; |
| 67 } | 110 } |
| 68 | 111 |
| 69 WebKit::WebCryptoAlgorithm algorithm; | 112 WebKit::WebCryptoAlgorithm algorithm; |
| 70 if (!normalizeAlgorithm(rawAlgorithm, operationType, algorithm, es)) | 113 if (!normalizeAlgorithm(rawAlgorithm, operationType, algorithm, es)) |
| 71 return 0; | 114 return 0; |
| 72 | 115 |
| 73 // All operations other than Digest require a valid Key. | 116 // All operations other than Digest require a valid Key. |
| 74 if (operationType != Digest) { | 117 if (operationType != Digest) { |
| 75 if (!key) { | 118 if (!key) { |
| 76 es.throwDOMException(TypeError); | 119 es.throwDOMException(TypeError); |
| 77 return 0; | 120 return 0; |
| 78 } | 121 } |
| 79 | 122 |
| 80 if (!keyCanBeUsedForAlgorithm(key->key(), algorithm, es)) { | 123 if (!keyCanBeUsedForAlgorithm(key->key(), algorithm, operationType)) { |
| 124 es.throwDOMException(NotSupportedError); | |
| 81 return 0; | 125 return 0; |
| 82 } | 126 } |
| 83 } | 127 } |
| 84 | 128 |
| 85 RefPtr<CryptoOperationImpl> opImpl = CryptoOperationImpl::create(); | 129 RefPtr<CryptoOperationImpl> opImpl = CryptoOperationImpl::create(); |
| 86 WebKit::WebCryptoOperationResult result(opImpl.get()); | 130 WebKit::WebCryptoOperationResult result(opImpl.get()); |
| 87 | 131 |
| 88 switch (operationType) { | 132 switch (operationType) { |
| 89 case Encrypt: | 133 case Encrypt: |
| 90 platformCrypto->encrypt(algorithm, key->key(), result); | 134 platformCrypto->encrypt(algorithm, key->key(), result); |
| (...skipping 81 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 172 | 216 |
| 173 const unsigned char* keyDataBytes = static_cast<unsigned char*>(keyData->bas eAddress()); | 217 const unsigned char* keyDataBytes = static_cast<unsigned char*>(keyData->bas eAddress()); |
| 174 | 218 |
| 175 RefPtr<KeyOperation> keyOp = KeyOperation::create(); | 219 RefPtr<KeyOperation> keyOp = KeyOperation::create(); |
| 176 WebKit::WebCryptoKeyOperationResult result(keyOp.get()); | 220 WebKit::WebCryptoKeyOperationResult result(keyOp.get()); |
| 177 platformCrypto->importKey(format, keyDataBytes, keyData->byteLength(), algor ithm, extractable, keyUsages, result); | 221 platformCrypto->importKey(format, keyDataBytes, keyData->byteLength(), algor ithm, extractable, keyUsages, result); |
| 178 return keyOp->returnValue(es); | 222 return keyOp->returnValue(es); |
| 179 } | 223 } |
| 180 | 224 |
| 181 } // namespace WebCore | 225 } // namespace WebCore |
| OLD | NEW |
