| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/webcrypto/algorithms/rsa.h" | 5 #include "components/webcrypto/algorithms/rsa.h" |
| 6 | 6 |
| 7 #include <openssl/evp.h> | 7 #include <openssl/evp.h> |
| 8 #include <utility> | 8 #include <utility> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 318 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 329 status = CreateWebCryptoRsaPrivateKey(std::move(private_pkey), algorithm.id(), | 329 status = CreateWebCryptoRsaPrivateKey(std::move(private_pkey), algorithm.id(), |
| 330 params->hash(), extractable, | 330 params->hash(), extractable, |
| 331 private_usages, &private_key); | 331 private_usages, &private_key); |
| 332 if (status.IsError()) | 332 if (status.IsError()) |
| 333 return status; | 333 return status; |
| 334 | 334 |
| 335 result->AssignKeyPair(public_key, private_key); | 335 result->AssignKeyPair(public_key, private_key); |
| 336 return Status::Success(); | 336 return Status::Success(); |
| 337 } | 337 } |
| 338 | 338 |
| 339 Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey( | 339 Status RsaHashedAlgorithm::ImportKey(blink::WebCryptoKeyFormat format, |
| 340 blink::WebCryptoKeyFormat format, | 340 const CryptoData& key_data, |
| 341 blink::WebCryptoKeyUsageMask usages) const { | 341 const blink::WebCryptoAlgorithm& algorithm, |
| 342 return VerifyUsagesBeforeImportAsymmetricKey(format, all_public_key_usages_, | 342 bool extractable, |
| 343 all_private_key_usages_, usages); | 343 blink::WebCryptoKeyUsageMask usages, |
| 344 blink::WebCryptoKey* key) const { |
| 345 switch (format) { |
| 346 case blink::WebCryptoKeyFormatPkcs8: |
| 347 return ImportKeyPkcs8(key_data, algorithm, extractable, usages, key); |
| 348 case blink::WebCryptoKeyFormatSpki: |
| 349 return ImportKeySpki(key_data, algorithm, extractable, usages, key); |
| 350 case blink::WebCryptoKeyFormatJwk: |
| 351 return ImportKeyJwk(key_data, algorithm, extractable, usages, key); |
| 352 default: |
| 353 return Status::ErrorUnsupportedImportKeyFormat(); |
| 354 } |
| 355 } |
| 356 |
| 357 Status RsaHashedAlgorithm::ExportKey(blink::WebCryptoKeyFormat format, |
| 358 const blink::WebCryptoKey& key, |
| 359 std::vector<uint8_t>* buffer) const { |
| 360 switch (format) { |
| 361 case blink::WebCryptoKeyFormatPkcs8: |
| 362 return ExportKeyPkcs8(key, buffer); |
| 363 case blink::WebCryptoKeyFormatSpki: |
| 364 return ExportKeySpki(key, buffer); |
| 365 case blink::WebCryptoKeyFormatJwk: |
| 366 return ExportKeyJwk(key, buffer); |
| 367 default: |
| 368 return Status::ErrorUnsupportedExportKeyFormat(); |
| 369 } |
| 344 } | 370 } |
| 345 | 371 |
| 346 Status RsaHashedAlgorithm::ImportKeyPkcs8( | 372 Status RsaHashedAlgorithm::ImportKeyPkcs8( |
| 347 const CryptoData& key_data, | 373 const CryptoData& key_data, |
| 348 const blink::WebCryptoAlgorithm& algorithm, | 374 const blink::WebCryptoAlgorithm& algorithm, |
| 349 bool extractable, | 375 bool extractable, |
| 350 blink::WebCryptoKeyUsageMask usages, | 376 blink::WebCryptoKeyUsageMask usages, |
| 351 blink::WebCryptoKey* key) const { | 377 blink::WebCryptoKey* key) const { |
| 352 crypto::ScopedEVP_PKEY private_key; | 378 Status status = CheckKeyCreationUsages(all_private_key_usages_, usages); |
| 353 Status status = | |
| 354 ImportUnverifiedPkeyFromPkcs8(key_data, EVP_PKEY_RSA, &private_key); | |
| 355 if (status.IsError()) | 379 if (status.IsError()) |
| 356 return status; | 380 return status; |
| 357 | 381 |
| 382 crypto::ScopedEVP_PKEY private_key; |
| 383 status = ImportUnverifiedPkeyFromPkcs8(key_data, EVP_PKEY_RSA, &private_key); |
| 384 if (status.IsError()) |
| 385 return status; |
| 386 |
| 358 // Verify the parameters of the key. | 387 // Verify the parameters of the key. |
| 359 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(private_key.get())); | 388 crypto::ScopedRSA rsa(EVP_PKEY_get1_RSA(private_key.get())); |
| 360 if (!rsa.get()) | 389 if (!rsa.get()) |
| 361 return Status::ErrorUnexpected(); | 390 return Status::ErrorUnexpected(); |
| 362 if (!RSA_check_key(rsa.get())) | 391 if (!RSA_check_key(rsa.get())) |
| 363 return Status::DataError(); | 392 return Status::DataError(); |
| 364 | 393 |
| 365 // TODO(eroman): Validate the algorithm OID against the webcrypto provided | 394 // TODO(eroman): Validate the algorithm OID against the webcrypto provided |
| 366 // hash. http://crbug.com/389400 | 395 // hash. http://crbug.com/389400 |
| 367 | 396 |
| 368 return CreateWebCryptoRsaPrivateKey(std::move(private_key), algorithm.id(), | 397 return CreateWebCryptoRsaPrivateKey(std::move(private_key), algorithm.id(), |
| 369 algorithm.rsaHashedImportParams()->hash(), | 398 algorithm.rsaHashedImportParams()->hash(), |
| 370 extractable, usages, key); | 399 extractable, usages, key); |
| 371 } | 400 } |
| 372 | 401 |
| 373 Status RsaHashedAlgorithm::ImportKeySpki( | 402 Status RsaHashedAlgorithm::ImportKeySpki( |
| 374 const CryptoData& key_data, | 403 const CryptoData& key_data, |
| 375 const blink::WebCryptoAlgorithm& algorithm, | 404 const blink::WebCryptoAlgorithm& algorithm, |
| 376 bool extractable, | 405 bool extractable, |
| 377 blink::WebCryptoKeyUsageMask usages, | 406 blink::WebCryptoKeyUsageMask usages, |
| 378 blink::WebCryptoKey* key) const { | 407 blink::WebCryptoKey* key) const { |
| 379 crypto::ScopedEVP_PKEY public_key; | 408 Status status = CheckKeyCreationUsages(all_public_key_usages_, usages); |
| 380 Status status = | |
| 381 ImportUnverifiedPkeyFromSpki(key_data, EVP_PKEY_RSA, &public_key); | |
| 382 if (status.IsError()) | 409 if (status.IsError()) |
| 383 return status; | 410 return status; |
| 384 | 411 |
| 412 crypto::ScopedEVP_PKEY public_key; |
| 413 status = ImportUnverifiedPkeyFromSpki(key_data, EVP_PKEY_RSA, &public_key); |
| 414 if (status.IsError()) |
| 415 return status; |
| 416 |
| 385 // TODO(eroman): Validate the algorithm OID against the webcrypto provided | 417 // TODO(eroman): Validate the algorithm OID against the webcrypto provided |
| 386 // hash. http://crbug.com/389400 | 418 // hash. http://crbug.com/389400 |
| 387 | 419 |
| 388 return CreateWebCryptoRsaPublicKey(std::move(public_key), algorithm.id(), | 420 return CreateWebCryptoRsaPublicKey(std::move(public_key), algorithm.id(), |
| 389 algorithm.rsaHashedImportParams()->hash(), | 421 algorithm.rsaHashedImportParams()->hash(), |
| 390 extractable, usages, key); | 422 extractable, usages, key); |
| 391 } | 423 } |
| 392 | 424 |
| 393 Status RsaHashedAlgorithm::ImportKeyJwk( | 425 Status RsaHashedAlgorithm::ImportKeyJwk( |
| 394 const CryptoData& key_data, | 426 const CryptoData& key_data, |
| (...skipping 10 matching lines...) Expand all Loading... |
| 405 return Status::ErrorUnexpected(); | 437 return Status::ErrorUnexpected(); |
| 406 | 438 |
| 407 JwkRsaInfo jwk; | 439 JwkRsaInfo jwk; |
| 408 Status status = | 440 Status status = |
| 409 ReadRsaKeyJwk(key_data, jwk_algorithm, extractable, usages, &jwk); | 441 ReadRsaKeyJwk(key_data, jwk_algorithm, extractable, usages, &jwk); |
| 410 if (status.IsError()) | 442 if (status.IsError()) |
| 411 return status; | 443 return status; |
| 412 | 444 |
| 413 // Once the key type is known, verify the usages. | 445 // Once the key type is known, verify the usages. |
| 414 if (jwk.is_private_key) { | 446 if (jwk.is_private_key) { |
| 415 status = CheckPrivateKeyCreationUsages(all_private_key_usages_, usages); | 447 status = CheckKeyCreationUsages(all_private_key_usages_, usages); |
| 416 } else { | 448 } else { |
| 417 status = CheckPublicKeyCreationUsages(all_public_key_usages_, usages); | 449 status = CheckKeyCreationUsages(all_public_key_usages_, usages); |
| 418 } | 450 } |
| 419 | 451 |
| 420 if (status.IsError()) | 452 if (status.IsError()) |
| 421 return status; | 453 return status; |
| 422 | 454 |
| 423 return jwk.is_private_key | 455 return jwk.is_private_key |
| 424 ? ImportRsaPrivateKey(algorithm, extractable, usages, jwk, key) | 456 ? ImportRsaPrivateKey(algorithm, extractable, usages, jwk, key) |
| 425 : ImportRsaPublicKey(algorithm, extractable, usages, | 457 : ImportRsaPublicKey(algorithm, extractable, usages, |
| 426 CryptoData(jwk.n), CryptoData(jwk.e), key); | 458 CryptoData(jwk.n), CryptoData(jwk.e), key); |
| 427 } | 459 } |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 540 memcmp(algorithm.rsaHashedParams()->publicExponent().data(), | 572 memcmp(algorithm.rsaHashedParams()->publicExponent().data(), |
| 541 key->algorithm().rsaHashedParams()->publicExponent().data(), | 573 key->algorithm().rsaHashedParams()->publicExponent().data(), |
| 542 key->algorithm().rsaHashedParams()->publicExponent().size())) { | 574 key->algorithm().rsaHashedParams()->publicExponent().size())) { |
| 543 return Status::ErrorUnexpected(); | 575 return Status::ErrorUnexpected(); |
| 544 } | 576 } |
| 545 | 577 |
| 546 return Status::Success(); | 578 return Status::Success(); |
| 547 } | 579 } |
| 548 | 580 |
| 549 } // namespace webcrypto | 581 } // namespace webcrypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2163053002:
[webcrypto] Check for empty key usages *after* key creation rather than before, to match the spec's… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master