OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
10 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
11 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
12 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | |
13 #include "third_party/WebKit/public/platform/WebCrypto.h" | 12 #include "third_party/WebKit/public/platform/WebCrypto.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
15 | 14 |
15 namespace blink { | |
16 template <typename T> | |
17 class WebVector; | |
18 } | |
Ryan Sleevi
2014/04/18 00:51:26
Is it legal to template forward declare like this?
eroman
2014/04/18 18:45:56
I believe so. It is used heavily in Blink proper,
| |
19 | |
16 namespace content { | 20 namespace content { |
17 | 21 |
18 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; | 22 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; |
19 | 23 |
20 namespace webcrypto { | 24 namespace webcrypto { |
21 | 25 |
22 class CryptoData; | 26 class CryptoData; |
23 class Status; | 27 class Status; |
24 | 28 |
25 // Functions in the webcrypto::platform namespace are intended to be those | 29 // Functions in the webcrypto::platform namespace are intended to be those |
26 // which are OpenSSL/NSS specific. | 30 // which are OpenSSL/NSS specific. |
27 // | 31 // |
28 // The general purpose code which applies to both OpenSSL and NSS | 32 // The general purpose code which applies to both OpenSSL and NSS |
29 // implementations of webcrypto should live in the outter webcrypto namespace, | 33 // implementations of webcrypto should live in the outter webcrypto namespace, |
30 // and the crypto library specific bits in the "platform" namespace. | 34 // and the crypto library specific bits in the "platform" namespace. |
35 // | |
36 // ----------------- | |
37 // Threading: | |
38 // ----------------- | |
39 // | |
40 // Unless otherwise noted, functions in webcrypto::platform are called | |
41 // exclusively from a sequenced worker pool. | |
42 // | |
43 // This means that operations using a given key cannot occur in | |
44 // parallel and it is not necessary to guard against concurrent usage. | |
45 // | |
46 // The exceptions are: | |
47 // | |
48 // * Key::ThreadSafeSerializeForClone(), which is called from the | |
49 // target blink thread during structured clone. | |
Ryan Sleevi
2014/04/18 00:51:26
s/blink/Blink
eroman
2014/04/18 18:45:56
Done. I did a search through all the files and upd
| |
50 // | |
51 // * ImportKeyRaw(), ImportKeySpki(), ImportKeyPkcs8(), which can be | |
52 // called from the target blink thread during structured clone | |
Ryan Sleevi
2014/04/18 00:51:26
s/blink/Blink/
| |
53 // deserialization, as well as from the webcrypto worker pool. | |
54 // | |
55 // TODO(eroman): Change it so import happens in worker pool too. | |
31 namespace platform { | 56 namespace platform { |
32 | 57 |
33 class SymKey; | 58 class SymKey; |
34 class PublicKey; | 59 class PublicKey; |
35 class PrivateKey; | 60 class PrivateKey; |
36 | 61 |
37 // Base key class for all platform keys, used to safely cast between types. | 62 // Base key class for all platform keys, used to safely cast between types. |
38 class Key : public blink::WebCryptoKeyHandle { | 63 class Key : public blink::WebCryptoKeyHandle { |
39 public: | 64 public: |
40 virtual SymKey* AsSymKey() = 0; | 65 virtual SymKey* AsSymKey() = 0; |
41 virtual PublicKey* AsPublicKey() = 0; | 66 virtual PublicKey* AsPublicKey() = 0; |
42 virtual PrivateKey* AsPrivateKey() = 0; | 67 virtual PrivateKey* AsPrivateKey() = 0; |
68 | |
69 virtual bool ThreadSafeSerializeForClone( | |
70 blink::WebVector<uint8>* key_data) = 0; | |
43 }; | 71 }; |
44 | 72 |
45 // Do any one-time initialization. Note that this can be called MULTIPLE times | 73 // Do any one-time initialization. Note that this can be called MULTIPLE times |
46 // (once per instantiation of WebCryptoImpl). | 74 // (once per instantiation of WebCryptoImpl). |
47 void Init(); | 75 void Init(); |
48 | 76 |
49 // Preconditions: | 77 // Preconditions: |
50 // * |key| is a non-null AES-CBC key. | 78 // * |key| is a non-null AES-CBC key. |
51 // * |iv| is exactly 16 bytes long | 79 // * |iv| is exactly 16 bytes long |
52 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, | 80 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
53 SymKey* key, | 81 SymKey* key, |
54 const CryptoData& data, | 82 const CryptoData& data, |
55 const CryptoData& iv, | 83 const CryptoData& iv, |
56 blink::WebArrayBuffer* buffer); | 84 std::vector<uint8>* buffer); |
57 | 85 |
58 // Preconditions: | 86 // Preconditions: |
59 // * |key| is a non-null AES-GCM key. | 87 // * |key| is a non-null AES-GCM key. |
60 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} | 88 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} |
61 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, | 89 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
62 SymKey* key, | 90 SymKey* key, |
63 const CryptoData& data, | 91 const CryptoData& data, |
64 const CryptoData& iv, | 92 const CryptoData& iv, |
65 const CryptoData& additional_data, | 93 const CryptoData& additional_data, |
66 unsigned int tag_length_bits, | 94 unsigned int tag_length_bits, |
67 blink::WebArrayBuffer* buffer); | 95 std::vector<uint8>* buffer); |
68 | 96 |
69 // Preconditions: | 97 // Preconditions: |
70 // * |key| is non-null. | 98 // * |key| is non-null. |
71 // * |data| is not empty. | 99 // * |data| is not empty. |
72 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, | 100 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
73 const CryptoData& data, | 101 const CryptoData& data, |
74 blink::WebArrayBuffer* buffer); | 102 std::vector<uint8>* buffer); |
75 | 103 |
76 // Preconditions: | 104 // Preconditions: |
77 // * |key| is non-null. | 105 // * |key| is non-null. |
78 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, | 106 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
79 const CryptoData& data, | 107 const CryptoData& data, |
80 blink::WebArrayBuffer* buffer); | 108 std::vector<uint8>* buffer); |
81 | 109 |
82 // Preconditions: | 110 // Preconditions: |
83 // * |key| is a non-null HMAC key. | 111 // * |key| is a non-null HMAC key. |
84 // * |hash| is a digest algorithm. | 112 // * |hash| is a digest algorithm. |
85 Status SignHmac(SymKey* key, | 113 Status SignHmac(SymKey* key, |
86 const blink::WebCryptoAlgorithm& hash, | 114 const blink::WebCryptoAlgorithm& hash, |
87 const CryptoData& data, | 115 const CryptoData& data, |
88 blink::WebArrayBuffer* buffer); | 116 std::vector<uint8>* buffer); |
89 | 117 |
90 // Preconditions: | 118 // Preconditions: |
91 // * |algorithm| is a SHA function. | 119 // * |algorithm| is a SHA function. |
92 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, | 120 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
93 const CryptoData& data, | 121 const CryptoData& data, |
94 blink::WebArrayBuffer* buffer); | 122 std::vector<uint8>* buffer); |
95 | 123 |
96 // Preconditions: | 124 // Preconditions: |
97 // * |algorithm| is a SHA function. | 125 // * |algorithm| is a SHA function. |
98 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( | 126 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
99 blink::WebCryptoAlgorithmId algorithm); | 127 blink::WebCryptoAlgorithmId algorithm); |
100 | 128 |
101 // Preconditions: | 129 // Preconditions: |
102 // * |key| is non-null. | 130 // * |key| is non-null. |
103 // * |hash| is a digest algorithm. | 131 // * |hash| is a digest algorithm. |
104 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, | 132 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
105 const blink::WebCryptoAlgorithm& hash, | 133 const blink::WebCryptoAlgorithm& hash, |
106 const CryptoData& data, | 134 const CryptoData& data, |
107 blink::WebArrayBuffer* buffer); | 135 std::vector<uint8>* buffer); |
108 | 136 |
109 // Preconditions: | 137 // Preconditions: |
110 // * |key| is non-null. | 138 // * |key| is non-null. |
111 // * |hash| is a digest algorithm. | 139 // * |hash| is a digest algorithm. |
112 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, | 140 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, |
113 const blink::WebCryptoAlgorithm& hash, | 141 const blink::WebCryptoAlgorithm& hash, |
114 const CryptoData& signature, | 142 const CryptoData& signature, |
115 const CryptoData& data, | 143 const CryptoData& data, |
116 bool* signature_match); | 144 bool* signature_match); |
117 | 145 |
(...skipping 23 matching lines...) Expand all Loading... | |
141 unsigned int modulus_length_bits, | 169 unsigned int modulus_length_bits, |
142 const CryptoData& public_exponent, | 170 const CryptoData& public_exponent, |
143 const blink::WebCryptoAlgorithm& hash, | 171 const blink::WebCryptoAlgorithm& hash, |
144 blink::WebCryptoKey* public_key, | 172 blink::WebCryptoKey* public_key, |
145 blink::WebCryptoKey* private_key); | 173 blink::WebCryptoKey* private_key); |
146 | 174 |
147 // Preconditions: | 175 // Preconditions: |
148 // * |key| is non-null. | 176 // * |key| is non-null. |
149 // * |algorithm.id()| is for a symmetric key algorithm. | 177 // * |algorithm.id()| is for a symmetric key algorithm. |
150 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. | 178 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
179 // Note that this may be called from target Blink thread. | |
151 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 180 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
152 const CryptoData& key_data, | 181 const CryptoData& key_data, |
153 bool extractable, | 182 bool extractable, |
154 blink::WebCryptoKeyUsageMask usage_mask, | 183 blink::WebCryptoKeyUsageMask usage_mask, |
155 blink::WebCryptoKey* key); | 184 blink::WebCryptoKey* key); |
156 | 185 |
157 // Preconditions: | 186 // Preconditions: |
158 // * algorithm.id() is for an RSA algorithm. | 187 // * algorithm.id() is for an RSA algorithm. |
159 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 188 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
160 bool extractable, | 189 bool extractable, |
161 blink::WebCryptoKeyUsageMask usage_mask, | 190 blink::WebCryptoKeyUsageMask usage_mask, |
162 const CryptoData& modulus_data, | 191 const CryptoData& modulus_data, |
163 const CryptoData& exponent_data, | 192 const CryptoData& exponent_data, |
164 blink::WebCryptoKey* key); | 193 blink::WebCryptoKey* key); |
165 | 194 |
195 // Note that this may be called from target Blink thread. | |
166 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, | 196 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
167 const CryptoData& key_data, | 197 const CryptoData& key_data, |
168 bool extractable, | 198 bool extractable, |
169 blink::WebCryptoKeyUsageMask usage_mask, | 199 blink::WebCryptoKeyUsageMask usage_mask, |
170 blink::WebCryptoKey* key); | 200 blink::WebCryptoKey* key); |
171 | 201 |
202 // Note that this may be called from target Blink thread. | |
172 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, | 203 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
173 const CryptoData& key_data, | 204 const CryptoData& key_data, |
174 bool extractable, | 205 bool extractable, |
175 blink::WebCryptoKeyUsageMask usage_mask, | 206 blink::WebCryptoKeyUsageMask usage_mask, |
176 blink::WebCryptoKey* key); | 207 blink::WebCryptoKey* key); |
177 | 208 |
178 // Preconditions: | 209 // Preconditions: |
179 // * |key| is non-null. | 210 // * |key| is non-null. |
180 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer); | 211 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); |
181 | 212 |
182 // Preconditions: | 213 // Preconditions: |
183 // * |key| is non-null. | 214 // * |key| is non-null. |
184 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer); | 215 Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer); |
185 | 216 |
186 // Preconditions: | 217 // Preconditions: |
187 // * |key| is non-null. | 218 // * |key| is non-null. |
188 Status ExportRsaPublicKey(PublicKey* key, | 219 Status ExportRsaPublicKey(PublicKey* key, |
189 std::vector<uint8>* modulus, | 220 std::vector<uint8>* modulus, |
190 std::vector<uint8>* public_exponent); | 221 std::vector<uint8>* public_exponent); |
191 | 222 |
192 // Preconditions: | 223 // Preconditions: |
193 // * |key| is non-null. | 224 // * |key| is non-null. |
194 Status ExportKeyPkcs8(PrivateKey* key, | 225 Status ExportKeyPkcs8(PrivateKey* key, |
195 const blink::WebCryptoKeyAlgorithm& key_algorithm, | 226 const blink::WebCryptoKeyAlgorithm& key_algorithm, |
196 blink::WebArrayBuffer* buffer); | 227 std::vector<uint8>* buffer); |
197 | 228 |
198 // Preconditions: | 229 // Preconditions: |
199 // * |wrapping_key| is non-null | 230 // * |wrapping_key| is non-null |
200 // * |key| is non-null | 231 // * |key| is non-null |
201 Status WrapSymKeyAesKw(SymKey* wrapping_key, | 232 Status WrapSymKeyAesKw(SymKey* wrapping_key, |
202 SymKey* key, | 233 SymKey* key, |
203 blink::WebArrayBuffer* buffer); | 234 std::vector<uint8>* buffer); |
204 | 235 |
205 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in | 236 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in |
206 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used | 237 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used |
207 // when the input |wrapped_key_data| is known to result in symmetric raw key | 238 // when the input |wrapped_key_data| is known to result in symmetric raw key |
208 // data after AES-KW decryption. | 239 // data after AES-KW decryption. |
209 // Preconditions: | 240 // Preconditions: |
210 // * |wrapping_key| is non-null | 241 // * |wrapping_key| is non-null |
211 // * |key| is non-null | 242 // * |key| is non-null |
212 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes | 243 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes |
213 // * |algorithm.id()| is for a symmetric key algorithm. | 244 // * |algorithm.id()| is for a symmetric key algorithm. |
214 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | 245 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
215 SymKey* wrapping_key, | 246 SymKey* wrapping_key, |
216 const blink::WebCryptoAlgorithm& algorithm, | 247 const blink::WebCryptoAlgorithm& algorithm, |
217 bool extractable, | 248 bool extractable, |
218 blink::WebCryptoKeyUsageMask usage_mask, | 249 blink::WebCryptoKeyUsageMask usage_mask, |
219 blink::WebCryptoKey* key); | 250 blink::WebCryptoKey* key); |
220 | 251 |
221 // Performs AES-KW decryption on the input |data|. This function should be used | 252 // Performs AES-KW decryption on the input |data|. This function should be used |
222 // when the input |data| does not directly represent a key and should instead be | 253 // when the input |data| does not directly represent a key and should instead be |
223 // interpreted as generic bytes. | 254 // interpreted as generic bytes. |
224 // Preconditions: | 255 // Preconditions: |
225 // * |key| is non-null | 256 // * |key| is non-null |
226 // * |data| is at least 24 bytes and a multiple of 8 bytes | 257 // * |data| is at least 24 bytes and a multiple of 8 bytes |
227 // * |buffer| is non-null. | 258 // * |buffer| is non-null. |
228 Status DecryptAesKw(SymKey* key, | 259 Status DecryptAesKw(SymKey* key, |
229 const CryptoData& data, | 260 const CryptoData& data, |
230 blink::WebArrayBuffer* buffer); | 261 std::vector<uint8>* buffer); |
231 | 262 |
232 // Preconditions: | 263 // Preconditions: |
233 // * |wrapping_key| is non-null | 264 // * |wrapping_key| is non-null |
234 // * |key| is non-null | 265 // * |key| is non-null |
235 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, | 266 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
236 SymKey* key, | 267 SymKey* key, |
237 blink::WebArrayBuffer* buffer); | 268 std::vector<uint8>* buffer); |
238 | 269 |
239 // Preconditions: | 270 // Preconditions: |
240 // * |wrapping_key| is non-null | 271 // * |wrapping_key| is non-null |
241 // * |key| is non-null | 272 // * |key| is non-null |
242 // * |algorithm.id()| is for a symmetric key algorithm. | 273 // * |algorithm.id()| is for a symmetric key algorithm. |
243 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, | 274 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
244 PrivateKey* wrapping_key, | 275 PrivateKey* wrapping_key, |
245 const blink::WebCryptoAlgorithm& algorithm, | 276 const blink::WebCryptoAlgorithm& algorithm, |
246 bool extractable, | 277 bool extractable, |
247 blink::WebCryptoKeyUsageMask usage_mask, | 278 blink::WebCryptoKeyUsageMask usage_mask, |
248 blink::WebCryptoKey* key); | 279 blink::WebCryptoKey* key); |
249 | 280 |
250 } // namespace platform | 281 } // namespace platform |
251 | 282 |
252 } // namespace webcrypto | 283 } // namespace webcrypto |
253 | 284 |
254 } // namespace content | 285 } // namespace content |
255 | 286 |
256 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 287 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
OLD | NEW |