| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 |
| 9 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 10 #include "base/compiler_specific.h" | 11 #include "base/compiler_specific.h" |
| 11 #include "base/memory/scoped_ptr.h" | 12 #include "base/memory/scoped_ptr.h" |
| 12 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | |
| 13 #include "third_party/WebKit/public/platform/WebCrypto.h" | 13 #include "third_party/WebKit/public/platform/WebCrypto.h" |
| 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 15 | 15 |
| 16 namespace blink { |
| 17 template <typename T> |
| 18 class WebVector; |
| 19 } |
| 20 |
| 16 namespace content { | 21 namespace content { |
| 17 | 22 |
| 18 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; | 23 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; |
| 19 | 24 |
| 20 namespace webcrypto { | 25 namespace webcrypto { |
| 21 | 26 |
| 22 class CryptoData; | 27 class CryptoData; |
| 23 class Status; | 28 class Status; |
| 24 | 29 |
| 25 // Functions in the webcrypto::platform namespace are intended to be those | 30 // Functions in the webcrypto::platform namespace are intended to be those |
| 26 // which are OpenSSL/NSS specific. | 31 // which are OpenSSL/NSS specific. |
| 27 // | 32 // |
| 28 // The general purpose code which applies to both OpenSSL and NSS | 33 // The general purpose code which applies to both OpenSSL and NSS |
| 29 // implementations of webcrypto should live in the outter webcrypto namespace, | 34 // implementations of webcrypto should live in the outter webcrypto namespace, |
| 30 // and the crypto library specific bits in the "platform" namespace. | 35 // and the crypto library specific bits in the "platform" namespace. |
| 36 // |
| 37 // ----------------- |
| 38 // Threading: |
| 39 // ----------------- |
| 40 // |
| 41 // Unless otherwise noted, functions in webcrypto::platform are called |
| 42 // exclusively from a sequenced worker pool. |
| 43 // |
| 44 // This means that operations using a given key cannot occur in |
| 45 // parallel and it is not necessary to guard against concurrent usage. |
| 46 // |
| 47 // The exceptions are: |
| 48 // |
| 49 // * Key::ThreadSafeSerializeForClone(), which is called from the |
| 50 // target Blink thread during structured clone. |
| 51 // |
| 52 // * ImportKeyRaw(), ImportKeySpki(), ImportKeyPkcs8(), which can be |
| 53 // called from the target Blink thread during structured clone |
| 54 // deserialization, as well as from the webcrypto worker pool. |
| 55 // |
| 56 // TODO(eroman): Change it so import happens in worker pool too. |
| 57 // http://crbug.com/366834 |
| 31 namespace platform { | 58 namespace platform { |
| 32 | 59 |
| 33 class SymKey; | 60 class SymKey; |
| 34 class PublicKey; | 61 class PublicKey; |
| 35 class PrivateKey; | 62 class PrivateKey; |
| 36 | 63 |
| 37 // Base key class for all platform keys, used to safely cast between types. | 64 // Base key class for all platform keys, used to safely cast between types. |
| 38 class Key : public blink::WebCryptoKeyHandle { | 65 class Key : public blink::WebCryptoKeyHandle { |
| 39 public: | 66 public: |
| 40 virtual SymKey* AsSymKey() = 0; | 67 virtual SymKey* AsSymKey() = 0; |
| 41 virtual PublicKey* AsPublicKey() = 0; | 68 virtual PublicKey* AsPublicKey() = 0; |
| 42 virtual PrivateKey* AsPrivateKey() = 0; | 69 virtual PrivateKey* AsPrivateKey() = 0; |
| 70 |
| 71 virtual bool ThreadSafeSerializeForClone( |
| 72 blink::WebVector<uint8>* key_data) = 0; |
| 43 }; | 73 }; |
| 44 | 74 |
| 45 // Do any one-time initialization. Note that this can be called MULTIPLE times | 75 // Do any one-time initialization. Note that this can be called MULTIPLE times |
| 46 // (once per instantiation of WebCryptoImpl). | 76 // (once per instantiation of WebCryptoImpl). |
| 47 void Init(); | 77 void Init(); |
| 48 | 78 |
| 49 // Preconditions: | 79 // Preconditions: |
| 50 // * |key| is a non-null AES-CBC key. | 80 // * |key| is a non-null AES-CBC key. |
| 51 // * |iv| is exactly 16 bytes long | 81 // * |iv| is exactly 16 bytes long |
| 52 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, | 82 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
| 53 SymKey* key, | 83 SymKey* key, |
| 54 const CryptoData& data, | 84 const CryptoData& data, |
| 55 const CryptoData& iv, | 85 const CryptoData& iv, |
| 56 blink::WebArrayBuffer* buffer); | 86 std::vector<uint8>* buffer); |
| 57 | 87 |
| 58 // Preconditions: | 88 // Preconditions: |
| 59 // * |key| is a non-null AES-GCM key. | 89 // * |key| is a non-null AES-GCM key. |
| 60 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} | 90 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} |
| 61 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, | 91 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
| 62 SymKey* key, | 92 SymKey* key, |
| 63 const CryptoData& data, | 93 const CryptoData& data, |
| 64 const CryptoData& iv, | 94 const CryptoData& iv, |
| 65 const CryptoData& additional_data, | 95 const CryptoData& additional_data, |
| 66 unsigned int tag_length_bits, | 96 unsigned int tag_length_bits, |
| 67 blink::WebArrayBuffer* buffer); | 97 std::vector<uint8>* buffer); |
| 68 | 98 |
| 69 // Preconditions: | 99 // Preconditions: |
| 70 // * |key| is non-null. | 100 // * |key| is non-null. |
| 71 // * |data| is not empty. | 101 // * |data| is not empty. |
| 72 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, | 102 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| 73 const CryptoData& data, | 103 const CryptoData& data, |
| 74 blink::WebArrayBuffer* buffer); | 104 std::vector<uint8>* buffer); |
| 75 | 105 |
| 76 // Preconditions: | 106 // Preconditions: |
| 77 // * |key| is non-null. | 107 // * |key| is non-null. |
| 78 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, | 108 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| 79 const CryptoData& data, | 109 const CryptoData& data, |
| 80 blink::WebArrayBuffer* buffer); | 110 std::vector<uint8>* buffer); |
| 81 | 111 |
| 82 // Preconditions: | 112 // Preconditions: |
| 83 // * |key| is a non-null HMAC key. | 113 // * |key| is a non-null HMAC key. |
| 84 // * |hash| is a digest algorithm. | 114 // * |hash| is a digest algorithm. |
| 85 Status SignHmac(SymKey* key, | 115 Status SignHmac(SymKey* key, |
| 86 const blink::WebCryptoAlgorithm& hash, | 116 const blink::WebCryptoAlgorithm& hash, |
| 87 const CryptoData& data, | 117 const CryptoData& data, |
| 88 blink::WebArrayBuffer* buffer); | 118 std::vector<uint8>* buffer); |
| 89 | 119 |
| 90 // Preconditions: | 120 // Preconditions: |
| 91 // * |algorithm| is a SHA function. | 121 // * |algorithm| is a SHA function. |
| 92 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, | 122 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
| 93 const CryptoData& data, | 123 const CryptoData& data, |
| 94 blink::WebArrayBuffer* buffer); | 124 std::vector<uint8>* buffer); |
| 95 | 125 |
| 96 // Preconditions: | 126 // Preconditions: |
| 97 // * |algorithm| is a SHA function. | 127 // * |algorithm| is a SHA function. |
| 98 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( | 128 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
| 99 blink::WebCryptoAlgorithmId algorithm); | 129 blink::WebCryptoAlgorithmId algorithm); |
| 100 | 130 |
| 101 // Preconditions: | 131 // Preconditions: |
| 102 // * |key| is non-null. | 132 // * |key| is non-null. |
| 103 // * |hash| is a digest algorithm. | 133 // * |hash| is a digest algorithm. |
| 104 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, | 134 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
| 105 const blink::WebCryptoAlgorithm& hash, | 135 const blink::WebCryptoAlgorithm& hash, |
| 106 const CryptoData& data, | 136 const CryptoData& data, |
| 107 blink::WebArrayBuffer* buffer); | 137 std::vector<uint8>* buffer); |
| 108 | 138 |
| 109 // Preconditions: | 139 // Preconditions: |
| 110 // * |key| is non-null. | 140 // * |key| is non-null. |
| 111 // * |hash| is a digest algorithm. | 141 // * |hash| is a digest algorithm. |
| 112 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, | 142 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, |
| 113 const blink::WebCryptoAlgorithm& hash, | 143 const blink::WebCryptoAlgorithm& hash, |
| 114 const CryptoData& signature, | 144 const CryptoData& signature, |
| 115 const CryptoData& data, | 145 const CryptoData& data, |
| 116 bool* signature_match); | 146 bool* signature_match); |
| 117 | 147 |
| (...skipping 23 matching lines...) Expand all Loading... |
| 141 unsigned int modulus_length_bits, | 171 unsigned int modulus_length_bits, |
| 142 const CryptoData& public_exponent, | 172 const CryptoData& public_exponent, |
| 143 const blink::WebCryptoAlgorithm& hash, | 173 const blink::WebCryptoAlgorithm& hash, |
| 144 blink::WebCryptoKey* public_key, | 174 blink::WebCryptoKey* public_key, |
| 145 blink::WebCryptoKey* private_key); | 175 blink::WebCryptoKey* private_key); |
| 146 | 176 |
| 147 // Preconditions: | 177 // Preconditions: |
| 148 // * |key| is non-null. | 178 // * |key| is non-null. |
| 149 // * |algorithm.id()| is for a symmetric key algorithm. | 179 // * |algorithm.id()| is for a symmetric key algorithm. |
| 150 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. | 180 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
| 181 // Note that this may be called from target Blink thread. |
| 151 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 182 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| 152 const CryptoData& key_data, | 183 const CryptoData& key_data, |
| 153 bool extractable, | 184 bool extractable, |
| 154 blink::WebCryptoKeyUsageMask usage_mask, | 185 blink::WebCryptoKeyUsageMask usage_mask, |
| 155 blink::WebCryptoKey* key); | 186 blink::WebCryptoKey* key); |
| 156 | 187 |
| 157 // Preconditions: | 188 // Preconditions: |
| 158 // * algorithm.id() is for an RSA algorithm. | 189 // * algorithm.id() is for an RSA algorithm. |
| 159 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 190 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| 160 bool extractable, | 191 bool extractable, |
| 161 blink::WebCryptoKeyUsageMask usage_mask, | 192 blink::WebCryptoKeyUsageMask usage_mask, |
| 162 const CryptoData& modulus_data, | 193 const CryptoData& modulus_data, |
| 163 const CryptoData& exponent_data, | 194 const CryptoData& exponent_data, |
| 164 blink::WebCryptoKey* key); | 195 blink::WebCryptoKey* key); |
| 165 | 196 |
| 197 // Note that this may be called from target Blink thread. |
| 166 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, | 198 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
| 167 const CryptoData& key_data, | 199 const CryptoData& key_data, |
| 168 bool extractable, | 200 bool extractable, |
| 169 blink::WebCryptoKeyUsageMask usage_mask, | 201 blink::WebCryptoKeyUsageMask usage_mask, |
| 170 blink::WebCryptoKey* key); | 202 blink::WebCryptoKey* key); |
| 171 | 203 |
| 204 // Note that this may be called from target Blink thread. |
| 172 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, | 205 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
| 173 const CryptoData& key_data, | 206 const CryptoData& key_data, |
| 174 bool extractable, | 207 bool extractable, |
| 175 blink::WebCryptoKeyUsageMask usage_mask, | 208 blink::WebCryptoKeyUsageMask usage_mask, |
| 176 blink::WebCryptoKey* key); | 209 blink::WebCryptoKey* key); |
| 177 | 210 |
| 178 // Preconditions: | 211 // Preconditions: |
| 179 // * |key| is non-null. | 212 // * |key| is non-null. |
| 180 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer); | 213 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); |
| 181 | 214 |
| 182 // Preconditions: | 215 // Preconditions: |
| 183 // * |key| is non-null. | 216 // * |key| is non-null. |
| 184 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer); | 217 Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer); |
| 185 | 218 |
| 186 // Preconditions: | 219 // Preconditions: |
| 187 // * |key| is non-null. | 220 // * |key| is non-null. |
| 188 Status ExportRsaPublicKey(PublicKey* key, | 221 Status ExportRsaPublicKey(PublicKey* key, |
| 189 std::vector<uint8>* modulus, | 222 std::vector<uint8>* modulus, |
| 190 std::vector<uint8>* public_exponent); | 223 std::vector<uint8>* public_exponent); |
| 191 | 224 |
| 192 // Preconditions: | 225 // Preconditions: |
| 193 // * |key| is non-null. | 226 // * |key| is non-null. |
| 194 Status ExportKeyPkcs8(PrivateKey* key, | 227 Status ExportKeyPkcs8(PrivateKey* key, |
| 195 const blink::WebCryptoKeyAlgorithm& key_algorithm, | 228 const blink::WebCryptoKeyAlgorithm& key_algorithm, |
| 196 blink::WebArrayBuffer* buffer); | 229 std::vector<uint8>* buffer); |
| 197 | 230 |
| 198 // Preconditions: | 231 // Preconditions: |
| 199 // * |wrapping_key| is non-null | 232 // * |wrapping_key| is non-null |
| 200 // * |key| is non-null | 233 // * |key| is non-null |
| 201 Status WrapSymKeyAesKw(SymKey* wrapping_key, | 234 Status WrapSymKeyAesKw(SymKey* wrapping_key, |
| 202 SymKey* key, | 235 SymKey* key, |
| 203 blink::WebArrayBuffer* buffer); | 236 std::vector<uint8>* buffer); |
| 204 | 237 |
| 205 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in | 238 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in |
| 206 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used | 239 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used |
| 207 // when the input |wrapped_key_data| is known to result in symmetric raw key | 240 // when the input |wrapped_key_data| is known to result in symmetric raw key |
| 208 // data after AES-KW decryption. | 241 // data after AES-KW decryption. |
| 209 // Preconditions: | 242 // Preconditions: |
| 210 // * |wrapping_key| is non-null | 243 // * |wrapping_key| is non-null |
| 211 // * |key| is non-null | 244 // * |key| is non-null |
| 212 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes | 245 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes |
| 213 // * |algorithm.id()| is for a symmetric key algorithm. | 246 // * |algorithm.id()| is for a symmetric key algorithm. |
| 214 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | 247 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| 215 SymKey* wrapping_key, | 248 SymKey* wrapping_key, |
| 216 const blink::WebCryptoAlgorithm& algorithm, | 249 const blink::WebCryptoAlgorithm& algorithm, |
| 217 bool extractable, | 250 bool extractable, |
| 218 blink::WebCryptoKeyUsageMask usage_mask, | 251 blink::WebCryptoKeyUsageMask usage_mask, |
| 219 blink::WebCryptoKey* key); | 252 blink::WebCryptoKey* key); |
| 220 | 253 |
| 221 // Performs AES-KW decryption on the input |data|. This function should be used | 254 // Performs AES-KW decryption on the input |data|. This function should be used |
| 222 // when the input |data| does not directly represent a key and should instead be | 255 // when the input |data| does not directly represent a key and should instead be |
| 223 // interpreted as generic bytes. | 256 // interpreted as generic bytes. |
| 224 // Preconditions: | 257 // Preconditions: |
| 225 // * |key| is non-null | 258 // * |key| is non-null |
| 226 // * |data| is at least 24 bytes and a multiple of 8 bytes | 259 // * |data| is at least 24 bytes and a multiple of 8 bytes |
| 227 // * |buffer| is non-null. | 260 // * |buffer| is non-null. |
| 228 Status DecryptAesKw(SymKey* key, | 261 Status DecryptAesKw(SymKey* key, |
| 229 const CryptoData& data, | 262 const CryptoData& data, |
| 230 blink::WebArrayBuffer* buffer); | 263 std::vector<uint8>* buffer); |
| 231 | 264 |
| 232 // Preconditions: | 265 // Preconditions: |
| 233 // * |wrapping_key| is non-null | 266 // * |wrapping_key| is non-null |
| 234 // * |key| is non-null | 267 // * |key| is non-null |
| 235 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, | 268 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
| 236 SymKey* key, | 269 SymKey* key, |
| 237 blink::WebArrayBuffer* buffer); | 270 std::vector<uint8>* buffer); |
| 238 | 271 |
| 239 // Preconditions: | 272 // Preconditions: |
| 240 // * |wrapping_key| is non-null | 273 // * |wrapping_key| is non-null |
| 241 // * |key| is non-null | 274 // * |key| is non-null |
| 242 // * |algorithm.id()| is for a symmetric key algorithm. | 275 // * |algorithm.id()| is for a symmetric key algorithm. |
| 243 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, | 276 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
| 244 PrivateKey* wrapping_key, | 277 PrivateKey* wrapping_key, |
| 245 const blink::WebCryptoAlgorithm& algorithm, | 278 const blink::WebCryptoAlgorithm& algorithm, |
| 246 bool extractable, | 279 bool extractable, |
| 247 blink::WebCryptoKeyUsageMask usage_mask, | 280 blink::WebCryptoKeyUsageMask usage_mask, |
| 248 blink::WebCryptoKey* key); | 281 blink::WebCryptoKey* key); |
| 249 | 282 |
| 250 } // namespace platform | 283 } // namespace platform |
| 251 | 284 |
| 252 } // namespace webcrypto | 285 } // namespace webcrypto |
| 253 | 286 |
| 254 } // namespace content | 287 } // namespace content |
| 255 | 288 |
| 256 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 289 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 233733004:
[webcrypto] Make operations run on worker threads. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src