Index: content/child/webcrypto/platform_crypto_nss.cc |
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc |
index 8799376582813efa6ddad6ffeb7482cf53fdf23b..0560cf90eb889800d52f9401f2a22993345af471 100644 |
--- a/content/child/webcrypto/platform_crypto_nss.cc |
+++ b/content/child/webcrypto/platform_crypto_nss.cc |
@@ -19,7 +19,6 @@ |
#include "content/child/webcrypto/webcrypto_util.h" |
#include "crypto/nss_util.h" |
#include "crypto/scoped_nss_types.h" |
-#include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
@@ -120,9 +119,19 @@ namespace webcrypto { |
namespace platform { |
+// Each key maintains a copy of its serialized form |
+// in either 'raw', 'pkcs8', or 'spki' format. This is to allow |
+// structured cloning of keys synchronously from the target Blink |
+// thread without having to lock access to the key. |
+// |
+// TODO(eroman): Take advantage of this for implementing exportKey(): no need |
+// to call into NSS if the serialized form already exists. |
class SymKey : public Key { |
public: |
- explicit SymKey(crypto::ScopedPK11SymKey key) : key_(key.Pass()) {} |
+ static Status Create(crypto::ScopedPK11SymKey key, scoped_ptr<SymKey>* out) { |
+ out->reset(new SymKey(key.Pass())); |
+ return ExportKeyRaw(out->get(), &(*out)->serialized_key_); |
+ } |
PK11SymKey* key() { return key_.get(); } |
@@ -130,15 +139,28 @@ class SymKey : public Key { |
virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; } |
virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; } |
+ virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
+ OVERRIDE { |
+ key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
+ return true; |
+ } |
+ |
private: |
+ explicit SymKey(crypto::ScopedPK11SymKey key) : key_(key.Pass()) {} |
+ |
crypto::ScopedPK11SymKey key_; |
+ std::vector<uint8> serialized_key_; |
DISALLOW_COPY_AND_ASSIGN(SymKey); |
}; |
class PublicKey : public Key { |
public: |
- explicit PublicKey(crypto::ScopedSECKEYPublicKey key) : key_(key.Pass()) {} |
+ static Status Create(crypto::ScopedSECKEYPublicKey key, |
+ scoped_ptr<PublicKey>* out) { |
+ out->reset(new PublicKey(key.Pass())); |
+ return ExportKeySpki(out->get(), &(*out)->serialized_key_); |
+ } |
SECKEYPublicKey* key() { return key_.get(); } |
@@ -146,15 +168,29 @@ class PublicKey : public Key { |
virtual PublicKey* AsPublicKey() OVERRIDE { return this; } |
virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; } |
+ virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
+ OVERRIDE { |
+ key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
+ return true; |
+ } |
+ |
private: |
+ explicit PublicKey(crypto::ScopedSECKEYPublicKey key) : key_(key.Pass()) {} |
+ |
crypto::ScopedSECKEYPublicKey key_; |
+ std::vector<uint8> serialized_key_; |
DISALLOW_COPY_AND_ASSIGN(PublicKey); |
}; |
class PrivateKey : public Key { |
public: |
- explicit PrivateKey(crypto::ScopedSECKEYPrivateKey key) : key_(key.Pass()) {} |
+ static Status Create(crypto::ScopedSECKEYPrivateKey key, |
+ const blink::WebCryptoKeyAlgorithm& algorithm, |
+ scoped_ptr<PrivateKey>* out) { |
+ out->reset(new PrivateKey(key.Pass())); |
+ return ExportKeyPkcs8(out->get(), algorithm, &(*out)->serialized_key_); |
+ } |
SECKEYPrivateKey* key() { return key_.get(); } |
@@ -162,8 +198,17 @@ class PrivateKey : public Key { |
virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; } |
virtual PrivateKey* AsPrivateKey() OVERRIDE { return this; } |
+ virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
+ OVERRIDE { |
+ key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
+ return true; |
+ } |
+ |
private: |
+ explicit PrivateKey(crypto::ScopedSECKEYPrivateKey key) : key_(key.Pass()) {} |
+ |
crypto::ScopedSECKEYPrivateKey key_; |
+ std::vector<uint8> serialized_key_; |
DISALLOW_COPY_AND_ASSIGN(PrivateKey); |
}; |
@@ -218,7 +263,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
SymKey* key, |
const CryptoData& iv, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT; |
SECItem iv_item = MakeSECItemForBuffer(iv); |
@@ -255,15 +300,15 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE; |
CHECK_GT(output_max_len, data.byte_length()); |
- *buffer = blink::WebArrayBuffer::create(output_max_len, 1); |
+ buffer->resize(output_max_len); |
- unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
+ unsigned char* buffer_data = Uint8VectorStart(buffer); |
int output_len; |
if (SECSuccess != PK11_CipherOp(context.get(), |
buffer_data, |
&output_len, |
- buffer->byteLength(), |
+ buffer->size(), |
data.bytes(), |
data.byte_length())) { |
return Status::Error(); |
@@ -277,7 +322,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
return Status::Error(); |
} |
- ShrinkBuffer(buffer, final_output_chunk_len + output_len); |
+ buffer->resize(final_output_chunk_len + output_len); |
return Status::Success(); |
} |
@@ -290,7 +335,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
const CryptoData& iv, |
const CryptoData& additional_data, |
unsigned int tag_length_bits, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
if (!g_aes_gcm_support.Get().IsSupported()) |
return Status::ErrorUnsupported(); |
@@ -333,8 +378,8 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
buffer_size = data.byte_length(); |
} |
- *buffer = blink::WebArrayBuffer::create(buffer_size, 1); |
- unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
+ buffer->resize(buffer_size); |
+ unsigned char* buffer_data = Uint8VectorStart(buffer); |
PK11_EncryptDecryptFunction func = |
(mode == ENCRYPT) ? g_aes_gcm_support.Get().pk11_encrypt_func() |
@@ -346,7 +391,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
¶m, |
buffer_data, |
&output_len, |
- buffer->byteLength(), |
+ buffer->size(), |
data.bytes(), |
data.byte_length()); |
@@ -355,7 +400,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
// Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug |
// above). |
- ShrinkBuffer(buffer, output_len); |
+ buffer->resize(output_len); |
return Status::Success(); |
} |
@@ -703,13 +748,13 @@ class DigestorNSS : public blink::WebCryptoDigestor { |
return true; |
} |
- Status FinishWithWebArrayAndStatus(blink::WebArrayBuffer* result) { |
+ Status FinishWithVectorAndStatus(std::vector<uint8>* result) { |
if (!hash_context_) |
return Status::ErrorUnexpected(); |
unsigned int result_length = HASH_ResultLenContext(hash_context_); |
- *result = blink::WebArrayBuffer::create(result_length, 1); |
- unsigned char* digest = reinterpret_cast<unsigned char*>(result->data()); |
+ result->resize(result_length); |
+ unsigned char* digest = Uint8VectorStart(result); |
unsigned int digest_size; // ignored |
return FinishInternal(digest, &digest_size); |
} |
@@ -787,7 +832,12 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
algorithm, key_data.byte_length(), &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), |
+ scoped_ptr<SymKey> key_handle; |
+ status = SymKey::Create(pk11_sym_key.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypeSecret, |
extractable, |
key_algorithm, |
@@ -795,7 +845,7 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
return Status::Success(); |
} |
-Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
+Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer) { |
if (PK11_ExtractKeyValue(key->key()) != SECSuccess) |
return Status::Error(); |
@@ -803,7 +853,7 @@ Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
if (!key_data) |
return Status::Error(); |
- *buffer = CreateArrayBuffer(key_data->data, key_data->len); |
+ buffer->assign(key_data->data, key_data->data + key_data->len); |
return Status::Success(); |
} |
@@ -870,7 +920,12 @@ Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
algorithm, sec_public_key.get(), &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), |
+ scoped_ptr<PublicKey> key_handle; |
+ Status status = PublicKey::Create(sec_public_key.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypePublic, |
extractable, |
key_algorithm, |
@@ -879,7 +934,7 @@ Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
return Status::Success(); |
} |
-Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
+Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer) { |
const crypto::ScopedSECItem spki_der( |
SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); |
if (!spki_der) |
@@ -888,7 +943,7 @@ Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
DCHECK(spki_der->data); |
DCHECK(spki_der->len); |
- *buffer = CreateArrayBuffer(spki_der->data, spki_der->len); |
+ buffer->assign(spki_der->data, spki_der->data + spki_der->len); |
return Status::Success(); |
} |
@@ -909,7 +964,7 @@ Status ExportRsaPublicKey(PublicKey* key, |
Status ExportKeyPkcs8(PrivateKey* key, |
const blink::WebCryptoKeyAlgorithm& key_algorithm, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// TODO(eroman): Support other RSA key types as they are added to Blink. |
if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 && |
key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5) |
@@ -960,7 +1015,7 @@ Status ExportKeyPkcs8(PrivateKey* key, |
if (!encoded_key.get()) |
return Status::Error(); |
- *buffer = CreateArrayBuffer(encoded_key->data, encoded_key->len); |
+ buffer->assign(encoded_key->data, encoded_key->data + encoded_key->len); |
return Status::Success(); |
} |
@@ -1004,7 +1059,13 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), |
+ scoped_ptr<PrivateKey> key_handle; |
+ Status status = |
+ PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypePrivate, |
extractable, |
key_algorithm, |
@@ -1020,7 +1081,7 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
Status SignHmac(SymKey* key, |
const blink::WebCryptoAlgorithm& hash, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
DCHECK_EQ(PK11_GetMechanism(key->key()), WebCryptoHashToHMACMechanism(hash)); |
SECItem param_item = {siBuffer, NULL, 0}; |
@@ -1038,8 +1099,8 @@ Status SignHmac(SymKey* key, |
DCHECK_NE(0u, signature_item.len); |
- *buffer = blink::WebArrayBuffer::create(signature_item.len, 1); |
- signature_item.data = reinterpret_cast<unsigned char*>(buffer->data()); |
+ buffer->resize(signature_item.len); |
+ signature_item.data = Uint8VectorStart(buffer); |
if (PK11_SignWithSymKey(key->key(), |
PK11_GetMechanism(key->key()), |
@@ -1049,7 +1110,7 @@ Status SignHmac(SymKey* key, |
return Status::Error(); |
} |
- DCHECK_EQ(buffer->byteLength(), signature_item.len); |
+ DCHECK_EQ(buffer->size(), signature_item.len); |
return Status::Success(); |
} |
@@ -1059,7 +1120,7 @@ Status SignHmac(SymKey* key, |
Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
const unsigned int encrypted_length_bytes = |
SECKEY_PublicKeyStrength(key->key()); |
@@ -1069,9 +1130,8 @@ Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
encrypted_length_bytes - 11 < data.byte_length()) |
return Status::ErrorDataTooLarge(); |
- *buffer = blink::WebArrayBuffer::create(encrypted_length_bytes, 1); |
- unsigned char* const buffer_data = |
- reinterpret_cast<unsigned char*>(buffer->data()); |
+ buffer->resize(encrypted_length_bytes); |
+ unsigned char* const buffer_data = Uint8VectorStart(buffer); |
if (PK11_PubEncryptPKCS1(key->key(), |
buffer_data, |
@@ -1085,15 +1145,14 @@ Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key()); |
if (modulus_length_bytes <= 0) |
return Status::ErrorUnexpected(); |
const unsigned int max_output_length_bytes = modulus_length_bytes; |
- *buffer = blink::WebArrayBuffer::create(max_output_length_bytes, 1); |
- unsigned char* const buffer_data = |
- reinterpret_cast<unsigned char*>(buffer->data()); |
+ buffer->resize(max_output_length_bytes); |
+ unsigned char* const buffer_data = Uint8VectorStart(buffer); |
unsigned int output_length_bytes = 0; |
if (PK11_PrivDecryptPKCS1(key->key(), |
@@ -1105,7 +1164,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
return Status::Error(); |
} |
DCHECK_LE(output_length_bytes, max_output_length_bytes); |
- ShrinkBuffer(buffer, output_length_bytes); |
+ buffer->resize(output_length_bytes); |
return Status::Success(); |
} |
@@ -1116,7 +1175,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
const blink::WebCryptoAlgorithm& hash, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// Pick the NSS signing algorithm by combining RSA-SSA (RSA PKCS1) and the |
// inner hash of the input Web Crypto algorithm. |
SECOidTag sign_alg_tag; |
@@ -1146,7 +1205,8 @@ Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
return Status::Error(); |
} |
- *buffer = CreateArrayBuffer(signature_item->data, signature_item->len); |
+ buffer->assign(signature_item->data, |
+ signature_item->data + signature_item->len); |
return Status::Success(); |
} |
@@ -1191,7 +1251,7 @@ Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
SymKey* key, |
const CryptoData& data, |
const CryptoData& iv, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// TODO(eroman): Inline. |
return AesCbcEncryptDecrypt(mode, key, iv, data, buffer); |
} |
@@ -1202,7 +1262,7 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
const CryptoData& iv, |
const CryptoData& additional_data, |
unsigned int tag_length_bits, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// TODO(eroman): Inline. |
return AesGcmEncryptDecrypt( |
mode, key, data, iv, additional_data, tag_length_bits, buffer); |
@@ -1278,18 +1338,28 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *public_key = blink::WebCryptoKey::create( |
- new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), |
- blink::WebCryptoKeyTypePublic, |
- true, |
- key_algorithm, |
- usage_mask); |
- *private_key = |
- blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), |
- blink::WebCryptoKeyTypePrivate, |
- extractable, |
- key_algorithm, |
- usage_mask); |
+ scoped_ptr<PublicKey> public_key_handle; |
+ Status status = PublicKey::Create( |
+ crypto::ScopedSECKEYPublicKey(sec_public_key), &public_key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PrivateKey> private_key_handle; |
+ status = PrivateKey::Create( |
+ scoped_sec_private_key.Pass(), key_algorithm, &private_key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *public_key = blink::WebCryptoKey::create(public_key_handle.release(), |
+ blink::WebCryptoKeyTypePublic, |
+ true, |
+ key_algorithm, |
+ usage_mask); |
+ *private_key = blink::WebCryptoKey::create(private_key_handle.release(), |
+ blink::WebCryptoKeyTypePrivate, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
return Status::Success(); |
} |
@@ -1298,12 +1368,12 @@ void Init() { crypto::EnsureNSSInit(); } |
Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
DigestorNSS digestor(algorithm); |
Status error = digestor.ConsumeWithStatus(data.bytes(), data.byte_length()); |
if (!error.IsSuccess()) |
return error; |
- return digestor.FinishWithWebArrayAndStatus(buffer); |
+ return digestor.FinishWithVectorAndStatus(buffer); |
} |
scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
@@ -1336,11 +1406,13 @@ Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), |
- key_type, |
- extractable, |
- key_algorithm, |
- usage_mask); |
+ scoped_ptr<SymKey> key_handle; |
+ Status status = SymKey::Create(pk11_key.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create( |
+ key_handle.release(), key_type, extractable, key_algorithm, usage_mask); |
return Status::Success(); |
} |
@@ -1399,7 +1471,12 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), |
+ scoped_ptr<PublicKey> key_handle; |
+ Status status = PublicKey::Create(pubkey.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypePublic, |
extractable, |
key_algorithm, |
@@ -1409,7 +1486,7 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
Status WrapSymKeyAesKw(SymKey* wrapping_key, |
SymKey* key, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// The data size must be at least 16 bytes and a multiple of 8 bytes. |
// RFC 3394 does not specify a maximum allowed data length, but since only |
// keys are being wrapped in this application (which are small), a reasonable |
@@ -1430,7 +1507,7 @@ Status WrapSymKeyAesKw(SymKey* wrapping_key, |
return Status::ErrorUnexpected(); |
const unsigned int output_length = input_length + 8; |
- *buffer = blink::WebArrayBuffer::create(output_length, 1); |
+ buffer->resize(output_length); |
SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
@@ -1471,7 +1548,12 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
algorithm, PK11_GetKeyLength(unwrapped_key.get()), &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
+ scoped_ptr<SymKey> key_handle; |
+ status = SymKey::Create(unwrapped_key.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypeSecret, |
extractable, |
key_algorithm, |
@@ -1481,7 +1563,7 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
Status DecryptAesKw(SymKey* wrapping_key, |
const CryptoData& data, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// Due to limitations in the NSS API for the AES-KW algorithm, |data| must be |
// temporarily viewed as a symmetric key to be unwrapped (decrypted). |
crypto::ScopedPK11SymKey decrypted; |
@@ -1497,14 +1579,14 @@ Status DecryptAesKw(SymKey* wrapping_key, |
const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); |
if (!key_data) |
return Status::Error(); |
- *buffer = webcrypto::CreateArrayBuffer(key_data->data, key_data->len); |
+ buffer->assign(key_data->data, key_data->data + key_data->len); |
return Status::Success(); |
} |
Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
SymKey* key, |
- blink::WebArrayBuffer* buffer) { |
+ std::vector<uint8>* buffer) { |
// Check the raw length of the key to be wrapped against the max size allowed |
// by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
// the maximum data length that can be encrypted is the wrapping_key's modulus |
@@ -1516,7 +1598,7 @@ Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
modulus_length_bytes - 11 < input_length_bytes) |
return Status::ErrorDataTooLarge(); |
- *buffer = blink::WebArrayBuffer::create(modulus_length_bytes, 1); |
+ buffer->resize(modulus_length_bytes); |
SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
if (SECSuccess != |
@@ -1573,7 +1655,12 @@ Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm)) |
return Status::ErrorUnexpected(); |
- *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
+ scoped_ptr<SymKey> key_handle; |
+ status = SymKey::Create(unwrapped_key.Pass(), &key_handle); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
blink::WebCryptoKeyTypeSecret, |
extractable, |
key_algorithm, |