Chromium Code Reviews Chromium Code Reviews
Issue 233733004:
[webcrypto] Make operations run on worker threads. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| Index: content/child/webcrypto/platform_crypto_nss.cc |
| diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc |
| index 8799376582813efa6ddad6ffeb7482cf53fdf23b..0560cf90eb889800d52f9401f2a22993345af471 100644 |
| --- a/content/child/webcrypto/platform_crypto_nss.cc |
| +++ b/content/child/webcrypto/platform_crypto_nss.cc |
| @@ -19,7 +19,6 @@ |
| #include "content/child/webcrypto/webcrypto_util.h" |
| #include "crypto/nss_util.h" |
| #include "crypto/scoped_nss_types.h" |
| -#include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| @@ -120,9 +119,19 @@ namespace webcrypto { |
| namespace platform { |
| +// Each key maintains a copy of its serialized form |
| +// in either 'raw', 'pkcs8', or 'spki' format. This is to allow |
| +// structured cloning of keys synchronously from the target Blink |
| +// thread without having to lock access to the key. |
| +// |
| +// TODO(eroman): Take advantage of this for implementing exportKey(): no need |
| +// to call into NSS if the serialized form already exists. |
|
Ryan Sleevi
2014/04/24 02:10:41
File a bug?
eroman
2014/04/24 20:59:38
Done.
|
| class SymKey : public Key { |
| public: |
| - explicit SymKey(crypto::ScopedPK11SymKey key) : key_(key.Pass()) {} |
| + static Status Create(crypto::ScopedPK11SymKey key, scoped_ptr<SymKey>* out) { |
| + out->reset(new SymKey(key.Pass())); |
| + return ExportKeyRaw(out->get(), &(*out)->serialized_key_); |
| + } |
| PK11SymKey* key() { return key_.get(); } |
| @@ -130,15 +139,28 @@ class SymKey : public Key { |
| virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; } |
| virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; } |
| + virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
| + OVERRIDE { |
| + key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
| + return true; |
| + } |
| + |
| private: |
| + explicit SymKey(crypto::ScopedPK11SymKey key) : key_(key.Pass()) {} |
| + |
| crypto::ScopedPK11SymKey key_; |
| + std::vector<uint8> serialized_key_; |
| DISALLOW_COPY_AND_ASSIGN(SymKey); |
| }; |
| class PublicKey : public Key { |
| public: |
| - explicit PublicKey(crypto::ScopedSECKEYPublicKey key) : key_(key.Pass()) {} |
| + static Status Create(crypto::ScopedSECKEYPublicKey key, |
| + scoped_ptr<PublicKey>* out) { |
| + out->reset(new PublicKey(key.Pass())); |
| + return ExportKeySpki(out->get(), &(*out)->serialized_key_); |
| + } |
| SECKEYPublicKey* key() { return key_.get(); } |
| @@ -146,15 +168,29 @@ class PublicKey : public Key { |
| virtual PublicKey* AsPublicKey() OVERRIDE { return this; } |
| virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; } |
| + virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
| + OVERRIDE { |
|
Ryan Sleevi
2014/04/24 02:10:41
I thought this bug in clang-format was fixed?
Fro
eroman
2014/04/24 20:59:38
Yep seems to be fixed. I synced and re-ran format
|
| + key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
| + return true; |
| + } |
| + |
| private: |
| + explicit PublicKey(crypto::ScopedSECKEYPublicKey key) : key_(key.Pass()) {} |
| + |
| crypto::ScopedSECKEYPublicKey key_; |
| + std::vector<uint8> serialized_key_; |
| DISALLOW_COPY_AND_ASSIGN(PublicKey); |
| }; |
| class PrivateKey : public Key { |
| public: |
| - explicit PrivateKey(crypto::ScopedSECKEYPrivateKey key) : key_(key.Pass()) {} |
| + static Status Create(crypto::ScopedSECKEYPrivateKey key, |
| + const blink::WebCryptoKeyAlgorithm& algorithm, |
| + scoped_ptr<PrivateKey>* out) { |
| + out->reset(new PrivateKey(key.Pass())); |
| + return ExportKeyPkcs8(out->get(), algorithm, &(*out)->serialized_key_); |
| + } |
| SECKEYPrivateKey* key() { return key_.get(); } |
| @@ -162,8 +198,17 @@ class PrivateKey : public Key { |
| virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; } |
| virtual PrivateKey* AsPrivateKey() OVERRIDE { return this; } |
| + virtual bool ThreadSafeSerializeForClone(blink::WebVector<uint8>* key_data) |
| + OVERRIDE { |
| + key_data->assign(Uint8VectorStart(serialized_key_), serialized_key_.size()); |
|
Ryan Sleevi
2014/04/24 02:10:41
Note that this doesn't save any allocations with v
|
| + return true; |
| + } |
| + |
| private: |
| + explicit PrivateKey(crypto::ScopedSECKEYPrivateKey key) : key_(key.Pass()) {} |
| + |
| crypto::ScopedSECKEYPrivateKey key_; |
| + std::vector<uint8> serialized_key_; |
| DISALLOW_COPY_AND_ASSIGN(PrivateKey); |
| }; |
| @@ -218,7 +263,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
| SymKey* key, |
| const CryptoData& iv, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT; |
| SECItem iv_item = MakeSECItemForBuffer(iv); |
| @@ -255,15 +300,15 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
| unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE; |
| CHECK_GT(output_max_len, data.byte_length()); |
| - *buffer = blink::WebArrayBuffer::create(output_max_len, 1); |
| + buffer->resize(output_max_len); |
| - unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
| + unsigned char* buffer_data = Uint8VectorStart(buffer); |
| int output_len; |
| if (SECSuccess != PK11_CipherOp(context.get(), |
| buffer_data, |
| &output_len, |
| - buffer->byteLength(), |
| + buffer->size(), |
| data.bytes(), |
| data.byte_length())) { |
| return Status::Error(); |
| @@ -277,7 +322,7 @@ Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode, |
| return Status::Error(); |
| } |
| - ShrinkBuffer(buffer, final_output_chunk_len + output_len); |
| + buffer->resize(final_output_chunk_len + output_len); |
| return Status::Success(); |
| } |
| @@ -290,7 +335,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
| const CryptoData& iv, |
| const CryptoData& additional_data, |
| unsigned int tag_length_bits, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| if (!g_aes_gcm_support.Get().IsSupported()) |
| return Status::ErrorUnsupported(); |
| @@ -333,8 +378,8 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
| buffer_size = data.byte_length(); |
| } |
| - *buffer = blink::WebArrayBuffer::create(buffer_size, 1); |
| - unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); |
| + buffer->resize(buffer_size); |
| + unsigned char* buffer_data = Uint8VectorStart(buffer); |
| PK11_EncryptDecryptFunction func = |
| (mode == ENCRYPT) ? g_aes_gcm_support.Get().pk11_encrypt_func() |
| @@ -346,7 +391,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
| ¶m, |
| buffer_data, |
| &output_len, |
| - buffer->byteLength(), |
| + buffer->size(), |
| data.bytes(), |
| data.byte_length()); |
| @@ -355,7 +400,7 @@ Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, |
| // Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug |
| // above). |
| - ShrinkBuffer(buffer, output_len); |
| + buffer->resize(output_len); |
| return Status::Success(); |
| } |
| @@ -703,13 +748,13 @@ class DigestorNSS : public blink::WebCryptoDigestor { |
| return true; |
| } |
| - Status FinishWithWebArrayAndStatus(blink::WebArrayBuffer* result) { |
| + Status FinishWithVectorAndStatus(std::vector<uint8>* result) { |
| if (!hash_context_) |
| return Status::ErrorUnexpected(); |
| unsigned int result_length = HASH_ResultLenContext(hash_context_); |
| - *result = blink::WebArrayBuffer::create(result_length, 1); |
| - unsigned char* digest = reinterpret_cast<unsigned char*>(result->data()); |
| + result->resize(result_length); |
| + unsigned char* digest = Uint8VectorStart(result); |
| unsigned int digest_size; // ignored |
| return FinishInternal(digest, &digest_size); |
| } |
| @@ -787,7 +832,12 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| algorithm, key_data.byte_length(), &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new SymKey(pk11_sym_key.Pass()), |
| + scoped_ptr<SymKey> key_handle; |
| + status = SymKey::Create(pk11_sym_key.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypeSecret, |
| extractable, |
| key_algorithm, |
| @@ -795,7 +845,7 @@ Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| return Status::Success(); |
| } |
| -Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
| +Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer) { |
| if (PK11_ExtractKeyValue(key->key()) != SECSuccess) |
| return Status::Error(); |
| @@ -803,7 +853,7 @@ Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
| if (!key_data) |
| return Status::Error(); |
| - *buffer = CreateArrayBuffer(key_data->data, key_data->len); |
| + buffer->assign(key_data->data, key_data->data + key_data->len); |
| return Status::Success(); |
| } |
| @@ -870,7 +920,12 @@ Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
| algorithm, sec_public_key.get(), &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new PublicKey(sec_public_key.Pass()), |
| + scoped_ptr<PublicKey> key_handle; |
| + Status status = PublicKey::Create(sec_public_key.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypePublic, |
| extractable, |
| key_algorithm, |
| @@ -879,7 +934,7 @@ Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
| return Status::Success(); |
| } |
| -Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
| +Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer) { |
| const crypto::ScopedSECItem spki_der( |
| SECKEY_EncodeDERSubjectPublicKeyInfo(key->key())); |
| if (!spki_der) |
| @@ -888,7 +943,7 @@ Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
| DCHECK(spki_der->data); |
| DCHECK(spki_der->len); |
| - *buffer = CreateArrayBuffer(spki_der->data, spki_der->len); |
| + buffer->assign(spki_der->data, spki_der->data + spki_der->len); |
| return Status::Success(); |
| } |
| @@ -909,7 +964,7 @@ Status ExportRsaPublicKey(PublicKey* key, |
| Status ExportKeyPkcs8(PrivateKey* key, |
| const blink::WebCryptoKeyAlgorithm& key_algorithm, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // TODO(eroman): Support other RSA key types as they are added to Blink. |
| if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 && |
| key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5) |
| @@ -960,7 +1015,7 @@ Status ExportKeyPkcs8(PrivateKey* key, |
| if (!encoded_key.get()) |
| return Status::Error(); |
| - *buffer = CreateArrayBuffer(encoded_key->data, encoded_key->len); |
| + buffer->assign(encoded_key->data, encoded_key->data + encoded_key->len); |
| return Status::Success(); |
| } |
| @@ -1004,7 +1059,13 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
| if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new PrivateKey(private_key.Pass()), |
| + scoped_ptr<PrivateKey> key_handle; |
| + Status status = |
| + PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypePrivate, |
| extractable, |
| key_algorithm, |
| @@ -1020,7 +1081,7 @@ Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
| Status SignHmac(SymKey* key, |
| const blink::WebCryptoAlgorithm& hash, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| DCHECK_EQ(PK11_GetMechanism(key->key()), WebCryptoHashToHMACMechanism(hash)); |
| SECItem param_item = {siBuffer, NULL, 0}; |
| @@ -1038,8 +1099,8 @@ Status SignHmac(SymKey* key, |
| DCHECK_NE(0u, signature_item.len); |
| - *buffer = blink::WebArrayBuffer::create(signature_item.len, 1); |
| - signature_item.data = reinterpret_cast<unsigned char*>(buffer->data()); |
| + buffer->resize(signature_item.len); |
| + signature_item.data = Uint8VectorStart(buffer); |
| if (PK11_SignWithSymKey(key->key(), |
| PK11_GetMechanism(key->key()), |
| @@ -1049,7 +1110,7 @@ Status SignHmac(SymKey* key, |
| return Status::Error(); |
| } |
| - DCHECK_EQ(buffer->byteLength(), signature_item.len); |
| + DCHECK_EQ(buffer->size(), signature_item.len); |
| return Status::Success(); |
| } |
| @@ -1059,7 +1120,7 @@ Status SignHmac(SymKey* key, |
| Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| const unsigned int encrypted_length_bytes = |
| SECKEY_PublicKeyStrength(key->key()); |
| @@ -1069,9 +1130,8 @@ Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| encrypted_length_bytes - 11 < data.byte_length()) |
| return Status::ErrorDataTooLarge(); |
| - *buffer = blink::WebArrayBuffer::create(encrypted_length_bytes, 1); |
| - unsigned char* const buffer_data = |
| - reinterpret_cast<unsigned char*>(buffer->data()); |
| + buffer->resize(encrypted_length_bytes); |
| + unsigned char* const buffer_data = Uint8VectorStart(buffer); |
| if (PK11_PubEncryptPKCS1(key->key(), |
| buffer_data, |
| @@ -1085,15 +1145,14 @@ Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key()); |
| if (modulus_length_bytes <= 0) |
| return Status::ErrorUnexpected(); |
| const unsigned int max_output_length_bytes = modulus_length_bytes; |
| - *buffer = blink::WebArrayBuffer::create(max_output_length_bytes, 1); |
| - unsigned char* const buffer_data = |
| - reinterpret_cast<unsigned char*>(buffer->data()); |
| + buffer->resize(max_output_length_bytes); |
| + unsigned char* const buffer_data = Uint8VectorStart(buffer); |
| unsigned int output_length_bytes = 0; |
| if (PK11_PrivDecryptPKCS1(key->key(), |
| @@ -1105,7 +1164,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| return Status::Error(); |
| } |
| DCHECK_LE(output_length_bytes, max_output_length_bytes); |
| - ShrinkBuffer(buffer, output_length_bytes); |
| + buffer->resize(output_length_bytes); |
| return Status::Success(); |
| } |
| @@ -1116,7 +1175,7 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
| const blink::WebCryptoAlgorithm& hash, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // Pick the NSS signing algorithm by combining RSA-SSA (RSA PKCS1) and the |
| // inner hash of the input Web Crypto algorithm. |
| SECOidTag sign_alg_tag; |
| @@ -1146,7 +1205,8 @@ Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
| return Status::Error(); |
| } |
| - *buffer = CreateArrayBuffer(signature_item->data, signature_item->len); |
| + buffer->assign(signature_item->data, |
| + signature_item->data + signature_item->len); |
| return Status::Success(); |
| } |
| @@ -1191,7 +1251,7 @@ Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
| SymKey* key, |
| const CryptoData& data, |
| const CryptoData& iv, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // TODO(eroman): Inline. |
| return AesCbcEncryptDecrypt(mode, key, iv, data, buffer); |
| } |
| @@ -1202,7 +1262,7 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
| const CryptoData& iv, |
| const CryptoData& additional_data, |
| unsigned int tag_length_bits, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // TODO(eroman): Inline. |
| return AesGcmEncryptDecrypt( |
| mode, key, data, iv, additional_data, tag_length_bits, buffer); |
| @@ -1278,18 +1338,28 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
| if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *public_key = blink::WebCryptoKey::create( |
| - new PublicKey(crypto::ScopedSECKEYPublicKey(sec_public_key)), |
| - blink::WebCryptoKeyTypePublic, |
| - true, |
| - key_algorithm, |
| - usage_mask); |
| - *private_key = |
| - blink::WebCryptoKey::create(new PrivateKey(scoped_sec_private_key.Pass()), |
| - blink::WebCryptoKeyTypePrivate, |
| - extractable, |
| - key_algorithm, |
| - usage_mask); |
| + scoped_ptr<PublicKey> public_key_handle; |
| + Status status = PublicKey::Create( |
| + crypto::ScopedSECKEYPublicKey(sec_public_key), &public_key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + scoped_ptr<PrivateKey> private_key_handle; |
| + status = PrivateKey::Create( |
| + scoped_sec_private_key.Pass(), key_algorithm, &private_key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *public_key = blink::WebCryptoKey::create(public_key_handle.release(), |
| + blink::WebCryptoKeyTypePublic, |
| + true, |
| + key_algorithm, |
| + usage_mask); |
| + *private_key = blink::WebCryptoKey::create(private_key_handle.release(), |
| + blink::WebCryptoKeyTypePrivate, |
| + extractable, |
| + key_algorithm, |
| + usage_mask); |
| return Status::Success(); |
| } |
| @@ -1298,12 +1368,12 @@ void Init() { crypto::EnsureNSSInit(); } |
| Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| DigestorNSS digestor(algorithm); |
| Status error = digestor.ConsumeWithStatus(data.bytes(), data.byte_length()); |
| if (!error.IsSuccess()) |
| return error; |
| - return digestor.FinishWithWebArrayAndStatus(buffer); |
| + return digestor.FinishWithVectorAndStatus(buffer); |
| } |
| scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
| @@ -1336,11 +1406,13 @@ Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
| if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new SymKey(pk11_key.Pass()), |
| - key_type, |
| - extractable, |
| - key_algorithm, |
| - usage_mask); |
| + scoped_ptr<SymKey> key_handle; |
| + Status status = SymKey::Create(pk11_key.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create( |
| + key_handle.release(), key_type, extractable, key_algorithm, usage_mask); |
| return Status::Success(); |
| } |
| @@ -1399,7 +1471,12 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new PublicKey(pubkey.Pass()), |
| + scoped_ptr<PublicKey> key_handle; |
| + Status status = PublicKey::Create(pubkey.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypePublic, |
| extractable, |
| key_algorithm, |
| @@ -1409,7 +1486,7 @@ Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| Status WrapSymKeyAesKw(SymKey* wrapping_key, |
| SymKey* key, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // The data size must be at least 16 bytes and a multiple of 8 bytes. |
| // RFC 3394 does not specify a maximum allowed data length, but since only |
| // keys are being wrapped in this application (which are small), a reasonable |
| @@ -1430,7 +1507,7 @@ Status WrapSymKeyAesKw(SymKey* wrapping_key, |
| return Status::ErrorUnexpected(); |
| const unsigned int output_length = input_length + 8; |
| - *buffer = blink::WebArrayBuffer::create(output_length, 1); |
| + buffer->resize(output_length); |
| SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
| if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
| @@ -1471,7 +1548,12 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| algorithm, PK11_GetKeyLength(unwrapped_key.get()), &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
| + scoped_ptr<SymKey> key_handle; |
| + status = SymKey::Create(unwrapped_key.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypeSecret, |
| extractable, |
| key_algorithm, |
| @@ -1481,7 +1563,7 @@ Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| Status DecryptAesKw(SymKey* wrapping_key, |
| const CryptoData& data, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // Due to limitations in the NSS API for the AES-KW algorithm, |data| must be |
| // temporarily viewed as a symmetric key to be unwrapped (decrypted). |
| crypto::ScopedPK11SymKey decrypted; |
| @@ -1497,14 +1579,14 @@ Status DecryptAesKw(SymKey* wrapping_key, |
| const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); |
| if (!key_data) |
| return Status::Error(); |
| - *buffer = webcrypto::CreateArrayBuffer(key_data->data, key_data->len); |
| + buffer->assign(key_data->data, key_data->data + key_data->len); |
| return Status::Success(); |
| } |
| Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
| SymKey* key, |
| - blink::WebArrayBuffer* buffer) { |
| + std::vector<uint8>* buffer) { |
| // Check the raw length of the key to be wrapped against the max size allowed |
| // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
| // the maximum data length that can be encrypted is the wrapping_key's modulus |
| @@ -1516,7 +1598,7 @@ Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
| modulus_length_bytes - 11 < input_length_bytes) |
| return Status::ErrorDataTooLarge(); |
| - *buffer = blink::WebArrayBuffer::create(modulus_length_bytes, 1); |
| + buffer->resize(modulus_length_bytes); |
| SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
| if (SECSuccess != |
| @@ -1573,7 +1655,12 @@ Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
| if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm)) |
| return Status::ErrorUnexpected(); |
| - *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
| + scoped_ptr<SymKey> key_handle; |
| + status = SymKey::Create(unwrapped_key.Pass(), &key_handle); |
| + if (status.IsError()) |
| + return status; |
| + |
| + *key = blink::WebCryptoKey::create(key_handle.release(), |
| blink::WebCryptoKeyTypeSecret, |
| extractable, |
| key_algorithm, |
