OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | |
10 #include "base/basictypes.h" | 9 #include "base/basictypes.h" |
11 #include "base/compiler_specific.h" | 10 #include "base/compiler_specific.h" |
12 #include "base/memory/scoped_ptr.h" | 11 #include "base/memory/scoped_ptr.h" |
| 12 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
13 #include "third_party/WebKit/public/platform/WebCrypto.h" | 13 #include "third_party/WebKit/public/platform/WebCrypto.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
15 | 15 |
16 namespace blink { | |
17 template <typename T> | |
18 class WebVector; | |
19 } | |
20 | |
21 namespace content { | 16 namespace content { |
22 | 17 |
23 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; | 18 enum EncryptOrDecrypt { ENCRYPT, DECRYPT }; |
24 | 19 |
25 namespace webcrypto { | 20 namespace webcrypto { |
26 | 21 |
27 class CryptoData; | 22 class CryptoData; |
28 class Status; | 23 class Status; |
29 | 24 |
30 // Functions in the webcrypto::platform namespace are intended to be those | 25 // Functions in the webcrypto::platform namespace are intended to be those |
31 // which are OpenSSL/NSS specific. | 26 // which are OpenSSL/NSS specific. |
32 // | 27 // |
33 // The general purpose code which applies to both OpenSSL and NSS | 28 // The general purpose code which applies to both OpenSSL and NSS |
34 // implementations of webcrypto should live in the outter webcrypto namespace, | 29 // implementations of webcrypto should live in the outter webcrypto namespace, |
35 // and the crypto library specific bits in the "platform" namespace. | 30 // and the crypto library specific bits in the "platform" namespace. |
36 // | |
37 // ----------------- | |
38 // Threading: | |
39 // ----------------- | |
40 // | |
41 // Unless otherwise noted, functions in webcrypto::platform are called | |
42 // exclusively from a sequenced worker pool. | |
43 // | |
44 // This means that operations using a given key cannot occur in | |
45 // parallel and it is not necessary to guard against concurrent usage. | |
46 // | |
47 // The exceptions are: | |
48 // | |
49 // * Key::ThreadSafeSerializeForClone(), which is called from the | |
50 // target Blink thread during structured clone. | |
51 // | |
52 // * ImportKeyRaw(), ImportKeySpki(), ImportKeyPkcs8(), which can be | |
53 // called from the target Blink thread during structured clone | |
54 // deserialization, as well as from the webcrypto worker pool. | |
55 // | |
56 // TODO(eroman): Change it so import happens in worker pool too. | |
57 // http://crbug.com/366834 | |
58 namespace platform { | 31 namespace platform { |
59 | 32 |
60 class SymKey; | 33 class SymKey; |
61 class PublicKey; | 34 class PublicKey; |
62 class PrivateKey; | 35 class PrivateKey; |
63 | 36 |
64 // Base key class for all platform keys, used to safely cast between types. | 37 // Base key class for all platform keys, used to safely cast between types. |
65 class Key : public blink::WebCryptoKeyHandle { | 38 class Key : public blink::WebCryptoKeyHandle { |
66 public: | 39 public: |
67 virtual SymKey* AsSymKey() = 0; | 40 virtual SymKey* AsSymKey() = 0; |
68 virtual PublicKey* AsPublicKey() = 0; | 41 virtual PublicKey* AsPublicKey() = 0; |
69 virtual PrivateKey* AsPrivateKey() = 0; | 42 virtual PrivateKey* AsPrivateKey() = 0; |
70 | |
71 virtual bool ThreadSafeSerializeForClone( | |
72 blink::WebVector<uint8>* key_data) = 0; | |
73 }; | 43 }; |
74 | 44 |
75 // Do any one-time initialization. Note that this can be called MULTIPLE times | 45 // Do any one-time initialization. Note that this can be called MULTIPLE times |
76 // (once per instantiation of WebCryptoImpl). | 46 // (once per instantiation of WebCryptoImpl). |
77 void Init(); | 47 void Init(); |
78 | 48 |
79 // Preconditions: | 49 // Preconditions: |
80 // * |key| is a non-null AES-CBC key. | 50 // * |key| is a non-null AES-CBC key. |
81 // * |iv| is exactly 16 bytes long | 51 // * |iv| is exactly 16 bytes long |
82 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, | 52 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
83 SymKey* key, | 53 SymKey* key, |
84 const CryptoData& data, | 54 const CryptoData& data, |
85 const CryptoData& iv, | 55 const CryptoData& iv, |
86 std::vector<uint8>* buffer); | 56 blink::WebArrayBuffer* buffer); |
87 | 57 |
88 // Preconditions: | 58 // Preconditions: |
89 // * |key| is a non-null AES-GCM key. | 59 // * |key| is a non-null AES-GCM key. |
90 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} | 60 // * |tag_length_bits| is one of {32, 64, 96, 104, 112, 120, 128} |
91 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, | 61 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode, |
92 SymKey* key, | 62 SymKey* key, |
93 const CryptoData& data, | 63 const CryptoData& data, |
94 const CryptoData& iv, | 64 const CryptoData& iv, |
95 const CryptoData& additional_data, | 65 const CryptoData& additional_data, |
96 unsigned int tag_length_bits, | 66 unsigned int tag_length_bits, |
97 std::vector<uint8>* buffer); | 67 blink::WebArrayBuffer* buffer); |
98 | 68 |
99 // Preconditions: | 69 // Preconditions: |
100 // * |key| is non-null. | 70 // * |key| is non-null. |
101 // * |data| is not empty. | 71 // * |data| is not empty. |
102 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, | 72 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
103 const CryptoData& data, | 73 const CryptoData& data, |
104 std::vector<uint8>* buffer); | 74 blink::WebArrayBuffer* buffer); |
105 | 75 |
106 // Preconditions: | 76 // Preconditions: |
107 // * |key| is non-null. | 77 // * |key| is non-null. |
108 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, | 78 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
109 const CryptoData& data, | 79 const CryptoData& data, |
110 std::vector<uint8>* buffer); | 80 blink::WebArrayBuffer* buffer); |
111 | 81 |
112 // Preconditions: | 82 // Preconditions: |
113 // * |key| is a non-null HMAC key. | 83 // * |key| is a non-null HMAC key. |
114 // * |hash| is a digest algorithm. | 84 // * |hash| is a digest algorithm. |
115 Status SignHmac(SymKey* key, | 85 Status SignHmac(SymKey* key, |
116 const blink::WebCryptoAlgorithm& hash, | 86 const blink::WebCryptoAlgorithm& hash, |
117 const CryptoData& data, | 87 const CryptoData& data, |
118 std::vector<uint8>* buffer); | 88 blink::WebArrayBuffer* buffer); |
119 | 89 |
120 // Preconditions: | 90 // Preconditions: |
121 // * |algorithm| is a SHA function. | 91 // * |algorithm| is a SHA function. |
122 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, | 92 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
123 const CryptoData& data, | 93 const CryptoData& data, |
124 std::vector<uint8>* buffer); | 94 blink::WebArrayBuffer* buffer); |
125 | 95 |
126 // Preconditions: | 96 // Preconditions: |
127 // * |algorithm| is a SHA function. | 97 // * |algorithm| is a SHA function. |
128 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( | 98 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
129 blink::WebCryptoAlgorithmId algorithm); | 99 blink::WebCryptoAlgorithmId algorithm); |
130 | 100 |
131 // Preconditions: | 101 // Preconditions: |
132 // * |key| is non-null. | 102 // * |key| is non-null. |
133 // * |hash| is a digest algorithm. | 103 // * |hash| is a digest algorithm. |
134 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, | 104 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
135 const blink::WebCryptoAlgorithm& hash, | 105 const blink::WebCryptoAlgorithm& hash, |
136 const CryptoData& data, | 106 const CryptoData& data, |
137 std::vector<uint8>* buffer); | 107 blink::WebArrayBuffer* buffer); |
138 | 108 |
139 // Preconditions: | 109 // Preconditions: |
140 // * |key| is non-null. | 110 // * |key| is non-null. |
141 // * |hash| is a digest algorithm. | 111 // * |hash| is a digest algorithm. |
142 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, | 112 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, |
143 const blink::WebCryptoAlgorithm& hash, | 113 const blink::WebCryptoAlgorithm& hash, |
144 const CryptoData& signature, | 114 const CryptoData& signature, |
145 const CryptoData& data, | 115 const CryptoData& data, |
146 bool* signature_match); | 116 bool* signature_match); |
147 | 117 |
(...skipping 23 matching lines...) Expand all Loading... |
171 unsigned int modulus_length_bits, | 141 unsigned int modulus_length_bits, |
172 const CryptoData& public_exponent, | 142 const CryptoData& public_exponent, |
173 const blink::WebCryptoAlgorithm& hash, | 143 const blink::WebCryptoAlgorithm& hash, |
174 blink::WebCryptoKey* public_key, | 144 blink::WebCryptoKey* public_key, |
175 blink::WebCryptoKey* private_key); | 145 blink::WebCryptoKey* private_key); |
176 | 146 |
177 // Preconditions: | 147 // Preconditions: |
178 // * |key| is non-null. | 148 // * |key| is non-null. |
179 // * |algorithm.id()| is for a symmetric key algorithm. | 149 // * |algorithm.id()| is for a symmetric key algorithm. |
180 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. | 150 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
181 // Note that this may be called from target Blink thread. | |
182 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 151 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
183 const CryptoData& key_data, | 152 const CryptoData& key_data, |
184 bool extractable, | 153 bool extractable, |
185 blink::WebCryptoKeyUsageMask usage_mask, | 154 blink::WebCryptoKeyUsageMask usage_mask, |
186 blink::WebCryptoKey* key); | 155 blink::WebCryptoKey* key); |
187 | 156 |
188 // Preconditions: | 157 // Preconditions: |
189 // * algorithm.id() is for an RSA algorithm. | 158 // * algorithm.id() is for an RSA algorithm. |
190 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 159 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
191 bool extractable, | 160 bool extractable, |
192 blink::WebCryptoKeyUsageMask usage_mask, | 161 blink::WebCryptoKeyUsageMask usage_mask, |
193 const CryptoData& modulus_data, | 162 const CryptoData& modulus_data, |
194 const CryptoData& exponent_data, | 163 const CryptoData& exponent_data, |
195 blink::WebCryptoKey* key); | 164 blink::WebCryptoKey* key); |
196 | 165 |
197 // Note that this may be called from target Blink thread. | |
198 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, | 166 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
199 const CryptoData& key_data, | 167 const CryptoData& key_data, |
200 bool extractable, | 168 bool extractable, |
201 blink::WebCryptoKeyUsageMask usage_mask, | 169 blink::WebCryptoKeyUsageMask usage_mask, |
202 blink::WebCryptoKey* key); | 170 blink::WebCryptoKey* key); |
203 | 171 |
204 // Note that this may be called from target Blink thread. | |
205 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, | 172 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
206 const CryptoData& key_data, | 173 const CryptoData& key_data, |
207 bool extractable, | 174 bool extractable, |
208 blink::WebCryptoKeyUsageMask usage_mask, | 175 blink::WebCryptoKeyUsageMask usage_mask, |
209 blink::WebCryptoKey* key); | 176 blink::WebCryptoKey* key); |
210 | 177 |
211 // Preconditions: | 178 // Preconditions: |
212 // * |key| is non-null. | 179 // * |key| is non-null. |
213 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); | 180 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer); |
214 | 181 |
215 // Preconditions: | 182 // Preconditions: |
216 // * |key| is non-null. | 183 // * |key| is non-null. |
217 Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer); | 184 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer); |
218 | 185 |
219 // Preconditions: | 186 // Preconditions: |
220 // * |key| is non-null. | 187 // * |key| is non-null. |
221 Status ExportRsaPublicKey(PublicKey* key, | 188 Status ExportRsaPublicKey(PublicKey* key, |
222 std::vector<uint8>* modulus, | 189 std::vector<uint8>* modulus, |
223 std::vector<uint8>* public_exponent); | 190 std::vector<uint8>* public_exponent); |
224 | 191 |
225 // Preconditions: | 192 // Preconditions: |
226 // * |key| is non-null. | 193 // * |key| is non-null. |
227 Status ExportKeyPkcs8(PrivateKey* key, | 194 Status ExportKeyPkcs8(PrivateKey* key, |
228 const blink::WebCryptoKeyAlgorithm& key_algorithm, | 195 const blink::WebCryptoKeyAlgorithm& key_algorithm, |
229 std::vector<uint8>* buffer); | 196 blink::WebArrayBuffer* buffer); |
230 | 197 |
231 // Preconditions: | 198 // Preconditions: |
232 // * |wrapping_key| is non-null | 199 // * |wrapping_key| is non-null |
233 // * |key| is non-null | 200 // * |key| is non-null |
234 Status WrapSymKeyAesKw(SymKey* wrapping_key, | 201 Status WrapSymKeyAesKw(SymKey* wrapping_key, |
235 SymKey* key, | 202 SymKey* key, |
236 std::vector<uint8>* buffer); | 203 blink::WebArrayBuffer* buffer); |
237 | 204 |
238 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in | 205 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in |
239 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used | 206 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used |
240 // when the input |wrapped_key_data| is known to result in symmetric raw key | 207 // when the input |wrapped_key_data| is known to result in symmetric raw key |
241 // data after AES-KW decryption. | 208 // data after AES-KW decryption. |
242 // Preconditions: | 209 // Preconditions: |
243 // * |wrapping_key| is non-null | 210 // * |wrapping_key| is non-null |
244 // * |key| is non-null | 211 // * |key| is non-null |
245 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes | 212 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes |
246 // * |algorithm.id()| is for a symmetric key algorithm. | 213 // * |algorithm.id()| is for a symmetric key algorithm. |
247 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | 214 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
248 SymKey* wrapping_key, | 215 SymKey* wrapping_key, |
249 const blink::WebCryptoAlgorithm& algorithm, | 216 const blink::WebCryptoAlgorithm& algorithm, |
250 bool extractable, | 217 bool extractable, |
251 blink::WebCryptoKeyUsageMask usage_mask, | 218 blink::WebCryptoKeyUsageMask usage_mask, |
252 blink::WebCryptoKey* key); | 219 blink::WebCryptoKey* key); |
253 | 220 |
254 // Performs AES-KW decryption on the input |data|. This function should be used | 221 // Performs AES-KW decryption on the input |data|. This function should be used |
255 // when the input |data| does not directly represent a key and should instead be | 222 // when the input |data| does not directly represent a key and should instead be |
256 // interpreted as generic bytes. | 223 // interpreted as generic bytes. |
257 // Preconditions: | 224 // Preconditions: |
258 // * |key| is non-null | 225 // * |key| is non-null |
259 // * |data| is at least 24 bytes and a multiple of 8 bytes | 226 // * |data| is at least 24 bytes and a multiple of 8 bytes |
260 // * |buffer| is non-null. | 227 // * |buffer| is non-null. |
261 Status DecryptAesKw(SymKey* key, | 228 Status DecryptAesKw(SymKey* key, |
262 const CryptoData& data, | 229 const CryptoData& data, |
263 std::vector<uint8>* buffer); | 230 blink::WebArrayBuffer* buffer); |
264 | 231 |
265 // Preconditions: | 232 // Preconditions: |
266 // * |wrapping_key| is non-null | 233 // * |wrapping_key| is non-null |
267 // * |key| is non-null | 234 // * |key| is non-null |
268 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, | 235 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
269 SymKey* key, | 236 SymKey* key, |
270 std::vector<uint8>* buffer); | 237 blink::WebArrayBuffer* buffer); |
271 | 238 |
272 // Preconditions: | 239 // Preconditions: |
273 // * |wrapping_key| is non-null | 240 // * |wrapping_key| is non-null |
274 // * |key| is non-null | 241 // * |key| is non-null |
275 // * |algorithm.id()| is for a symmetric key algorithm. | 242 // * |algorithm.id()| is for a symmetric key algorithm. |
276 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, | 243 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
277 PrivateKey* wrapping_key, | 244 PrivateKey* wrapping_key, |
278 const blink::WebCryptoAlgorithm& algorithm, | 245 const blink::WebCryptoAlgorithm& algorithm, |
279 bool extractable, | 246 bool extractable, |
280 blink::WebCryptoKeyUsageMask usage_mask, | 247 blink::WebCryptoKeyUsageMask usage_mask, |
281 blink::WebCryptoKey* key); | 248 blink::WebCryptoKey* key); |
282 | 249 |
283 } // namespace platform | 250 } // namespace platform |
284 | 251 |
285 } // namespace webcrypto | 252 } // namespace webcrypto |
286 | 253 |
287 } // namespace content | 254 } // namespace content |
288 | 255 |
289 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 256 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
OLD | NEW |