| Index: trunk/src/content/child/webcrypto/shared_crypto.cc
|
| ===================================================================
|
| --- trunk/src/content/child/webcrypto/shared_crypto.cc (revision 266902)
|
| +++ trunk/src/content/child/webcrypto/shared_crypto.cc (working copy)
|
| @@ -20,17 +20,6 @@
|
|
|
| namespace webcrypto {
|
|
|
| -// ------------
|
| -// Threading:
|
| -// ------------
|
| -//
|
| -// All functions in this file are called from the webcrypto worker pool except
|
| -// for:
|
| -//
|
| -// * SerializeKeyForClone()
|
| -// * DeserializeKeyForClone()
|
| -// * ImportKey() // TODO(eroman): Change this.
|
| -
|
| namespace {
|
|
|
| // TODO(eroman): Move this helper to WebCryptoKey.
|
| @@ -77,7 +66,7 @@
|
| const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::SymKey* sym_key;
|
| Status status = ToPlatformSymKey(key, &sym_key);
|
| if (status.IsError())
|
| @@ -98,7 +87,7 @@
|
| const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::SymKey* sym_key;
|
| Status status = ToPlatformSymKey(key, &sym_key);
|
| if (status.IsError())
|
| @@ -130,7 +119,7 @@
|
| Status EncryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::PublicKey* public_key;
|
| Status status = ToPlatformPublicKey(key, &public_key);
|
| if (status.IsError())
|
| @@ -146,7 +135,7 @@
|
| Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::PrivateKey* private_key;
|
| Status status = ToPlatformPrivateKey(key, &private_key);
|
| if (status.IsError())
|
| @@ -162,7 +151,7 @@
|
| Status SignHmac(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::SymKey* sym_key;
|
| Status status = ToPlatformSymKey(key, &sym_key);
|
| if (status.IsError())
|
| @@ -177,16 +166,16 @@
|
| const CryptoData& signature,
|
| const CryptoData& data,
|
| bool* signature_match) {
|
| - std::vector<uint8> result;
|
| + blink::WebArrayBuffer result;
|
| Status status = SignHmac(algorithm, key, data, &result);
|
| if (status.IsError())
|
| return status;
|
|
|
| // Do not allow verification of truncated MACs.
|
| *signature_match =
|
| - result.size() == signature.byte_length() &&
|
| + result.byteLength() == signature.byte_length() &&
|
| crypto::SecureMemEqual(
|
| - Uint8VectorStart(result), signature.bytes(), signature.byte_length());
|
| + result.data(), signature.bytes(), signature.byte_length());
|
|
|
| return Status::Success();
|
| }
|
| @@ -194,7 +183,7 @@
|
| Status SignRsaSsaPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::PrivateKey* private_key;
|
| Status status = ToPlatformPrivateKey(key, &private_key);
|
| if (status.IsError())
|
| @@ -222,7 +211,6 @@
|
| signature_match);
|
| }
|
|
|
| -// Note that this function may be called from the target Blink thread.
|
| Status ImportKeyRaw(const CryptoData& key_data,
|
| const blink::WebCryptoAlgorithm& algorithm,
|
| bool extractable,
|
| @@ -285,40 +273,40 @@
|
| //
|
| // A failure here implies either a bug in the code, or that the serialized data
|
| // was corrupted.
|
| -bool ValidateDeserializedKey(const blink::WebCryptoKey& key,
|
| - const blink::WebCryptoKeyAlgorithm& algorithm,
|
| - blink::WebCryptoKeyType type) {
|
| +Status ValidateDeserializedKey(const blink::WebCryptoKey& key,
|
| + const blink::WebCryptoKeyAlgorithm& algorithm,
|
| + blink::WebCryptoKeyType type) {
|
| if (algorithm.id() != key.algorithm().id())
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
|
|
| if (key.type() != type)
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
|
|
| switch (algorithm.paramsType()) {
|
| case blink::WebCryptoKeyAlgorithmParamsTypeAes:
|
| if (algorithm.aesParams()->lengthBits() !=
|
| key.algorithm().aesParams()->lengthBits())
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
| break;
|
| case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
|
| case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
|
| if (algorithm.rsaParams()->modulusLengthBits() !=
|
| key.algorithm().rsaParams()->modulusLengthBits())
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
| if (algorithm.rsaParams()->publicExponent().size() !=
|
| key.algorithm().rsaParams()->publicExponent().size())
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
| if (memcmp(algorithm.rsaParams()->publicExponent().data(),
|
| key.algorithm().rsaParams()->publicExponent().data(),
|
| key.algorithm().rsaParams()->publicExponent().size()) != 0)
|
| - return false;
|
| + return Status::ErrorUnexpected();
|
| break;
|
| case blink::WebCryptoKeyAlgorithmParamsTypeNone:
|
| case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
|
| break;
|
| }
|
|
|
| - return true;
|
| + return Status::Success();
|
| }
|
|
|
| // Validates the size of data input to AES-KW. AES-KW requires the input data
|
| @@ -378,7 +366,7 @@
|
| Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key,
|
| const blink::WebCryptoKey& key_to_wrap,
|
| const blink::WebCryptoAlgorithm& wrapping_algorithm,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| // A raw key is always a symmetric key.
|
| platform::SymKey* platform_key;
|
| Status status = ToPlatformSymKey(key_to_wrap, &platform_key);
|
| @@ -411,7 +399,7 @@
|
| Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| platform::SymKey* sym_key;
|
| Status status = ToPlatformSymKey(key, &sym_key);
|
| if (status.IsError())
|
| @@ -425,7 +413,7 @@
|
| Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (algorithm.id() != key.algorithm().id())
|
| return Status::ErrorUnexpected();
|
| switch (algorithm.id()) {
|
| @@ -445,7 +433,7 @@
|
| Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (algorithm.id() != key.algorithm().id())
|
| return Status::ErrorUnexpected();
|
| switch (algorithm.id()) {
|
| @@ -469,7 +457,7 @@
|
| bool extractable,
|
| blink::WebCryptoKeyUsageMask usage_mask,
|
| blink::WebCryptoKey* key) {
|
| - std::vector<uint8> buffer;
|
| + blink::WebArrayBuffer buffer;
|
| Status status = DecryptDontCheckKeyUsage(
|
| wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer);
|
| if (status.IsError())
|
| @@ -487,8 +475,8 @@
|
| const blink::WebCryptoKey& wrapping_key,
|
| const blink::WebCryptoKey& key_to_wrap,
|
| const blink::WebCryptoAlgorithm& wrapping_algorithm,
|
| - std::vector<uint8>* buffer) {
|
| - std::vector<uint8> exported_data;
|
| + blink::WebArrayBuffer* buffer) {
|
| + blink::WebArrayBuffer exported_data;
|
| Status status = ExportKey(format, key_to_wrap, &exported_data);
|
| if (status.IsError())
|
| return status;
|
| @@ -518,7 +506,7 @@
|
| Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))
|
| return Status::ErrorUnexpected();
|
| return EncryptDontCheckUsage(algorithm, key, data, buffer);
|
| @@ -527,7 +515,7 @@
|
| Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt))
|
| return Status::ErrorUnexpected();
|
| return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
|
| @@ -535,7 +523,7 @@
|
|
|
| Status Digest(const blink::WebCryptoAlgorithm& algorithm,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| switch (algorithm.id()) {
|
| case blink::WebCryptoAlgorithmIdSha1:
|
| case blink::WebCryptoAlgorithmIdSha256:
|
| @@ -638,7 +626,6 @@
|
| }
|
| }
|
|
|
| -// Note that this function may be called from the target Blink thread.
|
| Status ImportKey(blink::WebCryptoKeyFormat format,
|
| const CryptoData& key_data,
|
| const blink::WebCryptoAlgorithm& algorithm,
|
| @@ -664,7 +651,7 @@
|
| // TODO(eroman): Move this to anonymous namespace.
|
| Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format,
|
| const blink::WebCryptoKey& key,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| switch (format) {
|
| case blink::WebCryptoKeyFormatRaw: {
|
| platform::SymKey* sym_key;
|
| @@ -696,7 +683,7 @@
|
|
|
| Status ExportKey(blink::WebCryptoKeyFormat format,
|
| const blink::WebCryptoKey& key,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!key.extractable())
|
| return Status::ErrorKeyNotExtractable();
|
| return ExportKeyDontCheckExtractability(format, key, buffer);
|
| @@ -705,7 +692,7 @@
|
| Status Sign(const blink::WebCryptoAlgorithm& algorithm,
|
| const blink::WebCryptoKey& key,
|
| const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageSign))
|
| return Status::ErrorUnexpected();
|
| if (algorithm.id() != key.algorithm().id())
|
| @@ -754,7 +741,7 @@
|
| const blink::WebCryptoKey& wrapping_key,
|
| const blink::WebCryptoKey& key_to_wrap,
|
| const blink::WebCryptoAlgorithm& wrapping_algorithm,
|
| - std::vector<uint8>* buffer) {
|
| + blink::WebArrayBuffer* buffer) {
|
| if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey))
|
| return Status::ErrorUnexpected();
|
| if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
|
| @@ -815,28 +802,24 @@
|
| }
|
| }
|
|
|
| -// Note that this function is called from the target Blink thread.
|
| -bool SerializeKeyForClone(const blink::WebCryptoKey& key,
|
| - blink::WebVector<uint8>* key_data) {
|
| - return static_cast<webcrypto::platform::Key*>(key.handle())
|
| - ->ThreadSafeSerializeForClone(key_data);
|
| +Status SerializeKeyForClone(const blink::WebCryptoKey& key,
|
| + blink::WebVector<unsigned char>* data) {
|
| + blink::WebArrayBuffer buffer;
|
| + Status status = ExportKeyDontCheckExtractability(
|
| + GetCloneFormatForKeyType(key.type()), key, &buffer);
|
| + if (status.IsError())
|
| + return status;
|
| + data->assign(
|
| + reinterpret_cast<unsigned char*>(buffer.data()), buffer.byteLength());
|
| + return Status::Success();
|
| }
|
|
|
| -// Note that this function is called from the target Blink thread.
|
| -bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
|
| - blink::WebCryptoKeyType type,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - const CryptoData& key_data,
|
| - blink::WebCryptoKey* key) {
|
| - // TODO(eroman): This should not call into the platform crypto layer.
|
| - // Otherwise it runs the risk of stalling while the NSS/OpenSSL global locks
|
| - // are held.
|
| - //
|
| - // An alternate approach is to defer the key import until the key is used.
|
| - // However this means that any deserialization errors would have to be
|
| - // surfaced as WebCrypto errors, leading to slightly different behaviors. For
|
| - // instance you could clone a key which fails to be deserialized.
|
| +Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
|
| + blink::WebCryptoKeyType type,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + const CryptoData& key_data,
|
| + blink::WebCryptoKey* key) {
|
| Status status = ImportKey(GetCloneFormatForKeyType(type),
|
| key_data,
|
| KeyAlgorithmToImportAlgorithm(algorithm),
|
| @@ -844,7 +827,8 @@
|
| usage_mask,
|
| key);
|
| if (status.IsError())
|
| - return false;
|
| + return status;
|
| +
|
| return ValidateDeserializedKey(*key, algorithm, type);
|
| }
|
|
|
|
|
Chromium Code Reviews
Issue 252213003:
Revert 266798 "[webcrypto] Make operations run on a background t..." (Closed)
Base URL: svn://svn.chromium.org/chrome/