Index: trunk/src/content/child/webcrypto/shared_crypto.cc |
=================================================================== |
--- trunk/src/content/child/webcrypto/shared_crypto.cc (revision 266902) |
+++ trunk/src/content/child/webcrypto/shared_crypto.cc (working copy) |
@@ -20,17 +20,6 @@ |
namespace webcrypto { |
-// ------------ |
-// Threading: |
-// ------------ |
-// |
-// All functions in this file are called from the webcrypto worker pool except |
-// for: |
-// |
-// * SerializeKeyForClone() |
-// * DeserializeKeyForClone() |
-// * ImportKey() // TODO(eroman): Change this. |
- |
namespace { |
// TODO(eroman): Move this helper to WebCryptoKey. |
@@ -77,7 +66,7 @@ |
const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::SymKey* sym_key; |
Status status = ToPlatformSymKey(key, &sym_key); |
if (status.IsError()) |
@@ -98,7 +87,7 @@ |
const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::SymKey* sym_key; |
Status status = ToPlatformSymKey(key, &sym_key); |
if (status.IsError()) |
@@ -130,7 +119,7 @@ |
Status EncryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::PublicKey* public_key; |
Status status = ToPlatformPublicKey(key, &public_key); |
if (status.IsError()) |
@@ -146,7 +135,7 @@ |
Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::PrivateKey* private_key; |
Status status = ToPlatformPrivateKey(key, &private_key); |
if (status.IsError()) |
@@ -162,7 +151,7 @@ |
Status SignHmac(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::SymKey* sym_key; |
Status status = ToPlatformSymKey(key, &sym_key); |
if (status.IsError()) |
@@ -177,16 +166,16 @@ |
const CryptoData& signature, |
const CryptoData& data, |
bool* signature_match) { |
- std::vector<uint8> result; |
+ blink::WebArrayBuffer result; |
Status status = SignHmac(algorithm, key, data, &result); |
if (status.IsError()) |
return status; |
// Do not allow verification of truncated MACs. |
*signature_match = |
- result.size() == signature.byte_length() && |
+ result.byteLength() == signature.byte_length() && |
crypto::SecureMemEqual( |
- Uint8VectorStart(result), signature.bytes(), signature.byte_length()); |
+ result.data(), signature.bytes(), signature.byte_length()); |
return Status::Success(); |
} |
@@ -194,7 +183,7 @@ |
Status SignRsaSsaPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::PrivateKey* private_key; |
Status status = ToPlatformPrivateKey(key, &private_key); |
if (status.IsError()) |
@@ -222,7 +211,6 @@ |
signature_match); |
} |
-// Note that this function may be called from the target Blink thread. |
Status ImportKeyRaw(const CryptoData& key_data, |
const blink::WebCryptoAlgorithm& algorithm, |
bool extractable, |
@@ -285,40 +273,40 @@ |
// |
// A failure here implies either a bug in the code, or that the serialized data |
// was corrupted. |
-bool ValidateDeserializedKey(const blink::WebCryptoKey& key, |
- const blink::WebCryptoKeyAlgorithm& algorithm, |
- blink::WebCryptoKeyType type) { |
+Status ValidateDeserializedKey(const blink::WebCryptoKey& key, |
+ const blink::WebCryptoKeyAlgorithm& algorithm, |
+ blink::WebCryptoKeyType type) { |
if (algorithm.id() != key.algorithm().id()) |
- return false; |
+ return Status::ErrorUnexpected(); |
if (key.type() != type) |
- return false; |
+ return Status::ErrorUnexpected(); |
switch (algorithm.paramsType()) { |
case blink::WebCryptoKeyAlgorithmParamsTypeAes: |
if (algorithm.aesParams()->lengthBits() != |
key.algorithm().aesParams()->lengthBits()) |
- return false; |
+ return Status::ErrorUnexpected(); |
break; |
case blink::WebCryptoKeyAlgorithmParamsTypeRsa: |
case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: |
if (algorithm.rsaParams()->modulusLengthBits() != |
key.algorithm().rsaParams()->modulusLengthBits()) |
- return false; |
+ return Status::ErrorUnexpected(); |
if (algorithm.rsaParams()->publicExponent().size() != |
key.algorithm().rsaParams()->publicExponent().size()) |
- return false; |
+ return Status::ErrorUnexpected(); |
if (memcmp(algorithm.rsaParams()->publicExponent().data(), |
key.algorithm().rsaParams()->publicExponent().data(), |
key.algorithm().rsaParams()->publicExponent().size()) != 0) |
- return false; |
+ return Status::ErrorUnexpected(); |
break; |
case blink::WebCryptoKeyAlgorithmParamsTypeNone: |
case blink::WebCryptoKeyAlgorithmParamsTypeHmac: |
break; |
} |
- return true; |
+ return Status::Success(); |
} |
// Validates the size of data input to AES-KW. AES-KW requires the input data |
@@ -378,7 +366,7 @@ |
Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key, |
const blink::WebCryptoKey& key_to_wrap, |
const blink::WebCryptoAlgorithm& wrapping_algorithm, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
// A raw key is always a symmetric key. |
platform::SymKey* platform_key; |
Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
@@ -411,7 +399,7 @@ |
Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
platform::SymKey* sym_key; |
Status status = ToPlatformSymKey(key, &sym_key); |
if (status.IsError()) |
@@ -425,7 +413,7 @@ |
Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (algorithm.id() != key.algorithm().id()) |
return Status::ErrorUnexpected(); |
switch (algorithm.id()) { |
@@ -445,7 +433,7 @@ |
Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (algorithm.id() != key.algorithm().id()) |
return Status::ErrorUnexpected(); |
switch (algorithm.id()) { |
@@ -469,7 +457,7 @@ |
bool extractable, |
blink::WebCryptoKeyUsageMask usage_mask, |
blink::WebCryptoKey* key) { |
- std::vector<uint8> buffer; |
+ blink::WebArrayBuffer buffer; |
Status status = DecryptDontCheckKeyUsage( |
wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); |
if (status.IsError()) |
@@ -487,8 +475,8 @@ |
const blink::WebCryptoKey& wrapping_key, |
const blink::WebCryptoKey& key_to_wrap, |
const blink::WebCryptoAlgorithm& wrapping_algorithm, |
- std::vector<uint8>* buffer) { |
- std::vector<uint8> exported_data; |
+ blink::WebArrayBuffer* buffer) { |
+ blink::WebArrayBuffer exported_data; |
Status status = ExportKey(format, key_to_wrap, &exported_data); |
if (status.IsError()) |
return status; |
@@ -518,7 +506,7 @@ |
Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt)) |
return Status::ErrorUnexpected(); |
return EncryptDontCheckUsage(algorithm, key, data, buffer); |
@@ -527,7 +515,7 @@ |
Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt)) |
return Status::ErrorUnexpected(); |
return DecryptDontCheckKeyUsage(algorithm, key, data, buffer); |
@@ -535,7 +523,7 @@ |
Status Digest(const blink::WebCryptoAlgorithm& algorithm, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
switch (algorithm.id()) { |
case blink::WebCryptoAlgorithmIdSha1: |
case blink::WebCryptoAlgorithmIdSha256: |
@@ -638,7 +626,6 @@ |
} |
} |
-// Note that this function may be called from the target Blink thread. |
Status ImportKey(blink::WebCryptoKeyFormat format, |
const CryptoData& key_data, |
const blink::WebCryptoAlgorithm& algorithm, |
@@ -664,7 +651,7 @@ |
// TODO(eroman): Move this to anonymous namespace. |
Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format, |
const blink::WebCryptoKey& key, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
switch (format) { |
case blink::WebCryptoKeyFormatRaw: { |
platform::SymKey* sym_key; |
@@ -696,7 +683,7 @@ |
Status ExportKey(blink::WebCryptoKeyFormat format, |
const blink::WebCryptoKey& key, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (!key.extractable()) |
return Status::ErrorKeyNotExtractable(); |
return ExportKeyDontCheckExtractability(format, key, buffer); |
@@ -705,7 +692,7 @@ |
Status Sign(const blink::WebCryptoAlgorithm& algorithm, |
const blink::WebCryptoKey& key, |
const CryptoData& data, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageSign)) |
return Status::ErrorUnexpected(); |
if (algorithm.id() != key.algorithm().id()) |
@@ -754,7 +741,7 @@ |
const blink::WebCryptoKey& wrapping_key, |
const blink::WebCryptoKey& key_to_wrap, |
const blink::WebCryptoAlgorithm& wrapping_algorithm, |
- std::vector<uint8>* buffer) { |
+ blink::WebArrayBuffer* buffer) { |
if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
return Status::ErrorUnexpected(); |
if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
@@ -815,28 +802,24 @@ |
} |
} |
-// Note that this function is called from the target Blink thread. |
-bool SerializeKeyForClone(const blink::WebCryptoKey& key, |
- blink::WebVector<uint8>* key_data) { |
- return static_cast<webcrypto::platform::Key*>(key.handle()) |
- ->ThreadSafeSerializeForClone(key_data); |
+Status SerializeKeyForClone(const blink::WebCryptoKey& key, |
+ blink::WebVector<unsigned char>* data) { |
+ blink::WebArrayBuffer buffer; |
+ Status status = ExportKeyDontCheckExtractability( |
+ GetCloneFormatForKeyType(key.type()), key, &buffer); |
+ if (status.IsError()) |
+ return status; |
+ data->assign( |
+ reinterpret_cast<unsigned char*>(buffer.data()), buffer.byteLength()); |
+ return Status::Success(); |
} |
-// Note that this function is called from the target Blink thread. |
-bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, |
- blink::WebCryptoKeyType type, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- const CryptoData& key_data, |
- blink::WebCryptoKey* key) { |
- // TODO(eroman): This should not call into the platform crypto layer. |
- // Otherwise it runs the risk of stalling while the NSS/OpenSSL global locks |
- // are held. |
- // |
- // An alternate approach is to defer the key import until the key is used. |
- // However this means that any deserialization errors would have to be |
- // surfaced as WebCrypto errors, leading to slightly different behaviors. For |
- // instance you could clone a key which fails to be deserialized. |
+Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, |
+ blink::WebCryptoKeyType type, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ const CryptoData& key_data, |
+ blink::WebCryptoKey* key) { |
Status status = ImportKey(GetCloneFormatForKeyType(type), |
key_data, |
KeyAlgorithmToImportAlgorithm(algorithm), |
@@ -844,7 +827,8 @@ |
usage_mask, |
key); |
if (status.IsError()) |
- return false; |
+ return status; |
+ |
return ValidateDeserializedKey(*key, algorithm, type); |
} |