OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <algorithm> | |
8 #include <functional> | |
9 #include <map> | |
10 #include "base/json/json_reader.h" | |
11 #include "base/lazy_instance.h" | |
7 #include "base/logging.h" | 12 #include "base/logging.h" |
8 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
9 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 14 #include "base/strings/string_piece.h" |
15 #include "base/values.h" | |
16 #include "content/renderer/webcrypto/webcrypto_util.h" | |
10 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
11 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
12 | 20 |
13 namespace content { | 21 namespace content { |
14 | 22 |
15 namespace { | 23 namespace { |
16 | 24 |
17 bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { | 25 bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { |
18 // TODO(padolph): include all other asymmetric algorithms once they are | 26 // TODO(padolph): include all other asymmetric algorithms once they are |
19 // defined, e.g. EC and DH. | 27 // defined, e.g. EC and DH. |
20 return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 28 return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
21 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 29 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
22 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep); | 30 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep); |
23 } | 31 } |
24 | 32 |
33 // Binds a specific key length value to a compatible factory function. | |
34 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithOneShortArg)( | |
35 unsigned short); | |
36 template <AlgFactoryFuncWithOneShortArg func, unsigned short key_length> | |
37 blink::WebCryptoAlgorithm BindAlgFactoryWithKeyLen() { | |
38 return func(key_length); | |
39 } | |
40 | |
41 // Binds a WebCryptoAlgorithmId value to a compatible factory function. | |
42 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithWebCryptoAlgIdArg)( | |
43 blink::WebCryptoAlgorithmId); | |
44 template <AlgFactoryFuncWithWebCryptoAlgIdArg func, | |
45 blink::WebCryptoAlgorithmId algorithm_id> | |
46 blink::WebCryptoAlgorithm BindAlgFactoryAlgorithmId() { | |
47 return func(algorithm_id); | |
48 } | |
49 | |
50 // Defines a map between a JWK 'alg' string ID and a corresponding Web Crypto | |
51 // factory function. | |
52 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncNoArgs)(); | |
53 typedef std::map<std::string, AlgFactoryFuncNoArgs> JwkAlgFactoryMap; | |
54 | |
55 class JwkAlgorithmFactoryMap { | |
56 public: | |
57 JwkAlgorithmFactoryMap() { | |
58 map_["HS256"] = | |
59 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, | |
60 256>; | |
61 map_["HS384"] = | |
62 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, | |
63 384>; | |
64 map_["HS512"] = | |
65 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, | |
66 512>; | |
67 map_["RS256"] = | |
68 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, | |
69 blink::WebCryptoAlgorithmIdSha256>; | |
70 map_["RS384"] = | |
71 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, | |
72 blink::WebCryptoAlgorithmIdSha384>; | |
73 map_["RS512"] = | |
74 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, | |
75 blink::WebCryptoAlgorithmIdSha512>; | |
76 map_["RSA1_5"] = | |
77 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
78 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>; | |
79 map_["RSA-OAEP"] = | |
80 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaOaepAlgorithm, | |
81 blink::WebCryptoAlgorithmIdSha1>; | |
82 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet | |
83 map_["A128KW"] = &blink::WebCryptoAlgorithm::createNull; | |
84 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet | |
85 map_["A256KW"] = &blink::WebCryptoAlgorithm::createNull; | |
86 map_["A128GCM"] = | |
87 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
88 blink::WebCryptoAlgorithmIdAesGcm>; | |
89 map_["A256GCM"] = | |
90 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
91 blink::WebCryptoAlgorithmIdAesGcm>; | |
92 map_["A128CBC"] = | |
93 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
94 blink::WebCryptoAlgorithmIdAesCbc>; | |
95 map_["A192CBC"] = | |
96 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
97 blink::WebCryptoAlgorithmIdAesCbc>; | |
98 map_["A256CBC"] = | |
99 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, | |
100 blink::WebCryptoAlgorithmIdAesCbc>; | |
101 } | |
102 | |
103 blink::WebCryptoAlgorithm CreateAlgorithmFromName(const std::string& alg_id) | |
104 const { | |
105 const JwkAlgFactoryMap::const_iterator pos = map_.find(alg_id); | |
106 if (pos == map_.end()) | |
107 return blink::WebCryptoAlgorithm::createNull(); | |
108 return pos->second(); | |
109 } | |
110 | |
111 private: | |
112 JwkAlgFactoryMap map_; | |
113 }; | |
114 | |
115 base::LazyInstance<JwkAlgorithmFactoryMap> jwk_alg_factory = | |
116 LAZY_INSTANCE_INITIALIZER; | |
117 | |
118 // TODO(padolph): Verify this logic is sufficient to judge algorithm | |
119 // "consistency" for JWK import, and for all supported algorithms. | |
120 bool WebCryptoAlgorithmsConsistent(const blink::WebCryptoAlgorithm& alg1, | |
121 const blink::WebCryptoAlgorithm& alg2) { | |
122 DCHECK(!alg1.isNull()); | |
123 DCHECK(!alg2.isNull()); | |
124 if (alg1.id() == alg2.id()) { | |
125 if (alg1.id() == blink::WebCryptoAlgorithmIdHmac || | |
126 alg1.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
127 alg1.id() == blink::WebCryptoAlgorithmIdRsaOaep) { | |
128 if (WebCryptoAlgorithmsConsistent( | |
129 webcrypto::GetInnerHashAlgorithm(alg1), | |
130 webcrypto::GetInnerHashAlgorithm(alg2))) { | |
131 return true; | |
132 } | |
133 return false; | |
134 } | |
135 return true; | |
136 } | |
137 return false; | |
Ryan Sleevi
2013/12/03 19:21:21
I don't know if this was previously raised, but le
padolph
2013/12/03 19:42:53
It was originally written that way. but Eric wante
padolph
2013/12/03 20:54:34
Done.
| |
138 } | |
139 | |
25 } // namespace | 140 } // namespace |
26 | 141 |
27 WebCryptoImpl::WebCryptoImpl() { | 142 WebCryptoImpl::WebCryptoImpl() { |
28 Init(); | 143 Init(); |
29 } | 144 } |
30 | 145 |
31 // static | |
32 // TODO(eroman): This works by re-allocating a new buffer. It would be better if | |
33 // the WebArrayBuffer could just be truncated instead. | |
34 void WebCryptoImpl::ShrinkBuffer( | |
35 blink::WebArrayBuffer* buffer, | |
36 unsigned new_size) { | |
37 DCHECK_LE(new_size, buffer->byteLength()); | |
38 | |
39 if (new_size == buffer->byteLength()) | |
40 return; | |
41 | |
42 blink::WebArrayBuffer new_buffer = | |
43 blink::WebArrayBuffer::create(new_size, 1); | |
44 DCHECK(!new_buffer.isNull()); | |
45 memcpy(new_buffer.data(), buffer->data(), new_size); | |
46 *buffer = new_buffer; | |
47 } | |
48 | |
49 void WebCryptoImpl::encrypt( | 146 void WebCryptoImpl::encrypt( |
50 const blink::WebCryptoAlgorithm& algorithm, | 147 const blink::WebCryptoAlgorithm& algorithm, |
51 const blink::WebCryptoKey& key, | 148 const blink::WebCryptoKey& key, |
52 const unsigned char* data, | 149 const unsigned char* data, |
53 unsigned data_size, | 150 unsigned data_size, |
54 blink::WebCryptoResult result) { | 151 blink::WebCryptoResult result) { |
55 DCHECK(!algorithm.isNull()); | 152 DCHECK(!algorithm.isNull()); |
56 blink::WebArrayBuffer buffer; | 153 blink::WebArrayBuffer buffer; |
57 if (!EncryptInternal(algorithm, key, data, data_size, &buffer)) { | 154 if (!EncryptInternal(algorithm, key, data, data_size, &buffer)) { |
58 result.completeWithError(); | 155 result.completeWithError(); |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
133 | 230 |
134 void WebCryptoImpl::importKey( | 231 void WebCryptoImpl::importKey( |
135 blink::WebCryptoKeyFormat format, | 232 blink::WebCryptoKeyFormat format, |
136 const unsigned char* key_data, | 233 const unsigned char* key_data, |
137 unsigned key_data_size, | 234 unsigned key_data_size, |
138 const blink::WebCryptoAlgorithm& algorithm_or_null, | 235 const blink::WebCryptoAlgorithm& algorithm_or_null, |
139 bool extractable, | 236 bool extractable, |
140 blink::WebCryptoKeyUsageMask usage_mask, | 237 blink::WebCryptoKeyUsageMask usage_mask, |
141 blink::WebCryptoResult result) { | 238 blink::WebCryptoResult result) { |
142 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 239 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
143 if (!ImportKeyInternal(format, | 240 if (format == blink::WebCryptoKeyFormatJwk) { |
144 key_data, | 241 if (!ImportKeyJwk(key_data, |
145 key_data_size, | 242 key_data_size, |
146 algorithm_or_null, | 243 algorithm_or_null, |
147 extractable, | 244 extractable, |
148 usage_mask, | 245 usage_mask, |
149 &key)) { | 246 &key)) { |
150 result.completeWithError(); | 247 result.completeWithError(); |
151 return; | 248 return; |
249 } | |
250 } else { | |
251 if (!ImportKeyInternal(format, | |
252 key_data, | |
253 key_data_size, | |
254 algorithm_or_null, | |
255 extractable, | |
256 usage_mask, | |
257 &key)) { | |
258 result.completeWithError(); | |
259 return; | |
260 } | |
152 } | 261 } |
153 DCHECK(key.handle()); | 262 DCHECK(key.handle()); |
154 DCHECK(!key.algorithm().isNull()); | 263 DCHECK(!key.algorithm().isNull()); |
155 DCHECK_EQ(extractable, key.extractable()); | 264 DCHECK_EQ(extractable, key.extractable()); |
156 result.completeWithKey(key); | 265 result.completeWithKey(key); |
157 } | 266 } |
158 | 267 |
159 void WebCryptoImpl::exportKey( | 268 void WebCryptoImpl::exportKey( |
160 blink::WebCryptoKeyFormat format, | 269 blink::WebCryptoKeyFormat format, |
161 const blink::WebCryptoKey& key, | 270 const blink::WebCryptoKey& key, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
199 signature_size, | 308 signature_size, |
200 data, | 309 data, |
201 data_size, | 310 data_size, |
202 &signature_match)) { | 311 &signature_match)) { |
203 result.completeWithError(); | 312 result.completeWithError(); |
204 } else { | 313 } else { |
205 result.completeWithBoolean(signature_match); | 314 result.completeWithBoolean(signature_match); |
206 } | 315 } |
207 } | 316 } |
208 | 317 |
318 bool WebCryptoImpl::ImportKeyJwk( | |
319 const unsigned char* key_data, | |
320 unsigned key_data_size, | |
321 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
322 bool extractable, | |
323 blink::WebCryptoKeyUsageMask usage_mask, | |
324 blink::WebCryptoKey* key) { | |
325 | |
326 // The goal of this method is to extract key material and meta data from the | |
327 // incoming JWK, combine them with the input parameters, and ultimately import | |
328 // a Web Crypto Key. | |
329 // | |
330 // JSON Web Key Format (JWK) | |
331 // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16 | |
332 // TODO(padolph): Not all possible values are handled by this code right now | |
333 // | |
334 // A JWK is a simple JSON dictionary with the following entries | |
335 // - "kty" (Key Type) Parameter, REQUIRED | |
336 // - <kty-specific parameters, see below>, REQUIRED | |
337 // - "use" (Key Use) Parameter, OPTIONAL | |
338 // - "alg" (Algorithm) Parameter, OPTIONAL | |
339 // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE, | |
340 // see https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796] | |
341 // (all other entries are ignored) | |
342 // | |
343 // OPTIONAL here means that this code does not require the entry to be present | |
344 // in the incoming JWK, because the method input parameters contain similar | |
345 // information. If the optional JWK entry is present, it will be validated | |
346 // against the corresponding input parameter for consistency and combined with | |
347 // it according to rules defined below. A special case is that the method | |
348 // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg' | |
349 // value (if present) is used as a fallback. | |
350 // | |
351 // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK | |
352 // values are parsed out and combined with the method input parameters to | |
353 // build a Web Crypto Key: | |
354 // Web Crypto Key type <-- (deduced) | |
355 // Web Crypto Key extractable <-- JWK extractable + input extractable | |
356 // Web Crypto Key algorithm <-- JWK alg + input algorithm | |
357 // Web Crypto Key keyUsage <-- JWK use + input usage_mask | |
358 // Web Crypto Key keying material <-- kty-specific parameters | |
359 // | |
360 // Values for each JWK entry are case-sensitive and defined in | |
361 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16. | |
362 // Note that not all values specified by JOSE are handled by this code. Only | |
363 // handled values are listed. | |
364 // - kty (Key Type) | |
365 // +-------+--------------------------------------------------------------+ | |
366 // | "RSA" | RSA [RFC3447] | | |
367 // | "oct" | Octet sequence (used to represent symmetric keys) | | |
368 // +-------+--------------------------------------------------------------+ | |
369 // - use (Key Use) | |
370 // +-------+--------------------------------------------------------------+ | |
371 // | "enc" | encrypt and decrypt operations | | |
372 // | "sig" | sign and verify (MAC) operations | | |
373 // | "wrap"| key wrap and unwrap [not yet part of JOSE] | | |
374 // +-------+--------------------------------------------------------------+ | |
375 // - extractable (Key Exportability) | |
376 // +-------+--------------------------------------------------------------+ | |
377 // | true | Key may be exported from the trusted environment | | |
378 // | false | Key cannot exit the trusted environment | | |
379 // +-------+--------------------------------------------------------------+ | |
380 // - alg (Algorithm) | |
381 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16 | |
382 // +--------------+-------------------------------------------------------+ | |
383 // | Digital Signature or MAC Algorithm | | |
384 // +--------------+-------------------------------------------------------+ | |
385 // | "HS256" | HMAC using SHA-256 hash algorithm | | |
386 // | "HS384" | HMAC using SHA-384 hash algorithm | | |
387 // | "HS512" | HMAC using SHA-512 hash algorithm | | |
388 // | "RS256" | RSASSA using SHA-256 hash algorithm | | |
389 // | "RS384" | RSASSA using SHA-384 hash algorithm | | |
390 // | "RS512" | RSASSA using SHA-512 hash algorithm | | |
391 // +--------------+-------------------------------------------------------| | |
392 // | Key Management Algorithm | | |
393 // +--------------+-------------------------------------------------------+ | |
394 // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | | |
395 // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | | |
396 // | | (OAEP) [RFC3447], with the default parameters | | |
397 // | | specified by RFC3447 in Section A.2.1 | | |
398 // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | | |
399 // | | [RFC3394] using 128 bit keys | | |
400 // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | | |
401 // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | | |
402 // | | 128 bit keys | | |
403 // | "A256GCM" | AES GCM using 256 bit keys | | |
404 // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | | |
405 // | | padding [NIST.800-38A] [not yet part of JOSE, see | | |
406 // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 | | |
407 // | "A192CBC" | AES CBC using 192 bit keys [not yet part of JOSE] | | |
408 // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] | | |
409 // +--------------+-------------------------------------------------------+ | |
410 // | |
411 // kty-specific parameters | |
412 // The value of kty determines the type and content of the keying material | |
413 // carried in the JWK to be imported. Currently only two possibilities are | |
414 // supported: a raw key or an RSA public key. RSA private keys are not | |
415 // supported because typical applications seldom need to import a private key, | |
416 // and the large number of JWK parameters required to describe one. | |
417 // - kty == "oct" (symmetric or other raw key) | |
418 // +-------+--------------------------------------------------------------+ | |
419 // | "k" | Contains the value of the symmetric (or other single-valued) | | |
420 // | | key. It is represented as the base64url encoding of the | | |
421 // | | octet sequence containing the key value. | | |
422 // +-------+--------------------------------------------------------------+ | |
423 // - kty == "RSA" (RSA public key) | |
424 // +-------+--------------------------------------------------------------+ | |
425 // | "n" | Contains the modulus value for the RSA public key. It is | | |
426 // | | represented as the base64url encoding of the value's | | |
427 // | | unsigned big endian representation as an octet sequence. | | |
428 // +-------+--------------------------------------------------------------+ | |
429 // | "e" | Contains the exponent value for the RSA public key. It is | | |
430 // | | represented as the base64url encoding of the value's | | |
431 // | | unsigned big endian representation as an octet sequence. | | |
432 // +-------+--------------------------------------------------------------+ | |
433 // | |
434 // Consistency and conflict resolution | |
435 // The 'algorithm_or_null', 'extractable', and 'usage_mask' input parameters | |
436 // may be different than the corresponding values inside the JWK. The Web | |
437 // Crypto spec says that if a JWK value is present but is inconsistent with | |
438 // the input value, it is an error and the operation must fail. If no | |
439 // inconsistency is found, the input and JWK values are combined as follows: | |
440 // | |
441 // algorithm | |
442 // If an algorithm is provided by both the input parameter and the JWK, | |
443 // consistency between the two is based only on algorithm ID's (including an | |
444 // inner hash algorithm if present). In this case if the consistency | |
445 // check is passed, the input algorithm is used. If only one of either the | |
446 // input algorithm and JWK alg is provided, it is used as the final | |
447 // algorithm. | |
448 // | |
449 // extractable | |
450 // If the JWK extractable is true but the input parameter is false, make the | |
451 // Web Crypto Key non-extractable. Conversely, if the JWK extractable is | |
452 // false but the input parameter is true, it is an inconsistency. If both | |
453 // are true or both are false, use that value. | |
454 // | |
455 // usage_mask | |
456 // The input usage_mask must be a strict subset of the interpreted JWK use | |
457 // value, else it is judged inconsistent. In all cases the input usage_mask | |
458 // is used as the final usage_mask. | |
459 // | |
460 | |
461 if (!key_data_size) | |
462 return false; | |
463 DCHECK(key); | |
464 | |
465 // Parse the incoming JWK JSON. | |
466 base::StringPiece json_string(reinterpret_cast<const char*>(key_data), | |
467 key_data_size); | |
468 scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); | |
469 // Note, bare pointer dict_value is ok since it points into scoped value. | |
470 base::DictionaryValue* dict_value = NULL; | |
471 if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) | |
472 return false; | |
473 | |
474 // JWK "kty". Exit early if this required JWK parameter is missing. | |
475 std::string jwk_kty_value; | |
476 if (!dict_value->GetString("kty", &jwk_kty_value)) | |
477 return false; | |
478 | |
479 // JWK "extractable" (optional) --> extractable parameter | |
480 { | |
481 bool jwk_extractable_value; | |
482 if (dict_value->GetBoolean("extractable", &jwk_extractable_value)) { | |
483 if (!jwk_extractable_value && extractable) | |
484 return false; | |
485 extractable = extractable && jwk_extractable_value; | |
486 } | |
487 } | |
488 | |
489 // JWK "alg" (optional) --> algorithm parameter | |
490 // Note: input algorithm is also optional, so we have six cases to handle. | |
491 // 1. JWK alg present but unrecognized: error | |
492 // 2. JWK alg valid AND input algorithm isNull: use JWK value | |
493 // 3. JWK alg valid AND input algorithm specified, but JWK value | |
494 // inconsistent with input: error | |
495 // 4. JWK alg valid AND input algorithm specified, both consistent: use | |
496 // input value (because it has potentially more details) | |
497 // 5. JWK alg missing AND input algorithm isNull: error | |
498 // 6. JWK alg missing AND input algorithm specified: use input value | |
499 blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull(); | |
500 std::string jwk_alg_value; | |
501 if (dict_value->GetString("alg", &jwk_alg_value)) { | |
502 // JWK alg present | |
503 const blink::WebCryptoAlgorithm jwk_algorithm = | |
504 jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value); | |
505 if (jwk_algorithm.isNull()) { | |
506 // JWK alg unrecognized | |
507 return false; // case 1 | |
508 } | |
509 // JWK alg valid | |
510 if (algorithm_or_null.isNull()) { | |
511 // input algorithm not specified | |
512 algorithm = jwk_algorithm; // case 2 | |
513 } else { | |
514 // input algorithm specified | |
515 if (!WebCryptoAlgorithmsConsistent(jwk_algorithm, algorithm_or_null)) | |
516 return false; // case 3 | |
517 algorithm = algorithm_or_null; // case 4 | |
518 } | |
519 } else { | |
520 // JWK alg missing | |
521 if (algorithm_or_null.isNull()) | |
522 return false; // case 5 | |
523 algorithm = algorithm_or_null; // case 6 | |
524 } | |
525 DCHECK(!algorithm.isNull()); | |
526 | |
527 // JWK "use" (optional) --> usage_mask parameter | |
528 std::string jwk_use_value; | |
529 if (dict_value->GetString("use", &jwk_use_value)) { | |
530 blink::WebCryptoKeyUsageMask jwk_usage_mask = 0; | |
531 if (jwk_use_value == "enc") { | |
532 jwk_usage_mask = | |
533 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; | |
534 } else if (jwk_use_value == "sig") { | |
535 jwk_usage_mask = | |
536 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
537 } else if (jwk_use_value == "wrap") { | |
538 jwk_usage_mask = | |
539 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey; | |
540 } else { | |
541 return false; | |
542 } | |
543 if ((jwk_usage_mask & usage_mask) != usage_mask) { | |
544 // A usage_mask must be a subset of jwk_usage_mask. | |
545 return false; | |
546 } | |
547 } | |
548 | |
549 // JWK keying material --> ImportKeyInternal() | |
550 if (jwk_kty_value == "oct") { | |
551 std::string jwk_k_value_url64; | |
552 if (!dict_value->GetString("k", &jwk_k_value_url64)) | |
553 return false; | |
554 std::string jwk_k_value; | |
555 if (!webcrypto::Base64DecodeUrlSafe(jwk_k_value_url64, &jwk_k_value) || | |
556 !jwk_k_value.size()) { | |
557 return false; | |
558 } | |
559 | |
560 // TODO(padolph): Some JWK alg ID's embed information about the key length | |
561 // in the alg ID string. For example "A128" implies the JWK carries 128 bits | |
562 // of key material, and "HS512" implies the JWK carries _at least_ 512 bits | |
563 // of key material. For such keys validate the actual key length against the | |
564 // value in the ID. | |
565 | |
566 return ImportKeyInternal(blink::WebCryptoKeyFormatRaw, | |
567 reinterpret_cast<const uint8*>(jwk_k_value.data()), | |
568 jwk_k_value.size(), | |
569 algorithm, | |
570 extractable, | |
571 usage_mask, | |
572 key); | |
573 } else if (jwk_kty_value == "RSA") { | |
574 // TODO(padolph): JWK import RSA public key | |
575 return false; | |
576 } else { | |
577 return false; | |
578 } | |
579 | |
580 return true; | |
581 } | |
582 | |
209 } // namespace content | 583 } // namespace content |
OLD | NEW |