OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
| 7 #include <algorithm> |
| 8 #include <functional> |
| 9 #include <map> |
| 10 #include "base/json/json_reader.h" |
| 11 #include "base/lazy_instance.h" |
7 #include "base/logging.h" | 12 #include "base/logging.h" |
8 #include "base/memory/scoped_ptr.h" | 13 #include "base/memory/scoped_ptr.h" |
9 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 14 #include "base/strings/string_piece.h" |
| 15 #include "base/values.h" |
| 16 #include "content/renderer/webcrypto/webcrypto_util.h" |
10 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
11 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
12 | 20 |
13 namespace content { | 21 namespace content { |
14 | 22 |
15 namespace { | 23 namespace { |
16 | 24 |
17 bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { | 25 bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { |
18 // TODO(padolph): include all other asymmetric algorithms once they are | 26 // TODO(padolph): include all other asymmetric algorithms once they are |
19 // defined, e.g. EC and DH. | 27 // defined, e.g. EC and DH. |
20 return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 28 return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
21 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 29 algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
22 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep); | 30 algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep); |
23 } | 31 } |
24 | 32 |
| 33 // Binds a specific key length value to a compatible factory function. |
| 34 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithOneShortArg)( |
| 35 unsigned short); |
| 36 template <AlgFactoryFuncWithOneShortArg func, unsigned short key_length> |
| 37 blink::WebCryptoAlgorithm BindAlgFactoryWithKeyLen() { |
| 38 return func(key_length); |
| 39 } |
| 40 |
| 41 // Binds a WebCryptoAlgorithmId value to a compatible factory function. |
| 42 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithWebCryptoAlgIdArg)( |
| 43 blink::WebCryptoAlgorithmId); |
| 44 template <AlgFactoryFuncWithWebCryptoAlgIdArg func, |
| 45 blink::WebCryptoAlgorithmId algorithm_id> |
| 46 blink::WebCryptoAlgorithm BindAlgFactoryAlgorithmId() { |
| 47 return func(algorithm_id); |
| 48 } |
| 49 |
| 50 // Defines a map between a JWK 'alg' string ID and a corresponding Web Crypto |
| 51 // factory function. |
| 52 typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncNoArgs)(); |
| 53 typedef std::map<std::string, AlgFactoryFuncNoArgs> JwkAlgFactoryMap; |
| 54 |
| 55 class JwkAlgorithmFactoryMap { |
| 56 public: |
| 57 JwkAlgorithmFactoryMap() { |
| 58 map_["HS256"] = |
| 59 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 60 256>; |
| 61 map_["HS384"] = |
| 62 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 63 384>; |
| 64 map_["HS512"] = |
| 65 &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 66 512>; |
| 67 map_["RS256"] = |
| 68 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| 69 blink::WebCryptoAlgorithmIdSha256>; |
| 70 map_["RS384"] = |
| 71 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| 72 blink::WebCryptoAlgorithmIdSha384>; |
| 73 map_["RS512"] = |
| 74 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| 75 blink::WebCryptoAlgorithmIdSha512>; |
| 76 map_["RSA1_5"] = |
| 77 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 78 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>; |
| 79 map_["RSA-OAEP"] = |
| 80 &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaOaepAlgorithm, |
| 81 blink::WebCryptoAlgorithmIdSha1>; |
| 82 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet |
| 83 map_["A128KW"] = &blink::WebCryptoAlgorithm::createNull; |
| 84 // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet |
| 85 map_["A256KW"] = &blink::WebCryptoAlgorithm::createNull; |
| 86 map_["A128GCM"] = |
| 87 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 88 blink::WebCryptoAlgorithmIdAesGcm>; |
| 89 map_["A256GCM"] = |
| 90 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 91 blink::WebCryptoAlgorithmIdAesGcm>; |
| 92 map_["A128CBC"] = |
| 93 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 94 blink::WebCryptoAlgorithmIdAesCbc>; |
| 95 map_["A192CBC"] = |
| 96 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 97 blink::WebCryptoAlgorithmIdAesCbc>; |
| 98 map_["A256CBC"] = |
| 99 &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| 100 blink::WebCryptoAlgorithmIdAesCbc>; |
| 101 } |
| 102 |
| 103 blink::WebCryptoAlgorithm CreateAlgorithmFromName(const std::string& alg_id) |
| 104 const { |
| 105 const JwkAlgFactoryMap::const_iterator pos = map_.find(alg_id); |
| 106 if (pos == map_.end()) |
| 107 return blink::WebCryptoAlgorithm::createNull(); |
| 108 return pos->second(); |
| 109 } |
| 110 |
| 111 private: |
| 112 JwkAlgFactoryMap map_; |
| 113 }; |
| 114 |
| 115 base::LazyInstance<JwkAlgorithmFactoryMap> jwk_alg_factory = |
| 116 LAZY_INSTANCE_INITIALIZER; |
| 117 |
| 118 bool WebCryptoAlgorithmsConsistent(const blink::WebCryptoAlgorithm& alg1, |
| 119 const blink::WebCryptoAlgorithm& alg2) { |
| 120 DCHECK(!alg1.isNull()); |
| 121 DCHECK(!alg2.isNull()); |
| 122 if (alg1.id() != alg2.id()) |
| 123 return false; |
| 124 switch (alg1.id()) { |
| 125 case blink::WebCryptoAlgorithmIdHmac: |
| 126 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 127 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
| 128 if (WebCryptoAlgorithmsConsistent( |
| 129 webcrypto::GetInnerHashAlgorithm(alg1), |
| 130 webcrypto::GetInnerHashAlgorithm(alg2))) { |
| 131 return true; |
| 132 } |
| 133 break; |
| 134 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
| 135 case blink::WebCryptoAlgorithmIdSha1: |
| 136 case blink::WebCryptoAlgorithmIdSha224: |
| 137 case blink::WebCryptoAlgorithmIdSha256: |
| 138 case blink::WebCryptoAlgorithmIdSha384: |
| 139 case blink::WebCryptoAlgorithmIdSha512: |
| 140 case blink::WebCryptoAlgorithmIdAesCbc: |
| 141 case blink::WebCryptoAlgorithmIdAesGcm: |
| 142 case blink::WebCryptoAlgorithmIdAesCtr: |
| 143 return true; |
| 144 default: |
| 145 NOTREACHED(); // Not a supported algorithm. |
| 146 break; |
| 147 } |
| 148 return false; |
| 149 } |
| 150 |
25 } // namespace | 151 } // namespace |
26 | 152 |
27 WebCryptoImpl::WebCryptoImpl() { | 153 WebCryptoImpl::WebCryptoImpl() { |
28 Init(); | 154 Init(); |
29 } | 155 } |
30 | 156 |
31 // static | |
32 // TODO(eroman): This works by re-allocating a new buffer. It would be better if | |
33 // the WebArrayBuffer could just be truncated instead. | |
34 void WebCryptoImpl::ShrinkBuffer( | |
35 blink::WebArrayBuffer* buffer, | |
36 unsigned new_size) { | |
37 DCHECK_LE(new_size, buffer->byteLength()); | |
38 | |
39 if (new_size == buffer->byteLength()) | |
40 return; | |
41 | |
42 blink::WebArrayBuffer new_buffer = | |
43 blink::WebArrayBuffer::create(new_size, 1); | |
44 DCHECK(!new_buffer.isNull()); | |
45 memcpy(new_buffer.data(), buffer->data(), new_size); | |
46 *buffer = new_buffer; | |
47 } | |
48 | |
49 void WebCryptoImpl::encrypt( | 157 void WebCryptoImpl::encrypt( |
50 const blink::WebCryptoAlgorithm& algorithm, | 158 const blink::WebCryptoAlgorithm& algorithm, |
51 const blink::WebCryptoKey& key, | 159 const blink::WebCryptoKey& key, |
52 const unsigned char* data, | 160 const unsigned char* data, |
53 unsigned data_size, | 161 unsigned data_size, |
54 blink::WebCryptoResult result) { | 162 blink::WebCryptoResult result) { |
55 DCHECK(!algorithm.isNull()); | 163 DCHECK(!algorithm.isNull()); |
56 blink::WebArrayBuffer buffer; | 164 blink::WebArrayBuffer buffer; |
57 if (!EncryptInternal(algorithm, key, data, data_size, &buffer)) { | 165 if (!EncryptInternal(algorithm, key, data, data_size, &buffer)) { |
58 result.completeWithError(); | 166 result.completeWithError(); |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 | 241 |
134 void WebCryptoImpl::importKey( | 242 void WebCryptoImpl::importKey( |
135 blink::WebCryptoKeyFormat format, | 243 blink::WebCryptoKeyFormat format, |
136 const unsigned char* key_data, | 244 const unsigned char* key_data, |
137 unsigned key_data_size, | 245 unsigned key_data_size, |
138 const blink::WebCryptoAlgorithm& algorithm_or_null, | 246 const blink::WebCryptoAlgorithm& algorithm_or_null, |
139 bool extractable, | 247 bool extractable, |
140 blink::WebCryptoKeyUsageMask usage_mask, | 248 blink::WebCryptoKeyUsageMask usage_mask, |
141 blink::WebCryptoResult result) { | 249 blink::WebCryptoResult result) { |
142 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); | 250 blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
143 if (!ImportKeyInternal(format, | 251 if (format == blink::WebCryptoKeyFormatJwk) { |
144 key_data, | 252 if (!ImportKeyJwk(key_data, |
145 key_data_size, | 253 key_data_size, |
146 algorithm_or_null, | 254 algorithm_or_null, |
147 extractable, | 255 extractable, |
148 usage_mask, | 256 usage_mask, |
149 &key)) { | 257 &key)) { |
150 result.completeWithError(); | 258 result.completeWithError(); |
151 return; | 259 return; |
| 260 } |
| 261 } else { |
| 262 if (!ImportKeyInternal(format, |
| 263 key_data, |
| 264 key_data_size, |
| 265 algorithm_or_null, |
| 266 extractable, |
| 267 usage_mask, |
| 268 &key)) { |
| 269 result.completeWithError(); |
| 270 return; |
| 271 } |
152 } | 272 } |
153 DCHECK(key.handle()); | 273 DCHECK(key.handle()); |
154 DCHECK(!key.algorithm().isNull()); | 274 DCHECK(!key.algorithm().isNull()); |
155 DCHECK_EQ(extractable, key.extractable()); | 275 DCHECK_EQ(extractable, key.extractable()); |
156 result.completeWithKey(key); | 276 result.completeWithKey(key); |
157 } | 277 } |
158 | 278 |
159 void WebCryptoImpl::exportKey( | 279 void WebCryptoImpl::exportKey( |
160 blink::WebCryptoKeyFormat format, | 280 blink::WebCryptoKeyFormat format, |
161 const blink::WebCryptoKey& key, | 281 const blink::WebCryptoKey& key, |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
199 signature_size, | 319 signature_size, |
200 data, | 320 data, |
201 data_size, | 321 data_size, |
202 &signature_match)) { | 322 &signature_match)) { |
203 result.completeWithError(); | 323 result.completeWithError(); |
204 } else { | 324 } else { |
205 result.completeWithBoolean(signature_match); | 325 result.completeWithBoolean(signature_match); |
206 } | 326 } |
207 } | 327 } |
208 | 328 |
| 329 bool WebCryptoImpl::ImportKeyJwk( |
| 330 const unsigned char* key_data, |
| 331 unsigned key_data_size, |
| 332 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 333 bool extractable, |
| 334 blink::WebCryptoKeyUsageMask usage_mask, |
| 335 blink::WebCryptoKey* key) { |
| 336 |
| 337 // The goal of this method is to extract key material and meta data from the |
| 338 // incoming JWK, combine them with the input parameters, and ultimately import |
| 339 // a Web Crypto Key. |
| 340 // |
| 341 // JSON Web Key Format (JWK) |
| 342 // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16 |
| 343 // TODO(padolph): Not all possible values are handled by this code right now |
| 344 // |
| 345 // A JWK is a simple JSON dictionary with the following entries |
| 346 // - "kty" (Key Type) Parameter, REQUIRED |
| 347 // - <kty-specific parameters, see below>, REQUIRED |
| 348 // - "use" (Key Use) Parameter, OPTIONAL |
| 349 // - "alg" (Algorithm) Parameter, OPTIONAL |
| 350 // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE, |
| 351 // see https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796] |
| 352 // (all other entries are ignored) |
| 353 // |
| 354 // OPTIONAL here means that this code does not require the entry to be present |
| 355 // in the incoming JWK, because the method input parameters contain similar |
| 356 // information. If the optional JWK entry is present, it will be validated |
| 357 // against the corresponding input parameter for consistency and combined with |
| 358 // it according to rules defined below. A special case is that the method |
| 359 // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg' |
| 360 // value (if present) is used as a fallback. |
| 361 // |
| 362 // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK |
| 363 // values are parsed out and combined with the method input parameters to |
| 364 // build a Web Crypto Key: |
| 365 // Web Crypto Key type <-- (deduced) |
| 366 // Web Crypto Key extractable <-- JWK extractable + input extractable |
| 367 // Web Crypto Key algorithm <-- JWK alg + input algorithm |
| 368 // Web Crypto Key keyUsage <-- JWK use + input usage_mask |
| 369 // Web Crypto Key keying material <-- kty-specific parameters |
| 370 // |
| 371 // Values for each JWK entry are case-sensitive and defined in |
| 372 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16. |
| 373 // Note that not all values specified by JOSE are handled by this code. Only |
| 374 // handled values are listed. |
| 375 // - kty (Key Type) |
| 376 // +-------+--------------------------------------------------------------+ |
| 377 // | "RSA" | RSA [RFC3447] | |
| 378 // | "oct" | Octet sequence (used to represent symmetric keys) | |
| 379 // +-------+--------------------------------------------------------------+ |
| 380 // - use (Key Use) |
| 381 // +-------+--------------------------------------------------------------+ |
| 382 // | "enc" | encrypt and decrypt operations | |
| 383 // | "sig" | sign and verify (MAC) operations | |
| 384 // | "wrap"| key wrap and unwrap [not yet part of JOSE] | |
| 385 // +-------+--------------------------------------------------------------+ |
| 386 // - extractable (Key Exportability) |
| 387 // +-------+--------------------------------------------------------------+ |
| 388 // | true | Key may be exported from the trusted environment | |
| 389 // | false | Key cannot exit the trusted environment | |
| 390 // +-------+--------------------------------------------------------------+ |
| 391 // - alg (Algorithm) |
| 392 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16 |
| 393 // +--------------+-------------------------------------------------------+ |
| 394 // | Digital Signature or MAC Algorithm | |
| 395 // +--------------+-------------------------------------------------------+ |
| 396 // | "HS256" | HMAC using SHA-256 hash algorithm | |
| 397 // | "HS384" | HMAC using SHA-384 hash algorithm | |
| 398 // | "HS512" | HMAC using SHA-512 hash algorithm | |
| 399 // | "RS256" | RSASSA using SHA-256 hash algorithm | |
| 400 // | "RS384" | RSASSA using SHA-384 hash algorithm | |
| 401 // | "RS512" | RSASSA using SHA-512 hash algorithm | |
| 402 // +--------------+-------------------------------------------------------| |
| 403 // | Key Management Algorithm | |
| 404 // +--------------+-------------------------------------------------------+ |
| 405 // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | |
| 406 // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | |
| 407 // | | (OAEP) [RFC3447], with the default parameters | |
| 408 // | | specified by RFC3447 in Section A.2.1 | |
| 409 // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | |
| 410 // | | [RFC3394] using 128 bit keys | |
| 411 // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | |
| 412 // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | |
| 413 // | | 128 bit keys | |
| 414 // | "A256GCM" | AES GCM using 256 bit keys | |
| 415 // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | |
| 416 // | | padding [NIST.800-38A] [not yet part of JOSE, see | |
| 417 // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 | |
| 418 // | "A192CBC" | AES CBC using 192 bit keys [not yet part of JOSE] | |
| 419 // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] | |
| 420 // +--------------+-------------------------------------------------------+ |
| 421 // |
| 422 // kty-specific parameters |
| 423 // The value of kty determines the type and content of the keying material |
| 424 // carried in the JWK to be imported. Currently only two possibilities are |
| 425 // supported: a raw key or an RSA public key. RSA private keys are not |
| 426 // supported because typical applications seldom need to import a private key, |
| 427 // and the large number of JWK parameters required to describe one. |
| 428 // - kty == "oct" (symmetric or other raw key) |
| 429 // +-------+--------------------------------------------------------------+ |
| 430 // | "k" | Contains the value of the symmetric (or other single-valued) | |
| 431 // | | key. It is represented as the base64url encoding of the | |
| 432 // | | octet sequence containing the key value. | |
| 433 // +-------+--------------------------------------------------------------+ |
| 434 // - kty == "RSA" (RSA public key) |
| 435 // +-------+--------------------------------------------------------------+ |
| 436 // | "n" | Contains the modulus value for the RSA public key. It is | |
| 437 // | | represented as the base64url encoding of the value's | |
| 438 // | | unsigned big endian representation as an octet sequence. | |
| 439 // +-------+--------------------------------------------------------------+ |
| 440 // | "e" | Contains the exponent value for the RSA public key. It is | |
| 441 // | | represented as the base64url encoding of the value's | |
| 442 // | | unsigned big endian representation as an octet sequence. | |
| 443 // +-------+--------------------------------------------------------------+ |
| 444 // |
| 445 // Consistency and conflict resolution |
| 446 // The 'algorithm_or_null', 'extractable', and 'usage_mask' input parameters |
| 447 // may be different than the corresponding values inside the JWK. The Web |
| 448 // Crypto spec says that if a JWK value is present but is inconsistent with |
| 449 // the input value, it is an error and the operation must fail. If no |
| 450 // inconsistency is found, the input and JWK values are combined as follows: |
| 451 // |
| 452 // algorithm |
| 453 // If an algorithm is provided by both the input parameter and the JWK, |
| 454 // consistency between the two is based only on algorithm ID's (including an |
| 455 // inner hash algorithm if present). In this case if the consistency |
| 456 // check is passed, the input algorithm is used. If only one of either the |
| 457 // input algorithm and JWK alg is provided, it is used as the final |
| 458 // algorithm. |
| 459 // |
| 460 // extractable |
| 461 // If the JWK extractable is true but the input parameter is false, make the |
| 462 // Web Crypto Key non-extractable. Conversely, if the JWK extractable is |
| 463 // false but the input parameter is true, it is an inconsistency. If both |
| 464 // are true or both are false, use that value. |
| 465 // |
| 466 // usage_mask |
| 467 // The input usage_mask must be a strict subset of the interpreted JWK use |
| 468 // value, else it is judged inconsistent. In all cases the input usage_mask |
| 469 // is used as the final usage_mask. |
| 470 // |
| 471 |
| 472 if (!key_data_size) |
| 473 return false; |
| 474 DCHECK(key); |
| 475 |
| 476 // Parse the incoming JWK JSON. |
| 477 base::StringPiece json_string(reinterpret_cast<const char*>(key_data), |
| 478 key_data_size); |
| 479 scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); |
| 480 // Note, bare pointer dict_value is ok since it points into scoped value. |
| 481 base::DictionaryValue* dict_value = NULL; |
| 482 if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) |
| 483 return false; |
| 484 |
| 485 // JWK "kty". Exit early if this required JWK parameter is missing. |
| 486 std::string jwk_kty_value; |
| 487 if (!dict_value->GetString("kty", &jwk_kty_value)) |
| 488 return false; |
| 489 |
| 490 // JWK "extractable" (optional) --> extractable parameter |
| 491 { |
| 492 bool jwk_extractable_value; |
| 493 if (dict_value->GetBoolean("extractable", &jwk_extractable_value)) { |
| 494 if (!jwk_extractable_value && extractable) |
| 495 return false; |
| 496 extractable = extractable && jwk_extractable_value; |
| 497 } |
| 498 } |
| 499 |
| 500 // JWK "alg" (optional) --> algorithm parameter |
| 501 // Note: input algorithm is also optional, so we have six cases to handle. |
| 502 // 1. JWK alg present but unrecognized: error |
| 503 // 2. JWK alg valid AND input algorithm isNull: use JWK value |
| 504 // 3. JWK alg valid AND input algorithm specified, but JWK value |
| 505 // inconsistent with input: error |
| 506 // 4. JWK alg valid AND input algorithm specified, both consistent: use |
| 507 // input value (because it has potentially more details) |
| 508 // 5. JWK alg missing AND input algorithm isNull: error |
| 509 // 6. JWK alg missing AND input algorithm specified: use input value |
| 510 blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull(); |
| 511 std::string jwk_alg_value; |
| 512 if (dict_value->GetString("alg", &jwk_alg_value)) { |
| 513 // JWK alg present |
| 514 const blink::WebCryptoAlgorithm jwk_algorithm = |
| 515 jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value); |
| 516 if (jwk_algorithm.isNull()) { |
| 517 // JWK alg unrecognized |
| 518 return false; // case 1 |
| 519 } |
| 520 // JWK alg valid |
| 521 if (algorithm_or_null.isNull()) { |
| 522 // input algorithm not specified |
| 523 algorithm = jwk_algorithm; // case 2 |
| 524 } else { |
| 525 // input algorithm specified |
| 526 if (!WebCryptoAlgorithmsConsistent(jwk_algorithm, algorithm_or_null)) |
| 527 return false; // case 3 |
| 528 algorithm = algorithm_or_null; // case 4 |
| 529 } |
| 530 } else { |
| 531 // JWK alg missing |
| 532 if (algorithm_or_null.isNull()) |
| 533 return false; // case 5 |
| 534 algorithm = algorithm_or_null; // case 6 |
| 535 } |
| 536 DCHECK(!algorithm.isNull()); |
| 537 |
| 538 // JWK "use" (optional) --> usage_mask parameter |
| 539 std::string jwk_use_value; |
| 540 if (dict_value->GetString("use", &jwk_use_value)) { |
| 541 blink::WebCryptoKeyUsageMask jwk_usage_mask = 0; |
| 542 if (jwk_use_value == "enc") { |
| 543 jwk_usage_mask = |
| 544 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; |
| 545 } else if (jwk_use_value == "sig") { |
| 546 jwk_usage_mask = |
| 547 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
| 548 } else if (jwk_use_value == "wrap") { |
| 549 jwk_usage_mask = |
| 550 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey; |
| 551 } else { |
| 552 return false; |
| 553 } |
| 554 if ((jwk_usage_mask & usage_mask) != usage_mask) { |
| 555 // A usage_mask must be a subset of jwk_usage_mask. |
| 556 return false; |
| 557 } |
| 558 } |
| 559 |
| 560 // JWK keying material --> ImportKeyInternal() |
| 561 if (jwk_kty_value == "oct") { |
| 562 std::string jwk_k_value_url64; |
| 563 if (!dict_value->GetString("k", &jwk_k_value_url64)) |
| 564 return false; |
| 565 std::string jwk_k_value; |
| 566 if (!webcrypto::Base64DecodeUrlSafe(jwk_k_value_url64, &jwk_k_value) || |
| 567 !jwk_k_value.size()) { |
| 568 return false; |
| 569 } |
| 570 |
| 571 // TODO(padolph): Some JWK alg ID's embed information about the key length |
| 572 // in the alg ID string. For example "A128" implies the JWK carries 128 bits |
| 573 // of key material, and "HS512" implies the JWK carries _at least_ 512 bits |
| 574 // of key material. For such keys validate the actual key length against the |
| 575 // value in the ID. |
| 576 |
| 577 return ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
| 578 reinterpret_cast<const uint8*>(jwk_k_value.data()), |
| 579 jwk_k_value.size(), |
| 580 algorithm, |
| 581 extractable, |
| 582 usage_mask, |
| 583 key); |
| 584 } else if (jwk_kty_value == "RSA") { |
| 585 // TODO(padolph): JWK import RSA public key |
| 586 return false; |
| 587 } else { |
| 588 return false; |
| 589 } |
| 590 |
| 591 return true; |
| 592 } |
| 593 |
209 } // namespace content | 594 } // namespace content |
OLD | NEW |