OLD | NEW |
---|---|
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <algorithm> | |
8 #include <functional> | |
9 #include <map> | |
10 #include <sstream> | |
11 #include "base/json/json_reader.h" | |
12 #include "base/lazy_instance.h" | |
7 #include "base/logging.h" | 13 #include "base/logging.h" |
8 #include "base/memory/scoped_ptr.h" | 14 #include "base/memory/scoped_ptr.h" |
9 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 15 #include "base/strings/string_piece.h" |
16 #include "base/values.h" | |
17 #include "content/renderer/webcrypto/webcrypto_util.h" | |
10 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 18 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
11 #include "third_party/WebKit/public/platform/WebCryptoKey.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
12 | 21 |
13 namespace content { | 22 namespace content { |
14 | 23 |
15 namespace { | 24 namespace { |
16 | 25 |
17 bool IsAlgorithmAsymmetric(const WebKit::WebCryptoAlgorithm& algorithm) { | 26 bool IsAlgorithmAsymmetric(const WebKit::WebCryptoAlgorithm& algorithm) { |
18 // TODO(padolph): include all other asymmetric algorithms once they are | 27 // TODO(padolph): include all other asymmetric algorithms once they are |
19 // defined, e.g. EC and DH. | 28 // defined, e.g. EC and DH. |
20 return (algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || | 29 return (algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
21 algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 30 algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
22 algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaOaep); | 31 algorithm.id() == WebKit::WebCryptoAlgorithmIdRsaOaep); |
23 } | 32 } |
24 | 33 |
34 // Binds a specific key length value to a compatible factory function. | |
35 typedef WebKit::WebCryptoAlgorithm (*AlgFactoryFuncWithOneShortArg)( | |
36 unsigned short); | |
37 template <AlgFactoryFuncWithOneShortArg func, unsigned short key_length> | |
38 WebKit::WebCryptoAlgorithm BindAlgFactoryWithKeyLen() { | |
39 return func(key_length); | |
40 } | |
41 | |
42 // Binds a WebCryptoAlgorithmId value to a compatible factory function. | |
43 typedef WebKit::WebCryptoAlgorithm (*AlgFactoryFuncWithWebCryptoAlgIdArg)( | |
44 WebKit::WebCryptoAlgorithmId); | |
45 template <AlgFactoryFuncWithWebCryptoAlgIdArg func, | |
46 WebKit::WebCryptoAlgorithmId algorithm_id> | |
47 WebKit::WebCryptoAlgorithm BindAlgFactoryAlgorithmId() { | |
48 return func(algorithm_id); | |
49 } | |
50 | |
51 // Defines a map between a JWK 'alg' string ID and a corresponding Web Crypto | |
52 // factory function. | |
53 typedef WebKit::WebCryptoAlgorithm (*AlgFactoryFuncNoArgs)(); | |
54 typedef std::map<std::string, AlgFactoryFuncNoArgs> JwkAlgFactoryMap; | |
55 | |
56 class JwkAlgorithmFactoryMap { | |
57 public: | |
58 JwkAlgorithmFactoryMap() { | |
59 map_["HS256"] = | |
60 &BindAlgFactoryWithKeyLen<CreateHmacAlgorithmByDigestLen, 256>; | |
61 map_["HS384"] = | |
62 &BindAlgFactoryWithKeyLen<CreateHmacAlgorithmByDigestLen, 384>; | |
63 map_["HS512"] = | |
64 &BindAlgFactoryWithKeyLen<CreateHmacAlgorithmByDigestLen, 512>; | |
65 map_["RS256"] = | |
66 &BindAlgFactoryAlgorithmId<CreateRsaSsaAlgorithm, | |
67 WebKit::WebCryptoAlgorithmIdSha256>; | |
68 map_["RS384"] = | |
69 &BindAlgFactoryAlgorithmId<CreateRsaSsaAlgorithm, | |
70 WebKit::WebCryptoAlgorithmIdSha384>; | |
71 map_["RS512"] = | |
72 &BindAlgFactoryAlgorithmId<CreateRsaSsaAlgorithm, | |
73 WebKit::WebCryptoAlgorithmIdSha512>; | |
74 map_["RSA1_5"] = | |
75 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
76 WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>; | |
77 map_["RSA-OAEP"] = | |
78 &BindAlgFactoryAlgorithmId<CreateRsaOaepAlgorithm, | |
79 WebKit::WebCryptoAlgorithmIdSha1>; | |
80 map_["A128KW"] = &WebKit::WebCryptoAlgorithm::createNull; | |
81 map_["A256KW"] = &WebKit::WebCryptoAlgorithm::createNull; | |
82 map_["A128GCM"] = | |
83 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
84 WebKit::WebCryptoAlgorithmIdAesGcm>; | |
85 map_["A256GCM"] = | |
86 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
87 WebKit::WebCryptoAlgorithmIdAesGcm>; | |
88 map_["A128CBC"] = | |
89 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
90 WebKit::WebCryptoAlgorithmIdAesCbc>; | |
91 map_["A256CBC"] = | |
92 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
93 WebKit::WebCryptoAlgorithmIdAesCbc>; | |
94 map_["A384CBC"] = | |
95 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
96 WebKit::WebCryptoAlgorithmIdAesCbc>; | |
97 map_["A512CBC"] = | |
98 &BindAlgFactoryAlgorithmId<CreateAlgorithm, | |
aproskuryakov
2013/11/05 08:52:15
A128GCM...A512CBC are not registered in JWA, why i
padolph
2013/11/05 16:35:57
Mark Watson at Netflix is working with JOSE to get
aproskuryakov
2013/11/07 22:05:41
One reason why I'm asking is that there is no such
| |
99 WebKit::WebCryptoAlgorithmIdAesCbc>; | |
100 } | |
101 | |
102 WebKit::WebCryptoAlgorithm CreateAlgorithmFromName( | |
103 const std::string& alg_id) const { | |
104 const JwkAlgFactoryMap::const_iterator pos = map_.find(alg_id); | |
105 if (pos == map_.end()) | |
106 return WebKit::WebCryptoAlgorithm::createNull(); | |
107 return pos->second(); | |
108 } | |
109 | |
110 private: | |
111 JwkAlgFactoryMap map_; | |
112 }; | |
113 | |
114 base::LazyInstance<JwkAlgorithmFactoryMap> jwk_alg_factory = | |
115 LAZY_INSTANCE_INITIALIZER; | |
116 | |
117 // TODO(padolph): Verify this logic is sufficient to judge algorithm | |
118 // "consistency" for JWK import, and for all supported algorithms. | |
119 bool WebCryptoAlgorithmsConsistent(const WebKit::WebCryptoAlgorithm& alg1, | |
120 const WebKit::WebCryptoAlgorithm& alg2) { | |
121 DCHECK(!alg1.isNull()); | |
122 DCHECK(!alg2.isNull()); | |
123 if (alg1.id() == alg2.id()) { | |
124 if (alg1.id() == WebKit::WebCryptoAlgorithmIdHmac || | |
125 alg1.id() == WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | |
126 alg1.id() == WebKit::WebCryptoAlgorithmIdRsaOaep) { | |
127 if (WebCryptoAlgorithmsConsistent(GetInnerHashAlgorithm(alg1), | |
128 GetInnerHashAlgorithm(alg2))) { | |
129 return true; | |
130 } | |
131 return false; | |
132 } | |
133 return true; | |
134 } | |
135 return false; | |
136 } | |
137 | |
138 // Returns true if the left side of the string is an exact match. | |
139 // For example, for "foobar", "foo" would return true but "oob" would not. | |
140 bool DoesLeftSideOfStringMatch(const std::string& str, | |
141 const std::string& match_str) { | |
142 DCHECK(!str.empty()); | |
143 DCHECK(!match_str.empty()); | |
144 const size_t match_idx = str.find(match_str); | |
145 if (match_idx == std::string::npos) | |
146 return false; | |
147 return match_idx == 0; | |
148 } | |
149 | |
150 // Returns true if the right side of the string is exactly match. | |
151 // For example, for "foobar", "bar" would return true but "oba" would not. | |
152 bool DoesRightSideOfStringMatch(const std::string& str, | |
153 const std::string& match_str) { | |
154 DCHECK(!str.empty()); | |
155 DCHECK(!match_str.empty()); | |
156 const size_t match_idx = str.rfind(match_str); | |
157 if (match_idx == std::string::npos) | |
158 return false; | |
159 const std::string found_match(str.substr(match_idx)); | |
160 assert(!found_match.empty()); | |
161 const bool is_right_side = found_match == match_str; | |
162 // match_idx is also the length of the left side of the string. | |
163 DCHECK(is_right_side == (str.length() == match_idx + match_str.length())); | |
164 return is_right_side; | |
165 } | |
166 | |
167 // Returns true if the input JWK alg string is one of the AES types enumerated | |
padolph
2013/11/05 16:35:57
eroman: What do you think of this approach? These
eroman
2013/11/07 05:49:41
Verifying the key bit length is a good addition to
padolph
2013/11/07 17:58:21
Thanks for the reply. I did not think of the gener
eroman
2013/11/07 20:54:37
Sounds good. Note also that you can rename JwkAlgo
| |
168 // below, namely "AdddKW", "AdddCBC", or "AdddGCM", where 'ddd' is the key | |
169 // length. | |
170 bool IsJwkAlgAes(const std::string& jwk_alg) { | |
171 if (jwk_alg.empty() || !DoesLeftSideOfStringMatch(jwk_alg, "A")) | |
172 return false; | |
173 return DoesRightSideOfStringMatch(jwk_alg, "KW") || | |
174 DoesRightSideOfStringMatch(jwk_alg, "CBC") || | |
175 DoesRightSideOfStringMatch(jwk_alg, "GCM"); | |
176 } | |
177 | |
178 // Extracts an unsigned int from the middle of a string like "AAAAddAA", where | |
179 // 'A' is a non-numeric character and 'd' is (radix 10). This is used to extract | |
180 // the key length in bits from a JWK AES alg ID. | |
181 bool ExtractUnsignedIntFromString(const std::string& jwk_alg, | |
182 unsigned int* key_len) { | |
183 // This logic assumes we are looking for radix 10 numbers. | |
184 const size_t start_idx = jwk_alg.find_first_of("123456789"); | |
185 if (start_idx == std::string::npos) | |
186 return false; | |
187 std::istringstream stream(jwk_alg.substr(start_idx)); | |
188 unsigned int number; | |
189 // Note: istringstream::operator>>() stops parsing when it hits a non-numeric | |
190 // character. Also, it will fail if the number being parsed is inconsistent | |
191 // with the input type. | |
192 stream >> number; | |
193 if (stream.fail()) | |
194 return false; | |
195 *key_len = number; | |
196 return true; | |
197 } | |
198 | |
25 } // namespace | 199 } // namespace |
26 | 200 |
27 WebCryptoImpl::WebCryptoImpl() { | 201 WebCryptoImpl::WebCryptoImpl() { |
28 Init(); | 202 Init(); |
29 } | 203 } |
30 | 204 |
31 // static | 205 // static |
32 // TODO(eroman): This works by re-allocating a new buffer. It would be better if | |
33 // the WebArrayBuffer could just be truncated instead. | |
34 void WebCryptoImpl::ShrinkBuffer( | |
35 WebKit::WebArrayBuffer* buffer, | |
36 unsigned new_size) { | |
37 DCHECK_LE(new_size, buffer->byteLength()); | |
38 | |
39 if (new_size == buffer->byteLength()) | |
40 return; | |
41 | |
42 WebKit::WebArrayBuffer new_buffer = | |
43 WebKit::WebArrayBuffer::create(new_size, 1); | |
44 DCHECK(!new_buffer.isNull()); | |
45 memcpy(new_buffer.data(), buffer->data(), new_size); | |
46 *buffer = new_buffer; | |
47 } | |
48 | |
49 // static | |
50 // TODO(eroman): Expose functionality in Blink instead. | 206 // TODO(eroman): Expose functionality in Blink instead. |
51 WebKit::WebCryptoKey WebCryptoImpl::NullKey() { | 207 WebKit::WebCryptoKey WebCryptoImpl::NullKey() { |
52 // Needs a non-null algorithm to succeed. | 208 // Needs a non-null algorithm to succeed. |
53 return WebKit::WebCryptoKey::create( | 209 return WebKit::WebCryptoKey::create( |
54 NULL, WebKit::WebCryptoKeyTypeSecret, false, | 210 NULL, WebKit::WebCryptoKeyTypeSecret, false, |
55 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( | 211 WebKit::WebCryptoAlgorithm::adoptParamsAndCreate( |
56 WebKit::WebCryptoAlgorithmIdAesGcm, NULL), 0); | 212 WebKit::WebCryptoAlgorithmIdAesGcm, NULL), 0); |
57 } | 213 } |
58 | 214 |
59 void WebCryptoImpl::encrypt( | 215 void WebCryptoImpl::encrypt( |
(...skipping 83 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
143 | 299 |
144 void WebCryptoImpl::importKey( | 300 void WebCryptoImpl::importKey( |
145 WebKit::WebCryptoKeyFormat format, | 301 WebKit::WebCryptoKeyFormat format, |
146 const unsigned char* key_data, | 302 const unsigned char* key_data, |
147 unsigned key_data_size, | 303 unsigned key_data_size, |
148 const WebKit::WebCryptoAlgorithm& algorithm_or_null, | 304 const WebKit::WebCryptoAlgorithm& algorithm_or_null, |
149 bool extractable, | 305 bool extractable, |
150 WebKit::WebCryptoKeyUsageMask usage_mask, | 306 WebKit::WebCryptoKeyUsageMask usage_mask, |
151 WebKit::WebCryptoResult result) { | 307 WebKit::WebCryptoResult result) { |
152 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); | 308 WebKit::WebCryptoKey key = WebKit::WebCryptoKey::createNull(); |
153 if (!ImportKeyInternal(format, | 309 if (format == WebKit::WebCryptoKeyFormatJwk) { |
154 key_data, | 310 if (!ImportKeyJwk(key_data, |
155 key_data_size, | 311 key_data_size, |
156 algorithm_or_null, | 312 algorithm_or_null, |
157 extractable, | 313 extractable, |
158 usage_mask, | 314 usage_mask, |
159 &key)) { | 315 &key)) { |
160 result.completeWithError(); | 316 result.completeWithError(); |
161 return; | 317 } |
318 } else { | |
319 if (!ImportKeyInternal(format, | |
320 key_data, | |
321 key_data_size, | |
322 algorithm_or_null, | |
323 extractable, | |
324 usage_mask, | |
325 &key)) { | |
326 result.completeWithError(); | |
327 } | |
162 } | 328 } |
163 DCHECK(key.handle()); | 329 DCHECK(key.handle()); |
164 DCHECK(!key.algorithm().isNull()); | 330 DCHECK(!key.algorithm().isNull()); |
165 DCHECK_EQ(extractable, key.extractable()); | 331 DCHECK_EQ(extractable, key.extractable()); |
166 result.completeWithKey(key); | 332 result.completeWithKey(key); |
167 } | 333 } |
168 | 334 |
169 void WebCryptoImpl::sign( | 335 void WebCryptoImpl::sign( |
170 const WebKit::WebCryptoAlgorithm& algorithm, | 336 const WebKit::WebCryptoAlgorithm& algorithm, |
171 const WebKit::WebCryptoKey& key, | 337 const WebKit::WebCryptoKey& key, |
(...skipping 25 matching lines...) Expand all Loading... | |
197 signature_size, | 363 signature_size, |
198 data, | 364 data, |
199 data_size, | 365 data_size, |
200 &signature_match)) { | 366 &signature_match)) { |
201 result.completeWithError(); | 367 result.completeWithError(); |
202 } else { | 368 } else { |
203 result.completeWithBoolean(signature_match); | 369 result.completeWithBoolean(signature_match); |
204 } | 370 } |
205 } | 371 } |
206 | 372 |
373 bool WebCryptoImpl::ImportKeyJwk( | |
374 const unsigned char* key_data, | |
375 unsigned key_data_size, | |
376 const WebKit::WebCryptoAlgorithm& algorithm_or_null, | |
377 bool extractable, | |
378 WebKit::WebCryptoKeyUsageMask usage_mask, | |
379 WebKit::WebCryptoKey* key) { | |
380 | |
381 // JSON Web Key Format (JWK) | |
382 // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16 | |
383 // TODO(padolph): Not all possible values are handled by this code right now | |
384 // | |
385 // A JWK is a simple JSON dictionary with the following entries | |
386 // - "kty" (Key Type) Parameter, REQUIRED | |
387 // - <kty-specific parameters, see below>, REQUIRED | |
388 // - "use" (Key Use) Parameter, OPTIONAL | |
389 // - "alg" (Algorithm) Parameter, OPTIONAL | |
390 // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE] | |
391 // (all other entries are ignored) | |
392 // | |
393 // Input key_data contains the JWK. To build a Web Crypto Key, the JWK values | |
394 // are parsed out and used as follows: | |
395 // Web Crypto Key type <-- (deduced) | |
396 // Web Crypto Key extractable <-- extractable | |
397 // Web Crypto Key algorithm <-- alg | |
398 // Web Crypto Key keyUsage <-- usage | |
399 // Web Crypto Key keying material <-- kty-specific parameters | |
400 // | |
401 // Values for each entry are case-sensitive and defined in | |
402 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16. | |
403 // Note that not all values specified by JOSE are handled by this code. Only | |
404 // handled values are listed. | |
405 // - kty (Key Type) | |
406 // +-------+--------------------------------------------------------------+ | |
407 // | "RSA" | RSA [RFC3447] | | |
408 // | "oct" | Octet sequence (used to represent symmetric keys) | | |
409 // +-------+--------------------------------------------------------------+ | |
410 // - use (Key Use) | |
411 // +-------+--------------------------------------------------------------+ | |
412 // | "enc" | encrypt and decrypt operations | | |
413 // | "sig" | sign and verify (MAC) operations | | |
414 // | "wrap"| key wrap and unwrap [not yet part of JOSE] | | |
415 // +-------+--------------------------------------------------------------+ | |
416 // - extractable (Key Exportability) | |
417 // +-------+--------------------------------------------------------------+ | |
418 // | true | Key may be exported from the trusted environment | | |
419 // | false | Key cannot exit the trusted environment | | |
420 // +-------+--------------------------------------------------------------+ | |
421 // - alg (Algorithm) | |
422 // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16 | |
423 // +--------------+-------------------------------------------------------+ | |
424 // | Digital Signature or MAC Algorithm | | |
425 // +--------------+-------------------------------------------------------+ | |
426 // | "HS256" | HMAC using SHA-256 hash algorithm | | |
427 // | "HS384" | HMAC using SHA-384 hash algorithm | | |
428 // | "HS512" | HMAC using SHA-512 hash algorithm | | |
429 // | "RS256" | RSASSA using SHA-256 hash algorithm | | |
430 // | "RS384" | RSASSA using SHA-384 hash algorithm | | |
431 // | "RS512" | RSASSA using SHA-512 hash algorithm | | |
432 // +--------------+-------------------------------------------------------| | |
433 // | Key Management Algorithm | | |
434 // +--------------+-------------------------------------------------------+ | |
435 // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | | |
436 // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | | |
437 // | | (OAEP) [RFC3447], with the default parameters | | |
438 // | | specified by RFC3447 in Section A.2.1 | | |
439 // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | | |
440 // | | [RFC3394] using 128 bit keys | | |
441 // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | | |
442 // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | | |
443 // | | 128 bit keys | | |
444 // | "A256GCM" | AES GCM using 256 bit keys | | |
445 // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | | |
446 // | | padding [NIST.800-38A] [not yet part of JOSE] | | |
447 // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] | | |
448 // | "A384CBC" | AES CBC using 384 bit keys [not yet part of JOSE] | | |
449 // | "A512CBC" | AES CBC using 512 bit keys [not yet part of JOSE] | | |
450 // +--------------+-------------------------------------------------------+ | |
451 // | |
452 // kty-specific parameters | |
453 // The value of kty determines the type and content of the keying material | |
454 // carried in the JWK to be imported. Currently only two possibilities are | |
455 // supported: a raw key or an RSA public key. RSA private keys are not | |
456 // supported because typical applications seldom need to import a private key, | |
457 // and the large number of JWK parameters required to describe one. | |
458 // - kty == "oct" (symmetric or other raw key) | |
459 // +-------+--------------------------------------------------------------+ | |
460 // | "k" | Contains the value of the symmetric (or other single-valued) | | |
461 // | | key. It is represented as the base64url encoding of the | | |
462 // | | octet sequence containing the key value. | | |
463 // +-------+--------------------------------------------------------------+ | |
464 // - kty == "RSA" (RSA public key) | |
465 // +-------+--------------------------------------------------------------+ | |
466 // | "n" | Contains the modulus value for the RSA public key. It is | | |
467 // | | represented as the base64url encoding of the value's | | |
468 // | | unsigned big endian representation as an octet sequence. | | |
469 // +-------+--------------------------------------------------------------+ | |
470 // | "e" | Contains the exponent value for the RSA public key. It is | | |
471 // | | represented as the base64url encoding of the value's | | |
472 // | | unsigned big endian representation as an octet sequence. | | |
473 // +-------+--------------------------------------------------------------+ | |
474 // | |
475 // Conflict resolution | |
476 // The algorithm_or_null, extractable, and usage_mask input parameters may be | |
477 // different from similar values inside the JWK. The Web Crypto spec says that | |
478 // if a JWK value is present but is inconsistent with the input value, it is | |
479 // an error and the operation must fail. Conversely, should they be missing | |
480 // from the JWK, the input values should be used to "fill-in" for the | |
481 // corresponding JWK-optional values (use, alg, extractable). | |
482 | |
483 DCHECK(key); | |
484 | |
485 // Parse the incoming JWK JSON. | |
486 if (!key_data || !key_data_size) | |
487 return false; | |
488 base::StringPiece json_string(reinterpret_cast<const char*>(key_data), | |
489 key_data_size); | |
490 scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); | |
491 // Note, bare pointer dict_value is ok since it points into scoped value. | |
492 base::DictionaryValue* dict_value = NULL; | |
493 if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) | |
494 return false; | |
495 | |
496 // JWK "kty". Exit early if this required JWK parameter is missing. | |
497 std::string jwk_kty_value; | |
498 if (!dict_value->GetString("kty", &jwk_kty_value)) | |
499 return false; | |
500 | |
501 // JWK "extractable" (optional) --> extractable parameter | |
502 { | |
503 bool jwk_extractable_value; | |
504 if (dict_value->GetBoolean("extractable", &jwk_extractable_value)) { | |
505 if (jwk_extractable_value != extractable) | |
506 return false; | |
507 } | |
508 } | |
509 | |
510 // JWK "alg" (optional) --> algorithm parameter | |
511 // Note: input algorithm is also optional, so we have six cases to handle. | |
512 // 1. JWK alg present but unrecognized: error | |
513 // 2. JWK alg valid AND input algorithm isNull: use JWK value | |
514 // 3. JWK alg valid AND input algorithm specified, but JWK value | |
515 // inconsistent with input: error | |
516 // 4. JWK alg valid AND input algorithm specified, both consistent: use | |
517 // input value (because it has potentially more details) | |
518 // 5. JWK alg missing AND input algorithm isNull: error | |
519 // 6. JWK alg missing AND input algorithm specified: use input value | |
520 WebKit::WebCryptoAlgorithm algorithm = | |
521 WebKit::WebCryptoAlgorithm::createNull(); | |
522 std::string jwk_alg_value; | |
523 if (dict_value->GetString("alg", &jwk_alg_value)) { | |
524 // JWK alg present | |
525 const WebKit::WebCryptoAlgorithm jwk_algorithm = | |
526 jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value); | |
527 if (jwk_algorithm.isNull()) { | |
528 // JWK alg unrecognized | |
529 return false; // case 1 | |
530 } | |
531 // JWK alg valid | |
532 if (algorithm_or_null.isNull()) { | |
533 // input algorithm not specified | |
534 algorithm = jwk_algorithm; // case 2 | |
535 } else { | |
536 // input algorithm specified | |
537 if (!WebCryptoAlgorithmsConsistent(jwk_algorithm, algorithm_or_null)) | |
538 return false; // case 3 | |
539 algorithm = algorithm_or_null; // case 4 | |
540 } | |
541 } else { | |
542 // JWK alg missing | |
543 if (algorithm_or_null.isNull()) | |
544 return false; // case 5 | |
545 algorithm = algorithm_or_null; // case 6 | |
546 } | |
547 DCHECK(!algorithm.isNull()); | |
548 | |
549 // JWK "use" (optional) --> usage_mask parameter | |
550 std::string jwk_use_value; | |
551 if (dict_value->GetString("use", &jwk_use_value)) { | |
552 WebKit::WebCryptoKeyUsageMask jwk_usage_mask = 0; | |
553 if (jwk_use_value == "enc") { | |
554 jwk_usage_mask = | |
555 WebKit::WebCryptoKeyUsageEncrypt | WebKit::WebCryptoKeyUsageDecrypt; | |
556 } else if (jwk_use_value == "sig") { | |
557 jwk_usage_mask = | |
558 WebKit::WebCryptoKeyUsageSign | WebKit::WebCryptoKeyUsageVerify; | |
559 } else if (jwk_use_value == "wrap") { | |
560 jwk_usage_mask = | |
561 WebKit::WebCryptoKeyUsageWrapKey | WebKit::WebCryptoKeyUsageUnwrapKey; | |
562 } else { | |
563 return false; | |
564 } | |
565 if ((jwk_usage_mask & usage_mask) != usage_mask) { | |
566 // A usage_mask must be a subset of jwk_usage_mask. | |
567 return false; | |
568 } | |
569 } | |
570 | |
571 // JWK keying material --> ImportKeyInternal() | |
572 if (jwk_kty_value == "oct") { | |
573 std::string jwk_k_value_url64; | |
574 if (!dict_value->GetString("k", &jwk_k_value_url64)) | |
575 return false; | |
576 std::string jwk_k_value; | |
577 if (!Base64DecodeUrlSafe(jwk_k_value_url64, &jwk_k_value) || | |
578 !jwk_k_value.size()) { | |
579 return false; | |
580 } | |
581 // AES JWK alg ID's embed the intended key length in the ID string. Validate | |
582 // the actual key length against it. | |
583 if (IsJwkAlgAes(jwk_alg_value)) { | |
584 unsigned int jwk_alg_key_len_bits = 0; | |
585 if (ExtractUnsignedIntFromString(jwk_alg_value, &jwk_alg_key_len_bits) && | |
586 (jwk_alg_key_len_bits / 8 != jwk_k_value.size())) { | |
587 return false; | |
588 } | |
589 } | |
590 return ImportKeyInternal(WebKit::WebCryptoKeyFormatRaw, | |
591 reinterpret_cast<const uint8*>(jwk_k_value.data()), | |
592 jwk_k_value.size(), | |
593 algorithm, | |
594 extractable, | |
595 usage_mask, | |
596 key); | |
597 } else if (jwk_kty_value == "RSA") { | |
598 // TODO(padolph): JWK import RSA public key | |
599 return false; | |
600 } else { | |
601 return false; | |
602 } | |
603 | |
604 return true; | |
605 } | |
606 | |
207 } // namespace content | 607 } // namespace content |
OLD | NEW |