| Index: content/renderer/webcrypto/webcrypto_impl.cc
|
| diff --git a/content/renderer/webcrypto/webcrypto_impl.cc b/content/renderer/webcrypto/webcrypto_impl.cc
|
| index 4c4f3bf8d137975fb7517f17211666d05f06ef19..c70a42386f20bbac688bdc74a6a3dc6611c99b1d 100644
|
| --- a/content/renderer/webcrypto/webcrypto_impl.cc
|
| +++ b/content/renderer/webcrypto/webcrypto_impl.cc
|
| @@ -4,10 +4,18 @@
|
|
|
| #include "content/renderer/webcrypto/webcrypto_impl.h"
|
|
|
| +#include <algorithm>
|
| +#include <functional>
|
| +#include <map>
|
| +#include "base/json/json_reader.h"
|
| +#include "base/lazy_instance.h"
|
| #include "base/logging.h"
|
| #include "base/memory/scoped_ptr.h"
|
| -#include "third_party/WebKit/public/platform/WebArrayBuffer.h"
|
| +#include "base/strings/string_piece.h"
|
| +#include "base/values.h"
|
| +#include "content/renderer/webcrypto/webcrypto_util.h"
|
| #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
|
| +#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
|
| #include "third_party/WebKit/public/platform/WebCryptoKey.h"
|
|
|
| namespace content {
|
| @@ -22,28 +30,128 @@ bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) {
|
| algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep);
|
| }
|
|
|
| -} // namespace
|
| +// Binds a specific key length value to a compatible factory function.
|
| +typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithOneShortArg)(
|
| + unsigned short);
|
| +template <AlgFactoryFuncWithOneShortArg func, unsigned short key_length>
|
| +blink::WebCryptoAlgorithm BindAlgFactoryWithKeyLen() {
|
| + return func(key_length);
|
| +}
|
|
|
| -WebCryptoImpl::WebCryptoImpl() {
|
| - Init();
|
| +// Binds a WebCryptoAlgorithmId value to a compatible factory function.
|
| +typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithWebCryptoAlgIdArg)(
|
| + blink::WebCryptoAlgorithmId);
|
| +template <AlgFactoryFuncWithWebCryptoAlgIdArg func,
|
| + blink::WebCryptoAlgorithmId algorithm_id>
|
| +blink::WebCryptoAlgorithm BindAlgFactoryAlgorithmId() {
|
| + return func(algorithm_id);
|
| }
|
|
|
| -// static
|
| -// TODO(eroman): This works by re-allocating a new buffer. It would be better if
|
| -// the WebArrayBuffer could just be truncated instead.
|
| -void WebCryptoImpl::ShrinkBuffer(
|
| - blink::WebArrayBuffer* buffer,
|
| - unsigned new_size) {
|
| - DCHECK_LE(new_size, buffer->byteLength());
|
| +// Defines a map between a JWK 'alg' string ID and a corresponding Web Crypto
|
| +// factory function.
|
| +typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncNoArgs)();
|
| +typedef std::map<std::string, AlgFactoryFuncNoArgs> JwkAlgFactoryMap;
|
|
|
| - if (new_size == buffer->byteLength())
|
| - return;
|
| +class JwkAlgorithmFactoryMap {
|
| + public:
|
| + JwkAlgorithmFactoryMap() {
|
| + map_["HS256"] =
|
| + &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen,
|
| + 256>;
|
| + map_["HS384"] =
|
| + &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen,
|
| + 384>;
|
| + map_["HS512"] =
|
| + &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen,
|
| + 512>;
|
| + map_["RS256"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
|
| + blink::WebCryptoAlgorithmIdSha256>;
|
| + map_["RS384"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
|
| + blink::WebCryptoAlgorithmIdSha384>;
|
| + map_["RS512"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm,
|
| + blink::WebCryptoAlgorithmIdSha512>;
|
| + map_["RSA1_5"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>;
|
| + map_["RSA-OAEP"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaOaepAlgorithm,
|
| + blink::WebCryptoAlgorithmIdSha1>;
|
| + // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet
|
| + map_["A128KW"] = &blink::WebCryptoAlgorithm::createNull;
|
| + // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet
|
| + map_["A256KW"] = &blink::WebCryptoAlgorithm::createNull;
|
| + map_["A128GCM"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdAesGcm>;
|
| + map_["A256GCM"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdAesGcm>;
|
| + map_["A128CBC"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdAesCbc>;
|
| + map_["A192CBC"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdAesCbc>;
|
| + map_["A256CBC"] =
|
| + &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm,
|
| + blink::WebCryptoAlgorithmIdAesCbc>;
|
| + }
|
| +
|
| + blink::WebCryptoAlgorithm CreateAlgorithmFromName(const std::string& alg_id)
|
| + const {
|
| + const JwkAlgFactoryMap::const_iterator pos = map_.find(alg_id);
|
| + if (pos == map_.end())
|
| + return blink::WebCryptoAlgorithm::createNull();
|
| + return pos->second();
|
| + }
|
|
|
| - blink::WebArrayBuffer new_buffer =
|
| - blink::WebArrayBuffer::create(new_size, 1);
|
| - DCHECK(!new_buffer.isNull());
|
| - memcpy(new_buffer.data(), buffer->data(), new_size);
|
| - *buffer = new_buffer;
|
| + private:
|
| + JwkAlgFactoryMap map_;
|
| +};
|
| +
|
| +base::LazyInstance<JwkAlgorithmFactoryMap> jwk_alg_factory =
|
| + LAZY_INSTANCE_INITIALIZER;
|
| +
|
| +bool WebCryptoAlgorithmsConsistent(const blink::WebCryptoAlgorithm& alg1,
|
| + const blink::WebCryptoAlgorithm& alg2) {
|
| + DCHECK(!alg1.isNull());
|
| + DCHECK(!alg2.isNull());
|
| + if (alg1.id() != alg2.id())
|
| + return false;
|
| + switch (alg1.id()) {
|
| + case blink::WebCryptoAlgorithmIdHmac:
|
| + case blink::WebCryptoAlgorithmIdRsaOaep:
|
| + case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
|
| + if (WebCryptoAlgorithmsConsistent(
|
| + webcrypto::GetInnerHashAlgorithm(alg1),
|
| + webcrypto::GetInnerHashAlgorithm(alg2))) {
|
| + return true;
|
| + }
|
| + break;
|
| + case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
|
| + case blink::WebCryptoAlgorithmIdSha1:
|
| + case blink::WebCryptoAlgorithmIdSha224:
|
| + case blink::WebCryptoAlgorithmIdSha256:
|
| + case blink::WebCryptoAlgorithmIdSha384:
|
| + case blink::WebCryptoAlgorithmIdSha512:
|
| + case blink::WebCryptoAlgorithmIdAesCbc:
|
| + case blink::WebCryptoAlgorithmIdAesGcm:
|
| + case blink::WebCryptoAlgorithmIdAesCtr:
|
| + return true;
|
| + default:
|
| + NOTREACHED(); // Not a supported algorithm.
|
| + break;
|
| + }
|
| + return false;
|
| +}
|
| +
|
| +} // namespace
|
| +
|
| +WebCryptoImpl::WebCryptoImpl() {
|
| + Init();
|
| }
|
|
|
| void WebCryptoImpl::encrypt(
|
| @@ -140,15 +248,27 @@ void WebCryptoImpl::importKey(
|
| blink::WebCryptoKeyUsageMask usage_mask,
|
| blink::WebCryptoResult result) {
|
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull();
|
| - if (!ImportKeyInternal(format,
|
| - key_data,
|
| - key_data_size,
|
| - algorithm_or_null,
|
| - extractable,
|
| - usage_mask,
|
| - &key)) {
|
| - result.completeWithError();
|
| - return;
|
| + if (format == blink::WebCryptoKeyFormatJwk) {
|
| + if (!ImportKeyJwk(key_data,
|
| + key_data_size,
|
| + algorithm_or_null,
|
| + extractable,
|
| + usage_mask,
|
| + &key)) {
|
| + result.completeWithError();
|
| + return;
|
| + }
|
| + } else {
|
| + if (!ImportKeyInternal(format,
|
| + key_data,
|
| + key_data_size,
|
| + algorithm_or_null,
|
| + extractable,
|
| + usage_mask,
|
| + &key)) {
|
| + result.completeWithError();
|
| + return;
|
| + }
|
| }
|
| DCHECK(key.handle());
|
| DCHECK(!key.algorithm().isNull());
|
| @@ -206,4 +326,269 @@ void WebCryptoImpl::verifySignature(
|
| }
|
| }
|
|
|
| +bool WebCryptoImpl::ImportKeyJwk(
|
| + const unsigned char* key_data,
|
| + unsigned key_data_size,
|
| + const blink::WebCryptoAlgorithm& algorithm_or_null,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) {
|
| +
|
| + // The goal of this method is to extract key material and meta data from the
|
| + // incoming JWK, combine them with the input parameters, and ultimately import
|
| + // a Web Crypto Key.
|
| + //
|
| + // JSON Web Key Format (JWK)
|
| + // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16
|
| + // TODO(padolph): Not all possible values are handled by this code right now
|
| + //
|
| + // A JWK is a simple JSON dictionary with the following entries
|
| + // - "kty" (Key Type) Parameter, REQUIRED
|
| + // - <kty-specific parameters, see below>, REQUIRED
|
| + // - "use" (Key Use) Parameter, OPTIONAL
|
| + // - "alg" (Algorithm) Parameter, OPTIONAL
|
| + // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE,
|
| + // see https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796]
|
| + // (all other entries are ignored)
|
| + //
|
| + // OPTIONAL here means that this code does not require the entry to be present
|
| + // in the incoming JWK, because the method input parameters contain similar
|
| + // information. If the optional JWK entry is present, it will be validated
|
| + // against the corresponding input parameter for consistency and combined with
|
| + // it according to rules defined below. A special case is that the method
|
| + // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg'
|
| + // value (if present) is used as a fallback.
|
| + //
|
| + // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK
|
| + // values are parsed out and combined with the method input parameters to
|
| + // build a Web Crypto Key:
|
| + // Web Crypto Key type <-- (deduced)
|
| + // Web Crypto Key extractable <-- JWK extractable + input extractable
|
| + // Web Crypto Key algorithm <-- JWK alg + input algorithm
|
| + // Web Crypto Key keyUsage <-- JWK use + input usage_mask
|
| + // Web Crypto Key keying material <-- kty-specific parameters
|
| + //
|
| + // Values for each JWK entry are case-sensitive and defined in
|
| + // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16.
|
| + // Note that not all values specified by JOSE are handled by this code. Only
|
| + // handled values are listed.
|
| + // - kty (Key Type)
|
| + // +-------+--------------------------------------------------------------+
|
| + // | "RSA" | RSA [RFC3447] |
|
| + // | "oct" | Octet sequence (used to represent symmetric keys) |
|
| + // +-------+--------------------------------------------------------------+
|
| + // - use (Key Use)
|
| + // +-------+--------------------------------------------------------------+
|
| + // | "enc" | encrypt and decrypt operations |
|
| + // | "sig" | sign and verify (MAC) operations |
|
| + // | "wrap"| key wrap and unwrap [not yet part of JOSE] |
|
| + // +-------+--------------------------------------------------------------+
|
| + // - extractable (Key Exportability)
|
| + // +-------+--------------------------------------------------------------+
|
| + // | true | Key may be exported from the trusted environment |
|
| + // | false | Key cannot exit the trusted environment |
|
| + // +-------+--------------------------------------------------------------+
|
| + // - alg (Algorithm)
|
| + // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16
|
| + // +--------------+-------------------------------------------------------+
|
| + // | Digital Signature or MAC Algorithm |
|
| + // +--------------+-------------------------------------------------------+
|
| + // | "HS256" | HMAC using SHA-256 hash algorithm |
|
| + // | "HS384" | HMAC using SHA-384 hash algorithm |
|
| + // | "HS512" | HMAC using SHA-512 hash algorithm |
|
| + // | "RS256" | RSASSA using SHA-256 hash algorithm |
|
| + // | "RS384" | RSASSA using SHA-384 hash algorithm |
|
| + // | "RS512" | RSASSA using SHA-512 hash algorithm |
|
| + // +--------------+-------------------------------------------------------|
|
| + // | Key Management Algorithm |
|
| + // +--------------+-------------------------------------------------------+
|
| + // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] |
|
| + // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding |
|
| + // | | (OAEP) [RFC3447], with the default parameters |
|
| + // | | specified by RFC3447 in Section A.2.1 |
|
| + // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm |
|
| + // | | [RFC3394] using 128 bit keys |
|
| + // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys |
|
| + // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using |
|
| + // | | 128 bit keys |
|
| + // | "A256GCM" | AES GCM using 256 bit keys |
|
| + // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 |
|
| + // | | padding [NIST.800-38A] [not yet part of JOSE, see |
|
| + // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 |
|
| + // | "A192CBC" | AES CBC using 192 bit keys [not yet part of JOSE] |
|
| + // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] |
|
| + // +--------------+-------------------------------------------------------+
|
| + //
|
| + // kty-specific parameters
|
| + // The value of kty determines the type and content of the keying material
|
| + // carried in the JWK to be imported. Currently only two possibilities are
|
| + // supported: a raw key or an RSA public key. RSA private keys are not
|
| + // supported because typical applications seldom need to import a private key,
|
| + // and the large number of JWK parameters required to describe one.
|
| + // - kty == "oct" (symmetric or other raw key)
|
| + // +-------+--------------------------------------------------------------+
|
| + // | "k" | Contains the value of the symmetric (or other single-valued) |
|
| + // | | key. It is represented as the base64url encoding of the |
|
| + // | | octet sequence containing the key value. |
|
| + // +-------+--------------------------------------------------------------+
|
| + // - kty == "RSA" (RSA public key)
|
| + // +-------+--------------------------------------------------------------+
|
| + // | "n" | Contains the modulus value for the RSA public key. It is |
|
| + // | | represented as the base64url encoding of the value's |
|
| + // | | unsigned big endian representation as an octet sequence. |
|
| + // +-------+--------------------------------------------------------------+
|
| + // | "e" | Contains the exponent value for the RSA public key. It is |
|
| + // | | represented as the base64url encoding of the value's |
|
| + // | | unsigned big endian representation as an octet sequence. |
|
| + // +-------+--------------------------------------------------------------+
|
| + //
|
| + // Consistency and conflict resolution
|
| + // The 'algorithm_or_null', 'extractable', and 'usage_mask' input parameters
|
| + // may be different than the corresponding values inside the JWK. The Web
|
| + // Crypto spec says that if a JWK value is present but is inconsistent with
|
| + // the input value, it is an error and the operation must fail. If no
|
| + // inconsistency is found, the input and JWK values are combined as follows:
|
| + //
|
| + // algorithm
|
| + // If an algorithm is provided by both the input parameter and the JWK,
|
| + // consistency between the two is based only on algorithm ID's (including an
|
| + // inner hash algorithm if present). In this case if the consistency
|
| + // check is passed, the input algorithm is used. If only one of either the
|
| + // input algorithm and JWK alg is provided, it is used as the final
|
| + // algorithm.
|
| + //
|
| + // extractable
|
| + // If the JWK extractable is true but the input parameter is false, make the
|
| + // Web Crypto Key non-extractable. Conversely, if the JWK extractable is
|
| + // false but the input parameter is true, it is an inconsistency. If both
|
| + // are true or both are false, use that value.
|
| + //
|
| + // usage_mask
|
| + // The input usage_mask must be a strict subset of the interpreted JWK use
|
| + // value, else it is judged inconsistent. In all cases the input usage_mask
|
| + // is used as the final usage_mask.
|
| + //
|
| +
|
| + if (!key_data_size)
|
| + return false;
|
| + DCHECK(key);
|
| +
|
| + // Parse the incoming JWK JSON.
|
| + base::StringPiece json_string(reinterpret_cast<const char*>(key_data),
|
| + key_data_size);
|
| + scoped_ptr<base::Value> value(base::JSONReader::Read(json_string));
|
| + // Note, bare pointer dict_value is ok since it points into scoped value.
|
| + base::DictionaryValue* dict_value = NULL;
|
| + if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value)
|
| + return false;
|
| +
|
| + // JWK "kty". Exit early if this required JWK parameter is missing.
|
| + std::string jwk_kty_value;
|
| + if (!dict_value->GetString("kty", &jwk_kty_value))
|
| + return false;
|
| +
|
| + // JWK "extractable" (optional) --> extractable parameter
|
| + {
|
| + bool jwk_extractable_value;
|
| + if (dict_value->GetBoolean("extractable", &jwk_extractable_value)) {
|
| + if (!jwk_extractable_value && extractable)
|
| + return false;
|
| + extractable = extractable && jwk_extractable_value;
|
| + }
|
| + }
|
| +
|
| + // JWK "alg" (optional) --> algorithm parameter
|
| + // Note: input algorithm is also optional, so we have six cases to handle.
|
| + // 1. JWK alg present but unrecognized: error
|
| + // 2. JWK alg valid AND input algorithm isNull: use JWK value
|
| + // 3. JWK alg valid AND input algorithm specified, but JWK value
|
| + // inconsistent with input: error
|
| + // 4. JWK alg valid AND input algorithm specified, both consistent: use
|
| + // input value (because it has potentially more details)
|
| + // 5. JWK alg missing AND input algorithm isNull: error
|
| + // 6. JWK alg missing AND input algorithm specified: use input value
|
| + blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull();
|
| + std::string jwk_alg_value;
|
| + if (dict_value->GetString("alg", &jwk_alg_value)) {
|
| + // JWK alg present
|
| + const blink::WebCryptoAlgorithm jwk_algorithm =
|
| + jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value);
|
| + if (jwk_algorithm.isNull()) {
|
| + // JWK alg unrecognized
|
| + return false; // case 1
|
| + }
|
| + // JWK alg valid
|
| + if (algorithm_or_null.isNull()) {
|
| + // input algorithm not specified
|
| + algorithm = jwk_algorithm; // case 2
|
| + } else {
|
| + // input algorithm specified
|
| + if (!WebCryptoAlgorithmsConsistent(jwk_algorithm, algorithm_or_null))
|
| + return false; // case 3
|
| + algorithm = algorithm_or_null; // case 4
|
| + }
|
| + } else {
|
| + // JWK alg missing
|
| + if (algorithm_or_null.isNull())
|
| + return false; // case 5
|
| + algorithm = algorithm_or_null; // case 6
|
| + }
|
| + DCHECK(!algorithm.isNull());
|
| +
|
| + // JWK "use" (optional) --> usage_mask parameter
|
| + std::string jwk_use_value;
|
| + if (dict_value->GetString("use", &jwk_use_value)) {
|
| + blink::WebCryptoKeyUsageMask jwk_usage_mask = 0;
|
| + if (jwk_use_value == "enc") {
|
| + jwk_usage_mask =
|
| + blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt;
|
| + } else if (jwk_use_value == "sig") {
|
| + jwk_usage_mask =
|
| + blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
|
| + } else if (jwk_use_value == "wrap") {
|
| + jwk_usage_mask =
|
| + blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey;
|
| + } else {
|
| + return false;
|
| + }
|
| + if ((jwk_usage_mask & usage_mask) != usage_mask) {
|
| + // A usage_mask must be a subset of jwk_usage_mask.
|
| + return false;
|
| + }
|
| + }
|
| +
|
| + // JWK keying material --> ImportKeyInternal()
|
| + if (jwk_kty_value == "oct") {
|
| + std::string jwk_k_value_url64;
|
| + if (!dict_value->GetString("k", &jwk_k_value_url64))
|
| + return false;
|
| + std::string jwk_k_value;
|
| + if (!webcrypto::Base64DecodeUrlSafe(jwk_k_value_url64, &jwk_k_value) ||
|
| + !jwk_k_value.size()) {
|
| + return false;
|
| + }
|
| +
|
| + // TODO(padolph): Some JWK alg ID's embed information about the key length
|
| + // in the alg ID string. For example "A128" implies the JWK carries 128 bits
|
| + // of key material, and "HS512" implies the JWK carries _at least_ 512 bits
|
| + // of key material. For such keys validate the actual key length against the
|
| + // value in the ID.
|
| +
|
| + return ImportKeyInternal(blink::WebCryptoKeyFormatRaw,
|
| + reinterpret_cast<const uint8*>(jwk_k_value.data()),
|
| + jwk_k_value.size(),
|
| + algorithm,
|
| + extractable,
|
| + usage_mask,
|
| + key);
|
| + } else if (jwk_kty_value == "RSA") {
|
| + // TODO(padolph): JWK import RSA public key
|
| + return false;
|
| + } else {
|
| + return false;
|
| + }
|
| +
|
| + return true;
|
| +}
|
| +
|
| } // namespace content
|
|
|
Chromium Code Reviews
Issue 25906002:
[webcrypto] Add JWK import for HMAC and AES-CBC key. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master