[webcrypto] Add JWK import for HMAC and AES-CBC key.

content/renderer/webcrypto/webcrypto_util.cc

Index: content/renderer/webcrypto/webcrypto_util.cc
diff --git a/content/renderer/webcrypto/webcrypto_util.cc b/content/renderer/webcrypto/webcrypto_util.cc
new file mode 100644
index 0000000000000000000000000000000000000000..64c01161fedb879f8b5b10f058050c1e8aabaf37
--- /dev/null
+++ b/content/renderer/webcrypto/webcrypto_util.cc
@@ -0,0 +1,174 @@
+// Copyright (c) 2013 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "content/renderer/webcrypto/webcrypto_util.h"
+
+#include "base/base64.h"
+#include "base/logging.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+
+namespace content {
+
+namespace {
+
+WebKit::WebCryptoAlgorithm CreateAesKeyGenAlgorithm(
+    WebKit::WebCryptoAlgorithmId aes_alg_id,
+    unsigned short length) {
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      aes_alg_id, new WebKit::WebCryptoAesKeyGenParams(length));
+}
+
+WebKit::WebCryptoAlgorithm CreateAlgorithmWithInnerHash(
+    WebKit::WebCryptoAlgorithmId algorithm_id,
+    unsigned short hash_key_length) {
+  WebKit::WebCryptoAlgorithmId hash_id;
+  switch (hash_key_length) {
+    case 160:
+      hash_id = WebKit::WebCryptoAlgorithmIdSha1;
+      break;
+    case 224:
+      hash_id = WebKit::WebCryptoAlgorithmIdSha224;
+      break;
+    case 256:
+      hash_id = WebKit::WebCryptoAlgorithmIdSha256;
+      break;
+    case 384:
+      hash_id = WebKit::WebCryptoAlgorithmIdSha384;
+      break;
+    case 512:
+      hash_id = WebKit::WebCryptoAlgorithmIdSha512;
+      break;
+    default:
+      NOTREACHED();
+      return WebKit::WebCryptoAlgorithm::createNull();
+  }
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      algorithm_id, new WebKit::WebCryptoHmacParams(CreateAlgorithm(hash_id)));
+}
+
+}  // namespace
+
+const uint8* Start(const std::vector<uint8>& data) {
+  if (data.empty())
+    return NULL;
+  return &data[0];
+}
+
+void ShrinkBuffer(WebKit::WebArrayBuffer* buffer, unsigned new_size) {
+  DCHECK_LE(new_size, buffer->byteLength());
+
+  if (new_size == buffer->byteLength())
+    return;
+
+  WebKit::WebArrayBuffer new_buffer =
+      WebKit::WebArrayBuffer::create(new_size, 1);
+  DCHECK(!new_buffer.isNull());
+  memcpy(new_buffer.data(), buffer->data(), new_size);
+  *buffer = new_buffer;
+}
+
+bool Base64DecodeUrlSafe(const std::string& input, std::string* output) {
+  std::string base64EncodedText(input);
+  std::replace(base64EncodedText.begin(), base64EncodedText.end(), '-', '+');
+  std::replace(base64EncodedText.begin(), base64EncodedText.end(), '_', '/');
+  base64EncodedText.append((4 - base64EncodedText.size() % 4) % 4, '=');
+  return base::Base64Decode(base64EncodedText, output);
+}
+
+WebKit::WebCryptoAlgorithm GetInnerHashAlgorithm(
+    const WebKit::WebCryptoAlgorithm& algorithm) {
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdHmac: {
+      const WebKit::WebCryptoHmacParams* const params = algorithm.hmacParams();

[eroman, 2013/10/29 03:03:46]

Cant get rid of the local variable, and consequently the need for curly braces
in switch statement:

   return algorithm.hmacParams()->hash();

[padolph, 2013/10/29 22:57:01]

replaced function with your version below.

+      return params->hash();
+    }
+    case WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
+      const WebKit::WebCryptoRsaSsaParams* const params =
+          algorithm.rsaSsaParams();
+      return params->hash();

[eroman, 2013/10/29 03:03:46]

WebCryptoAlgorithm can have different parameter types depending for the same
algorithmid, depending on the context it was normalized in.

The spec currently lists "None" as the parameters for importKey(), so params
would end up being NULL:

https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#rsassa-p...

A safer way to write this function would be:

if (algorithm.hmacParams())
  return algorithm.hmacParams()->hash();
if (algorithm.hmacKeyParams())
  return algorithm.hmacKeyParams()->hash();
if (algorithm.rsaSsaParams())
  return algorithm.rsaSsaParams()->hash();
if (algorithm.rsaOaepParams())
  return algorithm.rsaOaepParams()->hash();

[padolph, 2013/10/29 22:57:01]

Done.

+    }
+    case WebKit::WebCryptoAlgorithmIdRsaOaep: {
+      const WebKit::WebCryptoRsaOaepParams* const params =
+          algorithm.rsaOaepParams();
+      return params->hash();
+    }
+    default:
+      return WebKit::WebCryptoAlgorithm::createNull();
+  }
+}
+
+WebKit::WebCryptoAlgorithm CreateAlgorithm(WebKit::WebCryptoAlgorithmId id) {
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(id, NULL);
+}
+
+WebKit::WebCryptoAlgorithm CreateHmacAlgorithmByKeyLen(
+    unsigned short hash_key_length) {
+  return CreateAlgorithmWithInnerHash(WebKit::WebCryptoAlgorithmIdHmac,
+                                      hash_key_length);
+}
+
+WebKit::WebCryptoAlgorithm CreateHmacAlgorithmByHashId(
+    WebKit::WebCryptoAlgorithmId hash_id) {
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      WebKit::WebCryptoAlgorithmIdHmac,
+      new WebKit::WebCryptoHmacParams(CreateAlgorithm(hash_id)));
+}
+
+WebKit::WebCryptoAlgorithm CreateHmacKeyGenAlgorithm(
+    WebKit::WebCryptoAlgorithmId hash_id,
+    unsigned hash_length) {
+  // hash_length < 0 means unspecified
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      WebKit::WebCryptoAlgorithmIdHmac,
+      new WebKit::WebCryptoHmacKeyParams(
+          CreateAlgorithm(hash_id), (hash_length != 0), hash_length));
+}
+
+WebKit::WebCryptoAlgorithm CreateRsaEsAlgorithm() {
+  return CreateAlgorithm(WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5);
+}
+
+WebKit::WebCryptoAlgorithm CreateRsaSsaAlgorithmByKeyLen(

[Ryan Sleevi, 2013/10/29 18:05:13]

I don't understand why this function is calling CreateAlgorithmWithInnerHash

Why are you passing hash_key_length? What relationship is that to KeyLen? Why
not pass the actual inner hash?

[padolph, 2013/10/29 22:57:01]

Sorry, I agree this is just wrong. Not sure what happened there.
I replaced this code.

+    unsigned short hash_key_length) {
+  return CreateAlgorithmWithInnerHash(
+      WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5, hash_key_length);
+}
+
+WebKit::WebCryptoAlgorithm CreateRsaOaepAlgorithmByKeyLen(
+    unsigned short hash_key_length) {
+  return CreateAlgorithmWithInnerHash(WebKit::WebCryptoAlgorithmIdRsaOaep,
+                                      hash_key_length);
+}
+
+WebKit::WebCryptoAlgorithm CreateAesCbcAlgorithm(const std::vector<uint8>& iv) {
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      WebKit::WebCryptoAlgorithmIdAesCbc,
+      new WebKit::WebCryptoAesCbcParams(Start(iv), iv.size()));
+}
+
+WebKit::WebCryptoAlgorithm CreateAesGcmAlgorithm(
+    const std::vector<uint8>& iv,
+    const std::vector<uint8>& additional_data,
+    unsigned char tag_length) {
+  return WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+      WebKit::WebCryptoAlgorithmIdAesCbc,
+      new WebKit::WebCryptoAesGcmParams(Start(iv),
+                                        iv.size(),
+                                        additional_data.size(),
+                                        Start(additional_data),
+                                        additional_data.size(),
+                                        tag_length != 0,
+                                        tag_length));
+}
+
+WebKit::WebCryptoAlgorithm CreateAesCbcKeyGenAlgorithm(unsigned short length) {
+  return CreateAesKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdAesCbc, length);
+}
+
+WebKit::WebCryptoAlgorithm CreateAesGcmKeyGenAlgorithm(unsigned short length) {
+  return CreateAesKeyGenAlgorithm(WebKit::WebCryptoAlgorithmIdAesGcm, length);
+}
+
+}  // namespace content