OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
(...skipping 357 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
368 algorithm, | 368 algorithm, |
369 extractable, | 369 extractable, |
370 usage_mask, | 370 usage_mask, |
371 key); | 371 key); |
372 } | 372 } |
373 default: | 373 default: |
374 return Status::ErrorUnsupported(); | 374 return Status::ErrorUnsupported(); |
375 } | 375 } |
376 } | 376 } |
377 | 377 |
378 Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key, | 378 Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap, |
379 const blink::WebCryptoKey& key_to_wrap, | 379 const blink::WebCryptoKey& wrapping_key, |
380 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 380 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
381 std::vector<uint8>* buffer) { | 381 std::vector<uint8>* buffer) { |
382 // A raw key is always a symmetric key. | 382 // A raw key is always a symmetric key. |
383 platform::SymKey* platform_key; | 383 platform::SymKey* platform_key; |
384 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); | 384 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
385 if (status.IsError()) | 385 if (status.IsError()) |
386 return status; | 386 return status; |
387 | 387 |
388 // TODO(padolph): Handle other wrapping algorithms | 388 // TODO(padolph): Handle other wrapping algorithms |
389 switch (wrapping_algorithm.id()) { | 389 switch (wrapping_algorithm.id()) { |
390 case blink::WebCryptoAlgorithmIdAesKw: { | 390 case blink::WebCryptoAlgorithmIdAesKw: { |
391 platform::SymKey* platform_wrapping_key; | 391 platform::SymKey* platform_wrapping_key; |
392 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | 392 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
393 if (status.IsError()) | 393 if (status.IsError()) |
394 return status; | 394 return status; |
395 return platform::WrapSymKeyAesKw( | 395 return platform::WrapSymKeyAesKw( |
396 platform_wrapping_key, platform_key, buffer); | 396 platform_key, platform_wrapping_key, buffer); |
397 } | 397 } |
398 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | 398 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
399 platform::PublicKey* platform_wrapping_key; | 399 platform::PublicKey* platform_wrapping_key; |
400 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); | 400 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); |
401 if (status.IsError()) | 401 if (status.IsError()) |
402 return status; | 402 return status; |
403 return platform::WrapSymKeyRsaEs( | 403 return platform::WrapSymKeyRsaEs( |
404 platform_wrapping_key, platform_key, buffer); | 404 platform_key, platform_wrapping_key, buffer); |
405 } | 405 } |
406 default: | 406 default: |
407 return Status::ErrorUnsupported(); | 407 return Status::ErrorUnsupported(); |
408 } | 408 } |
409 } | 409 } |
410 | 410 |
411 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, | 411 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, |
412 const blink::WebCryptoKey& key, | 412 const blink::WebCryptoKey& key, |
413 const CryptoData& data, | 413 const CryptoData& data, |
414 std::vector<uint8>* buffer) { | 414 std::vector<uint8>* buffer) { |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
477 status = ImportKey( | 477 status = ImportKey( |
478 format, CryptoData(buffer), algorithm, extractable, usage_mask, key); | 478 format, CryptoData(buffer), algorithm, extractable, usage_mask, key); |
479 // NOTE! Returning the details of any ImportKey() failure here would leak | 479 // NOTE! Returning the details of any ImportKey() failure here would leak |
480 // information about the plaintext internals of the encrypted key. Instead, | 480 // information about the plaintext internals of the encrypted key. Instead, |
481 // collapse any error into the generic Status::OperationError(). | 481 // collapse any error into the generic Status::OperationError(). |
482 return status.IsError() ? Status::OperationError() : Status::Success(); | 482 return status.IsError() ? Status::OperationError() : Status::Success(); |
483 } | 483 } |
484 | 484 |
485 Status WrapKeyExportAndEncrypt( | 485 Status WrapKeyExportAndEncrypt( |
486 blink::WebCryptoKeyFormat format, | 486 blink::WebCryptoKeyFormat format, |
| 487 const blink::WebCryptoKey& key_to_wrap, |
487 const blink::WebCryptoKey& wrapping_key, | 488 const blink::WebCryptoKey& wrapping_key, |
488 const blink::WebCryptoKey& key_to_wrap, | |
489 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 489 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
490 std::vector<uint8>* buffer) { | 490 std::vector<uint8>* buffer) { |
491 std::vector<uint8> exported_data; | 491 std::vector<uint8> exported_data; |
492 Status status = ExportKey(format, key_to_wrap, &exported_data); | 492 Status status = ExportKey(format, key_to_wrap, &exported_data); |
493 if (status.IsError()) | 493 if (status.IsError()) |
494 return status; | 494 return status; |
495 return EncryptDontCheckUsage( | 495 return EncryptDontCheckUsage( |
496 wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer); | 496 wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer); |
497 } | 497 } |
498 | 498 |
(...skipping 245 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
744 return VerifyHmac(algorithm, key, signature, data, signature_match); | 744 return VerifyHmac(algorithm, key, signature, data, signature_match); |
745 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 745 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
746 return VerifyRsaSsaPkcs1v1_5( | 746 return VerifyRsaSsaPkcs1v1_5( |
747 algorithm, key, signature, data, signature_match); | 747 algorithm, key, signature, data, signature_match); |
748 default: | 748 default: |
749 return Status::ErrorUnsupported(); | 749 return Status::ErrorUnsupported(); |
750 } | 750 } |
751 } | 751 } |
752 | 752 |
753 Status WrapKey(blink::WebCryptoKeyFormat format, | 753 Status WrapKey(blink::WebCryptoKeyFormat format, |
| 754 const blink::WebCryptoKey& key_to_wrap, |
754 const blink::WebCryptoKey& wrapping_key, | 755 const blink::WebCryptoKey& wrapping_key, |
755 const blink::WebCryptoKey& key_to_wrap, | |
756 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 756 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
757 std::vector<uint8>* buffer) { | 757 std::vector<uint8>* buffer) { |
758 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 758 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
759 return Status::ErrorUnexpected(); | 759 return Status::ErrorUnexpected(); |
760 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 760 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
761 return Status::ErrorUnexpected(); | 761 return Status::ErrorUnexpected(); |
762 | 762 |
763 switch (format) { | 763 switch (format) { |
764 case blink::WebCryptoKeyFormatRaw: | 764 case blink::WebCryptoKeyFormatRaw: |
765 return WrapKeyRaw(wrapping_key, key_to_wrap, wrapping_algorithm, buffer); | 765 return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
766 case blink::WebCryptoKeyFormatJwk: | 766 case blink::WebCryptoKeyFormatJwk: |
767 return WrapKeyExportAndEncrypt( | 767 return WrapKeyExportAndEncrypt( |
768 format, wrapping_key, key_to_wrap, wrapping_algorithm, buffer); | 768 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
769 case blink::WebCryptoKeyFormatSpki: | 769 case blink::WebCryptoKeyFormatSpki: |
770 case blink::WebCryptoKeyFormatPkcs8: | 770 case blink::WebCryptoKeyFormatPkcs8: |
771 return Status::ErrorUnsupported(); // TODO(padolph) | 771 return Status::ErrorUnsupported(); // TODO(padolph) |
772 default: | 772 default: |
773 NOTREACHED(); | 773 NOTREACHED(); |
774 return Status::ErrorUnsupported(); | 774 return Status::ErrorUnsupported(); |
775 } | 775 } |
776 } | 776 } |
777 | 777 |
778 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 778 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
(...skipping 65 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
844 usage_mask, | 844 usage_mask, |
845 key); | 845 key); |
846 if (status.IsError()) | 846 if (status.IsError()) |
847 return false; | 847 return false; |
848 return ValidateDeserializedKey(*key, algorithm, type); | 848 return ValidateDeserializedKey(*key, algorithm, type); |
849 } | 849 } |
850 | 850 |
851 } // namespace webcrypto | 851 } // namespace webcrypto |
852 | 852 |
853 } // namespace content | 853 } // namespace content |
OLD | NEW |