Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(227)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/shared_crypto.cc

Issue 275943004: Add support for RSA-OAEP when using NSS 3.16.2 or later (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Update to match NSS changes Created 6 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/platform_crypto_openssl.cc ('k') | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | content/child/webcrypto/shared_crypto_unittest.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/shared_crypto.cc
diff --git a/content/child/webcrypto/shared_crypto.cc b/content/child/webcrypto/shared_crypto.cc
index 7d4704fc656ec7aca87fdefa3ffe22201bd70608..de4e3382cbc06617ec20e42a05254a95d7b7fe50 100644
--- a/content/child/webcrypto/shared_crypto.cc
+++ b/content/child/webcrypto/shared_crypto.cc
@@ -159,6 +159,46 @@ Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer);
}
+Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8>* buffer) {
+ platform::PublicKey* public_key;
+ Status status = ToPlatformPublicKey(key, &public_key);
+ if (status.IsError())
+ return status;
+
+ const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+ if (!params)
+ return Status::ErrorUnexpected();
+
+ return platform::EncryptRsaOaep(public_key,
+ key.algorithm().rsaHashedParams()->hash(),
+ CryptoData(params->optionalLabel()),
+ data,
+ buffer);
+}
+
+Status DecryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8>* buffer) {
+ platform::PrivateKey* private_key;
+ Status status = ToPlatformPrivateKey(key, &private_key);
+ if (status.IsError())
+ return status;
+
+ const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+ if (!params)
+ return Status::ErrorUnexpected();
+
+ return platform::DecryptRsaOaep(private_key,
+ key.algorithm().rsaHashedParams()->hash(),
+ CryptoData(params->optionalLabel()),
+ data,
+ buffer);
+}
+
Status SignHmac(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
@@ -435,6 +475,8 @@ Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+ case blink::WebCryptoAlgorithmIdRsaOaep:
+ return DecryptRsaOaep(algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdAesKw:
return DecryptAesKw(algorithm, key, data, buffer);
default:
@@ -455,6 +497,8 @@ Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+ case blink::WebCryptoAlgorithmIdRsaOaep:
+ return EncryptRsaOaep(algorithm, key, data, buffer);
default:
return Status::ErrorUnsupported();
}
@@ -762,7 +806,16 @@ Status WrapKey(blink::WebCryptoKeyFormat format,
switch (format) {
case blink::WebCryptoKeyFormatRaw:
- return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
+ if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
+ wrapping_algorithm.id() ==
+ blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
+ // AES-KW is a special case, due to NSS's implementation only
+ // supporting C_Wrap/C_Unwrap with AES-KW
+ return WrapKeyRaw(
+ key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
+ }
+ return WrapKeyExportAndEncrypt(
+ format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
case blink::WebCryptoKeyFormatJwk:
return WrapKeyExportAndEncrypt(
format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
@@ -790,13 +843,27 @@ Status UnwrapKey(blink::WebCryptoKeyFormat format,
switch (format) {
case blink::WebCryptoKeyFormatRaw:
- return UnwrapKeyRaw(wrapped_key_data,
- wrapping_key,
- wrapping_algorithm,
- algorithm,
- extractable,
- usage_mask,
- key);
+ if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
+ wrapping_algorithm.id() ==
+ blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
+ // AES-KW is a special case, due to NSS's implementation only
+ // supporting C_Wrap/C_Unwrap with AES-KW
+ return UnwrapKeyRaw(wrapped_key_data,
+ wrapping_key,
+ wrapping_algorithm,
+ algorithm,
+ extractable,
+ usage_mask,
+ key);
+ }
+ return UnwrapKeyDecryptAndImport(format,
+ wrapped_key_data,
+ wrapping_key,
+ wrapping_algorithm,
+ algorithm,
+ extractable,
+ usage_mask,
+ key);
case blink::WebCryptoKeyFormatJwk:
return UnwrapKeyDecryptAndImport(format,
wrapped_key_data,
« no previous file with comments | « content/child/webcrypto/platform_crypto_openssl.cc ('k') | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | content/child/webcrypto/shared_crypto_unittest.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698