| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| 7 | 7 |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| (...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 151 const CryptoData& signature, | 151 const CryptoData& signature, |
| 152 const CryptoData& data, | 152 const CryptoData& data, |
| 153 bool* signature_match); | 153 bool* signature_match); |
| 154 | 154 |
| 155 // |keylen_bytes| is the desired length of the key in bits. | 155 // |keylen_bytes| is the desired length of the key in bits. |
| 156 // | 156 // |
| 157 // Preconditions: | 157 // Preconditions: |
| 158 // * algorithm.id() is for a symmetric key algorithm. | 158 // * algorithm.id() is for a symmetric key algorithm. |
| 159 // * keylen_bytes is non-zero (TODO(eroman): revisit this). | 159 // * keylen_bytes is non-zero (TODO(eroman): revisit this). |
| 160 // * For AES algorithms |keylen_bytes| is either 16, 24, or 32 bytes long. | 160 // * For AES algorithms |keylen_bytes| is either 16, 24, or 32 bytes long. |
| 161 // * usage_mask makes sense for the algorithm. |
| 161 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, | 162 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
| 162 bool extractable, | 163 bool extractable, |
| 163 blink::WebCryptoKeyUsageMask usage_mask, | 164 blink::WebCryptoKeyUsageMask usage_mask, |
| 164 unsigned keylen_bytes, | 165 unsigned keylen_bytes, |
| 165 blink::WebCryptoKey* key); | 166 blink::WebCryptoKey* key); |
| 166 | 167 |
| 167 // Preconditions: | 168 // Preconditions: |
| 168 // * algorithm.id() is for an RSA algorithm. | 169 // * algorithm.id() is for an RSA algorithm. |
| 169 // * public_exponent, modulus_length_bits and hash_or_null are the same as what | 170 // * public_exponent, modulus_length_bits and hash_or_null are the same as what |
| 170 // is in algorithm. They are split out for convenience. | 171 // is in algorithm. They are split out for convenience. |
| 171 // * modulus_length_bits is not 0 | 172 // * modulus_length_bits is not 0 |
| 172 // * public_exponent is not empty. | 173 // * public_exponent is not empty. |
| 174 // * {public|private}_key_usage_mask make sense for the algorithm. |
| 173 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 175 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
| 174 bool extractable, | 176 bool extractable, |
| 175 blink::WebCryptoKeyUsageMask usage_mask, | 177 blink::WebCryptoKeyUsageMask public_key_usage_mask, |
| 178 blink::WebCryptoKeyUsageMask private_key_usage_mask, |
| 176 unsigned int modulus_length_bits, | 179 unsigned int modulus_length_bits, |
| 177 const CryptoData& public_exponent, | 180 const CryptoData& public_exponent, |
| 178 blink::WebCryptoKey* public_key, | 181 blink::WebCryptoKey* public_key, |
| 179 blink::WebCryptoKey* private_key); | 182 blink::WebCryptoKey* private_key); |
| 180 | 183 |
| 181 // Preconditions: | 184 // Preconditions: |
| 182 // * |key| is non-null. | 185 // * |key| is non-null. |
| 183 // * |algorithm.id()| is for a symmetric key algorithm. | 186 // * |algorithm.id()| is for a symmetric key algorithm. |
| 184 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. | 187 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
| 188 // * usage_mask makes sense for the algorithm. |
| 185 // Note that this may be called from target Blink thread. | 189 // Note that this may be called from target Blink thread. |
| 186 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 190 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
| 187 const CryptoData& key_data, | 191 const CryptoData& key_data, |
| 188 bool extractable, | 192 bool extractable, |
| 189 blink::WebCryptoKeyUsageMask usage_mask, | 193 blink::WebCryptoKeyUsageMask usage_mask, |
| 190 blink::WebCryptoKey* key); | 194 blink::WebCryptoKey* key); |
| 191 | 195 |
| 192 // Preconditions: | 196 // Preconditions: |
| 193 // * algorithm.id() is for an RSA algorithm. | 197 // * algorithm.id() is for an RSA algorithm. |
| 198 // * usage_mask makes sense for the algorithm. |
| 194 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 199 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
| 195 bool extractable, | 200 bool extractable, |
| 196 blink::WebCryptoKeyUsageMask usage_mask, | 201 blink::WebCryptoKeyUsageMask usage_mask, |
| 197 const CryptoData& modulus_data, | 202 const CryptoData& modulus_data, |
| 198 const CryptoData& exponent_data, | 203 const CryptoData& exponent_data, |
| 199 blink::WebCryptoKey* key); | 204 blink::WebCryptoKey* key); |
| 200 | 205 |
| 201 // Preconditions: | 206 // Preconditions: |
| 202 // * algorithm.id() is for an RSA algorithm. | 207 // * algorithm.id() is for an RSA algorithm. |
| 203 // * modulus, public_exponent, and private_exponent will be non-empty. The | 208 // * modulus, public_exponent, and private_exponent will be non-empty. The |
| 204 // others will either all be specified (non-empty), or all be unspecified | 209 // others will either all be specified (non-empty), or all be unspecified |
| 205 // (empty). | 210 // (empty). |
| 211 // * usage_mask makes sense for the algorithm. |
| 206 Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm, | 212 Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm, |
| 207 bool extractable, | 213 bool extractable, |
| 208 blink::WebCryptoKeyUsageMask usage_mask, | 214 blink::WebCryptoKeyUsageMask usage_mask, |
| 209 const CryptoData& modulus, | 215 const CryptoData& modulus, |
| 210 const CryptoData& public_exponent, | 216 const CryptoData& public_exponent, |
| 211 const CryptoData& private_exponent, | 217 const CryptoData& private_exponent, |
| 212 const CryptoData& prime1, | 218 const CryptoData& prime1, |
| 213 const CryptoData& prime2, | 219 const CryptoData& prime2, |
| 214 const CryptoData& exponent1, | 220 const CryptoData& exponent1, |
| 215 const CryptoData& exponent2, | 221 const CryptoData& exponent2, |
| 216 const CryptoData& coefficient, | 222 const CryptoData& coefficient, |
| 217 blink::WebCryptoKey* key); | 223 blink::WebCryptoKey* key); |
| 218 | 224 |
| 219 // Note that this may be called from target Blink thread. | 225 // Note that this may be called from target Blink thread. |
| 226 // Preconditions: |
| 227 // * usage_mask makes sense for the algorithm. |
| 220 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, | 228 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
| 221 const CryptoData& key_data, | 229 const CryptoData& key_data, |
| 222 bool extractable, | 230 bool extractable, |
| 223 blink::WebCryptoKeyUsageMask usage_mask, | 231 blink::WebCryptoKeyUsageMask usage_mask, |
| 224 blink::WebCryptoKey* key); | 232 blink::WebCryptoKey* key); |
| 225 | 233 |
| 226 // Note that this may be called from target Blink thread. | 234 // Note that this may be called from target Blink thread. |
| 235 // Preconditions: |
| 236 // * usage_mask makes sense for the algorithm. |
| 227 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, | 237 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
| 228 const CryptoData& key_data, | 238 const CryptoData& key_data, |
| 229 bool extractable, | 239 bool extractable, |
| 230 blink::WebCryptoKeyUsageMask usage_mask, | 240 blink::WebCryptoKeyUsageMask usage_mask, |
| 231 blink::WebCryptoKey* key); | 241 blink::WebCryptoKey* key); |
| 232 | 242 |
| 233 // Preconditions: | 243 // Preconditions: |
| 234 // * |key| is non-null. | 244 // * |key| is non-null. |
| 235 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); | 245 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); |
| 236 | 246 |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 271 | 281 |
| 272 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in | 282 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in |
| 273 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used | 283 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used |
| 274 // when the input |wrapped_key_data| is known to result in symmetric raw key | 284 // when the input |wrapped_key_data| is known to result in symmetric raw key |
| 275 // data after AES-KW decryption. | 285 // data after AES-KW decryption. |
| 276 // Preconditions: | 286 // Preconditions: |
| 277 // * |wrapping_key| is non-null | 287 // * |wrapping_key| is non-null |
| 278 // * |key| is non-null | 288 // * |key| is non-null |
| 279 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes | 289 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes |
| 280 // * |algorithm.id()| is for a symmetric key algorithm. | 290 // * |algorithm.id()| is for a symmetric key algorithm. |
| 291 // * usage_mask makes sense for the algorithm. |
| 281 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | 292 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
| 282 SymKey* wrapping_key, | 293 SymKey* wrapping_key, |
| 283 const blink::WebCryptoAlgorithm& algorithm, | 294 const blink::WebCryptoAlgorithm& algorithm, |
| 284 bool extractable, | 295 bool extractable, |
| 285 blink::WebCryptoKeyUsageMask usage_mask, | 296 blink::WebCryptoKeyUsageMask usage_mask, |
| 286 blink::WebCryptoKey* key); | 297 blink::WebCryptoKey* key); |
| 287 | 298 |
| 288 // Performs AES-KW decryption on the input |data|. This function should be used | 299 // Performs AES-KW decryption on the input |data|. This function should be used |
| 289 // when the input |data| does not directly represent a key and should instead be | 300 // when the input |data| does not directly represent a key and should instead be |
| 290 // interpreted as generic bytes. | 301 // interpreted as generic bytes. |
| 291 // Preconditions: | 302 // Preconditions: |
| 292 // * |key| is non-null | 303 // * |key| is non-null |
| 293 // * |data| is at least 24 bytes and a multiple of 8 bytes | 304 // * |data| is at least 24 bytes and a multiple of 8 bytes |
| 294 // * |buffer| is non-null. | 305 // * |buffer| is non-null. |
| 295 Status DecryptAesKw(SymKey* key, | 306 Status DecryptAesKw(SymKey* key, |
| 296 const CryptoData& data, | 307 const CryptoData& data, |
| 297 std::vector<uint8>* buffer); | 308 std::vector<uint8>* buffer); |
| 298 | 309 |
| 299 } // namespace platform | 310 } // namespace platform |
| 300 | 311 |
| 301 } // namespace webcrypto | 312 } // namespace webcrypto |
| 302 | 313 |
| 303 } // namespace content | 314 } // namespace content |
| 304 | 315 |
| 305 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 316 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 282133002:
[webcryto] Validate key usages during key creation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src