OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
7 | 7 |
8 #include <vector> | 8 #include <vector> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
(...skipping 140 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
151 const CryptoData& signature, | 151 const CryptoData& signature, |
152 const CryptoData& data, | 152 const CryptoData& data, |
153 bool* signature_match); | 153 bool* signature_match); |
154 | 154 |
155 // |keylen_bytes| is the desired length of the key in bits. | 155 // |keylen_bytes| is the desired length of the key in bits. |
156 // | 156 // |
157 // Preconditions: | 157 // Preconditions: |
158 // * algorithm.id() is for a symmetric key algorithm. | 158 // * algorithm.id() is for a symmetric key algorithm. |
159 // * keylen_bytes is non-zero (TODO(eroman): revisit this). | 159 // * keylen_bytes is non-zero (TODO(eroman): revisit this). |
160 // * For AES algorithms |keylen_bytes| is either 16, 24, or 32 bytes long. | 160 // * For AES algorithms |keylen_bytes| is either 16, 24, or 32 bytes long. |
| 161 // * usage_mask makes sense for the algorithm. |
161 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, | 162 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
162 bool extractable, | 163 bool extractable, |
163 blink::WebCryptoKeyUsageMask usage_mask, | 164 blink::WebCryptoKeyUsageMask usage_mask, |
164 unsigned keylen_bytes, | 165 unsigned keylen_bytes, |
165 blink::WebCryptoKey* key); | 166 blink::WebCryptoKey* key); |
166 | 167 |
167 // Preconditions: | 168 // Preconditions: |
168 // * algorithm.id() is for an RSA algorithm. | 169 // * algorithm.id() is for an RSA algorithm. |
169 // * public_exponent, modulus_length_bits and hash_or_null are the same as what | 170 // * public_exponent, modulus_length_bits and hash_or_null are the same as what |
170 // is in algorithm. They are split out for convenience. | 171 // is in algorithm. They are split out for convenience. |
171 // * modulus_length_bits is not 0 | 172 // * modulus_length_bits is not 0 |
172 // * public_exponent is not empty. | 173 // * public_exponent is not empty. |
| 174 // * {public|private}_key_usage_mask make sense for the algorithm. |
173 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 175 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
174 bool extractable, | 176 bool extractable, |
175 blink::WebCryptoKeyUsageMask usage_mask, | 177 blink::WebCryptoKeyUsageMask public_key_usage_mask, |
| 178 blink::WebCryptoKeyUsageMask private_key_usage_mask, |
176 unsigned int modulus_length_bits, | 179 unsigned int modulus_length_bits, |
177 const CryptoData& public_exponent, | 180 const CryptoData& public_exponent, |
178 blink::WebCryptoKey* public_key, | 181 blink::WebCryptoKey* public_key, |
179 blink::WebCryptoKey* private_key); | 182 blink::WebCryptoKey* private_key); |
180 | 183 |
181 // Preconditions: | 184 // Preconditions: |
182 // * |key| is non-null. | 185 // * |key| is non-null. |
183 // * |algorithm.id()| is for a symmetric key algorithm. | 186 // * |algorithm.id()| is for a symmetric key algorithm. |
184 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. | 187 // * For AES algorithms |key_data| is either 16, 24, or 32 bytes long. |
| 188 // * usage_mask makes sense for the algorithm. |
185 // Note that this may be called from target Blink thread. | 189 // Note that this may be called from target Blink thread. |
186 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 190 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
187 const CryptoData& key_data, | 191 const CryptoData& key_data, |
188 bool extractable, | 192 bool extractable, |
189 blink::WebCryptoKeyUsageMask usage_mask, | 193 blink::WebCryptoKeyUsageMask usage_mask, |
190 blink::WebCryptoKey* key); | 194 blink::WebCryptoKey* key); |
191 | 195 |
192 // Preconditions: | 196 // Preconditions: |
193 // * algorithm.id() is for an RSA algorithm. | 197 // * algorithm.id() is for an RSA algorithm. |
| 198 // * usage_mask makes sense for the algorithm. |
194 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, | 199 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
195 bool extractable, | 200 bool extractable, |
196 blink::WebCryptoKeyUsageMask usage_mask, | 201 blink::WebCryptoKeyUsageMask usage_mask, |
197 const CryptoData& modulus_data, | 202 const CryptoData& modulus_data, |
198 const CryptoData& exponent_data, | 203 const CryptoData& exponent_data, |
199 blink::WebCryptoKey* key); | 204 blink::WebCryptoKey* key); |
200 | 205 |
201 // Preconditions: | 206 // Preconditions: |
202 // * algorithm.id() is for an RSA algorithm. | 207 // * algorithm.id() is for an RSA algorithm. |
203 // * modulus, public_exponent, and private_exponent will be non-empty. The | 208 // * modulus, public_exponent, and private_exponent will be non-empty. The |
204 // others will either all be specified (non-empty), or all be unspecified | 209 // others will either all be specified (non-empty), or all be unspecified |
205 // (empty). | 210 // (empty). |
| 211 // * usage_mask makes sense for the algorithm. |
206 Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm, | 212 Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm, |
207 bool extractable, | 213 bool extractable, |
208 blink::WebCryptoKeyUsageMask usage_mask, | 214 blink::WebCryptoKeyUsageMask usage_mask, |
209 const CryptoData& modulus, | 215 const CryptoData& modulus, |
210 const CryptoData& public_exponent, | 216 const CryptoData& public_exponent, |
211 const CryptoData& private_exponent, | 217 const CryptoData& private_exponent, |
212 const CryptoData& prime1, | 218 const CryptoData& prime1, |
213 const CryptoData& prime2, | 219 const CryptoData& prime2, |
214 const CryptoData& exponent1, | 220 const CryptoData& exponent1, |
215 const CryptoData& exponent2, | 221 const CryptoData& exponent2, |
216 const CryptoData& coefficient, | 222 const CryptoData& coefficient, |
217 blink::WebCryptoKey* key); | 223 blink::WebCryptoKey* key); |
218 | 224 |
219 // Note that this may be called from target Blink thread. | 225 // Note that this may be called from target Blink thread. |
| 226 // Preconditions: |
| 227 // * usage_mask makes sense for the algorithm. |
220 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, | 228 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm, |
221 const CryptoData& key_data, | 229 const CryptoData& key_data, |
222 bool extractable, | 230 bool extractable, |
223 blink::WebCryptoKeyUsageMask usage_mask, | 231 blink::WebCryptoKeyUsageMask usage_mask, |
224 blink::WebCryptoKey* key); | 232 blink::WebCryptoKey* key); |
225 | 233 |
226 // Note that this may be called from target Blink thread. | 234 // Note that this may be called from target Blink thread. |
| 235 // Preconditions: |
| 236 // * usage_mask makes sense for the algorithm. |
227 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, | 237 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm, |
228 const CryptoData& key_data, | 238 const CryptoData& key_data, |
229 bool extractable, | 239 bool extractable, |
230 blink::WebCryptoKeyUsageMask usage_mask, | 240 blink::WebCryptoKeyUsageMask usage_mask, |
231 blink::WebCryptoKey* key); | 241 blink::WebCryptoKey* key); |
232 | 242 |
233 // Preconditions: | 243 // Preconditions: |
234 // * |key| is non-null. | 244 // * |key| is non-null. |
235 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); | 245 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer); |
236 | 246 |
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
271 | 281 |
272 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in | 282 // Unwraps (decrypts) |wrapped_key_data| using AES-KW and places the results in |
273 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used | 283 // a WebCryptoKey. Raw key data remains inside NSS. This function should be used |
274 // when the input |wrapped_key_data| is known to result in symmetric raw key | 284 // when the input |wrapped_key_data| is known to result in symmetric raw key |
275 // data after AES-KW decryption. | 285 // data after AES-KW decryption. |
276 // Preconditions: | 286 // Preconditions: |
277 // * |wrapping_key| is non-null | 287 // * |wrapping_key| is non-null |
278 // * |key| is non-null | 288 // * |key| is non-null |
279 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes | 289 // * |wrapped_key_data| is at least 24 bytes and a multiple of 8 bytes |
280 // * |algorithm.id()| is for a symmetric key algorithm. | 290 // * |algorithm.id()| is for a symmetric key algorithm. |
| 291 // * usage_mask makes sense for the algorithm. |
281 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | 292 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, |
282 SymKey* wrapping_key, | 293 SymKey* wrapping_key, |
283 const blink::WebCryptoAlgorithm& algorithm, | 294 const blink::WebCryptoAlgorithm& algorithm, |
284 bool extractable, | 295 bool extractable, |
285 blink::WebCryptoKeyUsageMask usage_mask, | 296 blink::WebCryptoKeyUsageMask usage_mask, |
286 blink::WebCryptoKey* key); | 297 blink::WebCryptoKey* key); |
287 | 298 |
288 // Performs AES-KW decryption on the input |data|. This function should be used | 299 // Performs AES-KW decryption on the input |data|. This function should be used |
289 // when the input |data| does not directly represent a key and should instead be | 300 // when the input |data| does not directly represent a key and should instead be |
290 // interpreted as generic bytes. | 301 // interpreted as generic bytes. |
291 // Preconditions: | 302 // Preconditions: |
292 // * |key| is non-null | 303 // * |key| is non-null |
293 // * |data| is at least 24 bytes and a multiple of 8 bytes | 304 // * |data| is at least 24 bytes and a multiple of 8 bytes |
294 // * |buffer| is non-null. | 305 // * |buffer| is non-null. |
295 Status DecryptAesKw(SymKey* key, | 306 Status DecryptAesKw(SymKey* key, |
296 const CryptoData& data, | 307 const CryptoData& data, |
297 std::vector<uint8>* buffer); | 308 std::vector<uint8>* buffer); |
298 | 309 |
299 } // namespace platform | 310 } // namespace platform |
300 | 311 |
301 } // namespace webcrypto | 312 } // namespace webcrypto |
302 | 313 |
303 } // namespace content | 314 } // namespace content |
304 | 315 |
305 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ | 316 #endif // CONTENT_CHILD_WEBCRYPTO_PLATFORM_CRYPTO_H_ |
OLD | NEW |