OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
(...skipping 456 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
467 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 467 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
468 const blink::WebCryptoAlgorithm& algorithm, | 468 const blink::WebCryptoAlgorithm& algorithm, |
469 bool extractable, | 469 bool extractable, |
470 blink::WebCryptoKeyUsageMask usage_mask, | 470 blink::WebCryptoKeyUsageMask usage_mask, |
471 blink::WebCryptoKey* key) { | 471 blink::WebCryptoKey* key) { |
472 std::vector<uint8> buffer; | 472 std::vector<uint8> buffer; |
473 Status status = DecryptDontCheckKeyUsage( | 473 Status status = DecryptDontCheckKeyUsage( |
474 wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); | 474 wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); |
475 if (status.IsError()) | 475 if (status.IsError()) |
476 return status; | 476 return status; |
477 status = ImportKey( | 477 // NOTE that returning the details of ImportKey() failures may leak |
478 // information about the plaintext of the encrypted key (for instance the JWK | |
479 // key_ops). As long as the ImportKey error messages don't describe actual | |
480 // key bytes however this should be OK. For more discussion see | |
481 // http://crubg.com/372040 | |
Ryan Sleevi
2014/05/15 06:29:40
crbug.com
| |
482 return ImportKey( | |
478 format, CryptoData(buffer), algorithm, extractable, usage_mask, key); | 483 format, CryptoData(buffer), algorithm, extractable, usage_mask, key); |
479 // NOTE! Returning the details of any ImportKey() failure here would leak | |
480 // information about the plaintext internals of the encrypted key. Instead, | |
481 // collapse any error into the generic Status::OperationError(). | |
482 return status.IsError() ? Status::OperationError() : Status::Success(); | |
483 } | 484 } |
484 | 485 |
485 Status WrapKeyExportAndEncrypt( | 486 Status WrapKeyExportAndEncrypt( |
486 blink::WebCryptoKeyFormat format, | 487 blink::WebCryptoKeyFormat format, |
487 const blink::WebCryptoKey& key_to_wrap, | 488 const blink::WebCryptoKey& key_to_wrap, |
488 const blink::WebCryptoKey& wrapping_key, | 489 const blink::WebCryptoKey& wrapping_key, |
489 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 490 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
490 std::vector<uint8>* buffer) { | 491 std::vector<uint8>* buffer) { |
491 std::vector<uint8> exported_data; | 492 std::vector<uint8> exported_data; |
492 Status status = ExportKey(format, key_to_wrap, &exported_data); | 493 Status status = ExportKey(format, key_to_wrap, &exported_data); |
(...skipping 11 matching lines...) Expand all Loading... | |
504 return 64; | 505 return 64; |
505 case blink::WebCryptoAlgorithmIdSha384: | 506 case blink::WebCryptoAlgorithmIdSha384: |
506 case blink::WebCryptoAlgorithmIdSha512: | 507 case blink::WebCryptoAlgorithmIdSha512: |
507 return 128; | 508 return 128; |
508 default: | 509 default: |
509 NOTREACHED(); | 510 NOTREACHED(); |
510 return 0; | 511 return 0; |
511 } | 512 } |
512 } | 513 } |
513 | 514 |
515 Status ImportKeyDontCheckKeyUsages(blink::WebCryptoKeyFormat format, | |
516 const CryptoData& key_data, | |
517 const blink::WebCryptoAlgorithm& algorithm, | |
518 bool extractable, | |
519 blink::WebCryptoKeyUsageMask usage_mask, | |
520 blink::WebCryptoKey* key) { | |
521 switch (format) { | |
522 case blink::WebCryptoKeyFormatRaw: | |
523 return ImportKeyRaw(key_data, algorithm, extractable, usage_mask, key); | |
524 case blink::WebCryptoKeyFormatSpki: | |
525 return platform::ImportKeySpki( | |
526 algorithm, key_data, extractable, usage_mask, key); | |
527 case blink::WebCryptoKeyFormatPkcs8: | |
528 return platform::ImportKeyPkcs8( | |
529 algorithm, key_data, extractable, usage_mask, key); | |
530 case blink::WebCryptoKeyFormatJwk: | |
531 return ImportKeyJwk(key_data, algorithm, extractable, usage_mask, key); | |
532 default: | |
533 return Status::ErrorUnsupported(); | |
534 } | |
535 } | |
536 | |
537 Status UnwrapKeyDontCheckKeyUsages( | |
538 blink::WebCryptoKeyFormat format, | |
539 const CryptoData& wrapped_key_data, | |
540 const blink::WebCryptoKey& wrapping_key, | |
541 const blink::WebCryptoAlgorithm& wrapping_algorithm, | |
542 const blink::WebCryptoAlgorithm& algorithm, | |
543 bool extractable, | |
544 blink::WebCryptoKeyUsageMask usage_mask, | |
545 blink::WebCryptoKey* key) { | |
546 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | |
547 return Status::ErrorUnexpected(); | |
548 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | |
549 return Status::ErrorUnexpected(); | |
550 | |
551 switch (format) { | |
552 case blink::WebCryptoKeyFormatRaw: | |
553 return UnwrapKeyRaw(wrapped_key_data, | |
554 wrapping_key, | |
555 wrapping_algorithm, | |
556 algorithm, | |
557 extractable, | |
558 usage_mask, | |
559 key); | |
560 case blink::WebCryptoKeyFormatJwk: | |
561 return UnwrapKeyDecryptAndImport(format, | |
562 wrapped_key_data, | |
563 wrapping_key, | |
564 wrapping_algorithm, | |
565 algorithm, | |
566 extractable, | |
567 usage_mask, | |
568 key); | |
569 case blink::WebCryptoKeyFormatSpki: | |
570 case blink::WebCryptoKeyFormatPkcs8: | |
571 return Status::ErrorUnsupported(); // TODO(padolph) | |
572 default: | |
573 NOTREACHED(); | |
574 return Status::ErrorUnsupported(); | |
575 } | |
576 } | |
577 | |
578 // Returns the mask of all key usages that are possible for |algorithm| and | |
579 // |key_type|. | |
580 blink::WebCryptoKeyUsageMask GetValidKeyUsagesForKeyType( | |
581 blink::WebCryptoAlgorithmId algorithm, | |
582 blink::WebCryptoKeyType key_type) { | |
583 switch (algorithm) { | |
584 case blink::WebCryptoAlgorithmIdAesCbc: | |
585 case blink::WebCryptoAlgorithmIdAesGcm: | |
586 case blink::WebCryptoAlgorithmIdAesCtr: | |
587 return blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt | | |
588 blink::WebCryptoKeyUsageWrapKey | | |
589 blink::WebCryptoKeyUsageUnwrapKey; | |
590 case blink::WebCryptoAlgorithmIdAesKw: | |
591 return blink::WebCryptoKeyUsageWrapKey | | |
592 blink::WebCryptoKeyUsageUnwrapKey; | |
593 case blink::WebCryptoAlgorithmIdHmac: | |
594 return blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; | |
595 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | |
596 switch (key_type) { | |
597 case blink::WebCryptoKeyTypePublic: | |
598 return blink::WebCryptoKeyUsageVerify; | |
599 case blink::WebCryptoKeyTypePrivate: | |
600 return blink::WebCryptoKeyUsageSign; | |
601 default: | |
602 return 0; | |
603 } | |
604 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | |
605 case blink::WebCryptoAlgorithmIdRsaOaep: | |
606 switch (key_type) { | |
607 case blink::WebCryptoKeyTypePublic: | |
Ryan Sleevi
2014/05/15 06:29:40
Structurally, I'm wondering whether it makes more
eroman
2014/05/16 00:04:37
I can paint the bikeshed either colour, don't part
Ryan Sleevi
2014/05/19 23:06:29
Part of the comment was motivated by things like l
| |
608 return blink::WebCryptoKeyUsageEncrypt | | |
609 blink::WebCryptoKeyUsageWrapKey; | |
610 case blink::WebCryptoKeyTypePrivate: | |
611 return blink::WebCryptoKeyUsageDecrypt | | |
612 blink::WebCryptoKeyUsageUnwrapKey; | |
613 default: | |
614 return 0; | |
615 } | |
616 default: | |
617 return 0; | |
618 } | |
619 } | |
620 | |
621 // Returns Status::Success() if |usages| is a valid set of key usages for | |
622 // |algorithm| and |key_type|. Otherwise returns an error. | |
623 Status CheckKeyUsages(blink::WebCryptoAlgorithmId algorithm, | |
624 blink::WebCryptoKeyType key_type, | |
625 blink::WebCryptoKeyUsageMask usages) { | |
626 blink::WebCryptoKeyUsageMask all_usages = | |
627 GetValidKeyUsagesForKeyType(algorithm, key_type); | |
628 | |
629 if (!ContainsKeyUsages(all_usages, usages)) | |
630 return Status::ErrorCreateKeyBadUsages(); | |
631 | |
632 return Status::Success(); | |
633 } | |
634 | |
635 // Returns an error if |combined_usage_mask| is invalid for generating a key | |
636 // pair for |algorithm|. Otherwise returns Status::Success(), and fills | |
637 // |public_key_usages| with the usages for the public key, and | |
638 // |private_key_usages| with those for the private key. | |
639 Status CheckKeyUsagesForGenerateKeyPair( | |
640 blink::WebCryptoAlgorithmId algorithm, | |
641 blink::WebCryptoKeyUsageMask combined_usage_mask, | |
642 blink::WebCryptoKeyUsageMask* public_key_usages, | |
643 blink::WebCryptoKeyUsageMask* private_key_usages) { | |
644 blink::WebCryptoKeyUsageMask all_public_key_usages = | |
645 GetValidKeyUsagesForKeyType(algorithm, blink::WebCryptoKeyTypePublic); | |
646 blink::WebCryptoKeyUsageMask all_private_key_usages = | |
647 GetValidKeyUsagesForKeyType(algorithm, blink::WebCryptoKeyTypePrivate); | |
648 | |
649 if (!ContainsKeyUsages(all_public_key_usages | all_private_key_usages, | |
650 combined_usage_mask)) | |
651 return Status::ErrorCreateKeyBadUsages(); | |
652 | |
653 *public_key_usages = combined_usage_mask & all_public_key_usages; | |
654 *private_key_usages = combined_usage_mask & all_private_key_usages; | |
Ryan Sleevi
2014/05/15 06:29:40
Seems like it should be invalid to generate a keyp
eroman
2014/05/16 00:04:37
My interpretation of the spec is that keys with no
Ryan Sleevi
2014/05/19 23:06:29
Fair point, though I wonder if we shouldn't correc
eroman
2014/05/20 00:32:19
Not sure I follow.
GenerateKey() does a pre-check
| |
655 | |
656 return Status::Success(); | |
657 } | |
658 | |
514 } // namespace | 659 } // namespace |
515 | 660 |
516 void Init() { platform::Init(); } | 661 void Init() { platform::Init(); } |
517 | 662 |
518 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | 663 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
519 const blink::WebCryptoKey& key, | 664 const blink::WebCryptoKey& key, |
520 const CryptoData& data, | 665 const CryptoData& data, |
521 std::vector<uint8>* buffer) { | 666 std::vector<uint8>* buffer) { |
522 if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt)) | 667 if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt)) |
523 return Status::ErrorUnexpected(); | 668 return Status::ErrorUnexpected(); |
(...skipping 25 matching lines...) Expand all Loading... | |
549 | 694 |
550 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( | 695 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( |
551 blink::WebCryptoAlgorithmId algorithm) { | 696 blink::WebCryptoAlgorithmId algorithm) { |
552 return platform::CreateDigestor(algorithm); | 697 return platform::CreateDigestor(algorithm); |
553 } | 698 } |
554 | 699 |
555 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, | 700 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, |
556 bool extractable, | 701 bool extractable, |
557 blink::WebCryptoKeyUsageMask usage_mask, | 702 blink::WebCryptoKeyUsageMask usage_mask, |
558 blink::WebCryptoKey* key) { | 703 blink::WebCryptoKey* key) { |
704 Status status = | |
705 CheckKeyUsages(algorithm.id(), blink::WebCryptoKeyTypeSecret, usage_mask); | |
706 if (status.IsError()) | |
707 return status; | |
708 | |
559 unsigned int keylen_bytes = 0; | 709 unsigned int keylen_bytes = 0; |
560 | 710 |
561 // Get the secret key length in bytes from generation parameters. | 711 // Get the secret key length in bytes from generation parameters. |
562 // This resolves any defaults. | 712 // This resolves any defaults. |
563 switch (algorithm.id()) { | 713 switch (algorithm.id()) { |
564 case blink::WebCryptoAlgorithmIdAesCbc: | 714 case blink::WebCryptoAlgorithmIdAesCbc: |
565 case blink::WebCryptoAlgorithmIdAesGcm: | 715 case blink::WebCryptoAlgorithmIdAesGcm: |
566 case blink::WebCryptoAlgorithmIdAesKw: { | 716 case blink::WebCryptoAlgorithmIdAesKw: { |
567 if (!IsValidAesKeyLengthBits(algorithm.aesKeyGenParams()->lengthBits())) | 717 if (!IsValidAesKeyLengthBits(algorithm.aesKeyGenParams()->lengthBits())) |
568 return Status::ErrorGenerateKeyLength(); | 718 return Status::ErrorGenerateKeyLength(); |
(...skipping 24 matching lines...) Expand all Loading... | |
593 // probably be able to allowed to generate them too. | 743 // probably be able to allowed to generate them too. |
594 if (keylen_bytes == 0) | 744 if (keylen_bytes == 0) |
595 return Status::ErrorGenerateKeyLength(); | 745 return Status::ErrorGenerateKeyLength(); |
596 | 746 |
597 return platform::GenerateSecretKey( | 747 return platform::GenerateSecretKey( |
598 algorithm, extractable, usage_mask, keylen_bytes, key); | 748 algorithm, extractable, usage_mask, keylen_bytes, key); |
599 } | 749 } |
600 | 750 |
601 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 751 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
602 bool extractable, | 752 bool extractable, |
603 blink::WebCryptoKeyUsageMask usage_mask, | 753 blink::WebCryptoKeyUsageMask combined_usage_mask, |
604 blink::WebCryptoKey* public_key, | 754 blink::WebCryptoKey* public_key, |
605 blink::WebCryptoKey* private_key) { | 755 blink::WebCryptoKey* private_key) { |
756 blink::WebCryptoKeyUsageMask public_key_usage_mask = 0; | |
757 blink::WebCryptoKeyUsageMask private_key_usage_mask = 0; | |
758 | |
759 Status status = CheckKeyUsagesForGenerateKeyPair(algorithm.id(), | |
760 combined_usage_mask, | |
761 &public_key_usage_mask, | |
762 &private_key_usage_mask); | |
763 if (status.IsError()) | |
764 return status; | |
765 | |
606 // TODO(padolph): Handle other asymmetric algorithm key generation. | 766 // TODO(padolph): Handle other asymmetric algorithm key generation. |
607 switch (algorithm.paramsType()) { | 767 switch (algorithm.paramsType()) { |
608 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: | 768 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: |
609 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: { | 769 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: { |
610 const blink::WebCryptoRsaKeyGenParams* params = NULL; | 770 const blink::WebCryptoRsaKeyGenParams* params = NULL; |
611 blink::WebCryptoAlgorithm hash_or_null = | 771 blink::WebCryptoAlgorithm hash_or_null = |
612 blink::WebCryptoAlgorithm::createNull(); | 772 blink::WebCryptoAlgorithm::createNull(); |
613 if (algorithm.rsaHashedKeyGenParams()) { | 773 if (algorithm.rsaHashedKeyGenParams()) { |
614 params = algorithm.rsaHashedKeyGenParams(); | 774 params = algorithm.rsaHashedKeyGenParams(); |
615 hash_or_null = algorithm.rsaHashedKeyGenParams()->hash(); | 775 hash_or_null = algorithm.rsaHashedKeyGenParams()->hash(); |
616 } else { | 776 } else { |
617 params = algorithm.rsaKeyGenParams(); | 777 params = algorithm.rsaKeyGenParams(); |
618 } | 778 } |
619 | 779 |
620 if (!params->modulusLengthBits()) | 780 if (!params->modulusLengthBits()) |
621 return Status::ErrorGenerateRsaZeroModulus(); | 781 return Status::ErrorGenerateRsaZeroModulus(); |
622 | 782 |
623 CryptoData publicExponent(params->publicExponent()); | 783 CryptoData publicExponent(params->publicExponent()); |
624 if (!publicExponent.byte_length()) | 784 if (!publicExponent.byte_length()) |
625 return Status::ErrorGenerateKeyPublicExponent(); | 785 return Status::ErrorGenerateKeyPublicExponent(); |
626 | 786 |
627 return platform::GenerateRsaKeyPair(algorithm, | 787 return platform::GenerateRsaKeyPair(algorithm, |
628 extractable, | 788 extractable, |
629 usage_mask, | 789 public_key_usage_mask, |
790 private_key_usage_mask, | |
630 params->modulusLengthBits(), | 791 params->modulusLengthBits(), |
631 publicExponent, | 792 publicExponent, |
632 hash_or_null, | 793 hash_or_null, |
633 public_key, | 794 public_key, |
634 private_key); | 795 private_key); |
635 } | 796 } |
636 default: | 797 default: |
637 return Status::ErrorUnsupported(); | 798 return Status::ErrorUnsupported(); |
638 } | 799 } |
639 } | 800 } |
640 | 801 |
641 // Note that this function may be called from the target Blink thread. | 802 // Note that this function may be called from the target Blink thread. |
642 Status ImportKey(blink::WebCryptoKeyFormat format, | 803 Status ImportKey(blink::WebCryptoKeyFormat format, |
643 const CryptoData& key_data, | 804 const CryptoData& key_data, |
644 const blink::WebCryptoAlgorithm& algorithm, | 805 const blink::WebCryptoAlgorithm& algorithm, |
645 bool extractable, | 806 bool extractable, |
646 blink::WebCryptoKeyUsageMask usage_mask, | 807 blink::WebCryptoKeyUsageMask usage_mask, |
647 blink::WebCryptoKey* key) { | 808 blink::WebCryptoKey* key) { |
648 switch (format) { | 809 Status status = ImportKeyDontCheckKeyUsages( |
649 case blink::WebCryptoKeyFormatRaw: | 810 format, key_data, algorithm, extractable, usage_mask, key); |
Ryan Sleevi
2014/05/15 06:29:40
Shouldn't we be able to fast-fail if |algorithm| a
eroman
2014/05/16 00:04:37
I opted to do the key usages test *after* key crea
Ryan Sleevi
2014/05/19 23:06:29
For the similar reasons as the generate case above
eroman
2014/05/20 01:27:57
FYI: I am updating the CL to do fail-fast wherever
| |
650 return ImportKeyRaw(key_data, algorithm, extractable, usage_mask, key); | 811 |
651 case blink::WebCryptoKeyFormatSpki: | 812 if (status.IsError()) |
652 return platform::ImportKeySpki( | 813 return status; |
653 algorithm, key_data, extractable, usage_mask, key); | 814 |
654 case blink::WebCryptoKeyFormatPkcs8: | 815 return CheckKeyUsages(algorithm.id(), key->type(), usage_mask); |
655 return platform::ImportKeyPkcs8( | |
656 algorithm, key_data, extractable, usage_mask, key); | |
657 case blink::WebCryptoKeyFormatJwk: | |
658 return ImportKeyJwk(key_data, algorithm, extractable, usage_mask, key); | |
659 default: | |
660 return Status::ErrorUnsupported(); | |
661 } | |
662 } | 816 } |
663 | 817 |
664 // TODO(eroman): Move this to anonymous namespace. | 818 // TODO(eroman): Move this to anonymous namespace. |
665 Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format, | 819 Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format, |
666 const blink::WebCryptoKey& key, | 820 const blink::WebCryptoKey& key, |
667 std::vector<uint8>* buffer) { | 821 std::vector<uint8>* buffer) { |
668 switch (format) { | 822 switch (format) { |
669 case blink::WebCryptoKeyFormatRaw: { | 823 case blink::WebCryptoKeyFormatRaw: { |
670 platform::SymKey* sym_key; | 824 platform::SymKey* sym_key; |
671 Status status = ToPlatformSymKey(key, &sym_key); | 825 Status status = ToPlatformSymKey(key, &sym_key); |
(...skipping 104 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
776 } | 930 } |
777 | 931 |
778 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 932 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
779 const CryptoData& wrapped_key_data, | 933 const CryptoData& wrapped_key_data, |
780 const blink::WebCryptoKey& wrapping_key, | 934 const blink::WebCryptoKey& wrapping_key, |
781 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 935 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
782 const blink::WebCryptoAlgorithm& algorithm, | 936 const blink::WebCryptoAlgorithm& algorithm, |
783 bool extractable, | 937 bool extractable, |
784 blink::WebCryptoKeyUsageMask usage_mask, | 938 blink::WebCryptoKeyUsageMask usage_mask, |
785 blink::WebCryptoKey* key) { | 939 blink::WebCryptoKey* key) { |
786 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 940 Status status = UnwrapKeyDontCheckKeyUsages(format, |
787 return Status::ErrorUnexpected(); | 941 wrapped_key_data, |
788 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 942 wrapping_key, |
789 return Status::ErrorUnexpected(); | 943 wrapping_algorithm, |
944 algorithm, | |
945 extractable, | |
946 usage_mask, | |
947 key); | |
948 if (status.IsError()) | |
949 return status; | |
790 | 950 |
791 switch (format) { | 951 return CheckKeyUsages(algorithm.id(), key->type(), usage_mask); |
792 case blink::WebCryptoKeyFormatRaw: | |
793 return UnwrapKeyRaw(wrapped_key_data, | |
794 wrapping_key, | |
795 wrapping_algorithm, | |
796 algorithm, | |
797 extractable, | |
798 usage_mask, | |
799 key); | |
800 case blink::WebCryptoKeyFormatJwk: | |
801 return UnwrapKeyDecryptAndImport(format, | |
802 wrapped_key_data, | |
803 wrapping_key, | |
804 wrapping_algorithm, | |
805 algorithm, | |
806 extractable, | |
807 usage_mask, | |
808 key); | |
809 case blink::WebCryptoKeyFormatSpki: | |
810 case blink::WebCryptoKeyFormatPkcs8: | |
811 return Status::ErrorUnsupported(); // TODO(padolph) | |
812 default: | |
813 NOTREACHED(); | |
814 return Status::ErrorUnsupported(); | |
815 } | |
816 } | 952 } |
817 | 953 |
818 // Note that this function is called from the target Blink thread. | 954 // Note that this function is called from the target Blink thread. |
819 bool SerializeKeyForClone(const blink::WebCryptoKey& key, | 955 bool SerializeKeyForClone(const blink::WebCryptoKey& key, |
820 blink::WebVector<uint8>* key_data) { | 956 blink::WebVector<uint8>* key_data) { |
821 return static_cast<webcrypto::platform::Key*>(key.handle()) | 957 return static_cast<webcrypto::platform::Key*>(key.handle()) |
822 ->ThreadSafeSerializeForClone(key_data); | 958 ->ThreadSafeSerializeForClone(key_data); |
823 } | 959 } |
824 | 960 |
825 // Note that this function is called from the target Blink thread. | 961 // Note that this function is called from the target Blink thread. |
(...skipping 18 matching lines...) Expand all Loading... | |
844 usage_mask, | 980 usage_mask, |
845 key); | 981 key); |
846 if (status.IsError()) | 982 if (status.IsError()) |
847 return false; | 983 return false; |
848 return ValidateDeserializedKey(*key, algorithm, type); | 984 return ValidateDeserializedKey(*key, algorithm, type); |
849 } | 985 } |
850 | 986 |
851 } // namespace webcrypto | 987 } // namespace webcrypto |
852 | 988 |
853 } // namespace content | 989 } // namespace content |
OLD | NEW |