OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
(...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
96 return platform::EncryptDecryptAesGcm( | 96 return platform::EncryptDecryptAesGcm( |
97 mode, | 97 mode, |
98 sym_key, | 98 sym_key, |
99 data, | 99 data, |
100 CryptoData(params->iv()), | 100 CryptoData(params->iv()), |
101 CryptoData(params->optionalAdditionalData()), | 101 CryptoData(params->optionalAdditionalData()), |
102 tag_length_bits, | 102 tag_length_bits, |
103 buffer); | 103 buffer); |
104 } | 104 } |
105 | 105 |
106 Status EncryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, | |
107 const blink::WebCryptoKey& key, | |
108 const CryptoData& data, | |
109 std::vector<uint8>* buffer) { | |
110 platform::PublicKey* public_key; | |
111 Status status = ToPlatformPublicKey(key, &public_key); | |
112 if (status.IsError()) | |
113 return status; | |
114 | |
115 // RSAES encryption does not support empty input | |
116 if (!data.byte_length()) | |
117 return Status::ErrorDataTooSmall(); | |
118 | |
119 return platform::EncryptRsaEsPkcs1v1_5(public_key, data, buffer); | |
120 } | |
121 | |
122 Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, | |
123 const blink::WebCryptoKey& key, | |
124 const CryptoData& data, | |
125 std::vector<uint8>* buffer) { | |
126 platform::PrivateKey* private_key; | |
127 Status status = ToPlatformPrivateKey(key, &private_key); | |
128 if (status.IsError()) | |
129 return status; | |
130 | |
131 // RSAES decryption does not support empty input | |
132 if (!data.byte_length()) | |
133 return Status::ErrorDataTooSmall(); | |
134 | |
135 return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer); | |
136 } | |
137 | |
138 Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, | 106 Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, |
139 const blink::WebCryptoKey& key, | 107 const blink::WebCryptoKey& key, |
140 const CryptoData& data, | 108 const CryptoData& data, |
141 std::vector<uint8>* buffer) { | 109 std::vector<uint8>* buffer) { |
142 platform::PublicKey* public_key; | 110 platform::PublicKey* public_key; |
143 Status status = ToPlatformPublicKey(key, &public_key); | 111 Status status = ToPlatformPublicKey(key, &public_key); |
144 if (status.IsError()) | 112 if (status.IsError()) |
145 return status; | 113 return status; |
146 | 114 |
147 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); | 115 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); |
(...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 | 242 |
275 NOTREACHED(); | 243 NOTREACHED(); |
276 return blink::WebCryptoKeyFormatRaw; | 244 return blink::WebCryptoKeyFormatRaw; |
277 } | 245 } |
278 | 246 |
279 // Converts a KeyAlgorithm into an equivalent Algorithm for import. | 247 // Converts a KeyAlgorithm into an equivalent Algorithm for import. |
280 blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm( | 248 blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm( |
281 const blink::WebCryptoKeyAlgorithm& algorithm) { | 249 const blink::WebCryptoKeyAlgorithm& algorithm) { |
282 switch (algorithm.paramsType()) { | 250 switch (algorithm.paramsType()) { |
283 case blink::WebCryptoKeyAlgorithmParamsTypeAes: | 251 case blink::WebCryptoKeyAlgorithmParamsTypeAes: |
284 case blink::WebCryptoKeyAlgorithmParamsTypeRsa: | |
285 return CreateAlgorithm(algorithm.id()); | 252 return CreateAlgorithm(algorithm.id()); |
286 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: | 253 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: |
287 return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id()); | 254 return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id()); |
288 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: | 255 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: |
289 return CreateRsaHashedImportAlgorithm( | 256 return CreateRsaHashedImportAlgorithm( |
290 algorithm.id(), algorithm.rsaHashedParams()->hash().id()); | 257 algorithm.id(), algorithm.rsaHashedParams()->hash().id()); |
291 case blink::WebCryptoKeyAlgorithmParamsTypeNone: | 258 case blink::WebCryptoKeyAlgorithmParamsTypeNone: |
292 break; | 259 break; |
| 260 default: |
| 261 break; |
293 } | 262 } |
294 return blink::WebCryptoAlgorithm::createNull(); | 263 return blink::WebCryptoAlgorithm::createNull(); |
295 } | 264 } |
296 | 265 |
297 // There is some duplicated information in the serialized format used by | 266 // There is some duplicated information in the serialized format used by |
298 // structured clone (since the KeyAlgorithm is serialized separately from the | 267 // structured clone (since the KeyAlgorithm is serialized separately from the |
299 // key data). Use this extra information to further validate what was | 268 // key data). Use this extra information to further validate what was |
300 // deserialized from the key data. | 269 // deserialized from the key data. |
301 // | 270 // |
302 // A failure here implies either a bug in the code, or that the serialized data | 271 // A failure here implies either a bug in the code, or that the serialized data |
303 // was corrupted. | 272 // was corrupted. |
304 bool ValidateDeserializedKey(const blink::WebCryptoKey& key, | 273 bool ValidateDeserializedKey(const blink::WebCryptoKey& key, |
305 const blink::WebCryptoKeyAlgorithm& algorithm, | 274 const blink::WebCryptoKeyAlgorithm& algorithm, |
306 blink::WebCryptoKeyType type) { | 275 blink::WebCryptoKeyType type) { |
307 if (algorithm.id() != key.algorithm().id()) | 276 if (algorithm.id() != key.algorithm().id()) |
308 return false; | 277 return false; |
309 | 278 |
310 if (key.type() != type) | 279 if (key.type() != type) |
311 return false; | 280 return false; |
312 | 281 |
313 switch (algorithm.paramsType()) { | 282 switch (algorithm.paramsType()) { |
314 case blink::WebCryptoKeyAlgorithmParamsTypeAes: | 283 case blink::WebCryptoKeyAlgorithmParamsTypeAes: |
315 if (algorithm.aesParams()->lengthBits() != | 284 if (algorithm.aesParams()->lengthBits() != |
316 key.algorithm().aesParams()->lengthBits()) | 285 key.algorithm().aesParams()->lengthBits()) |
317 return false; | 286 return false; |
318 break; | 287 break; |
319 case blink::WebCryptoKeyAlgorithmParamsTypeRsa: | |
320 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: | 288 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: |
321 if (algorithm.rsaParams()->modulusLengthBits() != | 289 if (algorithm.rsaHashedParams()->modulusLengthBits() != |
322 key.algorithm().rsaParams()->modulusLengthBits()) | 290 key.algorithm().rsaHashedParams()->modulusLengthBits()) |
323 return false; | 291 return false; |
324 if (algorithm.rsaParams()->publicExponent().size() != | 292 if (algorithm.rsaHashedParams()->publicExponent().size() != |
325 key.algorithm().rsaParams()->publicExponent().size()) | 293 key.algorithm().rsaHashedParams()->publicExponent().size()) |
326 return false; | 294 return false; |
327 if (memcmp(algorithm.rsaParams()->publicExponent().data(), | 295 if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(), |
328 key.algorithm().rsaParams()->publicExponent().data(), | 296 key.algorithm().rsaHashedParams()->publicExponent().data(), |
329 key.algorithm().rsaParams()->publicExponent().size()) != 0) | 297 key.algorithm().rsaHashedParams()->publicExponent().size()) != |
| 298 0) |
330 return false; | 299 return false; |
331 break; | 300 break; |
332 case blink::WebCryptoKeyAlgorithmParamsTypeNone: | 301 case blink::WebCryptoKeyAlgorithmParamsTypeNone: |
333 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: | 302 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: |
334 break; | 303 break; |
| 304 default: |
| 305 return false; |
335 } | 306 } |
336 | 307 |
337 return true; | 308 return true; |
338 } | 309 } |
339 | 310 |
340 // Validates the size of data input to AES-KW. AES-KW requires the input data | 311 // Validates the size of data input to AES-KW. AES-KW requires the input data |
341 // size to be at least 24 bytes and a multiple of 8 bytes. | 312 // size to be at least 24 bytes and a multiple of 8 bytes. |
342 Status CheckAesKwInputSize(const CryptoData& aeskw_input_data) { | 313 Status CheckAesKwInputSize(const CryptoData& aeskw_input_data) { |
343 if (aeskw_input_data.byte_length() < 24) | 314 if (aeskw_input_data.byte_length() < 24) |
344 return Status::ErrorDataTooSmall(); | 315 return Status::ErrorDataTooSmall(); |
(...skipping 19 matching lines...) Expand all Loading... |
364 status = CheckAesKwInputSize(wrapped_key_data); | 335 status = CheckAesKwInputSize(wrapped_key_data); |
365 if (status.IsError()) | 336 if (status.IsError()) |
366 return status; | 337 return status; |
367 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 338 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
368 platform_wrapping_key, | 339 platform_wrapping_key, |
369 algorithm, | 340 algorithm, |
370 extractable, | 341 extractable, |
371 usage_mask, | 342 usage_mask, |
372 key); | 343 key); |
373 } | 344 } |
374 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
375 platform::PrivateKey* platform_wrapping_key; | |
376 Status status = | |
377 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); | |
378 if (status.IsError()) | |
379 return status; | |
380 if (!wrapped_key_data.byte_length()) | |
381 return Status::ErrorDataTooSmall(); | |
382 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, | |
383 platform_wrapping_key, | |
384 algorithm, | |
385 extractable, | |
386 usage_mask, | |
387 key); | |
388 } | |
389 default: | 345 default: |
390 return Status::ErrorUnsupported(); | 346 return Status::ErrorUnsupported(); |
391 } | 347 } |
392 } | 348 } |
393 | 349 |
394 Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap, | 350 Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap, |
395 const blink::WebCryptoKey& wrapping_key, | 351 const blink::WebCryptoKey& wrapping_key, |
396 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 352 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
397 std::vector<uint8>* buffer) { | 353 std::vector<uint8>* buffer) { |
398 // A raw key is always a symmetric key. | 354 // A raw key is always a symmetric key. |
399 platform::SymKey* platform_key; | 355 platform::SymKey* platform_key; |
400 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); | 356 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
401 if (status.IsError()) | 357 if (status.IsError()) |
402 return status; | 358 return status; |
403 | 359 |
404 // TODO(padolph): Handle other wrapping algorithms | 360 // TODO(padolph): Handle other wrapping algorithms |
405 switch (wrapping_algorithm.id()) { | 361 switch (wrapping_algorithm.id()) { |
406 case blink::WebCryptoAlgorithmIdAesKw: { | 362 case blink::WebCryptoAlgorithmIdAesKw: { |
407 platform::SymKey* platform_wrapping_key; | 363 platform::SymKey* platform_wrapping_key; |
408 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | 364 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
409 if (status.IsError()) | 365 if (status.IsError()) |
410 return status; | 366 return status; |
411 return platform::WrapSymKeyAesKw( | 367 return platform::WrapSymKeyAesKw( |
412 platform_key, platform_wrapping_key, buffer); | 368 platform_key, platform_wrapping_key, buffer); |
413 } | 369 } |
414 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
415 platform::PublicKey* platform_wrapping_key; | |
416 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); | |
417 if (status.IsError()) | |
418 return status; | |
419 return platform::WrapSymKeyRsaEs( | |
420 platform_key, platform_wrapping_key, buffer); | |
421 } | |
422 default: | 370 default: |
423 return Status::ErrorUnsupported(); | 371 return Status::ErrorUnsupported(); |
424 } | 372 } |
425 } | 373 } |
426 | 374 |
427 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, | 375 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, |
428 const blink::WebCryptoKey& key, | 376 const blink::WebCryptoKey& key, |
429 const CryptoData& data, | 377 const CryptoData& data, |
430 std::vector<uint8>* buffer) { | 378 std::vector<uint8>* buffer) { |
431 platform::SymKey* sym_key; | 379 platform::SymKey* sym_key; |
(...skipping 10 matching lines...) Expand all Loading... |
442 const blink::WebCryptoKey& key, | 390 const blink::WebCryptoKey& key, |
443 const CryptoData& data, | 391 const CryptoData& data, |
444 std::vector<uint8>* buffer) { | 392 std::vector<uint8>* buffer) { |
445 if (algorithm.id() != key.algorithm().id()) | 393 if (algorithm.id() != key.algorithm().id()) |
446 return Status::ErrorUnexpected(); | 394 return Status::ErrorUnexpected(); |
447 switch (algorithm.id()) { | 395 switch (algorithm.id()) { |
448 case blink::WebCryptoAlgorithmIdAesCbc: | 396 case blink::WebCryptoAlgorithmIdAesCbc: |
449 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); | 397 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); |
450 case blink::WebCryptoAlgorithmIdAesGcm: | 398 case blink::WebCryptoAlgorithmIdAesGcm: |
451 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); | 399 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); |
452 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | |
453 return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | |
454 case blink::WebCryptoAlgorithmIdRsaOaep: | 400 case blink::WebCryptoAlgorithmIdRsaOaep: |
455 return DecryptRsaOaep(algorithm, key, data, buffer); | 401 return DecryptRsaOaep(algorithm, key, data, buffer); |
456 case blink::WebCryptoAlgorithmIdAesKw: | 402 case blink::WebCryptoAlgorithmIdAesKw: |
457 return DecryptAesKw(algorithm, key, data, buffer); | 403 return DecryptAesKw(algorithm, key, data, buffer); |
458 default: | 404 default: |
459 return Status::ErrorUnsupported(); | 405 return Status::ErrorUnsupported(); |
460 } | 406 } |
461 } | 407 } |
462 | 408 |
463 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, | 409 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, |
464 const blink::WebCryptoKey& key, | 410 const blink::WebCryptoKey& key, |
465 const CryptoData& data, | 411 const CryptoData& data, |
466 std::vector<uint8>* buffer) { | 412 std::vector<uint8>* buffer) { |
467 if (algorithm.id() != key.algorithm().id()) | 413 if (algorithm.id() != key.algorithm().id()) |
468 return Status::ErrorUnexpected(); | 414 return Status::ErrorUnexpected(); |
469 switch (algorithm.id()) { | 415 switch (algorithm.id()) { |
470 case blink::WebCryptoAlgorithmIdAesCbc: | 416 case blink::WebCryptoAlgorithmIdAesCbc: |
471 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); | 417 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); |
472 case blink::WebCryptoAlgorithmIdAesGcm: | 418 case blink::WebCryptoAlgorithmIdAesGcm: |
473 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); | 419 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); |
474 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | |
475 return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | |
476 case blink::WebCryptoAlgorithmIdRsaOaep: | 420 case blink::WebCryptoAlgorithmIdRsaOaep: |
477 return EncryptRsaOaep(algorithm, key, data, buffer); | 421 return EncryptRsaOaep(algorithm, key, data, buffer); |
478 default: | 422 default: |
479 return Status::ErrorUnsupported(); | 423 return Status::ErrorUnsupported(); |
480 } | 424 } |
481 } | 425 } |
482 | 426 |
483 Status UnwrapKeyDecryptAndImport( | 427 Status UnwrapKeyDecryptAndImport( |
484 blink::WebCryptoKeyFormat format, | 428 blink::WebCryptoKeyFormat format, |
485 const CryptoData& wrapped_key_data, | 429 const CryptoData& wrapped_key_data, |
(...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
618 algorithm, extractable, usage_mask, keylen_bytes, key); | 562 algorithm, extractable, usage_mask, keylen_bytes, key); |
619 } | 563 } |
620 | 564 |
621 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 565 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
622 bool extractable, | 566 bool extractable, |
623 blink::WebCryptoKeyUsageMask usage_mask, | 567 blink::WebCryptoKeyUsageMask usage_mask, |
624 blink::WebCryptoKey* public_key, | 568 blink::WebCryptoKey* public_key, |
625 blink::WebCryptoKey* private_key) { | 569 blink::WebCryptoKey* private_key) { |
626 // TODO(padolph): Handle other asymmetric algorithm key generation. | 570 // TODO(padolph): Handle other asymmetric algorithm key generation. |
627 switch (algorithm.paramsType()) { | 571 switch (algorithm.paramsType()) { |
628 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: | 572 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: { |
629 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: { | 573 const blink::WebCryptoRsaHashedKeyGenParams* params = |
630 const blink::WebCryptoRsaKeyGenParams* params = NULL; | 574 algorithm.rsaHashedKeyGenParams(); |
631 blink::WebCryptoAlgorithm hash_or_null = | |
632 blink::WebCryptoAlgorithm::createNull(); | |
633 if (algorithm.rsaHashedKeyGenParams()) { | |
634 params = algorithm.rsaHashedKeyGenParams(); | |
635 hash_or_null = algorithm.rsaHashedKeyGenParams()->hash(); | |
636 } else { | |
637 params = algorithm.rsaKeyGenParams(); | |
638 } | |
639 | 575 |
640 if (!params->modulusLengthBits()) | 576 if (!params->modulusLengthBits()) |
641 return Status::ErrorGenerateRsaZeroModulus(); | 577 return Status::ErrorGenerateRsaZeroModulus(); |
642 | 578 |
643 CryptoData publicExponent(params->publicExponent()); | 579 CryptoData publicExponent(params->publicExponent()); |
644 if (!publicExponent.byte_length()) | 580 if (!publicExponent.byte_length()) |
645 return Status::ErrorGenerateKeyPublicExponent(); | 581 return Status::ErrorGenerateKeyPublicExponent(); |
646 | 582 |
647 return platform::GenerateRsaKeyPair(algorithm, | 583 return platform::GenerateRsaKeyPair(algorithm, |
648 extractable, | 584 extractable, |
649 usage_mask, | 585 usage_mask, |
650 params->modulusLengthBits(), | 586 params->modulusLengthBits(), |
651 publicExponent, | 587 publicExponent, |
652 hash_or_null, | |
653 public_key, | 588 public_key, |
654 private_key); | 589 private_key); |
655 } | 590 } |
656 default: | 591 default: |
657 return Status::ErrorUnsupported(); | 592 return Status::ErrorUnsupported(); |
658 } | 593 } |
659 } | 594 } |
660 | 595 |
661 // Note that this function may be called from the target Blink thread. | 596 // Note that this function may be called from the target Blink thread. |
662 Status ImportKey(blink::WebCryptoKeyFormat format, | 597 Status ImportKey(blink::WebCryptoKeyFormat format, |
(...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
775 const blink::WebCryptoKey& wrapping_key, | 710 const blink::WebCryptoKey& wrapping_key, |
776 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 711 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
777 std::vector<uint8>* buffer) { | 712 std::vector<uint8>* buffer) { |
778 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 713 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
779 return Status::ErrorUnexpected(); | 714 return Status::ErrorUnexpected(); |
780 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 715 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
781 return Status::ErrorUnexpected(); | 716 return Status::ErrorUnexpected(); |
782 | 717 |
783 switch (format) { | 718 switch (format) { |
784 case blink::WebCryptoKeyFormatRaw: | 719 case blink::WebCryptoKeyFormatRaw: |
785 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || | 720 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
786 wrapping_algorithm.id() == | |
787 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { | |
788 // AES-KW is a special case, due to NSS's implementation only | 721 // AES-KW is a special case, due to NSS's implementation only |
789 // supporting C_Wrap/C_Unwrap with AES-KW | 722 // supporting C_Wrap/C_Unwrap with AES-KW |
790 return WrapKeyRaw( | 723 return WrapKeyRaw( |
791 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 724 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
792 } | 725 } |
793 return WrapKeyExportAndEncrypt( | 726 return WrapKeyExportAndEncrypt( |
794 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 727 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
795 case blink::WebCryptoKeyFormatJwk: | 728 case blink::WebCryptoKeyFormatJwk: |
796 return WrapKeyExportAndEncrypt( | 729 return WrapKeyExportAndEncrypt( |
797 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 730 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
(...skipping 14 matching lines...) Expand all Loading... |
812 bool extractable, | 745 bool extractable, |
813 blink::WebCryptoKeyUsageMask usage_mask, | 746 blink::WebCryptoKeyUsageMask usage_mask, |
814 blink::WebCryptoKey* key) { | 747 blink::WebCryptoKey* key) { |
815 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 748 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
816 return Status::ErrorUnexpected(); | 749 return Status::ErrorUnexpected(); |
817 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 750 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
818 return Status::ErrorUnexpected(); | 751 return Status::ErrorUnexpected(); |
819 | 752 |
820 switch (format) { | 753 switch (format) { |
821 case blink::WebCryptoKeyFormatRaw: | 754 case blink::WebCryptoKeyFormatRaw: |
822 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || | 755 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
823 wrapping_algorithm.id() == | |
824 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { | |
825 // AES-KW is a special case, due to NSS's implementation only | 756 // AES-KW is a special case, due to NSS's implementation only |
826 // supporting C_Wrap/C_Unwrap with AES-KW | 757 // supporting C_Wrap/C_Unwrap with AES-KW |
827 return UnwrapKeyRaw(wrapped_key_data, | 758 return UnwrapKeyRaw(wrapped_key_data, |
828 wrapping_key, | 759 wrapping_key, |
829 wrapping_algorithm, | 760 wrapping_algorithm, |
830 algorithm, | 761 algorithm, |
831 extractable, | 762 extractable, |
832 usage_mask, | 763 usage_mask, |
833 key); | 764 key); |
834 } | 765 } |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
911 platform::PrivateKey** out) { | 842 platform::PrivateKey** out) { |
912 *out = static_cast<platform::Key*>(key.handle())->AsPrivateKey(); | 843 *out = static_cast<platform::Key*>(key.handle())->AsPrivateKey(); |
913 if (!*out) | 844 if (!*out) |
914 return Status::ErrorUnexpectedKeyType(); | 845 return Status::ErrorUnexpectedKeyType(); |
915 return Status::Success(); | 846 return Status::Success(); |
916 } | 847 } |
917 | 848 |
918 } // namespace webcrypto | 849 } // namespace webcrypto |
919 | 850 |
920 } // namespace content | 851 } // namespace content |
OLD | NEW |