| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
| 10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
| (...skipping 85 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 96 return platform::EncryptDecryptAesGcm( | 96 return platform::EncryptDecryptAesGcm( |
| 97 mode, | 97 mode, |
| 98 sym_key, | 98 sym_key, |
| 99 data, | 99 data, |
| 100 CryptoData(params->iv()), | 100 CryptoData(params->iv()), |
| 101 CryptoData(params->optionalAdditionalData()), | 101 CryptoData(params->optionalAdditionalData()), |
| 102 tag_length_bits, | 102 tag_length_bits, |
| 103 buffer); | 103 buffer); |
| 104 } | 104 } |
| 105 | 105 |
| 106 Status EncryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, | |
| 107 const blink::WebCryptoKey& key, | |
| 108 const CryptoData& data, | |
| 109 std::vector<uint8>* buffer) { | |
| 110 platform::PublicKey* public_key; | |
| 111 Status status = ToPlatformPublicKey(key, &public_key); | |
| 112 if (status.IsError()) | |
| 113 return status; | |
| 114 | |
| 115 // RSAES encryption does not support empty input | |
| 116 if (!data.byte_length()) | |
| 117 return Status::ErrorDataTooSmall(); | |
| 118 | |
| 119 return platform::EncryptRsaEsPkcs1v1_5(public_key, data, buffer); | |
| 120 } | |
| 121 | |
| 122 Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm, | |
| 123 const blink::WebCryptoKey& key, | |
| 124 const CryptoData& data, | |
| 125 std::vector<uint8>* buffer) { | |
| 126 platform::PrivateKey* private_key; | |
| 127 Status status = ToPlatformPrivateKey(key, &private_key); | |
| 128 if (status.IsError()) | |
| 129 return status; | |
| 130 | |
| 131 // RSAES decryption does not support empty input | |
| 132 if (!data.byte_length()) | |
| 133 return Status::ErrorDataTooSmall(); | |
| 134 | |
| 135 return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer); | |
| 136 } | |
| 137 | |
| 138 Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, | 106 Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, |
| 139 const blink::WebCryptoKey& key, | 107 const blink::WebCryptoKey& key, |
| 140 const CryptoData& data, | 108 const CryptoData& data, |
| 141 std::vector<uint8>* buffer) { | 109 std::vector<uint8>* buffer) { |
| 142 platform::PublicKey* public_key; | 110 platform::PublicKey* public_key; |
| 143 Status status = ToPlatformPublicKey(key, &public_key); | 111 Status status = ToPlatformPublicKey(key, &public_key); |
| 144 if (status.IsError()) | 112 if (status.IsError()) |
| 145 return status; | 113 return status; |
| 146 | 114 |
| 147 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); | 115 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); |
| (...skipping 126 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 | 242 |
| 275 NOTREACHED(); | 243 NOTREACHED(); |
| 276 return blink::WebCryptoKeyFormatRaw; | 244 return blink::WebCryptoKeyFormatRaw; |
| 277 } | 245 } |
| 278 | 246 |
| 279 // Converts a KeyAlgorithm into an equivalent Algorithm for import. | 247 // Converts a KeyAlgorithm into an equivalent Algorithm for import. |
| 280 blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm( | 248 blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm( |
| 281 const blink::WebCryptoKeyAlgorithm& algorithm) { | 249 const blink::WebCryptoKeyAlgorithm& algorithm) { |
| 282 switch (algorithm.paramsType()) { | 250 switch (algorithm.paramsType()) { |
| 283 case blink::WebCryptoKeyAlgorithmParamsTypeAes: | 251 case blink::WebCryptoKeyAlgorithmParamsTypeAes: |
| 284 case blink::WebCryptoKeyAlgorithmParamsTypeRsa: | |
| 285 return CreateAlgorithm(algorithm.id()); | 252 return CreateAlgorithm(algorithm.id()); |
| 286 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: | 253 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: |
| 287 return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id()); | 254 return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id()); |
| 288 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: | 255 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: |
| 289 return CreateRsaHashedImportAlgorithm( | 256 return CreateRsaHashedImportAlgorithm( |
| 290 algorithm.id(), algorithm.rsaHashedParams()->hash().id()); | 257 algorithm.id(), algorithm.rsaHashedParams()->hash().id()); |
| 291 case blink::WebCryptoKeyAlgorithmParamsTypeNone: | 258 case blink::WebCryptoKeyAlgorithmParamsTypeNone: |
| 292 break; | 259 break; |
| 260 default: |
| 261 break; |
| 293 } | 262 } |
| 294 return blink::WebCryptoAlgorithm::createNull(); | 263 return blink::WebCryptoAlgorithm::createNull(); |
| 295 } | 264 } |
| 296 | 265 |
| 297 // There is some duplicated information in the serialized format used by | 266 // There is some duplicated information in the serialized format used by |
| 298 // structured clone (since the KeyAlgorithm is serialized separately from the | 267 // structured clone (since the KeyAlgorithm is serialized separately from the |
| 299 // key data). Use this extra information to further validate what was | 268 // key data). Use this extra information to further validate what was |
| 300 // deserialized from the key data. | 269 // deserialized from the key data. |
| 301 // | 270 // |
| 302 // A failure here implies either a bug in the code, or that the serialized data | 271 // A failure here implies either a bug in the code, or that the serialized data |
| 303 // was corrupted. | 272 // was corrupted. |
| 304 bool ValidateDeserializedKey(const blink::WebCryptoKey& key, | 273 bool ValidateDeserializedKey(const blink::WebCryptoKey& key, |
| 305 const blink::WebCryptoKeyAlgorithm& algorithm, | 274 const blink::WebCryptoKeyAlgorithm& algorithm, |
| 306 blink::WebCryptoKeyType type) { | 275 blink::WebCryptoKeyType type) { |
| 307 if (algorithm.id() != key.algorithm().id()) | 276 if (algorithm.id() != key.algorithm().id()) |
| 308 return false; | 277 return false; |
| 309 | 278 |
| 310 if (key.type() != type) | 279 if (key.type() != type) |
| 311 return false; | 280 return false; |
| 312 | 281 |
| 313 switch (algorithm.paramsType()) { | 282 switch (algorithm.paramsType()) { |
| 314 case blink::WebCryptoKeyAlgorithmParamsTypeAes: | 283 case blink::WebCryptoKeyAlgorithmParamsTypeAes: |
| 315 if (algorithm.aesParams()->lengthBits() != | 284 if (algorithm.aesParams()->lengthBits() != |
| 316 key.algorithm().aesParams()->lengthBits()) | 285 key.algorithm().aesParams()->lengthBits()) |
| 317 return false; | 286 return false; |
| 318 break; | 287 break; |
| 319 case blink::WebCryptoKeyAlgorithmParamsTypeRsa: | |
| 320 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: | 288 case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: |
| 321 if (algorithm.rsaParams()->modulusLengthBits() != | 289 if (algorithm.rsaHashedParams()->modulusLengthBits() != |
| 322 key.algorithm().rsaParams()->modulusLengthBits()) | 290 key.algorithm().rsaHashedParams()->modulusLengthBits()) |
| 323 return false; | 291 return false; |
| 324 if (algorithm.rsaParams()->publicExponent().size() != | 292 if (algorithm.rsaHashedParams()->publicExponent().size() != |
| 325 key.algorithm().rsaParams()->publicExponent().size()) | 293 key.algorithm().rsaHashedParams()->publicExponent().size()) |
| 326 return false; | 294 return false; |
| 327 if (memcmp(algorithm.rsaParams()->publicExponent().data(), | 295 if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(), |
| 328 key.algorithm().rsaParams()->publicExponent().data(), | 296 key.algorithm().rsaHashedParams()->publicExponent().data(), |
| 329 key.algorithm().rsaParams()->publicExponent().size()) != 0) | 297 key.algorithm().rsaHashedParams()->publicExponent().size()) != |
| 298 0) |
| 330 return false; | 299 return false; |
| 331 break; | 300 break; |
| 332 case blink::WebCryptoKeyAlgorithmParamsTypeNone: | 301 case blink::WebCryptoKeyAlgorithmParamsTypeNone: |
| 333 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: | 302 case blink::WebCryptoKeyAlgorithmParamsTypeHmac: |
| 334 break; | 303 break; |
| 304 default: |
| 305 return false; |
| 335 } | 306 } |
| 336 | 307 |
| 337 return true; | 308 return true; |
| 338 } | 309 } |
| 339 | 310 |
| 340 // Validates the size of data input to AES-KW. AES-KW requires the input data | 311 // Validates the size of data input to AES-KW. AES-KW requires the input data |
| 341 // size to be at least 24 bytes and a multiple of 8 bytes. | 312 // size to be at least 24 bytes and a multiple of 8 bytes. |
| 342 Status CheckAesKwInputSize(const CryptoData& aeskw_input_data) { | 313 Status CheckAesKwInputSize(const CryptoData& aeskw_input_data) { |
| 343 if (aeskw_input_data.byte_length() < 24) | 314 if (aeskw_input_data.byte_length() < 24) |
| 344 return Status::ErrorDataTooSmall(); | 315 return Status::ErrorDataTooSmall(); |
| (...skipping 19 matching lines...) Expand all Loading... |
| 364 status = CheckAesKwInputSize(wrapped_key_data); | 335 status = CheckAesKwInputSize(wrapped_key_data); |
| 365 if (status.IsError()) | 336 if (status.IsError()) |
| 366 return status; | 337 return status; |
| 367 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 338 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
| 368 platform_wrapping_key, | 339 platform_wrapping_key, |
| 369 algorithm, | 340 algorithm, |
| 370 extractable, | 341 extractable, |
| 371 usage_mask, | 342 usage_mask, |
| 372 key); | 343 key); |
| 373 } | 344 } |
| 374 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
| 375 platform::PrivateKey* platform_wrapping_key; | |
| 376 Status status = | |
| 377 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); | |
| 378 if (status.IsError()) | |
| 379 return status; | |
| 380 if (!wrapped_key_data.byte_length()) | |
| 381 return Status::ErrorDataTooSmall(); | |
| 382 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, | |
| 383 platform_wrapping_key, | |
| 384 algorithm, | |
| 385 extractable, | |
| 386 usage_mask, | |
| 387 key); | |
| 388 } | |
| 389 default: | 345 default: |
| 390 return Status::ErrorUnsupported(); | 346 return Status::ErrorUnsupported(); |
| 391 } | 347 } |
| 392 } | 348 } |
| 393 | 349 |
| 394 Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap, | 350 Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap, |
| 395 const blink::WebCryptoKey& wrapping_key, | 351 const blink::WebCryptoKey& wrapping_key, |
| 396 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 352 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 397 std::vector<uint8>* buffer) { | 353 std::vector<uint8>* buffer) { |
| 398 // A raw key is always a symmetric key. | 354 // A raw key is always a symmetric key. |
| 399 platform::SymKey* platform_key; | 355 platform::SymKey* platform_key; |
| 400 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); | 356 Status status = ToPlatformSymKey(key_to_wrap, &platform_key); |
| 401 if (status.IsError()) | 357 if (status.IsError()) |
| 402 return status; | 358 return status; |
| 403 | 359 |
| 404 // TODO(padolph): Handle other wrapping algorithms | 360 // TODO(padolph): Handle other wrapping algorithms |
| 405 switch (wrapping_algorithm.id()) { | 361 switch (wrapping_algorithm.id()) { |
| 406 case blink::WebCryptoAlgorithmIdAesKw: { | 362 case blink::WebCryptoAlgorithmIdAesKw: { |
| 407 platform::SymKey* platform_wrapping_key; | 363 platform::SymKey* platform_wrapping_key; |
| 408 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | 364 status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 409 if (status.IsError()) | 365 if (status.IsError()) |
| 410 return status; | 366 return status; |
| 411 return platform::WrapSymKeyAesKw( | 367 return platform::WrapSymKeyAesKw( |
| 412 platform_key, platform_wrapping_key, buffer); | 368 platform_key, platform_wrapping_key, buffer); |
| 413 } | 369 } |
| 414 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | |
| 415 platform::PublicKey* platform_wrapping_key; | |
| 416 status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key); | |
| 417 if (status.IsError()) | |
| 418 return status; | |
| 419 return platform::WrapSymKeyRsaEs( | |
| 420 platform_key, platform_wrapping_key, buffer); | |
| 421 } | |
| 422 default: | 370 default: |
| 423 return Status::ErrorUnsupported(); | 371 return Status::ErrorUnsupported(); |
| 424 } | 372 } |
| 425 } | 373 } |
| 426 | 374 |
| 427 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, | 375 Status DecryptAesKw(const blink::WebCryptoAlgorithm& algorithm, |
| 428 const blink::WebCryptoKey& key, | 376 const blink::WebCryptoKey& key, |
| 429 const CryptoData& data, | 377 const CryptoData& data, |
| 430 std::vector<uint8>* buffer) { | 378 std::vector<uint8>* buffer) { |
| 431 platform::SymKey* sym_key; | 379 platform::SymKey* sym_key; |
| (...skipping 10 matching lines...) Expand all Loading... |
| 442 const blink::WebCryptoKey& key, | 390 const blink::WebCryptoKey& key, |
| 443 const CryptoData& data, | 391 const CryptoData& data, |
| 444 std::vector<uint8>* buffer) { | 392 std::vector<uint8>* buffer) { |
| 445 if (algorithm.id() != key.algorithm().id()) | 393 if (algorithm.id() != key.algorithm().id()) |
| 446 return Status::ErrorUnexpected(); | 394 return Status::ErrorUnexpected(); |
| 447 switch (algorithm.id()) { | 395 switch (algorithm.id()) { |
| 448 case blink::WebCryptoAlgorithmIdAesCbc: | 396 case blink::WebCryptoAlgorithmIdAesCbc: |
| 449 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); | 397 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); |
| 450 case blink::WebCryptoAlgorithmIdAesGcm: | 398 case blink::WebCryptoAlgorithmIdAesGcm: |
| 451 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); | 399 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); |
| 452 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | |
| 453 return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | |
| 454 case blink::WebCryptoAlgorithmIdRsaOaep: | 400 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 455 return DecryptRsaOaep(algorithm, key, data, buffer); | 401 return DecryptRsaOaep(algorithm, key, data, buffer); |
| 456 case blink::WebCryptoAlgorithmIdAesKw: | 402 case blink::WebCryptoAlgorithmIdAesKw: |
| 457 return DecryptAesKw(algorithm, key, data, buffer); | 403 return DecryptAesKw(algorithm, key, data, buffer); |
| 458 default: | 404 default: |
| 459 return Status::ErrorUnsupported(); | 405 return Status::ErrorUnsupported(); |
| 460 } | 406 } |
| 461 } | 407 } |
| 462 | 408 |
| 463 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, | 409 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, |
| 464 const blink::WebCryptoKey& key, | 410 const blink::WebCryptoKey& key, |
| 465 const CryptoData& data, | 411 const CryptoData& data, |
| 466 std::vector<uint8>* buffer) { | 412 std::vector<uint8>* buffer) { |
| 467 if (algorithm.id() != key.algorithm().id()) | 413 if (algorithm.id() != key.algorithm().id()) |
| 468 return Status::ErrorUnexpected(); | 414 return Status::ErrorUnexpected(); |
| 469 switch (algorithm.id()) { | 415 switch (algorithm.id()) { |
| 470 case blink::WebCryptoAlgorithmIdAesCbc: | 416 case blink::WebCryptoAlgorithmIdAesCbc: |
| 471 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); | 417 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); |
| 472 case blink::WebCryptoAlgorithmIdAesGcm: | 418 case blink::WebCryptoAlgorithmIdAesGcm: |
| 473 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); | 419 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); |
| 474 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | |
| 475 return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | |
| 476 case blink::WebCryptoAlgorithmIdRsaOaep: | 420 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 477 return EncryptRsaOaep(algorithm, key, data, buffer); | 421 return EncryptRsaOaep(algorithm, key, data, buffer); |
| 478 default: | 422 default: |
| 479 return Status::ErrorUnsupported(); | 423 return Status::ErrorUnsupported(); |
| 480 } | 424 } |
| 481 } | 425 } |
| 482 | 426 |
| 483 Status UnwrapKeyDecryptAndImport( | 427 Status UnwrapKeyDecryptAndImport( |
| 484 blink::WebCryptoKeyFormat format, | 428 blink::WebCryptoKeyFormat format, |
| 485 const CryptoData& wrapped_key_data, | 429 const CryptoData& wrapped_key_data, |
| (...skipping 132 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 618 algorithm, extractable, usage_mask, keylen_bytes, key); | 562 algorithm, extractable, usage_mask, keylen_bytes, key); |
| 619 } | 563 } |
| 620 | 564 |
| 621 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 565 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
| 622 bool extractable, | 566 bool extractable, |
| 623 blink::WebCryptoKeyUsageMask usage_mask, | 567 blink::WebCryptoKeyUsageMask usage_mask, |
| 624 blink::WebCryptoKey* public_key, | 568 blink::WebCryptoKey* public_key, |
| 625 blink::WebCryptoKey* private_key) { | 569 blink::WebCryptoKey* private_key) { |
| 626 // TODO(padolph): Handle other asymmetric algorithm key generation. | 570 // TODO(padolph): Handle other asymmetric algorithm key generation. |
| 627 switch (algorithm.paramsType()) { | 571 switch (algorithm.paramsType()) { |
| 628 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: | 572 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: { |
| 629 case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: { | 573 const blink::WebCryptoRsaHashedKeyGenParams* params = |
| 630 const blink::WebCryptoRsaKeyGenParams* params = NULL; | 574 algorithm.rsaHashedKeyGenParams(); |
| 631 blink::WebCryptoAlgorithm hash_or_null = | |
| 632 blink::WebCryptoAlgorithm::createNull(); | |
| 633 if (algorithm.rsaHashedKeyGenParams()) { | |
| 634 params = algorithm.rsaHashedKeyGenParams(); | |
| 635 hash_or_null = algorithm.rsaHashedKeyGenParams()->hash(); | |
| 636 } else { | |
| 637 params = algorithm.rsaKeyGenParams(); | |
| 638 } | |
| 639 | 575 |
| 640 if (!params->modulusLengthBits()) | 576 if (!params->modulusLengthBits()) |
| 641 return Status::ErrorGenerateRsaZeroModulus(); | 577 return Status::ErrorGenerateRsaZeroModulus(); |
| 642 | 578 |
| 643 CryptoData publicExponent(params->publicExponent()); | 579 CryptoData publicExponent(params->publicExponent()); |
| 644 if (!publicExponent.byte_length()) | 580 if (!publicExponent.byte_length()) |
| 645 return Status::ErrorGenerateKeyPublicExponent(); | 581 return Status::ErrorGenerateKeyPublicExponent(); |
| 646 | 582 |
| 647 return platform::GenerateRsaKeyPair(algorithm, | 583 return platform::GenerateRsaKeyPair(algorithm, |
| 648 extractable, | 584 extractable, |
| 649 usage_mask, | 585 usage_mask, |
| 650 params->modulusLengthBits(), | 586 params->modulusLengthBits(), |
| 651 publicExponent, | 587 publicExponent, |
| 652 hash_or_null, | |
| 653 public_key, | 588 public_key, |
| 654 private_key); | 589 private_key); |
| 655 } | 590 } |
| 656 default: | 591 default: |
| 657 return Status::ErrorUnsupported(); | 592 return Status::ErrorUnsupported(); |
| 658 } | 593 } |
| 659 } | 594 } |
| 660 | 595 |
| 661 // Note that this function may be called from the target Blink thread. | 596 // Note that this function may be called from the target Blink thread. |
| 662 Status ImportKey(blink::WebCryptoKeyFormat format, | 597 Status ImportKey(blink::WebCryptoKeyFormat format, |
| (...skipping 112 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 775 const blink::WebCryptoKey& wrapping_key, | 710 const blink::WebCryptoKey& wrapping_key, |
| 776 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 711 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 777 std::vector<uint8>* buffer) { | 712 std::vector<uint8>* buffer) { |
| 778 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 713 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
| 779 return Status::ErrorUnexpected(); | 714 return Status::ErrorUnexpected(); |
| 780 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 715 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 781 return Status::ErrorUnexpected(); | 716 return Status::ErrorUnexpected(); |
| 782 | 717 |
| 783 switch (format) { | 718 switch (format) { |
| 784 case blink::WebCryptoKeyFormatRaw: | 719 case blink::WebCryptoKeyFormatRaw: |
| 785 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || | 720 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
| 786 wrapping_algorithm.id() == | |
| 787 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { | |
| 788 // AES-KW is a special case, due to NSS's implementation only | 721 // AES-KW is a special case, due to NSS's implementation only |
| 789 // supporting C_Wrap/C_Unwrap with AES-KW | 722 // supporting C_Wrap/C_Unwrap with AES-KW |
| 790 return WrapKeyRaw( | 723 return WrapKeyRaw( |
| 791 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 724 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 792 } | 725 } |
| 793 return WrapKeyExportAndEncrypt( | 726 return WrapKeyExportAndEncrypt( |
| 794 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 727 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 795 case blink::WebCryptoKeyFormatJwk: | 728 case blink::WebCryptoKeyFormatJwk: |
| 796 return WrapKeyExportAndEncrypt( | 729 return WrapKeyExportAndEncrypt( |
| 797 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 730 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| (...skipping 14 matching lines...) Expand all Loading... |
| 812 bool extractable, | 745 bool extractable, |
| 813 blink::WebCryptoKeyUsageMask usage_mask, | 746 blink::WebCryptoKeyUsageMask usage_mask, |
| 814 blink::WebCryptoKey* key) { | 747 blink::WebCryptoKey* key) { |
| 815 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 748 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 816 return Status::ErrorUnexpected(); | 749 return Status::ErrorUnexpected(); |
| 817 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 750 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 818 return Status::ErrorUnexpected(); | 751 return Status::ErrorUnexpected(); |
| 819 | 752 |
| 820 switch (format) { | 753 switch (format) { |
| 821 case blink::WebCryptoKeyFormatRaw: | 754 case blink::WebCryptoKeyFormatRaw: |
| 822 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || | 755 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
| 823 wrapping_algorithm.id() == | |
| 824 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { | |
| 825 // AES-KW is a special case, due to NSS's implementation only | 756 // AES-KW is a special case, due to NSS's implementation only |
| 826 // supporting C_Wrap/C_Unwrap with AES-KW | 757 // supporting C_Wrap/C_Unwrap with AES-KW |
| 827 return UnwrapKeyRaw(wrapped_key_data, | 758 return UnwrapKeyRaw(wrapped_key_data, |
| 828 wrapping_key, | 759 wrapping_key, |
| 829 wrapping_algorithm, | 760 wrapping_algorithm, |
| 830 algorithm, | 761 algorithm, |
| 831 extractable, | 762 extractable, |
| 832 usage_mask, | 763 usage_mask, |
| 833 key); | 764 key); |
| 834 } | 765 } |
| (...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 911 platform::PrivateKey** out) { | 842 platform::PrivateKey** out) { |
| 912 *out = static_cast<platform::Key*>(key.handle())->AsPrivateKey(); | 843 *out = static_cast<platform::Key*>(key.handle())->AsPrivateKey(); |
| 913 if (!*out) | 844 if (!*out) |
| 914 return Status::ErrorUnexpectedKeyType(); | 845 return Status::ErrorUnexpectedKeyType(); |
| 915 return Status::Success(); | 846 return Status::Success(); |
| 916 } | 847 } |
| 917 | 848 |
| 918 } // namespace webcrypto | 849 } // namespace webcrypto |
| 919 | 850 |
| 920 } // namespace content | 851 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 282903002:
[webcrypto] Remove RSA-ES support (2 of 3) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src