Index: content/child/webcrypto/platform_crypto_nss.cc |
diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc |
index ea48b4e73a7c8ae6bdf2f573a3ebe96953918665..91a066f0e46a2fb93288d5473be01224a1558d71 100644 |
--- a/content/child/webcrypto/platform_crypto_nss.cc |
+++ b/content/child/webcrypto/platform_crypto_nss.cc |
@@ -553,12 +553,6 @@ bool BigIntegerToLong(const uint8* data, |
return true; |
} |
-bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) { |
- return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
- algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep || |
- algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
-} |
- |
bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
SECKEYPublicKey* key, |
blink::WebCryptoKeyAlgorithm* key_algorithm) { |
@@ -580,14 +574,6 @@ bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
public_exponent.byte_length(), |
GetInnerHashAlgorithm(algorithm).id()); |
return true; |
- case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: |
- case blink::WebCryptoAlgorithmParamsTypeNone: |
- *key_algorithm = blink::WebCryptoKeyAlgorithm::createRsa( |
- algorithm.id(), |
- modulus_length_bits, |
- public_exponent.bytes(), |
- public_exponent.byte_length()); |
- return true; |
default: |
return false; |
} |
@@ -987,7 +973,7 @@ bool ValidateNssKeyTypeAgainstInputAlgorithm( |
const blink::WebCryptoAlgorithm& algorithm) { |
switch (key_type) { |
case rsaKey: |
- return IsAlgorithmRsa(algorithm); |
+ return IsAlgorithmRsa(algorithm.id()); |
case dsaKey: |
case ecKey: |
case rsaPssKey: |
@@ -1114,8 +1100,7 @@ Status ExportKeyPkcs8(PrivateKey* key, |
const blink::WebCryptoKeyAlgorithm& key_algorithm, |
std::vector<uint8>* buffer) { |
// TODO(eroman): Support other RSA key types as they are added to Blink. |
- if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 && |
- key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 && |
+ if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 && |
key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaOaep) |
return Status::ErrorUnsupported(); |
@@ -1267,60 +1252,6 @@ Status SignHmac(SymKey* key, |
} |
// ----------------------------------- |
-// RsaEsPkcs1v1_5 |
-// ----------------------------------- |
- |
-Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
- const CryptoData& data, |
- std::vector<uint8>* buffer) { |
- const unsigned int encrypted_length_bytes = |
- SECKEY_PublicKeyStrength(key->key()); |
- |
- // RSAES can operate on messages up to a length of k - 11, where k is the |
- // octet length of the RSA modulus. |
- if (encrypted_length_bytes < 11 || |
- encrypted_length_bytes - 11 < data.byte_length()) |
- return Status::ErrorDataTooLarge(); |
- |
- buffer->resize(encrypted_length_bytes); |
- unsigned char* const buffer_data = Uint8VectorStart(buffer); |
- |
- if (PK11_PubEncryptPKCS1(key->key(), |
- buffer_data, |
- const_cast<unsigned char*>(data.bytes()), |
- data.byte_length(), |
- NULL) != SECSuccess) { |
- return Status::OperationError(); |
- } |
- return Status::Success(); |
-} |
- |
-Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
- const CryptoData& data, |
- std::vector<uint8>* buffer) { |
- const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key()); |
- if (modulus_length_bytes <= 0) |
- return Status::ErrorUnexpected(); |
- const unsigned int max_output_length_bytes = modulus_length_bytes; |
- |
- buffer->resize(max_output_length_bytes); |
- unsigned char* const buffer_data = Uint8VectorStart(buffer); |
- |
- unsigned int output_length_bytes = 0; |
- if (PK11_PrivDecryptPKCS1(key->key(), |
- buffer_data, |
- &output_length_bytes, |
- max_output_length_bytes, |
- const_cast<unsigned char*>(data.bytes()), |
- data.byte_length()) != SECSuccess) { |
- return Status::OperationError(); |
- } |
- DCHECK_LE(output_length_bytes, max_output_length_bytes); |
- buffer->resize(output_length_bytes); |
- return Status::Success(); |
-} |
- |
-// ----------------------------------- |
// RsaOaep |
// ----------------------------------- |
@@ -1512,7 +1443,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
blink::WebCryptoKeyUsageMask usage_mask, |
unsigned int modulus_length_bits, |
const CryptoData& public_exponent, |
- const blink::WebCryptoAlgorithm& hash_or_null, |
blink::WebCryptoKey* public_key, |
blink::WebCryptoKey* private_key) { |
if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep && |
@@ -1540,7 +1470,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
// possible operations for the given key type. |
CK_FLAGS operation_flags; |
switch (algorithm.id()) { |
- case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
case blink::WebCryptoAlgorithmIdRsaOaep: |
operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; |
break; |
@@ -1935,89 +1864,6 @@ Status DecryptAesKw(SymKey* wrapping_key, |
return Status::Success(); |
} |
-Status WrapSymKeyRsaEs(SymKey* key, |
- PublicKey* wrapping_key, |
- std::vector<uint8>* buffer) { |
- // Check the raw length of the key to be wrapped against the max size allowed |
- // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
- // the maximum data length that can be encrypted is the wrapping_key's modulus |
- // byte length minus eleven bytes. |
- const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); |
- const unsigned int modulus_length_bytes = |
- SECKEY_PublicKeyStrength(wrapping_key->key()); |
- if (modulus_length_bytes < 11 || |
- modulus_length_bytes - 11 < input_length_bytes) |
- return Status::ErrorDataTooLarge(); |
- |
- buffer->resize(modulus_length_bytes); |
- SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
- |
- if (SECSuccess != |
- PK11_PubWrapSymKey( |
- CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) { |
- return Status::OperationError(); |
- } |
- if (wrapped_key_item.len != modulus_length_bytes) |
- return Status::ErrorUnexpected(); |
- |
- return Status::Success(); |
-} |
- |
-Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
- PrivateKey* wrapping_key, |
- const blink::WebCryptoAlgorithm& algorithm, |
- bool extractable, |
- blink::WebCryptoKeyUsageMask usage_mask, |
- blink::WebCryptoKey* key) { |
- // Verify wrapped_key_data size does not exceed the modulus of the RSA key. |
- const int modulus_length_bytes = |
- PK11_GetPrivateModulusLen(wrapping_key->key()); |
- if (modulus_length_bytes <= 0) |
- return Status::ErrorUnexpected(); |
- if (wrapped_key_data.byte_length() > |
- static_cast<unsigned int>(modulus_length_bytes)) |
- return Status::ErrorDataTooLarge(); |
- |
- // Determine the proper NSS key properties from the input algorithm. |
- CK_MECHANISM_TYPE mechanism; |
- CK_FLAGS flags; |
- Status status = |
- WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
- if (status.IsError()) |
- return status; |
- |
- SECItem wrapped_key_item = MakeSECItemForBuffer(wrapped_key_data); |
- |
- crypto::ScopedPK11SymKey unwrapped_key( |
- PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(), |
- &wrapped_key_item, |
- mechanism, |
- CKA_DECRYPT, |
- 0, |
- flags, |
- false)); |
- if (!unwrapped_key) |
- return Status::OperationError(); |
- |
- const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get()); |
- |
- blink::WebCryptoKeyAlgorithm key_algorithm; |
- if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm)) |
- return Status::ErrorUnexpected(); |
- |
- scoped_ptr<SymKey> key_handle; |
- status = SymKey::Create(unwrapped_key.Pass(), &key_handle); |
- if (status.IsError()) |
- return status; |
- |
- *key = blink::WebCryptoKey::create(key_handle.release(), |
- blink::WebCryptoKeyTypeSecret, |
- extractable, |
- key_algorithm, |
- usage_mask); |
- return Status::Success(); |
-} |
- |
} // namespace platform |
} // namespace webcrypto |