| Index: content/child/webcrypto/platform_crypto_nss.cc
|
| diff --git a/content/child/webcrypto/platform_crypto_nss.cc b/content/child/webcrypto/platform_crypto_nss.cc
|
| index ea48b4e73a7c8ae6bdf2f573a3ebe96953918665..91a066f0e46a2fb93288d5473be01224a1558d71 100644
|
| --- a/content/child/webcrypto/platform_crypto_nss.cc
|
| +++ b/content/child/webcrypto/platform_crypto_nss.cc
|
| @@ -553,12 +553,6 @@ bool BigIntegerToLong(const uint8* data,
|
| return true;
|
| }
|
|
|
| -bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) {
|
| - return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
|
| - algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep ||
|
| - algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
|
| -}
|
| -
|
| bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
|
| SECKEYPublicKey* key,
|
| blink::WebCryptoKeyAlgorithm* key_algorithm) {
|
| @@ -580,14 +574,6 @@ bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
|
| public_exponent.byte_length(),
|
| GetInnerHashAlgorithm(algorithm).id());
|
| return true;
|
| - case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams:
|
| - case blink::WebCryptoAlgorithmParamsTypeNone:
|
| - *key_algorithm = blink::WebCryptoKeyAlgorithm::createRsa(
|
| - algorithm.id(),
|
| - modulus_length_bits,
|
| - public_exponent.bytes(),
|
| - public_exponent.byte_length());
|
| - return true;
|
| default:
|
| return false;
|
| }
|
| @@ -987,7 +973,7 @@ bool ValidateNssKeyTypeAgainstInputAlgorithm(
|
| const blink::WebCryptoAlgorithm& algorithm) {
|
| switch (key_type) {
|
| case rsaKey:
|
| - return IsAlgorithmRsa(algorithm);
|
| + return IsAlgorithmRsa(algorithm.id());
|
| case dsaKey:
|
| case ecKey:
|
| case rsaPssKey:
|
| @@ -1114,8 +1100,7 @@ Status ExportKeyPkcs8(PrivateKey* key,
|
| const blink::WebCryptoKeyAlgorithm& key_algorithm,
|
| std::vector<uint8>* buffer) {
|
| // TODO(eroman): Support other RSA key types as they are added to Blink.
|
| - if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 &&
|
| - key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 &&
|
| + if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 &&
|
| key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaOaep)
|
| return Status::ErrorUnsupported();
|
|
|
| @@ -1267,60 +1252,6 @@ Status SignHmac(SymKey* key,
|
| }
|
|
|
| // -----------------------------------
|
| -// RsaEsPkcs1v1_5
|
| -// -----------------------------------
|
| -
|
| -Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
|
| - const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| - const unsigned int encrypted_length_bytes =
|
| - SECKEY_PublicKeyStrength(key->key());
|
| -
|
| - // RSAES can operate on messages up to a length of k - 11, where k is the
|
| - // octet length of the RSA modulus.
|
| - if (encrypted_length_bytes < 11 ||
|
| - encrypted_length_bytes - 11 < data.byte_length())
|
| - return Status::ErrorDataTooLarge();
|
| -
|
| - buffer->resize(encrypted_length_bytes);
|
| - unsigned char* const buffer_data = Uint8VectorStart(buffer);
|
| -
|
| - if (PK11_PubEncryptPKCS1(key->key(),
|
| - buffer_data,
|
| - const_cast<unsigned char*>(data.bytes()),
|
| - data.byte_length(),
|
| - NULL) != SECSuccess) {
|
| - return Status::OperationError();
|
| - }
|
| - return Status::Success();
|
| -}
|
| -
|
| -Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
|
| - const CryptoData& data,
|
| - std::vector<uint8>* buffer) {
|
| - const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key());
|
| - if (modulus_length_bytes <= 0)
|
| - return Status::ErrorUnexpected();
|
| - const unsigned int max_output_length_bytes = modulus_length_bytes;
|
| -
|
| - buffer->resize(max_output_length_bytes);
|
| - unsigned char* const buffer_data = Uint8VectorStart(buffer);
|
| -
|
| - unsigned int output_length_bytes = 0;
|
| - if (PK11_PrivDecryptPKCS1(key->key(),
|
| - buffer_data,
|
| - &output_length_bytes,
|
| - max_output_length_bytes,
|
| - const_cast<unsigned char*>(data.bytes()),
|
| - data.byte_length()) != SECSuccess) {
|
| - return Status::OperationError();
|
| - }
|
| - DCHECK_LE(output_length_bytes, max_output_length_bytes);
|
| - buffer->resize(output_length_bytes);
|
| - return Status::Success();
|
| -}
|
| -
|
| -// -----------------------------------
|
| // RsaOaep
|
| // -----------------------------------
|
|
|
| @@ -1512,7 +1443,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
|
| blink::WebCryptoKeyUsageMask usage_mask,
|
| unsigned int modulus_length_bits,
|
| const CryptoData& public_exponent,
|
| - const blink::WebCryptoAlgorithm& hash_or_null,
|
| blink::WebCryptoKey* public_key,
|
| blink::WebCryptoKey* private_key) {
|
| if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&
|
| @@ -1540,7 +1470,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
|
| // possible operations for the given key type.
|
| CK_FLAGS operation_flags;
|
| switch (algorithm.id()) {
|
| - case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
|
| case blink::WebCryptoAlgorithmIdRsaOaep:
|
| operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
|
| break;
|
| @@ -1935,89 +1864,6 @@ Status DecryptAesKw(SymKey* wrapping_key,
|
| return Status::Success();
|
| }
|
|
|
| -Status WrapSymKeyRsaEs(SymKey* key,
|
| - PublicKey* wrapping_key,
|
| - std::vector<uint8>* buffer) {
|
| - // Check the raw length of the key to be wrapped against the max size allowed
|
| - // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function,
|
| - // the maximum data length that can be encrypted is the wrapping_key's modulus
|
| - // byte length minus eleven bytes.
|
| - const unsigned int input_length_bytes = PK11_GetKeyLength(key->key());
|
| - const unsigned int modulus_length_bytes =
|
| - SECKEY_PublicKeyStrength(wrapping_key->key());
|
| - if (modulus_length_bytes < 11 ||
|
| - modulus_length_bytes - 11 < input_length_bytes)
|
| - return Status::ErrorDataTooLarge();
|
| -
|
| - buffer->resize(modulus_length_bytes);
|
| - SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
|
| -
|
| - if (SECSuccess !=
|
| - PK11_PubWrapSymKey(
|
| - CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) {
|
| - return Status::OperationError();
|
| - }
|
| - if (wrapped_key_item.len != modulus_length_bytes)
|
| - return Status::ErrorUnexpected();
|
| -
|
| - return Status::Success();
|
| -}
|
| -
|
| -Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
|
| - PrivateKey* wrapping_key,
|
| - const blink::WebCryptoAlgorithm& algorithm,
|
| - bool extractable,
|
| - blink::WebCryptoKeyUsageMask usage_mask,
|
| - blink::WebCryptoKey* key) {
|
| - // Verify wrapped_key_data size does not exceed the modulus of the RSA key.
|
| - const int modulus_length_bytes =
|
| - PK11_GetPrivateModulusLen(wrapping_key->key());
|
| - if (modulus_length_bytes <= 0)
|
| - return Status::ErrorUnexpected();
|
| - if (wrapped_key_data.byte_length() >
|
| - static_cast<unsigned int>(modulus_length_bytes))
|
| - return Status::ErrorDataTooLarge();
|
| -
|
| - // Determine the proper NSS key properties from the input algorithm.
|
| - CK_MECHANISM_TYPE mechanism;
|
| - CK_FLAGS flags;
|
| - Status status =
|
| - WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags);
|
| - if (status.IsError())
|
| - return status;
|
| -
|
| - SECItem wrapped_key_item = MakeSECItemForBuffer(wrapped_key_data);
|
| -
|
| - crypto::ScopedPK11SymKey unwrapped_key(
|
| - PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(),
|
| - &wrapped_key_item,
|
| - mechanism,
|
| - CKA_DECRYPT,
|
| - 0,
|
| - flags,
|
| - false));
|
| - if (!unwrapped_key)
|
| - return Status::OperationError();
|
| -
|
| - const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get());
|
| -
|
| - blink::WebCryptoKeyAlgorithm key_algorithm;
|
| - if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm))
|
| - return Status::ErrorUnexpected();
|
| -
|
| - scoped_ptr<SymKey> key_handle;
|
| - status = SymKey::Create(unwrapped_key.Pass(), &key_handle);
|
| - if (status.IsError())
|
| - return status;
|
| -
|
| - *key = blink::WebCryptoKey::create(key_handle.release(),
|
| - blink::WebCryptoKeyTypeSecret,
|
| - extractable,
|
| - key_algorithm,
|
| - usage_mask);
|
| - return Status::Success();
|
| -}
|
| -
|
| } // namespace platform
|
|
|
| } // namespace webcrypto
|
|
|
Chromium Code Reviews
Issue 282903002:
[webcrypto] Remove RSA-ES support (2 of 3) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src