[webcrypto] Remove RSA-ES support (3 of 3)

Source/bindings/v8/SerializedScriptValue.cpp

 /*
  * Copyright (C) 2010 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 203 matching lines @@
                          //                                            fills it with the last length elements and numProperties name,value pairs pushed onto deserialization stack
     RegExpTag = 'R', // pattern:RawString, flags:uint32_t -> RegExp (ref)
     ArrayBufferTag = 'B', // byteLength:uint32_t, data:byte[byteLength] -> ArrayBuffer (ref)
     ArrayBufferTransferTag = 't', // index:uint32_t -> ArrayBuffer. For ArrayBuffer transfer
     ArrayBufferViewTag = 'V', // subtag:byte, byteOffset:uint32_t, byteLength:uint32_t -> ArrayBufferView (ref). Consumes an ArrayBuffer from the top of the deserialization stack.
     CryptoKeyTag = 'K', // subtag:byte, props, usages:uint32_t, keyDataLength:uint32_t, keyData:byte[keyDataLength]
                         //   If subtag=AesKeyTag:
                         //       props = keyLengthBytes:uint32_t, algorithmId:uint32_t
                         //   If subtag=HmacKeyTag:
                         //       props = keyLengthBytes:uint32_t, hashId:uint32_t
-                        //   If subtag=RsaKeyTag:
-                        //       props = algorithmId:uint32_t, type:uint32_t, modulusLengthBits:uint32_t, publicExponentLength:uint32_t, publicExponent:byte[publicExponentLength]
                         //   If subtag=RsaHashedKeyTag:
-                        //       props = <same as for RsaKeyTag>, hashId:uint32_t
+                        //       props = algorithmId:uint32_t, type:uint32_t, modulusLengthBits:uint32_t, publicExponentLength:uint32_t, publicExponent:byte[publicExponentLength], hashId:uint32_t
     ObjectReferenceTag = '^', // ref:uint32_t -> reference table[ref]
     GenerateFreshObjectTag = 'o', // -> empty object allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshSparseArrayTag = 'a', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     GenerateFreshDenseArrayTag = 'A', // length:uint32_t -> empty array[length] allocated an object ID and pushed onto the open stack (ref)
     ReferenceCountTag = '?', // refTableSize:uint32_t -> If the reference table is not refTableSize big, fails.
     StringObjectTag = 's', //  string:RawString -> new String(string) (ref)
     NumberObjectTag = 'n', // value:double -> new Number(value) (ref)
     TrueObjectTag = 'y', // new Boolean(true) (ref)
     FalseObjectTag = 'x', // new Boolean(false) (ref)
     VersionTag = 0xFF // version:uint32_t -> Uses this as the file version.
 };
 
 enum ArrayBufferViewSubTag {
     ByteArrayTag = 'b',
     UnsignedByteArrayTag = 'B',
     UnsignedByteClampedArrayTag = 'C',
     ShortArrayTag = 'w',
     UnsignedShortArrayTag = 'W',
     IntArrayTag = 'd',
     UnsignedIntArrayTag = 'D',
     FloatArrayTag = 'f',
     DoubleArrayTag = 'F',
     DataViewTag = '?'
 };
 
 enum CryptoKeySubTag {
     AesKeyTag = 1,
     HmacKeyTag = 2,
-    RsaKeyTag = 3,
+    Deprecated_RsaKeyTag = 3,

[jww, 2014/05/21 17:19:23]

I'm unclear as to why you leave this (and RsaEsPkcs1v1_5Tag) in the enum as
deprecated. It seems like they're used in a very limited number of places, and,
as far as I can tell, aren't persisted anywhere.

And even if it does break something, aren't we not too sad since WebCrypto is
behind an experimental flag?

[eroman, 2014/05/21 18:17:24]

Done, I removed those.

I thought it would be confusing why a number was missing, I have added a comment
instead. And agree it should be safe to re-use it in the future.

     RsaHashedKeyTag = 4,
     // Maximum allowed value is 255
 };
 
 enum AssymetricCryptoKeyType {
     PublicKeyType = 1,
     PrivateKeyType = 2,
     // Maximum allowed value is 2^32-1
 };
 
 enum CryptoKeyAlgorithmTag {
     AesCbcTag = 1,
     HmacTag = 2,
     RsaSsaPkcs1v1_5Tag = 3,
-    RsaEsPkcs1v1_5Tag = 4,
+    Deprecated_RsaEsPkcs1v1_5Tag = 4,
     Sha1Tag = 5,
     Sha256Tag = 6,
     Sha384Tag = 7,
     Sha512Tag = 8,
     AesGcmTag = 9,
     RsaOaepTag = 10,
     AesCtrTag = 11,
     AesKwTag = 12,
     // Maximum allowed value is 2^32-1
 };
@@ skipping 228 matching lines @@
     {
         append(static_cast<uint8_t>(CryptoKeyTag));
 
         switch (key.algorithm().paramsType()) {
         case blink::WebCryptoKeyAlgorithmParamsTypeAes:
             doWriteAesKey(key);
             break;
         case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
             doWriteHmacKey(key);
             break;
-        case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
         case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
-            doWriteRsaKey(key);
+            doWriteRsaHashedKey(key);
             break;
         case blink::WebCryptoKeyAlgorithmParamsTypeNone:
             ASSERT_NOT_REACHED();
             return false;
         }
 
         doWriteKeyUsages(key.usages(), key.extractable());
 
         blink::WebVector<uint8_t> keyData;
         if (!blink::Platform::current()->crypto()->serializeKeyForClone(key, keyData))
@@ skipping 190 matching lines @@
         ASSERT(key.algorithm().paramsType() == blink::WebCryptoKeyAlgorithmParamsTypeAes);
 
         append(static_cast<uint8_t>(AesKeyTag));
         doWriteAlgorithmId(key.algorithm().id());
         // Converting the key length from bits to bytes is lossless and makes
         // it fit in 1 byte.
         ASSERT(!(key.algorithm().aesParams()->lengthBits() % 8));
         doWriteUint32(key.algorithm().aesParams()->lengthBits() / 8);
     }
 
-    void doWriteRsaKey(const blink::WebCryptoKey& key)
+    void doWriteRsaHashedKey(const blink::WebCryptoKey& key)
     {
-        if (key.algorithm().rsaHashedParams())
-            append(static_cast<uint8_t>(RsaHashedKeyTag));
-        else
-            append(static_cast<uint8_t>(RsaKeyTag));
+        ASSERT(key.algorithm().rsaHashedParams());
+        append(static_cast<uint8_t>(RsaHashedKeyTag));
 
         doWriteAlgorithmId(key.algorithm().id());
 
         switch (key.type()) {
         case blink::WebCryptoKeyTypePublic:
             doWriteUint32(PublicKeyType);
             break;
         case blink::WebCryptoKeyTypePrivate:
             doWriteUint32(PrivateKeyType);
             break;
         case blink::WebCryptoKeyTypeSecret:
             ASSERT_NOT_REACHED();
         }
 
-        const blink::WebCryptoRsaKeyAlgorithmParams* params = key.algorithm().rsaParams();
+        const blink::WebCryptoRsaHashedKeyAlgorithmParams* params = key.algorithm().rsaHashedParams();
         doWriteUint32(params->modulusLengthBits());
         doWriteUint32(params->publicExponent().size());
         append(params->publicExponent().data(), params->publicExponent().size());
-
-        if (key.algorithm().rsaHashedParams())
-            doWriteAlgorithmId(key.algorithm().rsaHashedParams()->hash().id());
+        doWriteAlgorithmId(key.algorithm().rsaHashedParams()->hash().id());
     }
 
     void doWriteAlgorithmId(blink::WebCryptoAlgorithmId id)
     {
         switch (id) {
         case blink::WebCryptoAlgorithmIdAesCbc:
             return doWriteUint32(AesCbcTag);
         case blink::WebCryptoAlgorithmIdHmac:
             return doWriteUint32(HmacTag);
         case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
             return doWriteUint32(RsaSsaPkcs1v1_5Tag);
-        case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
-            return doWriteUint32(RsaEsPkcs1v1_5Tag);
         case blink::WebCryptoAlgorithmIdSha1:
             return doWriteUint32(Sha1Tag);
         case blink::WebCryptoAlgorithmIdSha256:
             return doWriteUint32(Sha256Tag);
         case blink::WebCryptoAlgorithmIdSha384:
             return doWriteUint32(Sha384Tag);
         case blink::WebCryptoAlgorithmIdSha512:
             return doWriteUint32(Sha512Tag);
         case blink::WebCryptoAlgorithmIdAesGcm:
             return doWriteUint32(AesGcmTag);
@@ skipping 1457 matching lines @@
 
         switch (static_cast<CryptoKeySubTag>(rawKeyType)) {
         case AesKeyTag:
             if (!doReadAesKey(algorithm, type))
                 return false;
             break;
         case HmacKeyTag:
             if (!doReadHmacKey(algorithm, type))
                 return false;
             break;
-        case RsaKeyTag:
-            if (!doReadRsaKey(false, algorithm, type))
-                return false;
-            break;
+        case Deprecated_RsaKeyTag:
+            return false;

[jww, 2014/05/21 17:19:23]

If you do leave in Deprecated_RsaKeyTag, shouldn't this be an
ASSERT_NOT_REACHED?

[eroman, 2014/05/21 18:17:24]

No longer applicable.

         case RsaHashedKeyTag:
-            if (!doReadRsaKey(true, algorithm, type))
+            if (!doReadRsaHashedKey(algorithm, type))
                 return false;
             break;
         default:
             return false;
         }
 
         blink::WebCryptoKeyUsageMask usages;
         bool extractable;
         if (!doReadKeyUsages(usages, extractable))
             return false;
@@ skipping 139 matching lines @@
         if (!doReadAlgorithmId(id))
             return false;
         uint32_t lengthBytes;
         if (!doReadUint32(&lengthBytes))
             return false;
         algorithm = blink::WebCryptoKeyAlgorithm::createAes(id, lengthBytes * 8);
         type = blink::WebCryptoKeyTypeSecret;
         return !algorithm.isNull();
     }
 
-    bool doReadRsaKey(bool hasHash, blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType& type)
+    bool doReadRsaHashedKey(blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType& type)
     {
         blink::WebCryptoAlgorithmId id;
         if (!doReadAlgorithmId(id))
             return false;
 
         uint32_t rawType;
         if (!doReadUint32(&rawType))
             return false;
 
         switch (static_cast<AssymetricCryptoKeyType>(rawType)) {
@@ skipping 14 matching lines @@
         uint32_t publicExponentSize;
         if (!doReadUint32(&publicExponentSize))
             return false;
 
         if (m_position + publicExponentSize > m_length)
             return false;
 
         const uint8_t* publicExponent = m_buffer + m_position;
         m_position += publicExponentSize;
 
-        if (hasHash) {
-            blink::WebCryptoAlgorithmId hash;
-            if (!doReadAlgorithmId(hash))
-                return false;
-            algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed(id, modulusLengthBits, publicExponent, publicExponentSize, hash);
-        } else {
-            algorithm = blink::WebCryptoKeyAlgorithm::createRsa(id, modulusLengthBits, publicExponent, publicExponentSize);
-        }
+        blink::WebCryptoAlgorithmId hash;
+        if (!doReadAlgorithmId(hash))
+            return false;
+        algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed(id, modulusLengthBits, publicExponent, publicExponentSize, hash);
 
         return !algorithm.isNull();
     }
 
     bool doReadAlgorithmId(blink::WebCryptoAlgorithmId& id)
     {
         uint32_t rawId;
         if (!doReadUint32(&rawId))
             return false;
 
         switch (static_cast<CryptoKeyAlgorithmTag>(rawId)) {
         case AesCbcTag:
             id = blink::WebCryptoAlgorithmIdAesCbc;
             return true;
         case HmacTag:
             id = blink::WebCryptoAlgorithmIdHmac;
             return true;
         case RsaSsaPkcs1v1_5Tag:
             id = blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
             return true;
-        case RsaEsPkcs1v1_5Tag:
-            id = blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5;
-            return true;
+        case Deprecated_RsaEsPkcs1v1_5Tag:
+            return false;

[jww, 2014/05/21 17:19:23]

Same question about ASSERT_NOT_REACHED as above.

[eroman, 2014/05/21 18:17:24]

No longer applicable.

         case Sha1Tag:
             id = blink::WebCryptoAlgorithmIdSha1;
             return true;
         case Sha256Tag:
             id = blink::WebCryptoAlgorithmIdSha256;
             return true;
         case Sha384Tag:
             id = blink::WebCryptoAlgorithmIdSha384;
             return true;
         case Sha512Tag:
@@ skipping 567 matching lines @@
     // If the allocated memory was not registered before, then this class is likely
     // used in a context other then Worker's onmessage environment and the presence of
     // current v8 context is not guaranteed. Avoid calling v8 then.
     if (m_externallyAllocatedMemory) {
         ASSERT(v8::Isolate::GetCurrent());
         v8::Isolate::GetCurrent()->AdjustAmountOfExternalAllocatedMemory(-m_externallyAllocatedMemory);
     }
 }
 
 } // namespace WebCore