| OLD | NEW |
|---|
| 1 /* | 1 /* |
| 2 * Copyright (C) 2013 Google Inc. All rights reserved. | 2 * Copyright (C) 2013 Google Inc. All rights reserved. |
| 3 * | 3 * |
| 4 * Redistribution and use in source and binary forms, with or without | 4 * Redistribution and use in source and binary forms, with or without |
| 5 * modification, are permitted provided that the following conditions are | 5 * modification, are permitted provided that the following conditions are |
| 6 * met: | 6 * met: |
| 7 * | 7 * |
| 8 * * Redistributions of source code must retain the above copyright | 8 * * Redistributions of source code must retain the above copyright |
| 9 * notice, this list of conditions and the following disclaimer. | 9 * notice, this list of conditions and the following disclaimer. |
| 10 * * Redistributions in binary form must reproduce the above | 10 * * Redistributions in binary form must reproduce the above |
| (...skipping 14 matching lines...) Expand all Loading... |
| 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY | 25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
| 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT | 26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
| 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE | 27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
| 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. | 28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| 29 */ | 29 */ |
| 30 | 30 |
| 31 #include "config.h" | 31 #include "config.h" |
| 32 #include "modules/crypto/SubtleCrypto.h" | 32 #include "modules/crypto/SubtleCrypto.h" |
| 33 | 33 |
| 34 #include "bindings/v8/Dictionary.h" | 34 #include "bindings/v8/Dictionary.h" |
| 35 #include "core/dom/ExecutionContext.h" |
| 35 #include "modules/crypto/CryptoResultImpl.h" | 36 #include "modules/crypto/CryptoResultImpl.h" |
| 36 #include "modules/crypto/Key.h" | 37 #include "modules/crypto/Key.h" |
| 37 #include "modules/crypto/NormalizeAlgorithm.h" | 38 #include "modules/crypto/NormalizeAlgorithm.h" |
| 38 #include "public/platform/Platform.h" | 39 #include "public/platform/Platform.h" |
| 39 #include "public/platform/WebCrypto.h" | 40 #include "public/platform/WebCrypto.h" |
| 40 #include "public/platform/WebCryptoAlgorithm.h" | 41 #include "public/platform/WebCryptoAlgorithm.h" |
| 41 #include "wtf/ArrayBufferView.h" | 42 #include "wtf/ArrayBufferView.h" |
| 42 | 43 |
| 43 namespace WebCore { | 44 namespace WebCore { |
| 44 | 45 |
| (...skipping 21 matching lines...) Expand all Loading... |
| 66 | 67 |
| 67 bool parseAlgorithm(const Dictionary& raw, blink::WebCryptoOperation op, blink::
WebCryptoAlgorithm& algorithm, CryptoResult* result) | 68 bool parseAlgorithm(const Dictionary& raw, blink::WebCryptoOperation op, blink::
WebCryptoAlgorithm& algorithm, CryptoResult* result) |
| 68 { | 69 { |
| 69 AlgorithmError error; | 70 AlgorithmError error; |
| 70 bool success = normalizeAlgorithm(raw, op, algorithm, &error); | 71 bool success = normalizeAlgorithm(raw, op, algorithm, &error); |
| 71 if (!success) | 72 if (!success) |
| 72 result->completeWithError(error.errorType, error.errorDetails); | 73 result->completeWithError(error.errorType, error.errorDetails); |
| 73 return success; | 74 return success; |
| 74 } | 75 } |
| 75 | 76 |
| 77 static bool canAccessWebCrypto(ScriptState* scriptState, CryptoResult* result) |
| 78 { |
| 79 const SecurityOrigin* origin = scriptState->executionContext()->securityOrig
in(); |
| 80 if (!origin->canAccessFeatureRequiringSecureOrigin()) { |
| 81 result->completeWithError(blink::WebCryptoErrorTypeNotSupported, "WebCry
pto is only supported over secure origins. See http://crbug.com/373032"); |
| 82 return false; |
| 83 } |
| 84 |
| 85 return true; |
| 86 } |
| 87 |
| 76 static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictio
nary& rawAlgorithm, Key* key, blink::WebCryptoOperation operationType, const Arr
ayPiece& signature, const ArrayPiece& dataBuffer) | 88 static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictio
nary& rawAlgorithm, Key* key, blink::WebCryptoOperation operationType, const Arr
ayPiece& signature, const ArrayPiece& dataBuffer) |
| 77 { | 89 { |
| 78 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 90 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 79 ScriptPromise promise = result->promise(); | 91 ScriptPromise promise = result->promise(); |
| 80 | 92 |
| 93 if (!canAccessWebCrypto(scriptState, result.get())) |
| 94 return promise; |
| 95 |
| 81 bool requiresKey = operationType != blink::WebCryptoOperationDigest; | 96 bool requiresKey = operationType != blink::WebCryptoOperationDigest; |
| 82 | 97 |
| 83 if (requiresKey && !ensureNotNull(key, "key", result.get())) | 98 if (requiresKey && !ensureNotNull(key, "key", result.get())) |
| 84 return promise; | 99 return promise; |
| 85 if (operationType == blink::WebCryptoOperationVerify && !ensureNotNull(signa
ture, "signature", result.get())) | 100 if (operationType == blink::WebCryptoOperationVerify && !ensureNotNull(signa
ture, "signature", result.get())) |
| 86 return promise; | 101 return promise; |
| 87 if (!ensureNotNull(dataBuffer, "dataBuffer", result.get())) | 102 if (!ensureNotNull(dataBuffer, "dataBuffer", result.get())) |
| 88 return promise; | 103 return promise; |
| 89 | 104 |
| 90 blink::WebCryptoAlgorithm algorithm; | 105 blink::WebCryptoAlgorithm algorithm; |
| (...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 149 ScriptPromise SubtleCrypto::digest(ScriptState* scriptState, const Dictionary& r
awAlgorithm, const ArrayPiece& data) | 164 ScriptPromise SubtleCrypto::digest(ScriptState* scriptState, const Dictionary& r
awAlgorithm, const ArrayPiece& data) |
| 150 { | 165 { |
| 151 return startCryptoOperation(scriptState, rawAlgorithm, 0, blink::WebCryptoOp
erationDigest, ArrayPiece(), data); | 166 return startCryptoOperation(scriptState, rawAlgorithm, 0, blink::WebCryptoOp
erationDigest, ArrayPiece(), data); |
| 152 } | 167 } |
| 153 | 168 |
| 154 ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictiona
ry& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) | 169 ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictiona
ry& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) |
| 155 { | 170 { |
| 156 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 171 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 157 ScriptPromise promise = result->promise(); | 172 ScriptPromise promise = result->promise(); |
| 158 | 173 |
| 174 if (!canAccessWebCrypto(scriptState, result.get())) |
| 175 return promise; |
| 176 |
| 159 blink::WebCryptoKeyUsageMask keyUsages; | 177 blink::WebCryptoKeyUsageMask keyUsages; |
| 160 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) | 178 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) |
| 161 return promise; | 179 return promise; |
| 162 | 180 |
| 163 blink::WebCryptoAlgorithm algorithm; | 181 blink::WebCryptoAlgorithm algorithm; |
| 164 if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationGenerateKey, algo
rithm, result.get())) | 182 if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationGenerateKey, algo
rithm, result.get())) |
| 165 return promise; | 183 return promise; |
| 166 | 184 |
| 167 blink::Platform::current()->crypto()->generateKey(algorithm, extractable, ke
yUsages, result->result()); | 185 blink::Platform::current()->crypto()->generateKey(algorithm, extractable, ke
yUsages, result->result()); |
| 168 return promise; | 186 return promise; |
| 169 } | 187 } |
| 170 | 188 |
| 171 ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& ra
wFormat, const ArrayPiece& keyData, const Dictionary& rawAlgorithm, bool extract
able, const Vector<String>& rawKeyUsages) | 189 ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& ra
wFormat, const ArrayPiece& keyData, const Dictionary& rawAlgorithm, bool extract
able, const Vector<String>& rawKeyUsages) |
| 172 { | 190 { |
| 173 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 191 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 174 ScriptPromise promise = result->promise(); | 192 ScriptPromise promise = result->promise(); |
| 175 | 193 |
| 194 if (!canAccessWebCrypto(scriptState, result.get())) |
| 195 return promise; |
| 196 |
| 176 if (!ensureNotNull(keyData, "keyData", result.get())) | 197 if (!ensureNotNull(keyData, "keyData", result.get())) |
| 177 return promise; | 198 return promise; |
| 178 | 199 |
| 179 blink::WebCryptoKeyFormat format; | 200 blink::WebCryptoKeyFormat format; |
| 180 if (!Key::parseFormat(rawFormat, format, result.get())) | 201 if (!Key::parseFormat(rawFormat, format, result.get())) |
| 181 return promise; | 202 return promise; |
| 182 | 203 |
| 183 blink::WebCryptoKeyUsageMask keyUsages; | 204 blink::WebCryptoKeyUsageMask keyUsages; |
| 184 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) | 205 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) |
| 185 return promise; | 206 return promise; |
| 186 | 207 |
| 187 blink::WebCryptoAlgorithm algorithm; | 208 blink::WebCryptoAlgorithm algorithm; |
| 188 if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algori
thm, result.get())) | 209 if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algori
thm, result.get())) |
| 189 return promise; | 210 return promise; |
| 190 | 211 |
| 191 blink::Platform::current()->crypto()->importKey(format, keyData.bytes(), key
Data.byteLength(), algorithm, extractable, keyUsages, result->result()); | 212 blink::Platform::current()->crypto()->importKey(format, keyData.bytes(), key
Data.byteLength(), algorithm, extractable, keyUsages, result->result()); |
| 192 return promise; | 213 return promise; |
| 193 } | 214 } |
| 194 | 215 |
| 195 ScriptPromise SubtleCrypto::exportKey(ScriptState* scriptState, const String& ra
wFormat, Key* key) | 216 ScriptPromise SubtleCrypto::exportKey(ScriptState* scriptState, const String& ra
wFormat, Key* key) |
| 196 { | 217 { |
| 197 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 218 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 198 ScriptPromise promise = result->promise(); | 219 ScriptPromise promise = result->promise(); |
| 199 | 220 |
| 221 if (!canAccessWebCrypto(scriptState, result.get())) |
| 222 return promise; |
| 223 |
| 200 if (!ensureNotNull(key, "key", result.get())) | 224 if (!ensureNotNull(key, "key", result.get())) |
| 201 return promise; | 225 return promise; |
| 202 | 226 |
| 203 blink::WebCryptoKeyFormat format; | 227 blink::WebCryptoKeyFormat format; |
| 204 if (!Key::parseFormat(rawFormat, format, result.get())) | 228 if (!Key::parseFormat(rawFormat, format, result.get())) |
| 205 return promise; | 229 return promise; |
| 206 | 230 |
| 207 if (!key->extractable()) { | 231 if (!key->extractable()) { |
| 208 result->completeWithError(blink::WebCryptoErrorTypeInvalidAccess, "key i
s not extractable"); | 232 result->completeWithError(blink::WebCryptoErrorTypeInvalidAccess, "key i
s not extractable"); |
| 209 return promise; | 233 return promise; |
| 210 } | 234 } |
| 211 | 235 |
| 212 blink::Platform::current()->crypto()->exportKey(format, key->key(), result->
result()); | 236 blink::Platform::current()->crypto()->exportKey(format, key->key(), result->
result()); |
| 213 return promise; | 237 return promise; |
| 214 } | 238 } |
| 215 | 239 |
| 216 ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawF
ormat, Key* key, Key* wrappingKey, const Dictionary& rawWrapAlgorithm) | 240 ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawF
ormat, Key* key, Key* wrappingKey, const Dictionary& rawWrapAlgorithm) |
| 217 { | 241 { |
| 218 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 242 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 219 ScriptPromise promise = result->promise(); | 243 ScriptPromise promise = result->promise(); |
| 220 | 244 |
| 245 if (!canAccessWebCrypto(scriptState, result.get())) |
| 246 return promise; |
| 247 |
| 221 if (!ensureNotNull(key, "key", result.get())) | 248 if (!ensureNotNull(key, "key", result.get())) |
| 222 return promise; | 249 return promise; |
| 223 | 250 |
| 224 if (!ensureNotNull(wrappingKey, "wrappingKey", result.get())) | 251 if (!ensureNotNull(wrappingKey, "wrappingKey", result.get())) |
| 225 return promise; | 252 return promise; |
| 226 | 253 |
| 227 blink::WebCryptoKeyFormat format; | 254 blink::WebCryptoKeyFormat format; |
| 228 if (!Key::parseFormat(rawFormat, format, result.get())) | 255 if (!Key::parseFormat(rawFormat, format, result.get())) |
| 229 return promise; | 256 return promise; |
| 230 | 257 |
| (...skipping 11 matching lines...) Expand all Loading... |
| 242 | 269 |
| 243 blink::Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKe
y->key(), wrapAlgorithm, result->result()); | 270 blink::Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKe
y->key(), wrapAlgorithm, result->result()); |
| 244 return promise; | 271 return promise; |
| 245 } | 272 } |
| 246 | 273 |
| 247 ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& ra
wFormat, const ArrayPiece& wrappedKey, Key* unwrappingKey, const Dictionary& raw
UnwrapAlgorithm, const Dictionary& rawUnwrappedKeyAlgorithm, bool extractable, c
onst Vector<String>& rawKeyUsages) | 274 ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& ra
wFormat, const ArrayPiece& wrappedKey, Key* unwrappingKey, const Dictionary& raw
UnwrapAlgorithm, const Dictionary& rawUnwrappedKeyAlgorithm, bool extractable, c
onst Vector<String>& rawKeyUsages) |
| 248 { | 275 { |
| 249 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); | 276 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); |
| 250 ScriptPromise promise = result->promise(); | 277 ScriptPromise promise = result->promise(); |
| 251 | 278 |
| 279 if (!canAccessWebCrypto(scriptState, result.get())) |
| 280 return promise; |
| 281 |
| 252 if (!ensureNotNull(wrappedKey, "wrappedKey", result.get())) | 282 if (!ensureNotNull(wrappedKey, "wrappedKey", result.get())) |
| 253 return promise; | 283 return promise; |
| 254 if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get())) | 284 if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get())) |
| 255 return promise; | 285 return promise; |
| 256 | 286 |
| 257 blink::WebCryptoKeyFormat format; | 287 blink::WebCryptoKeyFormat format; |
| 258 if (!Key::parseFormat(rawFormat, format, result.get())) | 288 if (!Key::parseFormat(rawFormat, format, result.get())) |
| 259 return promise; | 289 return promise; |
| 260 | 290 |
| 261 blink::WebCryptoKeyUsageMask keyUsages; | 291 blink::WebCryptoKeyUsageMask keyUsages; |
| 262 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) | 292 if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) |
| 263 return promise; | 293 return promise; |
| 264 | 294 |
| 265 blink::WebCryptoAlgorithm unwrapAlgorithm; | 295 blink::WebCryptoAlgorithm unwrapAlgorithm; |
| 266 if (!parseAlgorithm(rawUnwrapAlgorithm, blink::WebCryptoOperationUnwrapKey,
unwrapAlgorithm, result.get())) | 296 if (!parseAlgorithm(rawUnwrapAlgorithm, blink::WebCryptoOperationUnwrapKey,
unwrapAlgorithm, result.get())) |
| 267 return promise; | 297 return promise; |
| 268 | 298 |
| 269 blink::WebCryptoAlgorithm unwrappedKeyAlgorithm; | 299 blink::WebCryptoAlgorithm unwrappedKeyAlgorithm; |
| 270 if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, blink::WebCryptoOperationImpor
tKey, unwrappedKeyAlgorithm, result.get())) | 300 if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, blink::WebCryptoOperationImpor
tKey, unwrappedKeyAlgorithm, result.get())) |
| 271 return promise; | 301 return promise; |
| 272 | 302 |
| 273 if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, blink::WebCryptoO
perationUnwrapKey, result.get())) | 303 if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, blink::WebCryptoO
perationUnwrapKey, result.get())) |
| 274 return promise; | 304 return promise; |
| 275 | 305 |
| 276 blink::Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(),
wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgo
rithm, extractable, keyUsages, result->result()); | 306 blink::Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(),
wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgo
rithm, extractable, keyUsages, result->result()); |
| 277 return promise; | 307 return promise; |
| 278 } | 308 } |
| 279 | 309 |
| 280 } // namespace WebCore | 310 } // namespace WebCore |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 299253003:
[webcrypto] Only allow crypto.subtle.* to be used from "secure origins". (Closed)
Base URL: svn://svn.chromium.org/blink/trunk