OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
6 | 6 |
7 #include "base/logging.h" | 7 #include "base/logging.h" |
8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
(...skipping 847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
858 Status WrapKey(blink::WebCryptoKeyFormat format, | 858 Status WrapKey(blink::WebCryptoKeyFormat format, |
859 const blink::WebCryptoKey& key_to_wrap, | 859 const blink::WebCryptoKey& key_to_wrap, |
860 const blink::WebCryptoKey& wrapping_key, | 860 const blink::WebCryptoKey& wrapping_key, |
861 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 861 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
862 std::vector<uint8>* buffer) { | 862 std::vector<uint8>* buffer) { |
863 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 863 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
864 return Status::ErrorUnexpected(); | 864 return Status::ErrorUnexpected(); |
865 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 865 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
866 return Status::ErrorUnexpected(); | 866 return Status::ErrorUnexpected(); |
867 | 867 |
868 switch (format) { | 868 if (format == blink::WebCryptoKeyFormatRaw && |
869 case blink::WebCryptoKeyFormatRaw: | 869 wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
870 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { | 870 // AES-KW is a special case, due to NSS's implementation only |
871 // AES-KW is a special case, due to NSS's implementation only | 871 // supporting C_Wrap/C_Unwrap with AES-KW |
872 // supporting C_Wrap/C_Unwrap with AES-KW | 872 return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
873 return WrapKeyRaw( | |
874 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
875 } | |
876 return WrapKeyExportAndEncrypt( | |
877 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
878 case blink::WebCryptoKeyFormatJwk: | |
879 return WrapKeyExportAndEncrypt( | |
880 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
881 case blink::WebCryptoKeyFormatSpki: | |
882 case blink::WebCryptoKeyFormatPkcs8: | |
883 return Status::ErrorUnsupported(); // TODO(padolph) | |
884 default: | |
885 NOTREACHED(); | |
886 return Status::ErrorUnsupported(); | |
887 } | 873 } |
| 874 |
| 875 return WrapKeyExportAndEncrypt( |
| 876 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
888 } | 877 } |
889 | 878 |
890 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 879 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
891 const CryptoData& wrapped_key_data, | 880 const CryptoData& wrapped_key_data, |
892 const blink::WebCryptoKey& wrapping_key, | 881 const blink::WebCryptoKey& wrapping_key, |
893 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 882 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
894 const blink::WebCryptoAlgorithm& algorithm, | 883 const blink::WebCryptoAlgorithm& algorithm, |
895 bool extractable, | 884 bool extractable, |
896 blink::WebCryptoKeyUsageMask usage_mask, | 885 blink::WebCryptoKeyUsageMask usage_mask, |
897 blink::WebCryptoKey* key) { | 886 blink::WebCryptoKey* key) { |
898 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 887 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
899 return Status::ErrorUnexpected(); | 888 return Status::ErrorUnexpected(); |
900 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 889 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
901 return Status::ErrorUnexpected(); | 890 return Status::ErrorUnexpected(); |
902 | 891 |
903 // Fail-fast if the key usages don't make sense. This avoids decrypting the | 892 // Fail-fast if the key usages don't make sense. This avoids decrypting the |
904 // key only to then have import fail. It is "best effort" because when | 893 // key only to then have import fail. It is "best effort" because when |
905 // unwrapping JWK for asymmetric algorithms the key type isn't known yet. | 894 // unwrapping JWK for asymmetric algorithms the key type isn't known yet. |
906 Status status = | 895 Status status = |
907 BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask); | 896 BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask); |
908 if (status.IsError()) | 897 if (status.IsError()) |
909 return status; | 898 return status; |
910 | 899 |
911 switch (format) { | 900 if (format == blink::WebCryptoKeyFormatRaw && |
912 case blink::WebCryptoKeyFormatRaw: | 901 wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
913 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { | 902 // AES-KW is a special case, due to NSS's implementation only |
914 // AES-KW is a special case, due to NSS's implementation only | 903 // supporting C_Wrap/C_Unwrap with AES-KW |
915 // supporting C_Wrap/C_Unwrap with AES-KW | 904 return UnwrapKeyRaw(wrapped_key_data, |
916 return UnwrapKeyRaw(wrapped_key_data, | 905 wrapping_key, |
917 wrapping_key, | 906 wrapping_algorithm, |
918 wrapping_algorithm, | 907 algorithm, |
919 algorithm, | 908 extractable, |
920 extractable, | 909 usage_mask, |
921 usage_mask, | 910 key); |
922 key); | |
923 } | |
924 return UnwrapKeyDecryptAndImport(format, | |
925 wrapped_key_data, | |
926 wrapping_key, | |
927 wrapping_algorithm, | |
928 algorithm, | |
929 extractable, | |
930 usage_mask, | |
931 key); | |
932 case blink::WebCryptoKeyFormatJwk: | |
933 return UnwrapKeyDecryptAndImport(format, | |
934 wrapped_key_data, | |
935 wrapping_key, | |
936 wrapping_algorithm, | |
937 algorithm, | |
938 extractable, | |
939 usage_mask, | |
940 key); | |
941 case blink::WebCryptoKeyFormatSpki: | |
942 case blink::WebCryptoKeyFormatPkcs8: | |
943 return Status::ErrorUnsupported(); // TODO(padolph) | |
944 default: | |
945 NOTREACHED(); | |
946 return Status::ErrorUnsupported(); | |
947 } | 911 } |
| 912 |
| 913 return UnwrapKeyDecryptAndImport(format, |
| 914 wrapped_key_data, |
| 915 wrapping_key, |
| 916 wrapping_algorithm, |
| 917 algorithm, |
| 918 extractable, |
| 919 usage_mask, |
| 920 key); |
948 } | 921 } |
949 | 922 |
950 // Note that this function is called from the target Blink thread. | 923 // Note that this function is called from the target Blink thread. |
951 bool SerializeKeyForClone(const blink::WebCryptoKey& key, | 924 bool SerializeKeyForClone(const blink::WebCryptoKey& key, |
952 blink::WebVector<uint8>* key_data) { | 925 blink::WebVector<uint8>* key_data) { |
953 return static_cast<webcrypto::platform::Key*>(key.handle()) | 926 return static_cast<webcrypto::platform::Key*>(key.handle()) |
954 ->ThreadSafeSerializeForClone(key_data); | 927 ->ThreadSafeSerializeForClone(key_data); |
955 } | 928 } |
956 | 929 |
957 // Note that this function is called from the target Blink thread. | 930 // Note that this function is called from the target Blink thread. |
(...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1012 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), | 985 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), |
1013 usages)) | 986 usages)) |
1014 return Status::ErrorCreateKeyBadUsages(); | 987 return Status::ErrorCreateKeyBadUsages(); |
1015 | 988 |
1016 return Status::Success(); | 989 return Status::Success(); |
1017 } | 990 } |
1018 | 991 |
1019 } // namespace webcrypto | 992 } // namespace webcrypto |
1020 | 993 |
1021 } // namespace content | 994 } // namespace content |
OLD | NEW |