| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
| 10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
| (...skipping 847 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 858 Status WrapKey(blink::WebCryptoKeyFormat format, | 858 Status WrapKey(blink::WebCryptoKeyFormat format, |
| 859 const blink::WebCryptoKey& key_to_wrap, | 859 const blink::WebCryptoKey& key_to_wrap, |
| 860 const blink::WebCryptoKey& wrapping_key, | 860 const blink::WebCryptoKey& wrapping_key, |
| 861 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 861 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 862 std::vector<uint8>* buffer) { | 862 std::vector<uint8>* buffer) { |
| 863 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 863 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
| 864 return Status::ErrorUnexpected(); | 864 return Status::ErrorUnexpected(); |
| 865 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 865 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 866 return Status::ErrorUnexpected(); | 866 return Status::ErrorUnexpected(); |
| 867 | 867 |
| 868 switch (format) { | 868 if (format == blink::WebCryptoKeyFormatRaw && |
| 869 case blink::WebCryptoKeyFormatRaw: | 869 wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
| 870 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { | 870 // AES-KW is a special case, due to NSS's implementation only |
| 871 // AES-KW is a special case, due to NSS's implementation only | 871 // supporting C_Wrap/C_Unwrap with AES-KW |
| 872 // supporting C_Wrap/C_Unwrap with AES-KW | 872 return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 873 return WrapKeyRaw( | |
| 874 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
| 875 } | |
| 876 return WrapKeyExportAndEncrypt( | |
| 877 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
| 878 case blink::WebCryptoKeyFormatJwk: | |
| 879 return WrapKeyExportAndEncrypt( | |
| 880 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | |
| 881 case blink::WebCryptoKeyFormatSpki: | |
| 882 case blink::WebCryptoKeyFormatPkcs8: | |
| 883 return Status::ErrorUnsupported(); // TODO(padolph) | |
| 884 default: | |
| 885 NOTREACHED(); | |
| 886 return Status::ErrorUnsupported(); | |
| 887 } | 873 } |
| 874 |
| 875 return WrapKeyExportAndEncrypt( |
| 876 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 888 } | 877 } |
| 889 | 878 |
| 890 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 879 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
| 891 const CryptoData& wrapped_key_data, | 880 const CryptoData& wrapped_key_data, |
| 892 const blink::WebCryptoKey& wrapping_key, | 881 const blink::WebCryptoKey& wrapping_key, |
| 893 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 882 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 894 const blink::WebCryptoAlgorithm& algorithm, | 883 const blink::WebCryptoAlgorithm& algorithm, |
| 895 bool extractable, | 884 bool extractable, |
| 896 blink::WebCryptoKeyUsageMask usage_mask, | 885 blink::WebCryptoKeyUsageMask usage_mask, |
| 897 blink::WebCryptoKey* key) { | 886 blink::WebCryptoKey* key) { |
| 898 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 887 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 899 return Status::ErrorUnexpected(); | 888 return Status::ErrorUnexpected(); |
| 900 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 889 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 901 return Status::ErrorUnexpected(); | 890 return Status::ErrorUnexpected(); |
| 902 | 891 |
| 903 // Fail-fast if the key usages don't make sense. This avoids decrypting the | 892 // Fail-fast if the key usages don't make sense. This avoids decrypting the |
| 904 // key only to then have import fail. It is "best effort" because when | 893 // key only to then have import fail. It is "best effort" because when |
| 905 // unwrapping JWK for asymmetric algorithms the key type isn't known yet. | 894 // unwrapping JWK for asymmetric algorithms the key type isn't known yet. |
| 906 Status status = | 895 Status status = |
| 907 BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask); | 896 BestEffortCheckKeyUsagesForImport(algorithm.id(), format, usage_mask); |
| 908 if (status.IsError()) | 897 if (status.IsError()) |
| 909 return status; | 898 return status; |
| 910 | 899 |
| 911 switch (format) { | 900 if (format == blink::WebCryptoKeyFormatRaw && |
| 912 case blink::WebCryptoKeyFormatRaw: | 901 wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { |
| 913 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) { | 902 // AES-KW is a special case, due to NSS's implementation only |
| 914 // AES-KW is a special case, due to NSS's implementation only | 903 // supporting C_Wrap/C_Unwrap with AES-KW |
| 915 // supporting C_Wrap/C_Unwrap with AES-KW | 904 return UnwrapKeyRaw(wrapped_key_data, |
| 916 return UnwrapKeyRaw(wrapped_key_data, | 905 wrapping_key, |
| 917 wrapping_key, | 906 wrapping_algorithm, |
| 918 wrapping_algorithm, | 907 algorithm, |
| 919 algorithm, | 908 extractable, |
| 920 extractable, | 909 usage_mask, |
| 921 usage_mask, | 910 key); |
| 922 key); | |
| 923 } | |
| 924 return UnwrapKeyDecryptAndImport(format, | |
| 925 wrapped_key_data, | |
| 926 wrapping_key, | |
| 927 wrapping_algorithm, | |
| 928 algorithm, | |
| 929 extractable, | |
| 930 usage_mask, | |
| 931 key); | |
| 932 case blink::WebCryptoKeyFormatJwk: | |
| 933 return UnwrapKeyDecryptAndImport(format, | |
| 934 wrapped_key_data, | |
| 935 wrapping_key, | |
| 936 wrapping_algorithm, | |
| 937 algorithm, | |
| 938 extractable, | |
| 939 usage_mask, | |
| 940 key); | |
| 941 case blink::WebCryptoKeyFormatSpki: | |
| 942 case blink::WebCryptoKeyFormatPkcs8: | |
| 943 return Status::ErrorUnsupported(); // TODO(padolph) | |
| 944 default: | |
| 945 NOTREACHED(); | |
| 946 return Status::ErrorUnsupported(); | |
| 947 } | 911 } |
| 912 |
| 913 return UnwrapKeyDecryptAndImport(format, |
| 914 wrapped_key_data, |
| 915 wrapping_key, |
| 916 wrapping_algorithm, |
| 917 algorithm, |
| 918 extractable, |
| 919 usage_mask, |
| 920 key); |
| 948 } | 921 } |
| 949 | 922 |
| 950 // Note that this function is called from the target Blink thread. | 923 // Note that this function is called from the target Blink thread. |
| 951 bool SerializeKeyForClone(const blink::WebCryptoKey& key, | 924 bool SerializeKeyForClone(const blink::WebCryptoKey& key, |
| 952 blink::WebVector<uint8>* key_data) { | 925 blink::WebVector<uint8>* key_data) { |
| 953 return static_cast<webcrypto::platform::Key*>(key.handle()) | 926 return static_cast<webcrypto::platform::Key*>(key.handle()) |
| 954 ->ThreadSafeSerializeForClone(key_data); | 927 ->ThreadSafeSerializeForClone(key_data); |
| 955 } | 928 } |
| 956 | 929 |
| 957 // Note that this function is called from the target Blink thread. | 930 // Note that this function is called from the target Blink thread. |
| (...skipping 54 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1012 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), | 985 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), |
| 1013 usages)) | 986 usages)) |
| 1014 return Status::ErrorCreateKeyBadUsages(); | 987 return Status::ErrorCreateKeyBadUsages(); |
| 1015 | 988 |
| 1016 return Status::Success(); | 989 return Status::Success(); |
| 1017 } | 990 } |
| 1018 | 991 |
| 1019 } // namespace webcrypto | 992 } // namespace webcrypto |
| 1020 | 993 |
| 1021 } // namespace content | 994 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 299843014:
[webcrypto] Enable wrap/unwrap for SPKI and PKCS8. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src