[webcrypto] Add RSA key generation using NSS.

content/renderer/webcrypto/webcrypto_impl_nss.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/renderer/webcrypto/webcrypto_impl.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <sechash.h>
 
@@ skipping 19 matching lines @@
   }
 
   PK11SymKey* key() { return key_.get(); }
 
  private:
   crypto::ScopedPK11SymKey key_;
 
   DISALLOW_COPY_AND_ASSIGN(SymKeyHandle);
 };
 
+class PublicKeyHandle : public WebKit::WebCryptoKeyHandle {
+ public:
+  explicit PublicKeyHandle(crypto::ScopedSECKEYPublicKey key) {
+    DCHECK(!key_.get());
+    key_ = key.Pass();
+  }
+
+  SECKEYPublicKey* key() { return key_.get(); }
+
+ private:
+  crypto::ScopedSECKEYPublicKey key_;
+
+  DISALLOW_COPY_AND_ASSIGN(PublicKeyHandle);
+};
+
+class PrivateKeyHandle : public WebKit::WebCryptoKeyHandle {
+ public:
+  explicit PrivateKeyHandle(crypto::ScopedSECKEYPrivateKey key) {
+    DCHECK(!key_.get());

[Ryan Sleevi, 2013/10/24 00:33:04]

This seems unnecessary - it's a constructor, how is this invariant ever possible
to be violated?

explicit PrivateKeyHandle(crypto::ScopedSECKEYPrivateKey key)
    : key_(key.Pass()) {}

[padolph, 2013/10/24 01:40:47]

Good point. Picked up through copy/paste. Will delete all.

+    key_ = key.Pass();
+  }
+
+  SECKEYPrivateKey* key() { return key_.get(); }
+
+ private:
+  crypto::ScopedSECKEYPrivateKey key_;
+
+  DISALLOW_COPY_AND_ASSIGN(PrivateKeyHandle);
+};
+
 HASH_HashType WebCryptoAlgorithmToNSSHashType(
     const WebKit::WebCryptoAlgorithm& algorithm) {
   switch (algorithm.id()) {
     case WebKit::WebCryptoAlgorithmIdSha1:
       return HASH_AlgSHA1;
     case WebKit::WebCryptoAlgorithmIdSha224:
       return HASH_AlgSHA224;
     case WebKit::WebCryptoAlgorithmIdSha256:
       return HASH_AlgSHA256;
     case WebKit::WebCryptoAlgorithmIdSha384:
@@ skipping 266 matching lines @@
   if (!pk11_key) {
     return false;
   }
 
   key->reset(new SymKeyHandle(pk11_key.Pass()));
   *type = key_type;
 
   return true;
 }
 
+bool WebCryptoImpl::GenerateKeyPairInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    scoped_ptr<WebKit::WebCryptoKeyHandle>* public_key_handle,
+    scoped_ptr<WebKit::WebCryptoKeyHandle>* private_key_handle) {
+
+  // TODO(padolph) Handle other asymmetric algorithm key generation
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+    case WebKit::WebCryptoAlgorithmIdRsaOaep:
+    case WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
+      const WebKit::WebCryptoRsaKeyGenParams* const params =
+          algorithm.rsaKeyGenParams();
+      DCHECK(params);
+
+      crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
+      if (!slot || !params->modulusLength() ||
+          !params->publicExponent().size()) {
+        return false;
+      }
+
+      // The Web Crypto API says params->m_publicExponent is in big-endian
+      // order: the first element in the vector is the most significant digit.
+      // Leading zeros may or may not be present.
+
+      // First offset past any leading zeros in publicExponent.
+      size_t start_index;
+      for (start_index = 0; start_index < params->publicExponent().size();
+           ++start_index) {
+        if (params->publicExponent()[start_index] != 0x0)
+          break;
+      }
+      const size_t exponent_size =
+          params->publicExponent().size() - start_index;
+      if (start_index == params->publicExponent().size() ||
+          exponent_size > sizeof(unsigned long)) {
+        return false;
+      }
+
+      // Then convert the remaining data to an unsigned long.
+      const size_t end_index = params->publicExponent().size() - 1;
+      unsigned long public_exponent = 0;
+      for (int i = end_index; i >= static_cast<int>(start_index); --i) {
+        public_exponent |= params->publicExponent()[i] << (8 * (end_index - i));
+      }
+      // TODO(padolph): should we limit the public exponent to the 'safe' set of
+      // {3, 5, 17, 257, 65537}?
+
+      PK11RSAGenParams param;
+      param.keySizeInBits = params->modulusLength();
+      param.pe = public_exponent;
+
+      // Flags are verified at the Blink layer; here the flags are set to all
+      // possible operations for the given key type.
+      CK_FLAGS operation_flags;
+      switch (algorithm.id()) {
+        case WebKit::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
+          operation_flags = CKF_ENCRYPT | CKF_DECRYPT;
+          break;
+        case WebKit::WebCryptoAlgorithmIdRsaOaep:
+          operation_flags = CKF_WRAP | CKF_UNWRAP;

[Ryan Sleevi, 2013/10/24 00:33:04]

BUG: This should also include CKF_ENCRYPT | CKF_DECRYPT; likewise, the RsaEs
should also include CKF_WRAP / CKF_UNWRAP

[padolph, 2013/10/24 01:40:47]

Done.

+          break;
+        case WebKit::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
+          operation_flags = CKF_SIGN | CKF_VERIFY;
+          break;
+        default:
+          NOTREACHED();
+          return false;
+      }
+      const CK_FLAGS operation_flags_mask = CKF_ENCRYPT | CKF_DECRYPT |
+                                            CKF_SIGN | CKF_VERIFY | CKF_WRAP |
+                                            CKF_UNWRAP;
+      const PK11AttrFlags attribute_flags = 0;  // default all PK11_ATTR_ flags
+
+      SECKEYPublicKey* sec_public_key;
+      crypto::ScopedSECKEYPrivateKey private_key(
+          PK11_GenerateKeyPairWithOpFlags(slot.get(),
+                                          CKM_RSA_PKCS_KEY_PAIR_GEN,
+                                          &param,
+                                          &sec_public_key,
+                                          attribute_flags,
+                                          operation_flags,
+                                          operation_flags_mask,
+                                          NULL));
+      if (!private_key) {
+        return false;
+      }
+      crypto::ScopedSECKEYPublicKey public_key(sec_public_key);
+
+      public_key_handle->reset(new PublicKeyHandle(public_key.Pass()));
+      private_key_handle->reset(new PrivateKeyHandle(private_key.Pass()));
+
+      return true;
+    }
+    default:
+      return false;
+  }
+}
 
 bool WebCryptoImpl::ImportKeyInternal(
     WebKit::WebCryptoKeyFormat format,
     const unsigned char* key_data,
     unsigned key_data_size,
     const WebKit::WebCryptoAlgorithm& algorithm,
     WebKit::WebCryptoKeyUsageMask usage_mask,
     scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
     WebKit::WebCryptoKeyType* type) {
   switch (algorithm.id()) {
@@ skipping 163 matching lines @@
       break;
     }
     default:
       return false;
   }
 
   return true;
 }
 
 }  // namespace content