Index: content/child/webcrypto/nss/rsa_key_nss.cc |
diff --git a/content/child/webcrypto/nss/rsa_key_nss.cc b/content/child/webcrypto/nss/rsa_key_nss.cc |
new file mode 100644 |
index 0000000000000000000000000000000000000000..ec1630089e451f4735e93867e92efde85ef78f61 |
--- /dev/null |
+++ b/content/child/webcrypto/nss/rsa_key_nss.cc |
@@ -0,0 +1,897 @@ |
+// Copyright 2014 The Chromium Authors. All rights reserved. |
+// Use of this source code is governed by a BSD-style license that can be |
+// found in the LICENSE file. |
+ |
+#include "content/child/webcrypto/nss/rsa_key_nss.h" |
+ |
+#include "base/logging.h" |
+#include "content/child/webcrypto/crypto_data.h" |
+#include "content/child/webcrypto/jwk.h" |
+#include "content/child/webcrypto/nss/key_nss.h" |
+#include "content/child/webcrypto/nss/util_nss.h" |
+#include "content/child/webcrypto/status.h" |
+#include "content/child/webcrypto/webcrypto_util.h" |
+#include "crypto/scoped_nss_types.h" |
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
+#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
+ |
+namespace content { |
+ |
+namespace webcrypto { |
+ |
+namespace { |
+ |
+// Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, |
+// to unsigned long. |
+bool BigIntegerToLong(const uint8* data, |
+ unsigned int data_size, |
+ unsigned long* result) { |
+ // TODO(eroman): Fix handling of empty biginteger. http://crubg.com/373552 |
+ if (data_size == 0) |
+ return false; |
+ |
+ *result = 0; |
+ for (size_t i = 0; i < data_size; ++i) { |
+ size_t reverse_i = data_size - i - 1; |
+ |
+ if (reverse_i >= sizeof(unsigned long) && data[i]) |
+ return false; // Too large for a long. |
+ |
+ *result |= data[i] << 8 * reverse_i; |
+ } |
+ return true; |
+} |
+ |
+bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
+ SECKEYPublicKey* key, |
+ blink::WebCryptoKeyAlgorithm* key_algorithm) { |
+ // TODO(eroman): What about other key types rsaPss, rsaOaep. |
+ if (!key || key->keyType != rsaKey) |
+ return false; |
+ |
+ unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; |
+ CryptoData public_exponent(key->u.rsa.publicExponent.data, |
+ key->u.rsa.publicExponent.len); |
+ |
+ switch (algorithm.paramsType()) { |
+ case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams: |
+ case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: |
+ *key_algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed( |
+ algorithm.id(), |
+ modulus_length_bits, |
+ public_exponent.bytes(), |
+ public_exponent.byte_length(), |
+ GetInnerHashAlgorithm(algorithm).id()); |
+ return true; |
+ default: |
+ return false; |
+ } |
+} |
+ |
+bool CreatePrivateKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
+ SECKEYPrivateKey* key, |
+ blink::WebCryptoKeyAlgorithm* key_algorithm) { |
+ crypto::ScopedSECKEYPublicKey public_key(SECKEY_ConvertToPublicKey(key)); |
+ return CreatePublicKeyAlgorithm(algorithm, public_key.get(), key_algorithm); |
+} |
+ |
+#if defined(USE_NSS) && !defined(OS_CHROMEOS) |
+Status ErrorRsaKeyImportNotSupported() { |
+ return Status::ErrorUnsupported( |
+ "NSS version must be at least 3.16.2 for RSA key import. See " |
+ "http://crbug.com/380424"); |
+} |
+ |
+// Prior to NSS 3.16.2 RSA key parameters were not validated. This is |
+// a security problem for RSA private key import from JWK which uses a |
+// CKA_ID based on the public modulus to retrieve the private key. |
+Status NssSupportsRsaKeyImport() { |
+ if (!NSS_VersionCheck("3.16.2")) |
+ return ErrorRsaKeyImportNotSupported(); |
+ |
+ // Also ensure that the version of Softoken is 3.16.2 or later. |
+ crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); |
+ CK_SLOT_INFO info = {}; |
+ if (PK11_GetSlotInfo(slot.get(), &info) != SECSuccess) |
+ return ErrorRsaKeyImportNotSupported(); |
+ |
+ // CK_SLOT_INFO.hardwareVersion contains the major.minor |
+ // version info for Softoken in the corresponding .major/.minor |
+ // fields, and .firmwareVersion contains the patch.build |
+ // version info (in the .major/.minor fields) |
+ if ((info.hardwareVersion.major > 3) || |
+ (info.hardwareVersion.major == 3 && |
+ (info.hardwareVersion.minor > 16 || |
+ (info.hardwareVersion.minor == 16 && |
+ info.firmwareVersion.major >= 2)))) { |
+ return Status::Success(); |
+ } |
+ |
+ return ErrorRsaKeyImportNotSupported(); |
+} |
+#else |
+Status NssSupportsRsaKeyImport() { |
+ return Status::Success(); |
+} |
+#endif |
+ |
+bool CreateRsaHashedPublicKeyAlgorithm( |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ SECKEYPublicKey* key, |
+ blink::WebCryptoKeyAlgorithm* key_algorithm) { |
+ // TODO(eroman): What about other key types rsaPss, rsaOaep. |
+ if (!key || key->keyType != rsaKey) |
+ return false; |
+ |
+ unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; |
+ CryptoData public_exponent(key->u.rsa.publicExponent.data, |
+ key->u.rsa.publicExponent.len); |
+ |
+ switch (algorithm.paramsType()) { |
+ case blink::WebCryptoAlgorithmParamsTypeRsaHashedImportParams: |
+ case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: |
+ *key_algorithm = blink::WebCryptoKeyAlgorithm::createRsaHashed( |
+ algorithm.id(), |
+ modulus_length_bits, |
+ public_exponent.bytes(), |
+ public_exponent.byte_length(), |
+ GetInnerHashAlgorithm(algorithm).id()); |
+ return true; |
+ default: |
+ return false; |
+ } |
+} |
+ |
+bool CreateRsaHashedPrivateKeyAlgorithm( |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ SECKEYPrivateKey* key, |
+ blink::WebCryptoKeyAlgorithm* key_algorithm) { |
+ crypto::ScopedSECKEYPublicKey public_key(SECKEY_ConvertToPublicKey(key)); |
+ if (!public_key) |
+ return false; |
+ return CreateRsaHashedPublicKeyAlgorithm( |
+ algorithm, public_key.get(), key_algorithm); |
+} |
+ |
+// From PKCS#1 [http://tools.ietf.org/html/rfc3447]: |
+// |
+// RSAPrivateKey ::= SEQUENCE { |
+// version Version, |
+// modulus INTEGER, -- n |
+// publicExponent INTEGER, -- e |
+// privateExponent INTEGER, -- d |
+// prime1 INTEGER, -- p |
+// prime2 INTEGER, -- q |
+// exponent1 INTEGER, -- d mod (p-1) |
+// exponent2 INTEGER, -- d mod (q-1) |
+// coefficient INTEGER, -- (inverse of q) mod p |
+// otherPrimeInfos OtherPrimeInfos OPTIONAL |
+// } |
+// |
+// Note that otherPrimeInfos is only applicable for version=1. Since NSS |
+// doesn't use multi-prime can safely use version=0. |
+struct RSAPrivateKey { |
+ SECItem version; |
+ SECItem modulus; |
+ SECItem public_exponent; |
+ SECItem private_exponent; |
+ SECItem prime1; |
+ SECItem prime2; |
+ SECItem exponent1; |
+ SECItem exponent2; |
+ SECItem coefficient; |
+}; |
+ |
+// The system NSS library doesn't have the new PK11_ExportDERPrivateKeyInfo |
+// function yet (https://bugzilla.mozilla.org/show_bug.cgi?id=519255). So we |
+// provide a fallback implementation. |
+#if defined(USE_NSS) |
+const SEC_ASN1Template RSAPrivateKeyTemplate[] = { |
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RSAPrivateKey)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, version)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, modulus)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, public_exponent)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, private_exponent)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime1)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, prime2)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent1)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, exponent2)}, |
+ {SEC_ASN1_INTEGER, offsetof(RSAPrivateKey, coefficient)}, |
+ {0}}; |
+#endif // defined(USE_NSS) |
+ |
+// On success |value| will be filled with data which must be freed by |
+// SECITEM_FreeItem(value, PR_FALSE); |
+bool ReadUint(SECKEYPrivateKey* key, |
+ CK_ATTRIBUTE_TYPE attribute, |
+ SECItem* value) { |
+ SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, key, attribute, value); |
+ |
+ // PK11_ReadRawAttribute() returns items of type siBuffer. However in order |
+ // for the ASN.1 encoding to be correct, the items must be of type |
+ // siUnsignedInteger. |
+ value->type = siUnsignedInteger; |
+ |
+ return rv == SECSuccess; |
+} |
+ |
+// Fills |out| with the RSA private key properties. Returns true on success. |
+// Regardless of the return value, the caller must invoke FreeRSAPrivateKey() |
+// to free up any allocated memory. |
+// |
+// The passed in RSAPrivateKey must be zero-initialized. |
+bool InitRSAPrivateKey(SECKEYPrivateKey* key, RSAPrivateKey* out) { |
+ if (key->keyType != rsaKey) |
+ return false; |
+ |
+ // Everything should be zero-ed out. These are just some spot checks. |
+ DCHECK(!out->version.data); |
+ DCHECK(!out->version.len); |
+ DCHECK(!out->modulus.data); |
+ DCHECK(!out->modulus.len); |
+ |
+ // Always use version=0 since not using multi-prime. |
+ if (!SEC_ASN1EncodeInteger(NULL, &out->version, 0)) |
+ return false; |
+ |
+ if (!ReadUint(key, CKA_MODULUS, &out->modulus)) |
+ return false; |
+ if (!ReadUint(key, CKA_PUBLIC_EXPONENT, &out->public_exponent)) |
+ return false; |
+ if (!ReadUint(key, CKA_PRIVATE_EXPONENT, &out->private_exponent)) |
+ return false; |
+ if (!ReadUint(key, CKA_PRIME_1, &out->prime1)) |
+ return false; |
+ if (!ReadUint(key, CKA_PRIME_2, &out->prime2)) |
+ return false; |
+ if (!ReadUint(key, CKA_EXPONENT_1, &out->exponent1)) |
+ return false; |
+ if (!ReadUint(key, CKA_EXPONENT_2, &out->exponent2)) |
+ return false; |
+ if (!ReadUint(key, CKA_COEFFICIENT, &out->coefficient)) |
+ return false; |
+ |
+ return true; |
+} |
+ |
+struct FreeRsaPrivateKey { |
+ void operator()(RSAPrivateKey* out) { |
+ SECITEM_FreeItem(&out->version, PR_FALSE); |
+ SECITEM_FreeItem(&out->modulus, PR_FALSE); |
+ SECITEM_FreeItem(&out->public_exponent, PR_FALSE); |
+ SECITEM_FreeItem(&out->private_exponent, PR_FALSE); |
+ SECITEM_FreeItem(&out->prime1, PR_FALSE); |
+ SECITEM_FreeItem(&out->prime2, PR_FALSE); |
+ SECITEM_FreeItem(&out->exponent1, PR_FALSE); |
+ SECITEM_FreeItem(&out->exponent2, PR_FALSE); |
+ SECITEM_FreeItem(&out->coefficient, PR_FALSE); |
+ } |
+}; |
+ |
+typedef scoped_ptr<CERTSubjectPublicKeyInfo, |
+ crypto::NSSDestroyer<CERTSubjectPublicKeyInfo, |
+ SECKEY_DestroySubjectPublicKeyInfo> > |
+ ScopedCERTSubjectPublicKeyInfo; |
+ |
+struct DestroyGenericObject { |
+ void operator()(PK11GenericObject* o) const { |
+ if (o) |
+ PK11_DestroyGenericObject(o); |
+ } |
+}; |
+ |
+typedef scoped_ptr<PK11GenericObject, DestroyGenericObject> |
+ ScopedPK11GenericObject; |
+ |
+// Helper to add an attribute to a template. |
+void AddAttribute(CK_ATTRIBUTE_TYPE type, |
+ void* value, |
+ unsigned long length, |
+ std::vector<CK_ATTRIBUTE>* templ) { |
+ CK_ATTRIBUTE attribute = {type, value, length}; |
+ templ->push_back(attribute); |
+} |
+ |
+// Helper to optionally add an attribute to a template, if the provided data is |
+// non-empty. |
+void AddOptionalAttribute(CK_ATTRIBUTE_TYPE type, |
+ const CryptoData& data, |
+ std::vector<CK_ATTRIBUTE>* templ) { |
+ if (!data.byte_length()) |
+ return; |
+ CK_ATTRIBUTE attribute = {type, const_cast<unsigned char*>(data.bytes()), |
+ data.byte_length()}; |
+ templ->push_back(attribute); |
+} |
+ |
+void AddOptionalAttribute(CK_ATTRIBUTE_TYPE type, |
+ const std::string& data, |
+ std::vector<CK_ATTRIBUTE>* templ) { |
+ AddOptionalAttribute(type, CryptoData(data), templ); |
+} |
+ |
+Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8>* buffer) { |
+ if (key->keyType != rsaKey) |
+ return Status::ErrorUnsupported(); |
+ |
+// TODO(rsleevi): Implement OAEP support according to the spec. |
+ |
+#if defined(USE_NSS) |
+ // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code. |
+ const SECOidTag algorithm = SEC_OID_PKCS1_RSA_ENCRYPTION; |
+ const int kPrivateKeyInfoVersion = 0; |
+ |
+ SECKEYPrivateKeyInfo private_key_info = {}; |
+ RSAPrivateKey rsa_private_key = {}; |
+ scoped_ptr<RSAPrivateKey, FreeRsaPrivateKey> free_private_key( |
+ &rsa_private_key); |
+ |
+ // http://crbug.com/366427: the spec does not define any other failures for |
+ // exporting, so none of the subsequent errors are spec compliant. |
+ if (!InitRSAPrivateKey(key, &rsa_private_key)) |
+ return Status::OperationError(); |
+ |
+ crypto::ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); |
+ if (!arena.get()) |
+ return Status::OperationError(); |
+ |
+ if (!SEC_ASN1EncodeItem(arena.get(), |
+ &private_key_info.privateKey, |
+ &rsa_private_key, |
+ RSAPrivateKeyTemplate)) |
+ return Status::OperationError(); |
+ |
+ if (SECSuccess != |
+ SECOID_SetAlgorithmID( |
+ arena.get(), &private_key_info.algorithm, algorithm, NULL)) |
+ return Status::OperationError(); |
+ |
+ if (!SEC_ASN1EncodeInteger( |
+ arena.get(), &private_key_info.version, kPrivateKeyInfoVersion)) |
+ return Status::OperationError(); |
+ |
+ crypto::ScopedSECItem encoded_key( |
+ SEC_ASN1EncodeItem(NULL, |
+ NULL, |
+ &private_key_info, |
+ SEC_ASN1_GET(SECKEY_PrivateKeyInfoTemplate))); |
+#else // defined(USE_NSS) |
+ crypto::ScopedSECItem encoded_key(PK11_ExportDERPrivateKeyInfo(key, NULL)); |
+#endif // defined(USE_NSS) |
+ |
+ if (!encoded_key.get()) |
+ return Status::OperationError(); |
+ |
+ buffer->assign(encoded_key->data, encoded_key->data + encoded_key->len); |
+ return Status::Success(); |
+} |
+ |
+Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ const JwkRsaInfo& params, |
+ blink::WebCryptoKey* key) { |
+ Status status = NssSupportsRsaKeyImport(); |
+ if (status.IsError()) |
+ return status; |
+ |
+ CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY; |
+ CK_KEY_TYPE key_type = CKK_RSA; |
+ CK_BBOOL ck_false = CK_FALSE; |
+ |
+ std::vector<CK_ATTRIBUTE> key_template; |
+ |
+ AddAttribute(CKA_CLASS, &obj_class, sizeof(obj_class), &key_template); |
+ AddAttribute(CKA_KEY_TYPE, &key_type, sizeof(key_type), &key_template); |
+ AddAttribute(CKA_TOKEN, &ck_false, sizeof(ck_false), &key_template); |
+ AddAttribute(CKA_SENSITIVE, &ck_false, sizeof(ck_false), &key_template); |
+ AddAttribute(CKA_PRIVATE, &ck_false, sizeof(ck_false), &key_template); |
+ |
+ // Required properties. |
+ AddOptionalAttribute(CKA_MODULUS, params.n, &key_template); |
+ AddOptionalAttribute(CKA_PUBLIC_EXPONENT, params.e, &key_template); |
+ AddOptionalAttribute(CKA_PRIVATE_EXPONENT, params.d, &key_template); |
+ |
+ // Manufacture a CKA_ID so the created key can be retrieved later as a |
+ // SECKEYPrivateKey using FindKeyByKeyID(). Unfortunately there isn't a more |
+ // direct way to do this in NSS. |
+ // |
+ // For consistency with other NSS key creation methods, set the CKA_ID to |
+ // PK11_MakeIDFromPubKey(). There are some problems with |
+ // this approach: |
+ // |
+ // (1) Prior to NSS 3.16.2, there is no parameter validation when creating |
+ // private keys. It is therefore possible to construct a key using the |
+ // known public modulus, and where all the other parameters are bogus. |
+ // FindKeyByKeyID() returns the first key matching the ID. So this would |
+ // effectively allow an attacker to retrieve a private key of their |
+ // choice. |
+ // |
+ // (2) The ID space is shared by different key types. So theoretically |
+ // possible to retrieve a key of the wrong type which has a matching |
+ // CKA_ID. In practice I am told this is not likely except for small key |
+ // sizes, since would require constructing keys with the same public |
+ // data. |
+ // |
+ // (3) FindKeyByKeyID() doesn't necessarily return the object that was just |
+ // created by CreateGenericObject. If the pre-existing key was |
+ // provisioned with flags incompatible with WebCrypto (for instance |
+ // marked sensitive) then this will break things. |
+ SECItem modulus_item = MakeSECItemForBuffer(CryptoData(params.n)); |
+ crypto::ScopedSECItem object_id(PK11_MakeIDFromPubKey(&modulus_item)); |
+ AddOptionalAttribute( |
+ CKA_ID, CryptoData(object_id->data, object_id->len), &key_template); |
+ |
+ // Optional properties (all of these will have been specified or none). |
+ AddOptionalAttribute(CKA_PRIME_1, params.p, &key_template); |
+ AddOptionalAttribute(CKA_PRIME_2, params.q, &key_template); |
+ AddOptionalAttribute(CKA_EXPONENT_1, params.dp, &key_template); |
+ AddOptionalAttribute(CKA_EXPONENT_2, params.dq, &key_template); |
+ AddOptionalAttribute(CKA_COEFFICIENT, params.qi, &key_template); |
+ |
+ crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); |
+ |
+ ScopedPK11GenericObject key_object(PK11_CreateGenericObject( |
+ slot.get(), &key_template[0], key_template.size(), PR_FALSE)); |
+ |
+ if (!key_object) |
+ return Status::OperationError(); |
+ |
+ crypto::ScopedSECKEYPrivateKey private_key_tmp( |
+ PK11_FindKeyByKeyID(slot.get(), object_id.get(), NULL)); |
+ |
+ // PK11_FindKeyByKeyID() may return a handle to an existing key, rather than |
+ // the object created by PK11_CreateGenericObject(). |
+ crypto::ScopedSECKEYPrivateKey private_key( |
+ SECKEY_CopyPrivateKey(private_key_tmp.get())); |
+ |
+ if (!private_key) |
+ return Status::OperationError(); |
+ |
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+ |
+ std::vector<uint8> pkcs8_data; |
+ status = ExportKeyPkcs8Nss(private_key.get(), &pkcs8_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PrivateKeyNss> key_handle( |
+ new PrivateKeyNss(private_key.Pass(), CryptoData(pkcs8_data))); |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
+ blink::WebCryptoKeyTypePrivate, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
+ return Status::Success(); |
+} |
+ |
+Status ExportKeySpkiNss(SECKEYPublicKey* key, std::vector<uint8>* buffer) { |
+ const crypto::ScopedSECItem spki_der( |
+ SECKEY_EncodeDERSubjectPublicKeyInfo(key)); |
+ if (!spki_der) |
+ return Status::OperationError(); |
+ |
+ buffer->assign(spki_der->data, spki_der->data + spki_der->len); |
+ return Status::Success(); |
+} |
+ |
+Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ const CryptoData& modulus_data, |
+ const CryptoData& exponent_data, |
+ blink::WebCryptoKey* key) { |
+ if (!modulus_data.byte_length()) |
+ return Status::ErrorImportRsaEmptyModulus(); |
+ |
+ if (!exponent_data.byte_length()) |
+ return Status::ErrorImportRsaEmptyExponent(); |
+ |
+ DCHECK(modulus_data.bytes()); |
+ DCHECK(exponent_data.bytes()); |
+ |
+ // NSS does not provide a way to create an RSA public key directly from the |
+ // modulus and exponent values, but it can import an DER-encoded ASN.1 blob |
+ // with these values and create the public key from that. The code below |
+ // follows the recommendation described in |
+ // https://developer.mozilla.org/en-US/docs/NSS/NSS_Tech_Notes/nss_tech_note7 |
+ |
+ // Pack the input values into a struct compatible with NSS ASN.1 encoding, and |
+ // set up an ASN.1 encoder template for it. |
+ struct RsaPublicKeyData { |
+ SECItem modulus; |
+ SECItem exponent; |
+ }; |
+ const RsaPublicKeyData pubkey_in = { |
+ {siUnsignedInteger, const_cast<unsigned char*>(modulus_data.bytes()), |
+ modulus_data.byte_length()}, |
+ {siUnsignedInteger, const_cast<unsigned char*>(exponent_data.bytes()), |
+ exponent_data.byte_length()}}; |
+ const SEC_ASN1Template rsa_public_key_template[] = { |
+ {SEC_ASN1_SEQUENCE, 0, NULL, sizeof(RsaPublicKeyData)}, |
+ { |
+ SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, modulus), |
+ }, |
+ { |
+ SEC_ASN1_INTEGER, offsetof(RsaPublicKeyData, exponent), |
+ }, |
+ { |
+ 0, |
+ }}; |
+ |
+ // DER-encode the public key. |
+ crypto::ScopedSECItem pubkey_der( |
+ SEC_ASN1EncodeItem(NULL, NULL, &pubkey_in, rsa_public_key_template)); |
+ if (!pubkey_der) |
+ return Status::OperationError(); |
+ |
+ // Import the DER-encoded public key to create an RSA SECKEYPublicKey. |
+ crypto::ScopedSECKEYPublicKey pubkey( |
+ SECKEY_ImportDERPublicKey(pubkey_der.get(), CKK_RSA)); |
+ if (!pubkey) |
+ return Status::OperationError(); |
+ |
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreatePublicKeyAlgorithm(algorithm, pubkey.get(), &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+ |
+ std::vector<uint8> spki_data; |
+ Status status = ExportKeySpkiNss(pubkey.get(), &spki_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PublicKeyNss> key_handle( |
+ new PublicKeyNss(pubkey.Pass(), CryptoData(spki_data))); |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
+ blink::WebCryptoKeyTypePublic, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
+ return Status::Success(); |
+} |
+ |
+} // namespace |
+ |
+Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeGenerateKeyPair( |
+ blink::WebCryptoKeyUsageMask combined_usage_mask, |
+ blink::WebCryptoKeyUsageMask* public_usage_mask, |
+ blink::WebCryptoKeyUsageMask* private_usage_mask) const { |
+ Status status = CheckKeyCreationUsages( |
+ all_public_key_usages_ | all_private_key_usages_, combined_usage_mask); |
+ if (status.IsError()) |
+ return status; |
+ |
+ *public_usage_mask = combined_usage_mask & all_public_key_usages_; |
+ *private_usage_mask = combined_usage_mask & all_private_key_usages_; |
+ |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::GenerateKeyPair( |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask public_usage_mask, |
+ blink::WebCryptoKeyUsageMask private_usage_mask, |
+ blink::WebCryptoKey* public_key, |
+ blink::WebCryptoKey* private_key) const { |
+ const blink::WebCryptoRsaHashedKeyGenParams* params = |
+ algorithm.rsaHashedKeyGenParams(); |
+ |
+ if (!params->modulusLengthBits()) |
+ return Status::ErrorGenerateRsaZeroModulus(); |
+ |
+ unsigned long public_exponent = 0; |
+ if (!BigIntegerToLong(params->publicExponent().data(), |
+ params->publicExponent().size(), |
+ &public_exponent) || |
+ (public_exponent != 3 && public_exponent != 65537)) { |
+ return Status::ErrorGenerateKeyPublicExponent(); |
+ } |
+ |
+ crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
+ if (!slot) |
+ return Status::OperationError(); |
+ |
+ PK11RSAGenParams rsa_gen_params; |
+ // keySizeInBits is a signed type, don't pass in a negative value. |
+ if (params->modulusLengthBits() > INT_MAX) |
+ return Status::OperationError(); |
+ rsa_gen_params.keySizeInBits = params->modulusLengthBits(); |
+ rsa_gen_params.pe = public_exponent; |
+ |
+ const CK_FLAGS operation_flags_mask = |
+ CKF_ENCRYPT | CKF_DECRYPT | CKF_SIGN | CKF_VERIFY | CKF_WRAP | CKF_UNWRAP; |
+ |
+ // The private key must be marked as insensitive and extractable, otherwise it |
+ // cannot later be exported in unencrypted form or structured-cloned. |
+ const PK11AttrFlags attribute_flags = |
+ PK11_ATTR_INSENSITIVE | PK11_ATTR_EXTRACTABLE; |
+ |
+ // Note: NSS does not generate an sec_public_key if the call below fails, |
+ // so there is no danger of a leaked sec_public_key. |
+ SECKEYPublicKey* sec_public_key; |
+ crypto::ScopedSECKEYPrivateKey scoped_sec_private_key( |
+ PK11_GenerateKeyPairWithOpFlags(slot.get(), |
+ CKM_RSA_PKCS_KEY_PAIR_GEN, |
+ &rsa_gen_params, |
+ &sec_public_key, |
+ attribute_flags, |
+ generate_flags_, |
+ operation_flags_mask, |
+ NULL)); |
+ if (!scoped_sec_private_key) |
+ return Status::OperationError(); |
+ |
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreatePublicKeyAlgorithm(algorithm, sec_public_key, &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+ |
+ std::vector<uint8> spki_data; |
+ Status status = ExportKeySpkiNss(sec_public_key, &spki_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PublicKeyNss> public_key_handle(new PublicKeyNss( |
+ crypto::ScopedSECKEYPublicKey(sec_public_key), CryptoData(spki_data))); |
+ |
+ std::vector<uint8> pkcs8_data; |
+ status = ExportKeyPkcs8Nss(scoped_sec_private_key.get(), &pkcs8_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PrivateKeyNss> private_key_handle( |
+ new PrivateKeyNss(scoped_sec_private_key.Pass(), CryptoData(pkcs8_data))); |
+ |
+ *public_key = blink::WebCryptoKey::create(public_key_handle.release(), |
+ blink::WebCryptoKeyTypePublic, |
+ true, |
+ key_algorithm, |
+ public_usage_mask); |
+ *private_key = blink::WebCryptoKey::create(private_key_handle.release(), |
+ blink::WebCryptoKeyTypePrivate, |
+ extractable, |
+ key_algorithm, |
+ private_usage_mask); |
+ |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::VerifyKeyUsagesBeforeImportKey( |
+ blink::WebCryptoKeyFormat format, |
+ blink::WebCryptoKeyUsageMask usage_mask) const { |
+ switch (format) { |
+ case blink::WebCryptoKeyFormatSpki: |
+ return CheckKeyCreationUsages(all_public_key_usages_, usage_mask); |
+ case blink::WebCryptoKeyFormatPkcs8: |
+ return CheckKeyCreationUsages(all_private_key_usages_, usage_mask); |
+ case blink::WebCryptoKeyFormatJwk: |
+ return CheckKeyCreationUsages( |
+ all_public_key_usages_ | all_private_key_usages_, usage_mask); |
+ default: |
+ return Status::ErrorUnsupportedImportKeyFormat(); |
+ } |
+} |
+ |
+Status RsaHashedAlgorithm::ImportKeyPkcs8( |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) const { |
+ Status status = NssSupportsRsaKeyImport(); |
+ if (status.IsError()) |
+ return status; |
+ |
+ if (!key_data.byte_length()) |
+ return Status::ErrorImportEmptyKeyData(); |
+ |
+ // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 PKCS#8 |
+ // private key info object. |
+ SECItem pki_der = MakeSECItemForBuffer(key_data); |
+ |
+ SECKEYPrivateKey* seckey_private_key = NULL; |
+ crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); |
+ if (PK11_ImportDERPrivateKeyInfoAndReturnKey(slot.get(), |
+ &pki_der, |
+ NULL, // nickname |
+ NULL, // publicValue |
+ false, // isPerm |
+ false, // isPrivate |
+ KU_ALL, // usage |
+ &seckey_private_key, |
+ NULL) != SECSuccess) { |
+ return Status::DataError(); |
+ } |
+ DCHECK(seckey_private_key); |
+ crypto::ScopedSECKEYPrivateKey private_key(seckey_private_key); |
+ |
+ const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get()); |
+ if (sec_key_type != rsaKey) |
+ return Status::DataError(); |
+ |
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreateRsaHashedPrivateKeyAlgorithm( |
+ algorithm, private_key.get(), &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+ |
+ // TODO(eroman): This is probably going to be the same as the input. |
+ std::vector<uint8> pkcs8_data; |
+ status = ExportKeyPkcs8Nss(private_key.get(), &pkcs8_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PrivateKeyNss> key_handle( |
+ new PrivateKeyNss(private_key.Pass(), CryptoData(pkcs8_data))); |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
+ blink::WebCryptoKeyTypePrivate, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
+ |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::ImportKeySpki( |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) const { |
+ Status status = NssSupportsRsaKeyImport(); |
+ if (status.IsError()) |
+ return status; |
+ |
+ if (!key_data.byte_length()) |
+ return Status::ErrorImportEmptyKeyData(); |
+ |
+ // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 Subject |
+ // Public Key Info. Decode this to a CERTSubjectPublicKeyInfo. |
+ SECItem spki_item = MakeSECItemForBuffer(key_data); |
+ const ScopedCERTSubjectPublicKeyInfo spki( |
+ SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item)); |
+ if (!spki) |
+ return Status::DataError(); |
+ |
+ crypto::ScopedSECKEYPublicKey sec_public_key( |
+ SECKEY_ExtractPublicKey(spki.get())); |
+ if (!sec_public_key) |
+ return Status::DataError(); |
+ |
+ const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get()); |
+ if (sec_key_type != rsaKey) |
+ return Status::DataError(); |
+ |
+ blink::WebCryptoKeyAlgorithm key_algorithm; |
+ if (!CreateRsaHashedPublicKeyAlgorithm( |
+ algorithm, sec_public_key.get(), &key_algorithm)) |
+ return Status::ErrorUnexpected(); |
+ |
+ // TODO(eroman): This is probably going to be the same as the input. |
+ std::vector<uint8> spki_data; |
+ status = ExportKeySpkiNss(sec_public_key.get(), &spki_data); |
+ if (status.IsError()) |
+ return status; |
+ |
+ scoped_ptr<PublicKeyNss> key_handle( |
+ new PublicKeyNss(sec_public_key.Pass(), CryptoData(spki_data))); |
+ |
+ *key = blink::WebCryptoKey::create(key_handle.release(), |
+ blink::WebCryptoKeyTypePublic, |
+ extractable, |
+ key_algorithm, |
+ usage_mask); |
+ |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::ExportKeyPkcs8(const blink::WebCryptoKey& key, |
+ std::vector<uint8>* buffer) const { |
+ if (key.type() != blink::WebCryptoKeyTypePrivate) |
+ return Status::ErrorUnexpectedKeyType(); |
+ *buffer = PrivateKeyNss::Cast(key)->pkcs8_data(); |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::ExportKeySpki(const blink::WebCryptoKey& key, |
+ std::vector<uint8>* buffer) const { |
+ if (key.type() != blink::WebCryptoKeyTypePublic) |
+ return Status::ErrorUnexpectedKeyType(); |
+ *buffer = PublicKeyNss::Cast(key)->spki_data(); |
+ return Status::Success(); |
+} |
+ |
+Status RsaHashedAlgorithm::ImportKeyJwk( |
+ const CryptoData& key_data, |
+ const blink::WebCryptoAlgorithm& algorithm, |
+ bool extractable, |
+ blink::WebCryptoKeyUsageMask usage_mask, |
+ blink::WebCryptoKey* key) const { |
+ const char* jwk_algorithm = |
+ GetJwkAlgorithm(algorithm.rsaHashedImportParams()->hash().id()); |
+ |
+ if (!jwk_algorithm) |
+ return Status::ErrorUnexpected(); |
+ |
+ JwkRsaInfo jwk; |
+ Status status = |
+ ReadRsaKeyJwk(key_data, jwk_algorithm, extractable, usage_mask, &jwk); |
+ if (status.IsError()) |
+ return status; |
+ |
+ // Once the key type is known, verify the usages. |
+ status = CheckKeyCreationUsages( |
+ jwk.is_private_key ? all_private_key_usages_ : all_public_key_usages_, |
+ usage_mask); |
+ if (status.IsError()) |
+ return Status::ErrorCreateKeyBadUsages(); |
+ |
+ return jwk.is_private_key |
+ ? ImportRsaPrivateKey(algorithm, extractable, usage_mask, jwk, key) |
+ : ImportRsaPublicKey(algorithm, |
+ extractable, |
+ usage_mask, |
+ CryptoData(jwk.n), |
+ CryptoData(jwk.e), |
+ key); |
+} |
+ |
+Status RsaHashedAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, |
+ std::vector<uint8>* buffer) const { |
+ const char* jwk_algorithm = |
+ GetJwkAlgorithm(key.algorithm().rsaHashedParams()->hash().id()); |
+ |
+ if (!jwk_algorithm) |
+ return Status::ErrorUnexpected(); |
+ |
+ switch (key.type()) { |
+ case blink::WebCryptoKeyTypePublic: { |
+ SECKEYPublicKey* nss_key = PublicKeyNss::Cast(key)->key(); |
+ if (nss_key->keyType != rsaKey) |
+ return Status::ErrorUnsupported(); |
+ |
+ WriteRsaPublicKeyJwk(SECItemToCryptoData(nss_key->u.rsa.modulus), |
+ SECItemToCryptoData(nss_key->u.rsa.publicExponent), |
+ jwk_algorithm, |
+ key.extractable(), |
+ key.usages(), |
+ buffer); |
+ |
+ return Status::Success(); |
+ } |
+ |
+ case blink::WebCryptoKeyTypePrivate: { |
+ SECKEYPrivateKey* nss_key = PrivateKeyNss::Cast(key)->key(); |
+ RSAPrivateKey key_props = {}; |
+ scoped_ptr<RSAPrivateKey, FreeRsaPrivateKey> free_private_key(&key_props); |
+ |
+ if (!InitRSAPrivateKey(nss_key, &key_props)) |
+ return Status::OperationError(); |
+ |
+ WriteRsaPrivateKeyJwk(SECItemToCryptoData(key_props.modulus), |
+ SECItemToCryptoData(key_props.public_exponent), |
+ SECItemToCryptoData(key_props.private_exponent), |
+ SECItemToCryptoData(key_props.prime1), |
+ SECItemToCryptoData(key_props.prime2), |
+ SECItemToCryptoData(key_props.exponent1), |
+ SECItemToCryptoData(key_props.exponent2), |
+ SECItemToCryptoData(key_props.coefficient), |
+ jwk_algorithm, |
+ key.extractable(), |
+ key.usages(), |
+ buffer); |
+ |
+ return Status::Success(); |
+ } |
+ default: |
+ return Status::ErrorUnexpected(); |
+ } |
+} |
+ |
+} // namespace webcrypto |
+ |
+} // namespace content |