Cleanup: rename usage_mask --> usages.

content/child/webcrypto/jwk.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "jwk.h"
 
 #include <algorithm>
 #include <functional>
 #include <map>
 
@@ skipping 28 matching lines @@
 // information. If the optional JWK entry is present, it will be validated
 // against the corresponding input parameter for consistency and combined with
 // it according to rules defined below.
 //
 // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK
 // values are parsed out and combined with the method input parameters to
 // build a Web Crypto Key:
 // Web Crypto Key type            <-- (deduced)
 // Web Crypto Key extractable     <-- JWK ext + input extractable
 // Web Crypto Key algorithm       <-- JWK alg + input algorithm
-// Web Crypto Key keyUsage        <-- JWK use, key_ops + input usage_mask
+// Web Crypto Key keyUsage        <-- JWK use, key_ops + input usages
 // Web Crypto Key keying material <-- kty-specific parameters
 //
 // Values for each JWK entry are case-sensitive and defined in
 // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18.
 // Note that not all values specified by JOSE are handled by this code. Only
 // handled values are listed.
 // - kty (Key Type)
 //   +-------+--------------------------------------------------------------+
 //   | "RSA" | RSA [RFC3447]                                                |
 //   | "oct" | Octet sequence (used to represent symmetric keys)            |
@@ skipping 116 matching lines @@
 //   |       | the value's unsigned big endian representation as an octet   |
 //   |       | sequence.                                                    |
 //   +-------+--------------------------------------------------------------+
 //   | "dq"  | Contains the first CRT coefficient value for the RSA private |
 //   |       | key.  It is represented as the base64url encoding of the     |
 //   |       | value's unsigned big endian representation as an octet       |
 //   |       | sequence.                                                    |
 //   +-------+--------------------------------------------------------------+
 //
 // Consistency and conflict resolution
-// The 'algorithm', 'extractable', and 'usage_mask' input parameters
+// The 'algorithm', 'extractable', and 'usages' input parameters
 // may be different than the corresponding values inside the JWK. The Web
 // Crypto spec says that if a JWK value is present but is inconsistent with
 // the input value, it is an error and the operation must fail. If no
 // inconsistency is found then the input parameters are used.
 //
 // algorithm
 //   If the JWK algorithm is provided, it must match the web crypto input
 //   algorithm (both the algorithm ID and inner hash if applicable).
 //
 // extractable
 //   If the JWK ext field is true but the input parameter is false, make the
 //   Web Crypto Key non-extractable. Conversely, if the JWK ext field is
 //   false but the input parameter is true, it is an inconsistency. If both
 //   are true or both are false, use that value.
 //
-// usage_mask
-//   The input usage_mask must be a strict subset of the interpreted JWK use
-//   value, else it is judged inconsistent. In all cases the input usage_mask
-//   is used as the final usage_mask.
+// usages
+//   The input usages must be a strict subset of the interpreted JWK use
+//   value, else it is judged inconsistent. In all cases the input usages
+//   is used as the final usages.
 //
 
 namespace content {
 
 namespace webcrypto {
 
 namespace {
 
 // Web Crypto equivalent usage mask for JWK 'use' = 'enc'.
 const blink::WebCryptoKeyUsageMask kJwkEncUsage =
     blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt |
     blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey |
     blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits;
 // Web Crypto equivalent usage mask for JWK 'use' = 'sig'.
 const blink::WebCryptoKeyUsageMask kJwkSigUsage =
     blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
 
 class JwkWriter {
  public:
   JwkWriter(const std::string& algorithm,
             bool extractable,
-            blink::WebCryptoKeyUsageMask usage_mask,
+            blink::WebCryptoKeyUsageMask usages,
             const std::string& kty) {
     dict_.SetString("alg", algorithm);
-    dict_.Set("key_ops", CreateJwkKeyOpsFromWebCryptoUsages(usage_mask));
+    dict_.Set("key_ops", CreateJwkKeyOpsFromWebCryptoUsages(usages));
     dict_.SetBoolean("ext", extractable);
     dict_.SetString("kty", kty);
   }
 
   void Set(const std::string& key, const std::string& value) {
     dict_.SetString(key, value);
   }
 
   void SetBase64Encoded(const std::string& key, const CryptoData& value) {
     dict_.SetString(key,
@@ skipping 130 matching lines @@
   bool has_jwk_ext;
   Status status = GetOptionalJwkBool(dict, "ext", &jwk_ext_value, &has_jwk_ext);
   if (status.IsError())
     return status;
   if (has_jwk_ext && expected_extractable && !jwk_ext_value)
     return Status::ErrorJwkExtInconsistent();
   return Status::Success();
 }
 
 Status VerifyUsages(base::DictionaryValue* dict,
-                    blink::WebCryptoKeyUsageMask expected_usage_mask) {
-  // JWK "key_ops" (optional) --> usage_mask parameter
+                    blink::WebCryptoKeyUsageMask expected_usages) {
+  // JWK "key_ops" (optional) --> usages parameter
   base::ListValue* jwk_key_ops_value = NULL;
   bool has_jwk_key_ops;
   Status status =
       GetOptionalJwkList(dict, "key_ops", &jwk_key_ops_value, &has_jwk_key_ops);
   if (status.IsError())
     return status;
   blink::WebCryptoKeyUsageMask jwk_key_ops_mask = 0;
   if (has_jwk_key_ops) {
     status =
         GetWebCryptoUsagesFromJwkKeyOps(jwk_key_ops_value, &jwk_key_ops_mask);
     if (status.IsError())
       return status;
-    // The input usage_mask must be a subset of jwk_key_ops_mask.
-    if (!ContainsKeyUsages(jwk_key_ops_mask, expected_usage_mask))
+    // The input usages must be a subset of jwk_key_ops_mask.
+    if (!ContainsKeyUsages(jwk_key_ops_mask, expected_usages))
       return Status::ErrorJwkKeyopsInconsistent();
   }
 
-  // JWK "use" (optional) --> usage_mask parameter
+  // JWK "use" (optional) --> usages parameter
   std::string jwk_use_value;
   bool has_jwk_use;
   status = GetOptionalJwkString(dict, "use", &jwk_use_value, &has_jwk_use);
   if (status.IsError())
     return status;
   blink::WebCryptoKeyUsageMask jwk_use_mask = 0;
   if (has_jwk_use) {
     if (jwk_use_value == "enc")
       jwk_use_mask = kJwkEncUsage;
     else if (jwk_use_value == "sig")
       jwk_use_mask = kJwkSigUsage;
     else
       return Status::ErrorJwkUnrecognizedUse();
-    // The input usage_mask must be a subset of jwk_use_mask.
-    if (!ContainsKeyUsages(jwk_use_mask, expected_usage_mask))
+    // The input usages must be a subset of jwk_use_mask.
+    if (!ContainsKeyUsages(jwk_use_mask, expected_usages))
       return Status::ErrorJwkUseInconsistent();
   }
 
   // If both 'key_ops' and 'use' are present, ensure they are consistent.
   if (has_jwk_key_ops && has_jwk_use &&
       !ContainsKeyUsages(jwk_use_mask, jwk_key_ops_mask))
     return Status::ErrorJwkUseAndKeyopsInconsistent();
 
   return Status::Success();
 }
 
 Status VerifyAlg(base::DictionaryValue* dict,
                  const std::string& expected_algorithm) {
   // JWK "alg" --> algorithm parameter
   bool has_jwk_alg;
   std::string jwk_alg_value;
   Status status =
       GetOptionalJwkString(dict, "alg", &jwk_alg_value, &has_jwk_alg);
   if (status.IsError())
     return status;
 
   if (has_jwk_alg && jwk_alg_value != expected_algorithm)
     return Status::ErrorJwkAlgorithmInconsistent();
 
   return Status::Success();
 }
 
 Status ParseJwkCommon(const CryptoData& bytes,
                       bool expected_extractable,
-                      blink::WebCryptoKeyUsageMask expected_usage_mask,
+                      blink::WebCryptoKeyUsageMask expected_usages,
                       std::string* kty,
                       scoped_ptr<base::DictionaryValue>* dict) {
   // Parse the incoming JWK JSON.
   base::StringPiece json_string(reinterpret_cast<const char*>(bytes.bytes()),
                                 bytes.byte_length());
 
   scoped_ptr<base::Value> value(base::JSONReader::Read(json_string));
   base::DictionaryValue* dict_value = NULL;
 
   if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value)
     return Status::ErrorJwkNotDictionary();
 
   // Release |value|, as ownership will be transferred to |dict| via
   // |dict_value|, which points to the same object as |value|.
   ignore_result(value.release());
   dict->reset(dict_value);
 
   // JWK "kty". Exit early if this required JWK parameter is missing.
   Status status = GetJwkString(dict_value, "kty", kty);
   if (status.IsError())
     return status;
 
   status = VerifyExt(dict_value, expected_extractable);
   if (status.IsError())
     return status;
 
-  status = VerifyUsages(dict_value, expected_usage_mask);
+  status = VerifyUsages(dict_value, expected_usages);
   if (status.IsError())
     return status;
 
   return Status::Success();
 }
 
-Status ReadSecretKeyNoExpectedAlg(
-    const CryptoData& key_data,
-    bool expected_extractable,
-    blink::WebCryptoKeyUsageMask expected_usage_mask,
-    std::vector<uint8_t>* raw_key_data,
-    scoped_ptr<base::DictionaryValue>* dict) {
+Status ReadSecretKeyNoExpectedAlg(const CryptoData& key_data,
+                                  bool expected_extractable,
+                                  blink::WebCryptoKeyUsageMask expected_usages,
+                                  std::vector<uint8_t>* raw_key_data,
+                                  scoped_ptr<base::DictionaryValue>* dict) {
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
 
   std::string kty;
   Status status = ParseJwkCommon(
-      key_data, expected_extractable, expected_usage_mask, &kty, dict);
+      key_data, expected_extractable, expected_usages, &kty, dict);
   if (status.IsError())
     return status;
 
   if (kty != "oct")
     return Status::ErrorJwkUnexpectedKty("oct");
 
   std::string jwk_k_value;
   status = GetJwkBytes(dict->get(), "k", &jwk_k_value);
   if (status.IsError())
     return status;
   raw_key_data->assign(jwk_k_value.begin(), jwk_k_value.end());
 
   return Status::Success();
 }
 
 }  // namespace
 
 void WriteSecretKeyJwk(const CryptoData& raw_key_data,
                        const std::string& algorithm,
                        bool extractable,
-                       blink::WebCryptoKeyUsageMask usage_mask,
+                       blink::WebCryptoKeyUsageMask usages,
                        std::vector<uint8_t>* jwk_key_data) {
-  JwkWriter writer(algorithm, extractable, usage_mask, "oct");
+  JwkWriter writer(algorithm, extractable, usages, "oct");
   writer.SetBase64Encoded("k", raw_key_data);
   writer.ToBytes(jwk_key_data);
 }
 
 Status ReadSecretKeyJwk(const CryptoData& key_data,
                         const std::string& expected_algorithm,
                         bool expected_extractable,
-                        blink::WebCryptoKeyUsageMask expected_usage_mask,
+                        blink::WebCryptoKeyUsageMask expected_usages,
                         std::vector<uint8_t>* raw_key_data) {
   scoped_ptr<base::DictionaryValue> dict;
   Status status = ReadSecretKeyNoExpectedAlg(
-      key_data, expected_extractable, expected_usage_mask, raw_key_data, &dict);
+      key_data, expected_extractable, expected_usages, raw_key_data, &dict);
   if (status.IsError())
     return status;
   return VerifyAlg(dict.get(), expected_algorithm);
 }
 
 std::string MakeJwkAesAlgorithmName(const std::string& suffix,
                                     unsigned int keylen_bytes) {
   if (keylen_bytes == 16)
     return std::string("A128") + suffix;
   if (keylen_bytes == 24)
     return std::string("A192") + suffix;
   if (keylen_bytes == 32)
     return std::string("A256") + suffix;
   return std::string();
 }
 
 Status ReadAesSecretKeyJwk(const CryptoData& key_data,
                            const std::string& algorithm_name_suffix,
                            bool expected_extractable,
-                           blink::WebCryptoKeyUsageMask expected_usage_mask,
+                           blink::WebCryptoKeyUsageMask expected_usages,
                            std::vector<uint8_t>* raw_key_data) {
   scoped_ptr<base::DictionaryValue> dict;
   Status status = ReadSecretKeyNoExpectedAlg(
-      key_data, expected_extractable, expected_usage_mask, raw_key_data, &dict);
+      key_data, expected_extractable, expected_usages, raw_key_data, &dict);
   if (status.IsError())
     return status;
 
   bool has_jwk_alg;
   std::string jwk_alg;
   status = GetOptionalJwkString(dict.get(), "alg", &jwk_alg, &has_jwk_alg);
   if (status.IsError())
     return status;
 
   if (has_jwk_alg) {
@@ skipping 12 matching lines @@
   }
 
   return Status::Success();
 }
 
 // Writes an RSA public key to a JWK dictionary
 void WriteRsaPublicKeyJwk(const CryptoData& n,
                           const CryptoData& e,
                           const std::string& algorithm,
                           bool extractable,
-                          blink::WebCryptoKeyUsageMask usage_mask,
+                          blink::WebCryptoKeyUsageMask usages,
                           std::vector<uint8_t>* jwk_key_data) {
-  JwkWriter writer(algorithm, extractable, usage_mask, "RSA");
+  JwkWriter writer(algorithm, extractable, usages, "RSA");
   writer.SetBase64Encoded("n", n);
   writer.SetBase64Encoded("e", e);
   writer.ToBytes(jwk_key_data);
 }
 
 // Writes an RSA private key to a JWK dictionary
 void WriteRsaPrivateKeyJwk(const CryptoData& n,
                            const CryptoData& e,
                            const CryptoData& d,
                            const CryptoData& p,
                            const CryptoData& q,
                            const CryptoData& dp,
                            const CryptoData& dq,
                            const CryptoData& qi,
                            const std::string& algorithm,
                            bool extractable,
-                           blink::WebCryptoKeyUsageMask usage_mask,
+                           blink::WebCryptoKeyUsageMask usages,
                            std::vector<uint8_t>* jwk_key_data) {
-  JwkWriter writer(algorithm, extractable, usage_mask, "RSA");
+  JwkWriter writer(algorithm, extractable, usages, "RSA");
 
   writer.SetBase64Encoded("n", n);
   writer.SetBase64Encoded("e", e);
   writer.SetBase64Encoded("d", d);
   // Although these are "optional" in the JWA, WebCrypto spec requires them to
   // be emitted.
   writer.SetBase64Encoded("p", p);
   writer.SetBase64Encoded("q", q);
   writer.SetBase64Encoded("dp", dp);
   writer.SetBase64Encoded("dq", dq);
   writer.SetBase64Encoded("qi", qi);
   writer.ToBytes(jwk_key_data);
 }
 
 JwkRsaInfo::JwkRsaInfo() : is_private_key(false) {
 }
 
 JwkRsaInfo::~JwkRsaInfo() {
 }
 
 Status ReadRsaKeyJwk(const CryptoData& key_data,
                      const std::string& expected_algorithm,
                      bool expected_extractable,
-                     blink::WebCryptoKeyUsageMask expected_usage_mask,
+                     blink::WebCryptoKeyUsageMask expected_usages,
                      JwkRsaInfo* result) {
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
 
   scoped_ptr<base::DictionaryValue> dict;
   std::string kty;
   Status status = ParseJwkCommon(
-      key_data, expected_extractable, expected_usage_mask, &kty, &dict);
+      key_data, expected_extractable, expected_usages, &kty, &dict);
   if (status.IsError())
     return status;
 
   status = VerifyAlg(dict.get(), expected_algorithm);
   if (status.IsError())
     return status;
 
   if (kty != "RSA")
     return Status::ErrorJwkUnexpectedKty("RSA");
 
@@ skipping 80 matching lines @@
 
 std::string Base64EncodeUrlSafe(const std::vector<uint8_t>& input) {
   const base::StringPiece string_piece(
       reinterpret_cast<const char*>(vector_as_array(&input)), input.size());
   return Base64EncodeUrlSafe(string_piece);
 }
 
 }  // namespace webcrypto
 
 }  // namespace content