| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef CONTENT_CHILD_WEBCRYPTO_JWK_H_ | 5 #ifndef CONTENT_CHILD_WEBCRYPTO_JWK_H_ |
| 6 #define CONTENT_CHILD_WEBCRYPTO_JWK_H_ | 6 #define CONTENT_CHILD_WEBCRYPTO_JWK_H_ |
| 7 | 7 |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 #include <vector> | 9 #include <vector> |
| 10 | 10 |
| 11 #include "base/strings/string_piece.h" | 11 #include "base/strings/string_piece.h" |
| 12 #include "base/values.h" | 12 #include "base/values.h" |
| 13 #include "content/common/content_export.h" | 13 #include "content/common/content_export.h" |
| 14 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 14 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| 15 #include "third_party/WebKit/public/platform/WebCrypto.h" | 15 #include "third_party/WebKit/public/platform/WebCrypto.h" |
| 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 17 | 17 |
| 18 namespace content { | 18 namespace content { |
| 19 | 19 |
| 20 namespace webcrypto { | 20 namespace webcrypto { |
| 21 | 21 |
| 22 class CryptoData; | 22 class CryptoData; |
| 23 class Status; | 23 class Status; |
| 24 | 24 |
| 25 // Writes a JWK-formatted symmetric key to |jwk_key_data|. | 25 // Writes a JWK-formatted symmetric key to |jwk_key_data|. |
| 26 // * raw_key_data: The actual key data | 26 // * raw_key_data: The actual key data |
| 27 // * algorithm: The JWK algorithm name (i.e. "alg") | 27 // * algorithm: The JWK algorithm name (i.e. "alg") |
| 28 // * extractable: The JWK extractability (i.e. "ext") | 28 // * extractable: The JWK extractability (i.e. "ext") |
| 29 // * usage_mask: The JWK usages (i.e. "key_ops") | 29 // * usages: The JWK usages (i.e. "key_ops") |
| 30 void WriteSecretKeyJwk(const CryptoData& raw_key_data, | 30 void WriteSecretKeyJwk(const CryptoData& raw_key_data, |
| 31 const std::string& algorithm, | 31 const std::string& algorithm, |
| 32 bool extractable, | 32 bool extractable, |
| 33 blink::WebCryptoKeyUsageMask usage_mask, | 33 blink::WebCryptoKeyUsageMask usages, |
| 34 std::vector<uint8_t>* jwk_key_data); | 34 std::vector<uint8_t>* jwk_key_data); |
| 35 | 35 |
| 36 // Parses a UTF-8 encoded JWK (key_data), and extracts the key material to | 36 // Parses a UTF-8 encoded JWK (key_data), and extracts the key material to |
| 37 // |*raw_key_data|. Returns Status::Success() on success, otherwise an error. | 37 // |*raw_key_data|. Returns Status::Success() on success, otherwise an error. |
| 38 // In order for this to succeed: | 38 // In order for this to succeed: |
| 39 // * expected_algorithm must match the JWK's "alg", if present. | 39 // * expected_algorithm must match the JWK's "alg", if present. |
| 40 // * expected_extractable must be consistent with the JWK's "ext", if | 40 // * expected_extractable must be consistent with the JWK's "ext", if |
| 41 // present. | 41 // present. |
| 42 // * expected_usage_mask must be a subset of the JWK's "key_ops" if present. | 42 // * expected_usages must be a subset of the JWK's "key_ops" if present. |
| 43 Status ReadSecretKeyJwk(const CryptoData& key_data, | 43 Status ReadSecretKeyJwk(const CryptoData& key_data, |
| 44 const std::string& expected_algorithm, | 44 const std::string& expected_algorithm, |
| 45 bool expected_extractable, | 45 bool expected_extractable, |
| 46 blink::WebCryptoKeyUsageMask expected_usage_mask, | 46 blink::WebCryptoKeyUsageMask expected_usages, |
| 47 std::vector<uint8_t>* raw_key_data); | 47 std::vector<uint8_t>* raw_key_data); |
| 48 | 48 |
| 49 // Creates an AES algorithm name for the given key size (in bytes). For | 49 // Creates an AES algorithm name for the given key size (in bytes). For |
| 50 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16. | 50 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16. |
| 51 std::string MakeJwkAesAlgorithmName(const std::string& suffix, | 51 std::string MakeJwkAesAlgorithmName(const std::string& suffix, |
| 52 unsigned int keylen_bytes); | 52 unsigned int keylen_bytes); |
| 53 | 53 |
| 54 // This is very similar to ReadSecretKeyJwk(), except instead of specifying an | 54 // This is very similar to ReadSecretKeyJwk(), except instead of specifying an |
| 55 // absolut "expected_algorithm", the suffix for an AES algorithm name is given | 55 // absolut "expected_algorithm", the suffix for an AES algorithm name is given |
| 56 // (See MakeJwkAesAlgorithmName() for an explanation of what the suffix is). | 56 // (See MakeJwkAesAlgorithmName() for an explanation of what the suffix is). |
| 57 // | 57 // |
| 58 // This is because the algorithm name for AES keys is dependent on the length | 58 // This is because the algorithm name for AES keys is dependent on the length |
| 59 // of the key. This function expects key lengths to be either 128, 192, or 256 | 59 // of the key. This function expects key lengths to be either 128, 192, or 256 |
| 60 // bits. | 60 // bits. |
| 61 Status ReadAesSecretKeyJwk(const CryptoData& key_data, | 61 Status ReadAesSecretKeyJwk(const CryptoData& key_data, |
| 62 const std::string& algorithm_name_suffix, | 62 const std::string& algorithm_name_suffix, |
| 63 bool expected_extractable, | 63 bool expected_extractable, |
| 64 blink::WebCryptoKeyUsageMask expected_usage_mask, | 64 blink::WebCryptoKeyUsageMask expected_usages, |
| 65 std::vector<uint8_t>* raw_key_data); | 65 std::vector<uint8_t>* raw_key_data); |
| 66 | 66 |
| 67 // Writes a JWK-formated RSA public key and saves the result to | 67 // Writes a JWK-formated RSA public key and saves the result to |
| 68 // |*jwk_key_data|. | 68 // |*jwk_key_data|. |
| 69 void WriteRsaPublicKeyJwk(const CryptoData& n, | 69 void WriteRsaPublicKeyJwk(const CryptoData& n, |
| 70 const CryptoData& e, | 70 const CryptoData& e, |
| 71 const std::string& algorithm, | 71 const std::string& algorithm, |
| 72 bool extractable, | 72 bool extractable, |
| 73 blink::WebCryptoKeyUsageMask usage_mask, | 73 blink::WebCryptoKeyUsageMask usages, |
| 74 std::vector<uint8_t>* jwk_key_data); | 74 std::vector<uint8_t>* jwk_key_data); |
| 75 | 75 |
| 76 // Writes a JWK-formated RSA private key and saves the result to | 76 // Writes a JWK-formated RSA private key and saves the result to |
| 77 // |*jwk_key_data|. | 77 // |*jwk_key_data|. |
| 78 void WriteRsaPrivateKeyJwk(const CryptoData& n, | 78 void WriteRsaPrivateKeyJwk(const CryptoData& n, |
| 79 const CryptoData& e, | 79 const CryptoData& e, |
| 80 const CryptoData& d, | 80 const CryptoData& d, |
| 81 const CryptoData& p, | 81 const CryptoData& p, |
| 82 const CryptoData& q, | 82 const CryptoData& q, |
| 83 const CryptoData& dp, | 83 const CryptoData& dp, |
| 84 const CryptoData& dq, | 84 const CryptoData& dq, |
| 85 const CryptoData& qi, | 85 const CryptoData& qi, |
| 86 const std::string& algorithm, | 86 const std::string& algorithm, |
| 87 bool extractable, | 87 bool extractable, |
| 88 blink::WebCryptoKeyUsageMask usage_mask, | 88 blink::WebCryptoKeyUsageMask usages, |
| 89 std::vector<uint8_t>* jwk_key_data); | 89 std::vector<uint8_t>* jwk_key_data); |
| 90 | 90 |
| 91 // Describes the RSA components for a parsed key. The names of the properties | 91 // Describes the RSA components for a parsed key. The names of the properties |
| 92 // correspond with those from the JWK spec. Note that Chromium's WebCrypto | 92 // correspond with those from the JWK spec. Note that Chromium's WebCrypto |
| 93 // implementation does not support multi-primes, so there is no parsed field | 93 // implementation does not support multi-primes, so there is no parsed field |
| 94 // for othinfo. | 94 // for othinfo. |
| 95 struct JwkRsaInfo { | 95 struct JwkRsaInfo { |
| 96 JwkRsaInfo(); | 96 JwkRsaInfo(); |
| 97 ~JwkRsaInfo(); | 97 ~JwkRsaInfo(); |
| 98 | 98 |
| 99 bool is_private_key; | 99 bool is_private_key; |
| 100 std::string n; | 100 std::string n; |
| 101 std::string e; | 101 std::string e; |
| 102 std::string d; | 102 std::string d; |
| 103 std::string p; | 103 std::string p; |
| 104 std::string q; | 104 std::string q; |
| 105 std::string dp; | 105 std::string dp; |
| 106 std::string dq; | 106 std::string dq; |
| 107 std::string qi; | 107 std::string qi; |
| 108 }; | 108 }; |
| 109 | 109 |
| 110 // Parses a UTF-8 encoded JWK (key_data), and extracts the RSA components to | 110 // Parses a UTF-8 encoded JWK (key_data), and extracts the RSA components to |
| 111 // |*result|. Returns Status::Success() on success, otherwise an error. | 111 // |*result|. Returns Status::Success() on success, otherwise an error. |
| 112 // In order for this to succeed: | 112 // In order for this to succeed: |
| 113 // * expected_algorithm must match the JWK's "alg", if present. | 113 // * expected_algorithm must match the JWK's "alg", if present. |
| 114 // * expected_extractable must be consistent with the JWK's "ext", if | 114 // * expected_extractable must be consistent with the JWK's "ext", if |
| 115 // present. | 115 // present. |
| 116 // * expected_usage_mask must be a subset of the JWK's "key_ops" if present. | 116 // * expected_usages must be a subset of the JWK's "key_ops" if present. |
| 117 Status ReadRsaKeyJwk(const CryptoData& key_data, | 117 Status ReadRsaKeyJwk(const CryptoData& key_data, |
| 118 const std::string& expected_algorithm, | 118 const std::string& expected_algorithm, |
| 119 bool expected_extractable, | 119 bool expected_extractable, |
| 120 blink::WebCryptoKeyUsageMask expected_usage_mask, | 120 blink::WebCryptoKeyUsageMask expected_usages, |
| 121 JwkRsaInfo* result); | 121 JwkRsaInfo* result); |
| 122 | 122 |
| 123 const char* GetJwkHmacAlgorithmName(blink::WebCryptoAlgorithmId hash); | 123 const char* GetJwkHmacAlgorithmName(blink::WebCryptoAlgorithmId hash); |
| 124 | 124 |
| 125 // This function decodes unpadded 'base64url' encoded data, as described in | 125 // This function decodes unpadded 'base64url' encoded data, as described in |
| 126 // RFC4648 (http://www.ietf.org/rfc/rfc4648.txt) Section 5. | 126 // RFC4648 (http://www.ietf.org/rfc/rfc4648.txt) Section 5. |
| 127 CONTENT_EXPORT bool Base64DecodeUrlSafe(const std::string& input, | 127 CONTENT_EXPORT bool Base64DecodeUrlSafe(const std::string& input, |
| 128 std::string* output); | 128 std::string* output); |
| 129 | 129 |
| 130 // Returns an unpadded 'base64url' encoding of the input data, the opposite of | 130 // Returns an unpadded 'base64url' encoding of the input data, the opposite of |
| 131 // Base64DecodeUrlSafe() above. | 131 // Base64DecodeUrlSafe() above. |
| 132 CONTENT_EXPORT std::string Base64EncodeUrlSafe(const base::StringPiece& input); | 132 CONTENT_EXPORT std::string Base64EncodeUrlSafe(const base::StringPiece& input); |
| 133 CONTENT_EXPORT std::string Base64EncodeUrlSafe( | 133 CONTENT_EXPORT std::string Base64EncodeUrlSafe( |
| 134 const std::vector<uint8_t>& input); | 134 const std::vector<uint8_t>& input); |
| 135 | 135 |
| 136 } // namespace webcrypto | 136 } // namespace webcrypto |
| 137 | 137 |
| 138 } // namespace content | 138 } // namespace content |
| 139 | 139 |
| 140 #endif // CONTENT_CHILD_WEBCRYPTO_JWK_H_ | 140 #endif // CONTENT_CHILD_WEBCRYPTO_JWK_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 670773003:
Cleanup: rename usage_mask --> usages. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master