| // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "content/renderer/webcrypto/webcrypto_impl.h" |
| |
| #include <algorithm> |
| #include <functional> |
| #include <map> |
| #include "base/json/json_reader.h" |
| #include "base/lazy_instance.h" |
| #include "base/logging.h" |
| #include "base/memory/scoped_ptr.h" |
| #include "base/strings/string_piece.h" |
| #include "base/values.h" |
| #include "content/renderer/webcrypto/webcrypto_util.h" |
| #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| #include "third_party/WebKit/public/platform/WebCryptoKey.h" |
| |
| namespace content { |
| |
| namespace { |
| |
| bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { |
| // TODO(padolph): include all other asymmetric algorithms once they are |
| // defined, e.g. EC and DH. |
| return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 || |
| algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep); |
| } |
| |
| // Binds a specific key length value to a compatible factory function. |
| typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithOneShortArg)( |
| unsigned short); |
| template <AlgFactoryFuncWithOneShortArg func, unsigned short key_length> |
| blink::WebCryptoAlgorithm BindAlgFactoryWithKeyLen() { |
| return func(key_length); |
| } |
| |
| // Binds a WebCryptoAlgorithmId value to a compatible factory function. |
| typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncWithWebCryptoAlgIdArg)( |
| blink::WebCryptoAlgorithmId); |
| template <AlgFactoryFuncWithWebCryptoAlgIdArg func, |
| blink::WebCryptoAlgorithmId algorithm_id> |
| blink::WebCryptoAlgorithm BindAlgFactoryAlgorithmId() { |
| return func(algorithm_id); |
| } |
| |
| // Defines a map between a JWK 'alg' string ID and a corresponding Web Crypto |
| // factory function. |
| typedef blink::WebCryptoAlgorithm (*AlgFactoryFuncNoArgs)(); |
| typedef std::map<std::string, AlgFactoryFuncNoArgs> JwkAlgFactoryMap; |
| |
| class JwkAlgorithmFactoryMap { |
| public: |
| JwkAlgorithmFactoryMap() { |
| map_["HS256"] = |
| &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 256>; |
| map_["HS384"] = |
| &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 384>; |
| map_["HS512"] = |
| &BindAlgFactoryWithKeyLen<webcrypto::CreateHmacAlgorithmByHashOutputLen, |
| 512>; |
| map_["RS256"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| blink::WebCryptoAlgorithmIdSha256>; |
| map_["RS384"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| blink::WebCryptoAlgorithmIdSha384>; |
| map_["RS512"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaSsaAlgorithm, |
| blink::WebCryptoAlgorithmIdSha512>; |
| map_["RSA1_5"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>; |
| map_["RSA-OAEP"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateRsaOaepAlgorithm, |
| blink::WebCryptoAlgorithmIdSha1>; |
| // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 128 yet |
| map_["A128KW"] = &blink::WebCryptoAlgorithm::createNull; |
| // TODO(padolph): The Web Crypto spec does not enumerate AES-KW 256 yet |
| map_["A256KW"] = &blink::WebCryptoAlgorithm::createNull; |
| map_["A128GCM"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdAesGcm>; |
| map_["A256GCM"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdAesGcm>; |
| map_["A128CBC"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdAesCbc>; |
| map_["A192CBC"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdAesCbc>; |
| map_["A256CBC"] = |
| &BindAlgFactoryAlgorithmId<webcrypto::CreateAlgorithm, |
| blink::WebCryptoAlgorithmIdAesCbc>; |
| } |
| |
| blink::WebCryptoAlgorithm CreateAlgorithmFromName(const std::string& alg_id) |
| const { |
| const JwkAlgFactoryMap::const_iterator pos = map_.find(alg_id); |
| if (pos == map_.end()) |
| return blink::WebCryptoAlgorithm::createNull(); |
| return pos->second(); |
| } |
| |
| private: |
| JwkAlgFactoryMap map_; |
| }; |
| |
| base::LazyInstance<JwkAlgorithmFactoryMap> jwk_alg_factory = |
| LAZY_INSTANCE_INITIALIZER; |
| |
| bool WebCryptoAlgorithmsConsistent(const blink::WebCryptoAlgorithm& alg1, |
| const blink::WebCryptoAlgorithm& alg2) { |
| DCHECK(!alg1.isNull()); |
| DCHECK(!alg2.isNull()); |
| if (alg1.id() != alg2.id()) |
| return false; |
| switch (alg1.id()) { |
| case blink::WebCryptoAlgorithmIdHmac: |
| case blink::WebCryptoAlgorithmIdRsaOaep: |
| case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
| if (WebCryptoAlgorithmsConsistent( |
| webcrypto::GetInnerHashAlgorithm(alg1), |
| webcrypto::GetInnerHashAlgorithm(alg2))) { |
| return true; |
| } |
| break; |
| case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
| case blink::WebCryptoAlgorithmIdSha1: |
| case blink::WebCryptoAlgorithmIdSha224: |
| case blink::WebCryptoAlgorithmIdSha256: |
| case blink::WebCryptoAlgorithmIdSha384: |
| case blink::WebCryptoAlgorithmIdSha512: |
| case blink::WebCryptoAlgorithmIdAesCbc: |
| case blink::WebCryptoAlgorithmIdAesGcm: |
| case blink::WebCryptoAlgorithmIdAesCtr: |
| return true; |
| default: |
| NOTREACHED(); // Not a supported algorithm. |
| break; |
| } |
| return false; |
| } |
| |
| bool GetDecodedUrl64ValueByKey( |
| const base::DictionaryValue& dict, |
| const std::string& key, |
| std::string* decoded) { |
| std::string value_url64; |
| if (!dict.GetString(key, &value_url64) || |
| !webcrypto::Base64DecodeUrlSafe(value_url64, decoded) || |
| !decoded->size()) { |
| return false; |
| } |
| return true; |
| } |
| |
| } // namespace |
| |
| WebCryptoImpl::WebCryptoImpl() { |
| Init(); |
| } |
| |
| void WebCryptoImpl::encrypt( |
| const blink::WebCryptoAlgorithm& algorithm, |
| const blink::WebCryptoKey& key, |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| blink::WebArrayBuffer buffer; |
| if (!EncryptInternal(algorithm, key, data, data_size, &buffer)) { |
| result.completeWithError(); |
| } else { |
| result.completeWithBuffer(buffer); |
| } |
| } |
| |
| void WebCryptoImpl::decrypt( |
| const blink::WebCryptoAlgorithm& algorithm, |
| const blink::WebCryptoKey& key, |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| blink::WebArrayBuffer buffer; |
| if (!DecryptInternal(algorithm, key, data, data_size, &buffer)) { |
| result.completeWithError(); |
| } else { |
| result.completeWithBuffer(buffer); |
| } |
| } |
| |
| void WebCryptoImpl::digest( |
| const blink::WebCryptoAlgorithm& algorithm, |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| blink::WebArrayBuffer buffer; |
| if (!DigestInternal(algorithm, data, data_size, &buffer)) { |
| result.completeWithError(); |
| } else { |
| result.completeWithBuffer(buffer); |
| } |
| } |
| |
| void WebCryptoImpl::generateKey( |
| const blink::WebCryptoAlgorithm& algorithm, |
| bool extractable, |
| blink::WebCryptoKeyUsageMask usage_mask, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| if (IsAlgorithmAsymmetric(algorithm)) { |
| blink::WebCryptoKey public_key = blink::WebCryptoKey::createNull(); |
| blink::WebCryptoKey private_key = blink::WebCryptoKey::createNull(); |
| if (!GenerateKeyPairInternal( |
| algorithm, extractable, usage_mask, &public_key, &private_key)) { |
| result.completeWithError(); |
| } else { |
| DCHECK(public_key.handle()); |
| DCHECK(private_key.handle()); |
| DCHECK_EQ(algorithm.id(), public_key.algorithm().id()); |
| DCHECK_EQ(algorithm.id(), private_key.algorithm().id()); |
| DCHECK_EQ(true, public_key.extractable()); |
| DCHECK_EQ(extractable, private_key.extractable()); |
| DCHECK_EQ(usage_mask, public_key.usages()); |
| DCHECK_EQ(usage_mask, private_key.usages()); |
| result.completeWithKeyPair(public_key, private_key); |
| } |
| } else { |
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| if (!GenerateKeyInternal(algorithm, extractable, usage_mask, &key)) { |
| result.completeWithError(); |
| } else { |
| DCHECK(key.handle()); |
| DCHECK_EQ(algorithm.id(), key.algorithm().id()); |
| DCHECK_EQ(extractable, key.extractable()); |
| DCHECK_EQ(usage_mask, key.usages()); |
| result.completeWithKey(key); |
| } |
| } |
| } |
| |
| void WebCryptoImpl::importKey( |
| blink::WebCryptoKeyFormat format, |
| const unsigned char* key_data, |
| unsigned key_data_size, |
| const blink::WebCryptoAlgorithm& algorithm_or_null, |
| bool extractable, |
| blink::WebCryptoKeyUsageMask usage_mask, |
| blink::WebCryptoResult result) { |
| blink::WebCryptoKey key = blink::WebCryptoKey::createNull(); |
| if (format == blink::WebCryptoKeyFormatJwk) { |
| if (!ImportKeyJwk(key_data, |
| key_data_size, |
| algorithm_or_null, |
| extractable, |
| usage_mask, |
| &key)) { |
| result.completeWithError(); |
| return; |
| } |
| } else { |
| if (!ImportKeyInternal(format, |
| key_data, |
| key_data_size, |
| algorithm_or_null, |
| extractable, |
| usage_mask, |
| &key)) { |
| result.completeWithError(); |
| return; |
| } |
| } |
| DCHECK(key.handle()); |
| DCHECK(!key.algorithm().isNull()); |
| DCHECK_EQ(extractable, key.extractable()); |
| result.completeWithKey(key); |
| } |
| |
| void WebCryptoImpl::exportKey( |
| blink::WebCryptoKeyFormat format, |
| const blink::WebCryptoKey& key, |
| blink::WebCryptoResult result) { |
| blink::WebArrayBuffer buffer; |
| if (!ExportKeyInternal(format, key, &buffer)) { |
| result.completeWithError(); |
| return; |
| } |
| result.completeWithBuffer(buffer); |
| } |
| |
| void WebCryptoImpl::sign( |
| const blink::WebCryptoAlgorithm& algorithm, |
| const blink::WebCryptoKey& key, |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| blink::WebArrayBuffer buffer; |
| if (!SignInternal(algorithm, key, data, data_size, &buffer)) { |
| result.completeWithError(); |
| } else { |
| result.completeWithBuffer(buffer); |
| } |
| } |
| |
| void WebCryptoImpl::verifySignature( |
| const blink::WebCryptoAlgorithm& algorithm, |
| const blink::WebCryptoKey& key, |
| const unsigned char* signature, |
| unsigned signature_size, |
| const unsigned char* data, |
| unsigned data_size, |
| blink::WebCryptoResult result) { |
| DCHECK(!algorithm.isNull()); |
| bool signature_match = false; |
| if (!VerifySignatureInternal(algorithm, |
| key, |
| signature, |
| signature_size, |
| data, |
| data_size, |
| &signature_match)) { |
| result.completeWithError(); |
| } else { |
| result.completeWithBoolean(signature_match); |
| } |
| } |
| |
| bool WebCryptoImpl::ImportKeyJwk( |
| const unsigned char* key_data, |
| unsigned key_data_size, |
| const blink::WebCryptoAlgorithm& algorithm_or_null, |
| bool extractable, |
| blink::WebCryptoKeyUsageMask usage_mask, |
| blink::WebCryptoKey* key) { |
| |
| // The goal of this method is to extract key material and meta data from the |
| // incoming JWK, combine them with the input parameters, and ultimately import |
| // a Web Crypto Key. |
| // |
| // JSON Web Key Format (JWK) |
| // http://tools.ietf.org/html/draft-ietf-jose-json-web-key-16 |
| // TODO(padolph): Not all possible values are handled by this code right now |
| // |
| // A JWK is a simple JSON dictionary with the following entries |
| // - "kty" (Key Type) Parameter, REQUIRED |
| // - <kty-specific parameters, see below>, REQUIRED |
| // - "use" (Key Use) Parameter, OPTIONAL |
| // - "alg" (Algorithm) Parameter, OPTIONAL |
| // - "extractable" (Key Exportability), OPTIONAL [NOTE: not yet part of JOSE, |
| // see https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796] |
| // (all other entries are ignored) |
| // |
| // OPTIONAL here means that this code does not require the entry to be present |
| // in the incoming JWK, because the method input parameters contain similar |
| // information. If the optional JWK entry is present, it will be validated |
| // against the corresponding input parameter for consistency and combined with |
| // it according to rules defined below. A special case is that the method |
| // input parameter 'algorithm' is also optional. If it is null, the JWK 'alg' |
| // value (if present) is used as a fallback. |
| // |
| // Input 'key_data' contains the JWK. To build a Web Crypto Key, the JWK |
| // values are parsed out and combined with the method input parameters to |
| // build a Web Crypto Key: |
| // Web Crypto Key type <-- (deduced) |
| // Web Crypto Key extractable <-- JWK extractable + input extractable |
| // Web Crypto Key algorithm <-- JWK alg + input algorithm |
| // Web Crypto Key keyUsage <-- JWK use + input usage_mask |
| // Web Crypto Key keying material <-- kty-specific parameters |
| // |
| // Values for each JWK entry are case-sensitive and defined in |
| // http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16. |
| // Note that not all values specified by JOSE are handled by this code. Only |
| // handled values are listed. |
| // - kty (Key Type) |
| // +-------+--------------------------------------------------------------+ |
| // | "RSA" | RSA [RFC3447] | |
| // | "oct" | Octet sequence (used to represent symmetric keys) | |
| // +-------+--------------------------------------------------------------+ |
| // - use (Key Use) |
| // +-------+--------------------------------------------------------------+ |
| // | "enc" | encrypt and decrypt operations | |
| // | "sig" | sign and verify (MAC) operations | |
| // | "wrap"| key wrap and unwrap [not yet part of JOSE] | |
| // +-------+--------------------------------------------------------------+ |
| // - extractable (Key Exportability) |
| // +-------+--------------------------------------------------------------+ |
| // | true | Key may be exported from the trusted environment | |
| // | false | Key cannot exit the trusted environment | |
| // +-------+--------------------------------------------------------------+ |
| // - alg (Algorithm) |
| // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-16 |
| // +--------------+-------------------------------------------------------+ |
| // | Digital Signature or MAC Algorithm | |
| // +--------------+-------------------------------------------------------+ |
| // | "HS256" | HMAC using SHA-256 hash algorithm | |
| // | "HS384" | HMAC using SHA-384 hash algorithm | |
| // | "HS512" | HMAC using SHA-512 hash algorithm | |
| // | "RS256" | RSASSA using SHA-256 hash algorithm | |
| // | "RS384" | RSASSA using SHA-384 hash algorithm | |
| // | "RS512" | RSASSA using SHA-512 hash algorithm | |
| // +--------------+-------------------------------------------------------| |
| // | Key Management Algorithm | |
| // +--------------+-------------------------------------------------------+ |
| // | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] | |
| // | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding | |
| // | | (OAEP) [RFC3447], with the default parameters | |
| // | | specified by RFC3447 in Section A.2.1 | |
| // | "A128KW" | Advanced Encryption Standard (AES) Key Wrap Algorithm | |
| // | | [RFC3394] using 128 bit keys | |
| // | "A256KW" | AES Key Wrap Algorithm using 256 bit keys | |
| // | "A128GCM" | AES in Galois/Counter Mode (GCM) [NIST.800-38D] using | |
| // | | 128 bit keys | |
| // | "A256GCM" | AES GCM using 256 bit keys | |
| // | "A128CBC" | AES in Cipher Block Chaining Mode (CBC) with PKCS #5 | |
| // | | padding [NIST.800-38A] [not yet part of JOSE, see | |
| // | | https://www.w3.org/Bugs/Public/show_bug.cgi?id=23796 | |
| // | "A192CBC" | AES CBC using 192 bit keys [not yet part of JOSE] | |
| // | "A256CBC" | AES CBC using 256 bit keys [not yet part of JOSE] | |
| // +--------------+-------------------------------------------------------+ |
| // |
| // kty-specific parameters |
| // The value of kty determines the type and content of the keying material |
| // carried in the JWK to be imported. Currently only two possibilities are |
| // supported: a raw key or an RSA public key. RSA private keys are not |
| // supported because typical applications seldom need to import a private key, |
| // and the large number of JWK parameters required to describe one. |
| // - kty == "oct" (symmetric or other raw key) |
| // +-------+--------------------------------------------------------------+ |
| // | "k" | Contains the value of the symmetric (or other single-valued) | |
| // | | key. It is represented as the base64url encoding of the | |
| // | | octet sequence containing the key value. | |
| // +-------+--------------------------------------------------------------+ |
| // - kty == "RSA" (RSA public key) |
| // +-------+--------------------------------------------------------------+ |
| // | "n" | Contains the modulus value for the RSA public key. It is | |
| // | | represented as the base64url encoding of the value's | |
| // | | unsigned big endian representation as an octet sequence. | |
| // +-------+--------------------------------------------------------------+ |
| // | "e" | Contains the exponent value for the RSA public key. It is | |
| // | | represented as the base64url encoding of the value's | |
| // | | unsigned big endian representation as an octet sequence. | |
| // +-------+--------------------------------------------------------------+ |
| // |
| // Consistency and conflict resolution |
| // The 'algorithm_or_null', 'extractable', and 'usage_mask' input parameters |
| // may be different than the corresponding values inside the JWK. The Web |
| // Crypto spec says that if a JWK value is present but is inconsistent with |
| // the input value, it is an error and the operation must fail. If no |
| // inconsistency is found, the input and JWK values are combined as follows: |
| // |
| // algorithm |
| // If an algorithm is provided by both the input parameter and the JWK, |
| // consistency between the two is based only on algorithm ID's (including an |
| // inner hash algorithm if present). In this case if the consistency |
| // check is passed, the input algorithm is used. If only one of either the |
| // input algorithm and JWK alg is provided, it is used as the final |
| // algorithm. |
| // |
| // extractable |
| // If the JWK extractable is true but the input parameter is false, make the |
| // Web Crypto Key non-extractable. Conversely, if the JWK extractable is |
| // false but the input parameter is true, it is an inconsistency. If both |
| // are true or both are false, use that value. |
| // |
| // usage_mask |
| // The input usage_mask must be a strict subset of the interpreted JWK use |
| // value, else it is judged inconsistent. In all cases the input usage_mask |
| // is used as the final usage_mask. |
| // |
| |
| if (!key_data_size) |
| return false; |
| DCHECK(key); |
| |
| // Parse the incoming JWK JSON. |
| base::StringPiece json_string(reinterpret_cast<const char*>(key_data), |
| key_data_size); |
| scoped_ptr<base::Value> value(base::JSONReader::Read(json_string)); |
| // Note, bare pointer dict_value is ok since it points into scoped value. |
| base::DictionaryValue* dict_value = NULL; |
| if (!value.get() || !value->GetAsDictionary(&dict_value) || !dict_value) |
| return false; |
| |
| // JWK "kty". Exit early if this required JWK parameter is missing. |
| std::string jwk_kty_value; |
| if (!dict_value->GetString("kty", &jwk_kty_value)) |
| return false; |
| |
| // JWK "extractable" (optional) --> extractable parameter |
| { |
| bool jwk_extractable_value; |
| if (dict_value->GetBoolean("extractable", &jwk_extractable_value)) { |
| if (!jwk_extractable_value && extractable) |
| return false; |
| extractable = extractable && jwk_extractable_value; |
| } |
| } |
| |
| // JWK "alg" (optional) --> algorithm parameter |
| // Note: input algorithm is also optional, so we have six cases to handle. |
| // 1. JWK alg present but unrecognized: error |
| // 2. JWK alg valid AND input algorithm isNull: use JWK value |
| // 3. JWK alg valid AND input algorithm specified, but JWK value |
| // inconsistent with input: error |
| // 4. JWK alg valid AND input algorithm specified, both consistent: use |
| // input value (because it has potentially more details) |
| // 5. JWK alg missing AND input algorithm isNull: error |
| // 6. JWK alg missing AND input algorithm specified: use input value |
| blink::WebCryptoAlgorithm algorithm = blink::WebCryptoAlgorithm::createNull(); |
| std::string jwk_alg_value; |
| if (dict_value->GetString("alg", &jwk_alg_value)) { |
| // JWK alg present |
| |
| // TODO(padolph): Validate alg vs kty. For example kty="RSA" implies alg can |
| // only be from the RSA family. |
| |
| const blink::WebCryptoAlgorithm jwk_algorithm = |
| jwk_alg_factory.Get().CreateAlgorithmFromName(jwk_alg_value); |
| if (jwk_algorithm.isNull()) { |
| // JWK alg unrecognized |
| return false; // case 1 |
| } |
| // JWK alg valid |
| if (algorithm_or_null.isNull()) { |
| // input algorithm not specified |
| algorithm = jwk_algorithm; // case 2 |
| } else { |
| // input algorithm specified |
| if (!WebCryptoAlgorithmsConsistent(jwk_algorithm, algorithm_or_null)) |
| return false; // case 3 |
| algorithm = algorithm_or_null; // case 4 |
| } |
| } else { |
| // JWK alg missing |
| if (algorithm_or_null.isNull()) |
| return false; // case 5 |
| algorithm = algorithm_or_null; // case 6 |
| } |
| DCHECK(!algorithm.isNull()); |
| |
| // JWK "use" (optional) --> usage_mask parameter |
| std::string jwk_use_value; |
| if (dict_value->GetString("use", &jwk_use_value)) { |
| blink::WebCryptoKeyUsageMask jwk_usage_mask = 0; |
| if (jwk_use_value == "enc") { |
| jwk_usage_mask = |
| blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageDecrypt; |
| } else if (jwk_use_value == "sig") { |
| jwk_usage_mask = |
| blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify; |
| } else if (jwk_use_value == "wrap") { |
| jwk_usage_mask = |
| blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey; |
| } else { |
| return false; |
| } |
| if ((jwk_usage_mask & usage_mask) != usage_mask) { |
| // A usage_mask must be a subset of jwk_usage_mask. |
| return false; |
| } |
| } |
| |
| // JWK keying material --> ImportKeyInternal() |
| if (jwk_kty_value == "oct") { |
| |
| std::string jwk_k_value; |
| if (!GetDecodedUrl64ValueByKey(*dict_value, "k", &jwk_k_value)) |
| return false; |
| |
| // TODO(padolph): Some JWK alg ID's embed information about the key length |
| // in the alg ID string. For example "A128" implies the JWK carries 128 bits |
| // of key material, and "HS512" implies the JWK carries _at least_ 512 bits |
| // of key material. For such keys validate the actual key length against the |
| // value in the ID. |
| |
| return ImportKeyInternal(blink::WebCryptoKeyFormatRaw, |
| reinterpret_cast<const uint8*>(jwk_k_value.data()), |
| jwk_k_value.size(), |
| algorithm, |
| extractable, |
| usage_mask, |
| key); |
| } else if (jwk_kty_value == "RSA") { |
| |
| // An RSA public key must have an "n" (modulus) and an "e" (exponent) entry |
| // in the JWK, while an RSA private key must have those, plus at least a "d" |
| // (private exponent) entry. |
| // See http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-18, |
| // section 6.3. |
| |
| // RSA private key import is not currently supported, so fail here if a "d" |
| // entry is found. |
| // TODO(padolph): Support RSA private key import. |
| if (dict_value->HasKey("d")) |
| return false; |
| |
| std::string jwk_n_value; |
| if (!GetDecodedUrl64ValueByKey(*dict_value, "n", &jwk_n_value)) |
| return false; |
| std::string jwk_e_value; |
| if (!GetDecodedUrl64ValueByKey(*dict_value, "e", &jwk_e_value)) |
| return false; |
| |
| return ImportRsaPublicKeyInternal( |
| reinterpret_cast<const uint8*>(jwk_n_value.data()), |
| jwk_n_value.size(), |
| reinterpret_cast<const uint8*>(jwk_e_value.data()), |
| jwk_e_value.size(), |
| algorithm, |
| extractable, |
| usage_mask, |
| key); |
| |
| } else { |
| return false; |
| } |
| |
| return true; |
| } |
| |
| } // namespace content |