content/child/webcrypto/jwk.h

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef CONTENT_CHILD_WEBCRYPTO_JWK_H_
   6 #define CONTENT_CHILD_WEBCRYPTO_JWK_H_
   7
   8 #include <stdint.h>
   9 #include <vector>
  10
  11 #include "base/values.h"
  12 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
  13 #include "third_party/WebKit/public/platform/WebCrypto.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
  15
  16 namespace content {
  17
  18 namespace webcrypto {
  19
  20 class CryptoData;
  21 class Status;
  22
  23 // Writes a JWK-formatted symmetric key to |jwk_key_data|.
  24 //  * raw_key_data: The actual key data
  25 //  * algorithm: The JWK algorithm name (i.e. "alg")
  26 //  * extractable: The JWK extractability (i.e. "ext")
  27 //  * usage_mask: The JWK usages (i.e. "key_ops")
  28 void WriteSecretKeyJwk(const CryptoData& raw_key_data,
  29                        const std::string& algorithm,
  30                        bool extractable,
  31                        blink::WebCryptoKeyUsageMask usage_mask,
  32                        std::vector<uint8_t>* jwk_key_data);
  33
  34 // Parses a UTF-8 encoded JWK (key_data), and extracts the key material to
  35 // |*raw_key_data|. Returns Status::Success() on success, otherwise an error.
  36 // In order for this to succeed:
  37 //   * expected_algorithm must match the JWK's "alg", if present.
  38 //   * expected_extractable must be consistent with the JWK's "ext", if
  39 //     present.
  40 //   * expected_usage_mask must be a subset of the JWK's "key_ops" if present.
  41 Status ReadSecretKeyJwk(const CryptoData& key_data,
  42                         const std::string& expected_algorithm,
  43                         bool expected_extractable,
  44                         blink::WebCryptoKeyUsageMask expected_usage_mask,
  45                         std::vector<uint8_t>* raw_key_data);
  46
  47 // Creates an AES algorithm name for the given key size (in bytes). For
  48 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16.
  49 std::string MakeJwkAesAlgorithmName(const std::string& suffix,
  50                                     unsigned int keylen_bytes);
  51
  52 // This is very similar to ReadSecretKeyJwk(), except instead of specifying an
  53 // absolut "expected_algorithm", the suffix for an AES algorithm name is given
  54 // (See MakeJwkAesAlgorithmName() for an explanation of what the suffix is).
  55 //
  56 // This is because the algorithm name for AES keys is dependent on the length
  57 // of the key. This function expects key lengths to be either 128, 192, or 256
  58 // bits.
  59 Status ReadAesSecretKeyJwk(const CryptoData& key_data,
  60                            const std::string& algorithm_name_suffix,
  61                            bool expected_extractable,
  62                            blink::WebCryptoKeyUsageMask expected_usage_mask,
  63                            std::vector<uint8_t>* raw_key_data);
  64
  65 // Writes a JWK-formated RSA public key and saves the result to
  66 // |*jwk_key_data|.
  67 void WriteRsaPublicKeyJwk(const CryptoData& n,
  68                           const CryptoData& e,
  69                           const std::string& algorithm,
  70                           bool extractable,
  71                           blink::WebCryptoKeyUsageMask usage_mask,
  72                           std::vector<uint8_t>* jwk_key_data);
  73
  74 // Writes a JWK-formated RSA private key and saves the result to
  75 // |*jwk_key_data|.
  76 void WriteRsaPrivateKeyJwk(const CryptoData& n,
  77                            const CryptoData& e,
  78                            const CryptoData& d,
  79                            const CryptoData& p,
  80                            const CryptoData& q,
  81                            const CryptoData& dp,
  82                            const CryptoData& dq,
  83                            const CryptoData& qi,
  84                            const std::string& algorithm,
  85                            bool extractable,
  86                            blink::WebCryptoKeyUsageMask usage_mask,
  87                            std::vector<uint8_t>* jwk_key_data);
  88
  89 // Describes the RSA components for a parsed key. The names of the properties
  90 // correspond with those from the JWK spec. Note that Chromium's WebCrypto
  91 // implementation does not support multi-primes, so there is no parsed field
  92 // for othinfo.
  93 struct JwkRsaInfo {
  94   JwkRsaInfo();
  95   ~JwkRsaInfo();
  96
  97   bool is_private_key;
  98   std::string n;
  99   std::string e;
 100   std::string d;
 101   std::string p;
 102   std::string q;
 103   std::string dp;
 104   std::string dq;
 105   std::string qi;
 106 };
 107
 108 // Parses a UTF-8 encoded JWK (key_data), and extracts the RSA components to
 109 // |*result|. Returns Status::Success() on success, otherwise an error.
 110 // In order for this to succeed:
 111 //   * expected_algorithm must match the JWK's "alg", if present.
 112 //   * expected_extractable must be consistent with the JWK's "ext", if
 113 //     present.
 114 //   * expected_usage_mask must be a subset of the JWK's "key_ops" if present.
 115 Status ReadRsaKeyJwk(const CryptoData& key_data,
 116                      const std::string& expected_algorithm,
 117                      bool expected_extractable,
 118                      blink::WebCryptoKeyUsageMask expected_usage_mask,
 119                      JwkRsaInfo* result);
 120
 121 const char* GetJwkHmacAlgorithmName(blink::WebCryptoAlgorithmId hash);
 122
 123 }  // namespace webcrypto
 124
 125 }  // namespace content
 126
 127 #endif  // CONTENT_CHILD_WEBCRYPTO_JWK_H_