content/child/webcrypto/nss/sym_key_nss.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/child/webcrypto/nss/sym_key_nss.h"
   6
   7 #include "base/logging.h"
   8 #include "content/child/webcrypto/crypto_data.h"
   9 #include "content/child/webcrypto/nss/key_nss.h"
  10 #include "content/child/webcrypto/nss/util_nss.h"
  11 #include "content/child/webcrypto/status.h"
  12 #include "content/child/webcrypto/webcrypto_util.h"
  13 #include "crypto/scoped_nss_types.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  15
  16 namespace content {
  17
  18 namespace webcrypto {
  19
  20 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
  21                             bool extractable,
  22                             blink::WebCryptoKeyUsageMask usage_mask,
  23                             unsigned keylen_bytes,
  24                             CK_MECHANISM_TYPE mechanism,
  25                             blink::WebCryptoKey* key) {
  26   DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
  27
  28   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
  29   if (!slot)
  30     return Status::OperationError();
  31
  32   crypto::ScopedPK11SymKey pk11_key(
  33       PK11_KeyGen(slot.get(), mechanism, NULL, keylen_bytes, NULL));
  34
  35   if (!pk11_key)
  36     return Status::OperationError();
  37
  38   if (PK11_ExtractKeyValue(pk11_key.get()) != SECSuccess)
  39     return Status::OperationError();
  40
  41   const SECItem* key_data = PK11_GetKeyData(pk11_key.get());
  42   if (!key_data)
  43     return Status::OperationError();
  44
  45   scoped_ptr<SymKeyNss> handle(new SymKeyNss(
  46       pk11_key.Pass(), CryptoData(key_data->data, key_data->len)));
  47
  48   *key = blink::WebCryptoKey::create(handle.release(),
  49                                      blink::WebCryptoKeyTypeSecret,
  50                                      extractable,
  51                                      algorithm,
  52                                      usage_mask);
  53   return Status::Success();
  54 }
  55
  56 Status ImportKeyRawNss(const CryptoData& key_data,
  57                        const blink::WebCryptoKeyAlgorithm& algorithm,
  58                        bool extractable,
  59                        blink::WebCryptoKeyUsageMask usage_mask,
  60                        CK_MECHANISM_TYPE mechanism,
  61                        CK_FLAGS flags,
  62                        blink::WebCryptoKey* key) {
  63   DCHECK(!algorithm.isNull());
  64   SECItem key_item = MakeSECItemForBuffer(key_data);
  65
  66   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
  67   crypto::ScopedPK11SymKey pk11_sym_key(
  68       PK11_ImportSymKeyWithFlags(slot.get(),
  69                                  mechanism,
  70                                  PK11_OriginUnwrap,
  71                                  CKA_FLAGS_ONLY,
  72                                  &key_item,
  73                                  flags,
  74                                  false,
  75                                  NULL));
  76   if (!pk11_sym_key.get())
  77     return Status::OperationError();
  78
  79   scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
  80
  81   *key = blink::WebCryptoKey::create(handle.release(),
  82                                      blink::WebCryptoKeyTypeSecret,
  83                                      extractable,
  84                                      algorithm,
  85                                      usage_mask);
  86   return Status::Success();
  87 }
  88
  89 }  // namespace webcrypto
  90
  91 }  // namespace content