components/webcrypto/nss/sym_key_nss.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/webcrypto/nss/sym_key_nss.h"
   6
   7 #include "base/logging.h"
   8 #include "components/webcrypto/crypto_data.h"
   9 #include "components/webcrypto/generate_key_result.h"
  10 #include "components/webcrypto/nss/key_nss.h"
  11 #include "components/webcrypto/nss/util_nss.h"
  12 #include "components/webcrypto/status.h"
  13 #include "components/webcrypto/webcrypto_util.h"
  14 #include "crypto/scoped_nss_types.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  16
  17 namespace webcrypto {
  18
  19 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
  20                             bool extractable,
  21                             blink::WebCryptoKeyUsageMask usages,
  22                             unsigned int keylen_bits,
  23                             CK_MECHANISM_TYPE mechanism,
  24                             GenerateKeyResult* result) {
  25   DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
  26
  27   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
  28   if (!slot)
  29     return Status::OperationError();
  30
  31   std::vector<uint8_t> bytes(NumBitsToBytes(keylen_bits));
  32   if (bytes.size() > 0) {
  33     if (PK11_GenerateRandom(&bytes[0], bytes.size()) != SECSuccess)
  34       return Status::OperationError();
  35     TruncateToBitLength(keylen_bits, &bytes);
  36   }
  37
  38   blink::WebCryptoKey key;
  39   Status status = ImportKeyRawNss(CryptoData(bytes), algorithm, extractable,
  40                                   usages, mechanism, &key);
  41   if (status.IsError())
  42     return status;
  43
  44   result->AssignSecretKey(key);
  45   return Status::Success();
  46 }
  47
  48 Status ImportKeyRawNss(const CryptoData& key_data,
  49                        const blink::WebCryptoKeyAlgorithm& algorithm,
  50                        bool extractable,
  51                        blink::WebCryptoKeyUsageMask usages,
  52                        CK_MECHANISM_TYPE mechanism,
  53                        blink::WebCryptoKey* key) {
  54   // The usages are enforced at the WebCrypto layer, so it isn't necessary to
  55   // create keys with limited usages.
  56   CK_FLAGS flags = kAllOperationFlags;
  57
  58   DCHECK(!algorithm.isNull());
  59   SECItem key_item = MakeSECItemForBuffer(key_data);
  60
  61   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
  62   crypto::ScopedPK11SymKey pk11_sym_key(PK11_ImportSymKeyWithFlags(
  63       slot.get(), mechanism, PK11_OriginUnwrap, CKA_FLAGS_ONLY, &key_item,
  64       flags, false, NULL));
  65   if (!pk11_sym_key.get())
  66     return Status::OperationError();
  67
  68   scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
  69
  70   *key = blink::WebCryptoKey::create(handle.release(),
  71                                      blink::WebCryptoKeyTypeSecret, extractable,
  72                                      algorithm, usages);
  73   return Status::Success();
  74 }
  75
  76 }  // namespace webcrypto