Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / child / webcrypto / nss / sym_key_nss.cc
blob53efeb0dd87a6e77bfe1f5274ee65adc94e5b3f6
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "content/child/webcrypto/nss/sym_key_nss.h"
7 #include "base/logging.h"
8 #include "content/child/webcrypto/crypto_data.h"
9 #include "content/child/webcrypto/generate_key_result.h"
10 #include "content/child/webcrypto/nss/key_nss.h"
11 #include "content/child/webcrypto/nss/util_nss.h"
12 #include "content/child/webcrypto/status.h"
13 #include "content/child/webcrypto/webcrypto_util.h"
14 #include "crypto/scoped_nss_types.h"
15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
17 namespace content {
19 namespace webcrypto {
21 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
22 bool extractable,
23 blink::WebCryptoKeyUsageMask usages,
24 unsigned int keylen_bits,
25 CK_MECHANISM_TYPE mechanism,
26 GenerateKeyResult* result) {
27 DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
29 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
30 if (!slot)
31 return Status::OperationError();
33 std::vector<uint8_t> bytes(NumBitsToBytes(keylen_bits));
34 if (bytes.size() > 0) {
35 if (PK11_GenerateRandom(&bytes[0], bytes.size()) != SECSuccess)
36 return Status::OperationError();
37 TruncateToBitLength(keylen_bits, &bytes);
40 blink::WebCryptoKey key;
41 Status status = ImportKeyRawNss(CryptoData(bytes), algorithm, extractable,
42 usages, mechanism, &key);
43 if (status.IsError())
44 return status;
46 result->AssignSecretKey(key);
47 return Status::Success();
50 Status ImportKeyRawNss(const CryptoData& key_data,
51 const blink::WebCryptoKeyAlgorithm& algorithm,
52 bool extractable,
53 blink::WebCryptoKeyUsageMask usages,
54 CK_MECHANISM_TYPE mechanism,
55 blink::WebCryptoKey* key) {
56 // The usages are enforced at the WebCrypto layer, so it isn't necessary to
57 // create keys with limited usages.
58 CK_FLAGS flags = kAllOperationFlags;
60 DCHECK(!algorithm.isNull());
61 SECItem key_item = MakeSECItemForBuffer(key_data);
63 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
64 crypto::ScopedPK11SymKey pk11_sym_key(PK11_ImportSymKeyWithFlags(
65 slot.get(), mechanism, PK11_OriginUnwrap, CKA_FLAGS_ONLY, &key_item,
66 flags, false, NULL));
67 if (!pk11_sym_key.get())
68 return Status::OperationError();
70 scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
72 *key = blink::WebCryptoKey::create(handle.release(),
73 blink::WebCryptoKeyTypeSecret, extractable,
74 algorithm, usages);
75 return Status::Success();
78 } // namespace webcrypto
80 } // namespace content