content/child/webcrypto/algorithm_dispatch.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/child/webcrypto/algorithm_dispatch.h"
   6
   7 #include "base/logging.h"
   8 #include "content/child/webcrypto/algorithm_implementation.h"
   9 #include "content/child/webcrypto/algorithm_registry.h"
  10 #include "content/child/webcrypto/crypto_data.h"
  11 #include "content/child/webcrypto/platform_crypto.h"
  12 #include "content/child/webcrypto/status.h"
  13 #include "content/child/webcrypto/webcrypto_util.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  15
  16 namespace content {
  17
  18 namespace webcrypto {
  19
  20 namespace {
  21
  22 Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
  23                                 const blink::WebCryptoKey& key,
  24                                 const CryptoData& data,
  25                                 std::vector<uint8_t>* buffer) {
  26   if (algorithm.id() != key.algorithm().id())
  27     return Status::ErrorUnexpected();
  28
  29   const AlgorithmImplementation* impl = NULL;
  30   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
  31   if (status.IsError())
  32     return status;
  33
  34   return impl->Decrypt(algorithm, key, data, buffer);
  35 }
  36
  37 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
  38                              const blink::WebCryptoKey& key,
  39                              const CryptoData& data,
  40                              std::vector<uint8_t>* buffer) {
  41   if (algorithm.id() != key.algorithm().id())
  42     return Status::ErrorUnexpected();
  43
  44   const AlgorithmImplementation* impl = NULL;
  45   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
  46   if (status.IsError())
  47     return status;
  48
  49   return impl->Encrypt(algorithm, key, data, buffer);
  50 }
  51
  52 Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format,
  53                                         const blink::WebCryptoKey& key,
  54                                         std::vector<uint8_t>* buffer) {
  55   const AlgorithmImplementation* impl = NULL;
  56   Status status = GetAlgorithmImplementation(key.algorithm().id(), &impl);
  57   if (status.IsError())
  58     return status;
  59
  60   switch (format) {
  61     case blink::WebCryptoKeyFormatRaw:
  62       return impl->ExportKeyRaw(key, buffer);
  63     case blink::WebCryptoKeyFormatSpki:
  64       return impl->ExportKeySpki(key, buffer);
  65     case blink::WebCryptoKeyFormatPkcs8:
  66       return impl->ExportKeyPkcs8(key, buffer);
  67     case blink::WebCryptoKeyFormatJwk:
  68       return impl->ExportKeyJwk(key, buffer);
  69     default:
  70       return Status::ErrorUnsupported();
  71   }
  72 }
  73
  74 }  // namespace
  75
  76 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
  77                const blink::WebCryptoKey& key,
  78                const CryptoData& data,
  79                std::vector<uint8_t>* buffer) {
  80   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))
  81     return Status::ErrorUnexpected();
  82   return EncryptDontCheckUsage(algorithm, key, data, buffer);
  83 }
  84
  85 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
  86                const blink::WebCryptoKey& key,
  87                const CryptoData& data,
  88                std::vector<uint8_t>* buffer) {
  89   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageDecrypt))
  90     return Status::ErrorUnexpected();
  91   return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
  92 }
  93
  94 Status Digest(const blink::WebCryptoAlgorithm& algorithm,
  95               const CryptoData& data,
  96               std::vector<uint8_t>* buffer) {
  97   const AlgorithmImplementation* impl = NULL;
  98   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
  99   if (status.IsError())
 100     return status;
 101
 102   return impl->Digest(algorithm, data, buffer);
 103 }
 104
 105 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
 106                          bool extractable,
 107                          blink::WebCryptoKeyUsageMask usage_mask,
 108                          blink::WebCryptoKey* key) {
 109   const AlgorithmImplementation* impl = NULL;
 110   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
 111   if (status.IsError())
 112     return status;
 113
 114   status = impl->VerifyKeyUsagesBeforeGenerateKey(usage_mask);
 115   if (status.IsError())
 116     return status;
 117
 118   return impl->GenerateSecretKey(algorithm, extractable, usage_mask, key);
 119 }
 120
 121 Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm,
 122                        bool extractable,
 123                        blink::WebCryptoKeyUsageMask combined_usage_mask,
 124                        blink::WebCryptoKey* public_key,
 125                        blink::WebCryptoKey* private_key) {
 126   const AlgorithmImplementation* impl = NULL;
 127   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
 128   if (status.IsError())
 129     return status;
 130
 131   blink::WebCryptoKeyUsageMask public_usage_mask;
 132   blink::WebCryptoKeyUsageMask private_usage_mask;
 133   status = impl->VerifyKeyUsagesBeforeGenerateKeyPair(
 134       combined_usage_mask, &public_usage_mask, &private_usage_mask);
 135   if (status.IsError())
 136     return status;
 137
 138   return impl->GenerateKeyPair(algorithm,
 139                                extractable,
 140                                public_usage_mask,
 141                                private_usage_mask,
 142                                public_key,
 143                                private_key);
 144 }
 145
 146 // Note that this function may be called from the target Blink thread.
 147 Status ImportKey(blink::WebCryptoKeyFormat format,
 148                  const CryptoData& key_data,
 149                  const blink::WebCryptoAlgorithm& algorithm,
 150                  bool extractable,
 151                  blink::WebCryptoKeyUsageMask usage_mask,
 152                  blink::WebCryptoKey* key) {
 153   const AlgorithmImplementation* impl = NULL;
 154   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
 155   if (status.IsError())
 156     return status;
 157
 158   status = impl->VerifyKeyUsagesBeforeImportKey(format, usage_mask);
 159   if (status.IsError())
 160     return status;
 161
 162   switch (format) {
 163     case blink::WebCryptoKeyFormatRaw:
 164       return impl->ImportKeyRaw(
 165           key_data, algorithm, extractable, usage_mask, key);
 166     case blink::WebCryptoKeyFormatSpki:
 167       return impl->ImportKeySpki(
 168           key_data, algorithm, extractable, usage_mask, key);
 169     case blink::WebCryptoKeyFormatPkcs8:
 170       return impl->ImportKeyPkcs8(
 171           key_data, algorithm, extractable, usage_mask, key);
 172     case blink::WebCryptoKeyFormatJwk:
 173       return impl->ImportKeyJwk(
 174           key_data, algorithm, extractable, usage_mask, key);
 175     default:
 176       return Status::ErrorUnsupported();
 177   }
 178 }
 179
 180 Status ExportKey(blink::WebCryptoKeyFormat format,
 181                  const blink::WebCryptoKey& key,
 182                  std::vector<uint8_t>* buffer) {
 183   if (!key.extractable())
 184     return Status::ErrorKeyNotExtractable();
 185   return ExportKeyDontCheckExtractability(format, key, buffer);
 186 }
 187
 188 Status Sign(const blink::WebCryptoAlgorithm& algorithm,
 189             const blink::WebCryptoKey& key,
 190             const CryptoData& data,
 191             std::vector<uint8_t>* buffer) {
 192   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageSign))
 193     return Status::ErrorUnexpected();
 194   if (algorithm.id() != key.algorithm().id())
 195     return Status::ErrorUnexpected();
 196
 197   const AlgorithmImplementation* impl = NULL;
 198   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
 199   if (status.IsError())
 200     return status;
 201
 202   return impl->Sign(algorithm, key, data, buffer);
 203 }
 204
 205 Status Verify(const blink::WebCryptoAlgorithm& algorithm,
 206               const blink::WebCryptoKey& key,
 207               const CryptoData& signature,
 208               const CryptoData& data,
 209               bool* signature_match) {
 210   if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageVerify))
 211     return Status::ErrorUnexpected();
 212   if (algorithm.id() != key.algorithm().id())
 213     return Status::ErrorUnexpected();
 214
 215   const AlgorithmImplementation* impl = NULL;
 216   Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
 217   if (status.IsError())
 218     return status;
 219
 220   return impl->Verify(algorithm, key, signature, data, signature_match);
 221 }
 222
 223 Status WrapKey(blink::WebCryptoKeyFormat format,
 224                const blink::WebCryptoKey& key_to_wrap,
 225                const blink::WebCryptoKey& wrapping_key,
 226                const blink::WebCryptoAlgorithm& wrapping_algorithm,
 227                std::vector<uint8_t>* buffer) {
 228   if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey))
 229     return Status::ErrorUnexpected();
 230
 231   std::vector<uint8_t> exported_data;
 232   Status status = ExportKey(format, key_to_wrap, &exported_data);
 233   if (status.IsError())
 234     return status;
 235   return EncryptDontCheckUsage(
 236       wrapping_algorithm, wrapping_key, CryptoData(exported_data), buffer);
 237 }
 238
 239 Status UnwrapKey(blink::WebCryptoKeyFormat format,
 240                  const CryptoData& wrapped_key_data,
 241                  const blink::WebCryptoKey& wrapping_key,
 242                  const blink::WebCryptoAlgorithm& wrapping_algorithm,
 243                  const blink::WebCryptoAlgorithm& algorithm,
 244                  bool extractable,
 245                  blink::WebCryptoKeyUsageMask usage_mask,
 246                  blink::WebCryptoKey* key) {
 247   if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey))
 248     return Status::ErrorUnexpected();
 249   if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
 250     return Status::ErrorUnexpected();
 251
 252   // Fail fast if the import is doomed to fail.
 253   const AlgorithmImplementation* import_impl = NULL;
 254   Status status = GetAlgorithmImplementation(algorithm.id(), &import_impl);
 255   if (status.IsError())
 256     return status;
 257
 258   status = import_impl->VerifyKeyUsagesBeforeImportKey(format, usage_mask);
 259   if (status.IsError())
 260     return status;
 261
 262   std::vector<uint8_t> buffer;
 263   status = DecryptDontCheckKeyUsage(
 264       wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer);
 265   if (status.IsError())
 266     return status;
 267
 268   // NOTE that returning the details of ImportKey() failures may leak
 269   // information about the plaintext of the encrypted key (for instance the JWK
 270   // key_ops). As long as the ImportKey error messages don't describe actual
 271   // key bytes however this should be OK. For more discussion see
 272   // http://crubg.com/372040
 273   return ImportKey(
 274       format, CryptoData(buffer), algorithm, extractable, usage_mask, key);
 275 }
 276
 277 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
 278     blink::WebCryptoAlgorithmId algorithm) {
 279   PlatformInit();
 280   return CreatePlatformDigestor(algorithm);
 281 }
 282
 283 }  // namespace webcrypto
 284
 285 }  // namespace content