content/child/webcrypto/nss/sym_key_nss.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/child/webcrypto/nss/sym_key_nss.h"
   6
   7 #include "base/logging.h"
   8 #include "content/child/webcrypto/crypto_data.h"
   9 #include "content/child/webcrypto/generate_key_result.h"
  10 #include "content/child/webcrypto/nss/key_nss.h"
  11 #include "content/child/webcrypto/nss/util_nss.h"
  12 #include "content/child/webcrypto/status.h"
  13 #include "content/child/webcrypto/webcrypto_util.h"
  14 #include "crypto/scoped_nss_types.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  16
  17 namespace content {
  18
  19 namespace webcrypto {
  20
  21 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
  22                             bool extractable,
  23                             blink::WebCryptoKeyUsageMask usages,
  24                             unsigned int keylen_bits,
  25                             CK_MECHANISM_TYPE mechanism,
  26                             GenerateKeyResult* result) {
  27   DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
  28
  29   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
  30   if (!slot)
  31     return Status::OperationError();
  32
  33   std::vector<uint8_t> bytes(NumBitsToBytes(keylen_bits));
  34   if (bytes.size() > 0) {
  35     if (PK11_GenerateRandom(&bytes[0], bytes.size()) != SECSuccess)
  36       return Status::OperationError();
  37     TruncateToBitLength(keylen_bits, &bytes);
  38   }
  39
  40   blink::WebCryptoKey key;
  41   Status status = ImportKeyRawNss(CryptoData(bytes), algorithm, extractable,
  42                                   usages, mechanism, &key);
  43   if (status.IsError())
  44     return status;
  45
  46   result->AssignSecretKey(key);
  47   return Status::Success();
  48 }
  49
  50 Status ImportKeyRawNss(const CryptoData& key_data,
  51                        const blink::WebCryptoKeyAlgorithm& algorithm,
  52                        bool extractable,
  53                        blink::WebCryptoKeyUsageMask usages,
  54                        CK_MECHANISM_TYPE mechanism,
  55                        blink::WebCryptoKey* key) {
  56   // The usages are enforced at the WebCrypto layer, so it isn't necessary to
  57   // create keys with limited usages.
  58   CK_FLAGS flags = kAllOperationFlags;
  59
  60   DCHECK(!algorithm.isNull());
  61   SECItem key_item = MakeSECItemForBuffer(key_data);
  62
  63   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
  64   crypto::ScopedPK11SymKey pk11_sym_key(PK11_ImportSymKeyWithFlags(
  65       slot.get(), mechanism, PK11_OriginUnwrap, CKA_FLAGS_ONLY, &key_item,
  66       flags, false, NULL));
  67   if (!pk11_sym_key.get())
  68     return Status::OperationError();
  69
  70   scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
  71
  72   *key = blink::WebCryptoKey::create(handle.release(),
  73                                      blink::WebCryptoKeyTypeSecret, extractable,
  74                                      algorithm, usages);
  75   return Status::Success();
  76 }
  77
  78 }  // namespace webcrypto
  79
  80 }  // namespace content