2 * Copyright (C) 2013 Google Inc. All rights reserved.
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions are
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above
11 * copyright notice, this list of conditions and the following disclaimer
12 * in the documentation and/or other materials provided with the
14 * * Neither the name of Google Inc. nor the names of its
15 * contributors may be used to endorse or promote products derived from
16 * this software without specific prior written permission.
18 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
19 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
20 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
21 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
22 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
23 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
24 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
25 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
26 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
27 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
28 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
32 #include "modules/crypto/SubtleCrypto.h"
34 #include "bindings/core/v8/Dictionary.h"
35 #include "core/dom/ExecutionContext.h"
36 #include "modules/crypto/CryptoKey.h"
37 #include "modules/crypto/CryptoResultImpl.h"
38 #include "modules/crypto/NormalizeAlgorithm.h"
39 #include "platform/JSONValues.h"
40 #include "public/platform/Platform.h"
41 #include "public/platform/WebCrypto.h"
42 #include "public/platform/WebCryptoAlgorithm.h"
46 // Seems like the generated bindings should take care of these however it
47 // currently doesn't. See also http://crbug.com/264520
48 static bool ensureNotNull(const DOMArrayPiece& x, const char* paramName, CryptoResult* result)
51 String message = String("Invalid ") + paramName + String(" argument");
52 result->completeWithError(WebCryptoErrorTypeType, WebString(message));
58 static bool ensureNotNull(CryptoKey* key, const char* paramName, CryptoResult* result)
61 String message = String("Invalid ") + paramName + String(" argument");
62 result->completeWithError(WebCryptoErrorTypeType, WebString(message));
68 static bool parseAlgorithm(const Dictionary& raw, WebCryptoOperation op, WebCryptoAlgorithm& algorithm, CryptoResult* result)
71 bool success = normalizeAlgorithm(raw, op, algorithm, &error);
73 result->completeWithError(error.errorType, error.errorDetails);
77 static bool canAccessWebCrypto(ScriptState* scriptState, CryptoResult* result)
79 const SecurityOrigin* origin = scriptState->executionContext()->securityOrigin();
81 if (!origin->canAccessFeatureRequiringSecureOrigin(errorMessage)) {
82 result->completeWithError(WebCryptoErrorTypeNotSupported, errorMessage);
89 static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictionary& rawAlgorithm, CryptoKey* key, WebCryptoOperation operationType, const DOMArrayPiece& signature, const DOMArrayPiece& dataBuffer)
91 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
92 ScriptPromise promise = result->promise();
94 if (!canAccessWebCrypto(scriptState, result.get()))
97 bool requiresKey = operationType != WebCryptoOperationDigest;
99 if (requiresKey && !ensureNotNull(key, "key", result.get()))
101 if (operationType == WebCryptoOperationVerify && !ensureNotNull(signature, "signature", result.get()))
103 if (!ensureNotNull(dataBuffer, "dataBuffer", result.get()))
106 WebCryptoAlgorithm algorithm;
107 if (!parseAlgorithm(rawAlgorithm, operationType, algorithm, result.get()))
110 if (requiresKey && !key->canBeUsedForAlgorithm(algorithm, operationType, result.get()))
113 const unsigned char* data = dataBuffer.bytes();
114 unsigned dataSize = dataBuffer.byteLength();
116 switch (operationType) {
117 case WebCryptoOperationEncrypt:
118 Platform::current()->crypto()->encrypt(algorithm, key->key(), data, dataSize, result->result());
120 case WebCryptoOperationDecrypt:
121 Platform::current()->crypto()->decrypt(algorithm, key->key(), data, dataSize, result->result());
123 case WebCryptoOperationSign:
124 Platform::current()->crypto()->sign(algorithm, key->key(), data, dataSize, result->result());
126 case WebCryptoOperationVerify:
127 Platform::current()->crypto()->verifySignature(algorithm, key->key(), signature.bytes(), signature.byteLength(), data, dataSize, result->result());
129 case WebCryptoOperationDigest:
130 Platform::current()->crypto()->digest(algorithm, data, dataSize, result->result());
133 ASSERT_NOT_REACHED();
134 return ScriptPromise();
140 static bool copyStringProperty(const char* property, const Dictionary& source, JSONObject* destination)
143 if (!DictionaryHelper::get(source, property, value))
145 destination->setString(property, value);
149 static bool copySequenceOfStringProperty(const char* property, const Dictionary& source, JSONObject* destination)
151 Vector<String> value;
152 if (!DictionaryHelper::get(source, property, value))
154 RefPtr<JSONArray> jsonArray = JSONArray::create();
155 for (unsigned i = 0; i < value.size(); ++i)
156 jsonArray->pushString(value[i]);
157 destination->setArray(property, jsonArray.release());
161 // FIXME: At the time of writing this is not a part of the spec. It is based an
162 // an unpublished editor's draft for:
163 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=24963
164 // See http://crbug.com/373917.
165 static bool copyJwkDictionaryToJson(const Dictionary& dict, CString& jsonUtf8, CryptoResult* result)
167 RefPtr<JSONObject> jsonObject = JSONObject::create();
169 if (!copyStringProperty("kty", dict, jsonObject.get())) {
170 result->completeWithError(WebCryptoErrorTypeData, "The required JWK property \"kty\" was missing");
174 copyStringProperty("use", dict, jsonObject.get());
175 copySequenceOfStringProperty("key_ops", dict, jsonObject.get());
176 copyStringProperty("alg", dict, jsonObject.get());
179 if (DictionaryHelper::get(dict, "ext", ext))
180 jsonObject->setBoolean("ext", ext);
182 const char* const propertyNames[] = { "d", "n", "e", "p", "q", "dp", "dq", "qi", "k" };
183 for (unsigned i = 0; i < WTF_ARRAY_LENGTH(propertyNames); ++i)
184 copyStringProperty(propertyNames[i], dict, jsonObject.get());
186 String json = jsonObject->toJSONString();
187 jsonUtf8 = json.utf8();
191 SubtleCrypto::SubtleCrypto()
195 ScriptPromise SubtleCrypto::encrypt(ScriptState* scriptState, const Dictionary& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& data)
197 return startCryptoOperation(scriptState, rawAlgorithm, key, WebCryptoOperationEncrypt, DOMArrayPiece(), data);
200 ScriptPromise SubtleCrypto::decrypt(ScriptState* scriptState, const Dictionary& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& data)
202 return startCryptoOperation(scriptState, rawAlgorithm, key, WebCryptoOperationDecrypt, DOMArrayPiece(), data);
205 ScriptPromise SubtleCrypto::sign(ScriptState* scriptState, const Dictionary& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& data)
207 return startCryptoOperation(scriptState, rawAlgorithm, key, WebCryptoOperationSign, DOMArrayPiece(), data);
210 ScriptPromise SubtleCrypto::verifySignature(ScriptState* scriptState, const Dictionary& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& signature, const DOMArrayPiece& data)
212 return startCryptoOperation(scriptState, rawAlgorithm, key, WebCryptoOperationVerify, signature, data);
215 ScriptPromise SubtleCrypto::digest(ScriptState* scriptState, const Dictionary& rawAlgorithm, const DOMArrayPiece& data)
217 return startCryptoOperation(scriptState, rawAlgorithm, 0, WebCryptoOperationDigest, DOMArrayPiece(), data);
220 ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
222 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
223 ScriptPromise promise = result->promise();
225 if (!canAccessWebCrypto(scriptState, result.get()))
228 WebCryptoKeyUsageMask keyUsages;
229 if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
232 WebCryptoAlgorithm algorithm;
233 if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationGenerateKey, algorithm, result.get()))
236 Platform::current()->crypto()->generateKey(algorithm, extractable, keyUsages, result->result());
240 ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const DOMArrayPiece& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
242 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
243 ScriptPromise promise = result->promise();
245 if (!canAccessWebCrypto(scriptState, result.get()))
248 if (!ensureNotNull(keyData, "keyData", result.get()))
251 WebCryptoKeyFormat format;
252 if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
255 if (format == WebCryptoKeyFormatJwk) {
256 result->completeWithError(WebCryptoErrorTypeData, "Key data must be an object for JWK import");
260 WebCryptoKeyUsageMask keyUsages;
261 if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
264 WebCryptoAlgorithm algorithm;
265 if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationImportKey, algorithm, result.get()))
268 Platform::current()->crypto()->importKey(format, keyData.bytes(), keyData.byteLength(), algorithm, extractable, keyUsages, result->result());
272 ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const Dictionary& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
274 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
275 ScriptPromise promise = result->promise();
277 if (!canAccessWebCrypto(scriptState, result.get()))
280 WebCryptoKeyFormat format;
281 if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
284 WebCryptoKeyUsageMask keyUsages;
285 if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
288 if (format != WebCryptoKeyFormatJwk) {
289 result->completeWithError(WebCryptoErrorTypeData, "Key data must be a buffer for non-JWK formats");
293 WebCryptoAlgorithm algorithm;
294 if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationImportKey, algorithm, result.get()))
298 if (!copyJwkDictionaryToJson(keyData, jsonUtf8, result.get()))
301 Platform::current()->crypto()->importKey(format, reinterpret_cast<const unsigned char*>(jsonUtf8.data()), jsonUtf8.length(), algorithm, extractable, keyUsages, result->result());
305 ScriptPromise SubtleCrypto::exportKey(ScriptState* scriptState, const String& rawFormat, CryptoKey* key)
307 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
308 ScriptPromise promise = result->promise();
310 if (!canAccessWebCrypto(scriptState, result.get()))
313 if (!ensureNotNull(key, "key", result.get()))
316 WebCryptoKeyFormat format;
317 if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
320 if (!key->extractable()) {
321 result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key is not extractable");
325 Platform::current()->crypto()->exportKey(format, key->key(), result->result());
329 ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawFormat, CryptoKey* key, CryptoKey* wrappingKey, const Dictionary& rawWrapAlgorithm)
331 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
332 ScriptPromise promise = result->promise();
334 if (!canAccessWebCrypto(scriptState, result.get()))
337 if (!ensureNotNull(key, "key", result.get()))
340 if (!ensureNotNull(wrappingKey, "wrappingKey", result.get()))
343 WebCryptoKeyFormat format;
344 if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
347 WebCryptoAlgorithm wrapAlgorithm;
348 if (!parseAlgorithm(rawWrapAlgorithm, WebCryptoOperationWrapKey, wrapAlgorithm, result.get()))
351 if (!key->extractable()) {
352 result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key is not extractable");
356 if (!wrappingKey->canBeUsedForAlgorithm(wrapAlgorithm, WebCryptoOperationWrapKey, result.get()))
359 Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKey->key(), wrapAlgorithm, result->result());
363 ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& rawFormat, const DOMArrayPiece& wrappedKey, CryptoKey* unwrappingKey, const Dictionary& rawUnwrapAlgorithm, const Dictionary& rawUnwrappedKeyAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
365 RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
366 ScriptPromise promise = result->promise();
368 if (!canAccessWebCrypto(scriptState, result.get()))
371 if (!ensureNotNull(wrappedKey, "wrappedKey", result.get()))
373 if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get()))
376 WebCryptoKeyFormat format;
377 if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
380 WebCryptoKeyUsageMask keyUsages;
381 if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
384 WebCryptoAlgorithm unwrapAlgorithm;
385 if (!parseAlgorithm(rawUnwrapAlgorithm, WebCryptoOperationUnwrapKey, unwrapAlgorithm, result.get()))
388 WebCryptoAlgorithm unwrappedKeyAlgorithm;
389 if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, WebCryptoOperationImportKey, unwrappedKeyAlgorithm, result.get()))
392 if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, WebCryptoOperationUnwrapKey, result.get()))
395 Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(), wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, result->result());