src/content/child/webcrypto/nss/sym_key_nss.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "content/child/webcrypto/nss/sym_key_nss.h"
   6
   7 #include "base/logging.h"
   8 #include "content/child/webcrypto/crypto_data.h"
   9 #include "content/child/webcrypto/generate_key_result.h"
  10 #include "content/child/webcrypto/nss/key_nss.h"
  11 #include "content/child/webcrypto/nss/util_nss.h"
  12 #include "content/child/webcrypto/status.h"
  13 #include "content/child/webcrypto/webcrypto_util.h"
  14 #include "crypto/scoped_nss_types.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  16
  17 namespace content {
  18
  19 namespace webcrypto {
  20
  21 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
  22                             bool extractable,
  23                             blink::WebCryptoKeyUsageMask usages,
  24                             unsigned keylen_bytes,
  25                             CK_MECHANISM_TYPE mechanism,
  26                             GenerateKeyResult* result) {
  27   DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
  28
  29   crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
  30   if (!slot)
  31     return Status::OperationError();
  32
  33   crypto::ScopedPK11SymKey pk11_key(
  34       PK11_KeyGen(slot.get(), mechanism, NULL, keylen_bytes, NULL));
  35
  36   if (!pk11_key)
  37     return Status::OperationError();
  38
  39   if (PK11_ExtractKeyValue(pk11_key.get()) != SECSuccess)
  40     return Status::OperationError();
  41
  42   const SECItem* key_data = PK11_GetKeyData(pk11_key.get());
  43   if (!key_data)
  44     return Status::OperationError();
  45
  46   scoped_ptr<SymKeyNss> handle(new SymKeyNss(
  47       pk11_key.Pass(), CryptoData(key_data->data, key_data->len)));
  48
  49   result->AssignSecretKey(
  50       blink::WebCryptoKey::create(handle.release(),
  51                                   blink::WebCryptoKeyTypeSecret,
  52                                   extractable,
  53                                   algorithm,
  54                                   usages));
  55
  56   return Status::Success();
  57 }
  58
  59 Status ImportKeyRawNss(const CryptoData& key_data,
  60                        const blink::WebCryptoKeyAlgorithm& algorithm,
  61                        bool extractable,
  62                        blink::WebCryptoKeyUsageMask usages,
  63                        CK_MECHANISM_TYPE mechanism,
  64                        CK_FLAGS flags,
  65                        blink::WebCryptoKey* key) {
  66   DCHECK(!algorithm.isNull());
  67   SECItem key_item = MakeSECItemForBuffer(key_data);
  68
  69   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
  70   crypto::ScopedPK11SymKey pk11_sym_key(
  71       PK11_ImportSymKeyWithFlags(slot.get(),
  72                                  mechanism,
  73                                  PK11_OriginUnwrap,
  74                                  CKA_FLAGS_ONLY,
  75                                  &key_item,
  76                                  flags,
  77                                  false,
  78                                  NULL));
  79   if (!pk11_sym_key.get())
  80     return Status::OperationError();
  81
  82   scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
  83
  84   *key = blink::WebCryptoKey::create(handle.release(),
  85                                      blink::WebCryptoKeyTypeSecret,
  86                                      extractable,
  87                                      algorithm,
  88                                      usages);
  89   return Status::Success();
  90 }
  91
  92 }  // namespace webcrypto
  93
  94 }  // namespace content