1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "content/child/webcrypto/nss/sym_key_nss.h"
6
7 #include "base/logging.h"
8 #include "content/child/webcrypto/crypto_data.h"
9 #include "content/child/webcrypto/nss/key_nss.h"
10 #include "content/child/webcrypto/nss/util_nss.h"
11 #include "content/child/webcrypto/status.h"
12 #include "content/child/webcrypto/webcrypto_util.h"
13 #include "crypto/scoped_nss_types.h"
14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
15
16 namespace content {
17
18 namespace webcrypto {
19
GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm & algorithm,bool extractable,blink::WebCryptoKeyUsageMask usage_mask,unsigned keylen_bytes,CK_MECHANISM_TYPE mechanism,blink::WebCryptoKey * key)20 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm,
21 bool extractable,
22 blink::WebCryptoKeyUsageMask usage_mask,
23 unsigned keylen_bytes,
24 CK_MECHANISM_TYPE mechanism,
25 blink::WebCryptoKey* key) {
26 DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
27
28 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
29 if (!slot)
30 return Status::OperationError();
31
32 crypto::ScopedPK11SymKey pk11_key(
33 PK11_KeyGen(slot.get(), mechanism, NULL, keylen_bytes, NULL));
34
35 if (!pk11_key)
36 return Status::OperationError();
37
38 if (PK11_ExtractKeyValue(pk11_key.get()) != SECSuccess)
39 return Status::OperationError();
40
41 const SECItem* key_data = PK11_GetKeyData(pk11_key.get());
42 if (!key_data)
43 return Status::OperationError();
44
45 scoped_ptr<SymKeyNss> handle(new SymKeyNss(
46 pk11_key.Pass(), CryptoData(key_data->data, key_data->len)));
47
48 *key = blink::WebCryptoKey::create(handle.release(),
49 blink::WebCryptoKeyTypeSecret,
50 extractable,
51 algorithm,
52 usage_mask);
53 return Status::Success();
54 }
55
ImportKeyRawNss(const CryptoData & key_data,const blink::WebCryptoKeyAlgorithm & algorithm,bool extractable,blink::WebCryptoKeyUsageMask usage_mask,CK_MECHANISM_TYPE mechanism,CK_FLAGS flags,blink::WebCryptoKey * key)56 Status ImportKeyRawNss(const CryptoData& key_data,
57 const blink::WebCryptoKeyAlgorithm& algorithm,
58 bool extractable,
59 blink::WebCryptoKeyUsageMask usage_mask,
60 CK_MECHANISM_TYPE mechanism,
61 CK_FLAGS flags,
62 blink::WebCryptoKey* key) {
63 DCHECK(!algorithm.isNull());
64 SECItem key_item = MakeSECItemForBuffer(key_data);
65
66 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
67 crypto::ScopedPK11SymKey pk11_sym_key(
68 PK11_ImportSymKeyWithFlags(slot.get(),
69 mechanism,
70 PK11_OriginUnwrap,
71 CKA_FLAGS_ONLY,
72 &key_item,
73 flags,
74 false,
75 NULL));
76 if (!pk11_sym_key.get())
77 return Status::OperationError();
78
79 scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data));
80
81 *key = blink::WebCryptoKey::create(handle.release(),
82 blink::WebCryptoKeyTypeSecret,
83 extractable,
84 algorithm,
85 usage_mask);
86 return Status::Success();
87 }
88
89 } // namespace webcrypto
90
91 } // namespace content
92