1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "content/child/webcrypto/nss/sym_key_nss.h" 6 7 #include "base/logging.h" 8 #include "content/child/webcrypto/crypto_data.h" 9 #include "content/child/webcrypto/nss/key_nss.h" 10 #include "content/child/webcrypto/nss/util_nss.h" 11 #include "content/child/webcrypto/status.h" 12 #include "content/child/webcrypto/webcrypto_util.h" 13 #include "crypto/scoped_nss_types.h" 14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" 15 16 namespace content { 17 18 namespace webcrypto { 19 20 Status GenerateSecretKeyNss(const blink::WebCryptoKeyAlgorithm& algorithm, 21 bool extractable, 22 blink::WebCryptoKeyUsageMask usage_mask, 23 unsigned keylen_bytes, 24 CK_MECHANISM_TYPE mechanism, 25 blink::WebCryptoKey* key) { 26 DCHECK_NE(CKM_INVALID_MECHANISM, mechanism); 27 28 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); 29 if (!slot) 30 return Status::OperationError(); 31 32 crypto::ScopedPK11SymKey pk11_key( 33 PK11_KeyGen(slot.get(), mechanism, NULL, keylen_bytes, NULL)); 34 35 if (!pk11_key) 36 return Status::OperationError(); 37 38 if (PK11_ExtractKeyValue(pk11_key.get()) != SECSuccess) 39 return Status::OperationError(); 40 41 const SECItem* key_data = PK11_GetKeyData(pk11_key.get()); 42 if (!key_data) 43 return Status::OperationError(); 44 45 scoped_ptr<SymKeyNss> handle(new SymKeyNss( 46 pk11_key.Pass(), CryptoData(key_data->data, key_data->len))); 47 48 *key = blink::WebCryptoKey::create(handle.release(), 49 blink::WebCryptoKeyTypeSecret, 50 extractable, 51 algorithm, 52 usage_mask); 53 return Status::Success(); 54 } 55 56 Status ImportKeyRawNss(const CryptoData& key_data, 57 const blink::WebCryptoKeyAlgorithm& algorithm, 58 bool extractable, 59 blink::WebCryptoKeyUsageMask usage_mask, 60 CK_MECHANISM_TYPE mechanism, 61 CK_FLAGS flags, 62 blink::WebCryptoKey* key) { 63 DCHECK(!algorithm.isNull()); 64 SECItem key_item = MakeSECItemForBuffer(key_data); 65 66 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); 67 crypto::ScopedPK11SymKey pk11_sym_key( 68 PK11_ImportSymKeyWithFlags(slot.get(), 69 mechanism, 70 PK11_OriginUnwrap, 71 CKA_FLAGS_ONLY, 72 &key_item, 73 flags, 74 false, 75 NULL)); 76 if (!pk11_sym_key.get()) 77 return Status::OperationError(); 78 79 scoped_ptr<SymKeyNss> handle(new SymKeyNss(pk11_sym_key.Pass(), key_data)); 80 81 *key = blink::WebCryptoKey::create(handle.release(), 82 blink::WebCryptoKeyTypeSecret, 83 extractable, 84 algorithm, 85 usage_mask); 86 return Status::Success(); 87 } 88 89 } // namespace webcrypto 90 91 } // namespace content 92