1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_CHILD_WEBCRYPTO_ALGORITHM_IMPLEMENTATION_H_ 6 #define CONTENT_CHILD_WEBCRYPTO_ALGORITHM_IMPLEMENTATION_H_ 7 8 #include <stdint.h> 9 #include <vector> 10 11 #include "base/memory/scoped_ptr.h" 12 #include "third_party/WebKit/public/platform/WebCrypto.h" 13 14 namespace content { 15 16 namespace webcrypto { 17 18 class CryptoData; 19 class Status; 20 21 // AlgorithmImplementation is a base class for *executing* the operations of an 22 // algorithm (generating keys, encrypting, signing, etc.). 23 // 24 // This is in contrast to blink::WebCryptoAlgorithm which instead *describes* 25 // the operation and its parameters. 26 // 27 // AlgorithmImplementation has reasonable default implementations for all 28 // methods which behave as if the operation is it is unsupported, so 29 // implementations need only override the applicable methods. 30 // 31 // Unless stated otherwise methods of AlgorithmImplementation are responsible 32 // for sanitizing their inputs. The following can be assumed: 33 // 34 // * |algorithm.id()| and |key.algorithm.id()| matches the algorithm under 35 // which the implementation was registerd. 36 // * |algorithm| has the correct parameters type for the operation. 37 // * The key usages have already been verified. In fact in the case of calls 38 // to Encrypt()/Decrypt() the corresponding key usages may not be present 39 // (when wrapping/unwrapping). 40 class AlgorithmImplementation { 41 public: 42 virtual ~AlgorithmImplementation(); 43 44 // This method corresponds to Web Crypto's crypto.subtle.encrypt(). 45 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, 46 const blink::WebCryptoKey& key, 47 const CryptoData& data, 48 std::vector<uint8_t>* buffer) const; 49 50 // This method corresponds to Web Crypto's crypto.subtle.decrypt(). 51 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, 52 const blink::WebCryptoKey& key, 53 const CryptoData& data, 54 std::vector<uint8_t>* buffer) const; 55 56 // This method corresponds to Web Crypto's crypto.subtle.sign(). 57 virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm, 58 const blink::WebCryptoKey& key, 59 const CryptoData& data, 60 std::vector<uint8_t>* buffer) const; 61 62 // This method corresponds to Web Crypto's crypto.subtle.verify(). 63 virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm, 64 const blink::WebCryptoKey& key, 65 const CryptoData& signature, 66 const CryptoData& data, 67 bool* signature_match) const; 68 69 // This method corresponds to Web Crypto's crypto.subtle.digest(). 70 virtual Status Digest(const blink::WebCryptoAlgorithm& algorithm, 71 const CryptoData& data, 72 std::vector<uint8_t>* buffer) const; 73 74 // VerifyKeyUsagesBeforeGenerateKey() must be called prior to 75 // GenerateSecretKey() to validate the requested key usages. 76 virtual Status VerifyKeyUsagesBeforeGenerateKey( 77 blink::WebCryptoKeyUsageMask usage_mask) const; 78 79 // This method corresponds to Web Crypto's crypto.subtle.generateKey(). 80 virtual Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm, 81 bool extractable, 82 blink::WebCryptoKeyUsageMask usage_mask, 83 blink::WebCryptoKey* key) const; 84 85 // VerifyKeyUsagesBeforeGenerateKeyPair() must be called prior to 86 // GenerateKeyPair() to validate the requested key usages. 87 virtual Status VerifyKeyUsagesBeforeGenerateKeyPair( 88 blink::WebCryptoKeyUsageMask combined_usage_mask, 89 blink::WebCryptoKeyUsageMask* public_usage_mask, 90 blink::WebCryptoKeyUsageMask* private_usage_mask) const; 91 92 // This method corresponds to Web Crypto's crypto.subtle.generateKey(). 93 virtual Status GenerateKeyPair( 94 const blink::WebCryptoAlgorithm& algorithm, 95 bool extractable, 96 blink::WebCryptoKeyUsageMask public_usage_mask, 97 blink::WebCryptoKeyUsageMask private_usage_mask, 98 blink::WebCryptoKey* public_key, 99 blink::WebCryptoKey* private_key) const; 100 101 // ----------------------------------------------- 102 // Key import 103 // ----------------------------------------------- 104 105 // VerifyKeyUsagesBeforeImportKey() must be called before either 106 // importing a key, or unwrapping a key. 107 // 108 // Implementations should return an error if the requested usages are invalid 109 // when importing for the specified format. 110 // 111 // For instance, importing an RSA-SSA key with 'spki' format and Sign usage 112 // is invalid. The 'spki' format implies it will be a public key, and public 113 // keys do not support signing. 114 // 115 // When called with format=JWK the key type may be unknown. The 116 // ImportKeyJwk() must do the final usage check. 117 virtual Status VerifyKeyUsagesBeforeImportKey( 118 blink::WebCryptoKeyFormat format, 119 blink::WebCryptoKeyUsageMask usage_mask) const; 120 121 // This method corresponds to Web Crypto's 122 // crypto.subtle.importKey(format='raw'). 123 virtual Status ImportKeyRaw(const CryptoData& key_data, 124 const blink::WebCryptoAlgorithm& algorithm, 125 bool extractable, 126 blink::WebCryptoKeyUsageMask usage_mask, 127 blink::WebCryptoKey* key) const; 128 129 // This method corresponds to Web Crypto's 130 // crypto.subtle.importKey(format='pkcs8'). 131 virtual Status ImportKeyPkcs8(const CryptoData& key_data, 132 const blink::WebCryptoAlgorithm& algorithm, 133 bool extractable, 134 blink::WebCryptoKeyUsageMask usage_mask, 135 blink::WebCryptoKey* key) const; 136 137 // This method corresponds to Web Crypto's 138 // crypto.subtle.importKey(format='spki'). 139 virtual Status ImportKeySpki(const CryptoData& key_data, 140 const blink::WebCryptoAlgorithm& algorithm, 141 bool extractable, 142 blink::WebCryptoKeyUsageMask usage_mask, 143 blink::WebCryptoKey* key) const; 144 145 // This method corresponds to Web Crypto's 146 // crypto.subtle.importKey(format='jwk'). 147 virtual Status ImportKeyJwk(const CryptoData& key_data, 148 const blink::WebCryptoAlgorithm& algorithm, 149 bool extractable, 150 blink::WebCryptoKeyUsageMask usage_mask, 151 blink::WebCryptoKey* key) const; 152 153 // ----------------------------------------------- 154 // Key export 155 // ----------------------------------------------- 156 157 virtual Status ExportKeyRaw(const blink::WebCryptoKey& key, 158 std::vector<uint8_t>* buffer) const; 159 160 virtual Status ExportKeyPkcs8(const blink::WebCryptoKey& key, 161 std::vector<uint8_t>* buffer) const; 162 163 virtual Status ExportKeySpki(const blink::WebCryptoKey& key, 164 std::vector<uint8_t>* buffer) const; 165 166 virtual Status ExportKeyJwk(const blink::WebCryptoKey& key, 167 std::vector<uint8_t>* buffer) const; 168 }; 169 170 } // namespace webcrypto 171 172 } // namespace content 173 174 #endif // CONTENT_CHILD_WEBCRYPTO_ALGORITHM_IMPLEMENTATION_H_ 175