1 // Copyright 2014 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CONTENT_CHILD_WEBCRYPTO_NSS_RSA_KEY_NSS_H_ 6 #define CONTENT_CHILD_WEBCRYPTO_NSS_RSA_KEY_NSS_H_ 7 8 #include <pkcs11t.h> 9 10 #include "content/child/webcrypto/algorithm_implementation.h" 11 12 namespace content { 13 14 namespace webcrypto { 15 16 class PublicKeyNss; 17 class PrivateKeyNss; 18 19 // Base class for an RSA algorithm whose keys additionaly have a hash parameter 20 // bound to them. Provides functionality for generating, importing, and 21 // exporting keys. 22 class RsaHashedAlgorithm : public AlgorithmImplementation { 23 public: 24 // Constructs an RSA algorithm which will use the NSS flags |generate_flags| 25 // when generating keys. |all_public_key_usages| and |all_private_key_usages| 26 // are the set of WebCrypto key usages that are valid for created keys 27 // (public and private respectively). 28 // 29 // For instance if public keys support encryption and wrapping, and private 30 // keys support decryption and unwrapping callers should set: 31 // all_public_key_usages = UsageEncrypt | UsageWrap 32 // all_private_key_usages = UsageDecrypt | UsageUnwrap 33 // This information is used when importing or generating keys, to enforce 34 // that valid key usages are allowed. 35 RsaHashedAlgorithm(CK_FLAGS generate_flags, 36 blink::WebCryptoKeyUsageMask all_public_key_usages, 37 blink::WebCryptoKeyUsageMask all_private_key_usages) 38 : generate_flags_(generate_flags), 39 all_public_key_usages_(all_public_key_usages), 40 all_private_key_usages_(all_private_key_usages) {} 41 42 // For instance "RSA-OAEP-256". 43 virtual const char* GetJwkAlgorithm( 44 const blink::WebCryptoAlgorithmId hash) const = 0; 45 46 virtual Status VerifyKeyUsagesBeforeGenerateKeyPair( 47 blink::WebCryptoKeyUsageMask combined_usage_mask, 48 blink::WebCryptoKeyUsageMask* public_usage_mask, 49 blink::WebCryptoKeyUsageMask* private_usage_mask) const OVERRIDE; 50 51 virtual Status GenerateKeyPair( 52 const blink::WebCryptoAlgorithm& algorithm, 53 bool extractable, 54 blink::WebCryptoKeyUsageMask public_usage_mask, 55 blink::WebCryptoKeyUsageMask private_usage_mask, 56 blink::WebCryptoKey* public_key, 57 blink::WebCryptoKey* private_key) const OVERRIDE; 58 59 virtual Status VerifyKeyUsagesBeforeImportKey( 60 blink::WebCryptoKeyFormat format, 61 blink::WebCryptoKeyUsageMask usage_mask) const OVERRIDE; 62 63 virtual Status ImportKeyPkcs8(const CryptoData& key_data, 64 const blink::WebCryptoAlgorithm& algorithm, 65 bool extractable, 66 blink::WebCryptoKeyUsageMask usage_mask, 67 blink::WebCryptoKey* key) const OVERRIDE; 68 69 virtual Status ImportKeySpki(const CryptoData& key_data, 70 const blink::WebCryptoAlgorithm& algorithm, 71 bool extractable, 72 blink::WebCryptoKeyUsageMask usage_mask, 73 blink::WebCryptoKey* key) const OVERRIDE; 74 75 virtual Status ExportKeyPkcs8(const blink::WebCryptoKey& key, 76 std::vector<uint8_t>* buffer) const OVERRIDE; 77 78 virtual Status ExportKeySpki(const blink::WebCryptoKey& key, 79 std::vector<uint8_t>* buffer) const OVERRIDE; 80 81 virtual Status ImportKeyJwk(const CryptoData& key_data, 82 const blink::WebCryptoAlgorithm& algorithm, 83 bool extractable, 84 blink::WebCryptoKeyUsageMask usage_mask, 85 blink::WebCryptoKey* key) const OVERRIDE; 86 87 virtual Status ExportKeyJwk(const blink::WebCryptoKey& key, 88 std::vector<uint8_t>* buffer) const OVERRIDE; 89 90 private: 91 CK_FLAGS generate_flags_; 92 blink::WebCryptoKeyUsageMask all_public_key_usages_; 93 blink::WebCryptoKeyUsageMask all_private_key_usages_; 94 }; 95 96 } // namespace webcrypto 97 98 } // namespace content 99 100 #endif // CONTENT_CHILD_WEBCRYPTO_NSS_RSA_KEY_NSS_H_ 101