ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& rawFormat, const ArrayPiece& wrappedKey, Key* unwrappingKey, const Dictionary& rawUnwrapAlgorithm, const Dictionary& rawUnwrappedKeyAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; if (!ensureNotNull(wrappedKey, "wrappedKey", result.get())) return promise; if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get())) return promise; blink::WebCryptoKeyFormat format; if (!Key::parseFormat(rawFormat, format, result.get())) return promise; blink::WebCryptoKeyUsageMask keyUsages; if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; blink::WebCryptoAlgorithm unwrapAlgorithm; if (!parseAlgorithm(rawUnwrapAlgorithm, blink::WebCryptoOperationUnwrapKey, unwrapAlgorithm, result.get())) return promise; blink::WebCryptoAlgorithm unwrappedKeyAlgorithm; if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, blink::WebCryptoOperationImportKey, unwrappedKeyAlgorithm, result.get())) return promise; if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, blink::WebCryptoOperationUnwrapKey, result.get())) return promise; blink::Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(), wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& rawFormat, const DOMArrayPiece& wrappedKey, CryptoKey* unwrappingKey, const AlgorithmIdentifier& rawUnwrapAlgorithm, const AlgorithmIdentifier& rawUnwrappedKeyAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoKeyFormat format; if (!CryptoKey::parseFormat(rawFormat, format, result.get())) return promise; WebCryptoKeyUsageMask keyUsages; if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; WebCryptoAlgorithm unwrapAlgorithm; if (!parseAlgorithm(rawUnwrapAlgorithm, WebCryptoOperationUnwrapKey, unwrapAlgorithm, result.get())) return promise; WebCryptoAlgorithm unwrappedKeyAlgorithm; if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, WebCryptoOperationImportKey, unwrappedKeyAlgorithm, result.get())) return promise; if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, WebCryptoKeyUsageUnwrapKey, result.get())) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), unwrapAlgorithm, unwrappingKey->key()); histogramAlgorithm(scriptState->executionContext(), unwrappedKeyAlgorithm); Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(), wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::deriveKey(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* baseKey, const AlgorithmIdentifier& rawDerivedKeyType, bool extractable, const Vector<String>& rawKeyUsages) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoKeyUsageMask keyUsages; if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDeriveBits, algorithm, result.get())) return promise; if (!baseKey->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageDeriveKey, result.get())) return promise; WebCryptoAlgorithm importAlgorithm; if (!parseAlgorithm(rawDerivedKeyType, WebCryptoOperationImportKey, importAlgorithm, result.get())) return promise; WebCryptoAlgorithm keyLengthAlgorithm; if (!parseAlgorithm(rawDerivedKeyType, WebCryptoOperationGetKeyLength, keyLengthAlgorithm, result.get())) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, baseKey->key()); histogramAlgorithm(scriptState->executionContext(), importAlgorithm); Platform::current()->crypto()->deriveKey(algorithm, baseKey->key(), importAlgorithm, keyLengthAlgorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawFormat, Key* key, Key* wrappingKey, const Dictionary& rawWrapAlgorithm) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; if (!ensureNotNull(key, "key", result.get())) return promise; if (!ensureNotNull(wrappingKey, "wrappingKey", result.get())) return promise; blink::WebCryptoKeyFormat format; if (!Key::parseFormat(rawFormat, format, result.get())) return promise; blink::WebCryptoAlgorithm wrapAlgorithm; if (!parseAlgorithm(rawWrapAlgorithm, blink::WebCryptoOperationWrapKey, wrapAlgorithm, result.get())) return promise; if (!key->extractable()) { result->completeWithError(blink::WebCryptoErrorTypeInvalidAccess, "key is not extractable"); return promise; } if (!wrappingKey->canBeUsedForAlgorithm(wrapAlgorithm, blink::WebCryptoOperationWrapKey, result.get())) return promise; blink::Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKey->key(), wrapAlgorithm, result->result()); return promise; }
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const Dictionary& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; blink::WebCryptoKeyFormat format; if (!Key::parseFormat(rawFormat, format, result.get())) return promise; blink::WebCryptoKeyUsageMask keyUsages; if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; if (format != blink::WebCryptoKeyFormatJwk) { result->completeWithError(blink::WebCryptoErrorTypeData, "Key data must be a buffer for non-JWK formats"); return promise; } blink::WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algorithm, result.get())) return promise; CString jsonUtf8; if (!copyJwkDictionaryToJson(keyData, jsonUtf8, result.get())) return promise; blink::Platform::current()->crypto()->importKey(format, reinterpret_cast<const unsigned char*>(jsonUtf8.data()), jsonUtf8.length(), algorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const ArrayPiece& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; if (!ensureNotNull(keyData, "keyData", result.get())) return promise; blink::WebCryptoKeyFormat format; if (!Key::parseFormat(rawFormat, format, result.get())) return promise; if (format == blink::WebCryptoKeyFormatJwk) { result->completeWithError(blink::WebCryptoErrorTypeData, "Key data must be an object for JWK import"); return promise; } blink::WebCryptoKeyUsageMask keyUsages; if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; blink::WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algorithm, result.get())) return promise; blink::Platform::current()->crypto()->importKey(format, keyData.bytes(), keyData.byteLength(), algorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawFormat, CryptoKey* key, CryptoKey* wrappingKey, const AlgorithmIdentifier& rawWrapAlgorithm) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoKeyFormat format; if (!CryptoKey::parseFormat(rawFormat, format, result.get())) return promise; WebCryptoAlgorithm wrapAlgorithm; if (!parseAlgorithm(rawWrapAlgorithm, WebCryptoOperationWrapKey, wrapAlgorithm, result.get())) return promise; if (!key->extractable()) { result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key is not extractable"); return promise; } if (!wrappingKey->canBeUsedForAlgorithm(wrapAlgorithm, WebCryptoKeyUsageWrapKey, result.get())) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), wrapAlgorithm, wrappingKey->key()); histogramKey(scriptState->executionContext(), key->key()); Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKey->key(), wrapAlgorithm, result->result()); return promise; }
bool parseHash(const Dictionary& raw, blink::WebCryptoAlgorithm& hash, ErrorContext context, String& errorDetails) { Dictionary rawHash; if (!raw.get("hash", rawHash)) { errorDetails = context.toString("hash", "Missing or not a dictionary"); return false; } context.add("hash"); return parseAlgorithm(rawHash, Digest, hash, context, errorDetails); }
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const ArrayBufferOrArrayBufferViewOrDictionary& keyData, const AlgorithmIdentifier& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoKeyFormat format; if (!CryptoKey::parseFormat(rawFormat, format, result.get())) return promise; if (keyData.isDictionary()) { if (format != WebCryptoKeyFormatJwk) { result->completeWithError(WebCryptoErrorTypeData, "Key data must be a buffer for non-JWK formats"); return promise; } } else if (format == WebCryptoKeyFormatJwk) { result->completeWithError(WebCryptoErrorTypeData, "Key data must be an object for JWK import"); return promise; } WebCryptoKeyUsageMask keyUsages; if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationImportKey, algorithm, result.get())) return promise; const unsigned char* ptr = nullptr; unsigned len = 0; CString jsonUtf8; if (keyData.isArrayBuffer()) { ptr = static_cast<const unsigned char*>(keyData.getAsArrayBuffer()->data()); len = keyData.getAsArrayBuffer()->byteLength(); } else if (keyData.isArrayBufferView()) { ptr = static_cast<const unsigned char*>(keyData.getAsArrayBufferView()->baseAddress()); len = keyData.getAsArrayBufferView()->byteLength(); } else if (keyData.isDictionary()) { if (!copyJwkDictionaryToJson(keyData.getAsDictionary(), jsonUtf8, result.get())) return promise; ptr = reinterpret_cast<const unsigned char*>(jsonUtf8.data()); len = jsonUtf8.length(); } histogramAlgorithm(scriptState->executionContext(), algorithm); Platform::current()->crypto()->importKey(format, ptr, len, algorithm, extractable, keyUsages, result->result()); return promise; }
static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictionary& rawAlgorithm, Key* key, blink::WebCryptoOperation operationType, const ArrayPiece& signature, const ArrayPiece& dataBuffer) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; bool requiresKey = operationType != blink::WebCryptoOperationDigest; if (requiresKey && !ensureNotNull(key, "key", result.get())) return promise; if (operationType == blink::WebCryptoOperationVerify && !ensureNotNull(signature, "signature", result.get())) return promise; if (!ensureNotNull(dataBuffer, "dataBuffer", result.get())) return promise; blink::WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, operationType, algorithm, result.get())) return promise; if (requiresKey && !key->canBeUsedForAlgorithm(algorithm, operationType, result.get())) return promise; const unsigned char* data = dataBuffer.bytes(); unsigned dataSize = dataBuffer.byteLength(); switch (operationType) { case blink::WebCryptoOperationEncrypt: blink::Platform::current()->crypto()->encrypt(algorithm, key->key(), data, dataSize, result->result()); break; case blink::WebCryptoOperationDecrypt: blink::Platform::current()->crypto()->decrypt(algorithm, key->key(), data, dataSize, result->result()); break; case blink::WebCryptoOperationSign: blink::Platform::current()->crypto()->sign(algorithm, key->key(), data, dataSize, result->result()); break; case blink::WebCryptoOperationVerify: blink::Platform::current()->crypto()->verifySignature(algorithm, key->key(), signature.bytes(), signature.byteLength(), data, dataSize, result->result()); break; case blink::WebCryptoOperationDigest: blink::Platform::current()->crypto()->digest(algorithm, data, dataSize, result->result()); break; default: ASSERT_NOT_REACHED(); return ScriptPromise(); } return promise; }
ScriptPromise SubtleCrypto::digest(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, const DOMArrayPiece& data) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDigest, algorithm, result.get())) return promise; histogramAlgorithm(scriptState->executionContext(), algorithm); Platform::current()->crypto()->digest(algorithm, data.bytes(), data.byteLength(), result->result()); return promise; }
ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; blink::WebCryptoKeyUsageMask keyUsages; if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; blink::WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationGenerateKey, algorithm, result.get())) return promise; blink::Platform::current()->crypto()->generateKey(algorithm, extractable, keyUsages, result->result()); return promise; }
ScriptPromise SubtleCrypto::verifySignature(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& signature, const DOMArrayPiece& data) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationVerify, algorithm, result.get())) return promise; if (!key->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageVerify, result.get())) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, key->key()); Platform::current()->crypto()->verifySignature(algorithm, key->key(), signature.bytes(), signature.byteLength(), data.bytes(), data.byteLength(), result->result()); return promise; }
ScriptPromise SubtleCrypto::deriveBits(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* baseKey, unsigned lengthBits) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDeriveBits, algorithm, result.get())) return promise; if (!baseKey->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageDeriveBits, result.get())) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, baseKey->key()); Platform::current()->crypto()->deriveBits(algorithm, baseKey->key(), lengthBits, result->result()); return promise; }
ScriptPromise SubtleCrypto::sign(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& data) { CryptoResultImpl* result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result)) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationSign, algorithm, result)) return promise; if (!key->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageSign, result)) return promise; histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, key->key()); Platform::current()->crypto()->sign(algorithm, key->key(), data.bytes(), data.byteLength(), result->result()); return promise; }
ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages) { RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState); ScriptPromise promise = result->promise(); if (!canAccessWebCrypto(scriptState, result.get())) return promise; WebCryptoKeyUsageMask keyUsages; if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get())) return promise; WebCryptoAlgorithm algorithm; if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationGenerateKey, algorithm, result.get())) return promise; histogramAlgorithm(scriptState->executionContext(), algorithm); Platform::current()->crypto()->generateKey(algorithm, extractable, keyUsages, result->result()); return promise; }
SubresourceIntegrity::IntegrityParseResult SubresourceIntegrity::parseIntegrityAttribute(const WTF::String& attribute, IntegrityMetadataSet& metadataSet, Document* document) { Vector<UChar> characters; attribute.stripWhiteSpace().appendTo(characters); const UChar* position = characters.data(); const UChar* end = characters.end(); const UChar* currentIntegrityEnd; metadataSet.clear(); bool error = false; // The integrity attribute takes the form: // *WSP hash-with-options *( 1*WSP hash-with-options ) *WSP / *WSP // To parse this, break on whitespace, parsing each algorithm/digest/option // in order. while (position < end) { WTF::String digest; HashAlgorithm algorithm; skipWhile<UChar, isASCIISpace>(position, end); currentIntegrityEnd = position; skipUntil<UChar, isASCIISpace>(currentIntegrityEnd, end); // Algorithm parsing errors are non-fatal (the subresource should // still be loaded) because strong hash algorithms should be used // without fear of breaking older user agents that don't support // them. AlgorithmParseResult parseResult = parseAlgorithm(position, currentIntegrityEnd, algorithm); if (parseResult == AlgorithmUnknown) { // Unknown hash algorithms are treated as if they're not present, // and thus are not marked as an error, they're just skipped. skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The specified hash algorithm must be one of 'sha256', 'sha384', or 'sha512'.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } if (parseResult == AlgorithmUnparsable) { error = true; skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } ASSERT(parseResult == AlgorithmValid); if (!parseDigest(position, currentIntegrityEnd, digest)) { error = true; skipUntil<UChar, isASCIISpace>(position, end); if (document) { logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The digest must be a valid, base64-encoded value.", *document); UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute); } continue; } // The spec defines a space in the syntax for options, separated by a // '?' character followed by unbounded VCHARs, but no actual options // have been defined yet. Thus, for forward compatibility, ignore any // options specified. if (skipExactly<UChar>(position, end, '?')) { const UChar* begin = position; skipWhile<UChar, isValueCharacter>(position, end); if (begin != position && document) logErrorToConsole("Ignoring unrecogized 'integrity' attribute option '" + String(begin, position - begin) + "'.", *document); } IntegrityMetadata integrityMetadata(digest, algorithm); metadataSet.add(integrityMetadata.toPair()); } if (metadataSet.size() == 0 && error) return IntegrityParseNoValidResult; return IntegrityParseValidResult; }