ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& rawFormat, const ArrayPiece& wrappedKey, Key* unwrappingKey, const Dictionary& rawUnwrapAlgorithm, const Dictionary& rawUnwrappedKeyAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
if (!ensureNotNull(wrappedKey, "wrappedKey", result.get()))
return promise;
if (!ensureNotNull(unwrappingKey, "unwrappingKey", result.get()))
return promise;
blink::WebCryptoKeyFormat format;
if (!Key::parseFormat(rawFormat, format, result.get()))
return promise;
blink::WebCryptoKeyUsageMask keyUsages;
if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
blink::WebCryptoAlgorithm unwrapAlgorithm;
if (!parseAlgorithm(rawUnwrapAlgorithm, blink::WebCryptoOperationUnwrapKey, unwrapAlgorithm, result.get()))
return promise;
blink::WebCryptoAlgorithm unwrappedKeyAlgorithm;
if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, blink::WebCryptoOperationImportKey, unwrappedKeyAlgorithm, result.get()))
return promise;
if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, blink::WebCryptoOperationUnwrapKey, result.get()))
return promise;
blink::Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(), wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::unwrapKey(ScriptState* scriptState, const String& rawFormat, const DOMArrayPiece& wrappedKey, CryptoKey* unwrappingKey, const AlgorithmIdentifier& rawUnwrapAlgorithm, const AlgorithmIdentifier& rawUnwrappedKeyAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoKeyFormat format;
if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
return promise;
WebCryptoKeyUsageMask keyUsages;
if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
WebCryptoAlgorithm unwrapAlgorithm;
if (!parseAlgorithm(rawUnwrapAlgorithm, WebCryptoOperationUnwrapKey, unwrapAlgorithm, result.get()))
return promise;
WebCryptoAlgorithm unwrappedKeyAlgorithm;
if (!parseAlgorithm(rawUnwrappedKeyAlgorithm, WebCryptoOperationImportKey, unwrappedKeyAlgorithm, result.get()))
return promise;
if (!unwrappingKey->canBeUsedForAlgorithm(unwrapAlgorithm, WebCryptoKeyUsageUnwrapKey, result.get()))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), unwrapAlgorithm, unwrappingKey->key());
histogramAlgorithm(scriptState->executionContext(), unwrappedKeyAlgorithm);
Platform::current()->crypto()->unwrapKey(format, wrappedKey.bytes(), wrappedKey.byteLength(), unwrappingKey->key(), unwrapAlgorithm, unwrappedKeyAlgorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::deriveKey(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* baseKey, const AlgorithmIdentifier& rawDerivedKeyType, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoKeyUsageMask keyUsages;
if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDeriveBits, algorithm, result.get()))
return promise;
if (!baseKey->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageDeriveKey, result.get()))
return promise;
WebCryptoAlgorithm importAlgorithm;
if (!parseAlgorithm(rawDerivedKeyType, WebCryptoOperationImportKey, importAlgorithm, result.get()))
return promise;
WebCryptoAlgorithm keyLengthAlgorithm;
if (!parseAlgorithm(rawDerivedKeyType, WebCryptoOperationGetKeyLength, keyLengthAlgorithm, result.get()))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, baseKey->key());
histogramAlgorithm(scriptState->executionContext(), importAlgorithm);
Platform::current()->crypto()->deriveKey(algorithm, baseKey->key(), importAlgorithm, keyLengthAlgorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawFormat, Key* key, Key* wrappingKey, const Dictionary& rawWrapAlgorithm)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
if (!ensureNotNull(key, "key", result.get()))
return promise;
if (!ensureNotNull(wrappingKey, "wrappingKey", result.get()))
return promise;
blink::WebCryptoKeyFormat format;
if (!Key::parseFormat(rawFormat, format, result.get()))
return promise;
blink::WebCryptoAlgorithm wrapAlgorithm;
if (!parseAlgorithm(rawWrapAlgorithm, blink::WebCryptoOperationWrapKey, wrapAlgorithm, result.get()))
return promise;
if (!key->extractable()) {
result->completeWithError(blink::WebCryptoErrorTypeInvalidAccess, "key is not extractable");
return promise;
}
if (!wrappingKey->canBeUsedForAlgorithm(wrapAlgorithm, blink::WebCryptoOperationWrapKey, result.get()))
return promise;
blink::Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKey->key(), wrapAlgorithm, result->result());
return promise;
}
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const Dictionary& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
blink::WebCryptoKeyFormat format;
if (!Key::parseFormat(rawFormat, format, result.get()))
return promise;
blink::WebCryptoKeyUsageMask keyUsages;
if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
if (format != blink::WebCryptoKeyFormatJwk) {
result->completeWithError(blink::WebCryptoErrorTypeData, "Key data must be a buffer for non-JWK formats");
return promise;
}
blink::WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algorithm, result.get()))
return promise;
CString jsonUtf8;
if (!copyJwkDictionaryToJson(keyData, jsonUtf8, result.get()))
return promise;
blink::Platform::current()->crypto()->importKey(format, reinterpret_cast<const unsigned char*>(jsonUtf8.data()), jsonUtf8.length(), algorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const ArrayPiece& keyData, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
if (!ensureNotNull(keyData, "keyData", result.get()))
return promise;
blink::WebCryptoKeyFormat format;
if (!Key::parseFormat(rawFormat, format, result.get()))
return promise;
if (format == blink::WebCryptoKeyFormatJwk) {
result->completeWithError(blink::WebCryptoErrorTypeData, "Key data must be an object for JWK import");
return promise;
}
blink::WebCryptoKeyUsageMask keyUsages;
if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
blink::WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationImportKey, algorithm, result.get()))
return promise;
blink::Platform::current()->crypto()->importKey(format, keyData.bytes(), keyData.byteLength(), algorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::wrapKey(ScriptState* scriptState, const String& rawFormat, CryptoKey* key, CryptoKey* wrappingKey, const AlgorithmIdentifier& rawWrapAlgorithm)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoKeyFormat format;
if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
return promise;
WebCryptoAlgorithm wrapAlgorithm;
if (!parseAlgorithm(rawWrapAlgorithm, WebCryptoOperationWrapKey, wrapAlgorithm, result.get()))
return promise;
if (!key->extractable()) {
result->completeWithError(WebCryptoErrorTypeInvalidAccess, "key is not extractable");
return promise;
}
if (!wrappingKey->canBeUsedForAlgorithm(wrapAlgorithm, WebCryptoKeyUsageWrapKey, result.get()))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), wrapAlgorithm, wrappingKey->key());
histogramKey(scriptState->executionContext(), key->key());
Platform::current()->crypto()->wrapKey(format, key->key(), wrappingKey->key(), wrapAlgorithm, result->result());
return promise;
}
bool parseHash(const Dictionary& raw, blink::WebCryptoAlgorithm& hash, ErrorContext context, String& errorDetails)
{
Dictionary rawHash;
if (!raw.get("hash", rawHash)) {
errorDetails = context.toString("hash", "Missing or not a dictionary");
return false;
}
context.add("hash");
return parseAlgorithm(rawHash, Digest, hash, context, errorDetails);
}
ScriptPromise SubtleCrypto::importKey(ScriptState* scriptState, const String& rawFormat, const ArrayBufferOrArrayBufferViewOrDictionary& keyData, const AlgorithmIdentifier& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoKeyFormat format;
if (!CryptoKey::parseFormat(rawFormat, format, result.get()))
return promise;
if (keyData.isDictionary()) {
if (format != WebCryptoKeyFormatJwk) {
result->completeWithError(WebCryptoErrorTypeData, "Key data must be a buffer for non-JWK formats");
return promise;
}
} else if (format == WebCryptoKeyFormatJwk) {
result->completeWithError(WebCryptoErrorTypeData, "Key data must be an object for JWK import");
return promise;
}
WebCryptoKeyUsageMask keyUsages;
if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationImportKey, algorithm, result.get()))
return promise;
const unsigned char* ptr = nullptr;
unsigned len = 0;
CString jsonUtf8;
if (keyData.isArrayBuffer()) {
ptr = static_cast<const unsigned char*>(keyData.getAsArrayBuffer()->data());
len = keyData.getAsArrayBuffer()->byteLength();
} else if (keyData.isArrayBufferView()) {
ptr = static_cast<const unsigned char*>(keyData.getAsArrayBufferView()->baseAddress());
len = keyData.getAsArrayBufferView()->byteLength();
} else if (keyData.isDictionary()) {
if (!copyJwkDictionaryToJson(keyData.getAsDictionary(), jsonUtf8, result.get()))
return promise;
ptr = reinterpret_cast<const unsigned char*>(jsonUtf8.data());
len = jsonUtf8.length();
}
histogramAlgorithm(scriptState->executionContext(), algorithm);
Platform::current()->crypto()->importKey(format, ptr, len, algorithm, extractable, keyUsages, result->result());
return promise;
}
static ScriptPromise startCryptoOperation(ScriptState* scriptState, const Dictionary& rawAlgorithm, Key* key, blink::WebCryptoOperation operationType, const ArrayPiece& signature, const ArrayPiece& dataBuffer)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
bool requiresKey = operationType != blink::WebCryptoOperationDigest;
if (requiresKey && !ensureNotNull(key, "key", result.get()))
return promise;
if (operationType == blink::WebCryptoOperationVerify && !ensureNotNull(signature, "signature", result.get()))
return promise;
if (!ensureNotNull(dataBuffer, "dataBuffer", result.get()))
return promise;
blink::WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, operationType, algorithm, result.get()))
return promise;
if (requiresKey && !key->canBeUsedForAlgorithm(algorithm, operationType, result.get()))
return promise;
const unsigned char* data = dataBuffer.bytes();
unsigned dataSize = dataBuffer.byteLength();
switch (operationType) {
case blink::WebCryptoOperationEncrypt:
blink::Platform::current()->crypto()->encrypt(algorithm, key->key(), data, dataSize, result->result());
break;
case blink::WebCryptoOperationDecrypt:
blink::Platform::current()->crypto()->decrypt(algorithm, key->key(), data, dataSize, result->result());
break;
case blink::WebCryptoOperationSign:
blink::Platform::current()->crypto()->sign(algorithm, key->key(), data, dataSize, result->result());
break;
case blink::WebCryptoOperationVerify:
blink::Platform::current()->crypto()->verifySignature(algorithm, key->key(), signature.bytes(), signature.byteLength(), data, dataSize, result->result());
break;
case blink::WebCryptoOperationDigest:
blink::Platform::current()->crypto()->digest(algorithm, data, dataSize, result->result());
break;
default:
ASSERT_NOT_REACHED();
return ScriptPromise();
}
return promise;
}
ScriptPromise SubtleCrypto::digest(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, const DOMArrayPiece& data)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDigest, algorithm, result.get()))
return promise;
histogramAlgorithm(scriptState->executionContext(), algorithm);
Platform::current()->crypto()->digest(algorithm, data.bytes(), data.byteLength(), result->result());
return promise;
}
ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const Dictionary& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
blink::WebCryptoKeyUsageMask keyUsages;
if (!Key::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
blink::WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, blink::WebCryptoOperationGenerateKey, algorithm, result.get()))
return promise;
blink::Platform::current()->crypto()->generateKey(algorithm, extractable, keyUsages, result->result());
return promise;
}
ScriptPromise SubtleCrypto::verifySignature(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& signature, const DOMArrayPiece& data)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationVerify, algorithm, result.get()))
return promise;
if (!key->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageVerify, result.get()))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, key->key());
Platform::current()->crypto()->verifySignature(algorithm, key->key(), signature.bytes(), signature.byteLength(), data.bytes(), data.byteLength(), result->result());
return promise;
}
ScriptPromise SubtleCrypto::deriveBits(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* baseKey, unsigned lengthBits)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationDeriveBits, algorithm, result.get()))
return promise;
if (!baseKey->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageDeriveBits, result.get()))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, baseKey->key());
Platform::current()->crypto()->deriveBits(algorithm, baseKey->key(), lengthBits, result->result());
return promise;
}
ScriptPromise SubtleCrypto::sign(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, CryptoKey* key, const DOMArrayPiece& data)
{
CryptoResultImpl* result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationSign, algorithm, result))
return promise;
if (!key->canBeUsedForAlgorithm(algorithm, WebCryptoKeyUsageSign, result))
return promise;
histogramAlgorithmAndKey(scriptState->executionContext(), algorithm, key->key());
Platform::current()->crypto()->sign(algorithm, key->key(), data.bytes(), data.byteLength(), result->result());
return promise;
}
ScriptPromise SubtleCrypto::generateKey(ScriptState* scriptState, const AlgorithmIdentifier& rawAlgorithm, bool extractable, const Vector<String>& rawKeyUsages)
{
RefPtrWillBeRawPtr<CryptoResultImpl> result = CryptoResultImpl::create(scriptState);
ScriptPromise promise = result->promise();
if (!canAccessWebCrypto(scriptState, result.get()))
return promise;
WebCryptoKeyUsageMask keyUsages;
if (!CryptoKey::parseUsageMask(rawKeyUsages, keyUsages, result.get()))
return promise;
WebCryptoAlgorithm algorithm;
if (!parseAlgorithm(rawAlgorithm, WebCryptoOperationGenerateKey, algorithm, result.get()))
return promise;
histogramAlgorithm(scriptState->executionContext(), algorithm);
Platform::current()->crypto()->generateKey(algorithm, extractable, keyUsages, result->result());
return promise;
}
SubresourceIntegrity::IntegrityParseResult SubresourceIntegrity::parseIntegrityAttribute(const WTF::String& attribute, IntegrityMetadataSet& metadataSet, Document* document)
{
Vector<UChar> characters;
attribute.stripWhiteSpace().appendTo(characters);
const UChar* position = characters.data();
const UChar* end = characters.end();
const UChar* currentIntegrityEnd;
metadataSet.clear();
bool error = false;
// The integrity attribute takes the form:
// *WSP hash-with-options *( 1*WSP hash-with-options ) *WSP / *WSP
// To parse this, break on whitespace, parsing each algorithm/digest/option
// in order.
while (position < end) {
WTF::String digest;
HashAlgorithm algorithm;
skipWhile<UChar, isASCIISpace>(position, end);
currentIntegrityEnd = position;
skipUntil<UChar, isASCIISpace>(currentIntegrityEnd, end);
// Algorithm parsing errors are non-fatal (the subresource should
// still be loaded) because strong hash algorithms should be used
// without fear of breaking older user agents that don't support
// them.
AlgorithmParseResult parseResult = parseAlgorithm(position, currentIntegrityEnd, algorithm);
if (parseResult == AlgorithmUnknown) {
// Unknown hash algorithms are treated as if they're not present,
// and thus are not marked as an error, they're just skipped.
skipUntil<UChar, isASCIISpace>(position, end);
if (document) {
logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The specified hash algorithm must be one of 'sha256', 'sha384', or 'sha512'.", *document);
UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
}
continue;
}
if (parseResult == AlgorithmUnparsable) {
error = true;
skipUntil<UChar, isASCIISpace>(position, end);
if (document) {
logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The hash algorithm must be one of 'sha256', 'sha384', or 'sha512', followed by a '-' character.", *document);
UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
}
continue;
}
ASSERT(parseResult == AlgorithmValid);
if (!parseDigest(position, currentIntegrityEnd, digest)) {
error = true;
skipUntil<UChar, isASCIISpace>(position, end);
if (document) {
logErrorToConsole("Error parsing 'integrity' attribute ('" + attribute + "'). The digest must be a valid, base64-encoded value.", *document);
UseCounter::count(*document, UseCounter::SRIElementWithUnparsableIntegrityAttribute);
}
continue;
}
// The spec defines a space in the syntax for options, separated by a
// '?' character followed by unbounded VCHARs, but no actual options
// have been defined yet. Thus, for forward compatibility, ignore any
// options specified.
if (skipExactly<UChar>(position, end, '?')) {
const UChar* begin = position;
skipWhile<UChar, isValueCharacter>(position, end);
if (begin != position && document)
logErrorToConsole("Ignoring unrecogized 'integrity' attribute option '" + String(begin, position - begin) + "'.", *document);
}
IntegrityMetadata integrityMetadata(digest, algorithm);
metadataSet.add(integrityMetadata.toPair());
}
if (metadataSet.size() == 0 && error)
return IntegrityParseNoValidResult;
return IntegrityParseValidResult;
}
