diff options
| author | eroman@chromium.org <eroman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-23 23:13:47 +0000 |
|---|---|---|
| committer | eroman@chromium.org <eroman@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2014-05-23 23:13:47 +0000 |
| commit | 9c2e9cf74eafc336ae99e519e02cca53dac34bba (patch) | |
| tree | 6de4f7e39a7e32ff73544c61d872ebd41351891d /content/child/webcrypto/webcrypto_impl.cc | |
| parent | a95539cf7d2e4f912681d63a7ba5e645684bebac (diff) | |
| download | chromium_src-9c2e9cf74eafc336ae99e519e02cca53dac34bba.zip chromium_src-9c2e9cf74eafc336ae99e519e02cca53dac34bba.tar.gz chromium_src-9c2e9cf74eafc336ae99e519e02cca53dac34bba.tar.bz2 | |
[webcryto] Validate key usages during key creation.
(1) Key creation (whether by importKey(), unwrapKey(), generateKey() now fails if the requested key usages are not applicable (for instance asking for 'sign' on an AES-CBC key).
(2) When generating a key pair, the public/private key get the intersection of supported usages and requested ones.
(3) The exceptions thrown during the import phase of unwrapKey() are now surfaced to the caller (bug 372944)
BUG=372040,372944,245025
R=rsleevi@chromium.org
Review URL: https://codereview.chromium.org/282133002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@272630 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'content/child/webcrypto/webcrypto_impl.cc')
| -rw-r--r-- | content/child/webcrypto/webcrypto_impl.cc | 11 |
1 files changed, 2 insertions, 9 deletions
diff --git a/content/child/webcrypto/webcrypto_impl.cc b/content/child/webcrypto/webcrypto_impl.cc index 0a80ce7..ef0740b 100644 --- a/content/child/webcrypto/webcrypto_impl.cc +++ b/content/child/webcrypto/webcrypto_impl.cc @@ -134,12 +134,6 @@ void CompleteWithKeyOrError(const Status& status, } } -bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) { - // TODO(padolph): include all other asymmetric algorithms once they are - // defined, e.g. EC and DH. - return webcrypto::IsAlgorithmRsa(algorithm.id()); -} - // Gets a task runner for the current thread. The current thread is either: // // * The main Blink thread @@ -405,7 +399,8 @@ void DoGenerateKeyReply(scoped_ptr<GenerateKeyState> state) { void DoGenerateKey(scoped_ptr<GenerateKeyState> passed_state) { GenerateKeyState* state = passed_state.get(); - state->is_asymmetric = IsAlgorithmAsymmetric(state->algorithm); + state->is_asymmetric = + webcrypto::IsAlgorithmAsymmetric(state->algorithm.id()); if (state->is_asymmetric) { state->status = webcrypto::GenerateKeyPair(state->algorithm, state->extractable, @@ -420,8 +415,6 @@ void DoGenerateKey(scoped_ptr<GenerateKeyState> passed_state) { DCHECK_EQ(state->algorithm.id(), state->private_key.algorithm().id()); DCHECK_EQ(true, state->public_key.extractable()); DCHECK_EQ(state->extractable, state->private_key.extractable()); - DCHECK_EQ(state->usage_mask, state->public_key.usages()); - DCHECK_EQ(state->usage_mask, state->private_key.usages()); } } else { blink::WebCryptoKey* key = &state->public_key; |