diff options
21 files changed, 329 insertions, 196 deletions
diff --git a/content/child/webcrypto/algorithm_dispatch.cc b/content/child/webcrypto/algorithm_dispatch.cc index f8d7933..268560f 100644 --- a/content/child/webcrypto/algorithm_dispatch.cc +++ b/content/child/webcrypto/algorithm_dispatch.cc @@ -114,7 +114,6 @@ Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm, return impl->GenerateKey(algorithm, extractable, usages, result); } -// Note that this function may be called from the target Blink thread. Status ImportKey(blink::WebCryptoKeyFormat format, const CryptoData& key_data, const blink::WebCryptoAlgorithm& algorithm, @@ -248,6 +247,33 @@ scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( return CreatePlatformDigestor(algorithm); } +bool SerializeKeyForClone(const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) { + const AlgorithmImplementation* impl = NULL; + Status status = GetAlgorithmImplementation(key.algorithm().id(), &impl); + if (status.IsError()) + return false; + + status = impl->SerializeKeyForClone(key, key_data); + return status.IsSuccess(); +} + +bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) { + const AlgorithmImplementation* impl = NULL; + Status status = GetAlgorithmImplementation(algorithm.id(), &impl); + if (status.IsError()) + return false; + + status = impl->DeserializeKeyForClone(algorithm, type, extractable, usages, + key_data, key); + return status.IsSuccess(); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/algorithm_dispatch.h b/content/child/webcrypto/algorithm_dispatch.h index 3eefb46..a2c1fa4 100644 --- a/content/child/webcrypto/algorithm_dispatch.h +++ b/content/child/webcrypto/algorithm_dispatch.h @@ -90,6 +90,17 @@ CONTENT_EXPORT Status CONTENT_EXPORT scoped_ptr<blink::WebCryptoDigestor> CreateDigestor( blink::WebCryptoAlgorithmId algorithm); +CONTENT_EXPORT bool SerializeKeyForClone(const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data); + +CONTENT_EXPORT bool DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key); + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/algorithm_implementation.cc b/content/child/webcrypto/algorithm_implementation.cc index b815a52..8a4c67a 100644 --- a/content/child/webcrypto/algorithm_implementation.cc +++ b/content/child/webcrypto/algorithm_implementation.cc @@ -126,6 +126,22 @@ Status AlgorithmImplementation::ExportKeyJwk( return Status::ErrorUnsupportedExportKeyFormat(); } +Status AlgorithmImplementation::SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const { + return Status::ErrorUnsupported(); +} + +Status AlgorithmImplementation::DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const { + return Status::ErrorUnsupported(); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/algorithm_implementation.h b/content/child/webcrypto/algorithm_implementation.h index e926ad0..ba40d66 100644 --- a/content/child/webcrypto/algorithm_implementation.h +++ b/content/child/webcrypto/algorithm_implementation.h @@ -148,6 +148,40 @@ class AlgorithmImplementation { virtual Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const; + + // ----------------------------------------------- + // Structured clone + // ----------------------------------------------- + + // The Structured clone methods are used for synchronous serialization / + // deserialization of a WebCryptoKey. + // + // This serialized format is used by Blink to: + // * Copy WebCryptoKeys between threads (postMessage to WebWorkers) + // * Copy WebCryptoKeys between domains (postMessage) + // * Copy WebCryptoKeys within the same domain (postMessage) + // * Persist the key to storage (IndexedDB) + // + // Implementations of structured cloning must: + // * Be threadsafe (structured cloning is called directly on the Blink + // thread, in contrast to the other methods of AlgorithmImplementation). + // * Use a stable format (a serialized key must forever be de-serializable, + // and be able to survive future migrations to crypto libraries) + // * Work for all keys (including ones marked as non-extractable). + // + // Tests to verify structured cloning are available in: + // LayoutTests/crypto/clone-*.html + virtual Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const; + + virtual Status DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const; }; } // namespace webcrypto diff --git a/content/child/webcrypto/nss/aes_key_nss.cc b/content/child/webcrypto/nss/aes_key_nss.cc index 2bd0c57..4472b41 100644 --- a/content/child/webcrypto/nss/aes_key_nss.cc +++ b/content/child/webcrypto/nss/aes_key_nss.cc @@ -129,6 +129,24 @@ Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, return Status::Success(); } +Status AesAlgorithm::SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const { + key_data->assign(SymKeyNss::Cast(key)->serialized_key_data()); + return Status::Success(); +} + +Status AesAlgorithm::DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const { + return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable, + usages, key); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/nss/aes_key_nss.h b/content/child/webcrypto/nss/aes_key_nss.h index 5e4cba3..f99cd9b 100644 --- a/content/child/webcrypto/nss/aes_key_nss.h +++ b/content/child/webcrypto/nss/aes_key_nss.h @@ -63,6 +63,17 @@ class AesAlgorithm : public AlgorithmImplementation { Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const override; + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override; + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override; + private: const CK_MECHANISM_TYPE import_mechanism_; const CK_FLAGS import_flags_; diff --git a/content/child/webcrypto/nss/hmac_nss.cc b/content/child/webcrypto/nss/hmac_nss.cc index c3424fb..699efd3 100644 --- a/content/child/webcrypto/nss/hmac_nss.cc +++ b/content/child/webcrypto/nss/hmac_nss.cc @@ -227,6 +227,24 @@ class HmacImplementation : public AlgorithmImplementation { return Status::Success(); } + + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override { + key_data->assign(SymKeyNss::Cast(key)->serialized_key_data()); + return Status::Success(); + } + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override { + return ImportKeyRaw(key_data, CreateHmacImportAlgorithm( + algorithm.hmacParams()->hash().id()), + extractable, usages, key); + } }; } // namespace diff --git a/content/child/webcrypto/nss/key_nss.cc b/content/child/webcrypto/nss/key_nss.cc index 9193963..0887fe6 100644 --- a/content/child/webcrypto/nss/key_nss.cc +++ b/content/child/webcrypto/nss/key_nss.cc @@ -84,13 +84,6 @@ PrivateKeyNss::PrivateKeyNss(crypto::ScopedSECKEYPrivateKey key, : KeyNss(pkcs8_data), key_(key.Pass()) { } -bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key, - blink::WebVector<uint8_t>* key_data) { - const KeyNss* nss_key = static_cast<KeyNss*>(key.handle()); - *key_data = nss_key->serialized_key_data(); - return true; -} - } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/nss/rsa_key_nss.cc b/content/child/webcrypto/nss/rsa_key_nss.cc index f9619a6..7e15be1 100644 --- a/content/child/webcrypto/nss/rsa_key_nss.cc +++ b/content/child/webcrypto/nss/rsa_key_nss.cc @@ -847,6 +847,67 @@ Status RsaHashedAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, } } +Status RsaHashedAlgorithm::SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const { + key_data->assign(static_cast<KeyNss*>(key.handle())->serialized_key_data()); + return Status::Success(); +} + +// TODO(eroman): Defer import to the crypto thread. http://crbug.com/430763 +Status RsaHashedAlgorithm::DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const { + blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( + algorithm.id(), algorithm.rsaHashedParams()->hash().id()); + + Status status; + + switch (type) { + case blink::WebCryptoKeyTypePublic: + status = + ImportKeySpki(key_data, import_algorithm, extractable, usages, key); + break; + case blink::WebCryptoKeyTypePrivate: + status = + ImportKeyPkcs8(key_data, import_algorithm, extractable, usages, key); + break; + default: + return Status::ErrorUnexpected(); + } + + // There is some duplicated information in the serialized format used by + // structured clone (since the KeyAlgorithm is serialized separately from the + // key data). Use this extra information to further validate what was + // deserialized from the key data. + + if (algorithm.id() != key->algorithm().id()) + return Status::ErrorUnexpected(); + + if (key->type() != type) + return Status::ErrorUnexpected(); + + if (algorithm.rsaHashedParams()->modulusLengthBits() != + key->algorithm().rsaHashedParams()->modulusLengthBits()) { + return Status::ErrorUnexpected(); + } + + if (algorithm.rsaHashedParams()->publicExponent().size() != + key->algorithm().rsaHashedParams()->publicExponent().size() || + 0 != + memcmp(algorithm.rsaHashedParams()->publicExponent().data(), + key->algorithm().rsaHashedParams()->publicExponent().data(), + key->algorithm().rsaHashedParams()->publicExponent().size())) { + return Status::ErrorUnexpected(); + } + + return Status::Success(); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/nss/rsa_key_nss.h b/content/child/webcrypto/nss/rsa_key_nss.h index 725a25e..4d240ab 100644 --- a/content/child/webcrypto/nss/rsa_key_nss.h +++ b/content/child/webcrypto/nss/rsa_key_nss.h @@ -79,6 +79,17 @@ class RsaHashedAlgorithm : public AlgorithmImplementation { Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const override; + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override; + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override; + private: CK_FLAGS generate_flags_; blink::WebCryptoKeyUsageMask all_public_key_usages_; diff --git a/content/child/webcrypto/openssl/aes_key_openssl.cc b/content/child/webcrypto/openssl/aes_key_openssl.cc index 14fa24e..e831a41 100644 --- a/content/child/webcrypto/openssl/aes_key_openssl.cc +++ b/content/child/webcrypto/openssl/aes_key_openssl.cc @@ -119,6 +119,24 @@ Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, return Status::Success(); } +Status AesAlgorithm::SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const { + key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); + return Status::Success(); +} + +Status AesAlgorithm::DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const { + return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable, + usages, key); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/openssl/aes_key_openssl.h b/content/child/webcrypto/openssl/aes_key_openssl.h index 206a1e2..9ddc046 100644 --- a/content/child/webcrypto/openssl/aes_key_openssl.h +++ b/content/child/webcrypto/openssl/aes_key_openssl.h @@ -55,6 +55,17 @@ class AesAlgorithm : public AlgorithmImplementation { Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const override; + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override; + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override; + private: const blink::WebCryptoKeyUsageMask all_key_usages_; const std::string jwk_suffix_; diff --git a/content/child/webcrypto/openssl/hmac_openssl.cc b/content/child/webcrypto/openssl/hmac_openssl.cc index 77b5ccf..49bde22 100644 --- a/content/child/webcrypto/openssl/hmac_openssl.cc +++ b/content/child/webcrypto/openssl/hmac_openssl.cc @@ -203,6 +203,24 @@ class HmacImplementation : public AlgorithmImplementation { return Status::Success(); } + + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override { + key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); + return Status::Success(); + } + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override { + return ImportKeyRaw(key_data, CreateHmacImportAlgorithm( + algorithm.hmacParams()->hash().id()), + extractable, usages, key); + } }; } // namespace diff --git a/content/child/webcrypto/openssl/key_openssl.cc b/content/child/webcrypto/openssl/key_openssl.cc index 9ea1f20..bb4273e 100644 --- a/content/child/webcrypto/openssl/key_openssl.cc +++ b/content/child/webcrypto/openssl/key_openssl.cc @@ -61,13 +61,6 @@ AsymKeyOpenSsl::AsymKeyOpenSsl(crypto::ScopedEVP_PKEY key, : KeyOpenSsl(serialized_key_data), key_(key.Pass()) { } -bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key, - blink::WebVector<uint8_t>* key_data) { - const KeyOpenSsl* openssl_key = static_cast<KeyOpenSsl*>(key.handle()); - *key_data = openssl_key->serialized_key_data(); - return true; -} - } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/openssl/rsa_key_openssl.cc b/content/child/webcrypto/openssl/rsa_key_openssl.cc index 6710c31..e849f0d 100644 --- a/content/child/webcrypto/openssl/rsa_key_openssl.cc +++ b/content/child/webcrypto/openssl/rsa_key_openssl.cc @@ -384,6 +384,67 @@ Status RsaHashedAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, } } +Status RsaHashedAlgorithm::SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const { + key_data->assign(AsymKeyOpenSsl::Cast(key)->serialized_key_data()); + return Status::Success(); +} + +// TODO(eroman): Defer import to the crypto thread. http://crbug.com/430763 +Status RsaHashedAlgorithm::DeserializeKeyForClone( + const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const { + blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm( + algorithm.id(), algorithm.rsaHashedParams()->hash().id()); + + Status status; + + switch (type) { + case blink::WebCryptoKeyTypePublic: + status = + ImportKeySpki(key_data, import_algorithm, extractable, usages, key); + break; + case blink::WebCryptoKeyTypePrivate: + status = + ImportKeyPkcs8(key_data, import_algorithm, extractable, usages, key); + break; + default: + return Status::ErrorUnexpected(); + } + + // There is some duplicated information in the serialized format used by + // structured clone (since the KeyAlgorithm is serialized separately from the + // key data). Use this extra information to further validate what was + // deserialized from the key data. + + if (algorithm.id() != key->algorithm().id()) + return Status::ErrorUnexpected(); + + if (key->type() != type) + return Status::ErrorUnexpected(); + + if (algorithm.rsaHashedParams()->modulusLengthBits() != + key->algorithm().rsaHashedParams()->modulusLengthBits()) { + return Status::ErrorUnexpected(); + } + + if (algorithm.rsaHashedParams()->publicExponent().size() != + key->algorithm().rsaHashedParams()->publicExponent().size() || + 0 != + memcmp(algorithm.rsaHashedParams()->publicExponent().data(), + key->algorithm().rsaHashedParams()->publicExponent().data(), + key->algorithm().rsaHashedParams()->publicExponent().size())) { + return Status::ErrorUnexpected(); + } + + return Status::Success(); +} + } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/openssl/rsa_key_openssl.h b/content/child/webcrypto/openssl/rsa_key_openssl.h index d793505..91de209 100644 --- a/content/child/webcrypto/openssl/rsa_key_openssl.h +++ b/content/child/webcrypto/openssl/rsa_key_openssl.h @@ -71,6 +71,17 @@ class RsaHashedAlgorithm : public AlgorithmImplementation { Status ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const override; + Status SerializeKeyForClone( + const blink::WebCryptoKey& key, + blink::WebVector<uint8_t>* key_data) const override; + + Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, + blink::WebCryptoKeyType type, + bool extractable, + blink::WebCryptoKeyUsageMask usages, + const CryptoData& key_data, + blink::WebCryptoKey* key) const override; + private: blink::WebCryptoKeyUsageMask all_public_key_usages_; blink::WebCryptoKeyUsageMask all_private_key_usages_; diff --git a/content/child/webcrypto/platform_crypto.h b/content/child/webcrypto/platform_crypto.h index 2977b9c..e37d187 100644 --- a/content/child/webcrypto/platform_crypto.h +++ b/content/child/webcrypto/platform_crypto.h @@ -33,9 +33,6 @@ AlgorithmImplementation* CreatePlatformRsaOaepImplementation(); AlgorithmImplementation* CreatePlatformRsaSsaImplementation(); AlgorithmImplementation* CreatePlatformRsaPssImplementation(); -bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key, - blink::WebVector<uint8_t>* key_data); - } // namespace webcrypto } // namespace content diff --git a/content/child/webcrypto/structured_clone.cc b/content/child/webcrypto/structured_clone.cc deleted file mode 100644 index 68d449a..0000000 --- a/content/child/webcrypto/structured_clone.cc +++ /dev/null @@ -1,136 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "content/child/webcrypto/structured_clone.h" - -#include "base/logging.h" -#include "content/child/webcrypto/algorithm_dispatch.h" -#include "content/child/webcrypto/platform_crypto.h" -#include "content/child/webcrypto/status.h" -#include "content/child/webcrypto/webcrypto_util.h" -#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" - -namespace content { - -namespace webcrypto { - -namespace { - -// Returns the key format to use for structured cloning. -blink::WebCryptoKeyFormat GetCloneFormatForKeyType( - blink::WebCryptoKeyType type) { - switch (type) { - case blink::WebCryptoKeyTypeSecret: - return blink::WebCryptoKeyFormatRaw; - case blink::WebCryptoKeyTypePublic: - return blink::WebCryptoKeyFormatSpki; - case blink::WebCryptoKeyTypePrivate: - return blink::WebCryptoKeyFormatPkcs8; - } - - NOTREACHED(); - return blink::WebCryptoKeyFormatRaw; -} - -// Converts a KeyAlgorithm into an equivalent Algorithm for import. -blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm( - const blink::WebCryptoKeyAlgorithm& algorithm) { - switch (algorithm.paramsType()) { - case blink::WebCryptoKeyAlgorithmParamsTypeAes: - return CreateAlgorithm(algorithm.id()); - case blink::WebCryptoKeyAlgorithmParamsTypeHmac: - return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id()); - case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: - return CreateRsaHashedImportAlgorithm( - algorithm.id(), algorithm.rsaHashedParams()->hash().id()); - case blink::WebCryptoKeyAlgorithmParamsTypeNone: - break; - default: - break; - } - return blink::WebCryptoAlgorithm::createNull(); -} - -// There is some duplicated information in the serialized format used by -// structured clone (since the KeyAlgorithm is serialized separately from the -// key data). Use this extra information to further validate what was -// deserialized from the key data. -// -// A failure here implies either a bug in the code, or that the serialized data -// was corrupted. -bool ValidateDeserializedKey(const blink::WebCryptoKey& key, - const blink::WebCryptoKeyAlgorithm& algorithm, - blink::WebCryptoKeyType type) { - if (algorithm.id() != key.algorithm().id()) - return false; - - if (key.type() != type) - return false; - - switch (algorithm.paramsType()) { - case blink::WebCryptoKeyAlgorithmParamsTypeAes: - if (algorithm.aesParams()->lengthBits() != - key.algorithm().aesParams()->lengthBits()) - return false; - break; - case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed: - if (algorithm.rsaHashedParams()->modulusLengthBits() != - key.algorithm().rsaHashedParams()->modulusLengthBits()) - return false; - if (algorithm.rsaHashedParams()->publicExponent().size() != - key.algorithm().rsaHashedParams()->publicExponent().size()) - return false; - if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(), - key.algorithm().rsaHashedParams()->publicExponent().data(), - key.algorithm().rsaHashedParams()->publicExponent().size()) != - 0) - return false; - break; - case blink::WebCryptoKeyAlgorithmParamsTypeNone: - case blink::WebCryptoKeyAlgorithmParamsTypeHmac: - break; - default: - return false; - } - - return true; -} - -} // namespace - -// Note that this function is called from the target Blink thread. -bool SerializeKeyForClone(const blink::WebCryptoKey& key, - blink::WebVector<uint8_t>* key_data) { - return PlatformSerializeKeyForClone(key, key_data); -} - -// Note that this function is called from the target Blink thread. -bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, - blink::WebCryptoKeyType type, - bool extractable, - blink::WebCryptoKeyUsageMask usages, - const CryptoData& key_data, - blink::WebCryptoKey* key) { - // TODO(eroman): This should not call into the platform crypto layer. - // Otherwise it runs the risk of stalling while the NSS/OpenSSL global locks - // are held. - // - // An alternate approach is to defer the key import until the key is used. - // However this means that any deserialization errors would have to be - // surfaced as WebCrypto errors, leading to slightly different behaviors. For - // instance you could clone a key which fails to be deserialized. - Status status = ImportKey(GetCloneFormatForKeyType(type), - key_data, - KeyAlgorithmToImportAlgorithm(algorithm), - extractable, - usages, - key); - if (status.IsError()) - return false; - return ValidateDeserializedKey(*key, algorithm, type); -} - -} // namespace webcrypto - -} // namespace content diff --git a/content/child/webcrypto/structured_clone.h b/content/child/webcrypto/structured_clone.h deleted file mode 100644 index 3e218c8..0000000 --- a/content/child/webcrypto/structured_clone.h +++ /dev/null @@ -1,34 +0,0 @@ -// Copyright 2014 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_ -#define CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_ - -#include <stdint.h> - -#include "third_party/WebKit/public/platform/WebCrypto.h" - -namespace content { - -namespace webcrypto { - -class CryptoData; - -// Called on the target Blink thread. -bool SerializeKeyForClone(const blink::WebCryptoKey& key, - blink::WebVector<uint8_t>* key_data); - -// Called on the target Blink thread. -bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, - blink::WebCryptoKeyType type, - bool extractable, - blink::WebCryptoKeyUsageMask usages, - const CryptoData& key_data, - blink::WebCryptoKey* key); - -} // namespace webcrypto - -} // namespace content - -#endif // CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_ diff --git a/content/child/webcrypto/webcrypto_impl.cc b/content/child/webcrypto/webcrypto_impl.cc index 2099a90..f5d18c2 100644 --- a/content/child/webcrypto/webcrypto_impl.cc +++ b/content/child/webcrypto/webcrypto_impl.cc @@ -19,7 +19,6 @@ #include "content/child/webcrypto/crypto_data.h" #include "content/child/webcrypto/generate_key_result.h" #include "content/child/webcrypto/status.h" -#include "content/child/webcrypto/structured_clone.h" #include "content/child/webcrypto/webcrypto_util.h" #include "content/child/worker_thread_task_runner.h" #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" @@ -36,14 +35,14 @@ namespace { // --------------------- // // WebCrypto operations can be slow. For instance generating an RSA key can -// take hundreds of milliseconds to several seconds. +// seconds. // // Moreover the underlying crypto libraries are not threadsafe when operating // on the same key. // // The strategy used here is to run a sequenced worker pool for all WebCrypto -// operations. This pool (of 1 threads) is also used by requests started from -// Blink Web Workers. +// operations (except structured cloning). This same pool is also used by +// requests started from Blink Web Workers. // // A few notes to keep in mind: // @@ -707,8 +706,6 @@ bool WebCryptoImpl::deserializeKeyForClone( const unsigned char* key_data, unsigned key_data_size, blink::WebCryptoKey& key) { - // TODO(eroman): Rather than do the import immediately on the current thread, - // it could defer to the crypto thread. return webcrypto::DeserializeKeyForClone( algorithm, type, diff --git a/content/content_child.gypi b/content/content_child.gypi index c51317f..848ca95 100644 --- a/content/content_child.gypi +++ b/content/content_child.gypi @@ -229,8 +229,6 @@ 'child/webcrypto/platform_crypto.h', 'child/webcrypto/status.cc', 'child/webcrypto/status.h', - 'child/webcrypto/structured_clone.cc', - 'child/webcrypto/structured_clone.h', 'child/webcrypto/webcrypto_impl.cc', 'child/webcrypto/webcrypto_impl.h', 'child/webcrypto/webcrypto_util.cc', |