summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--content/child/webcrypto/algorithm_dispatch.cc28
-rw-r--r--content/child/webcrypto/algorithm_dispatch.h11
-rw-r--r--content/child/webcrypto/algorithm_implementation.cc16
-rw-r--r--content/child/webcrypto/algorithm_implementation.h34
-rw-r--r--content/child/webcrypto/nss/aes_key_nss.cc18
-rw-r--r--content/child/webcrypto/nss/aes_key_nss.h11
-rw-r--r--content/child/webcrypto/nss/hmac_nss.cc18
-rw-r--r--content/child/webcrypto/nss/key_nss.cc7
-rw-r--r--content/child/webcrypto/nss/rsa_key_nss.cc61
-rw-r--r--content/child/webcrypto/nss/rsa_key_nss.h11
-rw-r--r--content/child/webcrypto/openssl/aes_key_openssl.cc18
-rw-r--r--content/child/webcrypto/openssl/aes_key_openssl.h11
-rw-r--r--content/child/webcrypto/openssl/hmac_openssl.cc18
-rw-r--r--content/child/webcrypto/openssl/key_openssl.cc7
-rw-r--r--content/child/webcrypto/openssl/rsa_key_openssl.cc61
-rw-r--r--content/child/webcrypto/openssl/rsa_key_openssl.h11
-rw-r--r--content/child/webcrypto/platform_crypto.h3
-rw-r--r--content/child/webcrypto/structured_clone.cc136
-rw-r--r--content/child/webcrypto/structured_clone.h34
-rw-r--r--content/child/webcrypto/webcrypto_impl.cc9
-rw-r--r--content/content_child.gypi2
21 files changed, 329 insertions, 196 deletions
diff --git a/content/child/webcrypto/algorithm_dispatch.cc b/content/child/webcrypto/algorithm_dispatch.cc
index f8d7933..268560f 100644
--- a/content/child/webcrypto/algorithm_dispatch.cc
+++ b/content/child/webcrypto/algorithm_dispatch.cc
@@ -114,7 +114,6 @@ Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm,
return impl->GenerateKey(algorithm, extractable, usages, result);
}
-// Note that this function may be called from the target Blink thread.
Status ImportKey(blink::WebCryptoKeyFormat format,
const CryptoData& key_data,
const blink::WebCryptoAlgorithm& algorithm,
@@ -248,6 +247,33 @@ scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
return CreatePlatformDigestor(algorithm);
}
+bool SerializeKeyForClone(const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) {
+ const AlgorithmImplementation* impl = NULL;
+ Status status = GetAlgorithmImplementation(key.algorithm().id(), &impl);
+ if (status.IsError())
+ return false;
+
+ status = impl->SerializeKeyForClone(key, key_data);
+ return status.IsSuccess();
+}
+
+bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) {
+ const AlgorithmImplementation* impl = NULL;
+ Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
+ if (status.IsError())
+ return false;
+
+ status = impl->DeserializeKeyForClone(algorithm, type, extractable, usages,
+ key_data, key);
+ return status.IsSuccess();
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/algorithm_dispatch.h b/content/child/webcrypto/algorithm_dispatch.h
index 3eefb46..a2c1fa4 100644
--- a/content/child/webcrypto/algorithm_dispatch.h
+++ b/content/child/webcrypto/algorithm_dispatch.h
@@ -90,6 +90,17 @@ CONTENT_EXPORT Status
CONTENT_EXPORT scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
blink::WebCryptoAlgorithmId algorithm);
+CONTENT_EXPORT bool SerializeKeyForClone(const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data);
+
+CONTENT_EXPORT bool DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key);
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/algorithm_implementation.cc b/content/child/webcrypto/algorithm_implementation.cc
index b815a52..8a4c67a 100644
--- a/content/child/webcrypto/algorithm_implementation.cc
+++ b/content/child/webcrypto/algorithm_implementation.cc
@@ -126,6 +126,22 @@ Status AlgorithmImplementation::ExportKeyJwk(
return Status::ErrorUnsupportedExportKeyFormat();
}
+Status AlgorithmImplementation::SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const {
+ return Status::ErrorUnsupported();
+}
+
+Status AlgorithmImplementation::DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const {
+ return Status::ErrorUnsupported();
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/algorithm_implementation.h b/content/child/webcrypto/algorithm_implementation.h
index e926ad0..ba40d66 100644
--- a/content/child/webcrypto/algorithm_implementation.h
+++ b/content/child/webcrypto/algorithm_implementation.h
@@ -148,6 +148,40 @@ class AlgorithmImplementation {
virtual Status ExportKeyJwk(const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) const;
+
+ // -----------------------------------------------
+ // Structured clone
+ // -----------------------------------------------
+
+ // The Structured clone methods are used for synchronous serialization /
+ // deserialization of a WebCryptoKey.
+ //
+ // This serialized format is used by Blink to:
+ // * Copy WebCryptoKeys between threads (postMessage to WebWorkers)
+ // * Copy WebCryptoKeys between domains (postMessage)
+ // * Copy WebCryptoKeys within the same domain (postMessage)
+ // * Persist the key to storage (IndexedDB)
+ //
+ // Implementations of structured cloning must:
+ // * Be threadsafe (structured cloning is called directly on the Blink
+ // thread, in contrast to the other methods of AlgorithmImplementation).
+ // * Use a stable format (a serialized key must forever be de-serializable,
+ // and be able to survive future migrations to crypto libraries)
+ // * Work for all keys (including ones marked as non-extractable).
+ //
+ // Tests to verify structured cloning are available in:
+ // LayoutTests/crypto/clone-*.html
+ virtual Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const;
+
+ virtual Status DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const;
};
} // namespace webcrypto
diff --git a/content/child/webcrypto/nss/aes_key_nss.cc b/content/child/webcrypto/nss/aes_key_nss.cc
index 2bd0c57..4472b41 100644
--- a/content/child/webcrypto/nss/aes_key_nss.cc
+++ b/content/child/webcrypto/nss/aes_key_nss.cc
@@ -129,6 +129,24 @@ Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key,
return Status::Success();
}
+Status AesAlgorithm::SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const {
+ key_data->assign(SymKeyNss::Cast(key)->serialized_key_data());
+ return Status::Success();
+}
+
+Status AesAlgorithm::DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const {
+ return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable,
+ usages, key);
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/nss/aes_key_nss.h b/content/child/webcrypto/nss/aes_key_nss.h
index 5e4cba3..f99cd9b 100644
--- a/content/child/webcrypto/nss/aes_key_nss.h
+++ b/content/child/webcrypto/nss/aes_key_nss.h
@@ -63,6 +63,17 @@ class AesAlgorithm : public AlgorithmImplementation {
Status ExportKeyJwk(const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) const override;
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override;
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override;
+
private:
const CK_MECHANISM_TYPE import_mechanism_;
const CK_FLAGS import_flags_;
diff --git a/content/child/webcrypto/nss/hmac_nss.cc b/content/child/webcrypto/nss/hmac_nss.cc
index c3424fb..699efd3 100644
--- a/content/child/webcrypto/nss/hmac_nss.cc
+++ b/content/child/webcrypto/nss/hmac_nss.cc
@@ -227,6 +227,24 @@ class HmacImplementation : public AlgorithmImplementation {
return Status::Success();
}
+
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override {
+ key_data->assign(SymKeyNss::Cast(key)->serialized_key_data());
+ return Status::Success();
+ }
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override {
+ return ImportKeyRaw(key_data, CreateHmacImportAlgorithm(
+ algorithm.hmacParams()->hash().id()),
+ extractable, usages, key);
+ }
};
} // namespace
diff --git a/content/child/webcrypto/nss/key_nss.cc b/content/child/webcrypto/nss/key_nss.cc
index 9193963..0887fe6 100644
--- a/content/child/webcrypto/nss/key_nss.cc
+++ b/content/child/webcrypto/nss/key_nss.cc
@@ -84,13 +84,6 @@ PrivateKeyNss::PrivateKeyNss(crypto::ScopedSECKEYPrivateKey key,
: KeyNss(pkcs8_data), key_(key.Pass()) {
}
-bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key,
- blink::WebVector<uint8_t>* key_data) {
- const KeyNss* nss_key = static_cast<KeyNss*>(key.handle());
- *key_data = nss_key->serialized_key_data();
- return true;
-}
-
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/nss/rsa_key_nss.cc b/content/child/webcrypto/nss/rsa_key_nss.cc
index f9619a6..7e15be1 100644
--- a/content/child/webcrypto/nss/rsa_key_nss.cc
+++ b/content/child/webcrypto/nss/rsa_key_nss.cc
@@ -847,6 +847,67 @@ Status RsaHashedAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key,
}
}
+Status RsaHashedAlgorithm::SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const {
+ key_data->assign(static_cast<KeyNss*>(key.handle())->serialized_key_data());
+ return Status::Success();
+}
+
+// TODO(eroman): Defer import to the crypto thread. http://crbug.com/430763
+Status RsaHashedAlgorithm::DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const {
+ blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm(
+ algorithm.id(), algorithm.rsaHashedParams()->hash().id());
+
+ Status status;
+
+ switch (type) {
+ case blink::WebCryptoKeyTypePublic:
+ status =
+ ImportKeySpki(key_data, import_algorithm, extractable, usages, key);
+ break;
+ case blink::WebCryptoKeyTypePrivate:
+ status =
+ ImportKeyPkcs8(key_data, import_algorithm, extractable, usages, key);
+ break;
+ default:
+ return Status::ErrorUnexpected();
+ }
+
+ // There is some duplicated information in the serialized format used by
+ // structured clone (since the KeyAlgorithm is serialized separately from the
+ // key data). Use this extra information to further validate what was
+ // deserialized from the key data.
+
+ if (algorithm.id() != key->algorithm().id())
+ return Status::ErrorUnexpected();
+
+ if (key->type() != type)
+ return Status::ErrorUnexpected();
+
+ if (algorithm.rsaHashedParams()->modulusLengthBits() !=
+ key->algorithm().rsaHashedParams()->modulusLengthBits()) {
+ return Status::ErrorUnexpected();
+ }
+
+ if (algorithm.rsaHashedParams()->publicExponent().size() !=
+ key->algorithm().rsaHashedParams()->publicExponent().size() ||
+ 0 !=
+ memcmp(algorithm.rsaHashedParams()->publicExponent().data(),
+ key->algorithm().rsaHashedParams()->publicExponent().data(),
+ key->algorithm().rsaHashedParams()->publicExponent().size())) {
+ return Status::ErrorUnexpected();
+ }
+
+ return Status::Success();
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/nss/rsa_key_nss.h b/content/child/webcrypto/nss/rsa_key_nss.h
index 725a25e..4d240ab 100644
--- a/content/child/webcrypto/nss/rsa_key_nss.h
+++ b/content/child/webcrypto/nss/rsa_key_nss.h
@@ -79,6 +79,17 @@ class RsaHashedAlgorithm : public AlgorithmImplementation {
Status ExportKeyJwk(const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) const override;
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override;
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override;
+
private:
CK_FLAGS generate_flags_;
blink::WebCryptoKeyUsageMask all_public_key_usages_;
diff --git a/content/child/webcrypto/openssl/aes_key_openssl.cc b/content/child/webcrypto/openssl/aes_key_openssl.cc
index 14fa24e..e831a41 100644
--- a/content/child/webcrypto/openssl/aes_key_openssl.cc
+++ b/content/child/webcrypto/openssl/aes_key_openssl.cc
@@ -119,6 +119,24 @@ Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key,
return Status::Success();
}
+Status AesAlgorithm::SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const {
+ key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
+ return Status::Success();
+}
+
+Status AesAlgorithm::DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const {
+ return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable,
+ usages, key);
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/openssl/aes_key_openssl.h b/content/child/webcrypto/openssl/aes_key_openssl.h
index 206a1e2..9ddc046 100644
--- a/content/child/webcrypto/openssl/aes_key_openssl.h
+++ b/content/child/webcrypto/openssl/aes_key_openssl.h
@@ -55,6 +55,17 @@ class AesAlgorithm : public AlgorithmImplementation {
Status ExportKeyJwk(const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) const override;
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override;
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override;
+
private:
const blink::WebCryptoKeyUsageMask all_key_usages_;
const std::string jwk_suffix_;
diff --git a/content/child/webcrypto/openssl/hmac_openssl.cc b/content/child/webcrypto/openssl/hmac_openssl.cc
index 77b5ccf..49bde22 100644
--- a/content/child/webcrypto/openssl/hmac_openssl.cc
+++ b/content/child/webcrypto/openssl/hmac_openssl.cc
@@ -203,6 +203,24 @@ class HmacImplementation : public AlgorithmImplementation {
return Status::Success();
}
+
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override {
+ key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
+ return Status::Success();
+ }
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override {
+ return ImportKeyRaw(key_data, CreateHmacImportAlgorithm(
+ algorithm.hmacParams()->hash().id()),
+ extractable, usages, key);
+ }
};
} // namespace
diff --git a/content/child/webcrypto/openssl/key_openssl.cc b/content/child/webcrypto/openssl/key_openssl.cc
index 9ea1f20..bb4273e 100644
--- a/content/child/webcrypto/openssl/key_openssl.cc
+++ b/content/child/webcrypto/openssl/key_openssl.cc
@@ -61,13 +61,6 @@ AsymKeyOpenSsl::AsymKeyOpenSsl(crypto::ScopedEVP_PKEY key,
: KeyOpenSsl(serialized_key_data), key_(key.Pass()) {
}
-bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key,
- blink::WebVector<uint8_t>* key_data) {
- const KeyOpenSsl* openssl_key = static_cast<KeyOpenSsl*>(key.handle());
- *key_data = openssl_key->serialized_key_data();
- return true;
-}
-
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/openssl/rsa_key_openssl.cc b/content/child/webcrypto/openssl/rsa_key_openssl.cc
index 6710c31..e849f0d 100644
--- a/content/child/webcrypto/openssl/rsa_key_openssl.cc
+++ b/content/child/webcrypto/openssl/rsa_key_openssl.cc
@@ -384,6 +384,67 @@ Status RsaHashedAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key,
}
}
+Status RsaHashedAlgorithm::SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const {
+ key_data->assign(AsymKeyOpenSsl::Cast(key)->serialized_key_data());
+ return Status::Success();
+}
+
+// TODO(eroman): Defer import to the crypto thread. http://crbug.com/430763
+Status RsaHashedAlgorithm::DeserializeKeyForClone(
+ const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const {
+ blink::WebCryptoAlgorithm import_algorithm = CreateRsaHashedImportAlgorithm(
+ algorithm.id(), algorithm.rsaHashedParams()->hash().id());
+
+ Status status;
+
+ switch (type) {
+ case blink::WebCryptoKeyTypePublic:
+ status =
+ ImportKeySpki(key_data, import_algorithm, extractable, usages, key);
+ break;
+ case blink::WebCryptoKeyTypePrivate:
+ status =
+ ImportKeyPkcs8(key_data, import_algorithm, extractable, usages, key);
+ break;
+ default:
+ return Status::ErrorUnexpected();
+ }
+
+ // There is some duplicated information in the serialized format used by
+ // structured clone (since the KeyAlgorithm is serialized separately from the
+ // key data). Use this extra information to further validate what was
+ // deserialized from the key data.
+
+ if (algorithm.id() != key->algorithm().id())
+ return Status::ErrorUnexpected();
+
+ if (key->type() != type)
+ return Status::ErrorUnexpected();
+
+ if (algorithm.rsaHashedParams()->modulusLengthBits() !=
+ key->algorithm().rsaHashedParams()->modulusLengthBits()) {
+ return Status::ErrorUnexpected();
+ }
+
+ if (algorithm.rsaHashedParams()->publicExponent().size() !=
+ key->algorithm().rsaHashedParams()->publicExponent().size() ||
+ 0 !=
+ memcmp(algorithm.rsaHashedParams()->publicExponent().data(),
+ key->algorithm().rsaHashedParams()->publicExponent().data(),
+ key->algorithm().rsaHashedParams()->publicExponent().size())) {
+ return Status::ErrorUnexpected();
+ }
+
+ return Status::Success();
+}
+
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/openssl/rsa_key_openssl.h b/content/child/webcrypto/openssl/rsa_key_openssl.h
index d793505..91de209 100644
--- a/content/child/webcrypto/openssl/rsa_key_openssl.h
+++ b/content/child/webcrypto/openssl/rsa_key_openssl.h
@@ -71,6 +71,17 @@ class RsaHashedAlgorithm : public AlgorithmImplementation {
Status ExportKeyJwk(const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) const override;
+ Status SerializeKeyForClone(
+ const blink::WebCryptoKey& key,
+ blink::WebVector<uint8_t>* key_data) const override;
+
+ Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
+ blink::WebCryptoKeyType type,
+ bool extractable,
+ blink::WebCryptoKeyUsageMask usages,
+ const CryptoData& key_data,
+ blink::WebCryptoKey* key) const override;
+
private:
blink::WebCryptoKeyUsageMask all_public_key_usages_;
blink::WebCryptoKeyUsageMask all_private_key_usages_;
diff --git a/content/child/webcrypto/platform_crypto.h b/content/child/webcrypto/platform_crypto.h
index 2977b9c..e37d187 100644
--- a/content/child/webcrypto/platform_crypto.h
+++ b/content/child/webcrypto/platform_crypto.h
@@ -33,9 +33,6 @@ AlgorithmImplementation* CreatePlatformRsaOaepImplementation();
AlgorithmImplementation* CreatePlatformRsaSsaImplementation();
AlgorithmImplementation* CreatePlatformRsaPssImplementation();
-bool PlatformSerializeKeyForClone(const blink::WebCryptoKey& key,
- blink::WebVector<uint8_t>* key_data);
-
} // namespace webcrypto
} // namespace content
diff --git a/content/child/webcrypto/structured_clone.cc b/content/child/webcrypto/structured_clone.cc
deleted file mode 100644
index 68d449a..0000000
--- a/content/child/webcrypto/structured_clone.cc
+++ /dev/null
@@ -1,136 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "content/child/webcrypto/structured_clone.h"
-
-#include "base/logging.h"
-#include "content/child/webcrypto/algorithm_dispatch.h"
-#include "content/child/webcrypto/platform_crypto.h"
-#include "content/child/webcrypto/status.h"
-#include "content/child/webcrypto/webcrypto_util.h"
-#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
-
-namespace content {
-
-namespace webcrypto {
-
-namespace {
-
-// Returns the key format to use for structured cloning.
-blink::WebCryptoKeyFormat GetCloneFormatForKeyType(
- blink::WebCryptoKeyType type) {
- switch (type) {
- case blink::WebCryptoKeyTypeSecret:
- return blink::WebCryptoKeyFormatRaw;
- case blink::WebCryptoKeyTypePublic:
- return blink::WebCryptoKeyFormatSpki;
- case blink::WebCryptoKeyTypePrivate:
- return blink::WebCryptoKeyFormatPkcs8;
- }
-
- NOTREACHED();
- return blink::WebCryptoKeyFormatRaw;
-}
-
-// Converts a KeyAlgorithm into an equivalent Algorithm for import.
-blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm(
- const blink::WebCryptoKeyAlgorithm& algorithm) {
- switch (algorithm.paramsType()) {
- case blink::WebCryptoKeyAlgorithmParamsTypeAes:
- return CreateAlgorithm(algorithm.id());
- case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
- return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id());
- case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
- return CreateRsaHashedImportAlgorithm(
- algorithm.id(), algorithm.rsaHashedParams()->hash().id());
- case blink::WebCryptoKeyAlgorithmParamsTypeNone:
- break;
- default:
- break;
- }
- return blink::WebCryptoAlgorithm::createNull();
-}
-
-// There is some duplicated information in the serialized format used by
-// structured clone (since the KeyAlgorithm is serialized separately from the
-// key data). Use this extra information to further validate what was
-// deserialized from the key data.
-//
-// A failure here implies either a bug in the code, or that the serialized data
-// was corrupted.
-bool ValidateDeserializedKey(const blink::WebCryptoKey& key,
- const blink::WebCryptoKeyAlgorithm& algorithm,
- blink::WebCryptoKeyType type) {
- if (algorithm.id() != key.algorithm().id())
- return false;
-
- if (key.type() != type)
- return false;
-
- switch (algorithm.paramsType()) {
- case blink::WebCryptoKeyAlgorithmParamsTypeAes:
- if (algorithm.aesParams()->lengthBits() !=
- key.algorithm().aesParams()->lengthBits())
- return false;
- break;
- case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
- if (algorithm.rsaHashedParams()->modulusLengthBits() !=
- key.algorithm().rsaHashedParams()->modulusLengthBits())
- return false;
- if (algorithm.rsaHashedParams()->publicExponent().size() !=
- key.algorithm().rsaHashedParams()->publicExponent().size())
- return false;
- if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(),
- key.algorithm().rsaHashedParams()->publicExponent().data(),
- key.algorithm().rsaHashedParams()->publicExponent().size()) !=
- 0)
- return false;
- break;
- case blink::WebCryptoKeyAlgorithmParamsTypeNone:
- case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
- break;
- default:
- return false;
- }
-
- return true;
-}
-
-} // namespace
-
-// Note that this function is called from the target Blink thread.
-bool SerializeKeyForClone(const blink::WebCryptoKey& key,
- blink::WebVector<uint8_t>* key_data) {
- return PlatformSerializeKeyForClone(key, key_data);
-}
-
-// Note that this function is called from the target Blink thread.
-bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
- blink::WebCryptoKeyType type,
- bool extractable,
- blink::WebCryptoKeyUsageMask usages,
- const CryptoData& key_data,
- blink::WebCryptoKey* key) {
- // TODO(eroman): This should not call into the platform crypto layer.
- // Otherwise it runs the risk of stalling while the NSS/OpenSSL global locks
- // are held.
- //
- // An alternate approach is to defer the key import until the key is used.
- // However this means that any deserialization errors would have to be
- // surfaced as WebCrypto errors, leading to slightly different behaviors. For
- // instance you could clone a key which fails to be deserialized.
- Status status = ImportKey(GetCloneFormatForKeyType(type),
- key_data,
- KeyAlgorithmToImportAlgorithm(algorithm),
- extractable,
- usages,
- key);
- if (status.IsError())
- return false;
- return ValidateDeserializedKey(*key, algorithm, type);
-}
-
-} // namespace webcrypto
-
-} // namespace content
diff --git a/content/child/webcrypto/structured_clone.h b/content/child/webcrypto/structured_clone.h
deleted file mode 100644
index 3e218c8..0000000
--- a/content/child/webcrypto/structured_clone.h
+++ /dev/null
@@ -1,34 +0,0 @@
-// Copyright 2014 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_
-#define CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_
-
-#include <stdint.h>
-
-#include "third_party/WebKit/public/platform/WebCrypto.h"
-
-namespace content {
-
-namespace webcrypto {
-
-class CryptoData;
-
-// Called on the target Blink thread.
-bool SerializeKeyForClone(const blink::WebCryptoKey& key,
- blink::WebVector<uint8_t>* key_data);
-
-// Called on the target Blink thread.
-bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
- blink::WebCryptoKeyType type,
- bool extractable,
- blink::WebCryptoKeyUsageMask usages,
- const CryptoData& key_data,
- blink::WebCryptoKey* key);
-
-} // namespace webcrypto
-
-} // namespace content
-
-#endif // CONTENT_CHILD_WEBCRYPTO_STRUCTURED_CLONE_H_
diff --git a/content/child/webcrypto/webcrypto_impl.cc b/content/child/webcrypto/webcrypto_impl.cc
index 2099a90..f5d18c2 100644
--- a/content/child/webcrypto/webcrypto_impl.cc
+++ b/content/child/webcrypto/webcrypto_impl.cc
@@ -19,7 +19,6 @@
#include "content/child/webcrypto/crypto_data.h"
#include "content/child/webcrypto/generate_key_result.h"
#include "content/child/webcrypto/status.h"
-#include "content/child/webcrypto/structured_clone.h"
#include "content/child/webcrypto/webcrypto_util.h"
#include "content/child/worker_thread_task_runner.h"
#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
@@ -36,14 +35,14 @@ namespace {
// ---------------------
//
// WebCrypto operations can be slow. For instance generating an RSA key can
-// take hundreds of milliseconds to several seconds.
+// seconds.
//
// Moreover the underlying crypto libraries are not threadsafe when operating
// on the same key.
//
// The strategy used here is to run a sequenced worker pool for all WebCrypto
-// operations. This pool (of 1 threads) is also used by requests started from
-// Blink Web Workers.
+// operations (except structured cloning). This same pool is also used by
+// requests started from Blink Web Workers.
//
// A few notes to keep in mind:
//
@@ -707,8 +706,6 @@ bool WebCryptoImpl::deserializeKeyForClone(
const unsigned char* key_data,
unsigned key_data_size,
blink::WebCryptoKey& key) {
- // TODO(eroman): Rather than do the import immediately on the current thread,
- // it could defer to the crypto thread.
return webcrypto::DeserializeKeyForClone(
algorithm,
type,
diff --git a/content/content_child.gypi b/content/content_child.gypi
index c51317f..848ca95 100644
--- a/content/content_child.gypi
+++ b/content/content_child.gypi
@@ -229,8 +229,6 @@
'child/webcrypto/platform_crypto.h',
'child/webcrypto/status.cc',
'child/webcrypto/status.h',
- 'child/webcrypto/structured_clone.cc',
- 'child/webcrypto/structured_clone.h',
'child/webcrypto/webcrypto_impl.cc',
'child/webcrypto/webcrypto_impl.h',
'child/webcrypto/webcrypto_util.cc',