1// Copyright 2014 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef CONTENT_CHILD_WEBCRYPTO_JWK_H_ 6#define CONTENT_CHILD_WEBCRYPTO_JWK_H_ 7 8#include <stdint.h> 9#include <vector> 10 11#include "base/strings/string_piece.h" 12#include "base/values.h" 13#include "content/common/content_export.h" 14#include "third_party/WebKit/public/platform/WebArrayBuffer.h" 15#include "third_party/WebKit/public/platform/WebCrypto.h" 16#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" 17 18namespace content { 19 20namespace webcrypto { 21 22class CryptoData; 23class Status; 24 25// Writes a JWK-formatted symmetric key to |jwk_key_data|. 26// * raw_key_data: The actual key data 27// * algorithm: The JWK algorithm name (i.e. "alg") 28// * extractable: The JWK extractability (i.e. "ext") 29// * usage_mask: The JWK usages (i.e. "key_ops") 30void WriteSecretKeyJwk(const CryptoData& raw_key_data, 31 const std::string& algorithm, 32 bool extractable, 33 blink::WebCryptoKeyUsageMask usage_mask, 34 std::vector<uint8_t>* jwk_key_data); 35 36// Parses a UTF-8 encoded JWK (key_data), and extracts the key material to 37// |*raw_key_data|. Returns Status::Success() on success, otherwise an error. 38// In order for this to succeed: 39// * expected_algorithm must match the JWK's "alg", if present. 40// * expected_extractable must be consistent with the JWK's "ext", if 41// present. 42// * expected_usage_mask must be a subset of the JWK's "key_ops" if present. 43Status ReadSecretKeyJwk(const CryptoData& key_data, 44 const std::string& expected_algorithm, 45 bool expected_extractable, 46 blink::WebCryptoKeyUsageMask expected_usage_mask, 47 std::vector<uint8_t>* raw_key_data); 48 49// Creates an AES algorithm name for the given key size (in bytes). For 50// instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16. 51std::string MakeJwkAesAlgorithmName(const std::string& suffix, 52 unsigned int keylen_bytes); 53 54// This is very similar to ReadSecretKeyJwk(), except instead of specifying an 55// absolut "expected_algorithm", the suffix for an AES algorithm name is given 56// (See MakeJwkAesAlgorithmName() for an explanation of what the suffix is). 57// 58// This is because the algorithm name for AES keys is dependent on the length 59// of the key. This function expects key lengths to be either 128, 192, or 256 60// bits. 61Status ReadAesSecretKeyJwk(const CryptoData& key_data, 62 const std::string& algorithm_name_suffix, 63 bool expected_extractable, 64 blink::WebCryptoKeyUsageMask expected_usage_mask, 65 std::vector<uint8_t>* raw_key_data); 66 67// Writes a JWK-formated RSA public key and saves the result to 68// |*jwk_key_data|. 69void WriteRsaPublicKeyJwk(const CryptoData& n, 70 const CryptoData& e, 71 const std::string& algorithm, 72 bool extractable, 73 blink::WebCryptoKeyUsageMask usage_mask, 74 std::vector<uint8_t>* jwk_key_data); 75 76// Writes a JWK-formated RSA private key and saves the result to 77// |*jwk_key_data|. 78void WriteRsaPrivateKeyJwk(const CryptoData& n, 79 const CryptoData& e, 80 const CryptoData& d, 81 const CryptoData& p, 82 const CryptoData& q, 83 const CryptoData& dp, 84 const CryptoData& dq, 85 const CryptoData& qi, 86 const std::string& algorithm, 87 bool extractable, 88 blink::WebCryptoKeyUsageMask usage_mask, 89 std::vector<uint8_t>* jwk_key_data); 90 91// Describes the RSA components for a parsed key. The names of the properties 92// correspond with those from the JWK spec. Note that Chromium's WebCrypto 93// implementation does not support multi-primes, so there is no parsed field 94// for othinfo. 95struct JwkRsaInfo { 96 JwkRsaInfo(); 97 ~JwkRsaInfo(); 98 99 bool is_private_key; 100 std::string n; 101 std::string e; 102 std::string d; 103 std::string p; 104 std::string q; 105 std::string dp; 106 std::string dq; 107 std::string qi; 108}; 109 110// Parses a UTF-8 encoded JWK (key_data), and extracts the RSA components to 111// |*result|. Returns Status::Success() on success, otherwise an error. 112// In order for this to succeed: 113// * expected_algorithm must match the JWK's "alg", if present. 114// * expected_extractable must be consistent with the JWK's "ext", if 115// present. 116// * expected_usage_mask must be a subset of the JWK's "key_ops" if present. 117Status ReadRsaKeyJwk(const CryptoData& key_data, 118 const std::string& expected_algorithm, 119 bool expected_extractable, 120 blink::WebCryptoKeyUsageMask expected_usage_mask, 121 JwkRsaInfo* result); 122 123const char* GetJwkHmacAlgorithmName(blink::WebCryptoAlgorithmId hash); 124 125// This function decodes unpadded 'base64url' encoded data, as described in 126// RFC4648 (http://www.ietf.org/rfc/rfc4648.txt) Section 5. 127CONTENT_EXPORT bool Base64DecodeUrlSafe(const std::string& input, 128 std::string* output); 129 130// Returns an unpadded 'base64url' encoding of the input data, the opposite of 131// Base64DecodeUrlSafe() above. 132CONTENT_EXPORT std::string Base64EncodeUrlSafe(const base::StringPiece& input); 133CONTENT_EXPORT std::string Base64EncodeUrlSafe( 134 const std::vector<uint8_t>& input); 135 136} // namespace webcrypto 137 138} // namespace content 139 140#endif // CONTENT_CHILD_WEBCRYPTO_JWK_H_ 141