10019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch/* 20019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * Copyright (C) 2013 Google Inc. All rights reserved. 30019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * 40019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * Redistribution and use in source and binary forms, with or without 50019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * modification, are permitted provided that the following conditions are 60019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * met: 70019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * 80019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * * Redistributions of source code must retain the above copyright 90019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * notice, this list of conditions and the following disclaimer. 100019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * * Redistributions in binary form must reproduce the above 110019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * copyright notice, this list of conditions and the following disclaimer 120019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * in the documentation and/or other materials provided with the 130019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * distribution. 140019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * * Neither the name of Google Inc. nor the names of its 150019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * contributors may be used to endorse or promote products derived from 160019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * this software without specific prior written permission. 170019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * 180019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 190019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 200019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR 210019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT 220019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 230019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT 240019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, 250019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY 260019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT 270019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE 280019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 290019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch */ 300019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 310019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch#ifndef WebCrypto_h 320019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch#define WebCrypto_h 330019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 340019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch#include "WebCommon.h" 35d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles)#include "WebCryptoAlgorithm.h" 3602772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch#include "WebCryptoKey.h" 3702772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch#include "WebPrivatePtr.h" 38f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu#include "WebString.h" 3907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch#include "WebVector.h" 400019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 4109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles)#if INSIDE_BLINK 42c0e19a689c8ac22cdc96b291a8d33a5d3b0b34a4Torne (Richard Coles)namespace WTF { template <typename T> class PassRefPtr; } 43c0e19a689c8ac22cdc96b291a8d33a5d3b0b34a4Torne (Richard Coles)#endif 44c0e19a689c8ac22cdc96b291a8d33a5d3b0b34a4Torne (Richard Coles) 4551b2906e11752df6c18351cf520e30522d3b53a1Torne (Richard Coles)namespace blink { 460019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 47e38fbeeb576b5094e34e038ab88d9d6a5c5c2214Torne (Richard Coles)class CryptoResult; 480019e4eead4d990e4304c54a9028aca9122fb256Ben Murdochclass WebArrayBuffer; 4909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles)class WebString; 500019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 51f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liuenum WebCryptoErrorType { 52f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeType, 53f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeNotSupported, 54f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeSyntax, 55f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeInvalidState, 56f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeInvalidAccess, 57f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeUnknown, 58f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeData, 59f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu WebCryptoErrorTypeOperation, 60f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu}; 61f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu 62e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles)class WebCryptoResult { 6302772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdochpublic: 64e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) WebCryptoResult(const WebCryptoResult& o) 6502772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch { 6602772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch assign(o); 6702772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch } 6802772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch 69e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) ~WebCryptoResult() 70e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) { 71e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) reset(); 72e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) } 73e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) 74e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) WebCryptoResult& operator=(const WebCryptoResult& o) 7502772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch { 7602772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch assign(o); 7702772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch return *this; 7802772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch } 7902772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch 8009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Note that WebString is NOT safe to pass across threads. 8109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 82f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // Error details are surfaced in an exception, and MUST NEVER reveal any 83f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // secret information such as bytes of the key or plain text. An 84f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // appropriate error would be something like: 8509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // "iv must be 16 bytes long". 86f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu BLINK_PLATFORM_EXPORT void completeWithError(WebCryptoErrorType, const WebString&); 8709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) 8809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Note that WebArrayBuffer is NOT safe to create from another thread. 8909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithBuffer(const WebArrayBuffer&); 9009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Makes a copy of the input data given as a pointer and byte length. 9109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithBuffer(const void*, unsigned); 925d92fedcae5e801a8b224de090094f2d9df0b54aTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithJson(const char* utf8Data, unsigned length); 9309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithBoolean(bool); 9409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithKey(const WebCryptoKey&); 9509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void completeWithKeyPair(const WebCryptoKey& publicKey, const WebCryptoKey& privateKey); 9609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) 9776c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) // Returns true if the underlying operation was cancelled. 9876c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) // This method can be called from any thread. 9976c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) BLINK_PLATFORM_EXPORT bool cancelled() const; 10076c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) 10109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles)#if INSIDE_BLINK 102e38fbeeb576b5094e34e038ab88d9d6a5c5c2214Torne (Richard Coles) BLINK_PLATFORM_EXPORT explicit WebCryptoResult(const WTF::PassRefPtr<CryptoResult>&); 103c0e19a689c8ac22cdc96b291a8d33a5d3b0b34a4Torne (Richard Coles)#endif 10402772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch 10502772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdochprivate: 10609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void reset(); 10709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) BLINK_PLATFORM_EXPORT void assign(const WebCryptoResult&); 10802772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch 109e38fbeeb576b5094e34e038ab88d9d6a5c5c2214Torne (Richard Coles) WebPrivatePtr<CryptoResult> m_impl; 11002772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch}; 11102772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdoch 11207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdochclass WebCryptoDigestor { 11307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdochpublic: 11407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual ~WebCryptoDigestor() { } 11507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 11607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // consume() will return |true| on the successful addition of data to the 11707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // partially generated digest. It will return |false| when that fails. After 11807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // a return of |false|, consume() should not be called again (nor should 11907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // finish() be called). 12007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual bool consume(const unsigned char* data, unsigned dataSize) { return false; } 12107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 12207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // finish() will return |true| if the digest has been successfully computed 12307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // and put into the result buffer, otherwise it will return |false|. In 12407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // either case, neither finish() nor consume() should be called again after 12507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // a call to finish(). resultData is valid until the WebCrytpoDigestor 12607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // object is destroyed. 12707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual bool finish(unsigned char*& resultData, unsigned& resultDataSize) { return false; } 12807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 12907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdochprotected: 13007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch WebCryptoDigestor() { } 13107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch}; 13207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 133e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles)class WebCrypto { 13402772c6a72f1ee0b226341a4f4439970c29fc861Ben Murdochpublic: 13509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // WebCrypto is the interface for starting one-shot cryptographic 13609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // operations. 13709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 13809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 13909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Completing the request 14009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 14109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 14209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Implementations signal completion by calling one of the methods on 14309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // "result". Only a single result/error should be set for the request. 14409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Different operations expect different result types based on the 14509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // algorithm parameters; see the Web Crypto standard for details. 14609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 14709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // The result can be set either synchronously while handling the request, 14809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // or asynchronously after the method has returned. When completing 14909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // asynchronously make a copy of the WebCryptoResult and call it from the 15009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // same thread that started the request. 15109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 15276c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) // If the request was cancelled it is not necessary for implementations to 15376c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) // set the result. 15476c265b59aa821ccbf8c75ab2bb0d036e97d2956Torne (Richard Coles) // 15509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 15609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Threading 15709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 15809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 159f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // The WebCrypto interface will be called from blink threads (main or 160f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // web worker). All communication back to Blink must be on this same thread. 161f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // 16209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Notably: 16309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 164f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // * The WebCryptoResult can be copied between threads, however all 165f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // methods other than the destructor must be called from the origin 166f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // Blink thread. 16709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 16809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * WebCryptoKey and WebCryptoAlgorithm ARE threadsafe. They can be 16909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // safely copied between threads and accessed. Copying is cheap because 17009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // they are internally reference counted. 17109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 17209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * WebArrayBuffer is NOT threadsafe. It should only be created from the 173f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // target Blink thread. This means threaded implementations may have to 17409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // make a copy of the output buffer. 175e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) // 17609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 17709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Inputs 17809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 179e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) // 18009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * Data buffers are passed as (basePointer, byteLength) pairs. 18109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // These buffers are only valid during the call itself. Asynchronous 18209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // implementations wishing to access it after the function returns 18309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // should make a copy. 18409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 18509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * All WebCryptoKeys are guaranteeed to be !isNull(). 18609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 18709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * All WebCryptoAlgorithms are guaranteed to be !isNull() 18809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 18909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * Look to the Web Crypto spec for an explanation of the parameter. The 19009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // method names here have a 1:1 correspondence with those of 19109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // crypto.subtle, with the exception of "verify" which is here called 19209380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // "verifySignature". 19309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 19409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 19509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Guarantees on input validity 19609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // ----------------------- 19709380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 19809380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // Implementations MUST carefully sanitize algorithm inputs before using 19909380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // them, as they come directly from the user. Few checks have been done on 20009380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // algorithm parameters prior to passing to the embedder. 20109380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 202f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu // Only the following checks can be assumed as having already passed: 20309380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // 20409380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * The key is extractable when calling into exportKey/wrapKey. 20509380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * The key usages permit the operation being requested. 20609380295ba73501a205346becac22c6978e4671dTorne (Richard Coles) // * The key's algorithm matches that of the requested operation. 207f79f16f17ddc4f842d7b7a38603e280e94be826aTorne (Richard Coles) // 208f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void encrypt(const WebCryptoAlgorithm&, const WebCryptoKey&, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 209f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void decrypt(const WebCryptoAlgorithm&, const WebCryptoKey&, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 210f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void sign(const WebCryptoAlgorithm&, const WebCryptoKey&, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 211f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void verifySignature(const WebCryptoAlgorithm&, const WebCryptoKey&, const unsigned char* signature, unsigned signatureSize, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 212f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void digest(const WebCryptoAlgorithm&, const unsigned char* data, unsigned dataSize, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 213f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void generateKey(const WebCryptoAlgorithm&, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 214f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void importKey(WebCryptoKeyFormat, const unsigned char* keyData, unsigned keyDataSize, const WebCryptoAlgorithm&, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 215f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void exportKey(WebCryptoKeyFormat, const WebCryptoKey&, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 216f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void wrapKey(WebCryptoKeyFormat, const WebCryptoKey& key, const WebCryptoKey& wrappingKey, const WebCryptoAlgorithm&, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 217f91f5fa1608c2cdd9af1842fb5dadbe78275be2aBo Liu virtual void unwrapKey(WebCryptoKeyFormat, const unsigned char* wrappedKey, unsigned wrappedKeySize, const WebCryptoKey&, const WebCryptoAlgorithm& unwrapAlgorithm, const WebCryptoAlgorithm& unwrappedKeyAlgorithm, bool extractable, WebCryptoKeyUsageMask, WebCryptoResult result) { result.completeWithError(WebCryptoErrorTypeNotSupported, ""); } 218a854de003a23bf3c7f95ec0f8154ada64092ff5cTorne (Richard Coles) 21907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // This is the exception to the "Completing the request" guarantees 22007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // outlined above. This is useful for Blink internal crypto and is not part 22110f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch // of the WebCrypto standard. createDigestor must provide the result via 22210f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch // the WebCryptoDigestor object synchronously. createDigestor may return 0 22310f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch // if it fails to create a WebCryptoDigestor. If it succeeds, the 22410f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch // WebCryptoDigestor returned by createDigestor must be freed by the 22510f88d5669dbd969c059d61ba09fa37dd72ac559Ben Murdoch // caller. 22607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual WebCryptoDigestor* createDigestor(WebCryptoAlgorithmId algorithmId) { return 0; } 22707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 22807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // ----------------------- 22907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Structured clone 23007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // ----------------------- 23107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 23207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // deserializeKeyForClone() and serializeKeyForClone() are used for 23307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // implementing structured cloning of WebCryptoKey. 23407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 23507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Blink is responsible for saving and restoring all of the attributes of 23607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // WebCryptoKey EXCEPT for the actual key data: 23707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 23807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // In other words, Blink takes care of serializing: 23907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * Key usages 24007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * Key extractability 24107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * Key algorithm 24207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * Key type (public, private, secret) 24307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 24407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // The embedder is responsible for saving the key data itself. 24507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 24607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Visibility of the serialized key data: 24707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 24807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // The serialized key data will NOT be visible to web pages. So if the 24907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // serialized format were to include key bytes as plain text, this wouldn't 25007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // make it available to web pages. 25107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 25207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Longevity of the key data: 25307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 25407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // The serialized key data is intended to be long lived (years) and MUST 25507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // be using a stable format. For instance a key might be persisted to 25607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // IndexedDB and should be able to be deserialized correctly in the 25707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // future. 25807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 25907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Error handling and asynchronous completion: 26007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 26107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Serialization/deserialization must complete synchronously, and will 26207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // block the JavaScript thread. 26307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // 26407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // The only reasons to fail serialization/deserialization are: 26507a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * Key serialization not yet implemented 26607a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // * The bytes to deserialize were corrupted 26707a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 26807a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Creates a new key given key data which was written using 26907a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // serializeKeyForClone(). Returns true on success. 27007a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual bool deserializeKeyForClone(const WebCryptoKeyAlgorithm&, WebCryptoKeyType, bool extractable, WebCryptoKeyUsageMask, const unsigned char* keyData, unsigned keyDataSize, WebCryptoKey&) { return false; } 27107a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch 27207a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Writes the key data into the given WebVector. 27307a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch // Returns true on success. 27407a852d8c1953036774d8f3b65d18dcfea3bb4a2Ben Murdoch virtual bool serializeKeyForClone(const WebCryptoKey&, WebVector<unsigned char>&) { return false; } 275d5428f32f5d1719f774f62e19147104ca245a3abTorne (Richard Coles) 276e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles)protected: 277e1f1df5f01594c0e62e751e4b46e779b85c2faa5Torne (Richard Coles) virtual ~WebCrypto() { } 2780019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch}; 2790019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 28051b2906e11752df6c18351cf520e30522d3b53a1Torne (Richard Coles)} // namespace blink 2810019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch 2820019e4eead4d990e4304c54a9028aca9122fb256Ben Murdoch#endif 283