Add support for RSA-OAEP when using NSS 3.16.2 or later.

This also rolls the NSS deps to include the RSA-OAEP support backported for Windows/Mac

BUG=372917
R=eroman@chromium.org

Review URL: https://codereview.chromium.org/275943004

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@272221 0039d316-1c4b-4281-b951-d872f2087c98

DEPS

@@ -57,7 +57,7 @@ vars = {
   # and V8 without interference from each other.
   "webrtc_revision": "6189",
   "jsoncpp_revision": "248",
-  "nss_revision": "271557",
+  "nss_revision": "271760",
   # Three lines of non-changing comments so that
   # the commit queue can handle CLs rolling swarming_client
   # and whatever else without interference from each other.

content/child/webcrypto/jwk.cc

@@ -314,6 +314,15 @@ class JwkAlgorithmRegistry {
     alg_to_info_["RSA-OAEP"] =
         JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm,
                                           blink::WebCryptoAlgorithmIdSha1>);
+    alg_to_info_["RSA-OAEP-256"] =
+        JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm,
+                                          blink::WebCryptoAlgorithmIdSha256>);
+    alg_to_info_["RSA-OAEP-384"] =
+        JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm,
+                                          blink::WebCryptoAlgorithmIdSha384>);
+    alg_to_info_["RSA-OAEP-512"] =
+        JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm,
+                                          blink::WebCryptoAlgorithmIdSha512>);
     alg_to_info_["A128KW"] = JwkAlgorithmInfo(
         &BindAlgorithmId<CreateAlgorithm, blink::WebCryptoAlgorithmIdAesKw>,
         128);
@@ -667,22 +676,47 @@ Status WriteAlg(const blink::WebCryptoKeyAlgorithm& algorithm,
       }
       break;
     case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
-      switch (algorithm.rsaHashedParams()->hash().id()) {
-        case blink::WebCryptoAlgorithmIdRsaOaep:
-          jwk_dict->SetString("alg", "RSA-OAEP");
-          break;
-        case blink::WebCryptoAlgorithmIdSha1:
-          jwk_dict->SetString("alg", "RS1");
-          break;
-        case blink::WebCryptoAlgorithmIdSha256:
-          jwk_dict->SetString("alg", "RS256");
-          break;
-        case blink::WebCryptoAlgorithmIdSha384:
-          jwk_dict->SetString("alg", "RS384");
+      switch (algorithm.id()) {
+        case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
+          switch (algorithm.rsaHashedParams()->hash().id()) {
+            case blink::WebCryptoAlgorithmIdSha1:
+              jwk_dict->SetString("alg", "RS1");
+              break;
+            case blink::WebCryptoAlgorithmIdSha256:
+              jwk_dict->SetString("alg", "RS256");
+              break;
+            case blink::WebCryptoAlgorithmIdSha384:
+              jwk_dict->SetString("alg", "RS384");
+              break;
+            case blink::WebCryptoAlgorithmIdSha512:
+              jwk_dict->SetString("alg", "RS512");
+              break;
+            default:
+              NOTREACHED();
+              return Status::ErrorUnexpected();
+          }
           break;
-        case blink::WebCryptoAlgorithmIdSha512:
-          jwk_dict->SetString("alg", "RS512");
+        }
+        case blink::WebCryptoAlgorithmIdRsaOaep: {
+          switch (algorithm.rsaHashedParams()->hash().id()) {
+            case blink::WebCryptoAlgorithmIdSha1:
+              jwk_dict->SetString("alg", "RSA-OAEP");
+              break;
+            case blink::WebCryptoAlgorithmIdSha256:
+              jwk_dict->SetString("alg", "RSA-OAEP-256");
+              break;
+            case blink::WebCryptoAlgorithmIdSha384:
+              jwk_dict->SetString("alg", "RSA-OAEP-384");
+              break;
+            case blink::WebCryptoAlgorithmIdSha512:
+              jwk_dict->SetString("alg", "RSA-OAEP-512");
+              break;
+            default:
+              NOTREACHED();
+              return Status::ErrorUnexpected();
+          }
           break;
+        }
         default:
           NOTREACHED();
           return Status::ErrorUnexpected();

content/child/webcrypto/platform_crypto.h

@@ -109,6 +109,26 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
                              const CryptoData& data,
                              std::vector<uint8>* buffer);
 
+// Preconditions:
+//  * |key| is non-null
+//  * |hash| is a digest algorithm
+//  * |label| MAY be empty (e.g. 0 bytes long).
+Status EncryptRsaOaep(PublicKey* key,
+                      const blink::WebCryptoAlgorithm& hash,
+                      const CryptoData& label,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer);
+
+// Preconditions:
+//   * |key| is non-null
+//   * |hash| is a digest algorithm
+//   * |label| MAY be empty (e.g. 0 bytes long).
+Status DecryptRsaOaep(PrivateKey* key,
+                      const blink::WebCryptoAlgorithm& hash,
+                      const CryptoData& label,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer);
+
 // Preconditions:
 //  * |key| is a non-null HMAC key.
 //  * |hash| is a digest algorithm.

content/child/webcrypto/platform_crypto_openssl.cc

@@ -423,6 +423,24 @@ Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
   return Status::ErrorUnsupported();
 }
 
+Status EncryptRsaOaep(PublicKey* key,
+                      const blink::WebCryptoAlgorithm& hash,
+                      const CryptoData& label,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  // TODO(eroman): http://crbug.com/267888
+  return Status::ErrorUnsupported();
+}
+
+Status DecryptRsaOaep(PrivateKey* key,
+                      const blink::WebCryptoAlgorithm& hash,
+                      const CryptoData& label,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  // TODO(eroman): http://crbug.com/267888
+  return Status::ErrorUnsupported();
+}
+
 Status SignRsaSsaPkcs1v1_5(PrivateKey* key,
                            const blink::WebCryptoAlgorithm& hash,
                            const CryptoData& data,

content/child/webcrypto/shared_crypto.cc

@@ -135,6 +135,46 @@ Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
   return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer);
 }
 
+Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+                      const blink::WebCryptoKey& key,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  platform::PublicKey* public_key;
+  Status status = ToPlatformPublicKey(key, &public_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  return platform::EncryptRsaOaep(public_key,
+                                  key.algorithm().rsaHashedParams()->hash(),
+                                  CryptoData(params->optionalLabel()),
+                                  data,
+                                  buffer);
+}
+
+Status DecryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
+                      const blink::WebCryptoKey& key,
+                      const CryptoData& data,
+                      std::vector<uint8>* buffer) {
+  platform::PrivateKey* private_key;
+  Status status = ToPlatformPrivateKey(key, &private_key);
+  if (status.IsError())
+    return status;
+
+  const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams();
+  if (!params)
+    return Status::ErrorUnexpected();
+
+  return platform::DecryptRsaOaep(private_key,
+                                  key.algorithm().rsaHashedParams()->hash(),
+                                  CryptoData(params->optionalLabel()),
+                                  data,
+                                  buffer);
+}
+
 Status SignHmac(const blink::WebCryptoAlgorithm& algorithm,
                 const blink::WebCryptoKey& key,
                 const CryptoData& data,
@@ -411,6 +451,8 @@ Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
       return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
     case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
       return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaOaep:
+      return DecryptRsaOaep(algorithm, key, data, buffer);
     case blink::WebCryptoAlgorithmIdAesKw:
       return DecryptAesKw(algorithm, key, data, buffer);
     default:
@@ -431,6 +473,8 @@ Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
       return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
     case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
       return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
+    case blink::WebCryptoAlgorithmIdRsaOaep:
+      return EncryptRsaOaep(algorithm, key, data, buffer);
     default:
       return Status::ErrorUnsupported();
   }
@@ -738,7 +782,16 @@ Status WrapKey(blink::WebCryptoKeyFormat format,
 
   switch (format) {
     case blink::WebCryptoKeyFormatRaw:
-      return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
+      if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
+          wrapping_algorithm.id() ==
+              blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
+        // AES-KW is a special case, due to NSS's implementation only
+        // supporting C_Wrap/C_Unwrap with AES-KW
+        return WrapKeyRaw(
+            key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
+      }
+      return WrapKeyExportAndEncrypt(
+          format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
     case blink::WebCryptoKeyFormatJwk:
       return WrapKeyExportAndEncrypt(
           format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer);
@@ -766,13 +819,27 @@ Status UnwrapKey(blink::WebCryptoKeyFormat format,
 
   switch (format) {
     case blink::WebCryptoKeyFormatRaw:
-      return UnwrapKeyRaw(wrapped_key_data,
-                          wrapping_key,
-                          wrapping_algorithm,
-                          algorithm,
-                          extractable,
-                          usage_mask,
-                          key);
+      if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
+          wrapping_algorithm.id() ==
+              blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
+        // AES-KW is a special case, due to NSS's implementation only
+        // supporting C_Wrap/C_Unwrap with AES-KW
+        return UnwrapKeyRaw(wrapped_key_data,
+                            wrapping_key,
+                            wrapping_algorithm,
+                            algorithm,
+                            extractable,
+                            usage_mask,
+                            key);
+      }
+      return UnwrapKeyDecryptAndImport(format,
+                                       wrapped_key_data,
+                                       wrapping_key,
+                                       wrapping_algorithm,
+                                       algorithm,
+                                       extractable,
+                                       usage_mask,
+                                       key);
     case blink::WebCryptoKeyFormatJwk:
       return UnwrapKeyDecryptAndImport(format,
                                        wrapped_key_data,

content/child/webcrypto/webcrypto_util.h

@@ -34,8 +34,8 @@ CONTENT_EXPORT bool Base64DecodeUrlSafe(const std::string& input,
 
 // Returns an unpadded 'base64url' encoding of the input data, the opposite of
 // Base64DecodeUrlSafe() above.
-std::string Base64EncodeUrlSafe(const base::StringPiece& input);
-std::string Base64EncodeUrlSafe(const std::vector<uint8>& input);
+CONTENT_EXPORT std::string Base64EncodeUrlSafe(const base::StringPiece& input);
+CONTENT_EXPORT std::string Base64EncodeUrlSafe(const std::vector<uint8>& input);
 
 // Composes a Web Crypto usage mask from an array of JWK key_ops values.
 CONTENT_EXPORT Status GetWebCryptoUsagesFromJwkKeyOps(