WebCrypto: Implement importKey() and sign() for HMAC in NSS

BUG=245025
R=eroman@chromium.org,ellyjones@chromium.org

Review URL: https://chromiumcodereview.appspot.com/23569007

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@223506 0039d316-1c4b-4281-b951-d872f2087c98

content/renderer/webcrypto_impl.cc

@@ -4,7 +4,10 @@
 
 #include "content/renderer/webcrypto_impl.h"
 
+#include "base/memory/scoped_ptr.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoKey.h"
 
 namespace content {
 
@@ -25,4 +28,47 @@ void WebCryptoImpl::digest(
   }
 }
 
+void WebCryptoImpl::importKey(
+    WebKit::WebCryptoKeyFormat format,
+    const unsigned char* key_data,
+    unsigned key_data_size,
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    bool extractable,
+    WebKit::WebCryptoKeyUsageMask usage_mask,
+    WebKit::WebCryptoResult result) {
+  WebKit::WebCryptoKeyType type;
+  scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+
+  if (!ImportKeyInternal(format,
+                         key_data,
+                         key_data_size,
+                         algorithm,
+                         usage_mask,
+                         &handle,
+                         &type)) {
+    result.completeWithError();
+    return;
+  }
+
+  WebKit::WebCryptoKey key(
+      WebKit::WebCryptoKey::create(
+          handle.release(), type, extractable, algorithm, usage_mask));
+
+  result.completeWithKey(key);
+}
+
+void WebCryptoImpl::sign(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* data,
+    unsigned data_size,
+    WebKit::WebCryptoResult result) {
+  WebKit::WebArrayBuffer buffer;
+  if (!SignInternal(algorithm, key, data, data_size, &buffer)) {
+    result.completeWithError();
+  } else {
+    result.completeWithBuffer(buffer);
+  }
+}
+
 }  // namespace content

content/renderer/webcrypto_impl.h

@@ -8,6 +8,7 @@
 #include "base/basictypes.h"
 #include "base/compiler_specific.h"
 #include "base/gtest_prod_util.h"
+#include "base/memory/scoped_ptr.h"
 #include "content/common/content_export.h"
 #include "third_party/WebKit/public/platform/WebCrypto.h"
 
@@ -23,9 +24,24 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebCryptoResult result);
+  virtual void importKey(
+      WebKit::WebCryptoKeyFormat format,
+      const unsigned char* key_data,
+      unsigned key_data_size,
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      bool extractable,
+      WebKit::WebCryptoKeyUsageMask usage_mask,
+      WebKit::WebCryptoResult result);
+  virtual void sign(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      const WebKit::WebCryptoKey& key,
+      const unsigned char* data,
+      unsigned data_size,
+      WebKit::WebCryptoResult result);
 
  protected:
   FRIEND_TEST_ALL_PREFIXES(WebCryptoImplTest, DigestSampleSets);
+  FRIEND_TEST_ALL_PREFIXES(WebCryptoImplTest, HMACSampleSets);
 
   void Init();
 
@@ -34,6 +50,20 @@ class CONTENT_EXPORT WebCryptoImpl
       const unsigned char* data,
       unsigned data_size,
       WebKit::WebArrayBuffer* buffer);
+  bool ImportKeyInternal(
+      WebKit::WebCryptoKeyFormat format,
+      const unsigned char* key_data,
+      unsigned key_data_size,
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      WebKit::WebCryptoKeyUsageMask usage_mask,
+      scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
+      WebKit::WebCryptoKeyType* type);
+  bool SignInternal(
+      const WebKit::WebCryptoAlgorithm& algorithm,
+      const WebKit::WebCryptoKey& key,
+      const unsigned char* data,
+      unsigned data_size,
+      WebKit::WebArrayBuffer* buffer);
 
  private:
   DISALLOW_COPY_AND_ASSIGN(WebCryptoImpl);

content/renderer/webcrypto_impl_nss.cc

@@ -4,45 +4,81 @@
 
 #include "content/renderer/webcrypto_impl.h"
 
+#include <pk11pub.h>
 #include <sechash.h>
 
 #include "base/logging.h"
 #include "crypto/nss_util.h"
+#include "crypto/scoped_nss_types.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace content {
 
-void WebCryptoImpl::Init() {
-  crypto::EnsureNSSInit();
-}
+namespace {
 
-bool WebCryptoImpl::DigestInternal(
-    const WebKit::WebCryptoAlgorithm& algorithm,
-    const unsigned char* data,
-    unsigned data_size,
-    WebKit::WebArrayBuffer* buffer) {
-  HASH_HashType hash_type = HASH_AlgNULL;
+class SymKeyHandle : public WebKit::WebCryptoKeyHandle {
+ public:
+  explicit SymKeyHandle(crypto::ScopedPK11SymKey key) {
+    DCHECK(!key_.get());
+    key_ = key.Pass();
+  }
+
+  PK11SymKey* key() { return key_.get(); }
+
+ private:
+  crypto::ScopedPK11SymKey key_;
 
+  DISALLOW_COPY_AND_ASSIGN(SymKeyHandle);
+};
+
+HASH_HashType WebCryptoAlgorithmToNSSHashType(
+    const WebKit::WebCryptoAlgorithm& algorithm) {
   switch (algorithm.id()) {
     case WebKit::WebCryptoAlgorithmIdSha1:
-      hash_type = HASH_AlgSHA1;
-      break;
+      return HASH_AlgSHA1;
     case WebKit::WebCryptoAlgorithmIdSha224:
-      hash_type = HASH_AlgSHA224;
-      break;
+      return HASH_AlgSHA224;
     case WebKit::WebCryptoAlgorithmIdSha256:
-      hash_type = HASH_AlgSHA256;
-      break;
+      return HASH_AlgSHA256;
     case WebKit::WebCryptoAlgorithmIdSha384:
-      hash_type = HASH_AlgSHA384;
-      break;
+      return HASH_AlgSHA384;
     case WebKit::WebCryptoAlgorithmIdSha512:
-      hash_type = HASH_AlgSHA512;
-      break;
+      return HASH_AlgSHA512;
     default:
       // Not a digest algorithm.
-      return false;
+      return HASH_AlgNULL;
+  }
+}
+
+CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism(
+    const WebKit::WebCryptoAlgorithm& algorithm) {
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdSha1:
+      return CKM_SHA_1_HMAC;
+    case WebKit::WebCryptoAlgorithmIdSha256:
+      return CKM_SHA256_HMAC;
+    default:
+      // Not a supported algorithm.
+      return CKM_INVALID_MECHANISM;
+  }
+}
+
+}  // namespace
+
+void WebCryptoImpl::Init() {
+  crypto::EnsureNSSInit();
+}
+
+bool WebCryptoImpl::DigestInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const unsigned char* data,
+    unsigned data_size,
+    WebKit::WebArrayBuffer* buffer) {
+  HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm);
+  if (hash_type == HASH_AlgNULL) {
+    return false;
   }
 
   HASHContext* context = HASH_Create(hash_type);
@@ -54,14 +90,14 @@ bool WebCryptoImpl::DigestInternal(
 
   HASH_Update(context, data, data_size);
 
-  size_t hash_result_length = HASH_ResultLenContext(context);
+  unsigned hash_result_length = HASH_ResultLenContext(context);
   DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));
 
   *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1);
 
   unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data());
 
-  uint32 result_length = 0;
+  unsigned result_length = 0;
   HASH_End(context, digest, &result_length, hash_result_length);
 
   HASH_Destroy(context);
@@ -69,4 +105,148 @@ bool WebCryptoImpl::DigestInternal(
   return result_length == hash_result_length;
 }
 
+bool WebCryptoImpl::ImportKeyInternal(
+    WebKit::WebCryptoKeyFormat format,
+    const unsigned char* key_data,
+    unsigned key_data_size,
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    WebKit::WebCryptoKeyUsageMask usage_mask,
+    scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
+    WebKit::WebCryptoKeyType* type) {
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdHmac:
+      *type = WebKit::WebCryptoKeyTypeSecret;
+      break;
+    // TODO(bryaneyler): Support more key types.
+    default:
+      return false;
+  }
+
+  // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys.
+  // Currently only supporting symmetric.
+  CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
+  // Flags are verified at the Blink layer; here the flags are set to all
+  // possible operations for this key type.
+  CK_FLAGS flags = 0;
+
+  switch(algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdHmac: {
+      const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();
+      if (!params) {
+        return false;
+      }
+
+      mechanism = WebCryptoAlgorithmToHMACMechanism(params->hash());
+      if (mechanism == CKM_INVALID_MECHANISM) {
+        return false;
+      }
+
+      flags |= CKF_SIGN | CKF_VERIFY;
+
+      break;
+    }
+    default:
+      return false;
+  }
+
+  DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
+  DCHECK_NE(0ul, flags);
+
+  SECItem key_item = { siBuffer, NULL, 0 };
+
+  switch (format) {
+    case WebKit::WebCryptoKeyFormatRaw:
+      key_item.data = const_cast<unsigned char*>(key_data);
+      key_item.len = key_data_size;
+      break;
+    // TODO(bryaneyler): Handle additional formats.
+    default:
+      return false;
+  }
+
+  crypto::ScopedPK11SymKey pk11_sym_key(
+      PK11_ImportSymKeyWithFlags(PK11_GetInternalSlot(),
+                                 mechanism,
+                                 PK11_OriginUnwrap,
+                                 CKA_FLAGS_ONLY,
+                                 &key_item,
+                                 flags,
+                                 false,
+                                 NULL));
+  if (!pk11_sym_key.get()) {
+    NOTREACHED();
+    return false;
+  }
+
+  scoped_ptr<SymKeyHandle> sym_key(new SymKeyHandle(pk11_sym_key.Pass()));
+  *handle = sym_key.Pass();
+
+  return true;
+}
+
+bool WebCryptoImpl::SignInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* data,
+    unsigned data_size,
+    WebKit::WebArrayBuffer* buffer) {
+  WebKit::WebArrayBuffer result;
+
+  switch (algorithm.id()) {
+    case WebKit::WebCryptoAlgorithmIdHmac: {
+      const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();
+      if (!params) {
+        return false;
+      }
+
+      SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle());
+
+      DCHECK_EQ(PK11_GetMechanism(sym_key->key()),
+                WebCryptoAlgorithmToHMACMechanism(params->hash()));
+      DCHECK_NE(0, key.usages() & WebKit::WebCryptoKeyUsageSign);
+
+      SECItem param_item = { siBuffer, NULL, 0 };
+      SECItem data_item = {
+        siBuffer,
+        const_cast<unsigned char*>(data),
+        data_size
+      };
+      // First call is to figure out the length.
+      SECItem signature_item = { siBuffer, NULL, 0 };
+
+      if (PK11_SignWithSymKey(sym_key->key(),
+                              PK11_GetMechanism(sym_key->key()),
+                              &param_item,
+                              &signature_item,
+                              &data_item) != SECSuccess) {
+        NOTREACHED();
+        return false;
+      }
+
+      DCHECK_NE(0u, signature_item.len);
+
+      result = WebKit::WebArrayBuffer::create(signature_item.len, 1);
+      signature_item.data = reinterpret_cast<unsigned char*>(result.data());
+
+      if (PK11_SignWithSymKey(sym_key->key(),
+                              PK11_GetMechanism(sym_key->key()),
+                              &param_item,
+                              &signature_item,
+                              &data_item) != SECSuccess) {
+        NOTREACHED();
+        return false;
+      }
+
+      DCHECK_EQ(result.byteLength(), signature_item.len);
+
+      break;
+    }
+    default:
+      return false;
+  }
+
+  *buffer = result;
+  return true;
+}
+
 }  // namespace content

content/renderer/webcrypto_impl_openssl.cc

@@ -19,4 +19,28 @@ bool WebCryptoImpl::DigestInternal(
   return false;
 }
 
+bool WebCryptoImpl::ImportKeyInternal(
+    WebKit::WebCryptoKeyFormat format,
+    const unsigned char* key_data,
+    unsigned key_data_size,
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    WebKit::WebCryptoKeyUsageMask usage_mask,
+    scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
+    WebKit::WebCryptoKeyType* type) {
+  // TODO(bryaneyler): Placeholder for OpenSSL implementation.
+  // Issue http://crbug.com/267888.
+  return false;
+}
+
+bool WebCryptoImpl::SignInternal(
+    const WebKit::WebCryptoAlgorithm& algorithm,
+    const WebKit::WebCryptoKey& key,
+    const unsigned char* data,
+    unsigned data_size,
+    WebKit::WebArrayBuffer* buffer) {
+  // TODO(bryaneyler): Placeholder for OpenSSL implementation.
+  // Issue http://crbug.com/267888.
+  return false;
+}
+
 }  // namespace content

content/renderer/webcrypto_impl_unittest.cc

@@ -14,6 +14,7 @@
 #include "testing/gtest/include/gtest/gtest.h"
 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 
 namespace content {
 
@@ -35,7 +36,7 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
   // with the sets here: http://csrc.nist.gov/groups/STM/cavp/index.html#03
   struct {
     const char* input;
-    size_t input_length;
+    unsigned input_length;
     const char* hex_result[arraysize(kAlgorithmIds)];
   } input_set[] = {
     {
@@ -92,6 +93,8 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
   };
 
   for (size_t id_index = 0; id_index < arraysize(kAlgorithmIds); id_index++) {
+    SCOPED_TRACE(id_index);
+
     WebKit::WebCryptoAlgorithm algorithm(
         WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
             kAlgorithmIds[id_index], NULL));
@@ -99,14 +102,18 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
     for (size_t set_index = 0;
          set_index < ARRAYSIZE_UNSAFE(input_set);
          set_index++) {
+      SCOPED_TRACE(set_index);
+
       WebKit::WebArrayBuffer array_buffer;
 
       WebCryptoImpl crypto;
-      crypto.DigestInternal(
-          algorithm,
-          reinterpret_cast<const unsigned char*>(input_set[set_index].input),
-          input_set[set_index].input_length,
-          &array_buffer);
+      EXPECT_TRUE(
+          crypto.DigestInternal(
+              algorithm,
+              reinterpret_cast<const unsigned char*>(
+                  input_set[set_index].input),
+              input_set[set_index].input_length,
+              &array_buffer));
 
       // Ignore case, it's checking the hex value.
       EXPECT_STRCASEEQ(
@@ -117,4 +124,154 @@ TEST_F(WebCryptoImplTest, DigestSampleSets) {
   }
 }
 
+TEST_F(WebCryptoImplTest, HMACSampleSets) {
+  struct {
+    WebKit::WebCryptoAlgorithmId algorithm;
+    const char* key;
+    const char* message;
+    const char* mac;
+  } input_set[] = {
+    // Empty sets.  Result generated via OpenSSL commandline tool.  These
+    // particular results are also posted on the Wikipedia page examples:
+    // http://en.wikipedia.org/wiki/Hash-based_message_authentication_code
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      "",
+      "",
+      // openssl dgst -sha1 -hmac "" < /dev/null
+      "fbdb1d1b18aa6c08324b7d64b71fb76370690e1d",
+    },
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      "",
+      "",
+      // openssl dgst -sha256 -hmac "" < /dev/null
+      "b613679a0814d9ec772f95d778c35fc5ff1697c493715653c6c712144292c5ad",
+    },
+    // For this data, see http://csrc.nist.gov/groups/STM/cavp/index.html#07
+    // Download:
+    // http://csrc.nist.gov/groups/STM/cavp/documents/mac/hmactestvectors.zip
+    // L=20 set 45
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      // key
+      "59785928d72516e31272",
+      // message
+      "a3ce8899df1022e8d2d539b47bf0e309c66f84095e21438ec355bf119ce5fdcb4e73a6"
+      "19cdf36f25b369d8c38ff419997f0c59830108223606e31223483fd39edeaa4d3f0d21"
+      "198862d239c9fd26074130ff6c86493f5227ab895c8f244bd42c7afce5d147a20a5907"
+      "98c68e708e964902d124dadecdbda9dbd0051ed710e9bf",
+      // mac
+      "3c8162589aafaee024fc9a5ca50dd2336fe3eb28",
+    },
+    // L=20 set 299
+    {
+      WebKit::WebCryptoAlgorithmIdSha1,
+      // key
+      "ceb9aedf8d6efcf0ae52bea0fa99a9e26ae81bacea0cff4d5eecf201e3bca3c3577480"
+      "621b818fd717ba99d6ff958ea3d59b2527b019c343bb199e648090225867d994607962"
+      "f5866aa62930d75b58f6",
+      // message
+      "99958aa459604657c7bf6e4cdfcc8785f0abf06ffe636b5b64ecd931bd8a4563055924"
+      "21fc28dbcccb8a82acea2be8e54161d7a78e0399a6067ebaca3f2510274dc9f92f2c8a"
+      "e4265eec13d7d42e9f8612d7bc258f913ecb5a3a5c610339b49fb90e9037b02d684fc6"
+      "0da835657cb24eab352750c8b463b1a8494660d36c3ab2",
+      // mac
+      "4ac41ab89f625c60125ed65ffa958c6b490ea670",
+    },
+    // L=32, set 30
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      // key
+      "9779d9120642797f1747025d5b22b7ac607cab08e1758f2f3a46c8be1e25c53b8c6a8f"
+      "58ffefa176",
+      // message
+      "b1689c2591eaf3c9e66070f8a77954ffb81749f1b00346f9dfe0b2ee905dcc288baf4a"
+      "92de3f4001dd9f44c468c3d07d6c6ee82faceafc97c2fc0fc0601719d2dcd0aa2aec92"
+      "d1b0ae933c65eb06a03c9c935c2bad0459810241347ab87e9f11adb30415424c6c7f5f"
+      "22a003b8ab8de54f6ded0e3ab9245fa79568451dfa258e",
+      // mac
+      "769f00d3e6a6cc1fb426a14a4f76c6462e6149726e0dee0ec0cf97a16605ac8b",
+    },
+    // L=32, set 224
+    {
+      WebKit::WebCryptoAlgorithmIdSha256,
+      // key
+      "4b7ab133efe99e02fc89a28409ee187d579e774f4cba6fc223e13504e3511bef8d4f63"
+      "8b9aca55d4a43b8fbd64cf9d74dcc8c9e8d52034898c70264ea911a3fd70813fa73b08"
+      "3371289b",
+      // message
+      "138efc832c64513d11b9873c6fd4d8a65dbf367092a826ddd587d141b401580b798c69"
+      "025ad510cff05fcfbceb6cf0bb03201aaa32e423d5200925bddfadd418d8e30e18050e"
+      "b4f0618eb9959d9f78c1157d4b3e02cd5961f138afd57459939917d9144c95d8e6a94c"
+      "8f6d4eef3418c17b1ef0b46c2a7188305d9811dccb3d99",
+      // mac
+      "4f1ee7cb36c58803a8721d4ac8c4cf8cae5d8832392eed2a96dc59694252801b",
+    },
+  };
+
+  for (size_t index = 0; index < ARRAYSIZE_UNSAFE(input_set); index++) {
+    SCOPED_TRACE(index);
+
+    WebKit::WebCryptoAlgorithm hash_algorithm(
+        WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+            input_set[index].algorithm, NULL));
+
+    scoped_ptr<WebKit::WebCryptoHmacParams> hmac_params(
+        new WebKit::WebCryptoHmacParams(hash_algorithm));
+
+    WebKit::WebCryptoAlgorithm hmac_algorithm(
+        WebKit::WebCryptoAlgorithm::adoptParamsAndCreate(
+            WebKit::WebCryptoAlgorithmIdHmac, hmac_params.release()));
+
+    WebKit::WebCryptoKeyType type;
+    scoped_ptr<WebKit::WebCryptoKeyHandle> handle;
+
+    std::vector<uint8> key_raw;
+    base::HexStringToBytes(input_set[index].key, &key_raw);
+
+    WebCryptoImpl crypto;
+
+    EXPECT_TRUE(
+        crypto.ImportKeyInternal(
+            WebKit::WebCryptoKeyFormatRaw,
+            key_raw.data(),
+            key_raw.size(),
+            hmac_algorithm,
+            WebKit::WebCryptoKeyUsageSign,
+            &handle,
+            &type));
+
+    EXPECT_EQ(WebKit::WebCryptoKeyTypeSecret, type);
+    ASSERT_TRUE(handle.get());
+
+    WebKit::WebCryptoKey crypto_key =
+        WebKit::WebCryptoKey::create(
+            handle.release(),
+            type,
+            false,
+            hmac_algorithm,
+            WebKit::WebCryptoKeyUsageSign);
+
+    std::vector<uint8> message_raw;
+    base::HexStringToBytes(input_set[index].message, &message_raw);
+
+    WebKit::WebArrayBuffer array_buffer;
+
+    EXPECT_TRUE(
+        crypto.SignInternal(
+            hmac_algorithm,
+            crypto_key,
+            message_raw.data(),
+            message_raw.size(),
+            &array_buffer));
+
+    // Ignore case, it's checking the hex value.
+    EXPECT_STRCASEEQ(
+        input_set[index].mac,
+        base::HexEncode(
+            array_buffer.data(), array_buffer.byteLength()).c_str());
+  }
+}
+
 }  // namespace content