/* * Copyright (C) 2017 Apple Inc. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS'' * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF * THE POSSIBILITY OF SUCH DAMAGE. */ #include "config.h" #include "CryptoAlgorithmECDSA.h" #if ENABLE(WEB_CRYPTO) #include "CryptoAlgorithmEcKeyParams.h" #include "CryptoAlgorithmEcdsaParams.h" #include "CryptoKeyEC.h" #include #include namespace WebCore { namespace CryptoAlgorithmECDSAInternal { static constexpr auto ALG256 = "ES256"_s; static constexpr auto ALG384 = "ES384"_s; static constexpr auto ALG512 = "ES512"_s; static constexpr auto P256 = "P-256"_s; static constexpr auto P384 = "P-384"_s; static constexpr auto P521 = "P-521"_s; } Ref CryptoAlgorithmECDSA::create() { return adoptRef(*new CryptoAlgorithmECDSA); } CryptoAlgorithmIdentifier CryptoAlgorithmECDSA::identifier() const { return s_identifier; } void CryptoAlgorithmECDSA::sign(const CryptoAlgorithmParameters& parameters, Ref&& key, Vector&& data, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue) { if (key->type() != CryptoKeyType::Private) { exceptionCallback(InvalidAccessError); return; } dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback), [parameters = crossThreadCopy(downcast(parameters)), key = WTFMove(key), data = WTFMove(data)] { return platformSign(parameters, downcast(key.get()), data); }); } void CryptoAlgorithmECDSA::verify(const CryptoAlgorithmParameters& parameters, Ref&& key, Vector&& signature, Vector&& data, BoolCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue) { if (key->type() != CryptoKeyType::Public) { exceptionCallback(InvalidAccessError); return; } dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback), [parameters = crossThreadCopy(downcast(parameters)), key = WTFMove(key), signature = WTFMove(signature), data = WTFMove(data)] { return platformVerify(parameters, downcast(key.get()), signature, data); }); } void CryptoAlgorithmECDSA::generateKey(const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsageBitmap usages, KeyOrKeyPairCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext&) { const auto& ecParameters = downcast(parameters); if (usages & (CryptoKeyUsageEncrypt | CryptoKeyUsageDecrypt | CryptoKeyUsageDeriveKey | CryptoKeyUsageDeriveBits | CryptoKeyUsageWrapKey | CryptoKeyUsageUnwrapKey)) { exceptionCallback(SyntaxError); return; } auto result = CryptoKeyEC::generatePair(CryptoAlgorithmIdentifier::ECDSA, ecParameters.namedCurve, extractable, usages); if (result.hasException()) { exceptionCallback(result.releaseException().code()); return; } auto pair = result.releaseReturnValue(); pair.publicKey->setUsagesBitmap(pair.publicKey->usagesBitmap() & CryptoKeyUsageVerify); pair.privateKey->setUsagesBitmap(pair.privateKey->usagesBitmap() & CryptoKeyUsageSign); callback(WTFMove(pair)); } void CryptoAlgorithmECDSA::importKey(CryptoKeyFormat format, KeyData&& data, const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsageBitmap usages, KeyCallback&& callback, ExceptionCallback&& exceptionCallback) { using namespace CryptoAlgorithmECDSAInternal; const auto& ecParameters = downcast(parameters); RefPtr result; switch (format) { case CryptoKeyFormat::Jwk: { JsonWebKey key = WTFMove(std::get(data)); if (usages && ((!key.d.isNull() && (usages ^ CryptoKeyUsageSign)) || (key.d.isNull() && (usages ^ CryptoKeyUsageVerify)))) { exceptionCallback(SyntaxError); return; } if (usages && !key.use.isNull() && key.use != "sig"_s) { exceptionCallback(DataError); return; } bool isMatched = false; if (key.crv == P256) isMatched = key.alg.isNull() || key.alg == ALG256; if (key.crv == P384) isMatched = key.alg.isNull() || key.alg == ALG384; if (key.crv == P521) isMatched = key.alg.isNull() || key.alg == ALG512; if (!isMatched) { exceptionCallback(DataError); return; } result = CryptoKeyEC::importJwk(ecParameters.identifier, ecParameters.namedCurve, WTFMove(key), extractable, usages); break; } case CryptoKeyFormat::Raw: if (usages && (usages ^ CryptoKeyUsageVerify)) { exceptionCallback(SyntaxError); return; } result = CryptoKeyEC::importRaw(ecParameters.identifier, ecParameters.namedCurve, WTFMove(std::get>(data)), extractable, usages); break; case CryptoKeyFormat::Spki: if (usages && (usages ^ CryptoKeyUsageVerify)) { exceptionCallback(SyntaxError); return; } result = CryptoKeyEC::importSpki(ecParameters.identifier, ecParameters.namedCurve, WTFMove(std::get>(data)), extractable, usages); break; case CryptoKeyFormat::Pkcs8: if (usages && (usages ^ CryptoKeyUsageSign)) { exceptionCallback(SyntaxError); return; } result = CryptoKeyEC::importPkcs8(ecParameters.identifier, ecParameters.namedCurve, WTFMove(std::get>(data)), extractable, usages); break; } if (!result) { exceptionCallback(DataError); return; } callback(*result); } void CryptoAlgorithmECDSA::exportKey(CryptoKeyFormat format, Ref&& key, KeyDataCallback&& callback, ExceptionCallback&& exceptionCallback) { const auto& ecKey = downcast(key.get()); if (!ecKey.keySizeInBits()) { exceptionCallback(OperationError); return; } KeyData result; switch (format) { case CryptoKeyFormat::Jwk: { auto jwk = ecKey.exportJwk(); if (jwk.hasException()) { exceptionCallback(jwk.releaseException().code()); return; } result = jwk.releaseReturnValue(); break; } case CryptoKeyFormat::Raw: { auto raw = ecKey.exportRaw(); if (raw.hasException()) { exceptionCallback(raw.releaseException().code()); return; } result = raw.releaseReturnValue(); break; } case CryptoKeyFormat::Spki: { auto spki = ecKey.exportSpki(); if (spki.hasException()) { exceptionCallback(spki.releaseException().code()); return; } result = spki.releaseReturnValue(); break; } case CryptoKeyFormat::Pkcs8: { auto pkcs8 = ecKey.exportPkcs8(); if (pkcs8.hasException()) { exceptionCallback(pkcs8.releaseException().code()); return; } result = pkcs8.releaseReturnValue(); break; } } callback(format, WTFMove(result)); } } // namespace WebCore #endif // ENABLE(WEB_CRYPTO)