Changeset 159403 in webkit

Timestamp:

Nov 18, 2013 12:42:41 AM (10 years ago)

Author:

ap@apple.com

Message:

Support exporting public RSASSA-PKCS1-v1_5 keys
​https://bugs.webkit.org/show_bug.cgi?id=124475

Reviewed by Sam Weinig.

Source/WebCore:

Test: crypto/subtle/rsa-export-key.html

• bindings/js/JSCryptoKeySerializationJWK.h:
• bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::JSCryptoKeySerializationJWK::buildJSONForRSAComponents):
(WebCore::JSCryptoKeySerializationJWK::addJWKAlgorithmToJSON):
(WebCore::JSCryptoKeySerializationJWK::serialize):
Added said support (this part works with private keys too).

• crypto/keys/CryptoKeyRSA.h:
• crypto/mac/CryptoKeyRSAMac.cpp:

(WebCore::CryptoKeyRSA::getPublicKeyComponents): Moved the logic for getting a
public key from private one here for reuse in keySizeInBits().
(WebCore::CryptoKeyRSA::isRestrictedToHash):
(WebCore::CryptoKeyRSA::keySizeInBits):
(WebCore::CryptoKeyRSA::exportData):
Exposed information necessary for JWK serialization.

LayoutTests:

• crypto/subtle/rsa-export-key-expected.txt: Added.
• crypto/subtle/rsa-export-key.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/crypto/subtle/rsa-export-key-expected.txt (added)
• LayoutTests/crypto/subtle/rsa-export-key.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp (modified) (4 diffs)
• Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.h (modified) (2 diffs)
• Source/WebCore/crypto/keys/CryptoKeyRSA.h (modified) (2 diffs)
• Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp (modified) (4 diffs)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-11-17  Alexey Proskuryakov  <ap@apple.com>
+
+        Support exporting public RSASSA-PKCS1-v1_5 keys
+        https://bugs.webkit.org/show_bug.cgi?id=124475
+
+        Reviewed by Sam Weinig.
+
+        * crypto/subtle/rsa-export-key-expected.txt: Added.
+        * crypto/subtle/rsa-export-key.html: Added.
+
 2013-11-18  Zan Dobersek  <zdobersek@igalia.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-11-17  Alexey Proskuryakov  <ap@apple.com>
+
+        Support exporting public RSASSA-PKCS1-v1_5 keys
+        https://bugs.webkit.org/show_bug.cgi?id=124475
+
+        Reviewed by Sam Weinig.
+
+        Test: crypto/subtle/rsa-export-key.html
+
+        * bindings/js/JSCryptoKeySerializationJWK.h:
+        * bindings/js/JSCryptoKeySerializationJWK.cpp:
+        (WebCore::JSCryptoKeySerializationJWK::buildJSONForRSAComponents):
+        (WebCore::JSCryptoKeySerializationJWK::addJWKAlgorithmToJSON):
+        (WebCore::JSCryptoKeySerializationJWK::serialize):
+        Added said support (this part works with private keys too).
+
+        * crypto/keys/CryptoKeyRSA.h:
+        * crypto/mac/CryptoKeyRSAMac.cpp:
+        (WebCore::CryptoKeyRSA::getPublicKeyComponents): Moved the logic for getting a
+        public key from private one here for reuse in keySizeInBits().
+        (WebCore::CryptoKeyRSA::isRestrictedToHash):
+        (WebCore::CryptoKeyRSA::keySizeInBits):
+        (WebCore::CryptoKeyRSA::exportData):
+        Exposed information necessary for JWK serialization.
+
 2013-11-17  Alexey Proskuryakov  <ap@apple.com>
 

trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp

@@ -38 +38 @@
 #include "CryptoKeyDataRSAComponents.h"
 #include "CryptoKeyHMAC.h"
+#include "CryptoKeyRSA.h"
 #include "ExceptionCode.h"
 #include "JSDOMBinding.h"
@@ -434 +435 @@
 }
 
+void JSCryptoKeySerializationJWK::buildJSONForRSAComponents(JSC::ExecState* exec, const CryptoKeyDataRSAComponents& data, JSC::JSObject* result)
+{
+    addToJSON(exec, result, "kty", "RSA");
+    addToJSON(exec, result, "n", base64URLEncode(data.modulus()));
+    addToJSON(exec, result, "e", base64URLEncode(data.exponent()));
+
+    if (data.type() == CryptoKeyDataRSAComponents::Type::Public)
+        return;
+
+    addToJSON(exec, result, "d", base64URLEncode(data.privateExponent()));
+
+    if (!data.hasAdditionalPrivateKeyParameters())
+        return;
+
+    addToJSON(exec, result, "p", base64URLEncode(data.firstPrimeInfo().primeFactor));
+    addToJSON(exec, result, "q", base64URLEncode(data.secondPrimeInfo().primeFactor));
+    addToJSON(exec, result, "dp", base64URLEncode(data.firstPrimeInfo().factorCRTExponent));
+    addToJSON(exec, result, "dq", base64URLEncode(data.secondPrimeInfo().factorCRTExponent));
+    addToJSON(exec, result, "qi", base64URLEncode(data.secondPrimeInfo().factorCRTCoefficient));
+
+    if (data.otherPrimeInfos().isEmpty())
+        return;
+
+    JSArray* oth = constructEmptyArray(exec, 0, exec->lexicalGlobalObject(), data.otherPrimeInfos().size());
+    for (size_t i = 0, size = data.otherPrimeInfos().size(); i < size; ++i) {
+        JSObject* jsPrimeInfo = constructEmptyObject(exec);
+        addToJSON(exec, jsPrimeInfo, "r", base64URLEncode(data.otherPrimeInfos()[i].primeFactor));
+        addToJSON(exec, jsPrimeInfo, "d", base64URLEncode(data.otherPrimeInfos()[i].factorCRTExponent));
+        addToJSON(exec, jsPrimeInfo, "t", base64URLEncode(data.otherPrimeInfos()[i].factorCRTCoefficient));
+        oth->putDirectIndex(exec, i, jsPrimeInfo);
+    }
+    result->putDirect(exec->vm(), Identifier(exec, "oth"), oth);
+}
+
 void JSCryptoKeySerializationJWK::addToJSON(ExecState* exec, JSObject* json, const char* key, const String& value)
 {
@@ -483 +518 @@
         }
         break;
+    case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5: {
+        const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
+        CryptoAlgorithmIdentifier hash;
+        if (!rsaKey.isRestrictedToHash(hash))
+            break;
+        if (rsaKey.keySizeInBits() < 2048)
+            break;
+        switch (hash) {
+        case CryptoAlgorithmIdentifier::SHA_256:
+            jwkAlgorithm = "RS256";
+            break;
+        case CryptoAlgorithmIdentifier::SHA_384:
+            jwkAlgorithm = "RS384";
+            break;
+        case CryptoAlgorithmIdentifier::SHA_512:
+            jwkAlgorithm = "RS512";
+            break;
+        default:
+            break;
+        }
+        break;
+    }
     default:
         break;
@@ -535 +592 @@
     if (isCryptoKeyDataOctetSequence(*keyData))
         buildJSONForOctetSequence(exec, toCryptoKeyDataOctetSequence(*keyData).octetSequence(), result);
+    else if (isCryptoKeyDataRSAComponents(*keyData))
+        buildJSONForRSAComponents(exec, toCryptoKeyDataRSAComponents(*keyData), result);
     else {
         throwTypeError(exec, "Key doesn't support exportKey");
         return String();
     }
-    ASSERT(!exec->hadException());
+    if (exec->hadException())
+        return String();
 
     return JSONStringify(exec, result, 4);

trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.h

@@ -43 +43 @@
 class CryptoAlgorithmParameters;
 class CryptoKey;
+class CryptoKeyDataRSAComponents;
 
 class JSCryptoKeySerializationJWK FINAL : public CryptoKeySerialization {
@@ -67 +68 @@
 
     static void buildJSONForOctetSequence(JSC::ExecState*, const Vector<uint8_t>&, JSC::JSObject* result);
+    static void buildJSONForRSAComponents(JSC::ExecState*, const CryptoKeyDataRSAComponents&, JSC::JSObject* result);
     static void addJWKAlgorithmToJSON(JSC::ExecState*, JSC::JSObject*, const CryptoKey& key);
     static void addJWKUseToJSON(JSC::ExecState*, JSC::JSObject*, CryptoKeyUsage);

trunk/Source/WebCore/crypto/keys/CryptoKeyRSA.h

@@ -52 +52 @@
 
     void restrictToHash(CryptoAlgorithmIdentifier);
+    bool isRestrictedToHash(CryptoAlgorithmIdentifier&) const;
+
+    size_t keySizeInBits() const;
 
     static void generatePair(CryptoAlgorithmIdentifier, unsigned modulusLength, const Vector<uint8_t>& publicExponent, bool extractable, CryptoKeyUsage, std::unique_ptr<PromiseWrapper>);
-
-    virtual CryptoKeyClass keyClass() const OVERRIDE { return CryptoKeyClass::RSA; }
 
     PlatformRSAKey platformKey() const { return m_platformKey; }
@@ -61 +62 @@
 private:
     CryptoKeyRSA(CryptoAlgorithmIdentifier, CryptoKeyType, PlatformRSAKey, bool extractable, CryptoKeyUsage);
+
+    virtual CryptoKeyClass keyClass() const OVERRIDE { return CryptoKeyClass::RSA; }
 
     virtual void buildAlgorithmDescription(CryptoAlgorithmDescriptionBuilder&) const OVERRIDE;

trunk/Source/WebCore/crypto/mac/CryptoKeyRSAMac.cpp

@@ -61 +61 @@
 static CCCryptorStatus getPublicKeyComponents(CCRSACryptorRef rsaKey, Vector<uint8_t>& modulus, Vector<uint8_t>& publicExponent)
 {
-    ASSERT(CCRSAGetKeyType(rsaKey) == ccRSAKeyPublic);
+    ASSERT(CCRSAGetKeyType(rsaKey) == ccRSAKeyPublic || CCRSAGetKeyType(rsaKey) == ccRSAKeyPrivate);
+    bool keyIsPublic = CCRSAGetKeyType(rsaKey) == ccRSAKeyPublic;
+    CCRSACryptorRef publicKey = keyIsPublic ? rsaKey : CCRSACryptorGetPublicKeyFromPrivateKey(rsaKey);
 
     modulus.resize(16384);
@@ -67 +69 @@
     publicExponent.resize(16384);
     size_t exponentLength = publicExponent.size();
-    CCCryptorStatus status = CCRSAGetKeyComponents(rsaKey, modulus.data(), &modulusLength, publicExponent.data(), &exponentLength, 0, 0, 0, 0);
+    CCCryptorStatus status = CCRSAGetKeyComponents(publicKey, modulus.data(), &modulusLength, publicExponent.data(), &exponentLength, 0, 0, 0, 0);
+    if (!keyIsPublic) {
+        // CCRSACryptorGetPublicKeyFromPrivateKey has "Get" in the name, but its result needs to be released (see <rdar://problem/15449697>).
+        CCRSACryptorRelease(publicKey);
+    }
     if (status)
         return status;
@@ -123 +129 @@
 }
 
-void CryptoKeyRSA::buildAlgorithmDescription(CryptoAlgorithmDescriptionBuilder& builder) const
-{
-    CryptoKey::buildAlgorithmDescription(builder);
-
-    ASSERT(CCRSAGetKeyType(m_platformKey) == ccRSAKeyPublic || CCRSAGetKeyType(m_platformKey) == ccRSAKeyPrivate);
-    bool platformKeyIsPublic = CCRSAGetKeyType(m_platformKey) == ccRSAKeyPublic;
-    CCRSACryptorRef publicKey = platformKeyIsPublic ? m_platformKey : CCRSACryptorGetPublicKeyFromPrivateKey(m_platformKey);
-
+bool CryptoKeyRSA::isRestrictedToHash(CryptoAlgorithmIdentifier& identifier) const
+{
+    if (!m_restrictedToSpecificHash)
+        return false;
+
+    identifier = m_hash;
+    return true;
+}
+
+size_t CryptoKeyRSA::keySizeInBits() const
+{
     Vector<uint8_t> modulus;
     Vector<uint8_t> publicExponent;
-    CCCryptorStatus status = getPublicKeyComponents(publicKey, modulus, publicExponent);
-    if (!platformKeyIsPublic) {
-        // CCRSACryptorGetPublicKeyFromPrivateKey has "Get" in the name, but its result needs to be released (see <rdar://problem/15449697>).
-        CCRSACryptorRelease(publicKey);
-    }
+    CCCryptorStatus status = getPublicKeyComponents(m_platformKey, modulus, publicExponent);
+    if (status) {
+        WTFLogAlways("Couldn't get RSA key components, status %d", status);
+        return 0;
+    }
+
+    return modulus.size() * 8;
+}
+
+void CryptoKeyRSA::buildAlgorithmDescription(CryptoAlgorithmDescriptionBuilder& builder) const
+{
+    CryptoKey::buildAlgorithmDescription(builder);
+
+    Vector<uint8_t> modulus;
+    Vector<uint8_t> publicExponent;
+    CCCryptorStatus status = getPublicKeyComponents(m_platformKey, modulus, publicExponent);
     if (status) {
         WTFLogAlways("Couldn't get RSA key components, status %d", status);
@@ -155 +175 @@
 std::unique_ptr<CryptoKeyData> CryptoKeyRSA::exportData() const
 {
-    // Not implemented yet.
     ASSERT(extractable());
-    return nullptr;
+
+    switch (CCRSAGetKeyType(m_platformKey)) {
+    case ccRSAKeyPublic: {
+        Vector<uint8_t> modulus;
+        Vector<uint8_t> publicExponent;
+        CCCryptorStatus status = getPublicKeyComponents(m_platformKey, modulus, publicExponent);
+        if (status) {
+            WTFLogAlways("Couldn't get RSA key components, status %d", status);
+            return nullptr;
+        }
+        return CryptoKeyDataRSAComponents::createPublic(modulus, publicExponent);
+    }
+    case ccRSAKeyPrivate:
+        // Not supported yet.
+    default:
+        return nullptr;
+    }
 }