Changeset 159637 in webkit

Timestamp:

Nov 21, 2013 11:05:43 AM (10 years ago)

Author:

ap@apple.com

Message:

Implement WebCrypto unwrapKey
​https://bugs.webkit.org/show_bug.cgi?id=124725

Reviewed by Anders Carlsson.

Source/WebCore:

Tests: crypto/subtle/aes-cbc-unwrap-failure.html

crypto/subtle/aes-cbc-unwrap-rsa.html

• bindings/js/JSCryptoAlgorithmDictionary.cpp:
• bindings/js/JSCryptoAlgorithmDictionary.h:

Removed calls for wrap/unwrap parameter parsing, these are just the same as encrypt/decrypt.

• bindings/js/JSCryptoOperationData.cpp:

(WebCore::cryptoOperationDataFromJSValue):

• bindings/js/JSCryptoOperationData.h:
• crypto/CryptoKeySerialization.h:

More Vector<char> elimination.

• bindings/js/JSDOMPromise.cpp:
• bindings/js/JSDOMPromise.h:

Removed unneccessary copy constructor and assignment operator, they are no diffdrent
than compiler generated ones.

• bindings/js/JSSubtleCryptoCustom.cpp:

(WebCore::cryptoKeyUsagesFromJSValue): Minor style fixes.
(WebCore::JSSubtleCrypto::encrypt): Ditto.
(WebCore::JSSubtleCrypto::decrypt): Ditto.
(WebCore::JSSubtleCrypto::sign): Ditto.
(WebCore::JSSubtleCrypto::verify): Ditto.
(WebCore::JSSubtleCrypto::generateKey): Ditto.
(WebCore::importKey): Separated actual import operation and the parts that read
arguments from ExecState, and call the promise. Logically, this should be outside
of bindings code even, but JWK makes that quite challenging.
(WebCore::JSSubtleCrypto::importKey): This only does the more mundane arguments
and return parts now.
(WebCore::JSSubtleCrypto::exportKey): Minor style fixes.
(WebCore::JSSubtleCrypto::unwrapKey): Chain decrypt and import.

• crypto/CryptoAlgorithm.cpp:

(WebCore::CryptoAlgorithm::encryptForWrapKey):
(WebCore::CryptoAlgorithm::decryptForUnwrapKey):

• crypto/CryptoAlgorithm.h:

There are algorithms that expose wrap/unwrap, but not encrypt/decrypt. These will
override these new functions, and leave encrypt/decrypt to raise NOT_SUPPORTED_ERR.

• crypto/SubtleCrypto.idl: Added unwrapKey.

LayoutTests:

• crypto/subtle/aes-cbc-unwrap-failure-expected.txt: Added.
• crypto/subtle/aes-cbc-unwrap-failure.html: Added.
• crypto/subtle/aes-cbc-unwrap-rsa-expected.txt: Added.
• crypto/subtle/aes-cbc-unwrap-rsa.html: Added.

Location:

trunk

Files:

• LayoutTests/ChangeLog (modified) (1 diff)
• LayoutTests/crypto/subtle/aes-cbc-unwrap-failure-expected.txt (added)
• LayoutTests/crypto/subtle/aes-cbc-unwrap-failure.html (added)
• LayoutTests/crypto/subtle/aes-cbc-unwrap-rsa-expected.txt (added)
• LayoutTests/crypto/subtle/aes-cbc-unwrap-rsa.html (added)
• Source/WebCore/ChangeLog (modified) (1 diff)
• Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.h (modified) (1 diff)
• Source/WebCore/bindings/js/JSCryptoOperationData.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/JSCryptoOperationData.h (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMPromise.cpp (modified) (1 diff)
• Source/WebCore/bindings/js/JSDOMPromise.h (modified) (1 diff)
• Source/WebCore/bindings/js/JSSubtleCryptoCustom.cpp (modified) (15 diffs)
• Source/WebCore/crypto/CryptoAlgorithm.cpp (modified) (1 diff)
• Source/WebCore/crypto/CryptoAlgorithm.h (modified) (2 diffs)
• Source/WebCore/crypto/CryptoKeySerialization.h (modified) (1 diff)
• Source/WebCore/crypto/SubtleCrypto.idl (modified) (1 diff)

trunk/LayoutTests/ChangeLog

@@ +1 @@
+2013-11-21  Alexey Proskuryakov  <ap@apple.com>
+
+        Implement WebCrypto unwrapKey
+        https://bugs.webkit.org/show_bug.cgi?id=124725
+
+        Reviewed by Anders Carlsson.
+
+        * crypto/subtle/aes-cbc-unwrap-failure-expected.txt: Added.
+        * crypto/subtle/aes-cbc-unwrap-failure.html: Added.
+        * crypto/subtle/aes-cbc-unwrap-rsa-expected.txt: Added.
+        * crypto/subtle/aes-cbc-unwrap-rsa.html: Added.
+
 2013-11-21  Radu Stavila  <stavila@adobe.com>
 

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-11-21  Alexey Proskuryakov  <ap@apple.com>
+
+        Implement WebCrypto unwrapKey
+        https://bugs.webkit.org/show_bug.cgi?id=124725
+
+        Reviewed by Anders Carlsson.
+
+        Tests: crypto/subtle/aes-cbc-unwrap-failure.html
+               crypto/subtle/aes-cbc-unwrap-rsa.html
+
+        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
+        * bindings/js/JSCryptoAlgorithmDictionary.h:
+        Removed calls for wrap/unwrap parameter parsing, these are just the same as encrypt/decrypt.
+
+        * bindings/js/JSCryptoOperationData.cpp:
+        (WebCore::cryptoOperationDataFromJSValue):
+        * bindings/js/JSCryptoOperationData.h:
+        * crypto/CryptoKeySerialization.h:
+        More Vector<char> elimination.
+
+        * bindings/js/JSDOMPromise.cpp:
+        * bindings/js/JSDOMPromise.h:
+        Removed unneccessary copy constructor and assignment operator, they are no diffdrent
+        than compiler generated ones.
+
+        * bindings/js/JSSubtleCryptoCustom.cpp:
+        (WebCore::cryptoKeyUsagesFromJSValue): Minor style fixes.
+        (WebCore::JSSubtleCrypto::encrypt): Ditto.
+        (WebCore::JSSubtleCrypto::decrypt): Ditto.
+        (WebCore::JSSubtleCrypto::sign): Ditto.
+        (WebCore::JSSubtleCrypto::verify): Ditto.
+        (WebCore::JSSubtleCrypto::generateKey): Ditto.
+        (WebCore::importKey): Separated actual import operation and the parts that read
+        arguments from ExecState, and call the promise. Logically, this should be outside
+        of bindings code even, but JWK makes that quite challenging.
+        (WebCore::JSSubtleCrypto::importKey): This only does the more mundane arguments
+        and return parts now.
+        (WebCore::JSSubtleCrypto::exportKey): Minor style fixes.
+        (WebCore::JSSubtleCrypto::unwrapKey): Chain decrypt and import.
+
+        * crypto/CryptoAlgorithm.cpp:
+        (WebCore::CryptoAlgorithm::encryptForWrapKey):
+        (WebCore::CryptoAlgorithm::decryptForUnwrapKey):
+        * crypto/CryptoAlgorithm.h:
+        There are algorithms that expose wrap/unwrap, but not encrypt/decrypt. These will
+        override these new functions, and leave encrypt/decrypt to raise NOT_SUPPORTED_ERR.
+
+        * crypto/SubtleCrypto.idl: Added unwrapKey.
+
 2013-11-21  Robert Sipka  <sipka@inf.u-szeged.hu>
 

trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp

@@ -585 +585 @@
 }
 
-std::unique_ptr<CryptoAlgorithmParameters> JSCryptoAlgorithmDictionary::createParametersForWrapKey(ExecState* exec, CryptoAlgorithmIdentifier algorithm, JSValue)
-{
-    switch (algorithm) {
-    case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5:
-    case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5:
-    case CryptoAlgorithmIdentifier::RSA_PSS:
-    case CryptoAlgorithmIdentifier::RSA_OAEP:
-    case CryptoAlgorithmIdentifier::ECDSA:
-    case CryptoAlgorithmIdentifier::ECDH:
-    case CryptoAlgorithmIdentifier::AES_CTR:
-    case CryptoAlgorithmIdentifier::AES_CBC:
-    case CryptoAlgorithmIdentifier::AES_CMAC:
-    case CryptoAlgorithmIdentifier::AES_GCM:
-    case CryptoAlgorithmIdentifier::AES_CFB:
-    case CryptoAlgorithmIdentifier::HMAC:
-    case CryptoAlgorithmIdentifier::DH:
-    case CryptoAlgorithmIdentifier::SHA_1:
-    case CryptoAlgorithmIdentifier::SHA_224:
-    case CryptoAlgorithmIdentifier::SHA_256:
-    case CryptoAlgorithmIdentifier::SHA_384:
-    case CryptoAlgorithmIdentifier::SHA_512:
-    case CryptoAlgorithmIdentifier::CONCAT:
-    case CryptoAlgorithmIdentifier::HKDF_CTR:
-    case CryptoAlgorithmIdentifier::PBKDF2:
-        setDOMException(exec, NOT_SUPPORTED_ERR);
-        return nullptr;
-    }
-}
-
-std::unique_ptr<CryptoAlgorithmParameters> JSCryptoAlgorithmDictionary::createParametersForUnwrapKey(ExecState* exec, CryptoAlgorithmIdentifier algorithm, JSValue)
-{
-    switch (algorithm) {
-    case CryptoAlgorithmIdentifier::RSAES_PKCS1_v1_5:
-    case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5:
-    case CryptoAlgorithmIdentifier::RSA_PSS:
-    case CryptoAlgorithmIdentifier::RSA_OAEP:
-    case CryptoAlgorithmIdentifier::ECDSA:
-    case CryptoAlgorithmIdentifier::ECDH:
-    case CryptoAlgorithmIdentifier::AES_CTR:
-    case CryptoAlgorithmIdentifier::AES_CBC:
-    case CryptoAlgorithmIdentifier::AES_CMAC:
-    case CryptoAlgorithmIdentifier::AES_GCM:
-    case CryptoAlgorithmIdentifier::AES_CFB:
-    case CryptoAlgorithmIdentifier::HMAC:
-    case CryptoAlgorithmIdentifier::DH:
-    case CryptoAlgorithmIdentifier::SHA_1:
-    case CryptoAlgorithmIdentifier::SHA_224:
-    case CryptoAlgorithmIdentifier::SHA_256:
-    case CryptoAlgorithmIdentifier::SHA_384:
-    case CryptoAlgorithmIdentifier::SHA_512:
-    case CryptoAlgorithmIdentifier::CONCAT:
-    case CryptoAlgorithmIdentifier::HKDF_CTR:
-    case CryptoAlgorithmIdentifier::PBKDF2:
-        setDOMException(exec, NOT_SUPPORTED_ERR);
-        return nullptr;
-    }
-}
-
 }
 

trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.h

@@ -54 +54 @@
     static std::unique_ptr<CryptoAlgorithmParameters> createParametersForImportKey(JSC::ExecState*, CryptoAlgorithmIdentifier, JSC::JSValue);
     static std::unique_ptr<CryptoAlgorithmParameters> createParametersForExportKey(JSC::ExecState*, CryptoAlgorithmIdentifier, JSC::JSValue);
-    static std::unique_ptr<CryptoAlgorithmParameters> createParametersForWrapKey(JSC::ExecState*, CryptoAlgorithmIdentifier, JSC::JSValue);
-    static std::unique_ptr<CryptoAlgorithmParameters> createParametersForUnwrapKey(JSC::ExecState*, CryptoAlgorithmIdentifier, JSC::JSValue);
 };
 

trunk/Source/WebCore/bindings/js/JSCryptoOperationData.cpp

@@ -38 +38 @@
 {
     if (ArrayBuffer* buffer = toArrayBuffer(value))
-        result = std::make_pair(static_cast<char*>(buffer->data()), buffer->byteLength());
+        result = std::make_pair(static_cast<uint8_t*>(buffer->data()), buffer->byteLength());
     else if (RefPtr<ArrayBufferView> bufferView = toArrayBufferView(value))
-        result = std::make_pair(static_cast<char*>(bufferView->baseAddress()), bufferView->byteLength());
+        result = std::make_pair(static_cast<uint8_t*>(bufferView->baseAddress()), bufferView->byteLength());
     else {
         throwTypeError(exec, "Only ArrayBuffer and ArrayBufferView objects can be passed as CryptoOperationData");

trunk/Source/WebCore/bindings/js/JSCryptoOperationData.h

@@ -36 +36 @@
 namespace WebCore {
 
-typedef std::pair<const char*, size_t> CryptoOperationData;
+typedef std::pair<const uint8_t*, size_t> CryptoOperationData;
 
 bool cryptoOperationDataFromJSValue(JSC::ExecState*, JSC::JSValue, CryptoOperationData&);

trunk/Source/WebCore/bindings/js/JSDOMPromise.cpp

@@ -35 +35 @@
 }
 
-PromiseWrapper::PromiseWrapper(const PromiseWrapper& other)
-    : m_globalObject(other.m_globalObject)
-    , m_promise(other.m_promise)
-{
 }
-
-PromiseWrapper& PromiseWrapper::operator=(const PromiseWrapper& other)
-{
-    m_globalObject = other.m_globalObject;
-    m_promise = other.m_promise;
-    return *this;
-}
-
-}

trunk/Source/WebCore/bindings/js/JSDOMPromise.h

@@ -40 +40 @@
 public:
     PromiseWrapper(JSDOMGlobalObject*, JSC::JSPromise*);
-
-    PromiseWrapper(const PromiseWrapper&);
-    PromiseWrapper& operator=(const PromiseWrapper&);
 
     template<class FulfillResultType>

trunk/Source/WebCore/bindings/js/JSSubtleCryptoCustom.cpp

@@ -103 +103 @@
     result = 0;
 
-    JSC::JSArray* array = asArray(value);
+    JSArray* array = asArray(value);
     for (size_t i = 0; i < array->length(); ++i) {
-        JSC::JSValue element = array->getIndex(exec, i);
+        JSValue element = array->getIndex(exec, i);
         String usageString = element.toString(exec)->value(exec);
         if (exec->hadException())
@@ -151 +151 @@
 
     if (!key->allows(CryptoKeyUsageEncrypt)) {
-        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages does not include 'encrypt'");
+        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages do not include 'encrypt'");
         setDOMException(exec, NOT_SUPPORTED_ERR);
         return jsUndefined();
@@ -203 +203 @@
 
     if (!key->allows(CryptoKeyUsageDecrypt)) {
-        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages does not include 'decrypt'");
+        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages do not include 'decrypt'");
         setDOMException(exec, NOT_SUPPORTED_ERR);
         return jsUndefined();
@@ -255 +255 @@
 
     if (!key->allows(CryptoKeyUsageSign)) {
-        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages does not include 'sign'");
+        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages do not include 'sign'");
         setDOMException(exec, NOT_SUPPORTED_ERR);
         return jsUndefined();
@@ -307 +307 @@
 
     if (!key->allows(CryptoKeyUsageVerify)) {
-        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages does not include 'verify'");
+        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages do not include 'verify'");
         setDOMException(exec, NOT_SUPPORTED_ERR);
         return jsUndefined();
@@ -385 +385 @@
 }
 
-JSValue JSSubtleCrypto::generateKey(JSC::ExecState* exec)
+JSValue JSSubtleCrypto::generateKey(ExecState* exec)
 {
     if (exec->argumentCount() < 1)
@@ -441 +441 @@
 }
 
-JSValue JSSubtleCrypto::importKey(JSC::ExecState* exec)
-{
-    if (exec->argumentCount() < 3)
-        return exec->vm().throwException(exec, createNotEnoughArgumentsError(exec));
-
-    CryptoKeyFormat keyFormat;
-    if (!cryptoKeyFormatFromJSValue(exec, exec->argument(0), keyFormat)) {
-        ASSERT(exec->hadException());
-        return jsUndefined();
-    }
-
-    CryptoOperationData data;
-    if (!cryptoOperationDataFromJSValue(exec, exec->uncheckedArgument(1), data)) {
-        ASSERT(exec->hadException());
-        return jsUndefined();
-    }
-
-    std::unique_ptr<CryptoAlgorithm> algorithm;
-    std::unique_ptr<CryptoAlgorithmParameters> parameters;
-    if (!exec->uncheckedArgument(2).isNull()) {
-        algorithm = createAlgorithmFromJSValue(exec, exec->uncheckedArgument(2));
-        if (!algorithm) {
-            ASSERT(exec->hadException());
-            return jsUndefined();
-        }
-        parameters = JSCryptoAlgorithmDictionary::createParametersForImportKey(exec, algorithm->identifier(), exec->uncheckedArgument(2));
-        if (!parameters) {
-            ASSERT(exec->hadException());
-            return jsUndefined();
-        }
-    }
+static void importKey(ExecState* exec, CryptoKeyFormat keyFormat, CryptoOperationData data, CryptoAlgorithm* algorithmPtr, CryptoAlgorithmParameters* parametersPtr, bool extractable, CryptoKeyUsage keyUsages, CryptoAlgorithm::KeyCallback callback, CryptoAlgorithm::VoidCallback failureCallback)
+{
+    std::unique_ptr<CryptoAlgorithm> algorithm(algorithmPtr);
+    std::unique_ptr<CryptoAlgorithmParameters> parameters(parametersPtr);
 
     std::unique_ptr<CryptoKeySerialization> keySerialization;
@@ -482 +455 @@
         if (jwkString.isNull()) {
             throwTypeError(exec, "JWK JSON serialization is not valid UTF-8");
-            return jsUndefined();
+            return;
         }
         keySerialization = JSCryptoKeySerializationJWK::create(exec, jwkString);
         if (exec->hadException())
-            return jsUndefined();
+            return;
         break;
     }
     default:
         throwTypeError(exec, "Unsupported key format for import");
-        return jsUndefined();
+        return;
     }
 
@@ -499 +472 @@
         if (!exec->hadException())
             throwTypeError(exec, "Algorithm specified in key is not compatible with one passed to importKey as argument");
-        return jsUndefined();
+        return;
     }
     if (exec->hadException())
-        return jsUndefined();
+        return;
 
     if (!algorithm) {
         throwTypeError(exec, "Neither key nor function argument has crypto algorithm specified");
-        return jsUndefined();
+        return;
     }
     ASSERT(parameters);
+
+    keySerialization->reconcileExtractable(extractable);
+    if (exec->hadException())
+        return;
+
+    keySerialization->reconcileUsages(keyUsages);
+    if (exec->hadException())
+        return;
+
+    auto keyData = keySerialization->keyData();
+    if (exec->hadException())
+        return;
+
+    ExceptionCode ec = 0;
+    algorithm->importKey(*parameters, *keyData, extractable, keyUsages, std::move(callback), std::move(failureCallback), ec);
+    if (ec)
+        setDOMException(exec, ec);
+}
+
+JSValue JSSubtleCrypto::importKey(ExecState* exec)
+{
+    if (exec->argumentCount() < 3)
+        return exec->vm().throwException(exec, createNotEnoughArgumentsError(exec));
+
+    CryptoKeyFormat keyFormat;
+    if (!cryptoKeyFormatFromJSValue(exec, exec->argument(0), keyFormat)) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+
+    CryptoOperationData data;
+    if (!cryptoOperationDataFromJSValue(exec, exec->uncheckedArgument(1), data)) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+
+    std::unique_ptr<CryptoAlgorithm> algorithm;
+    std::unique_ptr<CryptoAlgorithmParameters> parameters;
+    if (!exec->uncheckedArgument(2).isNull()) {
+        algorithm = createAlgorithmFromJSValue(exec, exec->uncheckedArgument(2));
+        if (!algorithm) {
+            ASSERT(exec->hadException());
+            return jsUndefined();
+        }
+        parameters = JSCryptoAlgorithmDictionary::createParametersForImportKey(exec, algorithm->identifier(), exec->uncheckedArgument(2));
+        if (!parameters) {
+            ASSERT(exec->hadException());
+            return jsUndefined();
+        }
+    }
 
     bool extractable = false;
@@ -516 +539 @@
             return jsUndefined();
     }
-    keySerialization->reconcileExtractable(extractable);
-    if (exec->hadException())
-        return jsUndefined();
 
     CryptoKeyUsage keyUsages = 0;
@@ -527 +547 @@
         }
     }
-    keySerialization->reconcileUsages(keyUsages);
-    if (exec->hadException())
-        return jsUndefined();
-
-    auto keyData = keySerialization->keyData();
-    if (exec->hadException())
-        return jsUndefined();
 
     JSPromise* promise = JSPromise::createWithResolver(exec->vm(), globalObject());
@@ -544 +557 @@
     };
 
-    ExceptionCode ec = 0;
-    algorithm->importKey(*parameters, *keyData, extractable, keyUsages, std::move(successCallback), std::move(failureCallback), ec);
-    if (ec) {
-        setDOMException(exec, ec);
-        return jsUndefined();
-    }
-
-    return promise;
-}
-
-JSValue JSSubtleCrypto::exportKey(JSC::ExecState* exec)
+    WebCore::importKey(exec, keyFormat, data, algorithm.release(), parameters.release(), extractable, keyUsages, successCallback, failureCallback);
+    if (exec->hadException())
+        return jsUndefined();
+
+    return promise;
+}
+
+JSValue JSSubtleCrypto::exportKey(ExecState* exec)
 {
     if (exec->argumentCount() < 2)
@@ -580 +590 @@
     switch (keyFormat) {
     case CryptoKeyFormat::Raw: {
-        Vector<unsigned char> result;
+        Vector<uint8_t> result;
         if (CryptoKeySerializationRaw::serialize(*key, result))
             promiseWrapper.fulfill(result);
@@ -594 +604 @@
             return jsUndefined();
         CString utf8String = result.utf8(StrictConversion);
-        Vector<unsigned char> resultBuffer;
+        Vector<uint8_t> resultBuffer;
         resultBuffer.append(utf8String.data(), utf8String.length());
         promiseWrapper.fulfill(resultBuffer);
@@ -607 +617 @@
 }
 
+JSValue JSSubtleCrypto::unwrapKey(ExecState* exec)
+{
+    if (exec->argumentCount() < 5)
+        return exec->vm().throwException(exec, createNotEnoughArgumentsError(exec));
+
+    CryptoKeyFormat keyFormat;
+    if (!cryptoKeyFormatFromJSValue(exec, exec->argument(0), keyFormat)) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+
+    CryptoOperationData wrappedKeyData;
+    if (!cryptoOperationDataFromJSValue(exec, exec->uncheckedArgument(1), wrappedKeyData)) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+
+    RefPtr<CryptoKey> unwrappingKey = toCryptoKey(exec->uncheckedArgument(2));
+    if (!unwrappingKey)
+        return throwTypeError(exec);
+
+    if (!unwrappingKey->allows(CryptoKeyUsageUnwrapKey)) {
+        m_impl->document()->addConsoleMessage(JSMessageSource, ErrorMessageLevel, "Key usages do not include 'unwrapKey'");
+        setDOMException(exec, NOT_SUPPORTED_ERR);
+        return jsUndefined();
+    }
+
+    std::unique_ptr<CryptoAlgorithm> unwrapAlgorithm;
+    std::unique_ptr<CryptoAlgorithmParameters> unwrapAlgorithmParameters;
+    unwrapAlgorithm = createAlgorithmFromJSValue(exec, exec->uncheckedArgument(3));
+    if (!unwrapAlgorithm) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+    unwrapAlgorithmParameters = JSCryptoAlgorithmDictionary::createParametersForDecrypt(exec, unwrapAlgorithm->identifier(), exec->uncheckedArgument(3));
+    if (!unwrapAlgorithmParameters) {
+        ASSERT(exec->hadException());
+        return jsUndefined();
+    }
+
+    std::unique_ptr<CryptoAlgorithm> unwrappedKeyAlgorithm;
+    std::unique_ptr<CryptoAlgorithmParameters> unwrappedKeyAlgorithmParameters;
+    if (!exec->uncheckedArgument(4).isNull()) {
+        unwrappedKeyAlgorithm = createAlgorithmFromJSValue(exec, exec->uncheckedArgument(4));
+        if (!unwrappedKeyAlgorithm) {
+            ASSERT(exec->hadException());
+            return jsUndefined();
+        }
+        unwrappedKeyAlgorithmParameters = JSCryptoAlgorithmDictionary::createParametersForImportKey(exec, unwrappedKeyAlgorithm->identifier(), exec->uncheckedArgument(4));
+        if (!unwrappedKeyAlgorithmParameters) {
+            ASSERT(exec->hadException());
+            return jsUndefined();
+        }
+    }
+
+    bool extractable = false;
+    if (exec->argumentCount() >= 6) {
+        extractable = exec->uncheckedArgument(5).toBoolean(exec);
+        if (exec->hadException())
+            return jsUndefined();
+    }
+
+    CryptoKeyUsage keyUsages = 0;
+    if (exec->argumentCount() >= 7) {
+        if (!cryptoKeyUsagesFromJSValue(exec, exec->argument(6), keyUsages)) {
+            ASSERT(exec->hadException());
+            return jsUndefined();
+        }
+    }
+
+    JSPromise* promise = JSPromise::createWithResolver(exec->vm(), globalObject());
+    PromiseWrapper promiseWrapper(globalObject(), promise);
+    Strong<JSDOMGlobalObject> domGlobalObject(exec->vm(), globalObject());
+
+    CryptoAlgorithm* unwrappedKeyAlgorithmPtr = unwrappedKeyAlgorithm.release();
+    CryptoAlgorithmParameters* unwrappedKeyAlgorithmParametersPtr = unwrappedKeyAlgorithmParameters.release();
+
+    auto failureCallback = [promiseWrapper]() mutable {
+        promiseWrapper.reject(nullptr);
+    };
+
+    auto successCallback = [domGlobalObject, keyFormat, unwrappedKeyAlgorithmPtr, unwrappedKeyAlgorithmParametersPtr, extractable, keyUsages, promiseWrapper, failureCallback](const Vector<uint8_t>& result) mutable {
+        auto importSuccessCallback = [promiseWrapper](CryptoKey& key) mutable {
+            promiseWrapper.fulfill(&key);
+        };
+        ExecState* exec = domGlobalObject->globalExec();
+        WebCore::importKey(exec, keyFormat, std::make_pair(result.data(), result.size()), unwrappedKeyAlgorithmPtr, unwrappedKeyAlgorithmParametersPtr, extractable, keyUsages, importSuccessCallback, failureCallback);
+        if (exec->hadException()) {
+            // FIXME: Report exception details to console, and possibly to calling script once there is a standardized way to pass errors to WebCrypto promise reject functions.
+            exec->clearException();
+            failureCallback();
+        }
+    };
+
+    ExceptionCode ec = 0;
+    unwrapAlgorithm->decryptForUnwrapKey(*unwrapAlgorithmParameters, *unwrappingKey, wrappedKeyData, std::move(successCallback), std::move(failureCallback), ec);
+    if (ec) {
+        setDOMException(exec, ec);
+        return jsUndefined();
+    }
+
+    return promise;
+}
+
 } // namespace WebCore
 

trunk/Source/WebCore/crypto/CryptoAlgorithm.cpp

@@ -86 +86 @@
 }
 
+void CryptoAlgorithm::encryptForWrapKey(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    encrypt(parameters, key, data, callback, failureCallback, ec);
+}
+
+void CryptoAlgorithm::decryptForUnwrapKey(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    decrypt(parameters, key, data, callback, failureCallback, ec);
+}
+
 }
 

trunk/Source/WebCore/crypto/CryptoAlgorithm.h

@@ -45 +45 @@
 
 // Data is mutable, so async operations should copy it first.
-typedef std::pair<const char*, size_t> CryptoOperationData;
+typedef std::pair<const uint8_t*, size_t> CryptoOperationData;
 
 class CryptoAlgorithm {
@@ -70 +70 @@
     virtual void importKey(const CryptoAlgorithmParameters&, const CryptoKeyData&, bool extractable, CryptoKeyUsage, KeyCallback, VoidCallback failureCallback, ExceptionCode&);
 
+    // These are only different from encrypt/decrypt because some algorithms may not expose encrypt/decrypt.
+    virtual void encryptForWrapKey(const CryptoAlgorithmParameters&, const CryptoKey&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
+    virtual void decryptForUnwrapKey(const CryptoAlgorithmParameters&, const CryptoKey&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
+
 protected:
     CryptoAlgorithm();

trunk/Source/WebCore/crypto/CryptoKeySerialization.h

@@ -38 +38 @@
 class CryptoKeyData;
 
-typedef std::pair<const char*, size_t> CryptoOperationData;
+typedef std::pair<const uint8_t*, size_t> CryptoOperationData;
 
 class CryptoKeySerialization {

trunk/Source/WebCore/crypto/SubtleCrypto.idl

@@ -38 +38 @@
     [Custom] Promise importKey(KeyFormat format, CryptoOperationData keyData, AlgorithmIdentifier? algorithm, optional boolean extractable, optional KeyUsage[] keyUsages);
     [Custom] Promise exportKey(KeyFormat format, Key key);
+    [Custom] Promise unwrapKey(KeyFormat format, CryptoOperationData wrappedKey, Key unwrappingKey, AlgorithmIdentifier unwrapAlgorithm, AlgorithmIdentifier? unwrappedKeyAlgorithm, optional boolean extractable, optional KeyUsage[] keyUsages);
 };