Changeset 159717 in webkit

Timestamp:

Nov 22, 2013 3:43:54 PM (10 years ago)

Author:

ap@apple.com

Message:

WebCrypto algorithms should check that key algorithm matches
​https://bugs.webkit.org/show_bug.cgi?id=123628

Reviewed by Anders Carlsson.

No change in behavior yet, because we have one algorithm per key class.
Will be tested once more algorithms are added.

• WebCore.xcodeproj/project.pbxproj: Updated for file renames.

• bindings/js/JSCryptoAlgorithmDictionary.cpp:

(WebCore::createRsaKeyParamsWithHash):
(WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):

• bindings/js/JSCryptoKeySerializationJWK.cpp:

(WebCore::createRSAKeyParametersWithHash):
(WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):

• crypto/CryptoAlgorithmParameters.h:

(WebCore::CryptoAlgorithmParameters::ENUM_CLASS):

• crypto/parameters/CryptoAlgorithmRsaKeyParamsWithHash.h: Copied from Source/WebCore/crypto/parameters/CryptoAlgorithmRsaSsaKeyParams.h.
• crypto/parameters/CryptoAlgorithmRsaSsaKeyParams.h: Removed.

Renamed RsaSsaKeyParams to RsaKeyParamsWithHash, because other algorithms (like RSA-OAEP)
are in the same boat. Depending on where the spec goes, we might need to introduce
algorithm specific RSA parameter classes later, but let's reduce copy/pasted code at
least for now.

• crypto/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp: Moved to the correct directory.
• crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp: Copied from Source/WebCore/crypto/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp.

(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign): Factored out Mac specific
code, leaving type casting to cross-platform files.
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify): Ditto.

• crypto/CryptoAlgorithmRegistry.h:

(WebCore::CryptoAlgorithmRegistry::registerAlgorithm):

• crypto/mac/CryptoAlgorithmRegistryMac.cpp:

(WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):
Reduce copy/pasting in registration code.

• crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:

(WebCore::CryptoAlgorithmAES_CBC::keyAlgorithmMatches): Check key type and algorithm.
(WebCore::CryptoAlgorithmAES_CBC::encrypt): Cross platform type casting code.
Maybe we'll find a way to autogenerate or eliminate it one day.
(WebCore::CryptoAlgorithmAES_CBC::decrypt): Ditto.

• crypto/algorithms/CryptoAlgorithmAES_CBC.h:
• crypto/algorithms/CryptoAlgorithmHMAC.cpp:

(WebCore::CryptoAlgorithmHMAC::keyAlgorithmMatches):
(WebCore::CryptoAlgorithmHMAC::sign):
(WebCore::CryptoAlgorithmHMAC::verify):

• crypto/algorithms/CryptoAlgorithmHMAC.h:
• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:

(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::keyAlgorithmMatches):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::sign):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::verify):
(WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):

• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
• crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:

(WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
(WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):

• crypto/mac/CryptoAlgorithmHMACMac.cpp:

(WebCore::CryptoAlgorithmHMAC::platformSign):
(WebCore::CryptoAlgorithmHMAC::platformVerify):
Same changes for all algorithms that have keys.

Location:

trunk/Source/WebCore

Files:

• ChangeLog (modified) (1 diff)
• WebCore.xcodeproj/project.pbxproj (modified) (4 diffs)
• bindings/js/JSCryptoAlgorithmDictionary.cpp (modified) (3 diffs)
• bindings/js/JSCryptoKeySerializationJWK.cpp (modified) (4 diffs)
• crypto/CryptoAlgorithmParameters.h (modified) (1 diff)
• crypto/CryptoAlgorithmRegistry.h (modified) (1 diff)
• crypto/algorithms/CryptoAlgorithmAES_CBC.cpp (modified) (2 diffs)
• crypto/algorithms/CryptoAlgorithmAES_CBC.h (modified) (2 diffs)
• crypto/algorithms/CryptoAlgorithmHMAC.cpp (modified) (1 diff)
• crypto/algorithms/CryptoAlgorithmHMAC.h (modified) (2 diffs)
• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp (modified) (4 diffs)
• crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h (modified) (2 diffs)
• crypto/mac/CryptoAlgorithmAES_CBCMac.cpp (modified) (1 diff)
• crypto/mac/CryptoAlgorithmHMACMac.cpp (modified) (1 diff)
• crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp (moved) (moved from trunk/Source/WebCore/crypto/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp) (4 diffs)
• crypto/mac/CryptoAlgorithmRegistryMac.cpp (modified) (1 diff)
• crypto/parameters/CryptoAlgorithmRsaKeyParamsWithHash.h (moved) (moved from trunk/Source/WebCore/crypto/parameters/CryptoAlgorithmRsaSsaKeyParams.h) (3 diffs)

trunk/Source/WebCore/ChangeLog

@@ +1 @@
+2013-11-22  Alexey Proskuryakov  <ap@apple.com>
+
+        WebCrypto algorithms should check that key algorithm matches
+        https://bugs.webkit.org/show_bug.cgi?id=123628
+
+        Reviewed by Anders Carlsson.
+
+        No change in behavior yet, because we have one algorithm per key class.
+        Will be tested once more algorithms are added.
+
+        * WebCore.xcodeproj/project.pbxproj: Updated for file renames.
+
+        * bindings/js/JSCryptoAlgorithmDictionary.cpp:
+        (WebCore::createRsaKeyParamsWithHash):
+        (WebCore::JSCryptoAlgorithmDictionary::createParametersForImportKey):
+        * bindings/js/JSCryptoKeySerializationJWK.cpp:
+        (WebCore::createRSAKeyParametersWithHash):
+        (WebCore::JSCryptoKeySerializationJWK::reconcileAlgorithm):
+        * crypto/CryptoAlgorithmParameters.h:
+        (WebCore::CryptoAlgorithmParameters::ENUM_CLASS):
+        * crypto/parameters/CryptoAlgorithmRsaKeyParamsWithHash.h: Copied from Source/WebCore/crypto/parameters/CryptoAlgorithmRsaSsaKeyParams.h.
+        * crypto/parameters/CryptoAlgorithmRsaSsaKeyParams.h: Removed.
+        Renamed RsaSsaKeyParams to RsaKeyParamsWithHash, because other algorithms (like RSA-OAEP)
+        are in the same boat. Depending on where the spec goes, we might need to introduce
+        algorithm specific RSA parameter classes later, but let's reduce copy/pasted code at
+        least for now.
+
+        * crypto/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp: Moved to the correct directory.
+        * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp: Copied from Source/WebCore/crypto/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp.
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign): Factored out Mac specific
+        code, leaving type casting to cross-platform files.
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify): Ditto.
+
+        * crypto/CryptoAlgorithmRegistry.h:
+        (WebCore::CryptoAlgorithmRegistry::registerAlgorithm):
+        * crypto/mac/CryptoAlgorithmRegistryMac.cpp:
+        (WebCore::CryptoAlgorithmRegistry::platformRegisterAlgorithms):
+        Reduce copy/pasting in registration code.
+
+        * crypto/algorithms/CryptoAlgorithmAES_CBC.cpp:
+        (WebCore::CryptoAlgorithmAES_CBC::keyAlgorithmMatches): Check key type and algorithm.
+        (WebCore::CryptoAlgorithmAES_CBC::encrypt): Cross platform type casting code.
+        Maybe we'll find a way to autogenerate or eliminate it one day.
+        (WebCore::CryptoAlgorithmAES_CBC::decrypt): Ditto.
+
+        * crypto/algorithms/CryptoAlgorithmAES_CBC.h:
+        * crypto/algorithms/CryptoAlgorithmHMAC.cpp:
+        (WebCore::CryptoAlgorithmHMAC::keyAlgorithmMatches):
+        (WebCore::CryptoAlgorithmHMAC::sign):
+        (WebCore::CryptoAlgorithmHMAC::verify):
+        * crypto/algorithms/CryptoAlgorithmHMAC.h:
+        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp:
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::keyAlgorithmMatches):
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::sign):
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::verify):
+        (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey):
+        * crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h:
+        * crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:
+        (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
+        (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
+        * crypto/mac/CryptoAlgorithmHMACMac.cpp:
+        (WebCore::CryptoAlgorithmHMAC::platformSign):
+        (WebCore::CryptoAlgorithmHMAC::platformVerify):
+        Same changes for all algorithms that have keys.
+
 2013-11-22  Brendan Long  <b.long@cablelabs.com>
 

trunk/Source/WebCore/WebCore.xcodeproj/project.pbxproj

@@ -5682 +5682 @@
                 E1BE512E0CF6C512002EA959 /* XSLTUnicodeSort.h in Headers */ = {isa = PBXBuildFile; fileRef = E1BE512C0CF6C512002EA959 /* XSLTUnicodeSort.h */; };
                 E1C266D818317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E1C266D618317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp */; };
-                E1C266DB18319935003F8B33 /* CryptoAlgorithmRsaSsaKeyParams.h in Headers */ = {isa = PBXBuildFile; fileRef = E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaSsaKeyParams.h */; };
+                E1C266DB18319935003F8B33 /* CryptoAlgorithmRsaKeyParamsWithHash.h in Headers */ = {isa = PBXBuildFile; fileRef = E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaKeyParamsWithHash.h */; };
                 E1C266DE18319F31003F8B33 /* CryptoKeyDataRSAComponents.cpp in Sources */ = {isa = PBXBuildFile; fileRef = E1C266DC18319F31003F8B33 /* CryptoKeyDataRSAComponents.cpp */; };
                 E1C266DF18319F31003F8B33 /* CryptoKeyDataRSAComponents.h in Headers */ = {isa = PBXBuildFile; fileRef = E1C266DD18319F31003F8B33 /* CryptoKeyDataRSAComponents.h */; };
@@ -12790 +12790 @@
                 E1BE512B0CF6C512002EA959 /* XSLTUnicodeSort.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = XSLTUnicodeSort.cpp; sourceTree = "<group>"; };
                 E1BE512C0CF6C512002EA959 /* XSLTUnicodeSort.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; path = XSLTUnicodeSort.h; sourceTree = "<group>"; };
-                E1C266D618317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; path = CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp; sourceTree = "<group>"; };
-                E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaSsaKeyParams.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CryptoAlgorithmRsaSsaKeyParams.h; path = parameters/CryptoAlgorithmRsaSsaKeyParams.h; sourceTree = "<group>"; };
+                E1C266D618317AB4003F8B33 /* CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp; path = mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp; sourceTree = "<group>"; };
+                E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaKeyParamsWithHash.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CryptoAlgorithmRsaKeyParamsWithHash.h; path = parameters/CryptoAlgorithmRsaKeyParamsWithHash.h; sourceTree = "<group>"; };
                 E1C266DC18319F31003F8B33 /* CryptoKeyDataRSAComponents.cpp */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.cpp.cpp; name = CryptoKeyDataRSAComponents.cpp; path = keys/CryptoKeyDataRSAComponents.cpp; sourceTree = "<group>"; };
                 E1C266DD18319F31003F8B33 /* CryptoKeyDataRSAComponents.h */ = {isa = PBXFileReference; fileEncoding = 4; lastKnownFileType = sourcecode.c.h; name = CryptoKeyDataRSAComponents.h; path = keys/CryptoKeyDataRSAComponents.h; sourceTree = "<group>"; };
@@ -20435 +20435 @@
                                 E1C6571E1816E50300256CDD /* CryptoAlgorithmHmacParams.h */,
                                 E1BD331D182D8F4200C05D9F /* CryptoAlgorithmRsaKeyGenParams.h */,
-                                E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaSsaKeyParams.h */,
+                                E1C266DA18319935003F8B33 /* CryptoAlgorithmRsaKeyParamsWithHash.h */,
+                                E1FE136C183FE21D00892F13 /* CryptoAlgorithmRsaOaepParams.h */,
                                 E1BD331B182D8EE900C05D9F /* CryptoAlgorithmRsaSsaParams.h */,
                         );
@@ -23753 +23754 @@
                                 B2FA3DDF0AB75A6F000E5AC4 /* JSSVGPathSegMovetoRel.h in Headers */,
                                 0705852117FDC140005F2BCB /* MediaTrackConstraint.h in Headers */,
-                                E1C266DB18319935003F8B33 /* CryptoAlgorithmRsaSsaKeyParams.h in Headers */,
+                                E1C266DB18319935003F8B33 /* CryptoAlgorithmRsaKeyParamsWithHash.h in Headers */,
                                 CD8B5A46180DFF4E008B8E65 /* VideoTrackMediaSource.h in Headers */,
                                 B2FA3DE10AB75A6F000E5AC4 /* JSSVGPatternElement.h in Headers */,

trunk/Source/WebCore/bindings/js/JSCryptoAlgorithmDictionary.cpp

@@ -35 +35 @@
 #include "CryptoAlgorithmRegistry.h"
 #include "CryptoAlgorithmRsaKeyGenParams.h"
-#include "CryptoAlgorithmRsaSsaKeyParams.h"
+#include "CryptoAlgorithmRsaKeyParamsWithHash.h"
 #include "CryptoAlgorithmRsaSsaParams.h"
 #include "ExceptionCode.h"
@@ -239 +239 @@
 }
 
-static std::unique_ptr<CryptoAlgorithmParameters> createRsaSsaKeyParams(ExecState*, JSValue)
-{
-    // WebCrypto RSASSA-PKCS1-v1_5 algorithm currently does not take any parameters to importKey.
-    return std::make_unique<CryptoAlgorithmRsaSsaKeyParams>();
+static std::unique_ptr<CryptoAlgorithmParameters> createRsaKeyParamsWithHash(ExecState*, JSValue)
+{
+    // WebCrypto RSA algorithms currently do not take any parameters to importKey.
+    return std::make_unique<CryptoAlgorithmRsaKeyParamsWithHash>();
 }
 
@@ -527 +527 @@
         return std::make_unique<CryptoAlgorithmParameters>();
     case CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5:
-        return createRsaSsaKeyParams(exec, value);
+        return createRsaKeyParamsWithHash(exec, value);
     case CryptoAlgorithmIdentifier::RSA_PSS:
     case CryptoAlgorithmIdentifier::RSA_OAEP:

trunk/Source/WebCore/bindings/js/JSCryptoKeySerializationJWK.cpp

@@ -32 +32 @@
 #include "CryptoAlgorithmHmacParams.h"
 #include "CryptoAlgorithmRegistry.h"
-#include "CryptoAlgorithmRsaSsaKeyParams.h"
+#include "CryptoAlgorithmRsaKeyParamsWithHash.h"
 #include "CryptoKey.h"
 #include "CryptoKeyAES.h"
@@ -156 +156 @@
 }
 
-static std::unique_ptr<CryptoAlgorithmParameters> createRSASSAKeyParameters(CryptoAlgorithmIdentifier hashFunction)
-{
-    std::unique_ptr<CryptoAlgorithmRsaSsaKeyParams> rsaSSAParameters = std::make_unique<CryptoAlgorithmRsaSsaKeyParams>();
-    rsaSSAParameters->hasHash = true;
-    rsaSSAParameters->hash = hashFunction;
-    return std::move(rsaSSAParameters);
-}
-
+static std::unique_ptr<CryptoAlgorithmParameters> createRSAKeyParametersWithHash(CryptoAlgorithmIdentifier hashFunction)
+{
+    std::unique_ptr<CryptoAlgorithmRsaKeyParamsWithHash> rsaKeyParameters = std::make_unique<CryptoAlgorithmRsaKeyParamsWithHash>();
+    rsaKeyParameters->hasHash = true;
+    rsaKeyParameters->hash = hashFunction;
+    return std::move(rsaKeyParameters);
+}
 
 bool JSCryptoKeySerializationJWK::reconcileAlgorithm(std::unique_ptr<CryptoAlgorithm>& suggestedAlgorithm, std::unique_ptr<CryptoAlgorithmParameters>& suggestedParameters) const
@@ -185 +184 @@
     } else if (m_jwkAlgorithmName == "RS256") {
         algorithm = CryptoAlgorithmRegistry::shared().create(CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5);
-        parameters = createRSASSAKeyParameters(CryptoAlgorithmIdentifier::SHA_256);
+        parameters = createRSAKeyParametersWithHash(CryptoAlgorithmIdentifier::SHA_256);
     } else if (m_jwkAlgorithmName == "RS384") {
         algorithm = CryptoAlgorithmRegistry::shared().create(CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5);
-        parameters = createRSASSAKeyParameters(CryptoAlgorithmIdentifier::SHA_384);
+        parameters = createRSAKeyParametersWithHash(CryptoAlgorithmIdentifier::SHA_384);
     } else if (m_jwkAlgorithmName == "RS512") {
         algorithm = CryptoAlgorithmRegistry::shared().create(CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5);
-        parameters = createRSASSAKeyParameters(CryptoAlgorithmIdentifier::SHA_512);
+        parameters = createRSAKeyParametersWithHash(CryptoAlgorithmIdentifier::SHA_512);
     } else if (m_jwkAlgorithmName == "A128CBC") {
         algorithm = CryptoAlgorithmRegistry::shared().create(CryptoAlgorithmIdentifier::AES_CBC);
@@ -221 +220 @@
         return toCryptoAlgorithmHmacParams(*parameters).hash == toCryptoAlgorithmHmacParams(*suggestedParameters).hash;
     if (algorithm->identifier() == CryptoAlgorithmIdentifier::RSASSA_PKCS1_v1_5) {
-        CryptoAlgorithmRsaSsaKeyParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaKeyParams(*parameters);
-        CryptoAlgorithmRsaSsaKeyParams& suggestedRSASSAParameters = toCryptoAlgorithmRsaSsaKeyParams(*suggestedParameters);
-        ASSERT(rsaSSAParameters.hasHash);
-        if (suggestedRSASSAParameters.hasHash)
-            return suggestedRSASSAParameters.hash == rsaSSAParameters.hash;
-        suggestedRSASSAParameters.hasHash = true;
-        suggestedRSASSAParameters.hash = rsaSSAParameters.hash;
+        CryptoAlgorithmRsaKeyParamsWithHash& rsaKeyParameters = toCryptoAlgorithmRsaKeyParamsWithHash(*parameters);
+        CryptoAlgorithmRsaKeyParamsWithHash& suggestedRSAKeyParameters = toCryptoAlgorithmRsaKeyParamsWithHash(*suggestedParameters);
+        ASSERT(rsaKeyParameters.hasHash);
+        if (suggestedRSAKeyParameters.hasHash)
+            return suggestedRSAKeyParameters.hash == rsaKeyParameters.hash;
+        suggestedRSAKeyParameters.hasHash = true;
+        suggestedRSAKeyParameters.hash = rsaKeyParameters.hash;
     }
 

trunk/Source/WebCore/crypto/CryptoAlgorithmParameters.h

@@ -46 +46 @@
         HmacParams,
         RsaKeyGenParams,
-        RsaSsaKeyParams,
+        RsaKeyParamsWithHash,
         RsaSsaParams
     };

trunk/Source/WebCore/crypto/CryptoAlgorithmRegistry.h

@@ -58 +58 @@
     typedef std::unique_ptr<CryptoAlgorithm> (*CryptoAlgorithmConstructor)();
 
+    template<typename AlgorithmClass> void registerAlgorithm()
+    {
+        registerAlgorithm(AlgorithmClass::s_name, AlgorithmClass::s_identifier, AlgorithmClass::create);
+    }
+
     void registerAlgorithm(const String& name, CryptoAlgorithmIdentifier, CryptoAlgorithmConstructor);
     HashMap<String, CryptoAlgorithmIdentifier> m_nameToIdentifierMap;

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_CBC.cpp

@@ -29 +29 @@
 #if ENABLE(SUBTLE_CRYPTO)
 
+#include "CryptoAlgorithmAesCbcParams.h"
 #include "CryptoAlgorithmAesKeyGenParams.h"
 #include "CryptoKeyAES.h"
@@ -54 +55 @@
 {
     return s_identifier;
+}
+
+bool CryptoAlgorithmAES_CBC::keyAlgorithmMatches(const CryptoAlgorithmAesCbcParams&, const CryptoKey& key) const
+{
+    if (key.algorithmIdentifier() != s_identifier)
+        return false;
+    ASSERT(isCryptoKeyAES(key));
+
+    return true;
+}
+
+void CryptoAlgorithmAES_CBC::encrypt(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmAesCbcParams& aesCBCParameters = toCryptoAlgorithmAesCbcParams(parameters);
+
+    if (!keyAlgorithmMatches(aesCBCParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformEncrypt(aesCBCParameters, toCryptoKeyAES(key), data, std::move(callback), std::move(failureCallback), ec);
+}
+
+void CryptoAlgorithmAES_CBC::decrypt(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmAesCbcParams& aesCBCParameters = toCryptoAlgorithmAesCbcParams(parameters);
+
+    if (!keyAlgorithmMatches(aesCBCParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformDecrypt(aesCBCParameters, toCryptoKeyAES(key), data, std::move(callback), std::move(failureCallback), ec);
 }
 

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmAES_CBC.h

@@ -33 +33 @@
 namespace WebCore {
 
+class CryptoAlgorithmAesCbcParams;
+class CryptoKeyAES;
+
 class CryptoAlgorithmAES_CBC FINAL : public CryptoAlgorithm {
 public:
@@ -50 +53 @@
     CryptoAlgorithmAES_CBC();
     virtual ~CryptoAlgorithmAES_CBC();
+
+    bool keyAlgorithmMatches(const CryptoAlgorithmAesCbcParams& algorithmParameters, const CryptoKey&) const;
+    void platformEncrypt(const CryptoAlgorithmAesCbcParams&, const CryptoKeyAES&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
+    void platformDecrypt(const CryptoAlgorithmAesCbcParams&, const CryptoKeyAES&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
 };
 

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.cpp

@@ -57 +57 @@
 }
 
+bool CryptoAlgorithmHMAC::keyAlgorithmMatches(const CryptoAlgorithmHmacParams&, const CryptoKey& key) const
+{
+    if (key.algorithmIdentifier() != s_identifier)
+        return false;
+    ASSERT(isCryptoKeyHMAC(key));
+
+    return true;
+}
+
+void CryptoAlgorithmHMAC::sign(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmHmacParams& hmacParameters = toCryptoAlgorithmHmacParams(parameters);
+
+    if (!keyAlgorithmMatches(hmacParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformSign(hmacParameters, toCryptoKeyHMAC(key), data, std::move(callback), std::move(failureCallback), ec);
+}
+
+void CryptoAlgorithmHMAC::verify(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& expectedSignature, const CryptoOperationData& data, BoolCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmHmacParams& hmacParameters = toCryptoAlgorithmHmacParams(parameters);
+
+    if (!keyAlgorithmMatches(hmacParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformVerify(hmacParameters, toCryptoKeyHMAC(key), expectedSignature, data, std::move(callback), std::move(failureCallback), ec);
+}
+
 void CryptoAlgorithmHMAC::generateKey(const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsage usages, KeyOrKeyPairCallback callback, VoidCallback failureCallback, ExceptionCode&)
 {

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmHMAC.h

@@ -33 +33 @@
 namespace WebCore {
 
+class CryptoAlgorithmHmacParams;
+class CryptoKeyHMAC;
+
 class CryptoAlgorithmHMAC FINAL : public CryptoAlgorithm {
 public:
@@ -50 +53 @@
     CryptoAlgorithmHMAC();
     virtual ~CryptoAlgorithmHMAC();
+
+    bool keyAlgorithmMatches(const CryptoAlgorithmHmacParams& algorithmParameters, const CryptoKey&) const;
+    void platformSign(const CryptoAlgorithmHmacParams&, const CryptoKeyHMAC&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
+    void platformVerify(const CryptoAlgorithmHmacParams&, const CryptoKeyHMAC&, const CryptoOperationData& signature, const CryptoOperationData& data, BoolCallback, VoidCallback failureCallback, ExceptionCode&);
 };
 

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.cpp

@@ -30 +30 @@
 
 #include "CryptoAlgorithmRsaKeyGenParams.h"
-#include "CryptoAlgorithmRsaSsaKeyParams.h"
+#include "CryptoAlgorithmRsaKeyParamsWithHash.h"
+#include "CryptoAlgorithmRsaSsaParams.h"
 #include "CryptoKeyDataRSAComponents.h"
 #include "CryptoKeyRSA.h"
+#include "ExceptionCode.h"
 
 namespace WebCore {
@@ -56 +58 @@
 }
 
+bool CryptoAlgorithmRSASSA_PKCS1_v1_5::keyAlgorithmMatches(const CryptoAlgorithmRsaSsaParams& algorithmParameters, const CryptoKey& key) const
+{
+    if (key.algorithmIdentifier() != s_identifier)
+        return false;
+    ASSERT(isCryptoKeyRSA(key));
+
+    CryptoAlgorithmIdentifier keyHash;
+    if (toCryptoKeyRSA(key).isRestrictedToHash(keyHash) && keyHash != algorithmParameters.hash)
+        return false;
+
+    return true;
+}
+
+void CryptoAlgorithmRSASSA_PKCS1_v1_5::sign(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmRsaSsaParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaParams(parameters);
+
+    if (!keyAlgorithmMatches(rsaSSAParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformSign(rsaSSAParameters, toCryptoKeyRSA(key), data, std::move(callback), std::move(failureCallback), ec);
+}
+
+void CryptoAlgorithmRSASSA_PKCS1_v1_5::verify(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& signature, const CryptoOperationData& data, BoolCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+{
+    const CryptoAlgorithmRsaSsaParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaParams(parameters);
+
+    if (!keyAlgorithmMatches(rsaSSAParameters, key)) {
+        ec = NOT_SUPPORTED_ERR;
+        return;
+    }
+
+    platformVerify(rsaSSAParameters, toCryptoKeyRSA(key), signature, data, std::move(callback), std::move(failureCallback), ec);
+}
+
 void CryptoAlgorithmRSASSA_PKCS1_v1_5::generateKey(const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsage usages, KeyOrKeyPairCallback callback, VoidCallback failureCallback, ExceptionCode&)
 {
@@ -69 +108 @@
 void CryptoAlgorithmRSASSA_PKCS1_v1_5::importKey(const CryptoAlgorithmParameters& parameters, const CryptoKeyData& keyData, bool extractable, CryptoKeyUsage usage, KeyCallback callback, VoidCallback failureCallback, ExceptionCode&)
 {
-    const CryptoAlgorithmRsaSsaKeyParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaKeyParams(parameters);
+    const CryptoAlgorithmRsaKeyParamsWithHash& rsaKeyParameters = toCryptoAlgorithmRsaKeyParamsWithHash(parameters);
     const CryptoKeyDataRSAComponents& rsaComponents = toCryptoKeyDataRSAComponents(keyData);
 
@@ -78 +117 @@
     }
 
-    if (rsaSSAParameters.hasHash)
-        result->restrictToHash(rsaSSAParameters.hash);
+    if (rsaKeyParameters.hasHash)
+        result->restrictToHash(rsaKeyParameters.hash);
 
     callback(*result);

trunk/Source/WebCore/crypto/algorithms/CryptoAlgorithmRSASSA_PKCS1_v1_5.h

@@ -33 +33 @@
 namespace WebCore {
 
+class CryptoAlgorithmRsaSsaParams;
+class CryptoKeyRSA;
+
 class CryptoAlgorithmRSASSA_PKCS1_v1_5 FINAL : public CryptoAlgorithm {
 public:
@@ -50 +53 @@
     CryptoAlgorithmRSASSA_PKCS1_v1_5();
     virtual ~CryptoAlgorithmRSASSA_PKCS1_v1_5();
+
+    bool keyAlgorithmMatches(const CryptoAlgorithmRsaSsaParams& algorithmParameters, const CryptoKey&) const;
+    void platformSign(const CryptoAlgorithmRsaSsaParams&, const CryptoKeyRSA&, const CryptoOperationData&, VectorCallback, VoidCallback failureCallback, ExceptionCode&);
+    void platformVerify(const CryptoAlgorithmRsaSsaParams&, const CryptoKeyRSA&, const CryptoOperationData& signature, const CryptoOperationData& data, BoolCallback, VoidCallback failureCallback, ExceptionCode&);
 };
 

trunk/Source/WebCore/crypto/mac/CryptoAlgorithmAES_CBCMac.cpp

@@ -83 +83 @@
 }
 
-void CryptoAlgorithmAES_CBC::encrypt(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+void CryptoAlgorithmAES_CBC::platformEncrypt(const CryptoAlgorithmAesCbcParams& parameters, const CryptoKeyAES& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode&)
 {
-    const CryptoAlgorithmAesCbcParams& aesCBCParameters = toCryptoAlgorithmAesCbcParams(parameters);
-
-    if (!isCryptoKeyAES(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyAES& aesKey = toCryptoKeyAES(key);
-
-    transformAES_CBC(kCCEncrypt, aesCBCParameters, aesKey, data, std::move(callback), std::move(failureCallback));
+    transformAES_CBC(kCCEncrypt, parameters, key, data, std::move(callback), std::move(failureCallback));
 }
 
-void CryptoAlgorithmAES_CBC::decrypt(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+void CryptoAlgorithmAES_CBC::platformDecrypt(const CryptoAlgorithmAesCbcParams& parameters, const CryptoKeyAES& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode&)
 {
-    const CryptoAlgorithmAesCbcParams& aesCBCParameters = toCryptoAlgorithmAesCbcParams(parameters);
-
-    if (!isCryptoKeyAES(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyAES& aesKey = toCryptoKeyAES(key);
-
-    transformAES_CBC(kCCDecrypt, aesCBCParameters, aesKey, data, std::move(callback), std::move(failureCallback));
+    transformAES_CBC(kCCDecrypt, parameters, key, data, std::move(callback), std::move(failureCallback));
 }
 

trunk/Source/WebCore/crypto/mac/CryptoAlgorithmHMACMac.cpp

@@ -89 +89 @@
 }
 
-void CryptoAlgorithmHMAC::sign(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback, ExceptionCode& ec)
+void CryptoAlgorithmHMAC::platformSign(const CryptoAlgorithmHmacParams& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback, ExceptionCode& ec)
 {
-    const CryptoAlgorithmHmacParams& hmacParameters = toCryptoAlgorithmHmacParams(parameters);
-
-    if (!isCryptoKeyHMAC(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyHMAC& hmacKey = toCryptoKeyHMAC(key);
-
     CCHmacAlgorithm algorithm;
-    if (!getCommonCryptoAlgorithm(hmacParameters.hash, algorithm)) {
+    if (!getCommonCryptoAlgorithm(parameters.hash, algorithm)) {
         ec = NOT_SUPPORTED_ERR;
         return;
     }
 
-    Vector<uint8_t> signature = calculateSignature(algorithm, hmacKey.key(), data);
+    Vector<uint8_t> signature = calculateSignature(algorithm, key.key(), data);
 
     callback(signature);
 }
 
-void CryptoAlgorithmHMAC::verify(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& expectedSignature, const CryptoOperationData& data, BoolCallback callback, VoidCallback, ExceptionCode& ec)
+void CryptoAlgorithmHMAC::platformVerify(const CryptoAlgorithmHmacParams& parameters, const CryptoKeyHMAC& key, const CryptoOperationData& expectedSignature, const CryptoOperationData& data, BoolCallback callback, VoidCallback, ExceptionCode& ec)
 {
-    const CryptoAlgorithmHmacParams& hmacParameters = toCryptoAlgorithmHmacParams(parameters);
-
-    if (!isCryptoKeyHMAC(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyHMAC& hmacKey = toCryptoKeyHMAC(key);
-
     CCHmacAlgorithm algorithm;
-    if (!getCommonCryptoAlgorithm(hmacParameters.hash, algorithm)) {
+    if (!getCommonCryptoAlgorithm(parameters.hash, algorithm)) {
         ec = NOT_SUPPORTED_ERR;
         return;
     }
 
-    Vector<uint8_t> signature = calculateSignature(algorithm, hmacKey.key(), data);
+    Vector<uint8_t> signature = calculateSignature(algorithm, key.key(), data);
 
     bool result = signature.size() == expectedSignature.second && !memcmp(signature.data(), expectedSignature.first, signature.size());

trunk/Source/WebCore/crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp

@@ -89 +89 @@
 }
 
-void CryptoAlgorithmRSASSA_PKCS1_v1_5::sign(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+void CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign(const CryptoAlgorithmRsaSsaParams& parameters, const CryptoKeyRSA& key, const CryptoOperationData& data, VectorCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
 {
-    const CryptoAlgorithmRsaSsaParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaParams(parameters);
-
-    if (!isCryptoKeyRSA(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
-
     CCDigestAlgorithm digestAlgorithm;
-    if (!getCommonCryptoDigestAlgorithm(rsaSSAParameters.hash, digestAlgorithm)) {
+    if (!getCommonCryptoDigestAlgorithm(parameters.hash, digestAlgorithm)) {
         ec = NOT_SUPPORTED_ERR;
         return;
     }
 
-    std::unique_ptr<CryptoDigest> digest = CryptoDigest::create(rsaSSAParameters.hash);
+    std::unique_ptr<CryptoDigest> digest = CryptoDigest::create(parameters.hash);
     if (!digest) {
         ec = NOT_SUPPORTED_ERR;
@@ -118 +110 @@
     size_t signatureSize = signature.size();
 
-    CCCryptorStatus status = CCRSACryptorSign(rsaKey.platformKey(), ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature.data(), &signatureSize);
+    CCCryptorStatus status = CCRSACryptorSign(key.platformKey(), ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature.data(), &signatureSize);
     if (status) {
         failureCallback();
@@ -128 +120 @@
 }
 
-void CryptoAlgorithmRSASSA_PKCS1_v1_5::verify(const CryptoAlgorithmParameters& parameters, const CryptoKey& key, const CryptoOperationData& signature, const CryptoOperationData& data, BoolCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
+void CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify(const CryptoAlgorithmRsaSsaParams& parameters, const CryptoKeyRSA& key, const CryptoOperationData& signature, const CryptoOperationData& data, BoolCallback callback, VoidCallback failureCallback, ExceptionCode& ec)
 {
-    const CryptoAlgorithmRsaSsaParams& rsaSSAParameters = toCryptoAlgorithmRsaSsaParams(parameters);
-
-    if (!isCryptoKeyRSA(key)) {
-        ec = NOT_SUPPORTED_ERR;
-        return;
-    }
-    const CryptoKeyRSA& rsaKey = toCryptoKeyRSA(key);
-
     CCDigestAlgorithm digestAlgorithm;
-    if (!getCommonCryptoDigestAlgorithm(rsaSSAParameters.hash, digestAlgorithm)) {
+    if (!getCommonCryptoDigestAlgorithm(parameters.hash, digestAlgorithm)) {
         ec = NOT_SUPPORTED_ERR;
         return;
     }
 
-    std::unique_ptr<CryptoDigest> digest = CryptoDigest::create(rsaSSAParameters.hash);
+    std::unique_ptr<CryptoDigest> digest = CryptoDigest::create(parameters.hash);
     if (!digest) {
         ec = NOT_SUPPORTED_ERR;
@@ -154 +138 @@
     Vector<uint8_t> digestData = digest->computeHash();
 
-    CCCryptorStatus status = CCRSACryptorVerify(rsaKey.platformKey(), ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature.first, signature.second);
+    CCCryptorStatus status = CCRSACryptorVerify(key.platformKey(), ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature.first, signature.second);
     if (!status)
         callback(true);

trunk/Source/WebCore/crypto/mac/CryptoAlgorithmRegistryMac.cpp

@@ -42 +42 @@
 void CryptoAlgorithmRegistry::platformRegisterAlgorithms()
 {
-    registerAlgorithm(CryptoAlgorithmAES_CBC::s_name, CryptoAlgorithmAES_CBC::s_identifier, CryptoAlgorithmAES_CBC::create);
-    registerAlgorithm(CryptoAlgorithmHMAC::s_name, CryptoAlgorithmHMAC::s_identifier, CryptoAlgorithmHMAC::create);
-    registerAlgorithm(CryptoAlgorithmRSASSA_PKCS1_v1_5::s_name, CryptoAlgorithmRSASSA_PKCS1_v1_5::s_identifier, CryptoAlgorithmRSASSA_PKCS1_v1_5::create);
-    registerAlgorithm(CryptoAlgorithmSHA1::s_name, CryptoAlgorithmSHA1::s_identifier, CryptoAlgorithmSHA1::create);
-    registerAlgorithm(CryptoAlgorithmSHA224::s_name, CryptoAlgorithmSHA224::s_identifier, CryptoAlgorithmSHA224::create);
-    registerAlgorithm(CryptoAlgorithmSHA256::s_name, CryptoAlgorithmSHA256::s_identifier, CryptoAlgorithmSHA256::create);
-    registerAlgorithm(CryptoAlgorithmSHA384::s_name, CryptoAlgorithmSHA384::s_identifier, CryptoAlgorithmSHA384::create);
-    registerAlgorithm(CryptoAlgorithmSHA512::s_name, CryptoAlgorithmSHA512::s_identifier, CryptoAlgorithmSHA512::create);
+    registerAlgorithm<CryptoAlgorithmAES_CBC>();
+    registerAlgorithm<CryptoAlgorithmHMAC>();
+    registerAlgorithm<CryptoAlgorithmRSASSA_PKCS1_v1_5>();
+    registerAlgorithm<CryptoAlgorithmSHA1>();
+    registerAlgorithm<CryptoAlgorithmSHA224>();
+    registerAlgorithm<CryptoAlgorithmSHA256>();
+    registerAlgorithm<CryptoAlgorithmSHA384>();
+    registerAlgorithm<CryptoAlgorithmSHA512>();
 }
 

trunk/Source/WebCore/crypto/parameters/CryptoAlgorithmRsaKeyParamsWithHash.h

@@ -24 +24 @@
  */
 
-#ifndef CryptoAlgorithmRsaSsaKeyParams_h
+#ifndef CryptoAlgorithmRsaKeyParamsWithHash_h
 #define CryptoAlgorithmRsaSsaKey
 
@@ -37 +37 @@
 // It is necessary to support import from JWK, which treats hash function as part of algorithm
 // identifier, so we need to remember it to compare with one passed to sign or verify functions.
-class CryptoAlgorithmRsaSsaKeyParams FINAL : public CryptoAlgorithmParameters {
+class CryptoAlgorithmRsaKeyParamsWithHash FINAL : public CryptoAlgorithmParameters {
 public:
-    CryptoAlgorithmRsaSsaKeyParams()
+    CryptoAlgorithmRsaKeyParamsWithHash()
         : hasHash(false)
     {
@@ -48 +48 @@
     CryptoAlgorithmIdentifier hash;
 
-    virtual Class parametersClass() const OVERRIDE { return Class::RsaSsaKeyParams; }
+    virtual Class parametersClass() const OVERRIDE { return Class::RsaKeyParamsWithHash; }
 };
 
-CRYPTO_ALGORITHM_PARAMETERS_CASTS(RsaSsaKeyParams)
+CRYPTO_ALGORITHM_PARAMETERS_CASTS(RsaKeyParamsWithHash)
 
 }