WebCrypto: Check for HmacKeyParams when seeing if a Key can be used for an Algorithm.

Source/modules/crypto/Key.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 13 matching lines @@
  * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
  * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
  * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
  * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
  * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  */
 
 #include "config.h"
 #include "modules/crypto/Key.h"
 
+#include "bindings/v8/ExceptionState.h"
+#include "core/dom/ExceptionCode.h"
 #include "modules/crypto/Algorithm.h"
+#include "public/platform/WebCryptoAlgorithmParams.h"
 
 namespace WebCore {
 
 namespace {
 
 const char* keyTypeToString(WebKit::WebCryptoKeyType type)
 {
     switch (type) {
     case WebKit::WebCryptoKeyTypeSecret:
         return "secret";
@@ skipping 35 matching lines @@
 
 WebKit::WebCryptoKeyUsageMask keyUsageStringToMask(const String& usageString)
 {
     for (size_t i = 0; i < WTF_ARRAY_LENGTH(keyUsageMappings); ++i) {
         if (keyUsageMappings[i].name == usageString)
             return keyUsageMappings[i].value;
     }
     return 0;
 }
 
+WebKit::WebCryptoKeyUsageMask toKeyUsage(AlgorithmOperation operation)
+{
+    switch (operation) {
+    case Encrypt:
+        return WebKit::WebCryptoKeyUsageEncrypt;
+    case Decrypt:
+        return WebKit::WebCryptoKeyUsageDecrypt;
+    case Sign:
+        return WebKit::WebCryptoKeyUsageSign;
+    case Verify:
+        return WebKit::WebCryptoKeyUsageVerify;
+    case DeriveKey:
+        return WebKit::WebCryptoKeyUsageDeriveKey;
+    case WrapKey:
+        return WebKit::WebCryptoKeyUsageWrapKey;
+    case UnwrapKey:
+        return WebKit::WebCryptoKeyUsageUnwrapKey;
+    case Digest:
+    case GenerateKey:
+    case ImportKey:
+    case NumberOfAlgorithmOperations:
+        break;
+    }
+
+    ASSERT_NOT_REACHED();
+    return 0;
+}
+
+bool getHmacHashId(const WebKit::WebCryptoAlgorithm& algorithm, WebKit::WebCryptoAlgorithmId& hashId)
+{
+    if (algorithm.hmacParams()) {
+        hashId = algorithm.hmacParams()->hash().id();
+        return true;
+    }
+    if (algorithm.hmacKeyParams()) {
+        hashId = algorithm.hmacKeyParams()->hash().id();
+        return true;
+    }
+    return false;
+}
+
 } // namespace
 
 Key::~Key()
 {
 }
 
 Key::Key(const WebKit::WebCryptoKey& key)
     : m_key(key)
 {
     ScriptWrappable::init(this);
@@ skipping 24 matching lines @@
 {
     Vector<String> result;
     for (int i = 0; i < WTF_ARRAY_LENGTH(keyUsageMappings); ++i) {
         WebKit::WebCryptoKeyUsage usage = keyUsageMappings[i].value;
         if (m_key.usages() & usage)
             result.append(keyUsageToString(usage));
     }
     return result;
 }
 
+bool Key::canBeUsedForAlgorithm(const WebKit::WebCryptoAlgorithm& algorithm, AlgorithmOperation op, ExceptionState& es) const
+{
+    if (!(m_key.usages() & toKeyUsage(op))) {
+        es.throwDOMException(NotSupportedError, "key.usages does not permit this operation");
+        return false;
+    }
+
+    if (m_key.algorithm().id() != algorithm.id()) {
+        es.throwDOMException(NotSupportedError, "key.algorithm does not match that of operation");
+        return false;
+    }
+
+    // Verify that the algorithm-specific parameters for the key conform to the
+    // algorithm.
+
+    if (m_key.algorithm().id() == WebKit::WebCryptoAlgorithmIdHmac) {
+        WebKit::WebCryptoAlgorithmId keyHash;
+        WebKit::WebCryptoAlgorithmId algorithmHash;
+        if (!getHmacHashId(m_key.algorithm(), keyHash) || !getHmacHashId(algorithm, algorithmHash) || keyHash != algorithmHash) {
+            es.throwDOMException(NotSupportedError, "key.algorithm does not match that of operation (HMAC's hash differs)");
+            return false;
+        }
+    }
+
+    return true;
+}
+
 bool Key::parseFormat(const String& formatString, WebKit::WebCryptoKeyFormat& format)
 {
     // There are few enough values that testing serially is fast enough.
     if (formatString == "raw") {
         format = WebKit::WebCryptoKeyFormatRaw;
         return true;
     }
     if (formatString == "pkcs8") {
         format = WebKit::WebCryptoKeyFormatPkcs8;
         return true;
@@ skipping 16 matching lines @@
     for (size_t i = 0; i < usages.size(); ++i) {
         WebKit::WebCryptoKeyUsageMask usage = keyUsageStringToMask(usages[i]);
         if (!usage)
             return false;
         mask |= usage;
     }
     return true;
 }
 
 } // namespace WebCore