diff options
Diffstat (limited to 'dom/crypto/CryptoKey.cpp')
-rw-r--r-- | dom/crypto/CryptoKey.cpp | 1342 |
1 files changed, 1342 insertions, 0 deletions
diff --git a/dom/crypto/CryptoKey.cpp b/dom/crypto/CryptoKey.cpp new file mode 100644 index 000000000..8763835bf --- /dev/null +++ b/dom/crypto/CryptoKey.cpp @@ -0,0 +1,1342 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this + * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#include "CryptoKey.h" + +#include "ScopedNSSTypes.h" +#include "cryptohi.h" +#include "mozilla/ArrayUtils.h" +#include "mozilla/dom/SubtleCryptoBinding.h" +#include "mozilla/dom/ToJSValue.h" +#include "nsNSSComponent.h" +#include "pk11pub.h" + +// Templates taken from security/nss/lib/cryptohi/seckey.c +// These would ideally be exported by NSS and until that +// happens we have to keep our own copies. +const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = { + { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.publicValue), }, + { 0, } +}; +const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = { + { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime), }, + { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base), }, + { SEC_ASN1_SKIP_REST }, + { 0, } +}; + +namespace mozilla { +namespace dom { + +NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(CryptoKey, mGlobal) +NS_IMPL_CYCLE_COLLECTING_ADDREF(CryptoKey) +NS_IMPL_CYCLE_COLLECTING_RELEASE(CryptoKey) +NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(CryptoKey) + NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY + NS_INTERFACE_MAP_ENTRY(nsISupports) +NS_INTERFACE_MAP_END + +nsresult +StringToUsage(const nsString& aUsage, CryptoKey::KeyUsage& aUsageOut) +{ + if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_ENCRYPT)) { + aUsageOut = CryptoKey::ENCRYPT; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DECRYPT)) { + aUsageOut = CryptoKey::DECRYPT; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_SIGN)) { + aUsageOut = CryptoKey::SIGN; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_VERIFY)) { + aUsageOut = CryptoKey::VERIFY; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DERIVEKEY)) { + aUsageOut = CryptoKey::DERIVEKEY; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DERIVEBITS)) { + aUsageOut = CryptoKey::DERIVEBITS; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_WRAPKEY)) { + aUsageOut = CryptoKey::WRAPKEY; + } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_UNWRAPKEY)) { + aUsageOut = CryptoKey::UNWRAPKEY; + } else { + return NS_ERROR_DOM_SYNTAX_ERR; + } + return NS_OK; +} + +// This helper function will release the memory backing a SECKEYPrivateKey and +// any resources acquired in its creation. It will leave the backing PKCS#11 +// object untouched, however. This should only be called from +// PrivateKeyFromPrivateKeyTemplate. +static void +DestroyPrivateKeyWithoutDestroyingPKCS11Object(SECKEYPrivateKey* key) +{ + PK11_FreeSlot(key->pkcs11Slot); + PORT_FreeArena(key->arena, PR_TRUE); +} + +// To protect against key ID collisions, PrivateKeyFromPrivateKeyTemplate +// generates a random ID for each key. The given template must contain an +// attribute slot for a key ID, but it must consist of a null pointer and have a +// length of 0. +SECKEYPrivateKey* +PrivateKeyFromPrivateKeyTemplate(CK_ATTRIBUTE* aTemplate, + CK_ULONG aTemplateSize) +{ + // Create a generic object with the contents of the key + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + if (!slot) { + return nullptr; + } + + // Generate a random 160-bit object ID. This ID must be unique. + ScopedSECItem objID(::SECITEM_AllocItem(nullptr, nullptr, 20)); + SECStatus rv = PK11_GenerateRandomOnSlot(slot, objID->data, objID->len); + if (rv != SECSuccess) { + return nullptr; + } + // Check if something is already using this ID. + SECKEYPrivateKey* preexistingKey = PK11_FindKeyByKeyID(slot, objID, nullptr); + if (preexistingKey) { + // Note that we can't just call SECKEY_DestroyPrivateKey here because that + // will destroy the PKCS#11 object that is backing a preexisting key (that + // we still have a handle on somewhere else in memory). If that object were + // destroyed, cryptographic operations performed by that other key would + // fail. + DestroyPrivateKeyWithoutDestroyingPKCS11Object(preexistingKey); + // Try again with a new ID (but only once - collisions are very unlikely). + rv = PK11_GenerateRandomOnSlot(slot, objID->data, objID->len); + if (rv != SECSuccess) { + return nullptr; + } + preexistingKey = PK11_FindKeyByKeyID(slot, objID, nullptr); + if (preexistingKey) { + DestroyPrivateKeyWithoutDestroyingPKCS11Object(preexistingKey); + return nullptr; + } + } + + CK_ATTRIBUTE* idAttributeSlot = nullptr; + for (CK_ULONG i = 0; i < aTemplateSize; i++) { + if (aTemplate[i].type == CKA_ID) { + if (aTemplate[i].pValue != nullptr || aTemplate[i].ulValueLen != 0) { + return nullptr; + } + idAttributeSlot = aTemplate + i; + break; + } + } + if (!idAttributeSlot) { + return nullptr; + } + + idAttributeSlot->pValue = objID->data; + idAttributeSlot->ulValueLen = objID->len; + ScopedPK11GenericObject obj(PK11_CreateGenericObject(slot, + aTemplate, + aTemplateSize, + PR_FALSE)); + // Unset the ID attribute slot's pointer and length so that data that only + // lives for the scope of this function doesn't escape. + idAttributeSlot->pValue = nullptr; + idAttributeSlot->ulValueLen = 0; + if (!obj) { + return nullptr; + } + + // Have NSS translate the object to a private key. + return PK11_FindKeyByKeyID(slot, objID, nullptr); +} + +CryptoKey::CryptoKey(nsIGlobalObject* aGlobal) + : mGlobal(aGlobal) + , mAttributes(0) + , mSymKey() + , mPrivateKey(nullptr) + , mPublicKey(nullptr) +{ +} + +CryptoKey::~CryptoKey() +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return; + } + destructorSafeDestroyNSSReference(); + shutdown(ShutdownCalledFrom::Object); +} + +JSObject* +CryptoKey::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto) +{ + return CryptoKeyBinding::Wrap(aCx, this, aGivenProto); +} + +void +CryptoKey::GetType(nsString& aRetVal) const +{ + uint32_t type = mAttributes & TYPE_MASK; + switch (type) { + case PUBLIC: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_PUBLIC); break; + case PRIVATE: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_PRIVATE); break; + case SECRET: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_SECRET); break; + } +} + +bool +CryptoKey::Extractable() const +{ + return (mAttributes & EXTRACTABLE); +} + +void +CryptoKey::GetAlgorithm(JSContext* cx, JS::MutableHandle<JSObject*> aRetVal, + ErrorResult& aRv) const +{ + bool converted = false; + JS::RootedValue val(cx); + switch (mAlgorithm.mType) { + case KeyAlgorithmProxy::AES: + converted = ToJSValue(cx, mAlgorithm.mAes, &val); + break; + case KeyAlgorithmProxy::HMAC: + converted = ToJSValue(cx, mAlgorithm.mHmac, &val); + break; + case KeyAlgorithmProxy::RSA: { + RootedDictionary<RsaHashedKeyAlgorithm> rsa(cx); + converted = mAlgorithm.mRsa.ToKeyAlgorithm(cx, rsa); + if (converted) { + converted = ToJSValue(cx, rsa, &val); + } + break; + } + case KeyAlgorithmProxy::EC: + converted = ToJSValue(cx, mAlgorithm.mEc, &val); + break; + case KeyAlgorithmProxy::DH: { + RootedDictionary<DhKeyAlgorithm> dh(cx); + converted = mAlgorithm.mDh.ToKeyAlgorithm(cx, dh); + if (converted) { + converted = ToJSValue(cx, dh, &val); + } + break; + } + } + if (!converted) { + aRv.Throw(NS_ERROR_DOM_OPERATION_ERR); + return; + } + + aRetVal.set(&val.toObject()); +} + +void +CryptoKey::GetUsages(nsTArray<nsString>& aRetVal) const +{ + if (mAttributes & ENCRYPT) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_ENCRYPT)); + } + if (mAttributes & DECRYPT) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DECRYPT)); + } + if (mAttributes & SIGN) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_SIGN)); + } + if (mAttributes & VERIFY) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_VERIFY)); + } + if (mAttributes & DERIVEKEY) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DERIVEKEY)); + } + if (mAttributes & DERIVEBITS) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DERIVEBITS)); + } + if (mAttributes & WRAPKEY) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_WRAPKEY)); + } + if (mAttributes & UNWRAPKEY) { + aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_UNWRAPKEY)); + } +} + +KeyAlgorithmProxy& +CryptoKey::Algorithm() +{ + return mAlgorithm; +} + +const KeyAlgorithmProxy& +CryptoKey::Algorithm() const +{ + return mAlgorithm; +} + +CryptoKey::KeyType +CryptoKey::GetKeyType() const +{ + return static_cast<CryptoKey::KeyType>(mAttributes & TYPE_MASK); +} + +nsresult +CryptoKey::SetType(const nsString& aType) +{ + mAttributes &= CLEAR_TYPE; + if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_SECRET)) { + mAttributes |= SECRET; + } else if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_PUBLIC)) { + mAttributes |= PUBLIC; + } else if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_PRIVATE)) { + mAttributes |= PRIVATE; + } else { + mAttributes |= UNKNOWN; + return NS_ERROR_DOM_SYNTAX_ERR; + } + + return NS_OK; +} + +void +CryptoKey::SetType(CryptoKey::KeyType aType) +{ + mAttributes &= CLEAR_TYPE; + mAttributes |= aType; +} + +void +CryptoKey::SetExtractable(bool aExtractable) +{ + mAttributes &= CLEAR_EXTRACTABLE; + if (aExtractable) { + mAttributes |= EXTRACTABLE; + } +} + +// NSS exports private EC keys without the CKA_EC_POINT attribute, i.e. the +// public value. To properly export the private key to JWK or PKCS #8 we need +// the public key data though and so we use this method to augment a private +// key with data from the given public key. +nsresult +CryptoKey::AddPublicKeyData(SECKEYPublicKey* aPublicKey) +{ + // This should be a private key. + MOZ_ASSERT(GetKeyType() == PRIVATE); + // There should be a private NSS key with type 'EC'. + MOZ_ASSERT(mPrivateKey && mPrivateKey->keyType == ecKey); + // The given public key should have the same key type. + MOZ_ASSERT(aPublicKey->keyType == mPrivateKey->keyType); + + nsNSSShutDownPreventionLock locker; + + // Read EC params. + ScopedAutoSECItem params; + SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, mPrivateKey, + CKA_EC_PARAMS, ¶ms); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + // Read private value. + ScopedAutoSECItem value; + rv = PK11_ReadRawAttribute(PK11_TypePrivKey, mPrivateKey, CKA_VALUE, &value); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + SECItem* point = &aPublicKey->u.ec.publicValue; + CK_OBJECT_CLASS privateKeyValue = CKO_PRIVATE_KEY; + CK_BBOOL falseValue = CK_FALSE; + CK_KEY_TYPE ecValue = CKK_EC; + + CK_ATTRIBUTE keyTemplate[9] = { + { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) }, + { CKA_KEY_TYPE, &ecValue, sizeof(ecValue) }, + { CKA_TOKEN, &falseValue, sizeof(falseValue) }, + { CKA_SENSITIVE, &falseValue, sizeof(falseValue) }, + { CKA_PRIVATE, &falseValue, sizeof(falseValue) }, + // PrivateKeyFromPrivateKeyTemplate sets the ID. + { CKA_ID, nullptr, 0 }, + { CKA_EC_PARAMS, params.data, params.len }, + { CKA_EC_POINT, point->data, point->len }, + { CKA_VALUE, value.data, value.len }, + }; + + mPrivateKey = PrivateKeyFromPrivateKeyTemplate(keyTemplate, + ArrayLength(keyTemplate)); + NS_ENSURE_TRUE(mPrivateKey, NS_ERROR_DOM_OPERATION_ERR); + + return NS_OK; +} + +void +CryptoKey::ClearUsages() +{ + mAttributes &= CLEAR_USAGES; +} + +nsresult +CryptoKey::AddUsage(const nsString& aUsage) +{ + return AddUsageIntersecting(aUsage, USAGES_MASK); +} + +nsresult +CryptoKey::AddUsageIntersecting(const nsString& aUsage, uint32_t aUsageMask) +{ + KeyUsage usage; + if (NS_FAILED(StringToUsage(aUsage, usage))) { + return NS_ERROR_DOM_SYNTAX_ERR; + } + + if (usage & aUsageMask) { + AddUsage(usage); + return NS_OK; + } + + return NS_OK; +} + +void +CryptoKey::AddUsage(CryptoKey::KeyUsage aUsage) +{ + mAttributes |= aUsage; +} + +bool +CryptoKey::HasAnyUsage() +{ + return !!(mAttributes & USAGES_MASK); +} + +bool +CryptoKey::HasUsage(CryptoKey::KeyUsage aUsage) +{ + return !!(mAttributes & aUsage); +} + +bool +CryptoKey::HasUsageOtherThan(uint32_t aUsages) +{ + return !!(mAttributes & USAGES_MASK & ~aUsages); +} + +bool +CryptoKey::IsRecognizedUsage(const nsString& aUsage) +{ + KeyUsage dummy; + nsresult rv = StringToUsage(aUsage, dummy); + return NS_SUCCEEDED(rv); +} + +bool +CryptoKey::AllUsagesRecognized(const Sequence<nsString>& aUsages) +{ + for (uint32_t i = 0; i < aUsages.Length(); ++i) { + if (!IsRecognizedUsage(aUsages[i])) { + return false; + } + } + return true; +} + +nsresult CryptoKey::SetSymKey(const CryptoBuffer& aSymKey) +{ + if (!mSymKey.Assign(aSymKey)) { + return NS_ERROR_OUT_OF_MEMORY; + } + + return NS_OK; +} + +nsresult +CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey) +{ + nsNSSShutDownPreventionLock locker; + + if (!aPrivateKey || isAlreadyShutDown()) { + mPrivateKey = nullptr; + return NS_OK; + } + + mPrivateKey = SECKEY_CopyPrivateKey(aPrivateKey); + return mPrivateKey ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +nsresult +CryptoKey::SetPublicKey(SECKEYPublicKey* aPublicKey) +{ + nsNSSShutDownPreventionLock locker; + + if (!aPublicKey || isAlreadyShutDown()) { + mPublicKey = nullptr; + return NS_OK; + } + + mPublicKey = SECKEY_CopyPublicKey(aPublicKey); + return mPublicKey ? NS_OK : NS_ERROR_OUT_OF_MEMORY; +} + +const CryptoBuffer& +CryptoKey::GetSymKey() const +{ + return mSymKey; +} + +SECKEYPrivateKey* +CryptoKey::GetPrivateKey() const +{ + nsNSSShutDownPreventionLock locker; + if (!mPrivateKey || isAlreadyShutDown()) { + return nullptr; + } + return SECKEY_CopyPrivateKey(mPrivateKey.get()); +} + +SECKEYPublicKey* +CryptoKey::GetPublicKey() const +{ + nsNSSShutDownPreventionLock locker; + if (!mPublicKey || isAlreadyShutDown()) { + return nullptr; + } + return SECKEY_CopyPublicKey(mPublicKey.get()); +} + +void CryptoKey::virtualDestroyNSSReference() +{ + destructorSafeDestroyNSSReference(); +} + +void CryptoKey::destructorSafeDestroyNSSReference() +{ + mPrivateKey.dispose(); + mPublicKey.dispose(); +} + + +// Serialization and deserialization convenience methods + +SECKEYPrivateKey* +CryptoKey::PrivateKeyFromPkcs8(CryptoBuffer& aKeyData, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + SECKEYPrivateKey* privKey; + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + if (!slot) { + return nullptr; + } + + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + SECItem pkcs8Item = { siBuffer, nullptr, 0 }; + if (!aKeyData.ToSECItem(arena, &pkcs8Item)) { + return nullptr; + } + + // Allow everything, we enforce usage ourselves + unsigned int usage = KU_ALL; + + SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey( + slot.get(), &pkcs8Item, nullptr, nullptr, false, false, + usage, &privKey, nullptr); + + if (rv == SECFailure) { + return nullptr; + } + return privKey; +} + +SECKEYPublicKey* +CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + SECItem spkiItem = { siBuffer, nullptr, 0 }; + if (!aKeyData.ToSECItem(arena, &spkiItem)) { + return nullptr; + } + + ScopedCERTSubjectPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem)); + if (!spki) { + return nullptr; + } + + bool isECDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH, + &spki->algorithm.algorithm); + bool isDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_DH_KEY_AGREEMENT, + &spki->algorithm.algorithm); + + // Check for |id-ecDH| and |dhKeyAgreement|. Per the WebCrypto spec we must + // support these OIDs but NSS does unfortunately not know about them. Let's + // change the algorithm to |id-ecPublicKey| or |dhPublicKey| to make NSS happy. + if (isECDHAlgorithm || isDHAlgorithm) { + SECOidTag oid = SEC_OID_UNKNOWN; + if (isECDHAlgorithm) { + oid = SEC_OID_ANSIX962_EC_PUBLIC_KEY; + } else if (isDHAlgorithm) { + oid = SEC_OID_X942_DIFFIE_HELMAN_KEY; + } else { + MOZ_ASSERT(false); + } + + SECOidData* oidData = SECOID_FindOIDByTag(oid); + if (!oidData) { + return nullptr; + } + + SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm, + &oidData->oid); + if (rv != SECSuccess) { + return nullptr; + } + } + + ScopedSECKEYPublicKey tmp(SECKEY_ExtractPublicKey(spki.get())); + if (!tmp.get() || !PublicKeyValid(tmp.get())) { + return nullptr; + } + + return SECKEY_CopyPublicKey(tmp); +} + +nsresult +CryptoKey::PrivateKeyToPkcs8(SECKEYPrivateKey* aPrivKey, + CryptoBuffer& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + ScopedSECItem pkcs8Item(PK11_ExportDERPrivateKeyInfo(aPrivKey, nullptr)); + if (!pkcs8Item.get()) { + return NS_ERROR_DOM_INVALID_ACCESS_ERR; + } + if (!aRetVal.Assign(pkcs8Item.get())) { + return NS_ERROR_DOM_OPERATION_ERR; + } + return NS_OK; +} + +nsresult +PublicDhKeyToSpki(SECKEYPublicKey* aPubKey, + CERTSubjectPublicKeyInfo* aSpki) +{ + SECItem* params = ::SECITEM_AllocItem(aSpki->arena, nullptr, 0); + if (!params) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + SECItem* rvItem = SEC_ASN1EncodeItem(aSpki->arena, params, aPubKey, + SECKEY_DHParamKeyTemplate); + if (!rvItem) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + SECStatus rv = SECOID_SetAlgorithmID(aSpki->arena, &aSpki->algorithm, + SEC_OID_X942_DIFFIE_HELMAN_KEY, params); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + rvItem = SEC_ASN1EncodeItem(aSpki->arena, &aSpki->subjectPublicKey, aPubKey, + SECKEY_DHPublicKeyTemplate); + if (!rvItem) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + // The public value is a BIT_STRING encoded as an INTEGER. After encoding + // an INT we need to adjust the length to reflect the number of bits. + aSpki->subjectPublicKey.len <<= 3; + + return NS_OK; +} + +nsresult +CryptoKey::PublicKeyToSpki(SECKEYPublicKey* aPubKey, + CryptoBuffer& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + ScopedCERTSubjectPublicKeyInfo spki; + + // NSS doesn't support exporting DH public keys. + if (aPubKey->keyType == dhKey) { + // Mimic the behavior of SECKEY_CreateSubjectPublicKeyInfo() and create + // a new arena for the SPKI object. + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + spki = PORT_ArenaZNew(arena, CERTSubjectPublicKeyInfo); + if (!spki) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + // Assign |arena| to |spki| and null the variable afterwards so that the + // arena created above that holds the SPKI object is free'd when |spki| + // goes out of scope, not when |arena| does. + spki->arena = arena.forget(); + + nsresult rv = PublicDhKeyToSpki(aPubKey, spki); + NS_ENSURE_SUCCESS(rv, rv); + } else { + spki = SECKEY_CreateSubjectPublicKeyInfo(aPubKey); + if (!spki) { + return NS_ERROR_DOM_OPERATION_ERR; + } + } + + // Per WebCrypto spec we must export ECDH SPKIs with the algorithm OID + // id-ecDH (1.3.132.112) and DH SPKIs with OID dhKeyAgreement + // (1.2.840.113549.1.3.1). NSS doesn't know about these OIDs and there is + // no way to specify the algorithm to use when exporting a public key. + if (aPubKey->keyType == ecKey || aPubKey->keyType == dhKey) { + const SECItem* oidData = nullptr; + if (aPubKey->keyType == ecKey) { + oidData = &SEC_OID_DATA_EC_DH; + } else if (aPubKey->keyType == dhKey) { + oidData = &SEC_OID_DATA_DH_KEY_AGREEMENT; + } else { + MOZ_ASSERT(false); + } + + SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm, + oidData); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + } + + const SEC_ASN1Template* tpl = SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate); + ScopedSECItem spkiItem(SEC_ASN1EncodeItem(nullptr, nullptr, spki, tpl)); + + if (!aRetVal.Assign(spkiItem.get())) { + return NS_ERROR_DOM_OPERATION_ERR; + } + return NS_OK; +} + +SECItem* +CreateECPointForCoordinates(const CryptoBuffer& aX, + const CryptoBuffer& aY, + PLArenaPool* aArena) +{ + // Check that both points have the same length. + if (aX.Length() != aY.Length()) { + return nullptr; + } + + // Create point. + SECItem* point = ::SECITEM_AllocItem(aArena, nullptr, aX.Length() + aY.Length() + 1); + if (!point) { + return nullptr; + } + + // Set point data. + point->data[0] = EC_POINT_FORM_UNCOMPRESSED; + memcpy(point->data + 1, aX.Elements(), aX.Length()); + memcpy(point->data + 1 + aX.Length(), aY.Elements(), aY.Length()); + + return point; +} + +SECKEYPrivateKey* +CryptoKey::PrivateKeyFromJwk(const JsonWebKey& aJwk, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + CK_OBJECT_CLASS privateKeyValue = CKO_PRIVATE_KEY; + CK_BBOOL falseValue = CK_FALSE; + + if (aJwk.mKty.EqualsLiteral(JWK_TYPE_EC)) { + // Verify that all of the required parameters are present + CryptoBuffer x, y, d; + if (!aJwk.mCrv.WasPassed() || + !aJwk.mX.WasPassed() || NS_FAILED(x.FromJwkBase64(aJwk.mX.Value())) || + !aJwk.mY.WasPassed() || NS_FAILED(y.FromJwkBase64(aJwk.mY.Value())) || + !aJwk.mD.WasPassed() || NS_FAILED(d.FromJwkBase64(aJwk.mD.Value()))) { + return nullptr; + } + + nsString namedCurve; + if (!NormalizeToken(aJwk.mCrv.Value(), namedCurve)) { + return nullptr; + } + + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + // Create parameters. + SECItem* params = CreateECParamsForCurve(namedCurve, arena.get()); + if (!params) { + return nullptr; + } + + SECItem* ecPoint = CreateECPointForCoordinates(x, y, arena.get()); + if (!ecPoint) { + return nullptr; + } + + // Populate template from parameters + CK_KEY_TYPE ecValue = CKK_EC; + CK_ATTRIBUTE keyTemplate[9] = { + { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) }, + { CKA_KEY_TYPE, &ecValue, sizeof(ecValue) }, + { CKA_TOKEN, &falseValue, sizeof(falseValue) }, + { CKA_SENSITIVE, &falseValue, sizeof(falseValue) }, + { CKA_PRIVATE, &falseValue, sizeof(falseValue) }, + // PrivateKeyFromPrivateKeyTemplate sets the ID. + { CKA_ID, nullptr, 0 }, + { CKA_EC_PARAMS, params->data, params->len }, + { CKA_EC_POINT, ecPoint->data, ecPoint->len }, + { CKA_VALUE, (void*) d.Elements(), (CK_ULONG) d.Length() }, + }; + + return PrivateKeyFromPrivateKeyTemplate(keyTemplate, + ArrayLength(keyTemplate)); + } + + if (aJwk.mKty.EqualsLiteral(JWK_TYPE_RSA)) { + // Verify that all of the required parameters are present + CryptoBuffer n, e, d, p, q, dp, dq, qi; + if (!aJwk.mN.WasPassed() || NS_FAILED(n.FromJwkBase64(aJwk.mN.Value())) || + !aJwk.mE.WasPassed() || NS_FAILED(e.FromJwkBase64(aJwk.mE.Value())) || + !aJwk.mD.WasPassed() || NS_FAILED(d.FromJwkBase64(aJwk.mD.Value())) || + !aJwk.mP.WasPassed() || NS_FAILED(p.FromJwkBase64(aJwk.mP.Value())) || + !aJwk.mQ.WasPassed() || NS_FAILED(q.FromJwkBase64(aJwk.mQ.Value())) || + !aJwk.mDp.WasPassed() || NS_FAILED(dp.FromJwkBase64(aJwk.mDp.Value())) || + !aJwk.mDq.WasPassed() || NS_FAILED(dq.FromJwkBase64(aJwk.mDq.Value())) || + !aJwk.mQi.WasPassed() || NS_FAILED(qi.FromJwkBase64(aJwk.mQi.Value()))) { + return nullptr; + } + + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + // Populate template from parameters + CK_KEY_TYPE rsaValue = CKK_RSA; + CK_ATTRIBUTE keyTemplate[14] = { + { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) }, + { CKA_KEY_TYPE, &rsaValue, sizeof(rsaValue) }, + { CKA_TOKEN, &falseValue, sizeof(falseValue) }, + { CKA_SENSITIVE, &falseValue, sizeof(falseValue) }, + { CKA_PRIVATE, &falseValue, sizeof(falseValue) }, + // PrivateKeyFromPrivateKeyTemplate sets the ID. + { CKA_ID, nullptr, 0 }, + { CKA_MODULUS, (void*) n.Elements(), (CK_ULONG) n.Length() }, + { CKA_PUBLIC_EXPONENT, (void*) e.Elements(), (CK_ULONG) e.Length() }, + { CKA_PRIVATE_EXPONENT, (void*) d.Elements(), (CK_ULONG) d.Length() }, + { CKA_PRIME_1, (void*) p.Elements(), (CK_ULONG) p.Length() }, + { CKA_PRIME_2, (void*) q.Elements(), (CK_ULONG) q.Length() }, + { CKA_EXPONENT_1, (void*) dp.Elements(), (CK_ULONG) dp.Length() }, + { CKA_EXPONENT_2, (void*) dq.Elements(), (CK_ULONG) dq.Length() }, + { CKA_COEFFICIENT, (void*) qi.Elements(), (CK_ULONG) qi.Length() }, + }; + + return PrivateKeyFromPrivateKeyTemplate(keyTemplate, + ArrayLength(keyTemplate)); + } + + return nullptr; +} + +bool ReadAndEncodeAttribute(SECKEYPrivateKey* aKey, + CK_ATTRIBUTE_TYPE aAttribute, + Optional<nsString>& aDst) +{ + ScopedAutoSECItem item; + if (PK11_ReadRawAttribute(PK11_TypePrivKey, aKey, aAttribute, &item) + != SECSuccess) { + return false; + } + + CryptoBuffer buffer; + if (!buffer.Assign(&item)) { + return false; + } + + if (NS_FAILED(buffer.ToJwkBase64(aDst.Value()))) { + return false; + } + + return true; +} + +bool +ECKeyToJwk(const PK11ObjectType aKeyType, void* aKey, const SECItem* aEcParams, + const SECItem* aPublicValue, JsonWebKey& aRetVal) +{ + aRetVal.mX.Construct(); + aRetVal.mY.Construct(); + + // Check that the given EC parameters are valid. + if (!CheckEncodedECParameters(aEcParams)) { + return false; + } + + // Construct the OID tag. + SECItem oid = { siBuffer, nullptr, 0 }; + oid.len = aEcParams->data[1]; + oid.data = aEcParams->data + 2; + + uint32_t flen; + switch (SECOID_FindOIDTag(&oid)) { + case SEC_OID_SECG_EC_SECP256R1: + flen = 32; // bytes + aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P256)); + break; + case SEC_OID_SECG_EC_SECP384R1: + flen = 48; // bytes + aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P384)); + break; + case SEC_OID_SECG_EC_SECP521R1: + flen = 66; // bytes + aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P521)); + break; + default: + return false; + } + + // No support for compressed points. + if (aPublicValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) { + return false; + } + + // Check length of uncompressed point coordinates. + if (aPublicValue->len != (2 * flen + 1)) { + return false; + } + + ScopedSECItem ecPointX(::SECITEM_AllocItem(nullptr, nullptr, flen)); + ScopedSECItem ecPointY(::SECITEM_AllocItem(nullptr, nullptr, flen)); + if (!ecPointX || !ecPointY) { + return false; + } + + // Extract point data. + memcpy(ecPointX->data, aPublicValue->data + 1, flen); + memcpy(ecPointY->data, aPublicValue->data + 1 + flen, flen); + + CryptoBuffer x, y; + if (!x.Assign(ecPointX) || NS_FAILED(x.ToJwkBase64(aRetVal.mX.Value())) || + !y.Assign(ecPointY) || NS_FAILED(y.ToJwkBase64(aRetVal.mY.Value()))) { + return false; + } + + aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_EC); + return true; +} + +nsresult +CryptoKey::PrivateKeyToJwk(SECKEYPrivateKey* aPrivKey, + JsonWebKey& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + switch (aPrivKey->keyType) { + case rsaKey: { + aRetVal.mN.Construct(); + aRetVal.mE.Construct(); + aRetVal.mD.Construct(); + aRetVal.mP.Construct(); + aRetVal.mQ.Construct(); + aRetVal.mDp.Construct(); + aRetVal.mDq.Construct(); + aRetVal.mQi.Construct(); + + if (!ReadAndEncodeAttribute(aPrivKey, CKA_MODULUS, aRetVal.mN) || + !ReadAndEncodeAttribute(aPrivKey, CKA_PUBLIC_EXPONENT, aRetVal.mE) || + !ReadAndEncodeAttribute(aPrivKey, CKA_PRIVATE_EXPONENT, aRetVal.mD) || + !ReadAndEncodeAttribute(aPrivKey, CKA_PRIME_1, aRetVal.mP) || + !ReadAndEncodeAttribute(aPrivKey, CKA_PRIME_2, aRetVal.mQ) || + !ReadAndEncodeAttribute(aPrivKey, CKA_EXPONENT_1, aRetVal.mDp) || + !ReadAndEncodeAttribute(aPrivKey, CKA_EXPONENT_2, aRetVal.mDq) || + !ReadAndEncodeAttribute(aPrivKey, CKA_COEFFICIENT, aRetVal.mQi)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_RSA); + return NS_OK; + } + case ecKey: { + // Read EC params. + ScopedAutoSECItem params; + SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, aPrivKey, + CKA_EC_PARAMS, ¶ms); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + // Read public point Q. + ScopedAutoSECItem ecPoint; + rv = PK11_ReadRawAttribute(PK11_TypePrivKey, aPrivKey, CKA_EC_POINT, + &ecPoint); + if (rv != SECSuccess) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + if (!ECKeyToJwk(PK11_TypePrivKey, aPrivKey, ¶ms, &ecPoint, aRetVal)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + aRetVal.mD.Construct(); + + // Read private value. + if (!ReadAndEncodeAttribute(aPrivKey, CKA_VALUE, aRetVal.mD)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + return NS_OK; + } + default: + return NS_ERROR_DOM_NOT_SUPPORTED_ERR; + } +} + +SECKEYPublicKey* +CreateECPublicKey(const SECItem* aKeyData, const nsString& aNamedCurve) +{ + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + // It's important that this be a ScopedSECKEYPublicKey, as this ensures that + // SECKEY_DestroyPublicKey will be called on it. If this doesn't happen, when + // CryptoKey::PublicKeyValid is called on it and it gets moved to the internal + // PKCS#11 slot, it will leak a reference to the slot. + ScopedSECKEYPublicKey key(PORT_ArenaZNew(arena, SECKEYPublicKey)); + if (!key) { + return nullptr; + } + + key->arena = nullptr; // key doesn't own the arena; it won't get double-freed + key->keyType = ecKey; + key->pkcs11Slot = nullptr; + key->pkcs11ID = CK_INVALID_HANDLE; + + // Create curve parameters. + SECItem* params = CreateECParamsForCurve(aNamedCurve, arena); + if (!params) { + return nullptr; + } + key->u.ec.DEREncodedParams = *params; + + // Set public point. + key->u.ec.publicValue = *aKeyData; + + // Ensure the given point is on the curve. + if (!CryptoKey::PublicKeyValid(key)) { + return nullptr; + } + + return SECKEY_CopyPublicKey(key); +} + +SECKEYPublicKey* +CryptoKey::PublicKeyFromJwk(const JsonWebKey& aJwk, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (aJwk.mKty.EqualsLiteral(JWK_TYPE_RSA)) { + // Verify that all of the required parameters are present + CryptoBuffer n, e; + if (!aJwk.mN.WasPassed() || NS_FAILED(n.FromJwkBase64(aJwk.mN.Value())) || + !aJwk.mE.WasPassed() || NS_FAILED(e.FromJwkBase64(aJwk.mE.Value()))) { + return nullptr; + } + + // Transcode to a DER RSAPublicKey structure + struct RSAPublicKeyData { + SECItem n; + SECItem e; + }; + const RSAPublicKeyData input = { + { siUnsignedInteger, n.Elements(), (unsigned int) n.Length() }, + { siUnsignedInteger, e.Elements(), (unsigned int) e.Length() } + }; + const SEC_ASN1Template rsaPublicKeyTemplate[] = { + {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(RSAPublicKeyData)}, + {SEC_ASN1_INTEGER, offsetof(RSAPublicKeyData, n),}, + {SEC_ASN1_INTEGER, offsetof(RSAPublicKeyData, e),}, + {0,} + }; + + ScopedSECItem pkDer(SEC_ASN1EncodeItem(nullptr, nullptr, &input, + rsaPublicKeyTemplate)); + if (!pkDer.get()) { + return nullptr; + } + + return SECKEY_ImportDERPublicKey(pkDer.get(), CKK_RSA); + } + + if (aJwk.mKty.EqualsLiteral(JWK_TYPE_EC)) { + // Verify that all of the required parameters are present + CryptoBuffer x, y; + if (!aJwk.mCrv.WasPassed() || + !aJwk.mX.WasPassed() || NS_FAILED(x.FromJwkBase64(aJwk.mX.Value())) || + !aJwk.mY.WasPassed() || NS_FAILED(y.FromJwkBase64(aJwk.mY.Value()))) { + return nullptr; + } + + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + // Create point. + SECItem* point = CreateECPointForCoordinates(x, y, arena.get()); + if (!point) { + return nullptr; + } + + nsString namedCurve; + if (!NormalizeToken(aJwk.mCrv.Value(), namedCurve)) { + return nullptr; + } + + return CreateECPublicKey(point, namedCurve); + } + + return nullptr; +} + +nsresult +CryptoKey::PublicKeyToJwk(SECKEYPublicKey* aPubKey, + JsonWebKey& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + switch (aPubKey->keyType) { + case rsaKey: { + CryptoBuffer n, e; + aRetVal.mN.Construct(); + aRetVal.mE.Construct(); + + if (!n.Assign(&aPubKey->u.rsa.modulus) || + !e.Assign(&aPubKey->u.rsa.publicExponent) || + NS_FAILED(n.ToJwkBase64(aRetVal.mN.Value())) || + NS_FAILED(e.ToJwkBase64(aRetVal.mE.Value()))) { + return NS_ERROR_DOM_OPERATION_ERR; + } + + aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_RSA); + return NS_OK; + } + case ecKey: + if (!ECKeyToJwk(PK11_TypePubKey, aPubKey, &aPubKey->u.ec.DEREncodedParams, + &aPubKey->u.ec.publicValue, aRetVal)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + return NS_OK; + default: + return NS_ERROR_DOM_NOT_SUPPORTED_ERR; + } +} + +SECKEYPublicKey* +CryptoKey::PublicDhKeyFromRaw(CryptoBuffer& aKeyData, + const CryptoBuffer& aPrime, + const CryptoBuffer& aGenerator, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey); + if (!key) { + return nullptr; + } + + key->keyType = dhKey; + key->pkcs11Slot = nullptr; + key->pkcs11ID = CK_INVALID_HANDLE; + + // Set DH public key params. + if (!aPrime.ToSECItem(arena, &key->u.dh.prime) || + !aGenerator.ToSECItem(arena, &key->u.dh.base) || + !aKeyData.ToSECItem(arena, &key->u.dh.publicValue)) { + return nullptr; + } + + key->u.dh.prime.type = siUnsignedInteger; + key->u.dh.base.type = siUnsignedInteger; + key->u.dh.publicValue.type = siUnsignedInteger; + + return SECKEY_CopyPublicKey(key); +} + +nsresult +CryptoKey::PublicDhKeyToRaw(SECKEYPublicKey* aPubKey, + CryptoBuffer& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (!aRetVal.Assign(&aPubKey->u.dh.publicValue)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + return NS_OK; +} + +SECKEYPublicKey* +CryptoKey::PublicECKeyFromRaw(CryptoBuffer& aKeyData, + const nsString& aNamedCurve, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE)); + if (!arena) { + return nullptr; + } + + SECItem rawItem = { siBuffer, nullptr, 0 }; + if (!aKeyData.ToSECItem(arena, &rawItem)) { + return nullptr; + } + + uint32_t flen; + if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P256)) { + flen = 32; // bytes + } else if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P384)) { + flen = 48; // bytes + } else if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P521)) { + flen = 66; // bytes + } else { + return nullptr; + } + + // Check length of uncompressed point coordinates. There are 2 field elements + // and a leading point form octet (which must EC_POINT_FORM_UNCOMPRESSED). + if (rawItem.len != (2 * flen + 1)) { + return nullptr; + } + + // No support for compressed points. + if (rawItem.data[0] != EC_POINT_FORM_UNCOMPRESSED) { + return nullptr; + } + + return CreateECPublicKey(&rawItem, aNamedCurve); +} + +nsresult +CryptoKey::PublicECKeyToRaw(SECKEYPublicKey* aPubKey, + CryptoBuffer& aRetVal, + const nsNSSShutDownPreventionLock& /*proofOfLock*/) +{ + if (!aRetVal.Assign(&aPubKey->u.ec.publicValue)) { + return NS_ERROR_DOM_OPERATION_ERR; + } + return NS_OK; +} + +bool +CryptoKey::PublicKeyValid(SECKEYPublicKey* aPubKey) +{ + ScopedPK11SlotInfo slot(PK11_GetInternalSlot()); + if (!slot.get()) { + return false; + } + + // This assumes that NSS checks the validity of a public key when + // it is imported into a PKCS#11 module, and returns CK_INVALID_HANDLE + // if it is invalid. + CK_OBJECT_HANDLE id = PK11_ImportPublicKey(slot, aPubKey, PR_FALSE); + if (id == CK_INVALID_HANDLE) { + return false; + } + + SECStatus rv = PK11_DestroyObject(slot, id); + return (rv == SECSuccess); +} + +bool +CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return false; + } + + // Write in five pieces + // 1. Attributes + // 2. Symmetric key as raw (if present) + // 3. Private key as pkcs8 (if present) + // 4. Public key as spki (if present) + // 5. Algorithm in whatever form it chooses + CryptoBuffer priv, pub; + + if (mPrivateKey) { + if (NS_FAILED(CryptoKey::PrivateKeyToPkcs8(mPrivateKey, priv, locker))) { + return false; + } + } + + if (mPublicKey) { + if (NS_FAILED(CryptoKey::PublicKeyToSpki(mPublicKey, pub, locker))) { + return false; + } + } + + return JS_WriteUint32Pair(aWriter, mAttributes, CRYPTOKEY_SC_VERSION) && + WriteBuffer(aWriter, mSymKey) && + WriteBuffer(aWriter, priv) && + WriteBuffer(aWriter, pub) && + mAlgorithm.WriteStructuredClone(aWriter); +} + +bool +CryptoKey::ReadStructuredClone(JSStructuredCloneReader* aReader) +{ + nsNSSShutDownPreventionLock locker; + if (isAlreadyShutDown()) { + return false; + } + + // Ensure that NSS is initialized. + if (!EnsureNSSInitializedChromeOrContent()) { + return false; + } + + uint32_t version; + CryptoBuffer sym, priv, pub; + + bool read = JS_ReadUint32Pair(aReader, &mAttributes, &version) && + (version == CRYPTOKEY_SC_VERSION) && + ReadBuffer(aReader, sym) && + ReadBuffer(aReader, priv) && + ReadBuffer(aReader, pub) && + mAlgorithm.ReadStructuredClone(aReader); + if (!read) { + return false; + } + + if (sym.Length() > 0 && !mSymKey.Assign(sym)) { + return false; + } + if (priv.Length() > 0) { + mPrivateKey = CryptoKey::PrivateKeyFromPkcs8(priv, locker); + } + if (pub.Length() > 0) { + mPublicKey = CryptoKey::PublicKeyFromSpki(pub, locker); + } + + // Ensure that what we've read is consistent + // If the attributes indicate a key type, should have a key of that type + if (!((GetKeyType() == SECRET && mSymKey.Length() > 0) || + (GetKeyType() == PRIVATE && mPrivateKey) || + (GetKeyType() == PUBLIC && mPublicKey))) { + return false; + } + + return true; +} + +} // namespace dom +} // namespace mozilla |