summaryrefslogtreecommitdiffstats
path: root/dom/crypto/CryptoKey.cpp
diff options
context:
space:
mode:
Diffstat (limited to 'dom/crypto/CryptoKey.cpp')
-rw-r--r--dom/crypto/CryptoKey.cpp1342
1 files changed, 1342 insertions, 0 deletions
diff --git a/dom/crypto/CryptoKey.cpp b/dom/crypto/CryptoKey.cpp
new file mode 100644
index 000000000..8763835bf
--- /dev/null
+++ b/dom/crypto/CryptoKey.cpp
@@ -0,0 +1,1342 @@
+/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
+/* vim: set ts=8 sts=2 et sw=2 tw=80: */
+/* This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0. If a copy of the MPL was not distributed with this
+ * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
+
+#include "CryptoKey.h"
+
+#include "ScopedNSSTypes.h"
+#include "cryptohi.h"
+#include "mozilla/ArrayUtils.h"
+#include "mozilla/dom/SubtleCryptoBinding.h"
+#include "mozilla/dom/ToJSValue.h"
+#include "nsNSSComponent.h"
+#include "pk11pub.h"
+
+// Templates taken from security/nss/lib/cryptohi/seckey.c
+// These would ideally be exported by NSS and until that
+// happens we have to keep our own copies.
+const SEC_ASN1Template SECKEY_DHPublicKeyTemplate[] = {
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.publicValue), },
+ { 0, }
+};
+const SEC_ASN1Template SECKEY_DHParamKeyTemplate[] = {
+ { SEC_ASN1_SEQUENCE, 0, NULL, sizeof(SECKEYPublicKey) },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.prime), },
+ { SEC_ASN1_INTEGER, offsetof(SECKEYPublicKey,u.dh.base), },
+ { SEC_ASN1_SKIP_REST },
+ { 0, }
+};
+
+namespace mozilla {
+namespace dom {
+
+NS_IMPL_CYCLE_COLLECTION_WRAPPERCACHE(CryptoKey, mGlobal)
+NS_IMPL_CYCLE_COLLECTING_ADDREF(CryptoKey)
+NS_IMPL_CYCLE_COLLECTING_RELEASE(CryptoKey)
+NS_INTERFACE_MAP_BEGIN_CYCLE_COLLECTION(CryptoKey)
+ NS_WRAPPERCACHE_INTERFACE_MAP_ENTRY
+ NS_INTERFACE_MAP_ENTRY(nsISupports)
+NS_INTERFACE_MAP_END
+
+nsresult
+StringToUsage(const nsString& aUsage, CryptoKey::KeyUsage& aUsageOut)
+{
+ if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_ENCRYPT)) {
+ aUsageOut = CryptoKey::ENCRYPT;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DECRYPT)) {
+ aUsageOut = CryptoKey::DECRYPT;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_SIGN)) {
+ aUsageOut = CryptoKey::SIGN;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_VERIFY)) {
+ aUsageOut = CryptoKey::VERIFY;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DERIVEKEY)) {
+ aUsageOut = CryptoKey::DERIVEKEY;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_DERIVEBITS)) {
+ aUsageOut = CryptoKey::DERIVEBITS;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_WRAPKEY)) {
+ aUsageOut = CryptoKey::WRAPKEY;
+ } else if (aUsage.EqualsLiteral(WEBCRYPTO_KEY_USAGE_UNWRAPKEY)) {
+ aUsageOut = CryptoKey::UNWRAPKEY;
+ } else {
+ return NS_ERROR_DOM_SYNTAX_ERR;
+ }
+ return NS_OK;
+}
+
+// This helper function will release the memory backing a SECKEYPrivateKey and
+// any resources acquired in its creation. It will leave the backing PKCS#11
+// object untouched, however. This should only be called from
+// PrivateKeyFromPrivateKeyTemplate.
+static void
+DestroyPrivateKeyWithoutDestroyingPKCS11Object(SECKEYPrivateKey* key)
+{
+ PK11_FreeSlot(key->pkcs11Slot);
+ PORT_FreeArena(key->arena, PR_TRUE);
+}
+
+// To protect against key ID collisions, PrivateKeyFromPrivateKeyTemplate
+// generates a random ID for each key. The given template must contain an
+// attribute slot for a key ID, but it must consist of a null pointer and have a
+// length of 0.
+SECKEYPrivateKey*
+PrivateKeyFromPrivateKeyTemplate(CK_ATTRIBUTE* aTemplate,
+ CK_ULONG aTemplateSize)
+{
+ // Create a generic object with the contents of the key
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot) {
+ return nullptr;
+ }
+
+ // Generate a random 160-bit object ID. This ID must be unique.
+ ScopedSECItem objID(::SECITEM_AllocItem(nullptr, nullptr, 20));
+ SECStatus rv = PK11_GenerateRandomOnSlot(slot, objID->data, objID->len);
+ if (rv != SECSuccess) {
+ return nullptr;
+ }
+ // Check if something is already using this ID.
+ SECKEYPrivateKey* preexistingKey = PK11_FindKeyByKeyID(slot, objID, nullptr);
+ if (preexistingKey) {
+ // Note that we can't just call SECKEY_DestroyPrivateKey here because that
+ // will destroy the PKCS#11 object that is backing a preexisting key (that
+ // we still have a handle on somewhere else in memory). If that object were
+ // destroyed, cryptographic operations performed by that other key would
+ // fail.
+ DestroyPrivateKeyWithoutDestroyingPKCS11Object(preexistingKey);
+ // Try again with a new ID (but only once - collisions are very unlikely).
+ rv = PK11_GenerateRandomOnSlot(slot, objID->data, objID->len);
+ if (rv != SECSuccess) {
+ return nullptr;
+ }
+ preexistingKey = PK11_FindKeyByKeyID(slot, objID, nullptr);
+ if (preexistingKey) {
+ DestroyPrivateKeyWithoutDestroyingPKCS11Object(preexistingKey);
+ return nullptr;
+ }
+ }
+
+ CK_ATTRIBUTE* idAttributeSlot = nullptr;
+ for (CK_ULONG i = 0; i < aTemplateSize; i++) {
+ if (aTemplate[i].type == CKA_ID) {
+ if (aTemplate[i].pValue != nullptr || aTemplate[i].ulValueLen != 0) {
+ return nullptr;
+ }
+ idAttributeSlot = aTemplate + i;
+ break;
+ }
+ }
+ if (!idAttributeSlot) {
+ return nullptr;
+ }
+
+ idAttributeSlot->pValue = objID->data;
+ idAttributeSlot->ulValueLen = objID->len;
+ ScopedPK11GenericObject obj(PK11_CreateGenericObject(slot,
+ aTemplate,
+ aTemplateSize,
+ PR_FALSE));
+ // Unset the ID attribute slot's pointer and length so that data that only
+ // lives for the scope of this function doesn't escape.
+ idAttributeSlot->pValue = nullptr;
+ idAttributeSlot->ulValueLen = 0;
+ if (!obj) {
+ return nullptr;
+ }
+
+ // Have NSS translate the object to a private key.
+ return PK11_FindKeyByKeyID(slot, objID, nullptr);
+}
+
+CryptoKey::CryptoKey(nsIGlobalObject* aGlobal)
+ : mGlobal(aGlobal)
+ , mAttributes(0)
+ , mSymKey()
+ , mPrivateKey(nullptr)
+ , mPublicKey(nullptr)
+{
+}
+
+CryptoKey::~CryptoKey()
+{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return;
+ }
+ destructorSafeDestroyNSSReference();
+ shutdown(ShutdownCalledFrom::Object);
+}
+
+JSObject*
+CryptoKey::WrapObject(JSContext* aCx, JS::Handle<JSObject*> aGivenProto)
+{
+ return CryptoKeyBinding::Wrap(aCx, this, aGivenProto);
+}
+
+void
+CryptoKey::GetType(nsString& aRetVal) const
+{
+ uint32_t type = mAttributes & TYPE_MASK;
+ switch (type) {
+ case PUBLIC: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_PUBLIC); break;
+ case PRIVATE: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_PRIVATE); break;
+ case SECRET: aRetVal.AssignLiteral(WEBCRYPTO_KEY_TYPE_SECRET); break;
+ }
+}
+
+bool
+CryptoKey::Extractable() const
+{
+ return (mAttributes & EXTRACTABLE);
+}
+
+void
+CryptoKey::GetAlgorithm(JSContext* cx, JS::MutableHandle<JSObject*> aRetVal,
+ ErrorResult& aRv) const
+{
+ bool converted = false;
+ JS::RootedValue val(cx);
+ switch (mAlgorithm.mType) {
+ case KeyAlgorithmProxy::AES:
+ converted = ToJSValue(cx, mAlgorithm.mAes, &val);
+ break;
+ case KeyAlgorithmProxy::HMAC:
+ converted = ToJSValue(cx, mAlgorithm.mHmac, &val);
+ break;
+ case KeyAlgorithmProxy::RSA: {
+ RootedDictionary<RsaHashedKeyAlgorithm> rsa(cx);
+ converted = mAlgorithm.mRsa.ToKeyAlgorithm(cx, rsa);
+ if (converted) {
+ converted = ToJSValue(cx, rsa, &val);
+ }
+ break;
+ }
+ case KeyAlgorithmProxy::EC:
+ converted = ToJSValue(cx, mAlgorithm.mEc, &val);
+ break;
+ case KeyAlgorithmProxy::DH: {
+ RootedDictionary<DhKeyAlgorithm> dh(cx);
+ converted = mAlgorithm.mDh.ToKeyAlgorithm(cx, dh);
+ if (converted) {
+ converted = ToJSValue(cx, dh, &val);
+ }
+ break;
+ }
+ }
+ if (!converted) {
+ aRv.Throw(NS_ERROR_DOM_OPERATION_ERR);
+ return;
+ }
+
+ aRetVal.set(&val.toObject());
+}
+
+void
+CryptoKey::GetUsages(nsTArray<nsString>& aRetVal) const
+{
+ if (mAttributes & ENCRYPT) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_ENCRYPT));
+ }
+ if (mAttributes & DECRYPT) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DECRYPT));
+ }
+ if (mAttributes & SIGN) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_SIGN));
+ }
+ if (mAttributes & VERIFY) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_VERIFY));
+ }
+ if (mAttributes & DERIVEKEY) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DERIVEKEY));
+ }
+ if (mAttributes & DERIVEBITS) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_DERIVEBITS));
+ }
+ if (mAttributes & WRAPKEY) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_WRAPKEY));
+ }
+ if (mAttributes & UNWRAPKEY) {
+ aRetVal.AppendElement(NS_LITERAL_STRING(WEBCRYPTO_KEY_USAGE_UNWRAPKEY));
+ }
+}
+
+KeyAlgorithmProxy&
+CryptoKey::Algorithm()
+{
+ return mAlgorithm;
+}
+
+const KeyAlgorithmProxy&
+CryptoKey::Algorithm() const
+{
+ return mAlgorithm;
+}
+
+CryptoKey::KeyType
+CryptoKey::GetKeyType() const
+{
+ return static_cast<CryptoKey::KeyType>(mAttributes & TYPE_MASK);
+}
+
+nsresult
+CryptoKey::SetType(const nsString& aType)
+{
+ mAttributes &= CLEAR_TYPE;
+ if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_SECRET)) {
+ mAttributes |= SECRET;
+ } else if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_PUBLIC)) {
+ mAttributes |= PUBLIC;
+ } else if (aType.EqualsLiteral(WEBCRYPTO_KEY_TYPE_PRIVATE)) {
+ mAttributes |= PRIVATE;
+ } else {
+ mAttributes |= UNKNOWN;
+ return NS_ERROR_DOM_SYNTAX_ERR;
+ }
+
+ return NS_OK;
+}
+
+void
+CryptoKey::SetType(CryptoKey::KeyType aType)
+{
+ mAttributes &= CLEAR_TYPE;
+ mAttributes |= aType;
+}
+
+void
+CryptoKey::SetExtractable(bool aExtractable)
+{
+ mAttributes &= CLEAR_EXTRACTABLE;
+ if (aExtractable) {
+ mAttributes |= EXTRACTABLE;
+ }
+}
+
+// NSS exports private EC keys without the CKA_EC_POINT attribute, i.e. the
+// public value. To properly export the private key to JWK or PKCS #8 we need
+// the public key data though and so we use this method to augment a private
+// key with data from the given public key.
+nsresult
+CryptoKey::AddPublicKeyData(SECKEYPublicKey* aPublicKey)
+{
+ // This should be a private key.
+ MOZ_ASSERT(GetKeyType() == PRIVATE);
+ // There should be a private NSS key with type 'EC'.
+ MOZ_ASSERT(mPrivateKey && mPrivateKey->keyType == ecKey);
+ // The given public key should have the same key type.
+ MOZ_ASSERT(aPublicKey->keyType == mPrivateKey->keyType);
+
+ nsNSSShutDownPreventionLock locker;
+
+ // Read EC params.
+ ScopedAutoSECItem params;
+ SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, mPrivateKey,
+ CKA_EC_PARAMS, &params);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ // Read private value.
+ ScopedAutoSECItem value;
+ rv = PK11_ReadRawAttribute(PK11_TypePrivKey, mPrivateKey, CKA_VALUE, &value);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ SECItem* point = &aPublicKey->u.ec.publicValue;
+ CK_OBJECT_CLASS privateKeyValue = CKO_PRIVATE_KEY;
+ CK_BBOOL falseValue = CK_FALSE;
+ CK_KEY_TYPE ecValue = CKK_EC;
+
+ CK_ATTRIBUTE keyTemplate[9] = {
+ { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) },
+ { CKA_KEY_TYPE, &ecValue, sizeof(ecValue) },
+ { CKA_TOKEN, &falseValue, sizeof(falseValue) },
+ { CKA_SENSITIVE, &falseValue, sizeof(falseValue) },
+ { CKA_PRIVATE, &falseValue, sizeof(falseValue) },
+ // PrivateKeyFromPrivateKeyTemplate sets the ID.
+ { CKA_ID, nullptr, 0 },
+ { CKA_EC_PARAMS, params.data, params.len },
+ { CKA_EC_POINT, point->data, point->len },
+ { CKA_VALUE, value.data, value.len },
+ };
+
+ mPrivateKey = PrivateKeyFromPrivateKeyTemplate(keyTemplate,
+ ArrayLength(keyTemplate));
+ NS_ENSURE_TRUE(mPrivateKey, NS_ERROR_DOM_OPERATION_ERR);
+
+ return NS_OK;
+}
+
+void
+CryptoKey::ClearUsages()
+{
+ mAttributes &= CLEAR_USAGES;
+}
+
+nsresult
+CryptoKey::AddUsage(const nsString& aUsage)
+{
+ return AddUsageIntersecting(aUsage, USAGES_MASK);
+}
+
+nsresult
+CryptoKey::AddUsageIntersecting(const nsString& aUsage, uint32_t aUsageMask)
+{
+ KeyUsage usage;
+ if (NS_FAILED(StringToUsage(aUsage, usage))) {
+ return NS_ERROR_DOM_SYNTAX_ERR;
+ }
+
+ if (usage & aUsageMask) {
+ AddUsage(usage);
+ return NS_OK;
+ }
+
+ return NS_OK;
+}
+
+void
+CryptoKey::AddUsage(CryptoKey::KeyUsage aUsage)
+{
+ mAttributes |= aUsage;
+}
+
+bool
+CryptoKey::HasAnyUsage()
+{
+ return !!(mAttributes & USAGES_MASK);
+}
+
+bool
+CryptoKey::HasUsage(CryptoKey::KeyUsage aUsage)
+{
+ return !!(mAttributes & aUsage);
+}
+
+bool
+CryptoKey::HasUsageOtherThan(uint32_t aUsages)
+{
+ return !!(mAttributes & USAGES_MASK & ~aUsages);
+}
+
+bool
+CryptoKey::IsRecognizedUsage(const nsString& aUsage)
+{
+ KeyUsage dummy;
+ nsresult rv = StringToUsage(aUsage, dummy);
+ return NS_SUCCEEDED(rv);
+}
+
+bool
+CryptoKey::AllUsagesRecognized(const Sequence<nsString>& aUsages)
+{
+ for (uint32_t i = 0; i < aUsages.Length(); ++i) {
+ if (!IsRecognizedUsage(aUsages[i])) {
+ return false;
+ }
+ }
+ return true;
+}
+
+nsresult CryptoKey::SetSymKey(const CryptoBuffer& aSymKey)
+{
+ if (!mSymKey.Assign(aSymKey)) {
+ return NS_ERROR_OUT_OF_MEMORY;
+ }
+
+ return NS_OK;
+}
+
+nsresult
+CryptoKey::SetPrivateKey(SECKEYPrivateKey* aPrivateKey)
+{
+ nsNSSShutDownPreventionLock locker;
+
+ if (!aPrivateKey || isAlreadyShutDown()) {
+ mPrivateKey = nullptr;
+ return NS_OK;
+ }
+
+ mPrivateKey = SECKEY_CopyPrivateKey(aPrivateKey);
+ return mPrivateKey ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+nsresult
+CryptoKey::SetPublicKey(SECKEYPublicKey* aPublicKey)
+{
+ nsNSSShutDownPreventionLock locker;
+
+ if (!aPublicKey || isAlreadyShutDown()) {
+ mPublicKey = nullptr;
+ return NS_OK;
+ }
+
+ mPublicKey = SECKEY_CopyPublicKey(aPublicKey);
+ return mPublicKey ? NS_OK : NS_ERROR_OUT_OF_MEMORY;
+}
+
+const CryptoBuffer&
+CryptoKey::GetSymKey() const
+{
+ return mSymKey;
+}
+
+SECKEYPrivateKey*
+CryptoKey::GetPrivateKey() const
+{
+ nsNSSShutDownPreventionLock locker;
+ if (!mPrivateKey || isAlreadyShutDown()) {
+ return nullptr;
+ }
+ return SECKEY_CopyPrivateKey(mPrivateKey.get());
+}
+
+SECKEYPublicKey*
+CryptoKey::GetPublicKey() const
+{
+ nsNSSShutDownPreventionLock locker;
+ if (!mPublicKey || isAlreadyShutDown()) {
+ return nullptr;
+ }
+ return SECKEY_CopyPublicKey(mPublicKey.get());
+}
+
+void CryptoKey::virtualDestroyNSSReference()
+{
+ destructorSafeDestroyNSSReference();
+}
+
+void CryptoKey::destructorSafeDestroyNSSReference()
+{
+ mPrivateKey.dispose();
+ mPublicKey.dispose();
+}
+
+
+// Serialization and deserialization convenience methods
+
+SECKEYPrivateKey*
+CryptoKey::PrivateKeyFromPkcs8(CryptoBuffer& aKeyData,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ SECKEYPrivateKey* privKey;
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot) {
+ return nullptr;
+ }
+
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ SECItem pkcs8Item = { siBuffer, nullptr, 0 };
+ if (!aKeyData.ToSECItem(arena, &pkcs8Item)) {
+ return nullptr;
+ }
+
+ // Allow everything, we enforce usage ourselves
+ unsigned int usage = KU_ALL;
+
+ SECStatus rv = PK11_ImportDERPrivateKeyInfoAndReturnKey(
+ slot.get(), &pkcs8Item, nullptr, nullptr, false, false,
+ usage, &privKey, nullptr);
+
+ if (rv == SECFailure) {
+ return nullptr;
+ }
+ return privKey;
+}
+
+SECKEYPublicKey*
+CryptoKey::PublicKeyFromSpki(CryptoBuffer& aKeyData,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ SECItem spkiItem = { siBuffer, nullptr, 0 };
+ if (!aKeyData.ToSECItem(arena, &spkiItem)) {
+ return nullptr;
+ }
+
+ ScopedCERTSubjectPublicKeyInfo spki(SECKEY_DecodeDERSubjectPublicKeyInfo(&spkiItem));
+ if (!spki) {
+ return nullptr;
+ }
+
+ bool isECDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_EC_DH,
+ &spki->algorithm.algorithm);
+ bool isDHAlgorithm = SECITEM_ItemsAreEqual(&SEC_OID_DATA_DH_KEY_AGREEMENT,
+ &spki->algorithm.algorithm);
+
+ // Check for |id-ecDH| and |dhKeyAgreement|. Per the WebCrypto spec we must
+ // support these OIDs but NSS does unfortunately not know about them. Let's
+ // change the algorithm to |id-ecPublicKey| or |dhPublicKey| to make NSS happy.
+ if (isECDHAlgorithm || isDHAlgorithm) {
+ SECOidTag oid = SEC_OID_UNKNOWN;
+ if (isECDHAlgorithm) {
+ oid = SEC_OID_ANSIX962_EC_PUBLIC_KEY;
+ } else if (isDHAlgorithm) {
+ oid = SEC_OID_X942_DIFFIE_HELMAN_KEY;
+ } else {
+ MOZ_ASSERT(false);
+ }
+
+ SECOidData* oidData = SECOID_FindOIDByTag(oid);
+ if (!oidData) {
+ return nullptr;
+ }
+
+ SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm,
+ &oidData->oid);
+ if (rv != SECSuccess) {
+ return nullptr;
+ }
+ }
+
+ ScopedSECKEYPublicKey tmp(SECKEY_ExtractPublicKey(spki.get()));
+ if (!tmp.get() || !PublicKeyValid(tmp.get())) {
+ return nullptr;
+ }
+
+ return SECKEY_CopyPublicKey(tmp);
+}
+
+nsresult
+CryptoKey::PrivateKeyToPkcs8(SECKEYPrivateKey* aPrivKey,
+ CryptoBuffer& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ ScopedSECItem pkcs8Item(PK11_ExportDERPrivateKeyInfo(aPrivKey, nullptr));
+ if (!pkcs8Item.get()) {
+ return NS_ERROR_DOM_INVALID_ACCESS_ERR;
+ }
+ if (!aRetVal.Assign(pkcs8Item.get())) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ return NS_OK;
+}
+
+nsresult
+PublicDhKeyToSpki(SECKEYPublicKey* aPubKey,
+ CERTSubjectPublicKeyInfo* aSpki)
+{
+ SECItem* params = ::SECITEM_AllocItem(aSpki->arena, nullptr, 0);
+ if (!params) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ SECItem* rvItem = SEC_ASN1EncodeItem(aSpki->arena, params, aPubKey,
+ SECKEY_DHParamKeyTemplate);
+ if (!rvItem) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ SECStatus rv = SECOID_SetAlgorithmID(aSpki->arena, &aSpki->algorithm,
+ SEC_OID_X942_DIFFIE_HELMAN_KEY, params);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ rvItem = SEC_ASN1EncodeItem(aSpki->arena, &aSpki->subjectPublicKey, aPubKey,
+ SECKEY_DHPublicKeyTemplate);
+ if (!rvItem) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ // The public value is a BIT_STRING encoded as an INTEGER. After encoding
+ // an INT we need to adjust the length to reflect the number of bits.
+ aSpki->subjectPublicKey.len <<= 3;
+
+ return NS_OK;
+}
+
+nsresult
+CryptoKey::PublicKeyToSpki(SECKEYPublicKey* aPubKey,
+ CryptoBuffer& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ ScopedCERTSubjectPublicKeyInfo spki;
+
+ // NSS doesn't support exporting DH public keys.
+ if (aPubKey->keyType == dhKey) {
+ // Mimic the behavior of SECKEY_CreateSubjectPublicKeyInfo() and create
+ // a new arena for the SPKI object.
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ spki = PORT_ArenaZNew(arena, CERTSubjectPublicKeyInfo);
+ if (!spki) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ // Assign |arena| to |spki| and null the variable afterwards so that the
+ // arena created above that holds the SPKI object is free'd when |spki|
+ // goes out of scope, not when |arena| does.
+ spki->arena = arena.forget();
+
+ nsresult rv = PublicDhKeyToSpki(aPubKey, spki);
+ NS_ENSURE_SUCCESS(rv, rv);
+ } else {
+ spki = SECKEY_CreateSubjectPublicKeyInfo(aPubKey);
+ if (!spki) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ }
+
+ // Per WebCrypto spec we must export ECDH SPKIs with the algorithm OID
+ // id-ecDH (1.3.132.112) and DH SPKIs with OID dhKeyAgreement
+ // (1.2.840.113549.1.3.1). NSS doesn't know about these OIDs and there is
+ // no way to specify the algorithm to use when exporting a public key.
+ if (aPubKey->keyType == ecKey || aPubKey->keyType == dhKey) {
+ const SECItem* oidData = nullptr;
+ if (aPubKey->keyType == ecKey) {
+ oidData = &SEC_OID_DATA_EC_DH;
+ } else if (aPubKey->keyType == dhKey) {
+ oidData = &SEC_OID_DATA_DH_KEY_AGREEMENT;
+ } else {
+ MOZ_ASSERT(false);
+ }
+
+ SECStatus rv = SECITEM_CopyItem(spki->arena, &spki->algorithm.algorithm,
+ oidData);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ }
+
+ const SEC_ASN1Template* tpl = SEC_ASN1_GET(CERT_SubjectPublicKeyInfoTemplate);
+ ScopedSECItem spkiItem(SEC_ASN1EncodeItem(nullptr, nullptr, spki, tpl));
+
+ if (!aRetVal.Assign(spkiItem.get())) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ return NS_OK;
+}
+
+SECItem*
+CreateECPointForCoordinates(const CryptoBuffer& aX,
+ const CryptoBuffer& aY,
+ PLArenaPool* aArena)
+{
+ // Check that both points have the same length.
+ if (aX.Length() != aY.Length()) {
+ return nullptr;
+ }
+
+ // Create point.
+ SECItem* point = ::SECITEM_AllocItem(aArena, nullptr, aX.Length() + aY.Length() + 1);
+ if (!point) {
+ return nullptr;
+ }
+
+ // Set point data.
+ point->data[0] = EC_POINT_FORM_UNCOMPRESSED;
+ memcpy(point->data + 1, aX.Elements(), aX.Length());
+ memcpy(point->data + 1 + aX.Length(), aY.Elements(), aY.Length());
+
+ return point;
+}
+
+SECKEYPrivateKey*
+CryptoKey::PrivateKeyFromJwk(const JsonWebKey& aJwk,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ CK_OBJECT_CLASS privateKeyValue = CKO_PRIVATE_KEY;
+ CK_BBOOL falseValue = CK_FALSE;
+
+ if (aJwk.mKty.EqualsLiteral(JWK_TYPE_EC)) {
+ // Verify that all of the required parameters are present
+ CryptoBuffer x, y, d;
+ if (!aJwk.mCrv.WasPassed() ||
+ !aJwk.mX.WasPassed() || NS_FAILED(x.FromJwkBase64(aJwk.mX.Value())) ||
+ !aJwk.mY.WasPassed() || NS_FAILED(y.FromJwkBase64(aJwk.mY.Value())) ||
+ !aJwk.mD.WasPassed() || NS_FAILED(d.FromJwkBase64(aJwk.mD.Value()))) {
+ return nullptr;
+ }
+
+ nsString namedCurve;
+ if (!NormalizeToken(aJwk.mCrv.Value(), namedCurve)) {
+ return nullptr;
+ }
+
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ // Create parameters.
+ SECItem* params = CreateECParamsForCurve(namedCurve, arena.get());
+ if (!params) {
+ return nullptr;
+ }
+
+ SECItem* ecPoint = CreateECPointForCoordinates(x, y, arena.get());
+ if (!ecPoint) {
+ return nullptr;
+ }
+
+ // Populate template from parameters
+ CK_KEY_TYPE ecValue = CKK_EC;
+ CK_ATTRIBUTE keyTemplate[9] = {
+ { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) },
+ { CKA_KEY_TYPE, &ecValue, sizeof(ecValue) },
+ { CKA_TOKEN, &falseValue, sizeof(falseValue) },
+ { CKA_SENSITIVE, &falseValue, sizeof(falseValue) },
+ { CKA_PRIVATE, &falseValue, sizeof(falseValue) },
+ // PrivateKeyFromPrivateKeyTemplate sets the ID.
+ { CKA_ID, nullptr, 0 },
+ { CKA_EC_PARAMS, params->data, params->len },
+ { CKA_EC_POINT, ecPoint->data, ecPoint->len },
+ { CKA_VALUE, (void*) d.Elements(), (CK_ULONG) d.Length() },
+ };
+
+ return PrivateKeyFromPrivateKeyTemplate(keyTemplate,
+ ArrayLength(keyTemplate));
+ }
+
+ if (aJwk.mKty.EqualsLiteral(JWK_TYPE_RSA)) {
+ // Verify that all of the required parameters are present
+ CryptoBuffer n, e, d, p, q, dp, dq, qi;
+ if (!aJwk.mN.WasPassed() || NS_FAILED(n.FromJwkBase64(aJwk.mN.Value())) ||
+ !aJwk.mE.WasPassed() || NS_FAILED(e.FromJwkBase64(aJwk.mE.Value())) ||
+ !aJwk.mD.WasPassed() || NS_FAILED(d.FromJwkBase64(aJwk.mD.Value())) ||
+ !aJwk.mP.WasPassed() || NS_FAILED(p.FromJwkBase64(aJwk.mP.Value())) ||
+ !aJwk.mQ.WasPassed() || NS_FAILED(q.FromJwkBase64(aJwk.mQ.Value())) ||
+ !aJwk.mDp.WasPassed() || NS_FAILED(dp.FromJwkBase64(aJwk.mDp.Value())) ||
+ !aJwk.mDq.WasPassed() || NS_FAILED(dq.FromJwkBase64(aJwk.mDq.Value())) ||
+ !aJwk.mQi.WasPassed() || NS_FAILED(qi.FromJwkBase64(aJwk.mQi.Value()))) {
+ return nullptr;
+ }
+
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ // Populate template from parameters
+ CK_KEY_TYPE rsaValue = CKK_RSA;
+ CK_ATTRIBUTE keyTemplate[14] = {
+ { CKA_CLASS, &privateKeyValue, sizeof(privateKeyValue) },
+ { CKA_KEY_TYPE, &rsaValue, sizeof(rsaValue) },
+ { CKA_TOKEN, &falseValue, sizeof(falseValue) },
+ { CKA_SENSITIVE, &falseValue, sizeof(falseValue) },
+ { CKA_PRIVATE, &falseValue, sizeof(falseValue) },
+ // PrivateKeyFromPrivateKeyTemplate sets the ID.
+ { CKA_ID, nullptr, 0 },
+ { CKA_MODULUS, (void*) n.Elements(), (CK_ULONG) n.Length() },
+ { CKA_PUBLIC_EXPONENT, (void*) e.Elements(), (CK_ULONG) e.Length() },
+ { CKA_PRIVATE_EXPONENT, (void*) d.Elements(), (CK_ULONG) d.Length() },
+ { CKA_PRIME_1, (void*) p.Elements(), (CK_ULONG) p.Length() },
+ { CKA_PRIME_2, (void*) q.Elements(), (CK_ULONG) q.Length() },
+ { CKA_EXPONENT_1, (void*) dp.Elements(), (CK_ULONG) dp.Length() },
+ { CKA_EXPONENT_2, (void*) dq.Elements(), (CK_ULONG) dq.Length() },
+ { CKA_COEFFICIENT, (void*) qi.Elements(), (CK_ULONG) qi.Length() },
+ };
+
+ return PrivateKeyFromPrivateKeyTemplate(keyTemplate,
+ ArrayLength(keyTemplate));
+ }
+
+ return nullptr;
+}
+
+bool ReadAndEncodeAttribute(SECKEYPrivateKey* aKey,
+ CK_ATTRIBUTE_TYPE aAttribute,
+ Optional<nsString>& aDst)
+{
+ ScopedAutoSECItem item;
+ if (PK11_ReadRawAttribute(PK11_TypePrivKey, aKey, aAttribute, &item)
+ != SECSuccess) {
+ return false;
+ }
+
+ CryptoBuffer buffer;
+ if (!buffer.Assign(&item)) {
+ return false;
+ }
+
+ if (NS_FAILED(buffer.ToJwkBase64(aDst.Value()))) {
+ return false;
+ }
+
+ return true;
+}
+
+bool
+ECKeyToJwk(const PK11ObjectType aKeyType, void* aKey, const SECItem* aEcParams,
+ const SECItem* aPublicValue, JsonWebKey& aRetVal)
+{
+ aRetVal.mX.Construct();
+ aRetVal.mY.Construct();
+
+ // Check that the given EC parameters are valid.
+ if (!CheckEncodedECParameters(aEcParams)) {
+ return false;
+ }
+
+ // Construct the OID tag.
+ SECItem oid = { siBuffer, nullptr, 0 };
+ oid.len = aEcParams->data[1];
+ oid.data = aEcParams->data + 2;
+
+ uint32_t flen;
+ switch (SECOID_FindOIDTag(&oid)) {
+ case SEC_OID_SECG_EC_SECP256R1:
+ flen = 32; // bytes
+ aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P256));
+ break;
+ case SEC_OID_SECG_EC_SECP384R1:
+ flen = 48; // bytes
+ aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P384));
+ break;
+ case SEC_OID_SECG_EC_SECP521R1:
+ flen = 66; // bytes
+ aRetVal.mCrv.Construct(NS_LITERAL_STRING(WEBCRYPTO_NAMED_CURVE_P521));
+ break;
+ default:
+ return false;
+ }
+
+ // No support for compressed points.
+ if (aPublicValue->data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+ return false;
+ }
+
+ // Check length of uncompressed point coordinates.
+ if (aPublicValue->len != (2 * flen + 1)) {
+ return false;
+ }
+
+ ScopedSECItem ecPointX(::SECITEM_AllocItem(nullptr, nullptr, flen));
+ ScopedSECItem ecPointY(::SECITEM_AllocItem(nullptr, nullptr, flen));
+ if (!ecPointX || !ecPointY) {
+ return false;
+ }
+
+ // Extract point data.
+ memcpy(ecPointX->data, aPublicValue->data + 1, flen);
+ memcpy(ecPointY->data, aPublicValue->data + 1 + flen, flen);
+
+ CryptoBuffer x, y;
+ if (!x.Assign(ecPointX) || NS_FAILED(x.ToJwkBase64(aRetVal.mX.Value())) ||
+ !y.Assign(ecPointY) || NS_FAILED(y.ToJwkBase64(aRetVal.mY.Value()))) {
+ return false;
+ }
+
+ aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_EC);
+ return true;
+}
+
+nsresult
+CryptoKey::PrivateKeyToJwk(SECKEYPrivateKey* aPrivKey,
+ JsonWebKey& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ switch (aPrivKey->keyType) {
+ case rsaKey: {
+ aRetVal.mN.Construct();
+ aRetVal.mE.Construct();
+ aRetVal.mD.Construct();
+ aRetVal.mP.Construct();
+ aRetVal.mQ.Construct();
+ aRetVal.mDp.Construct();
+ aRetVal.mDq.Construct();
+ aRetVal.mQi.Construct();
+
+ if (!ReadAndEncodeAttribute(aPrivKey, CKA_MODULUS, aRetVal.mN) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_PUBLIC_EXPONENT, aRetVal.mE) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_PRIVATE_EXPONENT, aRetVal.mD) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_PRIME_1, aRetVal.mP) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_PRIME_2, aRetVal.mQ) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_EXPONENT_1, aRetVal.mDp) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_EXPONENT_2, aRetVal.mDq) ||
+ !ReadAndEncodeAttribute(aPrivKey, CKA_COEFFICIENT, aRetVal.mQi)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_RSA);
+ return NS_OK;
+ }
+ case ecKey: {
+ // Read EC params.
+ ScopedAutoSECItem params;
+ SECStatus rv = PK11_ReadRawAttribute(PK11_TypePrivKey, aPrivKey,
+ CKA_EC_PARAMS, &params);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ // Read public point Q.
+ ScopedAutoSECItem ecPoint;
+ rv = PK11_ReadRawAttribute(PK11_TypePrivKey, aPrivKey, CKA_EC_POINT,
+ &ecPoint);
+ if (rv != SECSuccess) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ if (!ECKeyToJwk(PK11_TypePrivKey, aPrivKey, &params, &ecPoint, aRetVal)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ aRetVal.mD.Construct();
+
+ // Read private value.
+ if (!ReadAndEncodeAttribute(aPrivKey, CKA_VALUE, aRetVal.mD)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ return NS_OK;
+ }
+ default:
+ return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
+ }
+}
+
+SECKEYPublicKey*
+CreateECPublicKey(const SECItem* aKeyData, const nsString& aNamedCurve)
+{
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ // It's important that this be a ScopedSECKEYPublicKey, as this ensures that
+ // SECKEY_DestroyPublicKey will be called on it. If this doesn't happen, when
+ // CryptoKey::PublicKeyValid is called on it and it gets moved to the internal
+ // PKCS#11 slot, it will leak a reference to the slot.
+ ScopedSECKEYPublicKey key(PORT_ArenaZNew(arena, SECKEYPublicKey));
+ if (!key) {
+ return nullptr;
+ }
+
+ key->arena = nullptr; // key doesn't own the arena; it won't get double-freed
+ key->keyType = ecKey;
+ key->pkcs11Slot = nullptr;
+ key->pkcs11ID = CK_INVALID_HANDLE;
+
+ // Create curve parameters.
+ SECItem* params = CreateECParamsForCurve(aNamedCurve, arena);
+ if (!params) {
+ return nullptr;
+ }
+ key->u.ec.DEREncodedParams = *params;
+
+ // Set public point.
+ key->u.ec.publicValue = *aKeyData;
+
+ // Ensure the given point is on the curve.
+ if (!CryptoKey::PublicKeyValid(key)) {
+ return nullptr;
+ }
+
+ return SECKEY_CopyPublicKey(key);
+}
+
+SECKEYPublicKey*
+CryptoKey::PublicKeyFromJwk(const JsonWebKey& aJwk,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ if (aJwk.mKty.EqualsLiteral(JWK_TYPE_RSA)) {
+ // Verify that all of the required parameters are present
+ CryptoBuffer n, e;
+ if (!aJwk.mN.WasPassed() || NS_FAILED(n.FromJwkBase64(aJwk.mN.Value())) ||
+ !aJwk.mE.WasPassed() || NS_FAILED(e.FromJwkBase64(aJwk.mE.Value()))) {
+ return nullptr;
+ }
+
+ // Transcode to a DER RSAPublicKey structure
+ struct RSAPublicKeyData {
+ SECItem n;
+ SECItem e;
+ };
+ const RSAPublicKeyData input = {
+ { siUnsignedInteger, n.Elements(), (unsigned int) n.Length() },
+ { siUnsignedInteger, e.Elements(), (unsigned int) e.Length() }
+ };
+ const SEC_ASN1Template rsaPublicKeyTemplate[] = {
+ {SEC_ASN1_SEQUENCE, 0, nullptr, sizeof(RSAPublicKeyData)},
+ {SEC_ASN1_INTEGER, offsetof(RSAPublicKeyData, n),},
+ {SEC_ASN1_INTEGER, offsetof(RSAPublicKeyData, e),},
+ {0,}
+ };
+
+ ScopedSECItem pkDer(SEC_ASN1EncodeItem(nullptr, nullptr, &input,
+ rsaPublicKeyTemplate));
+ if (!pkDer.get()) {
+ return nullptr;
+ }
+
+ return SECKEY_ImportDERPublicKey(pkDer.get(), CKK_RSA);
+ }
+
+ if (aJwk.mKty.EqualsLiteral(JWK_TYPE_EC)) {
+ // Verify that all of the required parameters are present
+ CryptoBuffer x, y;
+ if (!aJwk.mCrv.WasPassed() ||
+ !aJwk.mX.WasPassed() || NS_FAILED(x.FromJwkBase64(aJwk.mX.Value())) ||
+ !aJwk.mY.WasPassed() || NS_FAILED(y.FromJwkBase64(aJwk.mY.Value()))) {
+ return nullptr;
+ }
+
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ // Create point.
+ SECItem* point = CreateECPointForCoordinates(x, y, arena.get());
+ if (!point) {
+ return nullptr;
+ }
+
+ nsString namedCurve;
+ if (!NormalizeToken(aJwk.mCrv.Value(), namedCurve)) {
+ return nullptr;
+ }
+
+ return CreateECPublicKey(point, namedCurve);
+ }
+
+ return nullptr;
+}
+
+nsresult
+CryptoKey::PublicKeyToJwk(SECKEYPublicKey* aPubKey,
+ JsonWebKey& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ switch (aPubKey->keyType) {
+ case rsaKey: {
+ CryptoBuffer n, e;
+ aRetVal.mN.Construct();
+ aRetVal.mE.Construct();
+
+ if (!n.Assign(&aPubKey->u.rsa.modulus) ||
+ !e.Assign(&aPubKey->u.rsa.publicExponent) ||
+ NS_FAILED(n.ToJwkBase64(aRetVal.mN.Value())) ||
+ NS_FAILED(e.ToJwkBase64(aRetVal.mE.Value()))) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+
+ aRetVal.mKty = NS_LITERAL_STRING(JWK_TYPE_RSA);
+ return NS_OK;
+ }
+ case ecKey:
+ if (!ECKeyToJwk(PK11_TypePubKey, aPubKey, &aPubKey->u.ec.DEREncodedParams,
+ &aPubKey->u.ec.publicValue, aRetVal)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ return NS_OK;
+ default:
+ return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
+ }
+}
+
+SECKEYPublicKey*
+CryptoKey::PublicDhKeyFromRaw(CryptoBuffer& aKeyData,
+ const CryptoBuffer& aPrime,
+ const CryptoBuffer& aGenerator,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ SECKEYPublicKey* key = PORT_ArenaZNew(arena, SECKEYPublicKey);
+ if (!key) {
+ return nullptr;
+ }
+
+ key->keyType = dhKey;
+ key->pkcs11Slot = nullptr;
+ key->pkcs11ID = CK_INVALID_HANDLE;
+
+ // Set DH public key params.
+ if (!aPrime.ToSECItem(arena, &key->u.dh.prime) ||
+ !aGenerator.ToSECItem(arena, &key->u.dh.base) ||
+ !aKeyData.ToSECItem(arena, &key->u.dh.publicValue)) {
+ return nullptr;
+ }
+
+ key->u.dh.prime.type = siUnsignedInteger;
+ key->u.dh.base.type = siUnsignedInteger;
+ key->u.dh.publicValue.type = siUnsignedInteger;
+
+ return SECKEY_CopyPublicKey(key);
+}
+
+nsresult
+CryptoKey::PublicDhKeyToRaw(SECKEYPublicKey* aPubKey,
+ CryptoBuffer& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ if (!aRetVal.Assign(&aPubKey->u.dh.publicValue)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ return NS_OK;
+}
+
+SECKEYPublicKey*
+CryptoKey::PublicECKeyFromRaw(CryptoBuffer& aKeyData,
+ const nsString& aNamedCurve,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ ScopedPLArenaPool arena(PORT_NewArena(DER_DEFAULT_CHUNKSIZE));
+ if (!arena) {
+ return nullptr;
+ }
+
+ SECItem rawItem = { siBuffer, nullptr, 0 };
+ if (!aKeyData.ToSECItem(arena, &rawItem)) {
+ return nullptr;
+ }
+
+ uint32_t flen;
+ if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P256)) {
+ flen = 32; // bytes
+ } else if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P384)) {
+ flen = 48; // bytes
+ } else if (aNamedCurve.EqualsLiteral(WEBCRYPTO_NAMED_CURVE_P521)) {
+ flen = 66; // bytes
+ } else {
+ return nullptr;
+ }
+
+ // Check length of uncompressed point coordinates. There are 2 field elements
+ // and a leading point form octet (which must EC_POINT_FORM_UNCOMPRESSED).
+ if (rawItem.len != (2 * flen + 1)) {
+ return nullptr;
+ }
+
+ // No support for compressed points.
+ if (rawItem.data[0] != EC_POINT_FORM_UNCOMPRESSED) {
+ return nullptr;
+ }
+
+ return CreateECPublicKey(&rawItem, aNamedCurve);
+}
+
+nsresult
+CryptoKey::PublicECKeyToRaw(SECKEYPublicKey* aPubKey,
+ CryptoBuffer& aRetVal,
+ const nsNSSShutDownPreventionLock& /*proofOfLock*/)
+{
+ if (!aRetVal.Assign(&aPubKey->u.ec.publicValue)) {
+ return NS_ERROR_DOM_OPERATION_ERR;
+ }
+ return NS_OK;
+}
+
+bool
+CryptoKey::PublicKeyValid(SECKEYPublicKey* aPubKey)
+{
+ ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
+ if (!slot.get()) {
+ return false;
+ }
+
+ // This assumes that NSS checks the validity of a public key when
+ // it is imported into a PKCS#11 module, and returns CK_INVALID_HANDLE
+ // if it is invalid.
+ CK_OBJECT_HANDLE id = PK11_ImportPublicKey(slot, aPubKey, PR_FALSE);
+ if (id == CK_INVALID_HANDLE) {
+ return false;
+ }
+
+ SECStatus rv = PK11_DestroyObject(slot, id);
+ return (rv == SECSuccess);
+}
+
+bool
+CryptoKey::WriteStructuredClone(JSStructuredCloneWriter* aWriter) const
+{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return false;
+ }
+
+ // Write in five pieces
+ // 1. Attributes
+ // 2. Symmetric key as raw (if present)
+ // 3. Private key as pkcs8 (if present)
+ // 4. Public key as spki (if present)
+ // 5. Algorithm in whatever form it chooses
+ CryptoBuffer priv, pub;
+
+ if (mPrivateKey) {
+ if (NS_FAILED(CryptoKey::PrivateKeyToPkcs8(mPrivateKey, priv, locker))) {
+ return false;
+ }
+ }
+
+ if (mPublicKey) {
+ if (NS_FAILED(CryptoKey::PublicKeyToSpki(mPublicKey, pub, locker))) {
+ return false;
+ }
+ }
+
+ return JS_WriteUint32Pair(aWriter, mAttributes, CRYPTOKEY_SC_VERSION) &&
+ WriteBuffer(aWriter, mSymKey) &&
+ WriteBuffer(aWriter, priv) &&
+ WriteBuffer(aWriter, pub) &&
+ mAlgorithm.WriteStructuredClone(aWriter);
+}
+
+bool
+CryptoKey::ReadStructuredClone(JSStructuredCloneReader* aReader)
+{
+ nsNSSShutDownPreventionLock locker;
+ if (isAlreadyShutDown()) {
+ return false;
+ }
+
+ // Ensure that NSS is initialized.
+ if (!EnsureNSSInitializedChromeOrContent()) {
+ return false;
+ }
+
+ uint32_t version;
+ CryptoBuffer sym, priv, pub;
+
+ bool read = JS_ReadUint32Pair(aReader, &mAttributes, &version) &&
+ (version == CRYPTOKEY_SC_VERSION) &&
+ ReadBuffer(aReader, sym) &&
+ ReadBuffer(aReader, priv) &&
+ ReadBuffer(aReader, pub) &&
+ mAlgorithm.ReadStructuredClone(aReader);
+ if (!read) {
+ return false;
+ }
+
+ if (sym.Length() > 0 && !mSymKey.Assign(sym)) {
+ return false;
+ }
+ if (priv.Length() > 0) {
+ mPrivateKey = CryptoKey::PrivateKeyFromPkcs8(priv, locker);
+ }
+ if (pub.Length() > 0) {
+ mPublicKey = CryptoKey::PublicKeyFromSpki(pub, locker);
+ }
+
+ // Ensure that what we've read is consistent
+ // If the attributes indicate a key type, should have a key of that type
+ if (!((GetKeyType() == SECRET && mSymKey.Length() > 0) ||
+ (GetKeyType() == PRIVATE && mPrivateKey) ||
+ (GetKeyType() == PUBLIC && mPublicKey))) {
+ return false;
+ }
+
+ return true;
+}
+
+} // namespace dom
+} // namespace mozilla