jwk.cc | Explore in Territory

// Copyright 2014 The Chromium Authors
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.

#include "components/webcrypto/jwk.h"

#include <stddef.h>

#include <algorithm>
#include <optional>
#include <set>
#include <utility>

#include "base/base64url.h"
#include "base/json/json_reader.h"
#include "base/json/json_writer.h"
#include "base/strings/stringprintf.h"
#include "base/values.h"
#include "components/webcrypto/algorithms/util.h"
#include "components/webcrypto/status.h"

// JSON Web Key Format (JWK) is defined by:
// http://tools.ietf.org/html/draft-ietf-jose-json-web-key
//
// A JWK is a simple JSON dictionary with the following members:
// - "kty" (Key Type) Parameter, REQUIRED
// - <kty-specific parameters, see below>, REQUIRED
// - "use" (Key Use) OPTIONAL
// - "key_ops" (Key Operations) OPTIONAL
// - "alg" (Algorithm) OPTIONAL
// - "ext" (Key Exportability), OPTIONAL
// (all other entries are ignored)
//
// The <kty-specific parameters> are defined by the JWA spec:
// http://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms

namespace webcrypto {

namespace {

// |kJwkEncUsage| and |kJwkSigUsage| are a superset of the possible meanings of
// JWK's {"use":"enc"}, and {"use":"sig"} respectively.
//
// TODO(crbug.com/40724054): Remove these masks,
// as they are not consistent with the Web Crypto
// processing model for JWK. In particular,
// intersecting the usages after processing the JWK
// means Chrome can fail with a Syntax error in cases
// where the spec describes a Data error.
const blink::WebCryptoKeyUsageMask kJwkEncUsage = …;
const blink::WebCryptoKeyUsageMask kJwkSigUsage = …;

// Checks that the "ext" member of the JWK is consistent with
// "expected_extractable".
Status VerifyExt(const JwkReader& jwk, bool expected_extractable) { … }

struct JwkToWebCryptoUsageMapping { … };

// Keep this ordered the same as WebCrypto's "recognized key usage
// values". While this is not required for spec compliance,
// it makes the ordering of key_ops match that of WebCrypto's Key.usages.
const JwkToWebCryptoUsageMapping kJwkWebCryptoUsageMap[] = …;

bool JwkKeyOpToWebCryptoUsage(std::string_view key_op,
                              blink::WebCryptoKeyUsage* usage) { … }

// Creates a JWK key_ops list from a Web Crypto usage mask.
base::Value::List CreateJwkKeyOpsFromWebCryptoUsages(
    blink::WebCryptoKeyUsageMask usages) { … }

// Composes a Web Crypto usage mask from an array of JWK key_ops values.
Status GetWebCryptoUsagesFromJwkKeyOps(const base::Value::List& key_ops,
                                       blink::WebCryptoKeyUsageMask* usages) { … }

// Checks that the usages ("use" and "key_ops") of the JWK is consistent with
// "expected_usages".
Status VerifyUsages(const JwkReader& jwk,
                    blink::WebCryptoKeyUsageMask expected_usages) { … }

}  // namespace

JwkReader::JwkReader() = default;

JwkReader::~JwkReader() = default;

Status JwkReader::Init(base::span<const uint8_t> bytes,
                       bool expected_extractable,
                       blink::WebCryptoKeyUsageMask expected_usages,
                       std::string_view expected_kty,
                       std::string_view expected_alg) { … }

bool JwkReader::HasMember(std::string_view member_name) const { … }

Status JwkReader::GetString(std::string_view member_name,
                            std::string* result) const { … }

Status JwkReader::GetOptionalString(std::string_view member_name,
                                    std::string* result,
                                    bool* member_exists) const { … }

Status JwkReader::GetOptionalList(std::string_view member_name,
                                  const base::Value::List** result,
                                  bool* member_exists) const { … }

Status JwkReader::GetBytes(std::string_view member_name,
                           std::vector<uint8_t>* result) const { … }

Status JwkReader::GetBigInteger(std::string_view member_name,
                                std::vector<uint8_t>* result) const { … }

Status JwkReader::GetOptionalBool(std::string_view member_name,
                                  bool* result,
                                  bool* member_exists) const { … }

Status JwkReader::GetAlg(std::string* alg, bool* has_alg) const { … }

Status JwkReader::VerifyAlg(std::string_view expected_alg) const { … }

JwkWriter::JwkWriter(std::string_view algorithm,
                     bool extractable,
                     blink::WebCryptoKeyUsageMask usages,
                     std::string_view kty) { … }

void JwkWriter::SetString(std::string_view member_name,
                          std::string_view value) { … }

void JwkWriter::SetBytes(std::string_view member_name,
                         base::span<const uint8_t> value) { … }

void JwkWriter::ToJson(std::vector<uint8_t>* utf8_bytes) const { … }

Status GetWebCryptoUsagesFromJwkKeyOpsForTest(
    const base::Value::List& key_ops,
    blink::WebCryptoKeyUsageMask* usages) { … }

}  // namespace webcrypto
chromium/components/webcrypto/jwk.cc
