| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "base/numerics/safe_math.h" | |
| 6 #include "base/stl_util.h" | |
| 7 #include "content/child/webcrypto/crypto_data.h" | |
| 8 #include "content/child/webcrypto/nss/aes_algorithm_nss.h" | |
| 9 #include "content/child/webcrypto/nss/key_nss.h" | |
| 10 #include "content/child/webcrypto/nss/util_nss.h" | |
| 11 #include "content/child/webcrypto/status.h" | |
| 12 #include "content/child/webcrypto/webcrypto_util.h" | |
| 13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 14 | |
| 15 // At the time of this writing: | |
| 16 // * Windows and Mac builds ship with their own copy of NSS (3.15+) | |
| 17 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+ | |
| 18 // on other distros). | |
| 19 // | |
| 20 // Since NSS provides AES-GCM support starting in version 3.15, it may be | |
| 21 // unavailable for Linux Chrome users. | |
| 22 // | |
| 23 // * !defined(CKM_AES_GCM) | |
| 24 // | |
| 25 // This means that at build time, the NSS header pkcs11t.h is older than | |
| 26 // 3.15. However at runtime support may be present. | |
| 27 // | |
| 28 // TODO(eroman): Simplify this once 3.15+ is required by Linux builds. | |
| 29 #if !defined(CKM_AES_GCM) | |
| 30 #define CKM_AES_GCM 0x00001087 | |
| 31 | |
| 32 struct CK_GCM_PARAMS { | |
| 33 CK_BYTE_PTR pIv; | |
| 34 CK_ULONG ulIvLen; | |
| 35 CK_BYTE_PTR pAAD; | |
| 36 CK_ULONG ulAADLen; | |
| 37 CK_ULONG ulTagBits; | |
| 38 }; | |
| 39 #endif // !defined(CKM_AES_GCM) | |
| 40 | |
| 41 namespace content { | |
| 42 | |
| 43 namespace webcrypto { | |
| 44 | |
| 45 namespace { | |
| 46 | |
| 47 Status NssSupportsAesGcm() { | |
| 48 if (NssRuntimeSupport::Get()->IsAesGcmSupported()) | |
| 49 return Status::Success(); | |
| 50 return Status::ErrorUnsupported( | |
| 51 "NSS version doesn't support AES-GCM. Try using version 3.15 or later"); | |
| 52 } | |
| 53 | |
| 54 // Helper to either encrypt or decrypt for AES-GCM. The result of encryption is | |
| 55 // the concatenation of the ciphertext and the authentication tag. Similarly, | |
| 56 // this is the expectation for the input to decryption. | |
| 57 Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, | |
| 58 const blink::WebCryptoAlgorithm& algorithm, | |
| 59 const blink::WebCryptoKey& key, | |
| 60 const CryptoData& data, | |
| 61 std::vector<uint8_t>* buffer) { | |
| 62 Status status = NssSupportsAesGcm(); | |
| 63 if (status.IsError()) | |
| 64 return status; | |
| 65 | |
| 66 PK11SymKey* sym_key = SymKeyNss::Cast(key)->key(); | |
| 67 const blink::WebCryptoAesGcmParams* params = algorithm.aesGcmParams(); | |
| 68 if (!params) | |
| 69 return Status::ErrorUnexpected(); | |
| 70 | |
| 71 unsigned int tag_length_bits; | |
| 72 status = GetAesGcmTagLengthInBits(params, &tag_length_bits); | |
| 73 if (status.IsError()) | |
| 74 return status; | |
| 75 unsigned int tag_length_bytes = tag_length_bits / 8; | |
| 76 | |
| 77 CryptoData iv(params->iv()); | |
| 78 CryptoData additional_data(params->optionalAdditionalData()); | |
| 79 | |
| 80 CK_GCM_PARAMS gcm_params = {0}; | |
| 81 gcm_params.pIv = const_cast<unsigned char*>(iv.bytes()); | |
| 82 gcm_params.ulIvLen = iv.byte_length(); | |
| 83 | |
| 84 gcm_params.pAAD = const_cast<unsigned char*>(additional_data.bytes()); | |
| 85 gcm_params.ulAADLen = additional_data.byte_length(); | |
| 86 | |
| 87 gcm_params.ulTagBits = tag_length_bits; | |
| 88 | |
| 89 SECItem param; | |
| 90 param.type = siBuffer; | |
| 91 param.data = reinterpret_cast<unsigned char*>(&gcm_params); | |
| 92 param.len = sizeof(gcm_params); | |
| 93 | |
| 94 base::CheckedNumeric<unsigned int> buffer_size(data.byte_length()); | |
| 95 | |
| 96 // Calculate the output buffer size. | |
| 97 if (mode == ENCRYPT) { | |
| 98 buffer_size += tag_length_bytes; | |
| 99 if (!buffer_size.IsValid()) | |
| 100 return Status::ErrorDataTooLarge(); | |
| 101 } | |
| 102 | |
| 103 // TODO(eroman): In theory the buffer allocated for the plain text should be | |
| 104 // sized as |data.byte_length() - tag_length_bytes|. | |
| 105 // | |
| 106 // However NSS has a bug whereby it will fail if the output buffer size is | |
| 107 // not at least as large as the ciphertext: | |
| 108 // | |
| 109 // https://bugzilla.mozilla.org/show_bug.cgi?id=%20853674 | |
| 110 // | |
| 111 // From the analysis of that bug it looks like it might be safe to pass a | |
| 112 // correctly sized buffer but lie about its size. Since resizing the | |
| 113 // WebCryptoArrayBuffer is expensive that hack may be worth looking into. | |
| 114 | |
| 115 buffer->resize(buffer_size.ValueOrDie()); | |
| 116 unsigned char* buffer_data = vector_as_array(buffer); | |
| 117 | |
| 118 PK11_EncryptDecryptFunction encrypt_or_decrypt_func = | |
| 119 (mode == ENCRYPT) ? NssRuntimeSupport::Get()->pk11_encrypt_func() | |
| 120 : NssRuntimeSupport::Get()->pk11_decrypt_func(); | |
| 121 | |
| 122 unsigned int output_len = 0; | |
| 123 SECStatus result = encrypt_or_decrypt_func( | |
| 124 sym_key, CKM_AES_GCM, ¶m, buffer_data, &output_len, buffer->size(), | |
| 125 data.bytes(), data.byte_length()); | |
| 126 | |
| 127 if (result != SECSuccess) | |
| 128 return Status::OperationError(); | |
| 129 | |
| 130 // Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug | |
| 131 // above). | |
| 132 buffer->resize(output_len); | |
| 133 | |
| 134 return Status::Success(); | |
| 135 } | |
| 136 | |
| 137 class AesGcmImplementation : public AesAlgorithm { | |
| 138 public: | |
| 139 AesGcmImplementation() : AesAlgorithm(CKM_AES_GCM, "GCM") {} | |
| 140 | |
| 141 Status VerifyKeyUsagesBeforeImportKey( | |
| 142 blink::WebCryptoKeyFormat format, | |
| 143 blink::WebCryptoKeyUsageMask usages) const override { | |
| 144 // Prevent importing AES-GCM keys if it is unavailable. | |
| 145 Status status = NssSupportsAesGcm(); | |
| 146 if (status.IsError()) | |
| 147 return status; | |
| 148 return AesAlgorithm::VerifyKeyUsagesBeforeImportKey(format, usages); | |
| 149 } | |
| 150 | |
| 151 Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm, | |
| 152 bool extractable, | |
| 153 blink::WebCryptoKeyUsageMask usages, | |
| 154 GenerateKeyResult* result) const override { | |
| 155 // Prevent generating AES-GCM keys if it is unavailable. | |
| 156 Status status = NssSupportsAesGcm(); | |
| 157 if (status.IsError()) | |
| 158 return status; | |
| 159 | |
| 160 return AesAlgorithm::GenerateKey(algorithm, extractable, usages, result); | |
| 161 } | |
| 162 | |
| 163 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 164 const blink::WebCryptoKey& key, | |
| 165 const CryptoData& data, | |
| 166 std::vector<uint8_t>* buffer) const override { | |
| 167 return AesGcmEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer); | |
| 168 } | |
| 169 | |
| 170 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 171 const blink::WebCryptoKey& key, | |
| 172 const CryptoData& data, | |
| 173 std::vector<uint8_t>* buffer) const override { | |
| 174 return AesGcmEncryptDecrypt(DECRYPT, algorithm, key, data, buffer); | |
| 175 } | |
| 176 }; | |
| 177 | |
| 178 } // namespace | |
| 179 | |
| 180 AlgorithmImplementation* CreatePlatformAesGcmImplementation() { | |
| 181 return new AesGcmImplementation; | |
| 182 } | |
| 183 | |
| 184 } // namespace webcrypto | |
| 185 | |
| 186 } // namespace content | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1077273002:
html_viewer: Move webcrypto to a place where html_viewer can use it. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master