Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(61)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/nss/hmac_nss.cc

Issue 1077273002: html_viewer: Move webcrypto to a place where html_viewer can use it. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase to ToT Created 5 years, 8 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « content/child/webcrypto/nss/aes_kw_nss.cc ('k') | content/child/webcrypto/nss/key_nss.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <cryptohi.h>
6 #include <pk11pub.h>
7 #include <secerr.h>
8 #include <sechash.h>
9
10 #include "base/logging.h"
11 #include "base/stl_util.h"
12 #include "content/child/webcrypto/algorithm_implementation.h"
13 #include "content/child/webcrypto/crypto_data.h"
14 #include "content/child/webcrypto/jwk.h"
15 #include "content/child/webcrypto/nss/key_nss.h"
16 #include "content/child/webcrypto/nss/sym_key_nss.h"
17 #include "content/child/webcrypto/nss/util_nss.h"
18 #include "content/child/webcrypto/status.h"
19 #include "content/child/webcrypto/webcrypto_util.h"
20 #include "crypto/secure_util.h"
21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
22 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
23
24 namespace content {
25
26 namespace webcrypto {
27
28 namespace {
29
30 const blink::WebCryptoKeyUsageMask kAllKeyUsages =
31 blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
32
33 bool WebCryptoHashToHMACMechanism(const blink::WebCryptoAlgorithm& algorithm,
34 CK_MECHANISM_TYPE* mechanism) {
35 switch (algorithm.id()) {
36 case blink::WebCryptoAlgorithmIdSha1:
37 *mechanism = CKM_SHA_1_HMAC;
38 return true;
39 case blink::WebCryptoAlgorithmIdSha256:
40 *mechanism = CKM_SHA256_HMAC;
41 return true;
42 case blink::WebCryptoAlgorithmIdSha384:
43 *mechanism = CKM_SHA384_HMAC;
44 return true;
45 case blink::WebCryptoAlgorithmIdSha512:
46 *mechanism = CKM_SHA512_HMAC;
47 return true;
48 default:
49 return false;
50 }
51 }
52
53 class HmacImplementation : public AlgorithmImplementation {
54 public:
55 HmacImplementation() {}
56
57 Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm,
58 bool extractable,
59 blink::WebCryptoKeyUsageMask usages,
60 GenerateKeyResult* result) const override {
61 Status status = CheckKeyCreationUsages(kAllKeyUsages, usages, false);
62 if (status.IsError())
63 return status;
64
65 const blink::WebCryptoHmacKeyGenParams* params =
66 algorithm.hmacKeyGenParams();
67
68 const blink::WebCryptoAlgorithm& hash = params->hash();
69 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
70 if (!WebCryptoHashToHMACMechanism(hash, &mechanism))
71 return Status::ErrorUnsupported();
72
73 unsigned int keylen_bits = 0;
74 status = GetHmacKeyGenLengthInBits(params, &keylen_bits);
75 if (status.IsError())
76 return status;
77
78 return GenerateSecretKeyNss(
79 blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bits),
80 extractable, usages, keylen_bits, mechanism, result);
81 }
82
83 Status VerifyKeyUsagesBeforeImportKey(
84 blink::WebCryptoKeyFormat format,
85 blink::WebCryptoKeyUsageMask usages) const override {
86 switch (format) {
87 case blink::WebCryptoKeyFormatRaw:
88 case blink::WebCryptoKeyFormatJwk:
89 return CheckKeyCreationUsages(kAllKeyUsages, usages, false);
90 default:
91 return Status::ErrorUnsupportedImportKeyFormat();
92 }
93 }
94
95 Status ImportKeyRaw(const CryptoData& key_data,
96 const blink::WebCryptoAlgorithm& algorithm,
97 bool extractable,
98 blink::WebCryptoKeyUsageMask usages,
99 blink::WebCryptoKey* key) const override {
100 const blink::WebCryptoHmacImportParams* params =
101 algorithm.hmacImportParams();
102
103 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
104 if (!WebCryptoHashToHMACMechanism(params->hash(), &mechanism))
105 return Status::ErrorUnsupported();
106
107 unsigned int keylen_bits = 0;
108 Status status = GetHmacImportKeyLengthBits(params, key_data.byte_length(),
109 &keylen_bits);
110 if (status.IsError())
111 return status;
112
113 const blink::WebCryptoKeyAlgorithm key_algorithm =
114 blink::WebCryptoKeyAlgorithm::createHmac(params->hash().id(),
115 keylen_bits);
116
117 // If no bit truncation was requested, then done!
118 if ((keylen_bits % 8) == 0) {
119 return ImportKeyRawNss(key_data, key_algorithm, extractable, usages,
120 mechanism, key);
121 }
122
123 // Otherwise zero out the unused bits in the key data before importing.
124 std::vector<uint8_t> modified_key_data(
125 key_data.bytes(), key_data.bytes() + key_data.byte_length());
126 TruncateToBitLength(keylen_bits, &modified_key_data);
127 return ImportKeyRawNss(CryptoData(modified_key_data), key_algorithm,
128 extractable, usages, mechanism, key);
129 }
130
131 Status ImportKeyJwk(const CryptoData& key_data,
132 const blink::WebCryptoAlgorithm& algorithm,
133 bool extractable,
134 blink::WebCryptoKeyUsageMask usages,
135 blink::WebCryptoKey* key) const override {
136 const char* algorithm_name =
137 GetJwkHmacAlgorithmName(algorithm.hmacImportParams()->hash().id());
138 if (!algorithm_name)
139 return Status::ErrorUnexpected();
140
141 std::vector<uint8_t> raw_data;
142 Status status = ReadSecretKeyJwk(key_data, algorithm_name, extractable,
143 usages, &raw_data);
144 if (status.IsError())
145 return status;
146
147 return ImportKeyRaw(CryptoData(raw_data), algorithm, extractable, usages,
148 key);
149 }
150
151 Status ExportKeyRaw(const blink::WebCryptoKey& key,
152 std::vector<uint8_t>* buffer) const override {
153 *buffer = SymKeyNss::Cast(key)->raw_key_data();
154 return Status::Success();
155 }
156
157 Status ExportKeyJwk(const blink::WebCryptoKey& key,
158 std::vector<uint8_t>* buffer) const override {
159 SymKeyNss* sym_key = SymKeyNss::Cast(key);
160 const std::vector<uint8_t>& raw_data = sym_key->raw_key_data();
161
162 const char* algorithm_name =
163 GetJwkHmacAlgorithmName(key.algorithm().hmacParams()->hash().id());
164 if (!algorithm_name)
165 return Status::ErrorUnexpected();
166
167 WriteSecretKeyJwk(CryptoData(raw_data), algorithm_name, key.extractable(),
168 key.usages(), buffer);
169
170 return Status::Success();
171 }
172
173 Status Sign(const blink::WebCryptoAlgorithm& algorithm,
174 const blink::WebCryptoKey& key,
175 const CryptoData& data,
176 std::vector<uint8_t>* buffer) const override {
177 const blink::WebCryptoAlgorithm& hash =
178 key.algorithm().hmacParams()->hash();
179 PK11SymKey* sym_key = SymKeyNss::Cast(key)->key();
180
181 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
182 if (!WebCryptoHashToHMACMechanism(hash, &mechanism))
183 return Status::ErrorUnexpected();
184
185 SECItem param_item = {siBuffer, NULL, 0};
186 SECItem data_item = MakeSECItemForBuffer(data);
187 // First call is to figure out the length.
188 SECItem signature_item = {siBuffer, NULL, 0};
189
190 if (PK11_SignWithSymKey(sym_key, mechanism, &param_item, &signature_item,
191 &data_item) != SECSuccess) {
192 return Status::OperationError();
193 }
194
195 DCHECK_NE(0u, signature_item.len);
196
197 buffer->resize(signature_item.len);
198 signature_item.data = vector_as_array(buffer);
199
200 if (PK11_SignWithSymKey(sym_key, mechanism, &param_item, &signature_item,
201 &data_item) != SECSuccess) {
202 return Status::OperationError();
203 }
204
205 CHECK_EQ(buffer->size(), signature_item.len);
206 return Status::Success();
207 }
208
209 Status Verify(const blink::WebCryptoAlgorithm& algorithm,
210 const blink::WebCryptoKey& key,
211 const CryptoData& signature,
212 const CryptoData& data,
213 bool* signature_match) const override {
214 std::vector<uint8_t> result;
215 Status status = Sign(algorithm, key, data, &result);
216
217 if (status.IsError())
218 return status;
219
220 // Do not allow verification of truncated MACs.
221 *signature_match =
222 result.size() == signature.byte_length() &&
223 crypto::SecureMemEqual(vector_as_array(&result), signature.bytes(),
224 signature.byte_length());
225
226 return Status::Success();
227 }
228
229 Status SerializeKeyForClone(
230 const blink::WebCryptoKey& key,
231 blink::WebVector<uint8_t>* key_data) const override {
232 key_data->assign(SymKeyNss::Cast(key)->serialized_key_data());
233 return Status::Success();
234 }
235
236 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
237 blink::WebCryptoKeyType type,
238 bool extractable,
239 blink::WebCryptoKeyUsageMask usages,
240 const CryptoData& key_data,
241 blink::WebCryptoKey* key) const override {
242 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
243 if (!WebCryptoHashToHMACMechanism(algorithm.hmacParams()->hash(),
244 &mechanism))
245 return Status::ErrorUnsupported();
246 return ImportKeyRawNss(key_data, algorithm, extractable, usages, mechanism,
247 key);
248 }
249
250 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
251 bool* has_length_bits,
252 unsigned int* length_bits) const override {
253 return GetHmacKeyLength(key_length_algorithm, has_length_bits, length_bits);
254 }
255 };
256
257 } // namespace
258
259 AlgorithmImplementation* CreatePlatformHmacImplementation() {
260 return new HmacImplementation;
261 }
262
263 } // namespace webcrypto
264
265 } // namespace content
OLDNEW
« no previous file with comments | « content/child/webcrypto/nss/aes_kw_nss.cc ('k') | content/child/webcrypto/nss/key_nss.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698