| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/aes.h> | |
| 6 #include <openssl/evp.h> | |
| 7 | |
| 8 #include "base/logging.h" | |
| 9 #include "base/numerics/safe_math.h" | |
| 10 #include "base/stl_util.h" | |
| 11 #include "content/child/webcrypto/crypto_data.h" | |
| 12 #include "content/child/webcrypto/openssl/aes_algorithm_openssl.h" | |
| 13 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 14 #include "content/child/webcrypto/openssl/util_openssl.h" | |
| 15 #include "content/child/webcrypto/status.h" | |
| 16 #include "content/child/webcrypto/webcrypto_util.h" | |
| 17 #include "crypto/openssl_util.h" | |
| 18 #include "crypto/scoped_openssl_types.h" | |
| 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 20 | |
| 21 namespace content { | |
| 22 | |
| 23 namespace webcrypto { | |
| 24 | |
| 25 namespace { | |
| 26 | |
| 27 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { | |
| 28 // BoringSSL does not support 192-bit AES keys. | |
| 29 switch (key_length_bytes) { | |
| 30 case 16: | |
| 31 return EVP_aes_128_cbc(); | |
| 32 case 32: | |
| 33 return EVP_aes_256_cbc(); | |
| 34 default: | |
| 35 return NULL; | |
| 36 } | |
| 37 } | |
| 38 | |
| 39 Status AesCbcEncryptDecrypt(EncryptOrDecrypt cipher_operation, | |
| 40 const blink::WebCryptoAlgorithm& algorithm, | |
| 41 const blink::WebCryptoKey& key, | |
| 42 const CryptoData& data, | |
| 43 std::vector<uint8_t>* buffer) { | |
| 44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 45 | |
| 46 const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams(); | |
| 47 const std::vector<uint8_t>& raw_key = | |
| 48 SymKeyOpenSsl::Cast(key)->raw_key_data(); | |
| 49 | |
| 50 if (params->iv().size() != 16) | |
| 51 return Status::ErrorIncorrectSizeAesCbcIv(); | |
| 52 | |
| 53 // According to the openssl docs, the amount of data written may be as large | |
| 54 // as (data_size + cipher_block_size - 1), constrained to a multiple of | |
| 55 // cipher_block_size. | |
| 56 base::CheckedNumeric<int> output_max_len = data.byte_length(); | |
| 57 output_max_len += AES_BLOCK_SIZE - 1; | |
| 58 if (!output_max_len.IsValid()) | |
| 59 return Status::ErrorDataTooLarge(); | |
| 60 | |
| 61 const unsigned remainder = output_max_len.ValueOrDie() % AES_BLOCK_SIZE; | |
| 62 if (remainder != 0) | |
| 63 output_max_len += AES_BLOCK_SIZE - remainder; | |
| 64 if (!output_max_len.IsValid()) | |
| 65 return Status::ErrorDataTooLarge(); | |
| 66 | |
| 67 // Note: PKCS padding is enabled by default | |
| 68 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> context( | |
| 69 EVP_CIPHER_CTX_new()); | |
| 70 | |
| 71 if (!context.get()) | |
| 72 return Status::OperationError(); | |
| 73 | |
| 74 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(raw_key.size()); | |
| 75 DCHECK(cipher); | |
| 76 | |
| 77 if (!EVP_CipherInit_ex(context.get(), cipher, NULL, &raw_key[0], | |
| 78 params->iv().data(), cipher_operation)) { | |
| 79 return Status::OperationError(); | |
| 80 } | |
| 81 | |
| 82 buffer->resize(output_max_len.ValueOrDie()); | |
| 83 | |
| 84 unsigned char* const buffer_data = vector_as_array(buffer); | |
| 85 | |
| 86 int output_len = 0; | |
| 87 if (!EVP_CipherUpdate(context.get(), buffer_data, &output_len, data.bytes(), | |
| 88 data.byte_length())) { | |
| 89 return Status::OperationError(); | |
| 90 } | |
| 91 int final_output_chunk_len = 0; | |
| 92 if (!EVP_CipherFinal_ex(context.get(), buffer_data + output_len, | |
| 93 &final_output_chunk_len)) { | |
| 94 return Status::OperationError(); | |
| 95 } | |
| 96 | |
| 97 const unsigned int final_output_len = | |
| 98 static_cast<unsigned int>(output_len) + | |
| 99 static_cast<unsigned int>(final_output_chunk_len); | |
| 100 | |
| 101 buffer->resize(final_output_len); | |
| 102 | |
| 103 return Status::Success(); | |
| 104 } | |
| 105 | |
| 106 class AesCbcImplementation : public AesAlgorithm { | |
| 107 public: | |
| 108 AesCbcImplementation() : AesAlgorithm("CBC") {} | |
| 109 | |
| 110 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 111 const blink::WebCryptoKey& key, | |
| 112 const CryptoData& data, | |
| 113 std::vector<uint8_t>* buffer) const override { | |
| 114 return AesCbcEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer); | |
| 115 } | |
| 116 | |
| 117 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 118 const blink::WebCryptoKey& key, | |
| 119 const CryptoData& data, | |
| 120 std::vector<uint8_t>* buffer) const override { | |
| 121 return AesCbcEncryptDecrypt(DECRYPT, algorithm, key, data, buffer); | |
| 122 } | |
| 123 }; | |
| 124 | |
| 125 } // namespace | |
| 126 | |
| 127 AlgorithmImplementation* CreatePlatformAesCbcImplementation() { | |
| 128 return new AesCbcImplementation; | |
| 129 } | |
| 130 | |
| 131 } // namespace webcrypto | |
| 132 | |
| 133 } // namespace content | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1077273002:
html_viewer: Move webcrypto to a place where html_viewer can use it. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master