OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 | 10 |
(...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
73 case blink::WebCryptoAlgorithmIdSha384: | 73 case blink::WebCryptoAlgorithmIdSha384: |
74 return HASH_AlgSHA384; | 74 return HASH_AlgSHA384; |
75 case blink::WebCryptoAlgorithmIdSha512: | 75 case blink::WebCryptoAlgorithmIdSha512: |
76 return HASH_AlgSHA512; | 76 return HASH_AlgSHA512; |
77 default: | 77 default: |
78 // Not a digest algorithm. | 78 // Not a digest algorithm. |
79 return HASH_AlgNULL; | 79 return HASH_AlgNULL; |
80 } | 80 } |
81 } | 81 } |
82 | 82 |
83 CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism( | 83 CK_MECHANISM_TYPE WebCryptoHashToHMACMechanism( |
84 const blink::WebCryptoAlgorithm& algorithm) { | 84 const blink::WebCryptoAlgorithm& algorithm) { |
85 switch (algorithm.id()) { | 85 switch (algorithm.id()) { |
86 case blink::WebCryptoAlgorithmIdSha1: | 86 case blink::WebCryptoAlgorithmIdSha1: |
87 return CKM_SHA_1_HMAC; | 87 return CKM_SHA_1_HMAC; |
| 88 case blink::WebCryptoAlgorithmIdSha224: |
| 89 return CKM_SHA224_HMAC; |
88 case blink::WebCryptoAlgorithmIdSha256: | 90 case blink::WebCryptoAlgorithmIdSha256: |
89 return CKM_SHA256_HMAC; | 91 return CKM_SHA256_HMAC; |
| 92 case blink::WebCryptoAlgorithmIdSha384: |
| 93 return CKM_SHA384_HMAC; |
| 94 case blink::WebCryptoAlgorithmIdSha512: |
| 95 return CKM_SHA512_HMAC; |
90 default: | 96 default: |
91 // Not a supported algorithm. | 97 // Not a supported algorithm. |
92 return CKM_INVALID_MECHANISM; | 98 return CKM_INVALID_MECHANISM; |
93 } | 99 } |
94 } | 100 } |
95 | 101 |
96 bool AesCbcEncryptDecrypt( | 102 bool AesCbcEncryptDecrypt( |
97 CK_ATTRIBUTE_TYPE operation, | 103 CK_ATTRIBUTE_TYPE operation, |
98 const blink::WebCryptoAlgorithm& algorithm, | 104 const blink::WebCryptoAlgorithm& algorithm, |
99 const blink::WebCryptoKey& key, | 105 const blink::WebCryptoKey& key, |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
168 buffer_data + output_len, | 174 buffer_data + output_len, |
169 &final_output_chunk_len, | 175 &final_output_chunk_len, |
170 output_max_len - output_len)) { | 176 output_max_len - output_len)) { |
171 return false; | 177 return false; |
172 } | 178 } |
173 | 179 |
174 webcrypto::ShrinkBuffer(buffer, final_output_chunk_len + output_len); | 180 webcrypto::ShrinkBuffer(buffer, final_output_chunk_len + output_len); |
175 return true; | 181 return true; |
176 } | 182 } |
177 | 183 |
178 CK_MECHANISM_TYPE HmacAlgorithmToGenMechanism( | |
179 const blink::WebCryptoAlgorithm& algorithm) { | |
180 DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac); | |
181 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
182 DCHECK(params); | |
183 switch (params->hash().id()) { | |
184 case blink::WebCryptoAlgorithmIdSha1: | |
185 return CKM_SHA_1_HMAC; | |
186 case blink::WebCryptoAlgorithmIdSha256: | |
187 return CKM_SHA256_HMAC; | |
188 default: | |
189 return CKM_INVALID_MECHANISM; | |
190 } | |
191 } | |
192 | |
193 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( | 184 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( |
194 const blink::WebCryptoAlgorithm& algorithm) { | 185 const blink::WebCryptoAlgorithm& algorithm) { |
195 switch (algorithm.id()) { | 186 switch (algorithm.id()) { |
196 case blink::WebCryptoAlgorithmIdAesCbc: | 187 case blink::WebCryptoAlgorithmIdAesCbc: |
197 return CKM_AES_KEY_GEN; | 188 return CKM_AES_KEY_GEN; |
198 case blink::WebCryptoAlgorithmIdHmac: | 189 case blink::WebCryptoAlgorithmIdHmac: |
199 return HmacAlgorithmToGenMechanism(algorithm); | 190 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); |
200 default: | 191 default: |
201 return CKM_INVALID_MECHANISM; | 192 return CKM_INVALID_MECHANISM; |
202 } | 193 } |
203 } | 194 } |
204 | 195 |
205 // TODO(eroman): This is duplicated in OpenSSL version. | |
206 unsigned int WebCryptoHmacAlgorithmToBlockSizeBits( | |
207 const blink::WebCryptoAlgorithm& algorithm) { | |
208 DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac); | |
209 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
210 DCHECK(params); | |
211 switch (params->hash().id()) { | |
212 case blink::WebCryptoAlgorithmIdSha1: | |
213 return 512; | |
214 case blink::WebCryptoAlgorithmIdSha256: | |
215 return 512; | |
216 default: | |
217 return 0; | |
218 } | |
219 } | |
220 | |
221 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | 196 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, |
222 // to unsigned long. | 197 // to unsigned long. |
223 bool BigIntegerToLong(const uint8* data, | 198 bool BigIntegerToLong(const uint8* data, |
224 unsigned data_size, | 199 unsigned data_size, |
225 unsigned long* result) { | 200 unsigned long* result) { |
226 // TODO(padolph): Is it correct to say that empty data is an error, or does it | 201 // TODO(padolph): Is it correct to say that empty data is an error, or does it |
227 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655 | 202 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655 |
228 if (data_size == 0) | 203 if (data_size == 0) |
229 return false; | 204 return false; |
230 | 205 |
(...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
274 // possible operations for this key type. | 249 // possible operations for this key type. |
275 CK_FLAGS flags = 0; | 250 CK_FLAGS flags = 0; |
276 | 251 |
277 switch (algorithm.id()) { | 252 switch (algorithm.id()) { |
278 case blink::WebCryptoAlgorithmIdHmac: { | 253 case blink::WebCryptoAlgorithmIdHmac: { |
279 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 254 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); |
280 if (!params) { | 255 if (!params) { |
281 return false; | 256 return false; |
282 } | 257 } |
283 | 258 |
284 mechanism = WebCryptoAlgorithmToHMACMechanism(params->hash()); | 259 mechanism = WebCryptoHashToHMACMechanism(params->hash()); |
285 if (mechanism == CKM_INVALID_MECHANISM) { | 260 if (mechanism == CKM_INVALID_MECHANISM) { |
286 return false; | 261 return false; |
287 } | 262 } |
288 | 263 |
289 flags |= CKF_SIGN | CKF_VERIFY; | 264 flags |= CKF_SIGN | CKF_VERIFY; |
290 | 265 |
291 break; | 266 break; |
292 } | 267 } |
293 case blink::WebCryptoAlgorithmIdAesCbc: { | 268 case blink::WebCryptoAlgorithmIdAesCbc: { |
294 mechanism = CKM_AES_CBC; | 269 mechanism = CKM_AES_CBC; |
(...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
674 keylen_bytes = params->lengthBits() / 8; | 649 keylen_bytes = params->lengthBits() / 8; |
675 key_type = blink::WebCryptoKeyTypeSecret; | 650 key_type = blink::WebCryptoKeyTypeSecret; |
676 break; | 651 break; |
677 } | 652 } |
678 case blink::WebCryptoAlgorithmIdHmac: { | 653 case blink::WebCryptoAlgorithmIdHmac: { |
679 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | 654 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); |
680 DCHECK(params); | 655 DCHECK(params); |
681 if (params->hasLengthBytes()) { | 656 if (params->hasLengthBytes()) { |
682 keylen_bytes = params->optionalLengthBytes(); | 657 keylen_bytes = params->optionalLengthBytes(); |
683 } else { | 658 } else { |
684 keylen_bytes = WebCryptoHmacAlgorithmToBlockSizeBits(algorithm) / 8; | 659 keylen_bytes = webcrypto::ShaBlockSizeBytes(params->hash().id()); |
685 } | 660 } |
686 | 661 |
687 key_type = blink::WebCryptoKeyTypeSecret; | 662 key_type = blink::WebCryptoKeyTypeSecret; |
688 break; | 663 break; |
689 } | 664 } |
690 | 665 |
691 default: { | 666 default: { |
692 return false; | 667 return false; |
693 } | 668 } |
694 } | 669 } |
(...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
869 switch (algorithm.id()) { | 844 switch (algorithm.id()) { |
870 case blink::WebCryptoAlgorithmIdHmac: { | 845 case blink::WebCryptoAlgorithmIdHmac: { |
871 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 846 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); |
872 if (!params) { | 847 if (!params) { |
873 return false; | 848 return false; |
874 } | 849 } |
875 | 850 |
876 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | 851 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); |
877 | 852 |
878 DCHECK_EQ(PK11_GetMechanism(sym_key->key()), | 853 DCHECK_EQ(PK11_GetMechanism(sym_key->key()), |
879 WebCryptoAlgorithmToHMACMechanism(params->hash())); | 854 WebCryptoHashToHMACMechanism(params->hash())); |
880 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); | 855 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); |
881 | 856 |
882 SECItem param_item = { siBuffer, NULL, 0 }; | 857 SECItem param_item = { siBuffer, NULL, 0 }; |
883 SECItem data_item = { | 858 SECItem data_item = { |
884 siBuffer, | 859 siBuffer, |
885 const_cast<unsigned char*>(data), | 860 const_cast<unsigned char*>(data), |
886 data_size | 861 data_size |
887 }; | 862 }; |
888 // First call is to figure out the length. | 863 // First call is to figure out the length. |
889 SECItem signature_item = { siBuffer, NULL, 0 }; | 864 SECItem signature_item = { siBuffer, NULL, 0 }; |
(...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1007 | 982 |
1008 *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()), | 983 *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()), |
1009 blink::WebCryptoKeyTypePublic, | 984 blink::WebCryptoKeyTypePublic, |
1010 extractable, | 985 extractable, |
1011 algorithm, | 986 algorithm, |
1012 usage_mask); | 987 usage_mask); |
1013 return true; | 988 return true; |
1014 } | 989 } |
1015 | 990 |
1016 } // namespace content | 991 } // namespace content |
OLD | NEW |