| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 #include <sechash.h> | 9 #include <sechash.h> |
| 10 | 10 |
| (...skipping 62 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 73 case blink::WebCryptoAlgorithmIdSha384: | 73 case blink::WebCryptoAlgorithmIdSha384: |
| 74 return HASH_AlgSHA384; | 74 return HASH_AlgSHA384; |
| 75 case blink::WebCryptoAlgorithmIdSha512: | 75 case blink::WebCryptoAlgorithmIdSha512: |
| 76 return HASH_AlgSHA512; | 76 return HASH_AlgSHA512; |
| 77 default: | 77 default: |
| 78 // Not a digest algorithm. | 78 // Not a digest algorithm. |
| 79 return HASH_AlgNULL; | 79 return HASH_AlgNULL; |
| 80 } | 80 } |
| 81 } | 81 } |
| 82 | 82 |
| 83 CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism( | 83 CK_MECHANISM_TYPE WebCryptoHashToHMACMechanism( |
| 84 const blink::WebCryptoAlgorithm& algorithm) { | 84 const blink::WebCryptoAlgorithm& algorithm) { |
| 85 switch (algorithm.id()) { | 85 switch (algorithm.id()) { |
| 86 case blink::WebCryptoAlgorithmIdSha1: | 86 case blink::WebCryptoAlgorithmIdSha1: |
| 87 return CKM_SHA_1_HMAC; | 87 return CKM_SHA_1_HMAC; |
| 88 case blink::WebCryptoAlgorithmIdSha224: |
| 89 return CKM_SHA224_HMAC; |
| 88 case blink::WebCryptoAlgorithmIdSha256: | 90 case blink::WebCryptoAlgorithmIdSha256: |
| 89 return CKM_SHA256_HMAC; | 91 return CKM_SHA256_HMAC; |
| 92 case blink::WebCryptoAlgorithmIdSha384: |
| 93 return CKM_SHA384_HMAC; |
| 94 case blink::WebCryptoAlgorithmIdSha512: |
| 95 return CKM_SHA512_HMAC; |
| 90 default: | 96 default: |
| 91 // Not a supported algorithm. | 97 // Not a supported algorithm. |
| 92 return CKM_INVALID_MECHANISM; | 98 return CKM_INVALID_MECHANISM; |
| 93 } | 99 } |
| 94 } | 100 } |
| 95 | 101 |
| 96 bool AesCbcEncryptDecrypt( | 102 bool AesCbcEncryptDecrypt( |
| 97 CK_ATTRIBUTE_TYPE operation, | 103 CK_ATTRIBUTE_TYPE operation, |
| 98 const blink::WebCryptoAlgorithm& algorithm, | 104 const blink::WebCryptoAlgorithm& algorithm, |
| 99 const blink::WebCryptoKey& key, | 105 const blink::WebCryptoKey& key, |
| (...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 168 buffer_data + output_len, | 174 buffer_data + output_len, |
| 169 &final_output_chunk_len, | 175 &final_output_chunk_len, |
| 170 output_max_len - output_len)) { | 176 output_max_len - output_len)) { |
| 171 return false; | 177 return false; |
| 172 } | 178 } |
| 173 | 179 |
| 174 webcrypto::ShrinkBuffer(buffer, final_output_chunk_len + output_len); | 180 webcrypto::ShrinkBuffer(buffer, final_output_chunk_len + output_len); |
| 175 return true; | 181 return true; |
| 176 } | 182 } |
| 177 | 183 |
| 178 CK_MECHANISM_TYPE HmacAlgorithmToGenMechanism( | |
| 179 const blink::WebCryptoAlgorithm& algorithm) { | |
| 180 DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac); | |
| 181 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
| 182 DCHECK(params); | |
| 183 switch (params->hash().id()) { | |
| 184 case blink::WebCryptoAlgorithmIdSha1: | |
| 185 return CKM_SHA_1_HMAC; | |
| 186 case blink::WebCryptoAlgorithmIdSha256: | |
| 187 return CKM_SHA256_HMAC; | |
| 188 default: | |
| 189 return CKM_INVALID_MECHANISM; | |
| 190 } | |
| 191 } | |
| 192 | |
| 193 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( | 184 CK_MECHANISM_TYPE WebCryptoAlgorithmToGenMechanism( |
| 194 const blink::WebCryptoAlgorithm& algorithm) { | 185 const blink::WebCryptoAlgorithm& algorithm) { |
| 195 switch (algorithm.id()) { | 186 switch (algorithm.id()) { |
| 196 case blink::WebCryptoAlgorithmIdAesCbc: | 187 case blink::WebCryptoAlgorithmIdAesCbc: |
| 197 return CKM_AES_KEY_GEN; | 188 return CKM_AES_KEY_GEN; |
| 198 case blink::WebCryptoAlgorithmIdHmac: | 189 case blink::WebCryptoAlgorithmIdHmac: |
| 199 return HmacAlgorithmToGenMechanism(algorithm); | 190 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyParams()->hash()); |
| 200 default: | 191 default: |
| 201 return CKM_INVALID_MECHANISM; | 192 return CKM_INVALID_MECHANISM; |
| 202 } | 193 } |
| 203 } | 194 } |
| 204 | 195 |
| 205 // TODO(eroman): This is duplicated in OpenSSL version. | |
| 206 unsigned int WebCryptoHmacAlgorithmToBlockSizeBits( | |
| 207 const blink::WebCryptoAlgorithm& algorithm) { | |
| 208 DCHECK_EQ(algorithm.id(), blink::WebCryptoAlgorithmIdHmac); | |
| 209 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
| 210 DCHECK(params); | |
| 211 switch (params->hash().id()) { | |
| 212 case blink::WebCryptoAlgorithmIdSha1: | |
| 213 return 512; | |
| 214 case blink::WebCryptoAlgorithmIdSha256: | |
| 215 return 512; | |
| 216 default: | |
| 217 return 0; | |
| 218 } | |
| 219 } | |
| 220 | |
| 221 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | 196 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, |
| 222 // to unsigned long. | 197 // to unsigned long. |
| 223 bool BigIntegerToLong(const uint8* data, | 198 bool BigIntegerToLong(const uint8* data, |
| 224 unsigned data_size, | 199 unsigned data_size, |
| 225 unsigned long* result) { | 200 unsigned long* result) { |
| 226 // TODO(padolph): Is it correct to say that empty data is an error, or does it | 201 // TODO(padolph): Is it correct to say that empty data is an error, or does it |
| 227 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655 | 202 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655 |
| 228 if (data_size == 0) | 203 if (data_size == 0) |
| 229 return false; | 204 return false; |
| 230 | 205 |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 274 // possible operations for this key type. | 249 // possible operations for this key type. |
| 275 CK_FLAGS flags = 0; | 250 CK_FLAGS flags = 0; |
| 276 | 251 |
| 277 switch (algorithm.id()) { | 252 switch (algorithm.id()) { |
| 278 case blink::WebCryptoAlgorithmIdHmac: { | 253 case blink::WebCryptoAlgorithmIdHmac: { |
| 279 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 254 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); |
| 280 if (!params) { | 255 if (!params) { |
| 281 return false; | 256 return false; |
| 282 } | 257 } |
| 283 | 258 |
| 284 mechanism = WebCryptoAlgorithmToHMACMechanism(params->hash()); | 259 mechanism = WebCryptoHashToHMACMechanism(params->hash()); |
| 285 if (mechanism == CKM_INVALID_MECHANISM) { | 260 if (mechanism == CKM_INVALID_MECHANISM) { |
| 286 return false; | 261 return false; |
| 287 } | 262 } |
| 288 | 263 |
| 289 flags |= CKF_SIGN | CKF_VERIFY; | 264 flags |= CKF_SIGN | CKF_VERIFY; |
| 290 | 265 |
| 291 break; | 266 break; |
| 292 } | 267 } |
| 293 case blink::WebCryptoAlgorithmIdAesCbc: { | 268 case blink::WebCryptoAlgorithmIdAesCbc: { |
| 294 mechanism = CKM_AES_CBC; | 269 mechanism = CKM_AES_CBC; |
| (...skipping 379 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 674 keylen_bytes = params->lengthBits() / 8; | 649 keylen_bytes = params->lengthBits() / 8; |
| 675 key_type = blink::WebCryptoKeyTypeSecret; | 650 key_type = blink::WebCryptoKeyTypeSecret; |
| 676 break; | 651 break; |
| 677 } | 652 } |
| 678 case blink::WebCryptoAlgorithmIdHmac: { | 653 case blink::WebCryptoAlgorithmIdHmac: { |
| 679 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | 654 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); |
| 680 DCHECK(params); | 655 DCHECK(params); |
| 681 if (params->hasLengthBytes()) { | 656 if (params->hasLengthBytes()) { |
| 682 keylen_bytes = params->optionalLengthBytes(); | 657 keylen_bytes = params->optionalLengthBytes(); |
| 683 } else { | 658 } else { |
| 684 keylen_bytes = WebCryptoHmacAlgorithmToBlockSizeBits(algorithm) / 8; | 659 keylen_bytes = webcrypto::ShaBlockSizeBytes(params->hash().id()); |
| 685 } | 660 } |
| 686 | 661 |
| 687 key_type = blink::WebCryptoKeyTypeSecret; | 662 key_type = blink::WebCryptoKeyTypeSecret; |
| 688 break; | 663 break; |
| 689 } | 664 } |
| 690 | 665 |
| 691 default: { | 666 default: { |
| 692 return false; | 667 return false; |
| 693 } | 668 } |
| 694 } | 669 } |
| (...skipping 174 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 869 switch (algorithm.id()) { | 844 switch (algorithm.id()) { |
| 870 case blink::WebCryptoAlgorithmIdHmac: { | 845 case blink::WebCryptoAlgorithmIdHmac: { |
| 871 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); | 846 const blink::WebCryptoHmacParams* params = algorithm.hmacParams(); |
| 872 if (!params) { | 847 if (!params) { |
| 873 return false; | 848 return false; |
| 874 } | 849 } |
| 875 | 850 |
| 876 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | 851 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); |
| 877 | 852 |
| 878 DCHECK_EQ(PK11_GetMechanism(sym_key->key()), | 853 DCHECK_EQ(PK11_GetMechanism(sym_key->key()), |
| 879 WebCryptoAlgorithmToHMACMechanism(params->hash())); | 854 WebCryptoHashToHMACMechanism(params->hash())); |
| 880 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); | 855 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); |
| 881 | 856 |
| 882 SECItem param_item = { siBuffer, NULL, 0 }; | 857 SECItem param_item = { siBuffer, NULL, 0 }; |
| 883 SECItem data_item = { | 858 SECItem data_item = { |
| 884 siBuffer, | 859 siBuffer, |
| 885 const_cast<unsigned char*>(data), | 860 const_cast<unsigned char*>(data), |
| 886 data_size | 861 data_size |
| 887 }; | 862 }; |
| 888 // First call is to figure out the length. | 863 // First call is to figure out the length. |
| 889 SECItem signature_item = { siBuffer, NULL, 0 }; | 864 SECItem signature_item = { siBuffer, NULL, 0 }; |
| (...skipping 117 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1007 | 982 |
| 1008 *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()), | 983 *key = blink::WebCryptoKey::create(new PublicKeyHandle(pubkey.Pass()), |
| 1009 blink::WebCryptoKeyTypePublic, | 984 blink::WebCryptoKeyTypePublic, |
| 1010 extractable, | 985 extractable, |
| 1011 algorithm, | 986 algorithm, |
| 1012 usage_mask); | 987 usage_mask); |
| 1013 return true; | 988 return true; |
| 1014 } | 989 } |
| 1015 | 990 |
| 1016 } // namespace content | 991 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 108653015:
[webcrypto] Some fixes for HMAC (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src