Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(875)

Issues Search
    My Issues | Starred     Open | Closed | All

Issue 117013002: [webcrypto] Add import of AES-KW key for NSS. (Closed)

Created:
7 years ago by padolph
Modified:
7 years ago
CC:
chromium-reviews, joi+watch-content_chromium.org, darin-cc_chromium.org, jam
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Visibility:
Public.

Description

[webcrypto] Add import of AES-KW key for NSS. BUG=245025 TEST=content_unittests --gtest_filter="WebCryptoImpl*" Committed: https://src.chromium.org/viewvc/chrome?view=rev&revision=241504

Patch Set 1 #

Patch Set 2 : rebase #

Total comments: 4

Patch Set 3 : fix for eroman #

Unified diffs Side-by-side diffs Delta from patch set Stats (+93 lines, -3 lines) Patch
M content/renderer/webcrypto/webcrypto_impl_nss.cc View 1 3 chunks +6 lines, -2 lines 0 comments Download
M content/renderer/webcrypto/webcrypto_impl_unittest.cc View 1 2 2 chunks +87 lines, -1 line 0 comments Download

Messages

Total messages: 9 (0 generated)
padolph
7 years ago (2013-12-17 03:33:15 UTC) #1
eroman
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcrypto/webcrypto_impl_nss.cc File content/renderer/webcrypto/webcrypto_impl_nss.cc (right): https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcrypto/webcrypto_impl_nss.cc#newcode298 content/renderer/webcrypto/webcrypto_impl_nss.cc:298: mechanism = CKM_NSS_AES_KEY_WRAP; I believe this will need to ...
7 years ago (2013-12-18 02:10:30 UTC) #2
eroman
(LGTM after addressing comments above)
7 years ago (2013-12-18 02:10:45 UTC) #3
padolph
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcrypto/webcrypto_impl_nss.cc File content/renderer/webcrypto/webcrypto_impl_nss.cc (right): https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcrypto/webcrypto_impl_nss.cc#newcode298 content/renderer/webcrypto/webcrypto_impl_nss.cc:298: mechanism = CKM_NSS_AES_KEY_WRAP; On 2013/12/18 02:10:30, eroman wrote: > ...
7 years ago (2013-12-18 03:21:41 UTC) #4
padolph
(manual email) 0 minutes ago #4 https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp... File content/renderer/webcrypto/webcrypto_impl_nss.cc (right): https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp... content/renderer/webcrypto/webcrypto_impl_nss.cc:298: mechanism = CKM_NSS_AES_KEY_WRAP; ...
7 years ago (2013-12-18 03:22:21 UTC) #5
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-status.appspot.com/cq/padolph@netflix.com/117013002/30001
7 years ago (2013-12-18 03:26:02 UTC) #6
eroman
Thanks Paul, my mistake! (I was looking at an old post: http://lists.w3.org/Archives/Public/public-webcrypto/2012Oct/0142.html Which mentioned RFC5649 ...
7 years ago (2013-12-18 03:28:43 UTC) #7
commit-bot: I haz the power
Change committed as 241504
7 years ago (2013-12-18 05:52:41 UTC) #8
Ryan Sleevi
7 years ago (2013-12-18 23:23:46 UTC) #9
Message was sent while issue was closed. 
On 2013/12/18 03:22:21, padolph wrote:
> (manual email)
> 
> 
> 0 minutes ago #4
>
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp...
> File content/renderer/webcrypto/webcrypto_impl_nss.cc (right):
> 
>
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp...
> content/renderer/webcrypto/webcrypto_impl_nss.cc:298: mechanism =
> CKM_NSS_AES_KEY_WRAP;
> On 2013/12/18 02:10:30, eroman wrote:
> > I believe this will need to specify the padding version:
> >   CKM_NSS_AES_KEY_WRAP_PAD
> >
> > Since it will be able to wrap arbitrary length keys. This will be easier to
> > verify once we have implemented the wrap/unwrap operation for it.
> 
> In an earlier email thread "AES Key Wrap as a new Web Crypto algorithm in
> Blink"
> Ryan, Mark, and I reasoned that RFC 3394 (without padding, corresponds to
> CKM_NSS_AES_KEY_WRAP) is the better choice, compared to RFC 5649 (with
> padding).
> 
> The main reason is broader support for 3394 vs 5649; e.g. 5649 is not
supported
> in OpenSSL or Bouncy Castle.
> 
> Also, since we are always wrapping keys, the raw data will satisfy the length
> requirements. The exception is the JWK format, but we agreed that the JSON can
> be padded with whitespace before the encrypt operation.

woah woah woah, totally not. Inventing arbitrary padding schemes = no way.

If that's a view shared with Mark, we need to get this on the W3C list so it can
be discussed and shot down as appropriate :)

> 
> In another CL I'm working on, I confirmed that using CKM_NSS_AES_KEY_WRAP
> passes
> the RFC 3394 test vectors here http://www.ietf.org/rfc/rfc3394.txt (and _PAD
> does not).
> 
>
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp...
> File content/renderer/webcrypto/webcrypto_impl_unittest.cc (right):
> 
>
https://codereview.chromium.org/117013002/diff/10001/content/renderer/webcryp...
> content/renderer/webcrypto/webcrypto_impl_unittest.cc:1625:
> On 2013/12/18 02:10:30, eroman wrote:
> > Can you delete this extra line?
> 
> Done.
> 
> 
> On Tue, Dec 17, 2013 at 6:10 PM,  <mailto:eroman@chromium.org> wrote:
> > (LGTM after addressing comments above)
> >
> > https://codereview.chromium.org/117013002/
> 
> To unsubscribe from this group and stop receiving emails from it, send an
email
> to mailto:chromium-reviews+unsubscribe@chromium.org.

Powered by Google App Engine
This is Rietveld 408576698