Chromium Code Reviews Chromium Code Reviews
Issue 1355873002:
[refactor] More post-NSS WebCrypto cleanups (utility functions). (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/webcrypto/algorithms/aes.h" | 5 #include "components/webcrypto/algorithms/aes.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "components/webcrypto/algorithms/util_openssl.h" | 8 #include "components/webcrypto/algorithms/secret_key_util.h" |
| 9 #include "components/webcrypto/crypto_data.h" | 9 #include "components/webcrypto/crypto_data.h" |
| 10 #include "components/webcrypto/jwk.h" | 10 #include "components/webcrypto/jwk.h" |
| 11 #include "components/webcrypto/key.h" | 11 #include "components/webcrypto/key.h" |
| 12 #include "components/webcrypto/status.h" | 12 #include "components/webcrypto/status.h" |
| 13 #include "components/webcrypto/webcrypto_util.h" | 13 #include "components/webcrypto/webcrypto_util.h" |
| 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 15 | 16 |
| 16 namespace webcrypto { | 17 namespace webcrypto { |
| 17 | 18 |
| 18 namespace { | 19 namespace { |
| 19 | 20 |
| 20 // Creates an AES algorithm name for the given key size (in bytes). For | 21 // Creates an AES algorithm name for the given key size (in bytes). For |
| 21 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16. | 22 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16. |
| 22 std::string MakeJwkAesAlgorithmName(const std::string& suffix, | 23 std::string MakeJwkAesAlgorithmName(const std::string& suffix, |
| 23 size_t keylen_bytes) { | 24 size_t keylen_bytes) { |
| (...skipping 22 matching lines...) Expand all Loading... | |
| 46 } | 47 } |
| 47 | 48 |
| 48 Status AesAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm, | 49 Status AesAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm, |
| 49 bool extractable, | 50 bool extractable, |
| 50 blink::WebCryptoKeyUsageMask usages, | 51 blink::WebCryptoKeyUsageMask usages, |
| 51 GenerateKeyResult* result) const { | 52 GenerateKeyResult* result) const { |
| 52 Status status = CheckKeyCreationUsages(all_key_usages_, usages, false); | 53 Status status = CheckKeyCreationUsages(all_key_usages_, usages, false); |
| 53 if (status.IsError()) | 54 if (status.IsError()) |
| 54 return status; | 55 return status; |
| 55 | 56 |
| 56 unsigned int keylen_bits; | 57 unsigned int keylen_bits = algorithm.aesKeyGenParams()->lengthBits(); |
| 57 status = GetAesKeyGenLengthInBits(algorithm.aesKeyGenParams(), &keylen_bits); | 58 |
| 58 if (status.IsError()) | 59 // BoringSSL does not support 192-bit AES. |
|
davidben
2015/09/18 22:15:59
(We actually ended up putting most of it back, FWI
eroman
2015/09/18 23:13:23
Good to know! Moving that discussion to issue 5336
| |
| 59 return status; | 60 if (keylen_bits == 192) |
| 61 return Status::ErrorAes192BitUnsupported(); | |
| 62 | |
| 63 if (keylen_bits != 128 && keylen_bits != 256) | |
| 64 return Status::ErrorGenerateAesKeyLength(); | |
| 60 | 65 |
| 61 return GenerateWebCryptoSecretKey( | 66 return GenerateWebCryptoSecretKey( |
| 62 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), | 67 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 63 extractable, usages, keylen_bits, result); | 68 extractable, usages, keylen_bits, result); |
| 64 } | 69 } |
| 65 | 70 |
| 66 Status AesAlgorithm::VerifyKeyUsagesBeforeImportKey( | 71 Status AesAlgorithm::VerifyKeyUsagesBeforeImportKey( |
| 67 blink::WebCryptoKeyFormat format, | 72 blink::WebCryptoKeyFormat format, |
| 68 blink::WebCryptoKeyUsageMask usages) const { | 73 blink::WebCryptoKeyUsageMask usages) const { |
| 69 switch (format) { | 74 switch (format) { |
| 70 case blink::WebCryptoKeyFormatRaw: | 75 case blink::WebCryptoKeyFormatRaw: |
| 71 case blink::WebCryptoKeyFormatJwk: | 76 case blink::WebCryptoKeyFormatJwk: |
| 72 return CheckKeyCreationUsages(all_key_usages_, usages, false); | 77 return CheckKeyCreationUsages(all_key_usages_, usages, false); |
| 73 default: | 78 default: |
| 74 return Status::ErrorUnsupportedImportKeyFormat(); | 79 return Status::ErrorUnsupportedImportKeyFormat(); |
| 75 } | 80 } |
| 76 } | 81 } |
| 77 | 82 |
| 78 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data, | 83 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data, |
| 79 const blink::WebCryptoAlgorithm& algorithm, | 84 const blink::WebCryptoAlgorithm& algorithm, |
| 80 bool extractable, | 85 bool extractable, |
| 81 blink::WebCryptoKeyUsageMask usages, | 86 blink::WebCryptoKeyUsageMask usages, |
| 82 blink::WebCryptoKey* key) const { | 87 blink::WebCryptoKey* key) const { |
| 83 const unsigned int keylen_bytes = key_data.byte_length(); | 88 const unsigned int keylen_bytes = key_data.byte_length(); |
| 84 Status status = VerifyAesKeyLengthForImport(keylen_bytes); | 89 |
| 85 if (status.IsError()) | 90 // BoringSSL does not support 192-bit AES. |
| 86 return status; | 91 if (keylen_bytes == 24) |
| 92 return Status::ErrorAes192BitUnsupported(); | |
| 93 | |
| 94 if (keylen_bytes != 16 && keylen_bytes != 32) | |
| 95 return Status::ErrorImportAesKeyLength(); | |
| 87 | 96 |
| 88 // No possibility of overflow. | 97 // No possibility of overflow. |
| 89 unsigned int keylen_bits = keylen_bytes * 8; | 98 unsigned int keylen_bits = keylen_bytes * 8; |
| 90 | 99 |
| 91 return CreateWebCryptoSecretKey( | 100 return CreateWebCryptoSecretKey( |
| 92 key_data, | 101 key_data, |
| 93 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), | 102 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 94 extractable, usages, key); | 103 extractable, usages, key); |
| 95 } | 104 } |
| 96 | 105 |
| 97 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data, | 106 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data, |
| 98 const blink::WebCryptoAlgorithm& algorithm, | 107 const blink::WebCryptoAlgorithm& algorithm, |
| 99 bool extractable, | 108 bool extractable, |
| 100 blink::WebCryptoKeyUsageMask usages, | 109 blink::WebCryptoKeyUsageMask usages, |
| 101 blink::WebCryptoKey* key) const { | 110 blink::WebCryptoKey* key) const { |
| 102 std::vector<uint8_t> raw_data; | 111 std::vector<uint8_t> raw_data; |
| 103 JwkReader jwk; | 112 JwkReader jwk; |
| 104 Status status = ReadSecretKeyNoExpectedAlg(key_data, extractable, usages, | 113 Status status = ReadSecretKeyNoExpectedAlgJwk(key_data, extractable, usages, |
| 105 &raw_data, &jwk); | 114 &raw_data, &jwk); |
| 106 if (status.IsError()) | 115 if (status.IsError()) |
| 107 return status; | 116 return status; |
| 108 | 117 |
| 109 bool has_jwk_alg; | 118 bool has_jwk_alg; |
| 110 std::string jwk_alg; | 119 std::string jwk_alg; |
| 111 status = jwk.GetAlg(&jwk_alg, &has_jwk_alg); | 120 status = jwk.GetAlg(&jwk_alg, &has_jwk_alg); |
| 112 if (status.IsError()) | 121 if (status.IsError()) |
| 113 return status; | 122 return status; |
| 114 | 123 |
| 115 if (has_jwk_alg) { | 124 if (has_jwk_alg) { |
| (...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 156 const CryptoData& key_data, | 165 const CryptoData& key_data, |
| 157 blink::WebCryptoKey* key) const { | 166 blink::WebCryptoKey* key) const { |
| 158 return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable, | 167 return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable, |
| 159 usages, key); | 168 usages, key); |
| 160 } | 169 } |
| 161 | 170 |
| 162 Status AesAlgorithm::GetKeyLength( | 171 Status AesAlgorithm::GetKeyLength( |
| 163 const blink::WebCryptoAlgorithm& key_length_algorithm, | 172 const blink::WebCryptoAlgorithm& key_length_algorithm, |
| 164 bool* has_length_bits, | 173 bool* has_length_bits, |
| 165 unsigned int* length_bits) const { | 174 unsigned int* length_bits) const { |
| 166 return GetAesKeyLength(key_length_algorithm, has_length_bits, length_bits); | 175 *has_length_bits = true; |
| 176 *length_bits = key_length_algorithm.aesDerivedKeyParams()->lengthBits(); | |
| 177 | |
| 178 if (*length_bits == 128 || *length_bits == 256) | |
| 179 return Status::Success(); | |
| 180 | |
| 181 // BoringSSL does not support 192-bit AES. | |
|
davidben
2015/09/18 22:15:59
(Ditto.)
eroman
2015/09/18 23:13:23
I should update these comments, or just support 19
| |
| 182 if (*length_bits == 192) | |
| 183 return Status::ErrorAes192BitUnsupported(); | |
| 184 | |
| 185 return Status::ErrorGetAesKeyLength(); | |
| 167 } | 186 } |
| 168 | 187 |
| 169 } // namespace webcrypto | 188 } // namespace webcrypto |
| OLD | NEW |
