OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/webcrypto_impl.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 #include <openssl/aes.h> | 8 #include <openssl/aes.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/hmac.h> | 10 #include <openssl/hmac.h> |
11 #include <openssl/rand.h> | 11 #include <openssl/rand.h> |
12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
13 | 13 |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "content/renderer/webcrypto/webcrypto_util.h" | 15 #include "content/renderer/webcrypto/webcrypto_util.h" |
16 #include "crypto/openssl_util.h" | 16 #include "crypto/openssl_util.h" |
17 #include "crypto/secure_util.h" | 17 #include "crypto/secure_util.h" |
18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
21 | 21 |
22 namespace content { | 22 namespace content { |
23 | 23 |
24 using webcrypto::Status; | 24 using webcrypto::Status; |
25 | 25 |
26 namespace { | 26 namespace { |
27 | 27 |
28 class SymKeyHandle : public blink::WebCryptoKeyHandle { | 28 class SymKeyHandle : public blink::WebCryptoKeyHandle { |
29 public: | 29 public: |
30 SymKeyHandle(const unsigned char* key_data, unsigned key_data_size) | 30 SymKeyHandle(const unsigned char* key_data, unsigned int key_data_size) |
31 : key_(key_data, key_data + key_data_size) {} | 31 : key_(key_data, key_data + key_data_size) {} |
32 | 32 |
33 const std::vector<unsigned char>& key() const { return key_; } | 33 const std::vector<unsigned char>& key() const { return key_; } |
34 | 34 |
35 private: | 35 private: |
36 const std::vector<unsigned char> key_; | 36 const std::vector<unsigned char> key_; |
37 | 37 |
38 DISALLOW_COPY_AND_ASSIGN(SymKeyHandle); | 38 DISALLOW_COPY_AND_ASSIGN(SymKeyHandle); |
39 }; | 39 }; |
40 | 40 |
41 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned key_length_bytes) { | 41 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { |
42 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits | 42 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits |
43 switch (key_length_bytes) { | 43 switch (key_length_bytes) { |
44 case 16: | 44 case 16: |
45 return EVP_aes_128_cbc(); | 45 return EVP_aes_128_cbc(); |
46 case 24: | 46 case 24: |
47 return EVP_aes_192_cbc(); | 47 return EVP_aes_192_cbc(); |
48 case 32: | 48 case 32: |
49 return EVP_aes_256_cbc(); | 49 return EVP_aes_256_cbc(); |
50 default: | 50 default: |
51 return NULL; | 51 return NULL; |
52 } | 52 } |
53 } | 53 } |
54 | 54 |
55 // OpenSSL constants for EVP_CipherInit_ex(), do not change | 55 // OpenSSL constants for EVP_CipherInit_ex(), do not change |
56 enum CipherOperation { | 56 enum CipherOperation { |
57 kDoDecrypt = 0, | 57 kDoDecrypt = 0, |
58 kDoEncrypt = 1 | 58 kDoEncrypt = 1 |
59 }; | 59 }; |
60 | 60 |
61 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, | 61 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, |
62 const blink::WebCryptoAlgorithm& algorithm, | 62 const blink::WebCryptoAlgorithm& algorithm, |
63 const blink::WebCryptoKey& key, | 63 const blink::WebCryptoKey& key, |
64 const unsigned char* data, | 64 const unsigned char* data, |
65 unsigned data_size, | 65 unsigned int data_size, |
66 blink::WebArrayBuffer* buffer) { | 66 blink::WebArrayBuffer* buffer) { |
67 DCHECK_EQ(blink::WebCryptoAlgorithmIdAesCbc, algorithm.id()); | 67 DCHECK_EQ(blink::WebCryptoAlgorithmIdAesCbc, algorithm.id()); |
68 DCHECK_EQ(algorithm.id(), key.algorithm().id()); | 68 DCHECK_EQ(algorithm.id(), key.algorithm().id()); |
69 DCHECK_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | 69 DCHECK_EQ(blink::WebCryptoKeyTypeSecret, key.type()); |
70 | 70 |
71 if (data_size >= INT_MAX - AES_BLOCK_SIZE) { | 71 if (data_size >= INT_MAX - AES_BLOCK_SIZE) { |
72 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right | 72 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right |
73 // now it doesn't make much difference since the one-shot API would end up | 73 // now it doesn't make much difference since the one-shot API would end up |
74 // blowing out the memory and crashing anyway. | 74 // blowing out the memory and crashing anyway. |
75 return Status::ErrorDataTooLarge(); | 75 return Status::ErrorDataTooLarge(); |
(...skipping 21 matching lines...) Expand all Loading... |
97 NULL, | 97 NULL, |
98 &sym_key->key()[0], | 98 &sym_key->key()[0], |
99 params->iv().data(), | 99 params->iv().data(), |
100 cipher_operation)) { | 100 cipher_operation)) { |
101 return Status::Error(); | 101 return Status::Error(); |
102 } | 102 } |
103 | 103 |
104 // According to the openssl docs, the amount of data written may be as large | 104 // According to the openssl docs, the amount of data written may be as large |
105 // as (data_size + cipher_block_size - 1), constrained to a multiple of | 105 // as (data_size + cipher_block_size - 1), constrained to a multiple of |
106 // cipher_block_size. | 106 // cipher_block_size. |
107 unsigned output_max_len = data_size + AES_BLOCK_SIZE - 1; | 107 unsigned int output_max_len = data_size + AES_BLOCK_SIZE - 1; |
108 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; | 108 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; |
109 if (remainder != 0) | 109 if (remainder != 0) |
110 output_max_len += AES_BLOCK_SIZE - remainder; | 110 output_max_len += AES_BLOCK_SIZE - remainder; |
111 DCHECK_GT(output_max_len, data_size); | 111 DCHECK_GT(output_max_len, data_size); |
112 | 112 |
113 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); | 113 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); |
114 | 114 |
115 unsigned char* const buffer_data = | 115 unsigned char* const buffer_data = |
116 reinterpret_cast<unsigned char*>(buffer->data()); | 116 reinterpret_cast<unsigned char*>(buffer->data()); |
117 | 117 |
118 int output_len = 0; | 118 int output_len = 0; |
119 if (!EVP_CipherUpdate( | 119 if (!EVP_CipherUpdate( |
120 context.get(), buffer_data, &output_len, data, data_size)) | 120 context.get(), buffer_data, &output_len, data, data_size)) |
121 return Status::Error(); | 121 return Status::Error(); |
122 int final_output_chunk_len = 0; | 122 int final_output_chunk_len = 0; |
123 if (!EVP_CipherFinal_ex( | 123 if (!EVP_CipherFinal_ex( |
124 context.get(), buffer_data + output_len, &final_output_chunk_len)) { | 124 context.get(), buffer_data + output_len, &final_output_chunk_len)) { |
125 return Status::Error(); | 125 return Status::Error(); |
126 } | 126 } |
127 | 127 |
128 const unsigned final_output_len = | 128 const unsigned int final_output_len = |
129 static_cast<unsigned>(output_len) + | 129 static_cast<unsigned int>(output_len) + |
130 static_cast<unsigned>(final_output_chunk_len); | 130 static_cast<unsigned int>(final_output_chunk_len); |
131 DCHECK_LE(final_output_len, output_max_len); | 131 DCHECK_LE(final_output_len, output_max_len); |
132 | 132 |
133 webcrypto::ShrinkBuffer(buffer, final_output_len); | 133 webcrypto::ShrinkBuffer(buffer, final_output_len); |
134 | 134 |
135 return Status::Success(); | 135 return Status::Success(); |
136 } | 136 } |
137 | 137 |
138 Status ExportKeyInternalRaw( | 138 Status ExportKeyInternalRaw( |
139 const blink::WebCryptoKey& key, | 139 const blink::WebCryptoKey& key, |
140 blink::WebArrayBuffer* buffer) { | 140 blink::WebArrayBuffer* buffer) { |
(...skipping 17 matching lines...) Expand all Loading... |
158 } | 158 } |
159 | 159 |
160 } // namespace | 160 } // namespace |
161 | 161 |
162 void WebCryptoImpl::Init() { crypto::EnsureOpenSSLInit(); } | 162 void WebCryptoImpl::Init() { crypto::EnsureOpenSSLInit(); } |
163 | 163 |
164 Status WebCryptoImpl::EncryptInternal( | 164 Status WebCryptoImpl::EncryptInternal( |
165 const blink::WebCryptoAlgorithm& algorithm, | 165 const blink::WebCryptoAlgorithm& algorithm, |
166 const blink::WebCryptoKey& key, | 166 const blink::WebCryptoKey& key, |
167 const unsigned char* data, | 167 const unsigned char* data, |
168 unsigned data_size, | 168 unsigned int data_size, |
169 blink::WebArrayBuffer* buffer) { | 169 blink::WebArrayBuffer* buffer) { |
170 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | 170 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { |
171 return AesCbcEncryptDecrypt( | 171 return AesCbcEncryptDecrypt( |
172 kDoEncrypt, algorithm, key, data, data_size, buffer); | 172 kDoEncrypt, algorithm, key, data, data_size, buffer); |
173 } | 173 } |
174 | 174 |
175 return Status::ErrorUnsupported(); | 175 return Status::ErrorUnsupported(); |
176 } | 176 } |
177 | 177 |
178 Status WebCryptoImpl::DecryptInternal( | 178 Status WebCryptoImpl::DecryptInternal( |
179 const blink::WebCryptoAlgorithm& algorithm, | 179 const blink::WebCryptoAlgorithm& algorithm, |
180 const blink::WebCryptoKey& key, | 180 const blink::WebCryptoKey& key, |
181 const unsigned char* data, | 181 const unsigned char* data, |
182 unsigned data_size, | 182 unsigned int data_size, |
183 blink::WebArrayBuffer* buffer) { | 183 blink::WebArrayBuffer* buffer) { |
184 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | 184 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { |
185 return AesCbcEncryptDecrypt( | 185 return AesCbcEncryptDecrypt( |
186 kDoDecrypt, algorithm, key, data, data_size, buffer); | 186 kDoDecrypt, algorithm, key, data, data_size, buffer); |
187 } | 187 } |
188 | 188 |
189 return Status::ErrorUnsupported(); | 189 return Status::ErrorUnsupported(); |
190 } | 190 } |
191 | 191 |
192 Status WebCryptoImpl::DigestInternal(const blink::WebCryptoAlgorithm& algorithm, | 192 Status WebCryptoImpl::DigestInternal(const blink::WebCryptoAlgorithm& algorithm, |
193 const unsigned char* data, | 193 const unsigned char* data, |
194 unsigned data_size, | 194 unsigned int data_size, |
195 blink::WebArrayBuffer* buffer) { | 195 blink::WebArrayBuffer* buffer) { |
196 | 196 |
197 crypto::OpenSSLErrStackTracer(FROM_HERE); | 197 crypto::OpenSSLErrStackTracer(FROM_HERE); |
198 | 198 |
199 const EVP_MD* digest_algorithm; | 199 const EVP_MD* digest_algorithm; |
200 switch (algorithm.id()) { | 200 switch (algorithm.id()) { |
201 case blink::WebCryptoAlgorithmIdSha1: | 201 case blink::WebCryptoAlgorithmIdSha1: |
202 digest_algorithm = EVP_sha1(); | 202 digest_algorithm = EVP_sha1(); |
203 break; | 203 break; |
204 case blink::WebCryptoAlgorithmIdSha224: | 204 case blink::WebCryptoAlgorithmIdSha224: |
(...skipping 26 matching lines...) Expand all Loading... |
231 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); | 231 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); |
232 if (hash_expected_size <= 0) { | 232 if (hash_expected_size <= 0) { |
233 return Status::ErrorUnexpected(); | 233 return Status::ErrorUnexpected(); |
234 } | 234 } |
235 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); | 235 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); |
236 | 236 |
237 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); | 237 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); |
238 unsigned char* const hash_buffer = | 238 unsigned char* const hash_buffer = |
239 reinterpret_cast<unsigned char* const>(buffer->data()); | 239 reinterpret_cast<unsigned char* const>(buffer->data()); |
240 | 240 |
241 unsigned hash_size = 0; | 241 unsigned int hash_size = 0; |
242 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || | 242 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || |
243 static_cast<int>(hash_size) != hash_expected_size) { | 243 static_cast<int>(hash_size) != hash_expected_size) { |
244 buffer->reset(); | 244 buffer->reset(); |
245 return Status::Error(); | 245 return Status::Error(); |
246 } | 246 } |
247 | 247 |
248 return Status::Success(); | 248 return Status::Success(); |
249 } | 249 } |
250 | 250 |
251 Status WebCryptoImpl::GenerateSecretKeyInternal( | 251 Status WebCryptoImpl::GenerateSecretKeyInternal( |
252 const blink::WebCryptoAlgorithm& algorithm, | 252 const blink::WebCryptoAlgorithm& algorithm, |
253 bool extractable, | 253 bool extractable, |
254 blink::WebCryptoKeyUsageMask usage_mask, | 254 blink::WebCryptoKeyUsageMask usage_mask, |
255 blink::WebCryptoKey* key) { | 255 blink::WebCryptoKey* key) { |
256 | 256 |
257 unsigned keylen_bytes = 0; | 257 unsigned int keylen_bytes = 0; |
258 blink::WebCryptoKeyType key_type; | 258 blink::WebCryptoKeyType key_type; |
259 switch (algorithm.id()) { | 259 switch (algorithm.id()) { |
260 case blink::WebCryptoAlgorithmIdAesCbc: { | 260 case blink::WebCryptoAlgorithmIdAesCbc: { |
261 const blink::WebCryptoAesKeyGenParams* params = | 261 const blink::WebCryptoAesKeyGenParams* params = |
262 algorithm.aesKeyGenParams(); | 262 algorithm.aesKeyGenParams(); |
263 DCHECK(params); | 263 DCHECK(params); |
264 if (params->lengthBits() % 8) | 264 if (params->lengthBits() % 8) |
265 return Status::ErrorGenerateKeyLength(); | 265 return Status::ErrorGenerateKeyLength(); |
266 keylen_bytes = params->lengthBits() / 8; | 266 keylen_bytes = params->lengthBits() / 8; |
267 if (!GetAESCipherByKeyLength(keylen_bytes)) | 267 if (!GetAESCipherByKeyLength(keylen_bytes)) |
(...skipping 38 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
306 blink::WebCryptoKey* public_key, | 306 blink::WebCryptoKey* public_key, |
307 blink::WebCryptoKey* private_key) { | 307 blink::WebCryptoKey* private_key) { |
308 // TODO(padolph): Placeholder for OpenSSL implementation. | 308 // TODO(padolph): Placeholder for OpenSSL implementation. |
309 // Issue http://crbug.com/267888. | 309 // Issue http://crbug.com/267888. |
310 return Status::ErrorUnsupported(); | 310 return Status::ErrorUnsupported(); |
311 } | 311 } |
312 | 312 |
313 Status WebCryptoImpl::ImportKeyInternal( | 313 Status WebCryptoImpl::ImportKeyInternal( |
314 blink::WebCryptoKeyFormat format, | 314 blink::WebCryptoKeyFormat format, |
315 const unsigned char* key_data, | 315 const unsigned char* key_data, |
316 unsigned key_data_size, | 316 unsigned int key_data_size, |
317 const blink::WebCryptoAlgorithm& algorithm_or_null, | 317 const blink::WebCryptoAlgorithm& algorithm_or_null, |
318 bool extractable, | 318 bool extractable, |
319 blink::WebCryptoKeyUsageMask usage_mask, | 319 blink::WebCryptoKeyUsageMask usage_mask, |
320 blink::WebCryptoKey* key) { | 320 blink::WebCryptoKey* key) { |
321 // TODO(eroman): Currently expects algorithm to always be specified, as it is | 321 // TODO(eroman): Currently expects algorithm to always be specified, as it is |
322 // required for raw format. | 322 // required for raw format. |
323 if (algorithm_or_null.isNull()) | 323 if (algorithm_or_null.isNull()) |
324 return Status::ErrorMissingAlgorithmImportRawKey(); | 324 return Status::ErrorMissingAlgorithmImportRawKey(); |
325 const blink::WebCryptoAlgorithm& algorithm = algorithm_or_null; | 325 const blink::WebCryptoAlgorithm& algorithm = algorithm_or_null; |
326 | 326 |
327 // TODO(padolph): Support all relevant alg types and then remove this gate. | 327 // TODO(padolph): Support all relevant alg types and then remove this gate. |
328 if (algorithm.id() != blink::WebCryptoAlgorithmIdHmac && | 328 if (algorithm.id() != blink::WebCryptoAlgorithmIdHmac && |
329 algorithm.id() != blink::WebCryptoAlgorithmIdAesCbc) { | 329 algorithm.id() != blink::WebCryptoAlgorithmIdAesCbc) { |
330 return Status::ErrorUnsupported(); | 330 return Status::ErrorUnsupported(); |
331 } | 331 } |
332 | 332 |
333 // TODO(padolph): Need to split handling for symmetric (raw format) and | 333 // TODO(padolph): Need to split handling for symmetric (raw format) and |
334 // asymmetric (spki or pkcs8 format) keys. | 334 // asymmetric (spki or pkcs8 format) keys. |
335 // Currently only supporting symmetric. | 335 // Currently only supporting symmetric. |
336 | 336 |
337 // Symmetric keys are always type secret | 337 // Symmetric keys are always type secret |
338 blink::WebCryptoKeyType type = blink::WebCryptoKeyTypeSecret; | 338 blink::WebCryptoKeyType type = blink::WebCryptoKeyTypeSecret; |
339 | 339 |
340 const unsigned char* raw_key_data; | 340 const unsigned char* raw_key_data; |
341 unsigned raw_key_data_size; | 341 unsigned int raw_key_data_size; |
342 switch (format) { | 342 switch (format) { |
343 case blink::WebCryptoKeyFormatRaw: | 343 case blink::WebCryptoKeyFormatRaw: |
344 raw_key_data = key_data; | 344 raw_key_data = key_data; |
345 raw_key_data_size = key_data_size; | 345 raw_key_data_size = key_data_size; |
346 // The NSS implementation fails when importing a raw AES key with a length | 346 // The NSS implementation fails when importing a raw AES key with a length |
347 // incompatible with AES. The line below is to match this behavior. | 347 // incompatible with AES. The line below is to match this behavior. |
348 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc && | 348 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc && |
349 !GetAESCipherByKeyLength(raw_key_data_size)) { | 349 !GetAESCipherByKeyLength(raw_key_data_size)) { |
350 return Status::Error(); | 350 return Status::Error(); |
351 } | 351 } |
(...skipping 27 matching lines...) Expand all Loading... |
379 default: | 379 default: |
380 return Status::ErrorUnsupported(); | 380 return Status::ErrorUnsupported(); |
381 } | 381 } |
382 return Status::ErrorUnsupported(); | 382 return Status::ErrorUnsupported(); |
383 } | 383 } |
384 | 384 |
385 Status WebCryptoImpl::SignInternal( | 385 Status WebCryptoImpl::SignInternal( |
386 const blink::WebCryptoAlgorithm& algorithm, | 386 const blink::WebCryptoAlgorithm& algorithm, |
387 const blink::WebCryptoKey& key, | 387 const blink::WebCryptoKey& key, |
388 const unsigned char* data, | 388 const unsigned char* data, |
389 unsigned data_size, | 389 unsigned int data_size, |
390 blink::WebArrayBuffer* buffer) { | 390 blink::WebArrayBuffer* buffer) { |
391 | 391 |
392 blink::WebArrayBuffer result; | 392 blink::WebArrayBuffer result; |
393 | 393 |
394 switch (algorithm.id()) { | 394 switch (algorithm.id()) { |
395 case blink::WebCryptoAlgorithmIdHmac: { | 395 case blink::WebCryptoAlgorithmIdHmac: { |
396 | 396 |
397 DCHECK_EQ(key.algorithm().id(), blink::WebCryptoAlgorithmIdHmac); | 397 DCHECK_EQ(key.algorithm().id(), blink::WebCryptoAlgorithmIdHmac); |
398 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); | 398 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); |
399 | 399 |
(...skipping 67 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
467 } | 467 } |
468 | 468 |
469 *buffer = result; | 469 *buffer = result; |
470 return Status::Success(); | 470 return Status::Success(); |
471 } | 471 } |
472 | 472 |
473 Status WebCryptoImpl::VerifySignatureInternal( | 473 Status WebCryptoImpl::VerifySignatureInternal( |
474 const blink::WebCryptoAlgorithm& algorithm, | 474 const blink::WebCryptoAlgorithm& algorithm, |
475 const blink::WebCryptoKey& key, | 475 const blink::WebCryptoKey& key, |
476 const unsigned char* signature, | 476 const unsigned char* signature, |
477 unsigned signature_size, | 477 unsigned int signature_size, |
478 const unsigned char* data, | 478 const unsigned char* data, |
479 unsigned data_size, | 479 unsigned int data_size, |
480 bool* signature_match) { | 480 bool* signature_match) { |
481 switch (algorithm.id()) { | 481 switch (algorithm.id()) { |
482 case blink::WebCryptoAlgorithmIdHmac: { | 482 case blink::WebCryptoAlgorithmIdHmac: { |
483 blink::WebArrayBuffer result; | 483 blink::WebArrayBuffer result; |
484 Status status = SignInternal(algorithm, key, data, data_size, &result); | 484 Status status = SignInternal(algorithm, key, data, data_size, &result); |
485 if (status.IsError()) | 485 if (status.IsError()) |
486 return status; | 486 return status; |
487 | 487 |
488 // Handling of truncated signatures is underspecified in the WebCrypto | 488 // Handling of truncated signatures is underspecified in the WebCrypto |
489 // spec, so here we fail verification if a truncated signature is being | 489 // spec, so here we fail verification if a truncated signature is being |
490 // verified. | 490 // verified. |
491 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 | 491 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 |
492 *signature_match = | 492 *signature_match = |
493 result.byteLength() == signature_size && | 493 result.byteLength() == signature_size && |
494 crypto::SecureMemEqual(result.data(), signature, signature_size); | 494 crypto::SecureMemEqual(result.data(), signature, signature_size); |
495 | 495 |
496 break; | 496 break; |
497 } | 497 } |
498 default: | 498 default: |
499 return Status::ErrorUnsupported(); | 499 return Status::ErrorUnsupported(); |
500 } | 500 } |
501 return Status::Success(); | 501 return Status::Success(); |
502 } | 502 } |
503 | 503 |
504 Status WebCryptoImpl::ImportRsaPublicKeyInternal( | 504 Status WebCryptoImpl::ImportRsaPublicKeyInternal( |
505 const unsigned char* modulus_data, | 505 const unsigned char* modulus_data, |
506 unsigned modulus_size, | 506 unsigned int modulus_size, |
507 const unsigned char* exponent_data, | 507 const unsigned char* exponent_data, |
508 unsigned exponent_size, | 508 unsigned int exponent_size, |
509 const blink::WebCryptoAlgorithm& algorithm, | 509 const blink::WebCryptoAlgorithm& algorithm, |
510 bool extractable, | 510 bool extractable, |
511 blink::WebCryptoKeyUsageMask usage_mask, | 511 blink::WebCryptoKeyUsageMask usage_mask, |
512 blink::WebCryptoKey* key) { | 512 blink::WebCryptoKey* key) { |
513 // TODO(padolph): Placeholder for OpenSSL implementation. | 513 // TODO(padolph): Placeholder for OpenSSL implementation. |
514 // Issue http://crbug.com/267888. | 514 // Issue http://crbug.com/267888. |
515 return Status::ErrorUnsupported(); | 515 return Status::ErrorUnsupported(); |
516 } | 516 } |
517 | 517 |
518 } // namespace content | 518 } // namespace content |
OLD | NEW |