OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 #include <openssl/aes.h> | 8 #include <openssl/aes.h> |
9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
10 #include <openssl/hmac.h> | 10 #include <openssl/hmac.h> |
11 #include <openssl/rand.h> | 11 #include <openssl/rand.h> |
12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
13 | 13 |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "content/renderer/webcrypto/crypto_data.h" |
15 #include "content/renderer/webcrypto/webcrypto_util.h" | 16 #include "content/renderer/webcrypto/webcrypto_util.h" |
16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
17 #include "crypto/secure_util.h" | |
18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
21 | 21 |
22 namespace content { | 22 namespace content { |
23 | 23 |
24 using webcrypto::Status; | 24 namespace webcrypto { |
25 | 25 |
26 namespace { | 26 class PlatformKey : public blink::WebCryptoKeyHandle { |
| 27 public: |
| 28 virtual PlatformSymKey* AsSymKey() { return NULL; } |
| 29 virtual PlatformPublicKey* AsPublicKey() { return NULL; } |
| 30 virtual PlatformPrivateKey* AsPrivateKey() { return NULL; } |
| 31 }; |
27 | 32 |
28 class SymKeyHandle : public blink::WebCryptoKeyHandle { | 33 class PlatformSymKey : public PlatformKey { |
29 public: | 34 public: |
30 SymKeyHandle(const unsigned char* key_data, unsigned int key_data_size) | 35 explicit PlatformSymKey(const CryptoData& key_data) |
31 : key_(key_data, key_data + key_data_size) {} | 36 : key_(key_data.bytes(), key_data.bytes() + key_data.byte_length()) {} |
| 37 |
| 38 virtual PlatformSymKey* AsSymKey() OVERRIDE { return this; } |
32 | 39 |
33 const std::vector<unsigned char>& key() const { return key_; } | 40 const std::vector<unsigned char>& key() const { return key_; } |
34 | 41 |
35 private: | 42 private: |
36 const std::vector<unsigned char> key_; | 43 const std::vector<unsigned char> key_; |
37 | 44 |
38 DISALLOW_COPY_AND_ASSIGN(SymKeyHandle); | 45 DISALLOW_COPY_AND_ASSIGN(PlatformSymKey); |
39 }; | 46 }; |
40 | 47 |
| 48 PlatformSymKey* PlatformCrypto::ToSymKey(const blink::WebCryptoKey& key) { |
| 49 return static_cast<PlatformKey*>(key.handle())->AsSymKey(); |
| 50 } |
| 51 |
| 52 PlatformPublicKey* PlatformCrypto::ToPublicKey(const blink::WebCryptoKey& key) { |
| 53 return static_cast<PlatformKey*>(key.handle())->AsPublicKey(); |
| 54 } |
| 55 |
| 56 PlatformPrivateKey* PlatformCrypto::ToPrivateKey( |
| 57 const blink::WebCryptoKey& key) { |
| 58 return static_cast<PlatformKey*>(key.handle())->AsPrivateKey(); |
| 59 } |
| 60 |
| 61 namespace { |
| 62 |
41 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { | 63 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { |
42 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits | 64 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits |
43 switch (key_length_bytes) { | 65 switch (key_length_bytes) { |
44 case 16: | 66 case 16: |
45 return EVP_aes_128_cbc(); | 67 return EVP_aes_128_cbc(); |
46 case 24: | 68 case 24: |
47 return EVP_aes_192_cbc(); | 69 return EVP_aes_192_cbc(); |
48 case 32: | 70 case 32: |
49 return EVP_aes_256_cbc(); | 71 return EVP_aes_256_cbc(); |
50 default: | 72 default: |
51 return NULL; | 73 return NULL; |
52 } | 74 } |
53 } | 75 } |
54 | 76 |
55 // OpenSSL constants for EVP_CipherInit_ex(), do not change | 77 // OpenSSL constants for EVP_CipherInit_ex(), do not change |
56 enum CipherOperation { | 78 enum CipherOperation { |
57 kDoDecrypt = 0, | 79 kDoDecrypt = 0, |
58 kDoEncrypt = 1 | 80 kDoEncrypt = 1 |
59 }; | 81 }; |
60 | 82 |
61 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, | 83 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, |
62 const blink::WebCryptoAlgorithm& algorithm, | 84 PlatformSymKey* key, |
63 const blink::WebCryptoKey& key, | 85 const CryptoData& iv, |
64 const unsigned char* data, | 86 const CryptoData& data, |
65 unsigned int data_size, | |
66 blink::WebArrayBuffer* buffer) { | 87 blink::WebArrayBuffer* buffer) { |
67 DCHECK_EQ(blink::WebCryptoAlgorithmIdAesCbc, algorithm.id()); | 88 if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) { |
68 DCHECK_EQ(algorithm.id(), key.algorithm().id()); | |
69 DCHECK_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
70 | |
71 if (data_size >= INT_MAX - AES_BLOCK_SIZE) { | |
72 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right | 89 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right |
73 // now it doesn't make much difference since the one-shot API would end up | 90 // now it doesn't make much difference since the one-shot API would end up |
74 // blowing out the memory and crashing anyway. | 91 // blowing out the memory and crashing anyway. |
75 return Status::ErrorDataTooLarge(); | 92 return Status::ErrorDataTooLarge(); |
76 } | 93 } |
77 | 94 |
78 // Note: PKCS padding is enabled by default | 95 // Note: PKCS padding is enabled by default |
79 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> context( | 96 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> context( |
80 EVP_CIPHER_CTX_new()); | 97 EVP_CIPHER_CTX_new()); |
81 | 98 |
82 if (!context.get()) | 99 if (!context.get()) |
83 return Status::Error(); | 100 return Status::Error(); |
84 | 101 |
85 SymKeyHandle* const sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | 102 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(key->key().size()); |
86 | |
87 const EVP_CIPHER* const cipher = | |
88 GetAESCipherByKeyLength(sym_key->key().size()); | |
89 DCHECK(cipher); | 103 DCHECK(cipher); |
90 | 104 |
91 const blink::WebCryptoAesCbcParams* const params = algorithm.aesCbcParams(); | |
92 if (params->iv().size() != AES_BLOCK_SIZE) | |
93 return Status::ErrorIncorrectSizeAesCbcIv(); | |
94 | |
95 if (!EVP_CipherInit_ex(context.get(), | 105 if (!EVP_CipherInit_ex(context.get(), |
96 cipher, | 106 cipher, |
97 NULL, | 107 NULL, |
98 &sym_key->key()[0], | 108 &key->key()[0], |
99 params->iv().data(), | 109 iv.bytes(), |
100 cipher_operation)) { | 110 cipher_operation)) { |
101 return Status::Error(); | 111 return Status::Error(); |
102 } | 112 } |
103 | 113 |
104 // According to the openssl docs, the amount of data written may be as large | 114 // According to the openssl docs, the amount of data written may be as large |
105 // as (data_size + cipher_block_size - 1), constrained to a multiple of | 115 // as (data_size + cipher_block_size - 1), constrained to a multiple of |
106 // cipher_block_size. | 116 // cipher_block_size. |
107 unsigned int output_max_len = data_size + AES_BLOCK_SIZE - 1; | 117 unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1; |
108 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; | 118 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; |
109 if (remainder != 0) | 119 if (remainder != 0) |
110 output_max_len += AES_BLOCK_SIZE - remainder; | 120 output_max_len += AES_BLOCK_SIZE - remainder; |
111 DCHECK_GT(output_max_len, data_size); | 121 DCHECK_GT(output_max_len, data.byte_length()); |
112 | 122 |
113 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); | 123 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); |
114 | 124 |
115 unsigned char* const buffer_data = | 125 unsigned char* const buffer_data = |
116 reinterpret_cast<unsigned char*>(buffer->data()); | 126 reinterpret_cast<unsigned char*>(buffer->data()); |
117 | 127 |
118 int output_len = 0; | 128 int output_len = 0; |
119 if (!EVP_CipherUpdate( | 129 if (!EVP_CipherUpdate(context.get(), |
120 context.get(), buffer_data, &output_len, data, data_size)) | 130 buffer_data, |
| 131 &output_len, |
| 132 data.bytes(), |
| 133 data.byte_length())) |
121 return Status::Error(); | 134 return Status::Error(); |
122 int final_output_chunk_len = 0; | 135 int final_output_chunk_len = 0; |
123 if (!EVP_CipherFinal_ex( | 136 if (!EVP_CipherFinal_ex( |
124 context.get(), buffer_data + output_len, &final_output_chunk_len)) { | 137 context.get(), buffer_data + output_len, &final_output_chunk_len)) { |
125 return Status::Error(); | 138 return Status::Error(); |
126 } | 139 } |
127 | 140 |
128 const unsigned int final_output_len = | 141 const unsigned int final_output_len = |
129 static_cast<unsigned int>(output_len) + | 142 static_cast<unsigned int>(output_len) + |
130 static_cast<unsigned int>(final_output_chunk_len); | 143 static_cast<unsigned int>(final_output_chunk_len); |
131 DCHECK_LE(final_output_len, output_max_len); | 144 DCHECK_LE(final_output_len, output_max_len); |
132 | 145 |
133 webcrypto::ShrinkBuffer(buffer, final_output_len); | 146 ShrinkBuffer(buffer, final_output_len); |
134 | |
135 return Status::Success(); | |
136 } | |
137 | |
138 Status ExportKeyInternalRaw( | |
139 const blink::WebCryptoKey& key, | |
140 blink::WebArrayBuffer* buffer) { | |
141 | |
142 DCHECK(key.handle()); | |
143 DCHECK(buffer); | |
144 | |
145 if (key.type() != blink::WebCryptoKeyTypeSecret) | |
146 return Status::ErrorUnexpectedKeyType(); | |
147 | |
148 // TODO(eroman): This should be in a more generic location. | |
149 if (!key.extractable()) | |
150 return Status::ErrorKeyNotExtractable(); | |
151 | |
152 const SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | |
153 | |
154 *buffer = webcrypto::CreateArrayBuffer( | |
155 webcrypto::Uint8VectorStart(sym_key->key()), sym_key->key().size()); | |
156 | 147 |
157 return Status::Success(); | 148 return Status::Success(); |
158 } | 149 } |
159 | 150 |
160 } // namespace | 151 } // namespace |
161 | 152 |
162 void WebCryptoImpl::Init() { crypto::EnsureOpenSSLInit(); } | 153 Status PlatformCrypto::PlatformExportKeyRaw(PlatformSymKey* key, |
163 | 154 blink::WebArrayBuffer* buffer) { |
164 Status WebCryptoImpl::EncryptInternal( | 155 *buffer = CreateArrayBuffer(Uint8VectorStart(key->key()), key->key().size()); |
165 const blink::WebCryptoAlgorithm& algorithm, | 156 return Status::Success(); |
166 const blink::WebCryptoKey& key, | |
167 const unsigned char* data, | |
168 unsigned int data_size, | |
169 blink::WebArrayBuffer* buffer) { | |
170 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | |
171 return AesCbcEncryptDecrypt( | |
172 kDoEncrypt, algorithm, key, data, data_size, buffer); | |
173 } | |
174 | |
175 return Status::ErrorUnsupported(); | |
176 } | 157 } |
177 | 158 |
178 Status WebCryptoImpl::DecryptInternal( | 159 PlatformCrypto::PlatformCrypto() { |
179 const blink::WebCryptoAlgorithm& algorithm, | 160 crypto::EnsureOpenSSLInit(); |
180 const blink::WebCryptoKey& key, | |
181 const unsigned char* data, | |
182 unsigned int data_size, | |
183 blink::WebArrayBuffer* buffer) { | |
184 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | |
185 return AesCbcEncryptDecrypt( | |
186 kDoDecrypt, algorithm, key, data, data_size, buffer); | |
187 } | |
188 | |
189 return Status::ErrorUnsupported(); | |
190 } | 161 } |
191 | 162 |
192 Status WebCryptoImpl::DigestInternal(const blink::WebCryptoAlgorithm& algorithm, | 163 Status PlatformCrypto::PlatformEncryptAesCbc( |
193 const unsigned char* data, | 164 PlatformSymKey* key, |
194 unsigned int data_size, | 165 const CryptoData& iv, |
195 blink::WebArrayBuffer* buffer) { | 166 const CryptoData& data, |
| 167 blink::WebArrayBuffer* buffer) { |
| 168 return AesCbcEncryptDecrypt(kDoEncrypt, key, iv, data, buffer); |
| 169 } |
196 | 170 |
| 171 Status PlatformCrypto::PlatformDecryptAesCbc( |
| 172 PlatformSymKey* key, |
| 173 const CryptoData& iv, |
| 174 const CryptoData& data, |
| 175 blink::WebArrayBuffer* buffer) { |
| 176 return AesCbcEncryptDecrypt(kDoDecrypt, key, iv, data, buffer); |
| 177 } |
| 178 |
| 179 Status PlatformCrypto::PlatformDigestSha(blink::WebCryptoAlgorithmId algorithm, |
| 180 const CryptoData& data, |
| 181 blink::WebArrayBuffer* buffer) { |
197 crypto::OpenSSLErrStackTracer(FROM_HERE); | 182 crypto::OpenSSLErrStackTracer(FROM_HERE); |
198 | 183 |
199 const EVP_MD* digest_algorithm; | 184 const EVP_MD* digest_algorithm; |
200 switch (algorithm.id()) { | 185 switch (algorithm) { |
201 case blink::WebCryptoAlgorithmIdSha1: | 186 case blink::WebCryptoAlgorithmIdSha1: |
202 digest_algorithm = EVP_sha1(); | 187 digest_algorithm = EVP_sha1(); |
203 break; | 188 break; |
204 case blink::WebCryptoAlgorithmIdSha224: | 189 case blink::WebCryptoAlgorithmIdSha224: |
205 digest_algorithm = EVP_sha224(); | 190 digest_algorithm = EVP_sha224(); |
206 break; | 191 break; |
207 case blink::WebCryptoAlgorithmIdSha256: | 192 case blink::WebCryptoAlgorithmIdSha256: |
208 digest_algorithm = EVP_sha256(); | 193 digest_algorithm = EVP_sha256(); |
209 break; | 194 break; |
210 case blink::WebCryptoAlgorithmIdSha384: | 195 case blink::WebCryptoAlgorithmIdSha384: |
211 digest_algorithm = EVP_sha384(); | 196 digest_algorithm = EVP_sha384(); |
212 break; | 197 break; |
213 case blink::WebCryptoAlgorithmIdSha512: | 198 case blink::WebCryptoAlgorithmIdSha512: |
214 digest_algorithm = EVP_sha512(); | 199 digest_algorithm = EVP_sha512(); |
215 break; | 200 break; |
216 default: | 201 default: |
217 // Not a digest algorithm. | 202 // Not a SHA algorithm. |
218 return Status::ErrorUnsupported(); | 203 return Status::ErrorUnexpected(); |
219 } | 204 } |
220 | 205 |
221 crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context( | 206 crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context( |
222 EVP_MD_CTX_create()); | 207 EVP_MD_CTX_create()); |
223 if (!digest_context.get()) | 208 if (!digest_context.get()) |
224 return Status::Error(); | 209 return Status::Error(); |
225 | 210 |
226 if (!EVP_DigestInit_ex(digest_context.get(), digest_algorithm, NULL) || | 211 if (!EVP_DigestInit_ex(digest_context.get(), digest_algorithm, NULL) || |
227 !EVP_DigestUpdate(digest_context.get(), data, data_size)) { | 212 !EVP_DigestUpdate( |
| 213 digest_context.get(), data.bytes(), data.byte_length())) { |
228 return Status::Error(); | 214 return Status::Error(); |
229 } | 215 } |
230 | 216 |
231 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); | 217 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); |
232 if (hash_expected_size <= 0) { | 218 if (hash_expected_size <= 0) |
233 return Status::ErrorUnexpected(); | 219 return Status::ErrorUnexpected(); |
234 } | |
235 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); | 220 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); |
236 | 221 |
237 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); | 222 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); |
238 unsigned char* const hash_buffer = | 223 unsigned char* const hash_buffer = |
239 reinterpret_cast<unsigned char* const>(buffer->data()); | 224 reinterpret_cast<unsigned char* const>(buffer->data()); |
240 | 225 |
241 unsigned int hash_size = 0; | 226 unsigned int hash_size = 0; |
242 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || | 227 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || |
243 static_cast<int>(hash_size) != hash_expected_size) { | 228 static_cast<int>(hash_size) != hash_expected_size) { |
244 buffer->reset(); | 229 buffer->reset(); |
245 return Status::Error(); | 230 return Status::Error(); |
246 } | 231 } |
247 | 232 |
248 return Status::Success(); | 233 return Status::Success(); |
249 } | 234 } |
250 | 235 |
251 Status WebCryptoImpl::GenerateSecretKeyInternal( | 236 Status PlatformCrypto::PlatformGenerateSecretKey( |
252 const blink::WebCryptoAlgorithm& algorithm, | 237 const blink::WebCryptoAlgorithm& algorithm, |
253 bool extractable, | 238 bool extractable, |
254 blink::WebCryptoKeyUsageMask usage_mask, | 239 blink::WebCryptoKeyUsageMask usage_mask, |
| 240 unsigned keylen_bytes, |
255 blink::WebCryptoKey* key) { | 241 blink::WebCryptoKey* key) { |
256 | 242 // TODO(eroman): Is this right? |
257 unsigned int keylen_bytes = 0; | |
258 blink::WebCryptoKeyType key_type; | |
259 switch (algorithm.id()) { | |
260 case blink::WebCryptoAlgorithmIdAesCbc: { | |
261 const blink::WebCryptoAesKeyGenParams* params = | |
262 algorithm.aesKeyGenParams(); | |
263 DCHECK(params); | |
264 if (params->lengthBits() % 8) | |
265 return Status::ErrorGenerateKeyLength(); | |
266 keylen_bytes = params->lengthBits() / 8; | |
267 if (!GetAESCipherByKeyLength(keylen_bytes)) | |
268 return Status::Error(); | |
269 key_type = blink::WebCryptoKeyTypeSecret; | |
270 break; | |
271 } | |
272 case blink::WebCryptoAlgorithmIdHmac: { | |
273 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
274 DCHECK(params); | |
275 if (params->hasLengthBytes()) | |
276 keylen_bytes = params->optionalLengthBytes(); | |
277 else | |
278 keylen_bytes = webcrypto::ShaBlockSizeBytes(params->hash().id()); | |
279 key_type = blink::WebCryptoKeyTypeSecret; | |
280 break; | |
281 } | |
282 | |
283 default: { return Status::ErrorUnsupported(); } | |
284 } | |
285 | |
286 if (keylen_bytes == 0) | 243 if (keylen_bytes == 0) |
287 return Status::ErrorGenerateKeyLength(); | 244 return Status::ErrorGenerateKeyLength(); |
288 | 245 |
289 crypto::OpenSSLErrStackTracer(FROM_HERE); | 246 crypto::OpenSSLErrStackTracer(FROM_HERE); |
290 | 247 |
291 std::vector<unsigned char> random_bytes(keylen_bytes, 0); | 248 std::vector<unsigned char> random_bytes(keylen_bytes, 0); |
292 if (!(RAND_bytes(&random_bytes[0], keylen_bytes))) | 249 if (!(RAND_bytes(&random_bytes[0], keylen_bytes))) |
293 return Status::Error(); | 250 return Status::Error(); |
294 | 251 |
295 *key = blink::WebCryptoKey::create( | 252 *key = blink::WebCryptoKey::create(new PlatformSymKey(random_bytes), |
296 new SymKeyHandle(&random_bytes[0], random_bytes.size()), | 253 blink::WebCryptoKeyTypeSecret, |
297 key_type, extractable, algorithm, usage_mask); | 254 extractable, |
| 255 algorithm, |
| 256 usage_mask); |
298 | 257 |
299 return Status::Success(); | 258 return Status::Success(); |
300 } | 259 } |
301 | 260 |
302 Status WebCryptoImpl::GenerateKeyPairInternal( | 261 Status PlatformCrypto::PlatformGenerateRsaKeyPair( |
303 const blink::WebCryptoAlgorithm& algorithm, | 262 const blink::WebCryptoAlgorithm& algorithm, |
304 bool extractable, | 263 bool extractable, |
305 blink::WebCryptoKeyUsageMask usage_mask, | 264 blink::WebCryptoKeyUsageMask usage_mask, |
306 blink::WebCryptoKey* public_key, | 265 blink::WebCryptoKey* public_key, |
307 blink::WebCryptoKey* private_key) { | 266 blink::WebCryptoKey* private_key) { |
308 // TODO(padolph): Placeholder for OpenSSL implementation. | 267 // TODO(padolph): Placeholder for OpenSSL implementation. |
309 // Issue http://crbug.com/267888. | 268 // Issue http://crbug.com/267888. |
310 return Status::ErrorUnsupported(); | 269 return Status::ErrorUnsupported(); |
311 } | 270 } |
312 | 271 |
313 Status WebCryptoImpl::ImportKeyInternal( | 272 Status PlatformCrypto::PlatformImportKeyRaw( |
314 blink::WebCryptoKeyFormat format, | 273 const CryptoData& key_data, |
315 const unsigned char* key_data, | 274 const blink::WebCryptoAlgorithm& algorithm, |
316 unsigned int key_data_size, | |
317 const blink::WebCryptoAlgorithm& algorithm_or_null, | |
318 bool extractable, | 275 bool extractable, |
319 blink::WebCryptoKeyUsageMask usage_mask, | 276 blink::WebCryptoKeyUsageMask usage_mask, |
320 blink::WebCryptoKey* key) { | 277 blink::WebCryptoKey* key) { |
321 // TODO(eroman): Currently expects algorithm to always be specified, as it is | 278 *key = blink::WebCryptoKey::create(new PlatformSymKey(key_data), |
322 // required for raw format. | 279 blink::WebCryptoKeyTypeSecret, |
323 if (algorithm_or_null.isNull()) | 280 extractable, |
324 return Status::ErrorMissingAlgorithmImportRawKey(); | 281 algorithm, |
325 const blink::WebCryptoAlgorithm& algorithm = algorithm_or_null; | 282 usage_mask); |
326 | |
327 // TODO(padolph): Support all relevant alg types and then remove this gate. | |
328 if (algorithm.id() != blink::WebCryptoAlgorithmIdHmac && | |
329 algorithm.id() != blink::WebCryptoAlgorithmIdAesCbc) { | |
330 return Status::ErrorUnsupported(); | |
331 } | |
332 | |
333 // TODO(padolph): Need to split handling for symmetric (raw format) and | |
334 // asymmetric (spki or pkcs8 format) keys. | |
335 // Currently only supporting symmetric. | |
336 | |
337 // Symmetric keys are always type secret | |
338 blink::WebCryptoKeyType type = blink::WebCryptoKeyTypeSecret; | |
339 | |
340 const unsigned char* raw_key_data; | |
341 unsigned int raw_key_data_size; | |
342 switch (format) { | |
343 case blink::WebCryptoKeyFormatRaw: | |
344 raw_key_data = key_data; | |
345 raw_key_data_size = key_data_size; | |
346 // The NSS implementation fails when importing a raw AES key with a length | |
347 // incompatible with AES. The line below is to match this behavior. | |
348 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc && | |
349 !GetAESCipherByKeyLength(raw_key_data_size)) { | |
350 return Status::Error(); | |
351 } | |
352 break; | |
353 case blink::WebCryptoKeyFormatJwk: | |
354 return Status::ErrorUnexpected(); | |
355 default: | |
356 return Status::ErrorUnsupported(); | |
357 } | |
358 | |
359 *key = blink::WebCryptoKey::create( | |
360 new SymKeyHandle(raw_key_data, raw_key_data_size), | |
361 type, extractable, algorithm, usage_mask); | |
362 | 283 |
363 return Status::Success(); | 284 return Status::Success(); |
364 } | 285 } |
365 | 286 |
366 Status WebCryptoImpl::ExportKeyInternal( | 287 Status PlatformCrypto::PlatformSignHmac( |
367 blink::WebCryptoKeyFormat format, | 288 PlatformSymKey* key, |
368 const blink::WebCryptoKey& key, | 289 const blink::WebCryptoAlgorithm& hash, |
| 290 const CryptoData& data, |
369 blink::WebArrayBuffer* buffer) { | 291 blink::WebArrayBuffer* buffer) { |
370 switch (format) { | |
371 case blink::WebCryptoKeyFormatRaw: | |
372 return ExportKeyInternalRaw(key, buffer); | |
373 case blink::WebCryptoKeyFormatSpki: | |
374 // TODO(padolph): Implement spki export | |
375 return Status::ErrorUnsupported(); | |
376 case blink::WebCryptoKeyFormatPkcs8: | |
377 // TODO(padolph): Implement pkcs8 export | |
378 return Status::ErrorUnsupported(); | |
379 default: | |
380 return Status::ErrorUnsupported(); | |
381 } | |
382 return Status::ErrorUnsupported(); | |
383 } | |
384 | |
385 Status WebCryptoImpl::SignInternal( | |
386 const blink::WebCryptoAlgorithm& algorithm, | |
387 const blink::WebCryptoKey& key, | |
388 const unsigned char* data, | |
389 unsigned int data_size, | |
390 blink::WebArrayBuffer* buffer) { | |
391 | |
392 blink::WebArrayBuffer result; | 292 blink::WebArrayBuffer result; |
393 | 293 |
394 switch (algorithm.id()) { | 294 // TODO(eroman): De-indent this code. |
395 case blink::WebCryptoAlgorithmIdHmac: { | |
396 | |
397 DCHECK_EQ(key.algorithm().id(), blink::WebCryptoAlgorithmIdHmac); | |
398 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); | |
399 | |
400 const blink::WebCryptoHmacParams* const params = algorithm.hmacParams(); | |
401 if (!params) | |
402 return Status::ErrorUnexpected(); | |
403 | |
404 const EVP_MD* evp_sha = 0; | 295 const EVP_MD* evp_sha = 0; |
405 unsigned int hmac_expected_length = 0; | 296 unsigned int hmac_expected_length = 0; |
406 // Note that HMAC length is determined by the hash used. | 297 // Note that HMAC length is determined by the hash used. |
407 switch (params->hash().id()) { | 298 switch (hash.id()) { |
408 case blink::WebCryptoAlgorithmIdSha1: | 299 case blink::WebCryptoAlgorithmIdSha1: |
409 evp_sha = EVP_sha1(); | 300 evp_sha = EVP_sha1(); |
410 hmac_expected_length = SHA_DIGEST_LENGTH; | 301 hmac_expected_length = SHA_DIGEST_LENGTH; |
411 break; | 302 break; |
412 case blink::WebCryptoAlgorithmIdSha224: | 303 case blink::WebCryptoAlgorithmIdSha224: |
413 evp_sha = EVP_sha224(); | 304 evp_sha = EVP_sha224(); |
414 hmac_expected_length = SHA224_DIGEST_LENGTH; | 305 hmac_expected_length = SHA224_DIGEST_LENGTH; |
415 break; | 306 break; |
416 case blink::WebCryptoAlgorithmIdSha256: | 307 case blink::WebCryptoAlgorithmIdSha256: |
417 evp_sha = EVP_sha256(); | 308 evp_sha = EVP_sha256(); |
418 hmac_expected_length = SHA256_DIGEST_LENGTH; | 309 hmac_expected_length = SHA256_DIGEST_LENGTH; |
419 break; | 310 break; |
420 case blink::WebCryptoAlgorithmIdSha384: | 311 case blink::WebCryptoAlgorithmIdSha384: |
421 evp_sha = EVP_sha384(); | 312 evp_sha = EVP_sha384(); |
422 hmac_expected_length = SHA384_DIGEST_LENGTH; | 313 hmac_expected_length = SHA384_DIGEST_LENGTH; |
423 break; | 314 break; |
424 case blink::WebCryptoAlgorithmIdSha512: | 315 case blink::WebCryptoAlgorithmIdSha512: |
425 evp_sha = EVP_sha512(); | 316 evp_sha = EVP_sha512(); |
426 hmac_expected_length = SHA512_DIGEST_LENGTH; | 317 hmac_expected_length = SHA512_DIGEST_LENGTH; |
427 break; | 318 break; |
428 default: | 319 default: |
429 // Not a digest algorithm. | 320 // Not a digest algorithm. |
430 return Status::ErrorUnsupported(); | 321 return Status::ErrorUnsupported(); |
431 } | 322 } |
432 | 323 |
433 SymKeyHandle* const sym_key = | 324 const std::vector<unsigned char>& raw_key = key->key(); |
434 reinterpret_cast<SymKeyHandle*>(key.handle()); | |
435 const std::vector<unsigned char>& raw_key = sym_key->key(); | |
436 | 325 |
437 // OpenSSL wierdness here. | 326 // OpenSSL wierdness here. |
438 // First, HMAC() needs a void* for the key data, so make one up front as a | 327 // First, HMAC() needs a void* for the key data, so make one up front as a |
439 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, | 328 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, |
440 // which will result if the raw_key vector is empty; an entirely valid | 329 // which will result if the raw_key vector is empty; an entirely valid |
441 // case. Handle this specific case by pointing to an empty array. | 330 // case. Handle this specific case by pointing to an empty array. |
442 const unsigned char null_key[] = {}; | 331 const unsigned char null_key[] = {}; |
443 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; | 332 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; |
444 | 333 |
445 result = blink::WebArrayBuffer::create(hmac_expected_length, 1); | 334 result = blink::WebArrayBuffer::create(hmac_expected_length, 1); |
446 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( | 335 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( |
447 reinterpret_cast<unsigned char*>(result.data()), | 336 reinterpret_cast<unsigned char*>(result.data()), |
448 hmac_expected_length); | 337 hmac_expected_length); |
449 | 338 |
450 crypto::OpenSSLErrStackTracer(FROM_HERE); | 339 crypto::OpenSSLErrStackTracer(FROM_HERE); |
451 | 340 |
452 unsigned int hmac_actual_length; | 341 unsigned int hmac_actual_length; |
453 unsigned char* const success = HMAC(evp_sha, | 342 unsigned char* const success = HMAC(evp_sha, |
454 raw_key_voidp, | 343 raw_key_voidp, |
455 raw_key.size(), | 344 raw_key.size(), |
456 data, | 345 data.bytes(), |
457 data_size, | 346 data.byte_length(), |
458 hmac_result.safe_buffer(), | 347 hmac_result.safe_buffer(), |
459 &hmac_actual_length); | 348 &hmac_actual_length); |
460 if (!success || hmac_actual_length != hmac_expected_length) | 349 if (!success || hmac_actual_length != hmac_expected_length) |
461 return Status::Error(); | 350 return Status::Error(); |
462 | 351 |
463 break; | 352 *buffer = result; |
464 } | |
465 default: | |
466 return Status::ErrorUnsupported(); | |
467 } | |
468 | |
469 *buffer = result; | |
470 return Status::Success(); | 353 return Status::Success(); |
471 } | 354 } |
472 | 355 |
473 Status WebCryptoImpl::VerifySignatureInternal( | 356 Status PlatformCrypto::PlatformImportRsaPublicKey( |
474 const blink::WebCryptoAlgorithm& algorithm, | 357 const CryptoData& modulus_data, |
475 const blink::WebCryptoKey& key, | 358 const CryptoData& exponent_data, |
476 const unsigned char* signature, | |
477 unsigned int signature_size, | |
478 const unsigned char* data, | |
479 unsigned int data_size, | |
480 bool* signature_match) { | |
481 switch (algorithm.id()) { | |
482 case blink::WebCryptoAlgorithmIdHmac: { | |
483 blink::WebArrayBuffer result; | |
484 Status status = SignInternal(algorithm, key, data, data_size, &result); | |
485 if (status.IsError()) | |
486 return status; | |
487 | |
488 // Handling of truncated signatures is underspecified in the WebCrypto | |
489 // spec, so here we fail verification if a truncated signature is being | |
490 // verified. | |
491 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 | |
492 *signature_match = | |
493 result.byteLength() == signature_size && | |
494 crypto::SecureMemEqual(result.data(), signature, signature_size); | |
495 | |
496 break; | |
497 } | |
498 default: | |
499 return Status::ErrorUnsupported(); | |
500 } | |
501 return Status::Success(); | |
502 } | |
503 | |
504 Status WebCryptoImpl::ImportRsaPublicKeyInternal( | |
505 const unsigned char* modulus_data, | |
506 unsigned int modulus_size, | |
507 const unsigned char* exponent_data, | |
508 unsigned int exponent_size, | |
509 const blink::WebCryptoAlgorithm& algorithm, | 359 const blink::WebCryptoAlgorithm& algorithm, |
510 bool extractable, | 360 bool extractable, |
511 blink::WebCryptoKeyUsageMask usage_mask, | 361 blink::WebCryptoKeyUsageMask usage_mask, |
512 blink::WebCryptoKey* key) { | 362 blink::WebCryptoKey* key) { |
513 // TODO(padolph): Placeholder for OpenSSL implementation. | 363 // TODO(padolph): Placeholder for OpenSSL implementation. |
514 // Issue http://crbug.com/267888. | 364 // Issue |
515 return Status::ErrorUnsupported(); | 365 return Status::ErrorUnsupported(); |
516 } | 366 } |
517 | 367 |
| 368 Status PlatformCrypto::PlatformEncryptAesGcm( |
| 369 PlatformSymKey* key, |
| 370 const blink::WebCryptoAesGcmParams* params, |
| 371 const CryptoData& data, |
| 372 blink::WebArrayBuffer* buffer) { |
| 373 // TODO(eroman): http://crbug.com/267888 |
| 374 return Status::ErrorUnsupported(); |
| 375 } |
| 376 |
| 377 // Guaranteed that params is non-null, and the key is an AES key. |
| 378 Status PlatformCrypto::PlatformDecryptAesGcm( |
| 379 PlatformSymKey* key, |
| 380 const blink::WebCryptoAesGcmParams* params, |
| 381 const CryptoData& data, |
| 382 blink::WebArrayBuffer* buffer) { |
| 383 // TODO(eroman): http://crbug.com/267888 |
| 384 return Status::ErrorUnsupported(); |
| 385 } |
| 386 |
| 387 // Guaranteed that key is valid. |
| 388 Status PlatformCrypto::PlatformEncryptRsaEsPkcs1v1_5( |
| 389 PlatformPublicKey* key, |
| 390 const CryptoData& data, |
| 391 blink::WebArrayBuffer* buffer) { |
| 392 // TODO(eroman): http://crbug.com/267888 |
| 393 return Status::ErrorUnsupported(); |
| 394 } |
| 395 |
| 396 Status PlatformCrypto::PlatformDecryptRsaEsPkcs1v1_5( |
| 397 PlatformPrivateKey* key, |
| 398 const CryptoData& data, |
| 399 blink::WebArrayBuffer* buffer) { |
| 400 // TODO(eroman): http://crbug.com/267888 |
| 401 return Status::ErrorUnsupported(); |
| 402 } |
| 403 |
| 404 Status PlatformCrypto::PlatformSignRsaSsaPkcs1v1_5( |
| 405 PlatformPrivateKey* key, |
| 406 const blink::WebCryptoAlgorithm& hash, |
| 407 const CryptoData& data, |
| 408 blink::WebArrayBuffer* buffer) { |
| 409 // TODO(eroman): http://crbug.com/267888 |
| 410 return Status::ErrorUnsupported(); |
| 411 } |
| 412 |
| 413 // Key is guaranteed to be an RSA SSA key. |
| 414 Status PlatformCrypto::PlatformVerifyRsaSsaPkcs1v1_5( |
| 415 PlatformPublicKey* key, |
| 416 const blink::WebCryptoAlgorithm& hash, |
| 417 const CryptoData& signature, |
| 418 const CryptoData& data, |
| 419 bool* signature_match) { |
| 420 // TODO(eroman): http://crbug.com/267888 |
| 421 return Status::ErrorUnsupported(); |
| 422 } |
| 423 |
| 424 Status PlatformCrypto::PlatformImportKeySpki( |
| 425 const CryptoData& key_data, |
| 426 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 427 bool extractable, |
| 428 blink::WebCryptoKeyUsageMask usage_mask, |
| 429 blink::WebCryptoKey* key) { |
| 430 // TODO(eroman): http://crbug.com/267888 |
| 431 return Status::ErrorUnsupported(); |
| 432 } |
| 433 |
| 434 Status PlatformCrypto::PlatformImportKeyPkcs8( |
| 435 const CryptoData& key_data, |
| 436 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 437 bool extractable, |
| 438 blink::WebCryptoKeyUsageMask usage_mask, |
| 439 blink::WebCryptoKey* key) { |
| 440 // TODO(eroman): http://crbug.com/267888 |
| 441 return Status::ErrorUnsupported(); |
| 442 } |
| 443 |
| 444 Status PlatformCrypto::PlatformExportKeySpki(PlatformPublicKey* key, |
| 445 blink::WebArrayBuffer* buffer) { |
| 446 // TODO(eroman): http://crbug.com/267888 |
| 447 return Status::ErrorUnsupported(); |
| 448 } |
| 449 |
| 450 } // namespace webcrypto |
| 451 |
518 } // namespace content | 452 } // namespace content |
OLD | NEW |