| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/renderer/webcrypto/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto/platform_crypto.h" |
| 6 | 6 |
| 7 #include <vector> | 7 #include <vector> |
| 8 #include <openssl/aes.h> | 8 #include <openssl/aes.h> |
| 9 #include <openssl/evp.h> | 9 #include <openssl/evp.h> |
| 10 #include <openssl/hmac.h> | 10 #include <openssl/hmac.h> |
| 11 #include <openssl/rand.h> | 11 #include <openssl/rand.h> |
| 12 #include <openssl/sha.h> | 12 #include <openssl/sha.h> |
| 13 | 13 |
| 14 #include "base/logging.h" | 14 #include "base/logging.h" |
| 15 #include "content/renderer/webcrypto/crypto_data.h" |
| 15 #include "content/renderer/webcrypto/webcrypto_util.h" | 16 #include "content/renderer/webcrypto/webcrypto_util.h" |
| 16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
| 17 #include "crypto/secure_util.h" | |
| 18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 18 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
| 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 19 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 20 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 21 | 21 |
| 22 namespace content { | 22 namespace content { |
| 23 | 23 |
| 24 using webcrypto::Status; | 24 namespace webcrypto { |
| 25 | 25 |
| 26 namespace { | 26 namespace platform { |
| 27 | 27 |
| 28 class SymKeyHandle : public blink::WebCryptoKeyHandle { | 28 class Key : public blink::WebCryptoKeyHandle { |
| 29 public: | 29 public: |
| 30 SymKeyHandle(const unsigned char* key_data, unsigned int key_data_size) | 30 virtual SymKey* AsSymKey() { return NULL; } |
| 31 : key_(key_data, key_data + key_data_size) {} | 31 virtual PublicKey* AsPublicKey() { return NULL; } |
| 32 virtual PrivateKey* AsPrivateKey() { return NULL; } |
| 33 }; |
| 34 |
| 35 class SymKey : public Key { |
| 36 public: |
| 37 explicit SymKey(const CryptoData& key_data) |
| 38 : key_(key_data.bytes(), key_data.bytes() + key_data.byte_length()) {} |
| 39 |
| 40 virtual SymKey* AsSymKey() OVERRIDE { return this; } |
| 32 | 41 |
| 33 const std::vector<unsigned char>& key() const { return key_; } | 42 const std::vector<unsigned char>& key() const { return key_; } |
| 34 | 43 |
| 35 private: | 44 private: |
| 36 const std::vector<unsigned char> key_; | 45 const std::vector<unsigned char> key_; |
| 37 | 46 |
| 38 DISALLOW_COPY_AND_ASSIGN(SymKeyHandle); | 47 DISALLOW_COPY_AND_ASSIGN(SymKey); |
| 39 }; | 48 }; |
| 40 | 49 |
| 50 SymKey* ToSymKey(const blink::WebCryptoKey& key) { |
| 51 return static_cast<Key*>(key.handle())->AsSymKey(); |
| 52 } |
| 53 |
| 54 PublicKey* ToPublicKey(const blink::WebCryptoKey& key) { |
| 55 return static_cast<Key*>(key.handle())->AsPublicKey(); |
| 56 } |
| 57 |
| 58 PrivateKey* ToPrivateKey(const blink::WebCryptoKey& key) { |
| 59 return static_cast<Key*>(key.handle())->AsPrivateKey(); |
| 60 } |
| 61 |
| 62 namespace { |
| 63 |
| 41 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { | 64 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { |
| 42 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits | 65 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits |
| 43 switch (key_length_bytes) { | 66 switch (key_length_bytes) { |
| 44 case 16: | 67 case 16: |
| 45 return EVP_aes_128_cbc(); | 68 return EVP_aes_128_cbc(); |
| 46 case 24: | 69 case 24: |
| 47 return EVP_aes_192_cbc(); | 70 return EVP_aes_192_cbc(); |
| 48 case 32: | 71 case 32: |
| 49 return EVP_aes_256_cbc(); | 72 return EVP_aes_256_cbc(); |
| 50 default: | 73 default: |
| 51 return NULL; | 74 return NULL; |
| 52 } | 75 } |
| 53 } | 76 } |
| 54 | 77 |
| 55 // OpenSSL constants for EVP_CipherInit_ex(), do not change | 78 // OpenSSL constants for EVP_CipherInit_ex(), do not change |
| 56 enum CipherOperation { | 79 enum CipherOperation { |
| 57 kDoDecrypt = 0, | 80 kDoDecrypt = 0, |
| 58 kDoEncrypt = 1 | 81 kDoEncrypt = 1 |
| 59 }; | 82 }; |
| 60 | 83 |
| 61 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, | 84 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, |
| 62 const blink::WebCryptoAlgorithm& algorithm, | 85 SymKey* key, |
| 63 const blink::WebCryptoKey& key, | 86 const CryptoData& iv, |
| 64 const unsigned char* data, | 87 const CryptoData& data, |
| 65 unsigned int data_size, | |
| 66 blink::WebArrayBuffer* buffer) { | 88 blink::WebArrayBuffer* buffer) { |
| 67 DCHECK_EQ(blink::WebCryptoAlgorithmIdAesCbc, algorithm.id()); | 89 if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) { |
| 68 DCHECK_EQ(algorithm.id(), key.algorithm().id()); | |
| 69 DCHECK_EQ(blink::WebCryptoKeyTypeSecret, key.type()); | |
| 70 | |
| 71 if (data_size >= INT_MAX - AES_BLOCK_SIZE) { | |
| 72 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right | 90 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right |
| 73 // now it doesn't make much difference since the one-shot API would end up | 91 // now it doesn't make much difference since the one-shot API would end up |
| 74 // blowing out the memory and crashing anyway. | 92 // blowing out the memory and crashing anyway. |
| 75 return Status::ErrorDataTooLarge(); | 93 return Status::ErrorDataTooLarge(); |
| 76 } | 94 } |
| 77 | 95 |
| 78 // Note: PKCS padding is enabled by default | 96 // Note: PKCS padding is enabled by default |
| 79 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> context( | 97 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free> context( |
| 80 EVP_CIPHER_CTX_new()); | 98 EVP_CIPHER_CTX_new()); |
| 81 | 99 |
| 82 if (!context.get()) | 100 if (!context.get()) |
| 83 return Status::Error(); | 101 return Status::Error(); |
| 84 | 102 |
| 85 SymKeyHandle* const sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | 103 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(key->key().size()); |
| 86 | |
| 87 const EVP_CIPHER* const cipher = | |
| 88 GetAESCipherByKeyLength(sym_key->key().size()); | |
| 89 DCHECK(cipher); | 104 DCHECK(cipher); |
| 90 | 105 |
| 91 const blink::WebCryptoAesCbcParams* const params = algorithm.aesCbcParams(); | |
| 92 if (params->iv().size() != AES_BLOCK_SIZE) | |
| 93 return Status::ErrorIncorrectSizeAesCbcIv(); | |
| 94 | |
| 95 if (!EVP_CipherInit_ex(context.get(), | 106 if (!EVP_CipherInit_ex(context.get(), |
| 96 cipher, | 107 cipher, |
| 97 NULL, | 108 NULL, |
| 98 &sym_key->key()[0], | 109 &key->key()[0], |
| 99 params->iv().data(), | 110 iv.bytes(), |
| 100 cipher_operation)) { | 111 cipher_operation)) { |
| 101 return Status::Error(); | 112 return Status::Error(); |
| 102 } | 113 } |
| 103 | 114 |
| 104 // According to the openssl docs, the amount of data written may be as large | 115 // According to the openssl docs, the amount of data written may be as large |
| 105 // as (data_size + cipher_block_size - 1), constrained to a multiple of | 116 // as (data_size + cipher_block_size - 1), constrained to a multiple of |
| 106 // cipher_block_size. | 117 // cipher_block_size. |
| 107 unsigned int output_max_len = data_size + AES_BLOCK_SIZE - 1; | 118 unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1; |
| 108 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; | 119 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; |
| 109 if (remainder != 0) | 120 if (remainder != 0) |
| 110 output_max_len += AES_BLOCK_SIZE - remainder; | 121 output_max_len += AES_BLOCK_SIZE - remainder; |
| 111 DCHECK_GT(output_max_len, data_size); | 122 DCHECK_GT(output_max_len, data.byte_length()); |
| 112 | 123 |
| 113 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); | 124 *buffer = blink::WebArrayBuffer::create(output_max_len, 1); |
| 114 | 125 |
| 115 unsigned char* const buffer_data = | 126 unsigned char* const buffer_data = |
| 116 reinterpret_cast<unsigned char*>(buffer->data()); | 127 reinterpret_cast<unsigned char*>(buffer->data()); |
| 117 | 128 |
| 118 int output_len = 0; | 129 int output_len = 0; |
| 119 if (!EVP_CipherUpdate( | 130 if (!EVP_CipherUpdate(context.get(), |
| 120 context.get(), buffer_data, &output_len, data, data_size)) | 131 buffer_data, |
| 132 &output_len, |
| 133 data.bytes(), |
| 134 data.byte_length())) |
| 121 return Status::Error(); | 135 return Status::Error(); |
| 122 int final_output_chunk_len = 0; | 136 int final_output_chunk_len = 0; |
| 123 if (!EVP_CipherFinal_ex( | 137 if (!EVP_CipherFinal_ex( |
| 124 context.get(), buffer_data + output_len, &final_output_chunk_len)) { | 138 context.get(), buffer_data + output_len, &final_output_chunk_len)) { |
| 125 return Status::Error(); | 139 return Status::Error(); |
| 126 } | 140 } |
| 127 | 141 |
| 128 const unsigned int final_output_len = | 142 const unsigned int final_output_len = |
| 129 static_cast<unsigned int>(output_len) + | 143 static_cast<unsigned int>(output_len) + |
| 130 static_cast<unsigned int>(final_output_chunk_len); | 144 static_cast<unsigned int>(final_output_chunk_len); |
| 131 DCHECK_LE(final_output_len, output_max_len); | 145 DCHECK_LE(final_output_len, output_max_len); |
| 132 | 146 |
| 133 webcrypto::ShrinkBuffer(buffer, final_output_len); | 147 ShrinkBuffer(buffer, final_output_len); |
| 134 | |
| 135 return Status::Success(); | |
| 136 } | |
| 137 | |
| 138 Status ExportKeyInternalRaw( | |
| 139 const blink::WebCryptoKey& key, | |
| 140 blink::WebArrayBuffer* buffer) { | |
| 141 | |
| 142 DCHECK(key.handle()); | |
| 143 DCHECK(buffer); | |
| 144 | |
| 145 if (key.type() != blink::WebCryptoKeyTypeSecret) | |
| 146 return Status::ErrorUnexpectedKeyType(); | |
| 147 | |
| 148 // TODO(eroman): This should be in a more generic location. | |
| 149 if (!key.extractable()) | |
| 150 return Status::ErrorKeyNotExtractable(); | |
| 151 | |
| 152 const SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | |
| 153 | |
| 154 *buffer = webcrypto::CreateArrayBuffer( | |
| 155 webcrypto::Uint8VectorStart(sym_key->key()), sym_key->key().size()); | |
| 156 | 148 |
| 157 return Status::Success(); | 149 return Status::Success(); |
| 158 } | 150 } |
| 159 | 151 |
| 160 } // namespace | 152 } // namespace |
| 161 | 153 |
| 162 void WebCryptoImpl::Init() { crypto::EnsureOpenSSLInit(); } | 154 Status ExportKeyRaw(SymKey* key, blink::WebArrayBuffer* buffer) { |
| 163 | 155 *buffer = CreateArrayBuffer(Uint8VectorStart(key->key()), key->key().size()); |
| 164 Status WebCryptoImpl::EncryptInternal( | 156 return Status::Success(); |
| 165 const blink::WebCryptoAlgorithm& algorithm, | |
| 166 const blink::WebCryptoKey& key, | |
| 167 const unsigned char* data, | |
| 168 unsigned int data_size, | |
| 169 blink::WebArrayBuffer* buffer) { | |
| 170 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | |
| 171 return AesCbcEncryptDecrypt( | |
| 172 kDoEncrypt, algorithm, key, data, data_size, buffer); | |
| 173 } | |
| 174 | |
| 175 return Status::ErrorUnsupported(); | |
| 176 } | 157 } |
| 177 | 158 |
| 178 Status WebCryptoImpl::DecryptInternal( | 159 void Init() { |
| 179 const blink::WebCryptoAlgorithm& algorithm, | 160 crypto::EnsureOpenSSLInit(); |
| 180 const blink::WebCryptoKey& key, | |
| 181 const unsigned char* data, | |
| 182 unsigned int data_size, | |
| 183 blink::WebArrayBuffer* buffer) { | |
| 184 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc) { | |
| 185 return AesCbcEncryptDecrypt( | |
| 186 kDoDecrypt, algorithm, key, data, data_size, buffer); | |
| 187 } | |
| 188 | |
| 189 return Status::ErrorUnsupported(); | |
| 190 } | 161 } |
| 191 | 162 |
| 192 Status WebCryptoImpl::DigestInternal(const blink::WebCryptoAlgorithm& algorithm, | 163 Status EncryptAesCbc(SymKey* key, |
| 193 const unsigned char* data, | 164 const CryptoData& iv, |
| 194 unsigned int data_size, | 165 const CryptoData& data, |
| 195 blink::WebArrayBuffer* buffer) { | 166 blink::WebArrayBuffer* buffer) { |
| 167 return AesCbcEncryptDecrypt(kDoEncrypt, key, iv, data, buffer); |
| 168 } |
| 196 | 169 |
| 170 Status DecryptAesCbc(SymKey* key, |
| 171 const CryptoData& iv, |
| 172 const CryptoData& data, |
| 173 blink::WebArrayBuffer* buffer) { |
| 174 return AesCbcEncryptDecrypt(kDoDecrypt, key, iv, data, buffer); |
| 175 } |
| 176 |
| 177 Status DigestSha(blink::WebCryptoAlgorithmId algorithm, |
| 178 const CryptoData& data, |
| 179 blink::WebArrayBuffer* buffer) { |
| 197 crypto::OpenSSLErrStackTracer(FROM_HERE); | 180 crypto::OpenSSLErrStackTracer(FROM_HERE); |
| 198 | 181 |
| 199 const EVP_MD* digest_algorithm; | 182 const EVP_MD* digest_algorithm; |
| 200 switch (algorithm.id()) { | 183 switch (algorithm) { |
| 201 case blink::WebCryptoAlgorithmIdSha1: | 184 case blink::WebCryptoAlgorithmIdSha1: |
| 202 digest_algorithm = EVP_sha1(); | 185 digest_algorithm = EVP_sha1(); |
| 203 break; | 186 break; |
| 204 case blink::WebCryptoAlgorithmIdSha224: | 187 case blink::WebCryptoAlgorithmIdSha224: |
| 205 digest_algorithm = EVP_sha224(); | 188 digest_algorithm = EVP_sha224(); |
| 206 break; | 189 break; |
| 207 case blink::WebCryptoAlgorithmIdSha256: | 190 case blink::WebCryptoAlgorithmIdSha256: |
| 208 digest_algorithm = EVP_sha256(); | 191 digest_algorithm = EVP_sha256(); |
| 209 break; | 192 break; |
| 210 case blink::WebCryptoAlgorithmIdSha384: | 193 case blink::WebCryptoAlgorithmIdSha384: |
| 211 digest_algorithm = EVP_sha384(); | 194 digest_algorithm = EVP_sha384(); |
| 212 break; | 195 break; |
| 213 case blink::WebCryptoAlgorithmIdSha512: | 196 case blink::WebCryptoAlgorithmIdSha512: |
| 214 digest_algorithm = EVP_sha512(); | 197 digest_algorithm = EVP_sha512(); |
| 215 break; | 198 break; |
| 216 default: | 199 default: |
| 217 // Not a digest algorithm. | 200 // Not a SHA algorithm. |
| 218 return Status::ErrorUnsupported(); | 201 return Status::ErrorUnexpected(); |
| 219 } | 202 } |
| 220 | 203 |
| 221 crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context( | 204 crypto::ScopedOpenSSL<EVP_MD_CTX, EVP_MD_CTX_destroy> digest_context( |
| 222 EVP_MD_CTX_create()); | 205 EVP_MD_CTX_create()); |
| 223 if (!digest_context.get()) | 206 if (!digest_context.get()) |
| 224 return Status::Error(); | 207 return Status::Error(); |
| 225 | 208 |
| 226 if (!EVP_DigestInit_ex(digest_context.get(), digest_algorithm, NULL) || | 209 if (!EVP_DigestInit_ex(digest_context.get(), digest_algorithm, NULL) || |
| 227 !EVP_DigestUpdate(digest_context.get(), data, data_size)) { | 210 !EVP_DigestUpdate( |
| 211 digest_context.get(), data.bytes(), data.byte_length())) { |
| 228 return Status::Error(); | 212 return Status::Error(); |
| 229 } | 213 } |
| 230 | 214 |
| 231 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); | 215 const int hash_expected_size = EVP_MD_CTX_size(digest_context.get()); |
| 232 if (hash_expected_size <= 0) { | 216 if (hash_expected_size <= 0) |
| 233 return Status::ErrorUnexpected(); | 217 return Status::ErrorUnexpected(); |
| 234 } | |
| 235 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); | 218 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE); |
| 236 | 219 |
| 237 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); | 220 *buffer = blink::WebArrayBuffer::create(hash_expected_size, 1); |
| 238 unsigned char* const hash_buffer = | 221 unsigned char* const hash_buffer = |
| 239 reinterpret_cast<unsigned char* const>(buffer->data()); | 222 reinterpret_cast<unsigned char* const>(buffer->data()); |
| 240 | 223 |
| 241 unsigned int hash_size = 0; | 224 unsigned int hash_size = 0; |
| 242 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || | 225 if (!EVP_DigestFinal_ex(digest_context.get(), hash_buffer, &hash_size) || |
| 243 static_cast<int>(hash_size) != hash_expected_size) { | 226 static_cast<int>(hash_size) != hash_expected_size) { |
| 244 buffer->reset(); | 227 buffer->reset(); |
| 245 return Status::Error(); | 228 return Status::Error(); |
| 246 } | 229 } |
| 247 | 230 |
| 248 return Status::Success(); | 231 return Status::Success(); |
| 249 } | 232 } |
| 250 | 233 |
| 251 Status WebCryptoImpl::GenerateSecretKeyInternal( | 234 Status GenerateSecretKey( |
| 252 const blink::WebCryptoAlgorithm& algorithm, | 235 const blink::WebCryptoAlgorithm& algorithm, |
| 253 bool extractable, | 236 bool extractable, |
| 254 blink::WebCryptoKeyUsageMask usage_mask, | 237 blink::WebCryptoKeyUsageMask usage_mask, |
| 238 unsigned keylen_bytes, |
| 255 blink::WebCryptoKey* key) { | 239 blink::WebCryptoKey* key) { |
| 256 | 240 // TODO(eroman): Is this right? |
| 257 unsigned int keylen_bytes = 0; | |
| 258 blink::WebCryptoKeyType key_type; | |
| 259 switch (algorithm.id()) { | |
| 260 case blink::WebCryptoAlgorithmIdAesCbc: { | |
| 261 const blink::WebCryptoAesKeyGenParams* params = | |
| 262 algorithm.aesKeyGenParams(); | |
| 263 DCHECK(params); | |
| 264 if (params->lengthBits() % 8) | |
| 265 return Status::ErrorGenerateKeyLength(); | |
| 266 keylen_bytes = params->lengthBits() / 8; | |
| 267 if (!GetAESCipherByKeyLength(keylen_bytes)) | |
| 268 return Status::Error(); | |
| 269 key_type = blink::WebCryptoKeyTypeSecret; | |
| 270 break; | |
| 271 } | |
| 272 case blink::WebCryptoAlgorithmIdHmac: { | |
| 273 const blink::WebCryptoHmacKeyParams* params = algorithm.hmacKeyParams(); | |
| 274 DCHECK(params); | |
| 275 if (params->hasLengthBytes()) | |
| 276 keylen_bytes = params->optionalLengthBytes(); | |
| 277 else | |
| 278 keylen_bytes = webcrypto::ShaBlockSizeBytes(params->hash().id()); | |
| 279 key_type = blink::WebCryptoKeyTypeSecret; | |
| 280 break; | |
| 281 } | |
| 282 | |
| 283 default: { return Status::ErrorUnsupported(); } | |
| 284 } | |
| 285 | |
| 286 if (keylen_bytes == 0) | 241 if (keylen_bytes == 0) |
| 287 return Status::ErrorGenerateKeyLength(); | 242 return Status::ErrorGenerateKeyLength(); |
| 288 | 243 |
| 289 crypto::OpenSSLErrStackTracer(FROM_HERE); | 244 crypto::OpenSSLErrStackTracer(FROM_HERE); |
| 290 | 245 |
| 291 std::vector<unsigned char> random_bytes(keylen_bytes, 0); | 246 std::vector<unsigned char> random_bytes(keylen_bytes, 0); |
| 292 if (!(RAND_bytes(&random_bytes[0], keylen_bytes))) | 247 if (!(RAND_bytes(&random_bytes[0], keylen_bytes))) |
| 293 return Status::Error(); | 248 return Status::Error(); |
| 294 | 249 |
| 295 *key = blink::WebCryptoKey::create( | 250 *key = blink::WebCryptoKey::create(new SymKey(CryptoData(random_bytes)), |
| 296 new SymKeyHandle(&random_bytes[0], random_bytes.size()), | 251 blink::WebCryptoKeyTypeSecret, |
| 297 key_type, extractable, algorithm, usage_mask); | 252 extractable, |
| 253 algorithm, |
| 254 usage_mask); |
| 298 | 255 |
| 299 return Status::Success(); | 256 return Status::Success(); |
| 300 } | 257 } |
| 301 | 258 |
| 302 Status WebCryptoImpl::GenerateKeyPairInternal( | 259 Status GenerateRsaKeyPair( |
| 303 const blink::WebCryptoAlgorithm& algorithm, | 260 const blink::WebCryptoAlgorithm& algorithm, |
| 304 bool extractable, | 261 bool extractable, |
| 305 blink::WebCryptoKeyUsageMask usage_mask, | 262 blink::WebCryptoKeyUsageMask usage_mask, |
| 306 blink::WebCryptoKey* public_key, | 263 blink::WebCryptoKey* public_key, |
| 307 blink::WebCryptoKey* private_key) { | 264 blink::WebCryptoKey* private_key) { |
| 308 // TODO(padolph): Placeholder for OpenSSL implementation. | 265 // TODO(padolph): Placeholder for OpenSSL implementation. |
| 309 // Issue http://crbug.com/267888. | 266 // Issue http://crbug.com/267888. |
| 310 return Status::ErrorUnsupported(); | 267 return Status::ErrorUnsupported(); |
| 311 } | 268 } |
| 312 | 269 |
| 313 Status WebCryptoImpl::ImportKeyInternal( | 270 Status ImportKeyRaw(const CryptoData& key_data, |
| 314 blink::WebCryptoKeyFormat format, | 271 const blink::WebCryptoAlgorithm& algorithm, |
| 315 const unsigned char* key_data, | 272 bool extractable, |
| 316 unsigned int key_data_size, | 273 blink::WebCryptoKeyUsageMask usage_mask, |
| 317 const blink::WebCryptoAlgorithm& algorithm_or_null, | 274 blink::WebCryptoKey* key) { |
| 318 bool extractable, | 275 *key = blink::WebCryptoKey::create(new SymKey(key_data), |
| 319 blink::WebCryptoKeyUsageMask usage_mask, | 276 blink::WebCryptoKeyTypeSecret, |
| 320 blink::WebCryptoKey* key) { | 277 extractable, |
| 321 // TODO(eroman): Currently expects algorithm to always be specified, as it is | 278 algorithm, |
| 322 // required for raw format. | 279 usage_mask); |
| 323 if (algorithm_or_null.isNull()) | |
| 324 return Status::ErrorMissingAlgorithmImportRawKey(); | |
| 325 const blink::WebCryptoAlgorithm& algorithm = algorithm_or_null; | |
| 326 | |
| 327 // TODO(padolph): Support all relevant alg types and then remove this gate. | |
| 328 if (algorithm.id() != blink::WebCryptoAlgorithmIdHmac && | |
| 329 algorithm.id() != blink::WebCryptoAlgorithmIdAesCbc) { | |
| 330 return Status::ErrorUnsupported(); | |
| 331 } | |
| 332 | |
| 333 // TODO(padolph): Need to split handling for symmetric (raw format) and | |
| 334 // asymmetric (spki or pkcs8 format) keys. | |
| 335 // Currently only supporting symmetric. | |
| 336 | |
| 337 // Symmetric keys are always type secret | |
| 338 blink::WebCryptoKeyType type = blink::WebCryptoKeyTypeSecret; | |
| 339 | |
| 340 const unsigned char* raw_key_data; | |
| 341 unsigned int raw_key_data_size; | |
| 342 switch (format) { | |
| 343 case blink::WebCryptoKeyFormatRaw: | |
| 344 raw_key_data = key_data; | |
| 345 raw_key_data_size = key_data_size; | |
| 346 // The NSS implementation fails when importing a raw AES key with a length | |
| 347 // incompatible with AES. The line below is to match this behavior. | |
| 348 if (algorithm.id() == blink::WebCryptoAlgorithmIdAesCbc && | |
| 349 !GetAESCipherByKeyLength(raw_key_data_size)) { | |
| 350 return Status::Error(); | |
| 351 } | |
| 352 break; | |
| 353 case blink::WebCryptoKeyFormatJwk: | |
| 354 return Status::ErrorUnexpected(); | |
| 355 default: | |
| 356 return Status::ErrorUnsupported(); | |
| 357 } | |
| 358 | |
| 359 *key = blink::WebCryptoKey::create( | |
| 360 new SymKeyHandle(raw_key_data, raw_key_data_size), | |
| 361 type, extractable, algorithm, usage_mask); | |
| 362 | 280 |
| 363 return Status::Success(); | 281 return Status::Success(); |
| 364 } | 282 } |
| 365 | 283 |
| 366 Status WebCryptoImpl::ExportKeyInternal( | 284 Status SignHmac(SymKey* key, |
| 367 blink::WebCryptoKeyFormat format, | 285 const blink::WebCryptoAlgorithm& hash, |
| 368 const blink::WebCryptoKey& key, | 286 const CryptoData& data, |
| 369 blink::WebArrayBuffer* buffer) { | 287 blink::WebArrayBuffer* buffer) { |
| 370 switch (format) { | |
| 371 case blink::WebCryptoKeyFormatRaw: | |
| 372 return ExportKeyInternalRaw(key, buffer); | |
| 373 case blink::WebCryptoKeyFormatSpki: | |
| 374 // TODO(padolph): Implement spki export | |
| 375 return Status::ErrorUnsupported(); | |
| 376 case blink::WebCryptoKeyFormatPkcs8: | |
| 377 // TODO(padolph): Implement pkcs8 export | |
| 378 return Status::ErrorUnsupported(); | |
| 379 default: | |
| 380 return Status::ErrorUnsupported(); | |
| 381 } | |
| 382 return Status::ErrorUnsupported(); | |
| 383 } | |
| 384 | |
| 385 Status WebCryptoImpl::SignInternal( | |
| 386 const blink::WebCryptoAlgorithm& algorithm, | |
| 387 const blink::WebCryptoKey& key, | |
| 388 const unsigned char* data, | |
| 389 unsigned int data_size, | |
| 390 blink::WebArrayBuffer* buffer) { | |
| 391 | |
| 392 blink::WebArrayBuffer result; | 288 blink::WebArrayBuffer result; |
| 393 | 289 |
| 394 switch (algorithm.id()) { | 290 // TODO(eroman): De-indent this code. |
| 395 case blink::WebCryptoAlgorithmIdHmac: { | |
| 396 | |
| 397 DCHECK_EQ(key.algorithm().id(), blink::WebCryptoAlgorithmIdHmac); | |
| 398 DCHECK_NE(0, key.usages() & blink::WebCryptoKeyUsageSign); | |
| 399 | |
| 400 const blink::WebCryptoHmacParams* const params = algorithm.hmacParams(); | |
| 401 if (!params) | |
| 402 return Status::ErrorUnexpected(); | |
| 403 | |
| 404 const EVP_MD* evp_sha = 0; | 291 const EVP_MD* evp_sha = 0; |
| 405 unsigned int hmac_expected_length = 0; | 292 unsigned int hmac_expected_length = 0; |
| 406 // Note that HMAC length is determined by the hash used. | 293 // Note that HMAC length is determined by the hash used. |
| 407 switch (params->hash().id()) { | 294 switch (hash.id()) { |
| 408 case blink::WebCryptoAlgorithmIdSha1: | 295 case blink::WebCryptoAlgorithmIdSha1: |
| 409 evp_sha = EVP_sha1(); | 296 evp_sha = EVP_sha1(); |
| 410 hmac_expected_length = SHA_DIGEST_LENGTH; | 297 hmac_expected_length = SHA_DIGEST_LENGTH; |
| 411 break; | 298 break; |
| 412 case blink::WebCryptoAlgorithmIdSha224: | 299 case blink::WebCryptoAlgorithmIdSha224: |
| 413 evp_sha = EVP_sha224(); | 300 evp_sha = EVP_sha224(); |
| 414 hmac_expected_length = SHA224_DIGEST_LENGTH; | 301 hmac_expected_length = SHA224_DIGEST_LENGTH; |
| 415 break; | 302 break; |
| 416 case blink::WebCryptoAlgorithmIdSha256: | 303 case blink::WebCryptoAlgorithmIdSha256: |
| 417 evp_sha = EVP_sha256(); | 304 evp_sha = EVP_sha256(); |
| 418 hmac_expected_length = SHA256_DIGEST_LENGTH; | 305 hmac_expected_length = SHA256_DIGEST_LENGTH; |
| 419 break; | 306 break; |
| 420 case blink::WebCryptoAlgorithmIdSha384: | 307 case blink::WebCryptoAlgorithmIdSha384: |
| 421 evp_sha = EVP_sha384(); | 308 evp_sha = EVP_sha384(); |
| 422 hmac_expected_length = SHA384_DIGEST_LENGTH; | 309 hmac_expected_length = SHA384_DIGEST_LENGTH; |
| 423 break; | 310 break; |
| 424 case blink::WebCryptoAlgorithmIdSha512: | 311 case blink::WebCryptoAlgorithmIdSha512: |
| 425 evp_sha = EVP_sha512(); | 312 evp_sha = EVP_sha512(); |
| 426 hmac_expected_length = SHA512_DIGEST_LENGTH; | 313 hmac_expected_length = SHA512_DIGEST_LENGTH; |
| 427 break; | 314 break; |
| 428 default: | 315 default: |
| 429 // Not a digest algorithm. | 316 // Not a digest algorithm. |
| 430 return Status::ErrorUnsupported(); | 317 return Status::ErrorUnsupported(); |
| 431 } | 318 } |
| 432 | 319 |
| 433 SymKeyHandle* const sym_key = | 320 const std::vector<unsigned char>& raw_key = key->key(); |
| 434 reinterpret_cast<SymKeyHandle*>(key.handle()); | |
| 435 const std::vector<unsigned char>& raw_key = sym_key->key(); | |
| 436 | 321 |
| 437 // OpenSSL wierdness here. | 322 // OpenSSL wierdness here. |
| 438 // First, HMAC() needs a void* for the key data, so make one up front as a | 323 // First, HMAC() needs a void* for the key data, so make one up front as a |
| 439 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, | 324 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, |
| 440 // which will result if the raw_key vector is empty; an entirely valid | 325 // which will result if the raw_key vector is empty; an entirely valid |
| 441 // case. Handle this specific case by pointing to an empty array. | 326 // case. Handle this specific case by pointing to an empty array. |
| 442 const unsigned char null_key[] = {}; | 327 const unsigned char null_key[] = {}; |
| 443 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; | 328 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; |
| 444 | 329 |
| 445 result = blink::WebArrayBuffer::create(hmac_expected_length, 1); | 330 result = blink::WebArrayBuffer::create(hmac_expected_length, 1); |
| 446 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( | 331 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( |
| 447 reinterpret_cast<unsigned char*>(result.data()), | 332 reinterpret_cast<unsigned char*>(result.data()), |
| 448 hmac_expected_length); | 333 hmac_expected_length); |
| 449 | 334 |
| 450 crypto::OpenSSLErrStackTracer(FROM_HERE); | 335 crypto::OpenSSLErrStackTracer(FROM_HERE); |
| 451 | 336 |
| 452 unsigned int hmac_actual_length; | 337 unsigned int hmac_actual_length; |
| 453 unsigned char* const success = HMAC(evp_sha, | 338 unsigned char* const success = HMAC(evp_sha, |
| 454 raw_key_voidp, | 339 raw_key_voidp, |
| 455 raw_key.size(), | 340 raw_key.size(), |
| 456 data, | 341 data.bytes(), |
| 457 data_size, | 342 data.byte_length(), |
| 458 hmac_result.safe_buffer(), | 343 hmac_result.safe_buffer(), |
| 459 &hmac_actual_length); | 344 &hmac_actual_length); |
| 460 if (!success || hmac_actual_length != hmac_expected_length) | 345 if (!success || hmac_actual_length != hmac_expected_length) |
| 461 return Status::Error(); | 346 return Status::Error(); |
| 462 | 347 |
| 463 break; | |
| 464 } | |
| 465 default: | |
| 466 return Status::ErrorUnsupported(); | |
| 467 } | |
| 468 | |
| 469 *buffer = result; | 348 *buffer = result; |
| 470 return Status::Success(); | 349 return Status::Success(); |
| 471 } | 350 } |
| 472 | 351 |
| 473 Status WebCryptoImpl::VerifySignatureInternal( | 352 Status ImportRsaPublicKey(const CryptoData& modulus_data, |
| 474 const blink::WebCryptoAlgorithm& algorithm, | 353 const CryptoData& exponent_data, |
| 475 const blink::WebCryptoKey& key, | 354 const blink::WebCryptoAlgorithm& algorithm, |
| 476 const unsigned char* signature, | 355 bool extractable, |
| 477 unsigned int signature_size, | 356 blink::WebCryptoKeyUsageMask usage_mask, |
| 478 const unsigned char* data, | 357 blink::WebCryptoKey* key) { |
| 479 unsigned int data_size, | |
| 480 bool* signature_match) { | |
| 481 switch (algorithm.id()) { | |
| 482 case blink::WebCryptoAlgorithmIdHmac: { | |
| 483 blink::WebArrayBuffer result; | |
| 484 Status status = SignInternal(algorithm, key, data, data_size, &result); | |
| 485 if (status.IsError()) | |
| 486 return status; | |
| 487 | |
| 488 // Handling of truncated signatures is underspecified in the WebCrypto | |
| 489 // spec, so here we fail verification if a truncated signature is being | |
| 490 // verified. | |
| 491 // See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23097 | |
| 492 *signature_match = | |
| 493 result.byteLength() == signature_size && | |
| 494 crypto::SecureMemEqual(result.data(), signature, signature_size); | |
| 495 | |
| 496 break; | |
| 497 } | |
| 498 default: | |
| 499 return Status::ErrorUnsupported(); | |
| 500 } | |
| 501 return Status::Success(); | |
| 502 } | |
| 503 | |
| 504 Status WebCryptoImpl::ImportRsaPublicKeyInternal( | |
| 505 const unsigned char* modulus_data, | |
| 506 unsigned int modulus_size, | |
| 507 const unsigned char* exponent_data, | |
| 508 unsigned int exponent_size, | |
| 509 const blink::WebCryptoAlgorithm& algorithm, | |
| 510 bool extractable, | |
| 511 blink::WebCryptoKeyUsageMask usage_mask, | |
| 512 blink::WebCryptoKey* key) { | |
| 513 // TODO(padolph): Placeholder for OpenSSL implementation. | 358 // TODO(padolph): Placeholder for OpenSSL implementation. |
| 514 // Issue http://crbug.com/267888. | 359 // Issue |
| 515 return Status::ErrorUnsupported(); | 360 return Status::ErrorUnsupported(); |
| 516 } | 361 } |
| 517 | 362 |
| 363 Status EncryptAesGcm(SymKey* key, |
| 364 const blink::WebCryptoAesGcmParams* params, |
| 365 const CryptoData& data, |
| 366 blink::WebArrayBuffer* buffer) { |
| 367 // TODO(eroman): http://crbug.com/267888 |
| 368 return Status::ErrorUnsupported(); |
| 369 } |
| 370 |
| 371 // Guaranteed that params is non-null, and the key is an AES key. |
| 372 Status DecryptAesGcm(SymKey* key, |
| 373 const blink::WebCryptoAesGcmParams* params, |
| 374 const CryptoData& data, |
| 375 blink::WebArrayBuffer* buffer) { |
| 376 // TODO(eroman): http://crbug.com/267888 |
| 377 return Status::ErrorUnsupported(); |
| 378 } |
| 379 |
| 380 // Guaranteed that key is valid. |
| 381 Status EncryptRsaEsPkcs1v1_5(PublicKey* key, |
| 382 const CryptoData& data, |
| 383 blink::WebArrayBuffer* buffer) { |
| 384 // TODO(eroman): http://crbug.com/267888 |
| 385 return Status::ErrorUnsupported(); |
| 386 } |
| 387 |
| 388 Status DecryptRsaEsPkcs1v1_5(PrivateKey* key, |
| 389 const CryptoData& data, |
| 390 blink::WebArrayBuffer* buffer) { |
| 391 // TODO(eroman): http://crbug.com/267888 |
| 392 return Status::ErrorUnsupported(); |
| 393 } |
| 394 |
| 395 Status SignRsaSsaPkcs1v1_5(PrivateKey* key, |
| 396 const blink::WebCryptoAlgorithm& hash, |
| 397 const CryptoData& data, |
| 398 blink::WebArrayBuffer* buffer) { |
| 399 // TODO(eroman): http://crbug.com/267888 |
| 400 return Status::ErrorUnsupported(); |
| 401 } |
| 402 |
| 403 // Key is guaranteed to be an RSA SSA key. |
| 404 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key, |
| 405 const blink::WebCryptoAlgorithm& hash, |
| 406 const CryptoData& signature, |
| 407 const CryptoData& data, |
| 408 bool* signature_match) { |
| 409 // TODO(eroman): http://crbug.com/267888 |
| 410 return Status::ErrorUnsupported(); |
| 411 } |
| 412 |
| 413 Status ImportKeySpki(const CryptoData& key_data, |
| 414 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 415 bool extractable, |
| 416 blink::WebCryptoKeyUsageMask usage_mask, |
| 417 blink::WebCryptoKey* key) { |
| 418 // TODO(eroman): http://crbug.com/267888 |
| 419 return Status::ErrorUnsupported(); |
| 420 } |
| 421 |
| 422 Status ImportKeyPkcs8(const CryptoData& key_data, |
| 423 const blink::WebCryptoAlgorithm& algorithm_or_null, |
| 424 bool extractable, |
| 425 blink::WebCryptoKeyUsageMask usage_mask, |
| 426 blink::WebCryptoKey* key) { |
| 427 // TODO(eroman): http://crbug.com/267888 |
| 428 return Status::ErrorUnsupported(); |
| 429 } |
| 430 |
| 431 Status ExportKeySpki(PublicKey* key, blink::WebArrayBuffer* buffer) { |
| 432 // TODO(eroman): http://crbug.com/267888 |
| 433 return Status::ErrorUnsupported(); |
| 434 } |
| 435 |
| 436 } // namespace platform |
| 437 |
| 438 } // namespace webcrypto |
| 439 |
| 518 } // namespace content | 440 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 155623005:
Refactor to share more code between OpenSSL and NSS implementations. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src