OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 | 10 |
(...skipping 1185 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1196 return Status::ErrorUnexpected(); | 1196 return Status::ErrorUnexpected(); |
1197 | 1197 |
1198 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), | 1198 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
1199 blink::WebCryptoKeyTypeSecret, | 1199 blink::WebCryptoKeyTypeSecret, |
1200 extractable, | 1200 extractable, |
1201 key_algorithm, | 1201 key_algorithm, |
1202 usage_mask); | 1202 usage_mask); |
1203 return Status::Success(); | 1203 return Status::Success(); |
1204 } | 1204 } |
1205 | 1205 |
1206 Status WrapSymKeyAesKw(SymKey* wrapping_key, | |
eroman
2014/03/10 21:55:34
IMPORTANT: Why is this showing as removed?
padolph
2014/03/11 01:27:53
This was a rebase problem that unfortunately got u
| |
1207 SymKey* key, | |
1208 blink::WebArrayBuffer* buffer) { | |
1209 // The data size must be at least 16 bytes and a multiple of 8 bytes. | |
1210 // RFC 3394 does not specify a maximum allowed data length, but since only | |
1211 // keys are being wrapped in this application (which are small), a reasonable | |
1212 // max limit is whatever will fit into an unsigned. For the max size test, | |
1213 // note that AES Key Wrap always adds 8 bytes to the input data size. | |
1214 const unsigned int input_length = PK11_GetKeyLength(key->key()); | |
1215 if (input_length < 16) | |
1216 return Status::ErrorDataTooSmall(); | |
1217 if (input_length > UINT_MAX - 8) | |
1218 return Status::ErrorDataTooLarge(); | |
1219 if (input_length % 8) | |
1220 return Status::ErrorInvalidAesKwDataLength(); | |
1221 | |
1222 SECItem iv_item = | |
1223 MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); | |
1224 crypto::ScopedSECItem param_item( | |
1225 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); | |
1226 if (!param_item) | |
1227 return Status::ErrorUnexpected(); | |
1228 | |
1229 const unsigned int output_length = input_length + 8; | |
1230 *buffer = blink::WebArrayBuffer::create(output_length, 1); | |
1231 unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); | |
1232 SECItem wrapped_key_item = {siBuffer, buffer_data, output_length}; | |
1233 | |
1234 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, | |
1235 param_item.get(), | |
1236 wrapping_key->key(), | |
1237 key->key(), | |
1238 &wrapped_key_item)) { | |
1239 return Status::Error(); | |
1240 } | |
1241 if (output_length != wrapped_key_item.len) | |
1242 return Status::ErrorUnexpected(); | |
1243 | |
1244 return Status::Success(); | |
1245 } | |
1246 | |
1247 Status UnwrapSymKeyAesKw(const CryptoData& wrapped_key_data, | |
1248 SymKey* wrapping_key, | |
1249 const blink::WebCryptoAlgorithm& algorithm, | |
1250 bool extractable, | |
1251 blink::WebCryptoKeyUsageMask usage_mask, | |
1252 blink::WebCryptoKey* key) { | |
1253 DCHECK(wrapped_key_data.byte_length() >= 24); | |
1254 DCHECK(wrapped_key_data.byte_length() % 8 == 0); | |
1255 | |
1256 SECItem iv_item = | |
1257 MakeSECItemForBuffer(CryptoData(kAesIv, ARRAYSIZE_UNSAFE(kAesIv))); | |
1258 crypto::ScopedSECItem param_item( | |
1259 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); | |
1260 if (!param_item) | |
1261 return Status::ErrorUnexpected(); | |
1262 | |
1263 SECItem cipher_text = MakeSECItemForBuffer(wrapped_key_data); | |
1264 | |
1265 // The plaintext length is always 64 bits less than the data size. | |
1266 const unsigned int plaintext_length = wrapped_key_data.byte_length() - 8; | |
1267 | |
1268 // Determine the proper NSS key properties from the input algorithm. | |
1269 CK_MECHANISM_TYPE mechanism; | |
1270 CK_FLAGS flags; | |
1271 Status status = | |
1272 WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); | |
1273 if (status.IsError()) | |
1274 return status; | |
1275 | |
1276 crypto::ScopedPK11SymKey unwrapped_key(PK11_UnwrapSymKey(wrapping_key->key(), | |
1277 CKM_NSS_AES_KEY_WRAP, | |
1278 param_item.get(), | |
1279 &cipher_text, | |
1280 mechanism, | |
1281 flags, | |
1282 plaintext_length)); | |
1283 if (!unwrapped_key) | |
1284 return Status::Error(); | |
1285 | |
1286 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), | |
1287 blink::WebCryptoKeyTypeSecret, | |
1288 extractable, | |
1289 algorithm, | |
1290 usage_mask); | |
1291 return Status::Success(); | |
1292 } | |
1293 | |
1294 } // namespace platform | 1206 } // namespace platform |
1295 | 1207 |
1296 } // namespace webcrypto | 1208 } // namespace webcrypto |
1297 | 1209 |
1298 } // namespace content | 1210 } // namespace content |
OLD | NEW |