OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 | 10 |
(...skipping 1116 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1127 return Status::ErrorInvalidAesKwDataLength(); | 1127 return Status::ErrorInvalidAesKwDataLength(); |
1128 | 1128 |
1129 SECItem iv_item = MakeSECItemForBuffer(CryptoData(kAesIv, sizeof(kAesIv))); | 1129 SECItem iv_item = MakeSECItemForBuffer(CryptoData(kAesIv, sizeof(kAesIv))); |
1130 crypto::ScopedSECItem param_item( | 1130 crypto::ScopedSECItem param_item( |
1131 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); | 1131 PK11_ParamFromIV(CKM_NSS_AES_KEY_WRAP, &iv_item)); |
1132 if (!param_item) | 1132 if (!param_item) |
1133 return Status::ErrorUnexpected(); | 1133 return Status::ErrorUnexpected(); |
1134 | 1134 |
1135 const unsigned int output_length = input_length + 8; | 1135 const unsigned int output_length = input_length + 8; |
1136 *buffer = blink::WebArrayBuffer::create(output_length, 1); | 1136 *buffer = blink::WebArrayBuffer::create(output_length, 1); |
1137 unsigned char* buffer_data = reinterpret_cast<unsigned char*>(buffer->data()); | 1137 SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
1138 SECItem wrapped_key_item = {siBuffer, buffer_data, output_length}; | |
1139 | 1138 |
1140 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, | 1139 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
1141 param_item.get(), | 1140 param_item.get(), |
1142 wrapping_key->key(), | 1141 wrapping_key->key(), |
1143 key->key(), | 1142 key->key(), |
1144 &wrapped_key_item)) { | 1143 &wrapped_key_item)) { |
1145 return Status::Error(); | 1144 return Status::Error(); |
1146 } | 1145 } |
1147 if (output_length != wrapped_key_item.len) | 1146 if (output_length != wrapped_key_item.len) |
1148 return Status::ErrorUnexpected(); | 1147 return Status::ErrorUnexpected(); |
(...skipping 76 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1225 return Status::ErrorUnexpected(); | 1224 return Status::ErrorUnexpected(); |
1226 | 1225 |
1227 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), | 1226 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
1228 blink::WebCryptoKeyTypeSecret, | 1227 blink::WebCryptoKeyTypeSecret, |
1229 extractable, | 1228 extractable, |
1230 key_algorithm, | 1229 key_algorithm, |
1231 usage_mask); | 1230 usage_mask); |
1232 return Status::Success(); | 1231 return Status::Success(); |
1233 } | 1232 } |
1234 | 1233 |
| 1234 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, |
| 1235 SymKey* key, |
| 1236 blink::WebArrayBuffer* buffer) { |
| 1237 // Check the raw length of the key to be wrapped against the max size allowed |
| 1238 // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
| 1239 // the maximum data length that can be encrypted is the wrapping_key's modulus |
| 1240 // byte length minus eleven bytes. |
| 1241 const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); |
| 1242 const unsigned int modulus_length_bytes = |
| 1243 SECKEY_PublicKeyStrength(wrapping_key->key()); |
| 1244 if (modulus_length_bytes < 11 || |
| 1245 modulus_length_bytes - 11 < input_length_bytes) |
| 1246 return Status::ErrorDataTooLarge(); |
| 1247 |
| 1248 *buffer = blink::WebArrayBuffer::create(modulus_length_bytes, 1); |
| 1249 SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer)); |
| 1250 |
| 1251 if (SECSuccess != |
| 1252 PK11_PubWrapSymKey( |
| 1253 CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) { |
| 1254 return Status::Error(); |
| 1255 } |
| 1256 if (wrapped_key_item.len != modulus_length_bytes) |
| 1257 return Status::ErrorUnexpected(); |
| 1258 |
| 1259 return Status::Success(); |
| 1260 } |
| 1261 |
| 1262 Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data, |
| 1263 PrivateKey* wrapping_key, |
| 1264 const blink::WebCryptoAlgorithm& algorithm, |
| 1265 bool extractable, |
| 1266 blink::WebCryptoKeyUsageMask usage_mask, |
| 1267 blink::WebCryptoKey* key) { |
| 1268 |
| 1269 // Verify wrapped_key_data size does not exceed the modulus of the RSA key. |
| 1270 const int modulus_length_bytes = |
| 1271 PK11_GetPrivateModulusLen(wrapping_key->key()); |
| 1272 if (modulus_length_bytes <= 0) |
| 1273 return Status::ErrorUnexpected(); |
| 1274 if (wrapped_key_data.byte_length() > |
| 1275 static_cast<unsigned int>(modulus_length_bytes)) |
| 1276 return Status::ErrorDataTooLarge(); |
| 1277 |
| 1278 // Determine the proper NSS key properties from the input algorithm. |
| 1279 CK_MECHANISM_TYPE mechanism; |
| 1280 CK_FLAGS flags; |
| 1281 Status status = |
| 1282 WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags); |
| 1283 if (status.IsError()) |
| 1284 return status; |
| 1285 |
| 1286 SECItem wrapped_key_item = MakeSECItemForBuffer(wrapped_key_data); |
| 1287 |
| 1288 crypto::ScopedPK11SymKey unwrapped_key( |
| 1289 PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(), |
| 1290 &wrapped_key_item, |
| 1291 mechanism, |
| 1292 CKA_DECRYPT, |
| 1293 0, |
| 1294 flags, |
| 1295 false)); |
| 1296 if (!unwrapped_key) |
| 1297 return Status::Error(); |
| 1298 |
| 1299 const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get()); |
| 1300 |
| 1301 blink::WebCryptoKeyAlgorithm key_algorithm; |
| 1302 if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm)) |
| 1303 return Status::ErrorUnexpected(); |
| 1304 |
| 1305 *key = blink::WebCryptoKey::create(new SymKey(unwrapped_key.Pass()), |
| 1306 blink::WebCryptoKeyTypeSecret, |
| 1307 extractable, |
| 1308 key_algorithm, |
| 1309 usage_mask); |
| 1310 return Status::Success(); |
| 1311 } |
| 1312 |
1235 } // namespace platform | 1313 } // namespace platform |
1236 | 1314 |
1237 } // namespace webcrypto | 1315 } // namespace webcrypto |
1238 | 1316 |
1239 } // namespace content | 1317 } // namespace content |
OLD | NEW |