| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/platform_crypto.h" | 9 #include "content/child/webcrypto/platform_crypto.h" |
| 10 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| (...skipping 193 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 204 | 204 |
| 205 return platform::VerifyRsaSsaPkcs1v1_5( | 205 return platform::VerifyRsaSsaPkcs1v1_5( |
| 206 public_key, | 206 public_key, |
| 207 key.algorithm().rsaHashedParams()->hash(), | 207 key.algorithm().rsaHashedParams()->hash(), |
| 208 signature, | 208 signature, |
| 209 data, | 209 data, |
| 210 signature_match); | 210 signature_match); |
| 211 } | 211 } |
| 212 | 212 |
| 213 Status ImportKeyRaw(const CryptoData& key_data, | 213 Status ImportKeyRaw(const CryptoData& key_data, |
| 214 const blink::WebCryptoAlgorithm& algorithm_or_null, | 214 const blink::WebCryptoAlgorithm& algorithm, |
| 215 bool extractable, | 215 bool extractable, |
| 216 blink::WebCryptoKeyUsageMask usage_mask, | 216 blink::WebCryptoKeyUsageMask usage_mask, |
| 217 blink::WebCryptoKey* key) { | 217 blink::WebCryptoKey* key) { |
| 218 if (algorithm_or_null.isNull()) | 218 switch (algorithm.id()) { |
| 219 return Status::ErrorMissingAlgorithmImportRawKey(); | |
| 220 | |
| 221 switch (algorithm_or_null.id()) { | |
| 222 case blink::WebCryptoAlgorithmIdAesCtr: | 219 case blink::WebCryptoAlgorithmIdAesCtr: |
| 223 case blink::WebCryptoAlgorithmIdAesCbc: | 220 case blink::WebCryptoAlgorithmIdAesCbc: |
| 224 case blink::WebCryptoAlgorithmIdAesGcm: | 221 case blink::WebCryptoAlgorithmIdAesGcm: |
| 225 case blink::WebCryptoAlgorithmIdAesKw: | 222 case blink::WebCryptoAlgorithmIdAesKw: |
| 226 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) | 223 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) |
| 227 return Status::Error(); | 224 return Status::Error(); |
| 228 // Fallthrough intentional! | 225 // Fallthrough intentional! |
| 229 case blink::WebCryptoAlgorithmIdHmac: | 226 case blink::WebCryptoAlgorithmIdHmac: |
| 230 return platform::ImportKeyRaw( | 227 return platform::ImportKeyRaw( |
| 231 algorithm_or_null, key_data, extractable, usage_mask, key); | 228 algorithm, key_data, extractable, usage_mask, key); |
| 232 default: | 229 default: |
| 233 return Status::ErrorUnsupported(); | 230 return Status::ErrorUnsupported(); |
| 234 } | 231 } |
| 235 } | 232 } |
| 236 | 233 |
| 237 // Returns the key format to use for structured cloning. | 234 // Returns the key format to use for structured cloning. |
| 238 blink::WebCryptoKeyFormat GetCloneFormatForKeyType( | 235 blink::WebCryptoKeyFormat GetCloneFormatForKeyType( |
| 239 blink::WebCryptoKeyType type) { | 236 blink::WebCryptoKeyType type) { |
| 240 switch (type) { | 237 switch (type) { |
| 241 case blink::WebCryptoKeyTypeSecret: | 238 case blink::WebCryptoKeyTypeSecret: |
| (...skipping 75 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 317 if (aeskw_input_data.byte_length() < 24) | 314 if (aeskw_input_data.byte_length() < 24) |
| 318 return Status::ErrorDataTooSmall(); | 315 return Status::ErrorDataTooSmall(); |
| 319 if (aeskw_input_data.byte_length() % 8) | 316 if (aeskw_input_data.byte_length() % 8) |
| 320 return Status::ErrorInvalidAesKwDataLength(); | 317 return Status::ErrorInvalidAesKwDataLength(); |
| 321 return Status::Success(); | 318 return Status::Success(); |
| 322 } | 319 } |
| 323 | 320 |
| 324 Status UnwrapKeyRaw(const CryptoData& wrapped_key_data, | 321 Status UnwrapKeyRaw(const CryptoData& wrapped_key_data, |
| 325 const blink::WebCryptoKey& wrapping_key, | 322 const blink::WebCryptoKey& wrapping_key, |
| 326 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 323 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 327 const blink::WebCryptoAlgorithm& algorithm_or_null, | 324 const blink::WebCryptoAlgorithm& algorithm, |
| 328 bool extractable, | 325 bool extractable, |
| 329 blink::WebCryptoKeyUsageMask usage_mask, | 326 blink::WebCryptoKeyUsageMask usage_mask, |
| 330 blink::WebCryptoKey* key) { | 327 blink::WebCryptoKey* key) { |
| 331 // Must provide an algorithm when unwrapping a raw key | |
| 332 if (algorithm_or_null.isNull()) | |
| 333 return Status::ErrorMissingAlgorithmUnwrapRawKey(); | |
| 334 | |
| 335 // TODO(padolph): Handle other wrapping algorithms | 328 // TODO(padolph): Handle other wrapping algorithms |
| 336 switch (wrapping_algorithm.id()) { | 329 switch (wrapping_algorithm.id()) { |
| 337 case blink::WebCryptoAlgorithmIdAesKw: { | 330 case blink::WebCryptoAlgorithmIdAesKw: { |
| 338 platform::SymKey* platform_wrapping_key; | 331 platform::SymKey* platform_wrapping_key; |
| 339 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); | 332 Status status = ToPlatformSymKey(wrapping_key, &platform_wrapping_key); |
| 340 if (status.IsError()) | 333 if (status.IsError()) |
| 341 return status; | 334 return status; |
| 342 status = CheckAesKwInputSize(wrapped_key_data); | 335 status = CheckAesKwInputSize(wrapped_key_data); |
| 343 if (status.IsError()) | 336 if (status.IsError()) |
| 344 return status; | 337 return status; |
| 345 return platform::UnwrapSymKeyAesKw(wrapped_key_data, | 338 return platform::UnwrapSymKeyAesKw(wrapped_key_data, |
| 346 platform_wrapping_key, | 339 platform_wrapping_key, |
| 347 algorithm_or_null, | 340 algorithm, |
| 348 extractable, | 341 extractable, |
| 349 usage_mask, | 342 usage_mask, |
| 350 key); | 343 key); |
| 351 } | 344 } |
| 352 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { | 345 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: { |
| 353 platform::PrivateKey* platform_wrapping_key; | 346 platform::PrivateKey* platform_wrapping_key; |
| 354 Status status = | 347 Status status = |
| 355 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); | 348 ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key); |
| 356 if (status.IsError()) | 349 if (status.IsError()) |
| 357 return status; | 350 return status; |
| 358 if (!wrapped_key_data.byte_length()) | 351 if (!wrapped_key_data.byte_length()) |
| 359 return Status::ErrorDataTooSmall(); | 352 return Status::ErrorDataTooSmall(); |
| 360 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, | 353 return platform::UnwrapSymKeyRsaEs(wrapped_key_data, |
| 361 platform_wrapping_key, | 354 platform_wrapping_key, |
| 362 algorithm_or_null, | 355 algorithm, |
| 363 extractable, | 356 extractable, |
| 364 usage_mask, | 357 usage_mask, |
| 365 key); | 358 key); |
| 366 } | 359 } |
| 367 default: | 360 default: |
| 368 return Status::ErrorUnsupported(); | 361 return Status::ErrorUnsupported(); |
| 369 } | 362 } |
| 370 } | 363 } |
| 371 | 364 |
| 372 Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key, | 365 Status WrapKeyRaw(const blink::WebCryptoKey& wrapping_key, |
| (...skipping 79 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 452 default: | 445 default: |
| 453 return Status::ErrorUnsupported(); | 446 return Status::ErrorUnsupported(); |
| 454 } | 447 } |
| 455 } | 448 } |
| 456 | 449 |
| 457 Status UnwrapKeyDecryptAndImport( | 450 Status UnwrapKeyDecryptAndImport( |
| 458 blink::WebCryptoKeyFormat format, | 451 blink::WebCryptoKeyFormat format, |
| 459 const CryptoData& wrapped_key_data, | 452 const CryptoData& wrapped_key_data, |
| 460 const blink::WebCryptoKey& wrapping_key, | 453 const blink::WebCryptoKey& wrapping_key, |
| 461 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 454 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 462 const blink::WebCryptoAlgorithm& algorithm_or_null, | 455 const blink::WebCryptoAlgorithm& algorithm, |
| 463 bool extractable, | 456 bool extractable, |
| 464 blink::WebCryptoKeyUsageMask usage_mask, | 457 blink::WebCryptoKeyUsageMask usage_mask, |
| 465 blink::WebCryptoKey* key) { | 458 blink::WebCryptoKey* key) { |
| 466 blink::WebArrayBuffer buffer; | 459 blink::WebArrayBuffer buffer; |
| 467 Status status = DecryptDontCheckKeyUsage( | 460 Status status = DecryptDontCheckKeyUsage( |
| 468 wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); | 461 wrapping_algorithm, wrapping_key, wrapped_key_data, &buffer); |
| 469 if (status.IsError()) | 462 if (status.IsError()) |
| 470 return status; | 463 return status; |
| 471 status = ImportKey(format, | 464 status = ImportKey( |
| 472 CryptoData(buffer), | 465 format, CryptoData(buffer), algorithm, extractable, usage_mask, key); |
| 473 algorithm_or_null, | |
| 474 extractable, | |
| 475 usage_mask, | |
| 476 key); | |
| 477 // NOTE! Returning the details of any ImportKey() failure here would leak | 466 // NOTE! Returning the details of any ImportKey() failure here would leak |
| 478 // information about the plaintext internals of the encrypted key. Instead, | 467 // information about the plaintext internals of the encrypted key. Instead, |
| 479 // collapse any error into the generic Status::Error(). | 468 // collapse any error into the generic Status::Error(). |
| 480 return status.IsError() ? Status::Error() : Status::Success(); | 469 return status.IsError() ? Status::Error() : Status::Success(); |
| 481 } | 470 } |
| 482 | 471 |
| 483 Status WrapKeyExportAndEncrypt( | 472 Status WrapKeyExportAndEncrypt( |
| 484 blink::WebCryptoKeyFormat format, | 473 blink::WebCryptoKeyFormat format, |
| 485 const blink::WebCryptoKey& wrapping_key, | 474 const blink::WebCryptoKey& wrapping_key, |
| 486 const blink::WebCryptoKey& key_to_wrap, | 475 const blink::WebCryptoKey& key_to_wrap, |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 611 public_key, | 600 public_key, |
| 612 private_key); | 601 private_key); |
| 613 } | 602 } |
| 614 default: | 603 default: |
| 615 return Status::ErrorUnsupported(); | 604 return Status::ErrorUnsupported(); |
| 616 } | 605 } |
| 617 } | 606 } |
| 618 | 607 |
| 619 Status ImportKey(blink::WebCryptoKeyFormat format, | 608 Status ImportKey(blink::WebCryptoKeyFormat format, |
| 620 const CryptoData& key_data, | 609 const CryptoData& key_data, |
| 621 const blink::WebCryptoAlgorithm& algorithm_or_null, | 610 const blink::WebCryptoAlgorithm& algorithm, |
| 622 bool extractable, | 611 bool extractable, |
| 623 blink::WebCryptoKeyUsageMask usage_mask, | 612 blink::WebCryptoKeyUsageMask usage_mask, |
| 624 blink::WebCryptoKey* key) { | 613 blink::WebCryptoKey* key) { |
| 625 switch (format) { | 614 switch (format) { |
| 626 case blink::WebCryptoKeyFormatRaw: | 615 case blink::WebCryptoKeyFormatRaw: |
| 627 return ImportKeyRaw( | 616 return ImportKeyRaw(key_data, algorithm, extractable, usage_mask, key); |
| 628 key_data, algorithm_or_null, extractable, usage_mask, key); | |
| 629 case blink::WebCryptoKeyFormatSpki: | 617 case blink::WebCryptoKeyFormatSpki: |
| 630 return platform::ImportKeySpki( | 618 return platform::ImportKeySpki( |
| 631 algorithm_or_null, key_data, extractable, usage_mask, key); | 619 algorithm, key_data, extractable, usage_mask, key); |
| 632 case blink::WebCryptoKeyFormatPkcs8: | 620 case blink::WebCryptoKeyFormatPkcs8: |
| 633 return platform::ImportKeyPkcs8( | 621 return platform::ImportKeyPkcs8( |
| 634 algorithm_or_null, key_data, extractable, usage_mask, key); | 622 algorithm, key_data, extractable, usage_mask, key); |
| 635 case blink::WebCryptoKeyFormatJwk: | 623 case blink::WebCryptoKeyFormatJwk: |
| 636 return ImportKeyJwk( | 624 return ImportKeyJwk(key_data, algorithm, extractable, usage_mask, key); |
| 637 key_data, algorithm_or_null, extractable, usage_mask, key); | |
| 638 default: | 625 default: |
| 639 return Status::ErrorUnsupported(); | 626 return Status::ErrorUnsupported(); |
| 640 } | 627 } |
| 641 } | 628 } |
| 642 | 629 |
| 643 // TODO(eroman): Move this to anonymous namespace. | 630 // TODO(eroman): Move this to anonymous namespace. |
| 644 Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format, | 631 Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format, |
| 645 const blink::WebCryptoKey& key, | 632 const blink::WebCryptoKey& key, |
| 646 blink::WebArrayBuffer* buffer) { | 633 blink::WebArrayBuffer* buffer) { |
| 647 switch (format) { | 634 switch (format) { |
| (...skipping 99 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 747 default: | 734 default: |
| 748 NOTREACHED(); | 735 NOTREACHED(); |
| 749 return Status::ErrorUnsupported(); | 736 return Status::ErrorUnsupported(); |
| 750 } | 737 } |
| 751 } | 738 } |
| 752 | 739 |
| 753 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 740 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
| 754 const CryptoData& wrapped_key_data, | 741 const CryptoData& wrapped_key_data, |
| 755 const blink::WebCryptoKey& wrapping_key, | 742 const blink::WebCryptoKey& wrapping_key, |
| 756 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 743 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 757 const blink::WebCryptoAlgorithm& algorithm_or_null, | 744 const blink::WebCryptoAlgorithm& algorithm, |
| 758 bool extractable, | 745 bool extractable, |
| 759 blink::WebCryptoKeyUsageMask usage_mask, | 746 blink::WebCryptoKeyUsageMask usage_mask, |
| 760 blink::WebCryptoKey* key) { | 747 blink::WebCryptoKey* key) { |
| 761 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 748 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 762 return Status::ErrorUnexpected(); | 749 return Status::ErrorUnexpected(); |
| 763 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 750 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 764 return Status::ErrorUnexpected(); | 751 return Status::ErrorUnexpected(); |
| 765 | 752 |
| 766 switch (format) { | 753 switch (format) { |
| 767 case blink::WebCryptoKeyFormatRaw: | 754 case blink::WebCryptoKeyFormatRaw: |
| 768 return UnwrapKeyRaw(wrapped_key_data, | 755 return UnwrapKeyRaw(wrapped_key_data, |
| 769 wrapping_key, | 756 wrapping_key, |
| 770 wrapping_algorithm, | 757 wrapping_algorithm, |
| 771 algorithm_or_null, | 758 algorithm, |
| 772 extractable, | 759 extractable, |
| 773 usage_mask, | 760 usage_mask, |
| 774 key); | 761 key); |
| 775 case blink::WebCryptoKeyFormatJwk: | 762 case blink::WebCryptoKeyFormatJwk: |
| 776 return UnwrapKeyDecryptAndImport(format, | 763 return UnwrapKeyDecryptAndImport(format, |
| 777 wrapped_key_data, | 764 wrapped_key_data, |
| 778 wrapping_key, | 765 wrapping_key, |
| 779 wrapping_algorithm, | 766 wrapping_algorithm, |
| 780 algorithm_or_null, | 767 algorithm, |
| 781 extractable, | 768 extractable, |
| 782 usage_mask, | 769 usage_mask, |
| 783 key); | 770 key); |
| 784 case blink::WebCryptoKeyFormatSpki: | 771 case blink::WebCryptoKeyFormatSpki: |
| 785 case blink::WebCryptoKeyFormatPkcs8: | 772 case blink::WebCryptoKeyFormatPkcs8: |
| 786 return Status::ErrorUnsupported(); // TODO(padolph) | 773 return Status::ErrorUnsupported(); // TODO(padolph) |
| 787 default: | 774 default: |
| 788 NOTREACHED(); | 775 NOTREACHED(); |
| 789 return Status::ErrorUnsupported(); | 776 return Status::ErrorUnsupported(); |
| 790 } | 777 } |
| (...skipping 25 matching lines...) Expand all Loading... |
| 816 key); | 803 key); |
| 817 if (status.IsError()) | 804 if (status.IsError()) |
| 818 return status; | 805 return status; |
| 819 | 806 |
| 820 return ValidateDeserializedKey(*key, algorithm, type); | 807 return ValidateDeserializedKey(*key, algorithm, type); |
| 821 } | 808 } |
| 822 | 809 |
| 823 } // namespace webcrypto | 810 } // namespace webcrypto |
| 824 | 811 |
| 825 } // namespace content | 812 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 197223007:
[webcrypto] Remove support for null import algorithms. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src