OLD | NEW |
---|---|
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 | 10 |
(...skipping 501 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
512 &cipher_text, | 512 &cipher_text, |
513 mechanism, | 513 mechanism, |
514 flags, | 514 flags, |
515 plaintext_length)); | 515 plaintext_length)); |
516 // TODO(padolph): Use NSS PORT_GetError() and friends to report a more | 516 // TODO(padolph): Use NSS PORT_GetError() and friends to report a more |
517 // accurate error, providing if doesn't leak any information to web pages | 517 // accurate error, providing if doesn't leak any information to web pages |
518 // about other web crypto users, key details, etc. | 518 // about other web crypto users, key details, etc. |
519 if (!new_key) | 519 if (!new_key) |
520 return Status::Error(); | 520 return Status::Error(); |
521 | 521 |
522 // TODO(padolph): Change to "defined(USE_NSS)" once the NSS fix for | 522 #if defined(USE_NSS) |
523 // https://bugzilla.mozilla.org/show_bug.cgi?id=981170 rolls into chromium. | 523 if (!NSS_VersionCheck("3.16.0")) { |
wtc
2014/03/24 23:49:41
Nit: you can use "3.16". See http://mxr.mozilla.or
eroman
2014/03/24 23:56:04
Done.
| |
524 #if 1 | 524 // Workaround for https://code.google.com/p/chromium/issues/detail?id=349939 |
wtc
2014/03/24 23:49:41
I suggest citing the upstream NSS bug report inste
eroman
2014/03/24 23:56:04
Done.
| |
525 // ------- Start NSS bug workaround | 525 // which was fixed in NSS 3.16.0. |
526 // Workaround for https://code.google.com/p/chromium/issues/detail?id=349939 | 526 // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey, |
527 // If unwrap fails, NSS nevertheless returns a valid-looking PK11SymKey, with | 527 // with a reasonable length but with key data pointing to uninitialized |
528 // a reasonable length but with key data pointing to uninitialized memory. | 528 // memory. |
529 // This workaround re-wraps the key and compares the result with the incoming | 529 // This workaround re-wraps the key and compares the result with the |
530 // data, and fails if there is a difference. This prevents returning a bad key | 530 // incoming data, and fails if there is a difference. This prevents |
531 // to the caller. | 531 // returning a bad key to the caller. |
532 const unsigned int output_length = wrapped_key_data.byte_length(); | 532 const unsigned int output_length = wrapped_key_data.byte_length(); |
533 std::vector<unsigned char> buffer(output_length, 0); | 533 std::vector<unsigned char> buffer(output_length, 0); |
534 SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(buffer)); | 534 SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(buffer)); |
535 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, | 535 if (SECSuccess != PK11_WrapSymKey(CKM_NSS_AES_KEY_WRAP, |
536 param_item.get(), | 536 param_item.get(), |
537 wrapping_key->key(), | 537 wrapping_key->key(), |
538 new_key.get(), | 538 new_key.get(), |
539 &wrapped_key_item)) { | 539 &wrapped_key_item)) { |
540 return Status::Error(); | 540 return Status::Error(); |
541 } | |
542 if (wrapped_key_item.len != wrapped_key_data.byte_length() || | |
543 memcmp(wrapped_key_item.data, | |
544 wrapped_key_data.bytes(), | |
545 wrapped_key_item.len) != 0) { | |
546 return Status::Error(); | |
547 } | |
541 } | 548 } |
542 if (wrapped_key_item.len != wrapped_key_data.byte_length() || | |
543 memcmp(wrapped_key_item.data, | |
544 wrapped_key_data.bytes(), | |
545 wrapped_key_item.len) != 0) { | |
546 return Status::Error(); | |
547 } | |
548 // ------- End NSS bug workaround | |
549 #endif | 549 #endif |
550 | 550 |
551 *unwrapped_key = new_key.Pass(); | 551 *unwrapped_key = new_key.Pass(); |
552 return Status::Success(); | 552 return Status::Success(); |
553 } | 553 } |
554 | 554 |
555 } // namespace | 555 } // namespace |
556 | 556 |
557 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, | 557 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm, |
558 const CryptoData& key_data, | 558 const CryptoData& key_data, |
(...skipping 764 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
1323 key_algorithm, | 1323 key_algorithm, |
1324 usage_mask); | 1324 usage_mask); |
1325 return Status::Success(); | 1325 return Status::Success(); |
1326 } | 1326 } |
1327 | 1327 |
1328 } // namespace platform | 1328 } // namespace platform |
1329 | 1329 |
1330 } // namespace webcrypto | 1330 } // namespace webcrypto |
1331 | 1331 |
1332 } // namespace content | 1332 } // namespace content |
OLD | NEW |