| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/webcrypto/algorithms/aes.h" | 5 #include "components/webcrypto/algorithms/aes.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 | 8 |
| 9 #include "base/logging.h" | 9 #include "base/logging.h" |
| 10 #include "components/webcrypto/algorithms/secret_key_util.h" | 10 #include "components/webcrypto/algorithms/secret_key_util.h" |
| 11 #include "components/webcrypto/algorithms/util.h" |
| 11 #include "components/webcrypto/blink_key_handle.h" | 12 #include "components/webcrypto/blink_key_handle.h" |
| 12 #include "components/webcrypto/crypto_data.h" | 13 #include "components/webcrypto/crypto_data.h" |
| 13 #include "components/webcrypto/jwk.h" | 14 #include "components/webcrypto/jwk.h" |
| 14 #include "components/webcrypto/status.h" | 15 #include "components/webcrypto/status.h" |
| 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 17 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 17 | 18 |
| 18 namespace webcrypto { | 19 namespace webcrypto { |
| 19 | 20 |
| 20 namespace { | 21 namespace { |
| (...skipping 31 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 52 blink::WebCryptoKeyUsageDecrypt | | 53 blink::WebCryptoKeyUsageDecrypt | |
| 53 blink::WebCryptoKeyUsageWrapKey | | 54 blink::WebCryptoKeyUsageWrapKey | |
| 54 blink::WebCryptoKeyUsageUnwrapKey), | 55 blink::WebCryptoKeyUsageUnwrapKey), |
| 55 jwk_suffix_(jwk_suffix) { | 56 jwk_suffix_(jwk_suffix) { |
| 56 } | 57 } |
| 57 | 58 |
| 58 Status AesAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm, | 59 Status AesAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm, |
| 59 bool extractable, | 60 bool extractable, |
| 60 blink::WebCryptoKeyUsageMask usages, | 61 blink::WebCryptoKeyUsageMask usages, |
| 61 GenerateKeyResult* result) const { | 62 GenerateKeyResult* result) const { |
| 62 Status status = CheckSecretKeyCreationUsages(all_key_usages_, usages); | 63 Status status = CheckKeyCreationUsages(all_key_usages_, usages); |
| 63 if (status.IsError()) | 64 if (status.IsError()) |
| 64 return status; | 65 return status; |
| 65 | 66 |
| 66 unsigned int keylen_bits = algorithm.aesKeyGenParams()->lengthBits(); | 67 unsigned int keylen_bits = algorithm.aesKeyGenParams()->lengthBits(); |
| 67 | 68 |
| 68 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). | 69 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). |
| 69 if (keylen_bits == 192) | 70 if (keylen_bits == 192) |
| 70 return Status::ErrorAes192BitUnsupported(); | 71 return Status::ErrorAes192BitUnsupported(); |
| 71 | 72 |
| 72 if (keylen_bits != 128 && keylen_bits != 256) | 73 if (keylen_bits != 128 && keylen_bits != 256) |
| 73 return Status::ErrorGenerateAesKeyLength(); | 74 return Status::ErrorGenerateAesKeyLength(); |
| 74 | 75 |
| 75 return GenerateWebCryptoSecretKey( | 76 return GenerateWebCryptoSecretKey( |
| 76 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), | 77 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 77 extractable, usages, keylen_bits, result); | 78 extractable, usages, keylen_bits, result); |
| 78 } | 79 } |
| 79 | 80 |
| 80 Status AesAlgorithm::VerifyKeyUsagesBeforeImportKey( | 81 Status AesAlgorithm::ImportKey(blink::WebCryptoKeyFormat format, |
| 81 blink::WebCryptoKeyFormat format, | 82 const CryptoData& key_data, |
| 82 blink::WebCryptoKeyUsageMask usages) const { | 83 const blink::WebCryptoAlgorithm& algorithm, |
| 84 bool extractable, |
| 85 blink::WebCryptoKeyUsageMask usages, |
| 86 blink::WebCryptoKey* key) const { |
| 83 switch (format) { | 87 switch (format) { |
| 84 case blink::WebCryptoKeyFormatRaw: | 88 case blink::WebCryptoKeyFormatRaw: |
| 89 return ImportKeyRaw(key_data, algorithm, extractable, usages, key); |
| 85 case blink::WebCryptoKeyFormatJwk: | 90 case blink::WebCryptoKeyFormatJwk: |
| 86 return CheckSecretKeyCreationUsages(all_key_usages_, usages); | 91 return ImportKeyJwk(key_data, algorithm, extractable, usages, key); |
| 87 default: | 92 default: |
| 88 return Status::ErrorUnsupportedImportKeyFormat(); | 93 return Status::ErrorUnsupportedImportKeyFormat(); |
| 89 } | 94 } |
| 90 } | 95 } |
| 91 | 96 |
| 97 Status AesAlgorithm::ExportKey(blink::WebCryptoKeyFormat format, |
| 98 const blink::WebCryptoKey& key, |
| 99 std::vector<uint8_t>* buffer) const { |
| 100 switch (format) { |
| 101 case blink::WebCryptoKeyFormatRaw: |
| 102 return ExportKeyRaw(key, buffer); |
| 103 case blink::WebCryptoKeyFormatJwk: |
| 104 return ExportKeyJwk(key, buffer); |
| 105 default: |
| 106 return Status::ErrorUnsupportedExportKeyFormat(); |
| 107 } |
| 108 } |
| 109 |
| 92 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data, | 110 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data, |
| 93 const blink::WebCryptoAlgorithm& algorithm, | 111 const blink::WebCryptoAlgorithm& algorithm, |
| 94 bool extractable, | 112 bool extractable, |
| 95 blink::WebCryptoKeyUsageMask usages, | 113 blink::WebCryptoKeyUsageMask usages, |
| 96 blink::WebCryptoKey* key) const { | 114 blink::WebCryptoKey* key) const { |
| 115 Status status = CheckKeyCreationUsages(all_key_usages_, usages); |
| 116 if (status.IsError()) |
| 117 return status; |
| 118 |
| 97 const unsigned int keylen_bytes = key_data.byte_length(); | 119 const unsigned int keylen_bytes = key_data.byte_length(); |
| 98 | 120 |
| 99 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). | 121 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). |
| 100 if (keylen_bytes == 24) | 122 if (keylen_bytes == 24) |
| 101 return Status::ErrorAes192BitUnsupported(); | 123 return Status::ErrorAes192BitUnsupported(); |
| 102 | 124 |
| 103 if (keylen_bytes != 16 && keylen_bytes != 32) | 125 if (keylen_bytes != 16 && keylen_bytes != 32) |
| 104 return Status::ErrorImportAesKeyLength(); | 126 return Status::ErrorImportAesKeyLength(); |
| 105 | 127 |
| 106 // No possibility of overflow. | 128 // No possibility of overflow. |
| 107 unsigned int keylen_bits = keylen_bytes * 8; | 129 unsigned int keylen_bits = keylen_bytes * 8; |
| 108 | 130 |
| 109 return CreateWebCryptoSecretKey( | 131 return CreateWebCryptoSecretKey( |
| 110 key_data, | 132 key_data, |
| 111 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), | 133 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 112 extractable, usages, key); | 134 extractable, usages, key); |
| 113 } | 135 } |
| 114 | 136 |
| 115 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data, | 137 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data, |
| 116 const blink::WebCryptoAlgorithm& algorithm, | 138 const blink::WebCryptoAlgorithm& algorithm, |
| 117 bool extractable, | 139 bool extractable, |
| 118 blink::WebCryptoKeyUsageMask usages, | 140 blink::WebCryptoKeyUsageMask usages, |
| 119 blink::WebCryptoKey* key) const { | 141 blink::WebCryptoKey* key) const { |
| 120 std::vector<uint8_t> raw_data; | 142 Status status = CheckKeyCreationUsages(all_key_usages_, usages); |
| 121 JwkReader jwk; | |
| 122 Status status = ReadSecretKeyNoExpectedAlgJwk(key_data, extractable, usages, | |
| 123 &raw_data, &jwk); | |
| 124 if (status.IsError()) | 143 if (status.IsError()) |
| 125 return status; | 144 return status; |
| 126 | 145 |
| 146 std::vector<uint8_t> raw_data; |
| 147 JwkReader jwk; |
| 148 status = ReadSecretKeyNoExpectedAlgJwk(key_data, extractable, usages, |
| 149 &raw_data, &jwk); |
| 150 if (status.IsError()) |
| 151 return status; |
| 152 |
| 127 bool has_jwk_alg; | 153 bool has_jwk_alg; |
| 128 std::string jwk_alg; | 154 std::string jwk_alg; |
| 129 status = jwk.GetAlg(&jwk_alg, &has_jwk_alg); | 155 status = jwk.GetAlg(&jwk_alg, &has_jwk_alg); |
| 130 if (status.IsError()) | 156 if (status.IsError()) |
| 131 return status; | 157 return status; |
| 132 | 158 |
| 133 if (has_jwk_alg) { | 159 if (has_jwk_alg) { |
| 134 std::string expected_algorithm_name = | 160 std::string expected_algorithm_name = |
| 135 MakeJwkAesAlgorithmName(jwk_suffix_, raw_data.size()); | 161 MakeJwkAesAlgorithmName(jwk_suffix_, raw_data.size()); |
| 136 | 162 |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 188 return Status::Success(); | 214 return Status::Success(); |
| 189 | 215 |
| 190 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). | 216 // 192-bit AES is intentionally unsupported (http://crbug.com/533699). |
| 191 if (*length_bits == 192) | 217 if (*length_bits == 192) |
| 192 return Status::ErrorAes192BitUnsupported(); | 218 return Status::ErrorAes192BitUnsupported(); |
| 193 | 219 |
| 194 return Status::ErrorGetAesKeyLength(); | 220 return Status::ErrorGetAesKeyLength(); |
| 195 } | 221 } |
| 196 | 222 |
| 197 } // namespace webcrypto | 223 } // namespace webcrypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2163053002:
[webcrypto] Check for empty key usages *after* key creation rather than before, to match the spec's… (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master