OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto_impl.h" |
6 | 6 |
7 #include <sechash.h> | 7 #include <nss/sechash.h> |
8 #include <nss/pk11pub.h> | |
eroman
2013/09/09 23:00:48
keep these in sorted order (unless there is a head
Bryan Eyler
2013/09/10 01:15:54
Done.
| |
8 | 9 |
9 #include "base/logging.h" | 10 #include "base/logging.h" |
10 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
12 #include "crypto/scoped_nss_types.h" | |
11 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
13 | 16 |
14 namespace content { | 17 namespace content { |
15 | 18 |
16 bool WebCryptoImpl::digestInternal( | 19 class WebCryptoSymKeyHandle : public WebKit::WebCryptoKeyHandle { |
20 public: | |
21 explicit WebCryptoSymKeyHandle(CK_MECHANISM_TYPE mechanism) | |
22 : mechanism_(mechanism) { | |
23 } | |
24 | |
25 bool Initialize() { | |
26 slot_.reset(PK11_GetInternalSlot()); | |
27 return slot_.get(); | |
28 } | |
29 | |
30 void set_key(crypto::ScopedPK11SymKey key) { | |
31 DCHECK(!key_.get()); | |
32 key_ = key.Pass(); | |
33 } | |
34 | |
35 const CK_MECHANISM_TYPE mechanism() const { return mechanism_; } | |
36 PK11SlotInfo* slot() { return slot_.get(); } | |
37 PK11SymKey* key() { return key_.get(); } | |
38 | |
39 private: | |
40 CK_MECHANISM_TYPE mechanism_; | |
41 crypto::ScopedPK11Slot slot_; | |
42 crypto::ScopedPK11SymKey key_; | |
43 | |
44 DISALLOW_COPY_AND_ASSIGN(WebCryptoSymKeyHandle); | |
45 }; | |
46 | |
47 namespace { | |
48 | |
49 CK_FLAGS WebCryptoKeyUsageMaskToNSSFlags( | |
50 WebKit::WebCryptoKeyUsageMask mask) { | |
51 return ((mask & WebKit::WebCryptoKeyUsageEncrypt) ? CKF_ENCRYPT : 0) | | |
52 ((mask & WebKit::WebCryptoKeyUsageDecrypt) ? CKF_DECRYPT : 0) | | |
53 ((mask & WebKit::WebCryptoKeyUsageSign) ? CKF_SIGN : 0) | | |
54 ((mask & WebKit::WebCryptoKeyUsageVerify) ? CKF_VERIFY : 0) | | |
55 ((mask & WebKit::WebCryptoKeyUsageDeriveKey) ? CKF_DERIVE : 0) | | |
56 ((mask & WebKit::WebCryptoKeyUsageWrapKey) ? CKF_WRAP : 0) | | |
57 ((mask & WebKit::WebCryptoKeyUsageUnwrapKey) ? CKF_UNWRAP : 0); | |
58 } | |
59 | |
60 HASH_HashType WebCryptoAlgorithmToNSSHashType( | |
61 const WebKit::WebCryptoAlgorithm& algorithm) { | |
62 switch (algorithm.id()) { | |
63 case WebKit::WebCryptoAlgorithmIdSha1: | |
64 return HASH_AlgSHA1; | |
65 case WebKit::WebCryptoAlgorithmIdSha224: | |
66 return HASH_AlgSHA224; | |
67 case WebKit::WebCryptoAlgorithmIdSha256: | |
68 return HASH_AlgSHA256; | |
69 case WebKit::WebCryptoAlgorithmIdSha384: | |
70 return HASH_AlgSHA384; | |
71 case WebKit::WebCryptoAlgorithmIdSha512: | |
72 return HASH_AlgSHA512; | |
73 default: | |
74 // Not a digest algorithm. | |
75 return HASH_AlgNULL; | |
76 } | |
77 } | |
78 | |
79 CK_MECHANISM_TYPE WebCryptoAlgorithmToNSSMechanism( | |
80 const WebKit::WebCryptoAlgorithm& algorithm) { | |
81 switch (algorithm.id()) { | |
82 case WebKit::WebCryptoAlgorithmIdSha1: | |
83 return CKM_SHA_1_HMAC; | |
84 case WebKit::WebCryptoAlgorithmIdSha256: | |
85 return CKM_SHA256_HMAC; | |
Ryan Sleevi
2013/09/10 00:42:49
FYI: In order to verify truncated HMACs, you'll ne
Bryan Eyler
2013/09/10 01:15:54
If I rely on the signing to get the length (as des
| |
86 default: | |
87 // Not a supported algorithm. | |
88 return CKM_INVALID_MECHANISM; | |
89 } | |
90 } | |
91 | |
92 } | |
eroman
2013/09/09 23:00:48
nit: please add the comment:
} // namespace
Bryan Eyler
2013/09/10 01:15:54
Done.
| |
93 | |
94 bool WebCryptoImpl::DigestInternal( | |
17 const WebKit::WebCryptoAlgorithm& algorithm, | 95 const WebKit::WebCryptoAlgorithm& algorithm, |
18 const unsigned char* data, | 96 const unsigned char* data, |
19 size_t data_size, | 97 size_t data_size, |
20 WebKit::WebArrayBuffer* buffer) { | 98 WebKit::WebArrayBuffer* buffer) { |
21 HASH_HashType hash_type = HASH_AlgNULL; | 99 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm); |
22 | 100 if (hash_type == HASH_AlgNULL) { |
23 switch (algorithm.id()) { | 101 return false; |
24 case WebKit::WebCryptoAlgorithmIdSha1: | |
25 hash_type = HASH_AlgSHA1; | |
26 break; | |
27 case WebKit::WebCryptoAlgorithmIdSha224: | |
28 hash_type = HASH_AlgSHA224; | |
29 break; | |
30 case WebKit::WebCryptoAlgorithmIdSha256: | |
31 hash_type = HASH_AlgSHA256; | |
32 break; | |
33 case WebKit::WebCryptoAlgorithmIdSha384: | |
34 hash_type = HASH_AlgSHA384; | |
35 break; | |
36 case WebKit::WebCryptoAlgorithmIdSha512: | |
37 hash_type = HASH_AlgSHA512; | |
38 break; | |
39 default: | |
40 // Not a digest algorithm. | |
41 return false; | |
42 } | 102 } |
43 | 103 |
44 crypto::EnsureNSSInit(); | 104 crypto::EnsureNSSInit(); |
45 | 105 |
46 HASHContext* context = HASH_Create(hash_type); | 106 HASHContext* context = HASH_Create(hash_type); |
47 if (!context) { | 107 if (!context) { |
48 return false; | 108 return false; |
49 } | 109 } |
50 | 110 |
51 HASH_Begin(context); | 111 HASH_Begin(context); |
52 | 112 |
53 HASH_Update(context, data, data_size); | 113 HASH_Update(context, data, data_size); |
54 | 114 |
55 size_t hash_result_length = HASH_ResultLenContext(context); | 115 size_t hash_result_length = HASH_ResultLenContext(context); |
56 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX)); | 116 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX)); |
57 | 117 |
58 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1); | 118 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1); |
59 | 119 |
60 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data()); | 120 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data()); |
61 | 121 |
62 uint32 result_length = 0; | 122 uint32 result_length = 0; |
63 HASH_End(context, digest, &result_length, hash_result_length); | 123 HASH_End(context, digest, &result_length, hash_result_length); |
64 | 124 |
65 HASH_Destroy(context); | 125 HASH_Destroy(context); |
66 | 126 |
67 return result_length == hash_result_length; | 127 return result_length == hash_result_length; |
68 } | 128 } |
69 | 129 |
130 bool WebCryptoImpl::ImportKeyInternal( | |
131 WebKit::WebCryptoKeyFormat format, | |
132 const unsigned char* key_data, | |
133 size_t key_data_size, | |
134 const WebKit::WebCryptoAlgorithm& algorithm, | |
135 WebKit::WebCryptoKeyUsageMask usage_mask, | |
136 scoped_ptr<WebKit::WebCryptoKeyHandle>* handle, | |
137 WebKit::WebCryptoKeyType* type) { | |
138 switch (algorithm.id()) { | |
139 case WebKit::WebCryptoAlgorithmIdHmac: | |
140 *type = WebKit::WebCryptoKeyTypeSecret; | |
141 break; | |
142 // TODO(bryaneyler): Support more key types. | |
143 default: | |
144 return false; | |
145 } | |
146 | |
147 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys. | |
148 // Currently only supporting symmetric. | |
149 scoped_ptr<WebCryptoSymKeyHandle> sym_key; | |
150 | |
151 switch(algorithm.id()) { | |
152 case WebKit::WebCryptoAlgorithmIdHmac: { | |
153 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams(); | |
154 if (!params) { | |
155 return false; | |
156 } | |
157 | |
158 CK_MECHANISM_TYPE mechanism = | |
159 WebCryptoAlgorithmToNSSMechanism(params->hash()); | |
160 if (mechanism == CKM_INVALID_MECHANISM) { | |
161 return false; | |
162 } | |
163 | |
164 sym_key.reset(new WebCryptoSymKeyHandle(mechanism)); | |
165 | |
166 if (!sym_key->Initialize()) { | |
167 return false; | |
168 } | |
169 | |
170 break; | |
171 } | |
172 default: | |
173 return false; | |
174 } | |
175 | |
176 SECItem key_item = { siBuffer, NULL, 0 }; | |
177 | |
178 switch (format) { | |
179 case WebKit::WebCryptoKeyFormatRaw: | |
180 key_item.data = const_cast<unsigned char*>(key_data); | |
181 key_item.len = key_data_size; | |
182 break; | |
183 // TODO(bryaneyler): Handle additional formats. | |
184 default: | |
185 return false; | |
186 } | |
187 | |
188 crypto::ScopedPK11SymKey pk11_sym_key( | |
189 PK11_ImportSymKeyWithFlags(sym_key->slot(), | |
190 sym_key->mechanism(), | |
191 PK11_OriginUnwrap, | |
192 CKA_FLAGS_ONLY, | |
193 &key_item, | |
194 WebCryptoKeyUsageMaskToNSSFlags(usage_mask), | |
195 false, | |
196 NULL)); | |
197 sym_key->set_key(pk11_sym_key.Pass()); | |
198 if (!sym_key->key()) { | |
199 NOTREACHED(); | |
200 return false; | |
201 } | |
202 | |
203 *handle = sym_key.Pass(); | |
204 | |
205 return true; | |
206 } | |
207 | |
208 bool WebCryptoImpl::SignInternal( | |
209 const WebKit::WebCryptoAlgorithm& algorithm, | |
210 const WebKit::WebCryptoKeyHandle* key, | |
211 const unsigned char* data, | |
212 size_t data_size, | |
213 WebKit::WebArrayBuffer* buffer) { | |
214 WebKit::WebArrayBuffer result; | |
215 | |
216 switch (algorithm.id()) { | |
217 case WebKit::WebCryptoAlgorithmIdHmac: { | |
218 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams(); | |
219 if (!params) { | |
220 return false; | |
221 } | |
222 | |
223 WebCryptoSymKeyHandle* sym_key = | |
224 const_cast<WebCryptoSymKeyHandle*>( | |
225 reinterpret_cast<const WebCryptoSymKeyHandle*>(key)); | |
226 | |
227 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(params->hash()); | |
Ryan Sleevi
2013/09/10 00:42:49
BUG: You have a lack of consistency between WebCry
eroman
2013/09/10 00:57:56
In practice this isn't a bug, since the Blink side
Bryan Eyler
2013/09/10 01:15:54
Done as per next comment.
| |
228 if (hash_type == HASH_AlgNULL) { | |
229 return false; | |
230 } | |
231 | |
232 size_t digest_length = HASH_ResultLen(hash_type); | |
Ryan Sleevi
2013/09/10 00:42:49
Rather than computing the expected length via dige
Bryan Eyler
2013/09/10 01:15:54
Done.
| |
233 | |
234 DCHECK_EQ(sym_key->mechanism(), | |
235 WebCryptoAlgorithmToNSSMechanism(params->hash())); | |
236 | |
237 result = WebKit::WebArrayBuffer::create(digest_length, 1); | |
238 | |
239 SECItem param_item = { siBuffer, NULL, 0 }; | |
240 SECItem data_item = { | |
241 siBuffer, | |
242 const_cast<unsigned char*>(data), | |
243 data_size | |
244 }; | |
245 SECItem signature_item = { | |
246 siBuffer, | |
247 reinterpret_cast<unsigned char*>(result.data()), | |
248 result.byteLength() | |
249 }; | |
250 | |
251 if (PK11_SignWithSymKey(sym_key->key(), | |
252 sym_key->mechanism(), | |
253 ¶m_item, | |
254 &signature_item, | |
255 &data_item) != SECSuccess) { | |
256 NOTREACHED(); | |
257 return false; | |
258 } | |
259 | |
260 break; | |
261 } | |
262 default: | |
263 return false; | |
264 } | |
265 | |
266 *buffer = result; | |
267 return true; | |
268 } | |
269 | |
70 } // namespace content | 270 } // namespace content |
OLD | NEW |