content/renderer/webcrypto_impl_nss.cc - Issue 23569007: WebCrypto: Implement importKey() and sign() for HMAC in NSS

Side by Side Diff: content/renderer/webcrypto_impl_nss.cc

Issue 23569007: WebCrypto: Implement importKey() and sign() for HMAC in NSS (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master

Patch Set: Fixes to review from eroman Created 7 years, 3 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
1 // Copyright 2013 The Chromium Authors. All rights reserved.	1 // Copyright 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/renderer/webcrypto_impl.h"	5 #include "content/renderer/webcrypto_impl.h"

6	6

7 #include <sechash.h>	7 #include <nss/sechash.h>

	8 #include <nss/pk11pub.h>

8	9

9 #include "base/logging.h"	10 #include "base/logging.h"

10 #include "crypto/nss_util.h"	11 #include "crypto/nss_util.h"

	12 #include "crypto/scoped_nss_types.h"

11 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"	13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"

12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"	14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"

	15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"

13	16

14 namespace content {	17 namespace content {

15	18

16 bool WebCryptoImpl::digestInternal(	19 class WebCryptoSymKeyHandle : public WebKit::WebCryptoKeyHandle {

	20 public:

	21 WebCryptoSymKeyHandle(CK_MECHANISM_TYPE mechanism)
	eroman 2013/09/06 23:03:16 single-parameter ctors should be marked as "explic single-parameter ctors should be marked as "explicit" Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > single-parameter ctors should be marked as "explicit" Done.
	22 : mechanism_(mechanism),

	23 slot_(PK11_GetInternalSlot()) {

	24 DCHECK(slot_ != NULL);
	eroman 2013/09/06 23:03:16 It is customary in chrome to omit the != NULL. jus It is customary in chrome to omit the != NULL. just: DCHECK(slot_); or if that doesn't compile then: DCHECK(slot_.get()); Just to show my NSS ignorance for a moment, is failure possible in the API? (in which case, this should be a handled error case rather than a DCHECK). Bryan Eyler 2013/09/09 22:32:10 Not much documentation on this, but crypto/ seems Show quoted text On 2013/09/06 23:03:16, eroman wrote: > It is customary in chrome to omit the != NULL. just: > > DCHECK(slot_); > > or if that doesn't compile then: > > DCHECK(slot_.get()); > > Just to show my NSS ignorance for a moment, is failure possible in the API? (in > which case, this should be a handled error case rather than a DCHECK). Not much documentation on this, but crypto/ seems to handle the error case, so changed from DCHECK to error handling.
	25 }

	26

	27 void set_key(crypto::ScopedPK11SymKey key) {
	eroman 2013/09/06 23:03:16 Good. I suggest adding a DCHECK(!key_) for good me Good. I suggest adding a DCHECK(!key_) for good measure, as this is only supposed to be called once. Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > Good. > I suggest adding a DCHECK(!key_) for good measure, as this is only supposed to > be called once. Done.
	28 key_ = key.Pass();

	29 }

	30

	31 const CK_MECHANISM_TYPE mechanism() const { return mechanism_; }

	32 PK11SlotInfo* slot() { return slot_.get(); }

	33 const PK11SymKey* key() const { return key_.get(); }

	34

	35 private:
	eroman 2013/09/06 23:03:16 Please also add DISALLOW_COPY_AND_ASSIGN (or whate Please also add DISALLOW_COPY_AND_ASSIGN (or whatever it is). Not strictly necessary since the scoped slot makes this uncopiable, but still good practice. Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > Please also add DISALLOW_COPY_AND_ASSIGN (or whatever it is). > > Not strictly necessary since the scoped slot makes this uncopiable, but still > good practice. Done.
	36 CK_MECHANISM_TYPE mechanism_;

	37 crypto::ScopedPK11Slot slot_;

	38 crypto::ScopedPK11SymKey key_;

	39 };

	40

	41 static CK_FLAGS WebCryptoKeyUsageMaskToNSSFlags(
	eroman 2013/09/06 23:03:16 I recommend moving all of this section into an unn I recommend moving all of this section into an unnamed namespace rather than labeling them static. Thanks for moving this to a standalone function! Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > I recommend moving all of this section into an unnamed namespace rather than > labeling them static. > > Thanks for moving this to a standalone function! Done.
	42 WebKit::WebCryptoKeyUsageMask mask) {

	43 return ((mask & WebKit::WebCryptoKeyUsageEncrypt) ? CKF_ENCRYPT : 0) \|

	44 ((mask & WebKit::WebCryptoKeyUsageDecrypt) ? CKF_DECRYPT : 0) \|

	45 ((mask & WebKit::WebCryptoKeyUsageSign) ? CKF_SIGN : 0) \|

	46 ((mask & WebKit::WebCryptoKeyUsageVerify) ? CKF_VERIFY : 0) \|

	47 ((mask & WebKit::WebCryptoKeyUsageDeriveKey) ? CKF_DERIVE : 0) \|

	48 ((mask & WebKit::WebCryptoKeyUsageWrapKey) ? CKF_WRAP : 0) \|

	49 ((mask & WebKit::WebCryptoKeyUsageUnwrapKey) ? CKF_UNWRAP : 0);

	50 }

	51

	52 static HASH_HashType WebCryptoAlgorithmToNSSHashType(

	53 const WebKit::WebCryptoAlgorithm& algorithm) {

	54 switch (algorithm.id()) {

	55 case WebKit::WebCryptoAlgorithmIdSha1:

	56 return HASH_AlgSHA1;

	57 case WebKit::WebCryptoAlgorithmIdSha224:

	58 return HASH_AlgSHA224;

	59 case WebKit::WebCryptoAlgorithmIdSha256:

	60 return HASH_AlgSHA256;

	61 case WebKit::WebCryptoAlgorithmIdSha384:

	62 return HASH_AlgSHA384;

	63 case WebKit::WebCryptoAlgorithmIdSha512:

	64 return HASH_AlgSHA512;

	65 default:

	66 // Not a digest algorithm.

	67 return HASH_AlgNULL;

	68 }

	69 }

	70

	71 static CK_MECHANISM_TYPE WebCryptoAlgorithmToNSSMechanism(

	72 const WebKit::WebCryptoAlgorithm& algorithm) {

	73 switch (algorithm.id()) {

	74 case WebKit::WebCryptoAlgorithmIdSha1:

	75 return CKM_SHA_1_HMAC;

	76 case WebKit::WebCryptoAlgorithmIdSha256:

	77 return CKM_SHA256_HMAC;

	78 default:

	79 // Not a supported algorithm.

	80 return CKM_INVALID_MECHANISM;

	81 }

	82 }

	83

	84 bool WebCryptoImpl::DigestInternal(

17 const WebKit::WebCryptoAlgorithm& algorithm,	85 const WebKit::WebCryptoAlgorithm& algorithm,

18 const unsigned char* data,	86 const unsigned char* data,

19 size_t data_size,	87 size_t data_size,

20 WebKit::WebArrayBuffer* buffer) {	88 WebKit::WebArrayBuffer* buffer) {

21 HASH_HashType hash_type = HASH_AlgNULL;	89 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm);

22	90 if (hash_type == HASH_AlgNULL) {

23 switch (algorithm.id()) {	91 return false;

24 case WebKit::WebCryptoAlgorithmIdSha1:

25 hash_type = HASH_AlgSHA1;

26 break;

27 case WebKit::WebCryptoAlgorithmIdSha224:

28 hash_type = HASH_AlgSHA224;

29 break;

30 case WebKit::WebCryptoAlgorithmIdSha256:

31 hash_type = HASH_AlgSHA256;

32 break;

33 case WebKit::WebCryptoAlgorithmIdSha384:

34 hash_type = HASH_AlgSHA384;

35 break;

36 case WebKit::WebCryptoAlgorithmIdSha512:

37 hash_type = HASH_AlgSHA512;

38 break;

39 default:

40 // Not a digest algorithm.

41 return false;

42 }	92 }

43	93

44 crypto::EnsureNSSInit();	94 crypto::EnsureNSSInit();

45	95

46 HASHContext* context = HASH_Create(hash_type);	96 HASHContext* context = HASH_Create(hash_type);

47 if (!context) {	97 if (!context) {

48 return false;	98 return false;

49 }	99 }

50	100

51 HASH_Begin(context);	101 HASH_Begin(context);

52	102

53 HASH_Update(context, data, data_size);	103 HASH_Update(context, data, data_size);

54	104

55 size_t hash_result_length = HASH_ResultLenContext(context);	105 size_t hash_result_length = HASH_ResultLenContext(context);

56 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));	106 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));

57	107

58 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1);	108 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1);

59	109

60 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data());	110 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data());

61	111

62 uint32 result_length = 0;	112 uint32 result_length = 0;

63 HASH_End(context, digest, &result_length, hash_result_length);	113 HASH_End(context, digest, &result_length, hash_result_length);

64	114

65 HASH_Destroy(context);	115 HASH_Destroy(context);

66	116

67 return result_length == hash_result_length;	117 return result_length == hash_result_length;

68 }	118 }

69	119

	120 bool WebCryptoImpl::ImportKeyInternal(

	121 WebKit::WebCryptoKeyFormat format,

	122 const unsigned char* key_data,

	123 size_t key_data_size,

	124 const WebKit::WebCryptoAlgorithm& algorithm,

	125 WebKit::WebCryptoKeyUsageMask usage_mask,

	126 scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,

	127 WebKit::WebCryptoKeyType* type) {

	128 switch (algorithm.id()) {

	129 case WebKit::WebCryptoAlgorithmIdHmac:

	130 *type = WebKit::WebCryptoKeyTypeSecret;

	131 break;

	132 // TODO(bryaneyler): Support more key types.

	133 default:

	134 return false;

	135 }

	136

	137 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys.

	138 // Currently only supporting symmetric.

	139 scoped_ptr<WebCryptoSymKeyHandle> sym_key;

	140

	141 switch(algorithm.id()) {

	142 case WebKit::WebCryptoAlgorithmIdHmac: {

	143 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();

	144 if (!params) {

	145 return false;

	146 }

	147

	148 CK_MECHANISM_TYPE mechanism =

	149 WebCryptoAlgorithmToNSSMechanism(params->hash());

	150 if (mechanism == CKM_INVALID_MECHANISM) {

	151 return false;

	152 }

	153

	154 sym_key.reset(new WebCryptoSymKeyHandle(mechanism));

	155 break;

	156 }

	157 default:

	158 return false;

	159 }

	160

	161 SECItem key_item = {
	eroman 2013/09/06 23:03:16 nit: inconsistent style (later on you initialize a nit: inconsistent style (later on you initialize a SecItem just like this all on one line). Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > nit: inconsistent style (later on you initialize a SecItem just like this all on > one line). Done.
	162 siBuffer,

	163 NULL,

	164 0

	165 };

	166

	167 switch (format) {

	168 case WebKit::WebCryptoKeyFormatRaw:

	169 key_item.data = const_cast<unsigned char*>(key_data);

	170 key_item.len = key_data_size;
	eroman 2013/09/06 23:03:16 Hmm. NSS expects "unsigned int" for lengths, howe Hmm. NSS expects "unsigned int" for lengths, however here we are setting it with a size_t. Under the LP64 datamodel, size_t will be 64-bits whereas unsigned int will be 32-bits, so that could result in truncation. Unfortunately chromium doesn't treat integer narrowing warnings as an error, so it isn't easy to notice. In practice the blink side will not pass individual buffers exceeding 32-bit so this isn't a problem. I hadn't considered this issue when I designed the API. Probably the best thing is for me to change the api from "size_t" to "unsigned" and then we don't have to worry about this anymore :) Bryan Eyler 2013/09/09 22:32:10 Will re-based once https://codereview.chromium.org Show quoted text On 2013/09/06 23:03:16, eroman wrote: > Hmm. > > NSS expects "unsigned int" for lengths, however here we are setting it with a > size_t. > > Under the LP64 datamodel, size_t will be 64-bits whereas unsigned int will be > 32-bits, so that could result in truncation. > > Unfortunately chromium doesn't treat integer narrowing warnings as an error, so > it isn't easy to notice. > > In practice the blink side will not pass individual buffers exceeding 32-bit so > this isn't a problem. > > I hadn't considered this issue when I designed the API. Probably the best thing > is for me to change the api from "size_t" to "unsigned" and then we don't have > to worry about this anymore :) Will re-based once https://codereview.chromium.org/23537027/ lands.
	171 break;

	172 // TODO(bryaneyler): Handle additional formats.

	173 default:

	174 return false;

	175 }

	176

	177 crypto::ScopedPK11SymKey pk11_sym_key(

	178 PK11_ImportSymKeyWithFlags(sym_key->slot(),

	179 sym_key->mechanism(),

	180 PK11_OriginUnwrap,

	181 CKA_FLAGS_ONLY,

	182 &key_item,

	183 WebCryptoKeyUsageMaskToNSSFlags(usage_mask),

	184 false,

	185 NULL));

	186 sym_key->set_key(pk11_sym_key.Pass());

	187 if (!sym_key->key()) {

	188 NOTREACHED();

	189 return false;

	190 }

	191

	192 *handle = sym_key.Pass();

	193

	194 return true;

	195 }

	196

	197 bool WebCryptoImpl::SignInternal(

	198 const WebKit::WebCryptoAlgorithm& algorithm,

	199 const WebKit::WebCryptoKeyHandle* key,

	200 const unsigned char* data,

	201 size_t data_size,

	202 WebKit::WebArrayBuffer* buffer) {

	203 WebKit::WebArrayBuffer result;

	204

	205 switch (algorithm.id()) {

	206 case WebKit::WebCryptoAlgorithmIdHmac: {

	207 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();

	208 if (!params) {

	209 return false;

	210 }

	211

	212 const WebCryptoSymKeyHandle* sym_key =

	213 reinterpret_cast<const WebCryptoSymKeyHandle*>(key);

	214

	215 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(params->hash());

	216 if (hash_type == HASH_AlgNULL) {

	217 return false;

	218 }

	219

	220 size_t digest_length = HASH_ResultLen(hash_type);
	eroman 2013/09/06 23:03:16 unsigned int for consistency unsigned int for consistency Bryan Eyler 2013/09/09 22:32:10 This is something James requested I change in my p Show quoted text On 2013/09/06 23:03:16, eroman wrote: > unsigned int for consistency This is something James requested I change in my previous CL. In DigestInternal, I do a similar thing with HASH_ResultLenContext(), and it was requested to be made into size_t.
	221

	222 DCHECK_EQ(sym_key->mechanism(),

	223 WebCryptoAlgorithmToNSSMechanism(params->hash()));

	224

	225 result = WebKit::WebArrayBuffer::create(digest_length, 1);

	226

	227 SECItem param_item = { siBuffer, NULL, 0 };

	228 SECItem data_item = {

	229 siBuffer,

	230 const_cast<unsigned char*>(data),

	231 data_size

	232 };

	233 SECItem signature_item = {

	234 siBuffer,

	235 reinterpret_cast<unsigned char*>(result.data()),

	236 digest_length
	eroman 2013/09/06 23:03:16 I think this is more readable as result.byteLength I think this is more readable as result.byteLength(). Bryan Eyler 2013/09/09 22:32:10 Done. Show quoted text On 2013/09/06 23:03:16, eroman wrote: > I think this is more readable as result.byteLength(). Done.
	237 };

	238

	239 if (PK11_SignWithSymKey(const_cast<PK11SymKey*>(sym_key->key()),
	eroman 2013/09/06 23:03:16 Commented on other patchset Commented on other patchset
	240 sym_key->mechanism(),

	241 &param_item,

	242 &signature_item,

	243 &data_item) != SECSuccess) {

	244 NOTREACHED();

	245 return false;

	246 }

	247

	248 break;

	249 }

	250 default:

	251 return false;

	252 }

	253

	254 *buffer = result;

	255 return true;

	256 }

	257

70 } // namespace content	258 } // namespace content

OLD	NEW

« no previous file with comments | « content/renderer/webcrypto_impl.cc ('k') | content/renderer/webcrypto_impl_openssl.cc » ('j') | content/renderer/webcrypto_impl_unittest.cc » ('J')