Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(13)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: trunk/src/content/renderer/webcrypto_impl_nss.cc

Issue 24205003: Revert 223506 "WebCrypto: Implement importKey() and sign() for H..." (Closed) Base URL: svn://svn.chromium.org/chrome/
Patch Set: Created 7 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « trunk/src/content/renderer/webcrypto_impl.cc ('k') | trunk/src/content/renderer/webcrypto_impl_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/renderer/webcrypto_impl.h" 5 #include "content/renderer/webcrypto_impl.h"
6 6
7 #include <pk11pub.h>
8 #include <sechash.h> 7 #include <sechash.h>
9 8
10 #include "base/logging.h" 9 #include "base/logging.h"
11 #include "crypto/nss_util.h" 10 #include "crypto/nss_util.h"
12 #include "crypto/scoped_nss_types.h"
13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" 11 #include "third_party/WebKit/public/platform/WebArrayBuffer.h"
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
16 13
17 namespace content { 14 namespace content {
18 15
19 namespace {
20
21 class SymKeyHandle : public WebKit::WebCryptoKeyHandle {
22 public:
23 explicit SymKeyHandle(crypto::ScopedPK11SymKey key) {
24 DCHECK(!key_.get());
25 key_ = key.Pass();
26 }
27
28 PK11SymKey* key() { return key_.get(); }
29
30 private:
31 crypto::ScopedPK11SymKey key_;
32
33 DISALLOW_COPY_AND_ASSIGN(SymKeyHandle);
34 };
35
36 HASH_HashType WebCryptoAlgorithmToNSSHashType(
37 const WebKit::WebCryptoAlgorithm& algorithm) {
38 switch (algorithm.id()) {
39 case WebKit::WebCryptoAlgorithmIdSha1:
40 return HASH_AlgSHA1;
41 case WebKit::WebCryptoAlgorithmIdSha224:
42 return HASH_AlgSHA224;
43 case WebKit::WebCryptoAlgorithmIdSha256:
44 return HASH_AlgSHA256;
45 case WebKit::WebCryptoAlgorithmIdSha384:
46 return HASH_AlgSHA384;
47 case WebKit::WebCryptoAlgorithmIdSha512:
48 return HASH_AlgSHA512;
49 default:
50 // Not a digest algorithm.
51 return HASH_AlgNULL;
52 }
53 }
54
55 CK_MECHANISM_TYPE WebCryptoAlgorithmToHMACMechanism(
56 const WebKit::WebCryptoAlgorithm& algorithm) {
57 switch (algorithm.id()) {
58 case WebKit::WebCryptoAlgorithmIdSha1:
59 return CKM_SHA_1_HMAC;
60 case WebKit::WebCryptoAlgorithmIdSha256:
61 return CKM_SHA256_HMAC;
62 default:
63 // Not a supported algorithm.
64 return CKM_INVALID_MECHANISM;
65 }
66 }
67
68 } // namespace
69
70 void WebCryptoImpl::Init() { 16 void WebCryptoImpl::Init() {
71 crypto::EnsureNSSInit(); 17 crypto::EnsureNSSInit();
72 } 18 }
73 19
74 bool WebCryptoImpl::DigestInternal( 20 bool WebCryptoImpl::DigestInternal(
75 const WebKit::WebCryptoAlgorithm& algorithm, 21 const WebKit::WebCryptoAlgorithm& algorithm,
76 const unsigned char* data, 22 const unsigned char* data,
77 unsigned data_size, 23 unsigned data_size,
78 WebKit::WebArrayBuffer* buffer) { 24 WebKit::WebArrayBuffer* buffer) {
79 HASH_HashType hash_type = WebCryptoAlgorithmToNSSHashType(algorithm); 25 HASH_HashType hash_type = HASH_AlgNULL;
80 if (hash_type == HASH_AlgNULL) { 26
81 return false; 27 switch (algorithm.id()) {
28 case WebKit::WebCryptoAlgorithmIdSha1:
29 hash_type = HASH_AlgSHA1;
30 break;
31 case WebKit::WebCryptoAlgorithmIdSha224:
32 hash_type = HASH_AlgSHA224;
33 break;
34 case WebKit::WebCryptoAlgorithmIdSha256:
35 hash_type = HASH_AlgSHA256;
36 break;
37 case WebKit::WebCryptoAlgorithmIdSha384:
38 hash_type = HASH_AlgSHA384;
39 break;
40 case WebKit::WebCryptoAlgorithmIdSha512:
41 hash_type = HASH_AlgSHA512;
42 break;
43 default:
44 // Not a digest algorithm.
45 return false;
82 } 46 }
83 47
84 HASHContext* context = HASH_Create(hash_type); 48 HASHContext* context = HASH_Create(hash_type);
85 if (!context) { 49 if (!context) {
86 return false; 50 return false;
87 } 51 }
88 52
89 HASH_Begin(context); 53 HASH_Begin(context);
90 54
91 HASH_Update(context, data, data_size); 55 HASH_Update(context, data, data_size);
92 56
93 unsigned hash_result_length = HASH_ResultLenContext(context); 57 size_t hash_result_length = HASH_ResultLenContext(context);
94 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX)); 58 DCHECK_LE(hash_result_length, static_cast<size_t>(HASH_LENGTH_MAX));
95 59
96 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1); 60 *buffer = WebKit::WebArrayBuffer::create(hash_result_length, 1);
97 61
98 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data()); 62 unsigned char* digest = reinterpret_cast<unsigned char*>(buffer->data());
99 63
100 unsigned result_length = 0; 64 uint32 result_length = 0;
101 HASH_End(context, digest, &result_length, hash_result_length); 65 HASH_End(context, digest, &result_length, hash_result_length);
102 66
103 HASH_Destroy(context); 67 HASH_Destroy(context);
104 68
105 return result_length == hash_result_length; 69 return result_length == hash_result_length;
106 } 70 }
107 71
108 bool WebCryptoImpl::ImportKeyInternal(
109 WebKit::WebCryptoKeyFormat format,
110 const unsigned char* key_data,
111 unsigned key_data_size,
112 const WebKit::WebCryptoAlgorithm& algorithm,
113 WebKit::WebCryptoKeyUsageMask usage_mask,
114 scoped_ptr<WebKit::WebCryptoKeyHandle>* handle,
115 WebKit::WebCryptoKeyType* type) {
116 switch (algorithm.id()) {
117 case WebKit::WebCryptoAlgorithmIdHmac:
118 *type = WebKit::WebCryptoKeyTypeSecret;
119 break;
120 // TODO(bryaneyler): Support more key types.
121 default:
122 return false;
123 }
124
125 // TODO(bryaneyler): Need to split handling for symmetric and asymmetric keys.
126 // Currently only supporting symmetric.
127 CK_MECHANISM_TYPE mechanism = CKM_INVALID_MECHANISM;
128 // Flags are verified at the Blink layer; here the flags are set to all
129 // possible operations for this key type.
130 CK_FLAGS flags = 0;
131
132 switch(algorithm.id()) {
133 case WebKit::WebCryptoAlgorithmIdHmac: {
134 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();
135 if (!params) {
136 return false;
137 }
138
139 mechanism = WebCryptoAlgorithmToHMACMechanism(params->hash());
140 if (mechanism == CKM_INVALID_MECHANISM) {
141 return false;
142 }
143
144 flags |= CKF_SIGN | CKF_VERIFY;
145
146 break;
147 }
148 default:
149 return false;
150 }
151
152 DCHECK_NE(CKM_INVALID_MECHANISM, mechanism);
153 DCHECK_NE(0ul, flags);
154
155 SECItem key_item = { siBuffer, NULL, 0 };
156
157 switch (format) {
158 case WebKit::WebCryptoKeyFormatRaw:
159 key_item.data = const_cast<unsigned char*>(key_data);
160 key_item.len = key_data_size;
161 break;
162 // TODO(bryaneyler): Handle additional formats.
163 default:
164 return false;
165 }
166
167 crypto::ScopedPK11SymKey pk11_sym_key(
168 PK11_ImportSymKeyWithFlags(PK11_GetInternalSlot(),
169 mechanism,
170 PK11_OriginUnwrap,
171 CKA_FLAGS_ONLY,
172 &key_item,
173 flags,
174 false,
175 NULL));
176 if (!pk11_sym_key.get()) {
177 NOTREACHED();
178 return false;
179 }
180
181 scoped_ptr<SymKeyHandle> sym_key(new SymKeyHandle(pk11_sym_key.Pass()));
182 *handle = sym_key.Pass();
183
184 return true;
185 }
186
187 bool WebCryptoImpl::SignInternal(
188 const WebKit::WebCryptoAlgorithm& algorithm,
189 const WebKit::WebCryptoKey& key,
190 const unsigned char* data,
191 unsigned data_size,
192 WebKit::WebArrayBuffer* buffer) {
193 WebKit::WebArrayBuffer result;
194
195 switch (algorithm.id()) {
196 case WebKit::WebCryptoAlgorithmIdHmac: {
197 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams();
198 if (!params) {
199 return false;
200 }
201
202 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle());
203
204 DCHECK_EQ(PK11_GetMechanism(sym_key->key()),
205 WebCryptoAlgorithmToHMACMechanism(params->hash()));
206 DCHECK_NE(0, key.usages() & WebKit::WebCryptoKeyUsageSign);
207
208 SECItem param_item = { siBuffer, NULL, 0 };
209 SECItem data_item = {
210 siBuffer,
211 const_cast<unsigned char*>(data),
212 data_size
213 };
214 // First call is to figure out the length.
215 SECItem signature_item = { siBuffer, NULL, 0 };
216
217 if (PK11_SignWithSymKey(sym_key->key(),
218 PK11_GetMechanism(sym_key->key()),
219 &param_item,
220 &signature_item,
221 &data_item) != SECSuccess) {
222 NOTREACHED();
223 return false;
224 }
225
226 DCHECK_NE(0u, signature_item.len);
227
228 result = WebKit::WebArrayBuffer::create(signature_item.len, 1);
229 signature_item.data = reinterpret_cast<unsigned char*>(result.data());
230
231 if (PK11_SignWithSymKey(sym_key->key(),
232 PK11_GetMechanism(sym_key->key()),
233 &param_item,
234 &signature_item,
235 &data_item) != SECSuccess) {
236 NOTREACHED();
237 return false;
238 }
239
240 DCHECK_EQ(result.byteLength(), signature_item.len);
241
242 break;
243 }
244 default:
245 return false;
246 }
247
248 *buffer = result;
249 return true;
250 }
251
252 } // namespace content 72 } // namespace content
OLDNEW
« no previous file with comments | « trunk/src/content/renderer/webcrypto_impl.cc ('k') | trunk/src/content/renderer/webcrypto_impl_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698