OLD | NEW |
---|---|
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/renderer/webcrypto_impl.h" | 5 #include "content/renderer/webcrypto_impl.h" |
6 | 6 |
7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
8 #include <sechash.h> | 8 #include <sechash.h> |
9 | 9 |
10 #include "base/logging.h" | 10 #include "base/logging.h" |
11 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
12 #include "crypto/scoped_nss_types.h" | 12 #include "crypto/scoped_nss_types.h" |
13 #include "crypto/secure_util.h" | |
eroman
2013/09/25 23:18:51
this should be sorted above crypto/scroped_nss
Bryan Eyler
2013/09/25 23:57:05
For alphabetical ordering? I think this is correc
eroman
2013/09/26 00:10:42
Oops, my bad :)
| |
13 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" | 14 #include "third_party/WebKit/public/platform/WebArrayBuffer.h" |
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
16 | 17 |
17 namespace content { | 18 namespace content { |
18 | 19 |
19 namespace { | 20 namespace { |
20 | 21 |
21 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { | 22 class SymKeyHandle : public WebKit::WebCryptoKeyHandle { |
22 public: | 23 public: |
(...skipping 219 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
242 break; | 243 break; |
243 } | 244 } |
244 default: | 245 default: |
245 return false; | 246 return false; |
246 } | 247 } |
247 | 248 |
248 *buffer = result; | 249 *buffer = result; |
249 return true; | 250 return true; |
250 } | 251 } |
251 | 252 |
253 bool WebCryptoImpl::VerifySignatureInternal( | |
254 const WebKit::WebCryptoAlgorithm& algorithm, | |
255 const WebKit::WebCryptoKey& key, | |
256 const unsigned char* signature, | |
257 unsigned signature_size, | |
258 const unsigned char* data, | |
259 unsigned data_size, | |
260 bool* signature_match) { | |
261 switch (algorithm.id()) { | |
262 case WebKit::WebCryptoAlgorithmIdHmac: { | |
263 const WebKit::WebCryptoHmacParams* params = algorithm.hmacParams(); | |
264 if (!params) { | |
265 return false; | |
266 } | |
267 | |
268 SymKeyHandle* sym_key = reinterpret_cast<SymKeyHandle*>(key.handle()); | |
269 | |
270 DCHECK_EQ(PK11_GetMechanism(sym_key->key()), | |
eroman
2013/09/25 23:18:51
Isn't this a duplication of DigestInternal? Please
Bryan Eyler
2013/09/25 23:57:05
Yeah, I was trying to avoid creating a WebArrayBuf
| |
271 WebCryptoAlgorithmToHMACMechanism(params->hash())); | |
272 DCHECK_NE(0, key.usages() & WebKit::WebCryptoKeyUsageSign); | |
273 | |
274 SECItem param_item = { siBuffer, NULL, 0 }; | |
275 SECItem data_item = { | |
276 siBuffer, | |
277 const_cast<unsigned char*>(data), | |
278 data_size | |
279 }; | |
280 // First call is to figure out the length. | |
281 SECItem signature_item = { siBuffer, NULL, 0 }; | |
282 | |
283 if (PK11_SignWithSymKey(sym_key->key(), | |
284 PK11_GetMechanism(sym_key->key()), | |
285 ¶m_item, | |
286 &signature_item, | |
287 &data_item) != SECSuccess) { | |
288 NOTREACHED(); | |
289 return false; | |
290 } | |
291 | |
292 DCHECK_NE(0u, signature_item.len); | |
293 | |
294 std::vector<unsigned char> result(signature_item.len); | |
295 signature_item.data = result.data(); | |
296 | |
297 if (PK11_SignWithSymKey(sym_key->key(), | |
298 PK11_GetMechanism(sym_key->key()), | |
299 ¶m_item, | |
300 &signature_item, | |
301 &data_item) != SECSuccess) { | |
302 NOTREACHED(); | |
303 return false; | |
304 } | |
305 | |
306 DCHECK_EQ(signature_item.len, result.size()); | |
307 | |
308 // To ensure optimal security usage, do not support truncated signatures. | |
eroman
2013/09/25 23:18:51
This comment should be in terms of the webcrypto s
Bryan Eyler
2013/09/25 23:57:05
Done.
| |
309 *signature_match = | |
310 crypto::SecureMemEqual(result.data(), signature, signature_size) && | |
311 result.size() == signature_size; | |
312 | |
313 break; | |
314 } | |
315 default: | |
316 return false; | |
317 } | |
318 | |
319 return true; | |
320 } | |
321 | |
252 } // namespace content | 322 } // namespace content |
OLD | NEW |