| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 #include <secerr.h> | 9 #include <secerr.h> |
| 10 #include <sechash.h> | 10 #include <sechash.h> |
| (...skipping 1473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1484 return status; | 1484 return status; |
| 1485 | 1485 |
| 1486 *key = blink::WebCryptoKey::create(key_handle.release(), | 1486 *key = blink::WebCryptoKey::create(key_handle.release(), |
| 1487 blink::WebCryptoKeyTypePublic, | 1487 blink::WebCryptoKeyTypePublic, |
| 1488 extractable, | 1488 extractable, |
| 1489 key_algorithm, | 1489 key_algorithm, |
| 1490 usage_mask); | 1490 usage_mask); |
| 1491 return Status::Success(); | 1491 return Status::Success(); |
| 1492 } | 1492 } |
| 1493 | 1493 |
| 1494 Status WrapSymKeyAesKw(SymKey* wrapping_key, | 1494 Status WrapSymKeyAesKw(SymKey* key, |
| 1495 SymKey* key, | 1495 SymKey* wrapping_key, |
| 1496 std::vector<uint8>* buffer) { | 1496 std::vector<uint8>* buffer) { |
| 1497 // The data size must be at least 16 bytes and a multiple of 8 bytes. | 1497 // The data size must be at least 16 bytes and a multiple of 8 bytes. |
| 1498 // RFC 3394 does not specify a maximum allowed data length, but since only | 1498 // RFC 3394 does not specify a maximum allowed data length, but since only |
| 1499 // keys are being wrapped in this application (which are small), a reasonable | 1499 // keys are being wrapped in this application (which are small), a reasonable |
| 1500 // max limit is whatever will fit into an unsigned. For the max size test, | 1500 // max limit is whatever will fit into an unsigned. For the max size test, |
| 1501 // note that AES Key Wrap always adds 8 bytes to the input data size. | 1501 // note that AES Key Wrap always adds 8 bytes to the input data size. |
| 1502 const unsigned int input_length = PK11_GetKeyLength(key->key()); | 1502 const unsigned int input_length = PK11_GetKeyLength(key->key()); |
| 1503 if (input_length < 16) | 1503 if (input_length < 16) |
| 1504 return Status::ErrorDataTooSmall(); | 1504 return Status::ErrorDataTooSmall(); |
| 1505 if (input_length > UINT_MAX - 8) | 1505 if (input_length > UINT_MAX - 8) |
| (...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1584 if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess) | 1584 if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess) |
| 1585 return Status::OperationError(); | 1585 return Status::OperationError(); |
| 1586 const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); | 1586 const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); |
| 1587 if (!key_data) | 1587 if (!key_data) |
| 1588 return Status::OperationError(); | 1588 return Status::OperationError(); |
| 1589 buffer->assign(key_data->data, key_data->data + key_data->len); | 1589 buffer->assign(key_data->data, key_data->data + key_data->len); |
| 1590 | 1590 |
| 1591 return Status::Success(); | 1591 return Status::Success(); |
| 1592 } | 1592 } |
| 1593 | 1593 |
| 1594 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, | 1594 Status WrapSymKeyRsaEs(SymKey* key, |
| 1595 SymKey* key, | 1595 PublicKey* wrapping_key, |
| 1596 std::vector<uint8>* buffer) { | 1596 std::vector<uint8>* buffer) { |
| 1597 // Check the raw length of the key to be wrapped against the max size allowed | 1597 // Check the raw length of the key to be wrapped against the max size allowed |
| 1598 // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, | 1598 // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
| 1599 // the maximum data length that can be encrypted is the wrapping_key's modulus | 1599 // the maximum data length that can be encrypted is the wrapping_key's modulus |
| 1600 // byte length minus eleven bytes. | 1600 // byte length minus eleven bytes. |
| 1601 const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); | 1601 const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); |
| 1602 const unsigned int modulus_length_bytes = | 1602 const unsigned int modulus_length_bytes = |
| 1603 SECKEY_PublicKeyStrength(wrapping_key->key()); | 1603 SECKEY_PublicKeyStrength(wrapping_key->key()); |
| 1604 if (modulus_length_bytes < 11 || | 1604 if (modulus_length_bytes < 11 || |
| 1605 modulus_length_bytes - 11 < input_length_bytes) | 1605 modulus_length_bytes - 11 < input_length_bytes) |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1672 key_algorithm, | 1672 key_algorithm, |
| 1673 usage_mask); | 1673 usage_mask); |
| 1674 return Status::Success(); | 1674 return Status::Success(); |
| 1675 } | 1675 } |
| 1676 | 1676 |
| 1677 } // namespace platform | 1677 } // namespace platform |
| 1678 | 1678 |
| 1679 } // namespace webcrypto | 1679 } // namespace webcrypto |
| 1680 | 1680 |
| 1681 } // namespace content | 1681 } // namespace content |
| OLD | NEW |