OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <secerr.h> | 9 #include <secerr.h> |
10 #include <sechash.h> | 10 #include <sechash.h> |
(...skipping 1473 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1484 return status; | 1484 return status; |
1485 | 1485 |
1486 *key = blink::WebCryptoKey::create(key_handle.release(), | 1486 *key = blink::WebCryptoKey::create(key_handle.release(), |
1487 blink::WebCryptoKeyTypePublic, | 1487 blink::WebCryptoKeyTypePublic, |
1488 extractable, | 1488 extractable, |
1489 key_algorithm, | 1489 key_algorithm, |
1490 usage_mask); | 1490 usage_mask); |
1491 return Status::Success(); | 1491 return Status::Success(); |
1492 } | 1492 } |
1493 | 1493 |
1494 Status WrapSymKeyAesKw(SymKey* wrapping_key, | 1494 Status WrapSymKeyAesKw(SymKey* key, |
1495 SymKey* key, | 1495 SymKey* wrapping_key, |
1496 std::vector<uint8>* buffer) { | 1496 std::vector<uint8>* buffer) { |
1497 // The data size must be at least 16 bytes and a multiple of 8 bytes. | 1497 // The data size must be at least 16 bytes and a multiple of 8 bytes. |
1498 // RFC 3394 does not specify a maximum allowed data length, but since only | 1498 // RFC 3394 does not specify a maximum allowed data length, but since only |
1499 // keys are being wrapped in this application (which are small), a reasonable | 1499 // keys are being wrapped in this application (which are small), a reasonable |
1500 // max limit is whatever will fit into an unsigned. For the max size test, | 1500 // max limit is whatever will fit into an unsigned. For the max size test, |
1501 // note that AES Key Wrap always adds 8 bytes to the input data size. | 1501 // note that AES Key Wrap always adds 8 bytes to the input data size. |
1502 const unsigned int input_length = PK11_GetKeyLength(key->key()); | 1502 const unsigned int input_length = PK11_GetKeyLength(key->key()); |
1503 if (input_length < 16) | 1503 if (input_length < 16) |
1504 return Status::ErrorDataTooSmall(); | 1504 return Status::ErrorDataTooSmall(); |
1505 if (input_length > UINT_MAX - 8) | 1505 if (input_length > UINT_MAX - 8) |
(...skipping 78 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1584 if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess) | 1584 if (PK11_ExtractKeyValue(decrypted.get()) != SECSuccess) |
1585 return Status::OperationError(); | 1585 return Status::OperationError(); |
1586 const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); | 1586 const SECItem* const key_data = PK11_GetKeyData(decrypted.get()); |
1587 if (!key_data) | 1587 if (!key_data) |
1588 return Status::OperationError(); | 1588 return Status::OperationError(); |
1589 buffer->assign(key_data->data, key_data->data + key_data->len); | 1589 buffer->assign(key_data->data, key_data->data + key_data->len); |
1590 | 1590 |
1591 return Status::Success(); | 1591 return Status::Success(); |
1592 } | 1592 } |
1593 | 1593 |
1594 Status WrapSymKeyRsaEs(PublicKey* wrapping_key, | 1594 Status WrapSymKeyRsaEs(SymKey* key, |
1595 SymKey* key, | 1595 PublicKey* wrapping_key, |
1596 std::vector<uint8>* buffer) { | 1596 std::vector<uint8>* buffer) { |
1597 // Check the raw length of the key to be wrapped against the max size allowed | 1597 // Check the raw length of the key to be wrapped against the max size allowed |
1598 // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, | 1598 // by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function, |
1599 // the maximum data length that can be encrypted is the wrapping_key's modulus | 1599 // the maximum data length that can be encrypted is the wrapping_key's modulus |
1600 // byte length minus eleven bytes. | 1600 // byte length minus eleven bytes. |
1601 const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); | 1601 const unsigned int input_length_bytes = PK11_GetKeyLength(key->key()); |
1602 const unsigned int modulus_length_bytes = | 1602 const unsigned int modulus_length_bytes = |
1603 SECKEY_PublicKeyStrength(wrapping_key->key()); | 1603 SECKEY_PublicKeyStrength(wrapping_key->key()); |
1604 if (modulus_length_bytes < 11 || | 1604 if (modulus_length_bytes < 11 || |
1605 modulus_length_bytes - 11 < input_length_bytes) | 1605 modulus_length_bytes - 11 < input_length_bytes) |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1672 key_algorithm, | 1672 key_algorithm, |
1673 usage_mask); | 1673 usage_mask); |
1674 return Status::Success(); | 1674 return Status::Success(); |
1675 } | 1675 } |
1676 | 1676 |
1677 } // namespace platform | 1677 } // namespace platform |
1678 | 1678 |
1679 } // namespace webcrypto | 1679 } // namespace webcrypto |
1680 | 1680 |
1681 } // namespace content | 1681 } // namespace content |
OLD | NEW |