| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
| 10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
| (...skipping 141 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 152 if (status.IsError()) | 152 if (status.IsError()) |
| 153 return status; | 153 return status; |
| 154 | 154 |
| 155 // RSAES decryption does not support empty input | 155 // RSAES decryption does not support empty input |
| 156 if (!data.byte_length()) | 156 if (!data.byte_length()) |
| 157 return Status::ErrorDataTooSmall(); | 157 return Status::ErrorDataTooSmall(); |
| 158 | 158 |
| 159 return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer); | 159 return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer); |
| 160 } | 160 } |
| 161 | 161 |
| 162 Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, |
| 163 const blink::WebCryptoKey& key, |
| 164 const CryptoData& data, |
| 165 std::vector<uint8>* buffer) { |
| 166 platform::PublicKey* public_key; |
| 167 Status status = ToPlatformPublicKey(key, &public_key); |
| 168 if (status.IsError()) |
| 169 return status; |
| 170 |
| 171 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); |
| 172 if (!params) |
| 173 return Status::ErrorUnexpected(); |
| 174 |
| 175 return platform::EncryptRsaOaep(public_key, |
| 176 key.algorithm().rsaHashedParams()->hash(), |
| 177 CryptoData(params->optionalLabel()), |
| 178 data, |
| 179 buffer); |
| 180 } |
| 181 |
| 182 Status DecryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm, |
| 183 const blink::WebCryptoKey& key, |
| 184 const CryptoData& data, |
| 185 std::vector<uint8>* buffer) { |
| 186 platform::PrivateKey* private_key; |
| 187 Status status = ToPlatformPrivateKey(key, &private_key); |
| 188 if (status.IsError()) |
| 189 return status; |
| 190 |
| 191 const blink::WebCryptoRsaOaepParams* params = algorithm.rsaOaepParams(); |
| 192 if (!params) |
| 193 return Status::ErrorUnexpected(); |
| 194 |
| 195 return platform::DecryptRsaOaep(private_key, |
| 196 key.algorithm().rsaHashedParams()->hash(), |
| 197 CryptoData(params->optionalLabel()), |
| 198 data, |
| 199 buffer); |
| 200 } |
| 201 |
| 162 Status SignHmac(const blink::WebCryptoAlgorithm& algorithm, | 202 Status SignHmac(const blink::WebCryptoAlgorithm& algorithm, |
| 163 const blink::WebCryptoKey& key, | 203 const blink::WebCryptoKey& key, |
| 164 const CryptoData& data, | 204 const CryptoData& data, |
| 165 std::vector<uint8>* buffer) { | 205 std::vector<uint8>* buffer) { |
| 166 platform::SymKey* sym_key; | 206 platform::SymKey* sym_key; |
| 167 Status status = ToPlatformSymKey(key, &sym_key); | 207 Status status = ToPlatformSymKey(key, &sym_key); |
| 168 if (status.IsError()) | 208 if (status.IsError()) |
| 169 return status; | 209 return status; |
| 170 | 210 |
| 171 return platform::SignHmac( | 211 return platform::SignHmac( |
| (...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 428 std::vector<uint8>* buffer) { | 468 std::vector<uint8>* buffer) { |
| 429 if (algorithm.id() != key.algorithm().id()) | 469 if (algorithm.id() != key.algorithm().id()) |
| 430 return Status::ErrorUnexpected(); | 470 return Status::ErrorUnexpected(); |
| 431 switch (algorithm.id()) { | 471 switch (algorithm.id()) { |
| 432 case blink::WebCryptoAlgorithmIdAesCbc: | 472 case blink::WebCryptoAlgorithmIdAesCbc: |
| 433 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); | 473 return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer); |
| 434 case blink::WebCryptoAlgorithmIdAesGcm: | 474 case blink::WebCryptoAlgorithmIdAesGcm: |
| 435 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); | 475 return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer); |
| 436 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | 476 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
| 437 return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | 477 return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); |
| 478 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 479 return DecryptRsaOaep(algorithm, key, data, buffer); |
| 438 case blink::WebCryptoAlgorithmIdAesKw: | 480 case blink::WebCryptoAlgorithmIdAesKw: |
| 439 return DecryptAesKw(algorithm, key, data, buffer); | 481 return DecryptAesKw(algorithm, key, data, buffer); |
| 440 default: | 482 default: |
| 441 return Status::ErrorUnsupported(); | 483 return Status::ErrorUnsupported(); |
| 442 } | 484 } |
| 443 } | 485 } |
| 444 | 486 |
| 445 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, | 487 Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm, |
| 446 const blink::WebCryptoKey& key, | 488 const blink::WebCryptoKey& key, |
| 447 const CryptoData& data, | 489 const CryptoData& data, |
| 448 std::vector<uint8>* buffer) { | 490 std::vector<uint8>* buffer) { |
| 449 if (algorithm.id() != key.algorithm().id()) | 491 if (algorithm.id() != key.algorithm().id()) |
| 450 return Status::ErrorUnexpected(); | 492 return Status::ErrorUnexpected(); |
| 451 switch (algorithm.id()) { | 493 switch (algorithm.id()) { |
| 452 case blink::WebCryptoAlgorithmIdAesCbc: | 494 case blink::WebCryptoAlgorithmIdAesCbc: |
| 453 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); | 495 return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer); |
| 454 case blink::WebCryptoAlgorithmIdAesGcm: | 496 case blink::WebCryptoAlgorithmIdAesGcm: |
| 455 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); | 497 return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer); |
| 456 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: | 498 case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: |
| 457 return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); | 499 return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer); |
| 500 case blink::WebCryptoAlgorithmIdRsaOaep: |
| 501 return EncryptRsaOaep(algorithm, key, data, buffer); |
| 458 default: | 502 default: |
| 459 return Status::ErrorUnsupported(); | 503 return Status::ErrorUnsupported(); |
| 460 } | 504 } |
| 461 } | 505 } |
| 462 | 506 |
| 463 Status UnwrapKeyDecryptAndImport( | 507 Status UnwrapKeyDecryptAndImport( |
| 464 blink::WebCryptoKeyFormat format, | 508 blink::WebCryptoKeyFormat format, |
| 465 const CryptoData& wrapped_key_data, | 509 const CryptoData& wrapped_key_data, |
| 466 const blink::WebCryptoKey& wrapping_key, | 510 const blink::WebCryptoKey& wrapping_key, |
| 467 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 511 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| (...skipping 287 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 755 const blink::WebCryptoKey& wrapping_key, | 799 const blink::WebCryptoKey& wrapping_key, |
| 756 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 800 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 757 std::vector<uint8>* buffer) { | 801 std::vector<uint8>* buffer) { |
| 758 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) | 802 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageWrapKey)) |
| 759 return Status::ErrorUnexpected(); | 803 return Status::ErrorUnexpected(); |
| 760 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 804 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 761 return Status::ErrorUnexpected(); | 805 return Status::ErrorUnexpected(); |
| 762 | 806 |
| 763 switch (format) { | 807 switch (format) { |
| 764 case blink::WebCryptoKeyFormatRaw: | 808 case blink::WebCryptoKeyFormatRaw: |
| 765 return WrapKeyRaw(key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 809 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || |
| 810 wrapping_algorithm.id() == |
| 811 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { |
| 812 // AES-KW is a special case, due to NSS's implementation only |
| 813 // supporting C_Wrap/C_Unwrap with AES-KW |
| 814 return WrapKeyRaw( |
| 815 key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 816 } |
| 817 return WrapKeyExportAndEncrypt( |
| 818 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 766 case blink::WebCryptoKeyFormatJwk: | 819 case blink::WebCryptoKeyFormatJwk: |
| 767 return WrapKeyExportAndEncrypt( | 820 return WrapKeyExportAndEncrypt( |
| 768 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); | 821 format, key_to_wrap, wrapping_key, wrapping_algorithm, buffer); |
| 769 case blink::WebCryptoKeyFormatSpki: | 822 case blink::WebCryptoKeyFormatSpki: |
| 770 case blink::WebCryptoKeyFormatPkcs8: | 823 case blink::WebCryptoKeyFormatPkcs8: |
| 771 return Status::ErrorUnsupported(); // TODO(padolph) | 824 return Status::ErrorUnsupported(); // TODO(padolph) |
| 772 default: | 825 default: |
| 773 NOTREACHED(); | 826 NOTREACHED(); |
| 774 return Status::ErrorUnsupported(); | 827 return Status::ErrorUnsupported(); |
| 775 } | 828 } |
| 776 } | 829 } |
| 777 | 830 |
| 778 Status UnwrapKey(blink::WebCryptoKeyFormat format, | 831 Status UnwrapKey(blink::WebCryptoKeyFormat format, |
| 779 const CryptoData& wrapped_key_data, | 832 const CryptoData& wrapped_key_data, |
| 780 const blink::WebCryptoKey& wrapping_key, | 833 const blink::WebCryptoKey& wrapping_key, |
| 781 const blink::WebCryptoAlgorithm& wrapping_algorithm, | 834 const blink::WebCryptoAlgorithm& wrapping_algorithm, |
| 782 const blink::WebCryptoAlgorithm& algorithm, | 835 const blink::WebCryptoAlgorithm& algorithm, |
| 783 bool extractable, | 836 bool extractable, |
| 784 blink::WebCryptoKeyUsageMask usage_mask, | 837 blink::WebCryptoKeyUsageMask usage_mask, |
| 785 blink::WebCryptoKey* key) { | 838 blink::WebCryptoKey* key) { |
| 786 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) | 839 if (!KeyUsageAllows(wrapping_key, blink::WebCryptoKeyUsageUnwrapKey)) |
| 787 return Status::ErrorUnexpected(); | 840 return Status::ErrorUnexpected(); |
| 788 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) | 841 if (wrapping_algorithm.id() != wrapping_key.algorithm().id()) |
| 789 return Status::ErrorUnexpected(); | 842 return Status::ErrorUnexpected(); |
| 790 | 843 |
| 791 switch (format) { | 844 switch (format) { |
| 792 case blink::WebCryptoKeyFormatRaw: | 845 case blink::WebCryptoKeyFormatRaw: |
| 793 return UnwrapKeyRaw(wrapped_key_data, | 846 if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw || |
| 794 wrapping_key, | 847 wrapping_algorithm.id() == |
| 795 wrapping_algorithm, | 848 blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) { |
| 796 algorithm, | 849 // AES-KW is a special case, due to NSS's implementation only |
| 797 extractable, | 850 // supporting C_Wrap/C_Unwrap with AES-KW |
| 798 usage_mask, | 851 return UnwrapKeyRaw(wrapped_key_data, |
| 799 key); | 852 wrapping_key, |
| 853 wrapping_algorithm, |
| 854 algorithm, |
| 855 extractable, |
| 856 usage_mask, |
| 857 key); |
| 858 } |
| 859 return UnwrapKeyDecryptAndImport(format, |
| 860 wrapped_key_data, |
| 861 wrapping_key, |
| 862 wrapping_algorithm, |
| 863 algorithm, |
| 864 extractable, |
| 865 usage_mask, |
| 866 key); |
| 800 case blink::WebCryptoKeyFormatJwk: | 867 case blink::WebCryptoKeyFormatJwk: |
| 801 return UnwrapKeyDecryptAndImport(format, | 868 return UnwrapKeyDecryptAndImport(format, |
| 802 wrapped_key_data, | 869 wrapped_key_data, |
| 803 wrapping_key, | 870 wrapping_key, |
| 804 wrapping_algorithm, | 871 wrapping_algorithm, |
| 805 algorithm, | 872 algorithm, |
| 806 extractable, | 873 extractable, |
| 807 usage_mask, | 874 usage_mask, |
| 808 key); | 875 key); |
| 809 case blink::WebCryptoKeyFormatSpki: | 876 case blink::WebCryptoKeyFormatSpki: |
| (...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 844 usage_mask, | 911 usage_mask, |
| 845 key); | 912 key); |
| 846 if (status.IsError()) | 913 if (status.IsError()) |
| 847 return false; | 914 return false; |
| 848 return ValidateDeserializedKey(*key, algorithm, type); | 915 return ValidateDeserializedKey(*key, algorithm, type); |
| 849 } | 916 } |
| 850 | 917 |
| 851 } // namespace webcrypto | 918 } // namespace webcrypto |
| 852 | 919 |
| 853 } // namespace content | 920 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 275943004:
Add support for RSA-OAEP when using NSS 3.16.2 or later (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src