content/child/webcrypto/platform_crypto_nss.cc - Issue 328903003: [webcrypto] Remove support for AES 192-bit keys (2 of 2)

Side by Side Diff: content/child/webcrypto/platform_crypto_nss.cc

Issue 328903003: [webcrypto] Remove support for AES 192-bit keys (2 of 2) (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/child/webcrypto/platform_crypto.h"	5 #include "content/child/webcrypto/platform_crypto.h"

6	6

7 #include <cryptohi.h>	7 #include <cryptohi.h>

8 #include <pk11pub.h>	8 #include <pk11pub.h>

9 #include <secerr.h>	9 #include <secerr.h>

10 #include <sechash.h>	10 #include <sechash.h>

(...skipping 1835 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
1846 WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags);	1846 WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags);

1847 if (status.IsError())	1847 if (status.IsError())

1848 return status;	1848 return status;

1849	1849

1850 crypto::ScopedPK11SymKey unwrapped_key;	1850 crypto::ScopedPK11SymKey unwrapped_key;

1851 status = DoUnwrapSymKeyAesKw(	1851 status = DoUnwrapSymKeyAesKw(

1852 wrapped_key_data, wrapping_key, mechanism, flags, &unwrapped_key);	1852 wrapped_key_data, wrapping_key, mechanism, flags, &unwrapped_key);

1853 if (status.IsError())	1853 if (status.IsError())

1854 return status;	1854 return status;

1855	1855

	1856 unsigned int unwrapped_key_length_bytes =

	1857 PK11_GetKeyLength(unwrapped_key.get());

	1858

	1859 if (unwrapped_key_length_bytes == 24 &&

	1860 algorithm.id() == blink::WebCryptoAlgorithmIdAesGcm) {
	Ryan Sleevi 2014/06/10 23:44:21 Adam's comments were about AES as a whole. if (Is Adam's comments were about AES as a whole. if (IsAesAlgorithm(algorithm.id()) && !IsValidAesKeyLengthBytes(...)), reject However, that you need to update this file makes me a bit nervous that we're not being consistent in handling - that is, this isn't being treated as an Import operation, we're instead going to create it directly, right? If it was import, we would only need the single path to update. eroman 2014/06/11 01:15:26 I see, I'll rework this change to apply to all of Show quoted text On 2014/06/10 23:44:21, Ryan Sleevi wrote: > Adam's comments were about AES as a whole. > > if (IsAesAlgorithm(algorithm.id()) && !IsValidAesKeyLengthBytes(...)), reject > > However, that you need to update this file makes me a bit nervous that we're not > being consistent in handling - that is, this isn't being treated as an Import > operation, we're instead going to create it directly, right? If it was import, > we would only need the single path to update. I see, I'll rework this change to apply to all of AES then. The reason there is a change in platform_crypto_nss.cc is because of how AES-KW unwrapping is implemented -- it doesn't go through the import codepath. eroman 2014/06/12 01:01:30 I sent you another CL which remove the special cas Show quoted text On 2014/06/11 01:15:26, eroman wrote: > On 2014/06/10 23:44:21, Ryan Sleevi wrote: > > Adam's comments were about AES as a whole. > > > > if (IsAesAlgorithm(algorithm.id()) && !IsValidAesKeyLengthBytes(...)), reject > > > > However, that you need to update this file makes me a bit nervous that we're > not > > being consistent in handling - that is, this isn't being treated as an Import > > operation, we're instead going to create it directly, right? If it was import, > > we would only need the single path to update. > > I see, I'll rework this change to apply to all of AES then. > > The reason there is a change in platform_crypto_nss.cc is because of how AES-KW > unwrapping is implemented -- it doesn't go through the import codepath. I sent you another CL which remove the special case for AES-KW, and have based this on top of that (so this check is gone).
	1861 return Status::ErrorAesGcm192Unsupported();

	1862 }

	1863

1856 blink::WebCryptoKeyAlgorithm key_algorithm;	1864 blink::WebCryptoKeyAlgorithm key_algorithm;

1857 if (!CreateSecretKeyAlgorithm(	1865 if (!CreateSecretKeyAlgorithm(

1858 algorithm, PK11_GetKeyLength(unwrapped_key.get()), &key_algorithm))	1866 algorithm, unwrapped_key_length_bytes, &key_algorithm))

1859 return Status::ErrorUnexpected();	1867 return Status::ErrorUnexpected();

1860	1868

1861 scoped_ptr<SymKey> key_handle;	1869 scoped_ptr<SymKey> key_handle;

1862 status = SymKey::Create(unwrapped_key.Pass(), &key_handle);	1870 status = SymKey::Create(unwrapped_key.Pass(), &key_handle);

1863 if (status.IsError())	1871 if (status.IsError())

1864 return status;	1872 return status;

1865	1873

1866 *key = blink::WebCryptoKey::create(key_handle.release(),	1874 *key = blink::WebCryptoKey::create(key_handle.release(),

1867 blink::WebCryptoKeyTypeSecret,	1875 blink::WebCryptoKeyTypeSecret,

1868 extractable,	1876 extractable,

(...skipping 23 matching lines...) Expand all Loading...
1892 buffer->assign(key_data->data, key_data->data + key_data->len);	1900 buffer->assign(key_data->data, key_data->data + key_data->len);

1893	1901

1894 return Status::Success();	1902 return Status::Success();

1895 }	1903 }

1896	1904

1897 } // namespace platform	1905 } // namespace platform

1898	1906

1899 } // namespace webcrypto	1907 } // namespace webcrypto

1900	1908

1901 } // namespace content	1909 } // namespace content

OLD	NEW

« no previous file with comments | « no previous file | content/child/webcrypto/shared_crypto.cc » ('j') | content/child/webcrypto/shared_crypto.cc » ('J')