| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/shared_crypto.h" | 5 #include "content/child/webcrypto/shared_crypto.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" | 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/jwk.h" | 9 #include "content/child/webcrypto/jwk.h" |
| 10 #include "content/child/webcrypto/platform_crypto.h" | 10 #include "content/child/webcrypto/platform_crypto.h" |
| (...skipping 22 matching lines...) Expand all Loading... |
| 33 | 33 |
| 34 namespace { | 34 namespace { |
| 35 | 35 |
| 36 // TODO(eroman): Move this helper to WebCryptoKey. | 36 // TODO(eroman): Move this helper to WebCryptoKey. |
| 37 bool KeyUsageAllows(const blink::WebCryptoKey& key, | 37 bool KeyUsageAllows(const blink::WebCryptoKey& key, |
| 38 const blink::WebCryptoKeyUsage usage) { | 38 const blink::WebCryptoKeyUsage usage) { |
| 39 return ((key.usages() & usage) != 0); | 39 return ((key.usages() & usage) != 0); |
| 40 } | 40 } |
| 41 | 41 |
| 42 bool IsValidAesKeyLengthBits(unsigned int length_bits) { | 42 bool IsValidAesKeyLengthBits(unsigned int length_bits) { |
| 43 return length_bits == 128 || length_bits == 192 || length_bits == 256; | 43 // 192-bit AES is disallowed. |
| 44 return length_bits == 128 || length_bits == 256; |
| 44 } | 45 } |
| 45 | 46 |
| 46 bool IsValidAesKeyLengthBytes(unsigned int length_bytes) { | 47 bool IsValidAesKeyLengthBytes(unsigned int length_bytes) { |
| 47 return length_bytes == 16 || length_bytes == 24 || length_bytes == 32; | 48 // 192-bit AES is disallowed. |
| 49 return length_bytes == 16 || length_bytes == 32; |
| 48 } | 50 } |
| 49 | 51 |
| 50 const size_t kAesBlockSizeBytes = 16; | 52 const size_t kAesBlockSizeBytes = 16; |
| 51 | 53 |
| 52 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, | 54 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode, |
| 53 const blink::WebCryptoAlgorithm& algorithm, | 55 const blink::WebCryptoAlgorithm& algorithm, |
| 54 const blink::WebCryptoKey& key, | 56 const blink::WebCryptoKey& key, |
| 55 const CryptoData& data, | 57 const CryptoData& data, |
| 56 std::vector<uint8>* buffer) { | 58 std::vector<uint8>* buffer) { |
| 57 platform::SymKey* sym_key; | 59 platform::SymKey* sym_key; |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 210 Status ImportKeyRaw(const CryptoData& key_data, | 212 Status ImportKeyRaw(const CryptoData& key_data, |
| 211 const blink::WebCryptoAlgorithm& algorithm, | 213 const blink::WebCryptoAlgorithm& algorithm, |
| 212 bool extractable, | 214 bool extractable, |
| 213 blink::WebCryptoKeyUsageMask usage_mask, | 215 blink::WebCryptoKeyUsageMask usage_mask, |
| 214 blink::WebCryptoKey* key) { | 216 blink::WebCryptoKey* key) { |
| 215 switch (algorithm.id()) { | 217 switch (algorithm.id()) { |
| 216 case blink::WebCryptoAlgorithmIdAesCtr: | 218 case blink::WebCryptoAlgorithmIdAesCtr: |
| 217 case blink::WebCryptoAlgorithmIdAesCbc: | 219 case blink::WebCryptoAlgorithmIdAesCbc: |
| 218 case blink::WebCryptoAlgorithmIdAesGcm: | 220 case blink::WebCryptoAlgorithmIdAesGcm: |
| 219 case blink::WebCryptoAlgorithmIdAesKw: | 221 case blink::WebCryptoAlgorithmIdAesKw: |
| 220 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) | 222 if (!IsValidAesKeyLengthBytes(key_data.byte_length())) { |
| 221 return Status::ErrorImportAesKeyLength(); | 223 return key_data.byte_length() == 24 |
| 224 ? Status::ErrorAes192BitUnsupported() |
| 225 : Status::ErrorImportAesKeyLength(); |
| 226 } |
| 222 // Fallthrough intentional! | 227 // Fallthrough intentional! |
| 223 case blink::WebCryptoAlgorithmIdHmac: | 228 case blink::WebCryptoAlgorithmIdHmac: |
| 224 return platform::ImportKeyRaw( | 229 return platform::ImportKeyRaw( |
| 225 algorithm, key_data, extractable, usage_mask, key); | 230 algorithm, key_data, extractable, usage_mask, key); |
| 226 default: | 231 default: |
| 227 return Status::ErrorUnsupported(); | 232 return Status::ErrorUnsupported(); |
| 228 } | 233 } |
| 229 } | 234 } |
| 230 | 235 |
| 231 // Returns the key format to use for structured cloning. | 236 // Returns the key format to use for structured cloning. |
| (...skipping 389 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 621 return status; | 626 return status; |
| 622 | 627 |
| 623 unsigned int keylen_bytes = 0; | 628 unsigned int keylen_bytes = 0; |
| 624 | 629 |
| 625 // Get the secret key length in bytes from generation parameters. | 630 // Get the secret key length in bytes from generation parameters. |
| 626 // This resolves any defaults. | 631 // This resolves any defaults. |
| 627 switch (algorithm.id()) { | 632 switch (algorithm.id()) { |
| 628 case blink::WebCryptoAlgorithmIdAesCbc: | 633 case blink::WebCryptoAlgorithmIdAesCbc: |
| 629 case blink::WebCryptoAlgorithmIdAesGcm: | 634 case blink::WebCryptoAlgorithmIdAesGcm: |
| 630 case blink::WebCryptoAlgorithmIdAesKw: { | 635 case blink::WebCryptoAlgorithmIdAesKw: { |
| 631 if (!IsValidAesKeyLengthBits(algorithm.aesKeyGenParams()->lengthBits())) | 636 if (!IsValidAesKeyLengthBits(algorithm.aesKeyGenParams()->lengthBits())) { |
| 632 return Status::ErrorGenerateKeyLength(); | 637 return algorithm.aesKeyGenParams()->lengthBits() == 192 |
| 638 ? Status::ErrorAes192BitUnsupported() |
| 639 : Status::ErrorGenerateKeyLength(); |
| 640 } |
| 633 keylen_bytes = algorithm.aesKeyGenParams()->lengthBits() / 8; | 641 keylen_bytes = algorithm.aesKeyGenParams()->lengthBits() / 8; |
| 634 break; | 642 break; |
| 635 } | 643 } |
| 636 case blink::WebCryptoAlgorithmIdHmac: { | 644 case blink::WebCryptoAlgorithmIdHmac: { |
| 637 const blink::WebCryptoHmacKeyGenParams* params = | 645 const blink::WebCryptoHmacKeyGenParams* params = |
| 638 algorithm.hmacKeyGenParams(); | 646 algorithm.hmacKeyGenParams(); |
| 639 DCHECK(params); | 647 DCHECK(params); |
| 640 if (params->hasLengthBits()) { | 648 if (params->hasLengthBits()) { |
| 641 if (params->optionalLengthBits() % 8) | 649 if (params->optionalLengthBits() % 8) |
| 642 return Status::ErrorGenerateKeyLength(); | 650 return Status::ErrorGenerateKeyLength(); |
| (...skipping 295 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 938 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), | 946 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type), |
| 939 usages)) | 947 usages)) |
| 940 return Status::ErrorCreateKeyBadUsages(); | 948 return Status::ErrorCreateKeyBadUsages(); |
| 941 | 949 |
| 942 return Status::Success(); | 950 return Status::Success(); |
| 943 } | 951 } |
| 944 | 952 |
| 945 } // namespace webcrypto | 953 } // namespace webcrypto |
| 946 | 954 |
| 947 } // namespace content | 955 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 328903003:
[webcrypto] Remove support for AES 192-bit keys (2 of 2) (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src