Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(570)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/platform_crypto_nss.cc

Issue 329673002: [webcrypto] Restrict public exponent for RSA key generation to 3 or 65537. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Created 6 years, 6 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/child/webcrypto/platform_crypto.h ('k') | content/child/webcrypto/platform_crypto_openssl.cc » ('j') | content/child/webcrypto/shared_crypto.cc » ('J')
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2014 The Chromium Authors. All rights reserved. 1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "content/child/webcrypto/platform_crypto.h" 5 #include "content/child/webcrypto/platform_crypto.h"
6 6
7 #include <cryptohi.h> 7 #include <cryptohi.h>
8 #include <pk11pub.h> 8 #include <pk11pub.h>
9 #include <secerr.h> 9 #include <secerr.h>
10 #include <sechash.h> 10 #include <sechash.h>
(...skipping 513 matching lines...) Expand 10 before | Expand all | Expand 10 after
524 case blink::WebCryptoAlgorithmIdAesGcm: 524 case blink::WebCryptoAlgorithmIdAesGcm:
525 case blink::WebCryptoAlgorithmIdAesKw: 525 case blink::WebCryptoAlgorithmIdAesKw:
526 return CKM_AES_KEY_GEN; 526 return CKM_AES_KEY_GEN;
527 case blink::WebCryptoAlgorithmIdHmac: 527 case blink::WebCryptoAlgorithmIdHmac:
528 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash()); 528 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash());
529 default: 529 default:
530 return CKM_INVALID_MECHANISM; 530 return CKM_INVALID_MECHANISM;
531 } 531 }
532 } 532 }
533 533
534 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,
535 // to unsigned long.
536 bool BigIntegerToLong(const uint8* data,
537 unsigned int data_size,
538 unsigned long* result) {
539 // TODO(padolph): Is it correct to say that empty data is an error, or does it
540 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655
541 if (data_size == 0)
542 return false;
543
544 *result = 0;
545 for (size_t i = 0; i < data_size; ++i) {
546 size_t reverse_i = data_size - i - 1;
547
548 if (reverse_i >= sizeof(unsigned long) && data[i])
549 return false; // Too large for a long.
550
551 *result |= data[i] << 8 * reverse_i;
552 }
553 return true;
554 }
555
556 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, 534 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
557 SECKEYPublicKey* key, 535 SECKEYPublicKey* key,
558 blink::WebCryptoKeyAlgorithm* key_algorithm) { 536 blink::WebCryptoKeyAlgorithm* key_algorithm) {
559 // TODO(eroman): What about other key types rsaPss, rsaOaep. 537 // TODO(eroman): What about other key types rsaPss, rsaOaep.
560 if (!key || key->keyType != rsaKey) 538 if (!key || key->keyType != rsaKey)
561 return false; 539 return false;
562 540
563 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; 541 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8;
564 CryptoData public_exponent(key->u.rsa.publicExponent.data, 542 CryptoData public_exponent(key->u.rsa.publicExponent.data,
565 key->u.rsa.publicExponent.len); 543 key->u.rsa.publicExponent.len);
(...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after
1436 1414
1437 // ----------------------------------- 1415 // -----------------------------------
1438 // Key generation 1416 // Key generation
1439 // ----------------------------------- 1417 // -----------------------------------
1440 1418
1441 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, 1419 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
1442 bool extractable, 1420 bool extractable,
1443 blink::WebCryptoKeyUsageMask public_key_usage_mask, 1421 blink::WebCryptoKeyUsageMask public_key_usage_mask,
1444 blink::WebCryptoKeyUsageMask private_key_usage_mask, 1422 blink::WebCryptoKeyUsageMask private_key_usage_mask,
1445 unsigned int modulus_length_bits, 1423 unsigned int modulus_length_bits,
1446 const CryptoData& public_exponent, 1424 unsigned long public_exponent,
1447 blink::WebCryptoKey* public_key, 1425 blink::WebCryptoKey* public_key,
1448 blink::WebCryptoKey* private_key) { 1426 blink::WebCryptoKey* private_key) {
1449 if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep && 1427 if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&
1450 !g_nss_runtime_support.Get().IsRsaOaepSupported()) { 1428 !g_nss_runtime_support.Get().IsRsaOaepSupported()) {
1451 return Status::ErrorUnsupported(); 1429 return Status::ErrorUnsupported();
1452 } 1430 }
1453 1431
1454 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); 1432 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot());
1455 if (!slot) 1433 if (!slot)
1456 return Status::OperationError(); 1434 return Status::OperationError();
1457 1435
1458 unsigned long public_exponent_long;
1459 if (!BigIntegerToLong(public_exponent.bytes(),
1460 public_exponent.byte_length(),
1461 &public_exponent_long) ||
1462 !public_exponent_long) {
1463 return Status::ErrorGenerateKeyPublicExponent();
1464 }
1465
1466 PK11RSAGenParams rsa_gen_params; 1436 PK11RSAGenParams rsa_gen_params;
1467 rsa_gen_params.keySizeInBits = modulus_length_bits; 1437 rsa_gen_params.keySizeInBits = modulus_length_bits;
1468 rsa_gen_params.pe = public_exponent_long; 1438 rsa_gen_params.pe = public_exponent;
1469 1439
1470 // Flags are verified at the Blink layer; here the flags are set to all 1440 // Flags are verified at the Blink layer; here the flags are set to all
1471 // possible operations for the given key type. 1441 // possible operations for the given key type.
1472 CK_FLAGS operation_flags; 1442 CK_FLAGS operation_flags;
1473 switch (algorithm.id()) { 1443 switch (algorithm.id()) {
1474 case blink::WebCryptoAlgorithmIdRsaOaep: 1444 case blink::WebCryptoAlgorithmIdRsaOaep:
1475 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; 1445 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
1476 break; 1446 break;
1477 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: 1447 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
1478 operation_flags = CKF_SIGN | CKF_VERIFY; 1448 operation_flags = CKF_SIGN | CKF_VERIFY;
(...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after
1892 buffer->assign(key_data->data, key_data->data + key_data->len); 1862 buffer->assign(key_data->data, key_data->data + key_data->len);
1893 1863
1894 return Status::Success(); 1864 return Status::Success();
1895 } 1865 }
1896 1866
1897 } // namespace platform 1867 } // namespace platform
1898 1868
1899 } // namespace webcrypto 1869 } // namespace webcrypto
1900 1870
1901 } // namespace content 1871 } // namespace content
OLDNEW
« no previous file with comments | « content/child/webcrypto/platform_crypto.h ('k') | content/child/webcrypto/platform_crypto_openssl.cc » ('j') | content/child/webcrypto/shared_crypto.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698