OLD | NEW |
1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "content/child/webcrypto/platform_crypto.h" | 5 #include "content/child/webcrypto/platform_crypto.h" |
6 | 6 |
7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 #include <secerr.h> | 9 #include <secerr.h> |
10 #include <sechash.h> | 10 #include <sechash.h> |
(...skipping 513 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
524 case blink::WebCryptoAlgorithmIdAesGcm: | 524 case blink::WebCryptoAlgorithmIdAesGcm: |
525 case blink::WebCryptoAlgorithmIdAesKw: | 525 case blink::WebCryptoAlgorithmIdAesKw: |
526 return CKM_AES_KEY_GEN; | 526 return CKM_AES_KEY_GEN; |
527 case blink::WebCryptoAlgorithmIdHmac: | 527 case blink::WebCryptoAlgorithmIdHmac: |
528 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash()); | 528 return WebCryptoHashToHMACMechanism(algorithm.hmacKeyGenParams()->hash()); |
529 default: | 529 default: |
530 return CKM_INVALID_MECHANISM; | 530 return CKM_INVALID_MECHANISM; |
531 } | 531 } |
532 } | 532 } |
533 | 533 |
534 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | |
535 // to unsigned long. | |
536 bool BigIntegerToLong(const uint8* data, | |
537 unsigned int data_size, | |
538 unsigned long* result) { | |
539 // TODO(padolph): Is it correct to say that empty data is an error, or does it | |
540 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655 | |
541 if (data_size == 0) | |
542 return false; | |
543 | |
544 *result = 0; | |
545 for (size_t i = 0; i < data_size; ++i) { | |
546 size_t reverse_i = data_size - i - 1; | |
547 | |
548 if (reverse_i >= sizeof(unsigned long) && data[i]) | |
549 return false; // Too large for a long. | |
550 | |
551 *result |= data[i] << 8 * reverse_i; | |
552 } | |
553 return true; | |
554 } | |
555 | |
556 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, | 534 bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
557 SECKEYPublicKey* key, | 535 SECKEYPublicKey* key, |
558 blink::WebCryptoKeyAlgorithm* key_algorithm) { | 536 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
559 // TODO(eroman): What about other key types rsaPss, rsaOaep. | 537 // TODO(eroman): What about other key types rsaPss, rsaOaep. |
560 if (!key || key->keyType != rsaKey) | 538 if (!key || key->keyType != rsaKey) |
561 return false; | 539 return false; |
562 | 540 |
563 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; | 541 unsigned int modulus_length_bits = SECKEY_PublicKeyStrength(key) * 8; |
564 CryptoData public_exponent(key->u.rsa.publicExponent.data, | 542 CryptoData public_exponent(key->u.rsa.publicExponent.data, |
565 key->u.rsa.publicExponent.len); | 543 key->u.rsa.publicExponent.len); |
(...skipping 870 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1436 | 1414 |
1437 // ----------------------------------- | 1415 // ----------------------------------- |
1438 // Key generation | 1416 // Key generation |
1439 // ----------------------------------- | 1417 // ----------------------------------- |
1440 | 1418 |
1441 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, | 1419 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm, |
1442 bool extractable, | 1420 bool extractable, |
1443 blink::WebCryptoKeyUsageMask public_key_usage_mask, | 1421 blink::WebCryptoKeyUsageMask public_key_usage_mask, |
1444 blink::WebCryptoKeyUsageMask private_key_usage_mask, | 1422 blink::WebCryptoKeyUsageMask private_key_usage_mask, |
1445 unsigned int modulus_length_bits, | 1423 unsigned int modulus_length_bits, |
1446 const CryptoData& public_exponent, | 1424 unsigned long public_exponent, |
1447 blink::WebCryptoKey* public_key, | 1425 blink::WebCryptoKey* public_key, |
1448 blink::WebCryptoKey* private_key) { | 1426 blink::WebCryptoKey* private_key) { |
1449 if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep && | 1427 if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep && |
1450 !g_nss_runtime_support.Get().IsRsaOaepSupported()) { | 1428 !g_nss_runtime_support.Get().IsRsaOaepSupported()) { |
1451 return Status::ErrorUnsupported(); | 1429 return Status::ErrorUnsupported(); |
1452 } | 1430 } |
1453 | 1431 |
1454 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); | 1432 crypto::ScopedPK11Slot slot(PK11_GetInternalKeySlot()); |
1455 if (!slot) | 1433 if (!slot) |
1456 return Status::OperationError(); | 1434 return Status::OperationError(); |
1457 | 1435 |
1458 unsigned long public_exponent_long; | |
1459 if (!BigIntegerToLong(public_exponent.bytes(), | |
1460 public_exponent.byte_length(), | |
1461 &public_exponent_long) || | |
1462 !public_exponent_long) { | |
1463 return Status::ErrorGenerateKeyPublicExponent(); | |
1464 } | |
1465 | |
1466 PK11RSAGenParams rsa_gen_params; | 1436 PK11RSAGenParams rsa_gen_params; |
1467 rsa_gen_params.keySizeInBits = modulus_length_bits; | 1437 rsa_gen_params.keySizeInBits = modulus_length_bits; |
1468 rsa_gen_params.pe = public_exponent_long; | 1438 rsa_gen_params.pe = public_exponent; |
1469 | 1439 |
1470 // Flags are verified at the Blink layer; here the flags are set to all | 1440 // Flags are verified at the Blink layer; here the flags are set to all |
1471 // possible operations for the given key type. | 1441 // possible operations for the given key type. |
1472 CK_FLAGS operation_flags; | 1442 CK_FLAGS operation_flags; |
1473 switch (algorithm.id()) { | 1443 switch (algorithm.id()) { |
1474 case blink::WebCryptoAlgorithmIdRsaOaep: | 1444 case blink::WebCryptoAlgorithmIdRsaOaep: |
1475 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; | 1445 operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP; |
1476 break; | 1446 break; |
1477 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: | 1447 case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: |
1478 operation_flags = CKF_SIGN | CKF_VERIFY; | 1448 operation_flags = CKF_SIGN | CKF_VERIFY; |
(...skipping 413 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1892 buffer->assign(key_data->data, key_data->data + key_data->len); | 1862 buffer->assign(key_data->data, key_data->data + key_data->len); |
1893 | 1863 |
1894 return Status::Success(); | 1864 return Status::Success(); |
1895 } | 1865 } |
1896 | 1866 |
1897 } // namespace platform | 1867 } // namespace platform |
1898 | 1868 |
1899 } // namespace webcrypto | 1869 } // namespace webcrypto |
1900 | 1870 |
1901 } // namespace content | 1871 } // namespace content |
OLD | NEW |