content/child/webcrypto/shared_crypto.cc - Issue 329673002: [webcrypto] Restrict public exponent for RSA key generation to 3 or 65537.

Side by Side Diff: content/child/webcrypto/shared_crypto.cc

Issue 329673002: [webcrypto] Restrict public exponent for RSA key generation to 3 or 65537. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Created 6 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright 2014 The Chromium Authors. All rights reserved.	1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "content/child/webcrypto/shared_crypto.h"	5 #include "content/child/webcrypto/shared_crypto.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "content/child/webcrypto/crypto_data.h"	8 #include "content/child/webcrypto/crypto_data.h"

9 #include "content/child/webcrypto/jwk.h"	9 #include "content/child/webcrypto/jwk.h"

10 #include "content/child/webcrypto/platform_crypto.h"	10 #include "content/child/webcrypto/platform_crypto.h"

(...skipping 583 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
594 if (!ContainsKeyUsages(all_public_key_usages \| all_private_key_usages,	594 if (!ContainsKeyUsages(all_public_key_usages \| all_private_key_usages,

595 combined_usage_mask))	595 combined_usage_mask))

596 return Status::ErrorCreateKeyBadUsages();	596 return Status::ErrorCreateKeyBadUsages();

597	597

598 *public_key_usages = combined_usage_mask & all_public_key_usages;	598 *public_key_usages = combined_usage_mask & all_public_key_usages;

599 *private_key_usages = combined_usage_mask & all_private_key_usages;	599 *private_key_usages = combined_usage_mask & all_private_key_usages;

600	600

601 return Status::Success();	601 return Status::Success();

602 }	602 }

603	603

	604 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros,

	605 // to unsigned long.

	606 bool BigIntegerToLong(const uint8* data,

	607 unsigned int data_size,

	608 unsigned long* result) {

	609 // TODO(padolph): Is it correct to say that empty data is an error, or does it

	610 // mean value 0? See https://www.w3.org/Bugs/Public/show_bug.cgi?id=23655
	Ryan Sleevi 2014/06/10 23:46:44 This was answered upstream. Can you please fix thi This was answered upstream. Can you please fix this here, as it's a bug. eroman 2014/06/11 01:13:09 Yup I am aware of that (http://crbug.com/373552). Show quoted text On 2014/06/10 23:46:44, Ryan Sleevi wrote: > This was answered upstream. Can you please fix this here, as it's a bug. Yup I am aware of that (http://crbug.com/373552). I am not going to address that here, it requires some changes on Blink side first. This is strictly moving a function.
	611 if (data_size == 0)

	612 return false;

	613

	614 *result = 0;

	615 for (size_t i = 0; i < data_size; ++i) {

	616 size_t reverse_i = data_size - i - 1;

	617

	618 if (reverse_i >= sizeof(unsigned long) && data[i])

	619 return false; // Too large for a long.

	620

	621 result \|= data[i] << 8 reverse_i;

	622 }

	623 return true;

	624 }

	625

	626

604 } // namespace	627 } // namespace

605	628

606 void Init() { platform::Init(); }	629 void Init() { platform::Init(); }

607	630

608 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,	631 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,

609 const blink::WebCryptoKey& key,	632 const blink::WebCryptoKey& key,

610 const CryptoData& data,	633 const CryptoData& data,

611 std::vector<uint8>* buffer) {	634 std::vector<uint8>* buffer) {

612 if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))	635 if (!KeyUsageAllows(key, blink::WebCryptoKeyUsageEncrypt))

613 return Status::ErrorUnexpected();	636 return Status::ErrorUnexpected();

(...skipping 96 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
710	733

711 // TODO(padolph): Handle other asymmetric algorithm key generation.	734 // TODO(padolph): Handle other asymmetric algorithm key generation.

712 switch (algorithm.paramsType()) {	735 switch (algorithm.paramsType()) {

713 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: {	736 case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: {

714 const blink::WebCryptoRsaHashedKeyGenParams* params =	737 const blink::WebCryptoRsaHashedKeyGenParams* params =

715 algorithm.rsaHashedKeyGenParams();	738 algorithm.rsaHashedKeyGenParams();

716	739

717 if (!params->modulusLengthBits())	740 if (!params->modulusLengthBits())

718 return Status::ErrorGenerateRsaZeroModulus();	741 return Status::ErrorGenerateRsaZeroModulus();

719	742

720 CryptoData publicExponent(params->publicExponent());	743 unsigned long public_exponent = 0;

721 if (!publicExponent.byte_length())	744 if (!BigIntegerToLong(params->publicExponent().data(),

	745 params->publicExponent().size(),

	746 &public_exponent) \|\|

	747 (public_exponent != 3 && public_exponent != 65537)) {

722 return Status::ErrorGenerateKeyPublicExponent();	748 return Status::ErrorGenerateKeyPublicExponent();

	749 }

723	750

724 return platform::GenerateRsaKeyPair(algorithm,	751 return platform::GenerateRsaKeyPair(algorithm,

725 extractable,	752 extractable,

726 public_key_usage_mask,	753 public_key_usage_mask,

727 private_key_usage_mask,	754 private_key_usage_mask,

728 params->modulusLengthBits(),	755 params->modulusLengthBits(),

729 publicExponent,	756 public_exponent,

730 public_key,	757 public_key,

731 private_key);	758 private_key);

732 }	759 }

733 default:	760 default:

734 return Status::ErrorUnsupported();	761 return Status::ErrorUnsupported();

735 }	762 }

736 }	763 }

737	764

738 // Note that this function may be called from the target Blink thread.	765 // Note that this function may be called from the target Blink thread.

739 Status ImportKey(blink::WebCryptoKeyFormat format,	766 Status ImportKey(blink::WebCryptoKeyFormat format,

(...skipping 245 matching lines...) Expand 10 before \| Expand all \| Expand 10 after Loading...
985 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type),	1012 if (!ContainsKeyUsages(GetValidKeyUsagesForKeyType(algorithm, key_type),

986 usages))	1013 usages))

987 return Status::ErrorCreateKeyBadUsages();	1014 return Status::ErrorCreateKeyBadUsages();

988	1015

989 return Status::Success();	1016 return Status::Success();

990 }	1017 }

991	1018

992 } // namespace webcrypto	1019 } // namespace webcrypto

993	1020

994 } // namespace content	1021 } // namespace content

OLD	NEW

« no previous file with comments | « content/child/webcrypto/platform_crypto_openssl.cc ('k') | content/child/webcrypto/shared_crypto_unittest.cc » ('j') | no next file with comments »