[webcrypto] Disable RSA key import for NSS versions less than 3.16.2.

content/child/webcrypto/platform_crypto_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/platform_crypto.h"
 
 #include <cryptohi.h>
 #include <pk11pub.h>
 #include <secerr.h>
 #include <sechash.h>
@@ skipping 259 matching lines @@
   explicit PrivateKey(crypto::ScopedSECKEYPrivateKey key) : key_(key.Pass()) {}
 
   crypto::ScopedSECKEYPrivateKey key_;
   std::vector<uint8> serialized_key_;
 
   DISALLOW_COPY_AND_ASSIGN(PrivateKey);
 };
 
 namespace {
 
+Status NssSupportsKeyImport(blink::WebCryptoAlgorithmId algorithm) {
+  if (IsAlgorithmRsa(algorithm) && !NSS_VersionCheck("3.16.2")) {

[Ryan Sleevi, 2014/06/17 19:40:07]

Sadly, this isn't sufficient -_-

if (!IsAlgorithmRsa(...)) {
  return Status::Success();
}

bool is_rsa_safe = !!NSS_VerionCheck("3.16.2");
if (is_rsa_safe) {
  // Also ensure that the version of Softoken is at 3.16.2 or later.
  ScopedPK11SlotInfo slot(PK11_GetInternalSlot());
  CK_SLOT_INFO info = {};
  if (PK11_GetSlotInfo(slot.get(), &info) == SECFailure) {
    is_rsa_safe = false;
  } else {
    // CK_SLOT_INFO.hardwareVersion contains the major.minor
    // version info for Softoken in the corresponding .major/.minor
    // fields, and .firmwareVersion contains the patch.build
    // version info (in the .major/.minor fields)
    is_rsa_safe =
      (info.hardwareVersion.major > 3) ||
      (info.hardwareVersion.major == 3 &&
        (info.hardwareVersion.minor > 16 ||
          (info.hardwareVersion.minor == 16 &&
           info.firmwareVersion.major >= 2)));
  }
}

if (is_rsa_safe)
  return Status::Success();

return Status::ErrorUnsupported(...);

[eroman, 2014/06/17 20:00:16]

Done.

+    // Prior to NSS 3.16.2 RSA key parameters were not validated. This is
+    // a security problem for RSA private key import from JWK which uses a
+    // CKA_ID based on the public modulus to retrieve the private key.
+    return Status::ErrorUnsupported(
+        "NSS version must be at least 3.16.2 for RSA key import. See "
+        "http://crbug.com/380424");
+  }
+  return Status::Success();
+}
+
 // Creates a SECItem for the data in |buffer|. This does NOT make a copy, so
 // |buffer| should outlive the SECItem.
 SECItem MakeSECItemForBuffer(const CryptoData& buffer) {
   SECItem item = {
       siBuffer,
       // NSS requires non-const data even though it is just for input.
       const_cast<unsigned char*>(buffer.bytes()), buffer.byte_length()};
   return item;
 }
 
@@ skipping 673 matching lines @@
   return false;
 }
 
 }  // namespace
 
 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,
                      const CryptoData& key_data,
                      bool extractable,
                      blink::WebCryptoKeyUsageMask usage_mask,
                      blink::WebCryptoKey* key) {
+  Status status = NssSupportsKeyImport(algorithm.id());
+  if (status.IsError())
+    return status;
+
   DCHECK(key);
 
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
 
   // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 Subject
   // Public Key Info. Decode this to a CERTSubjectPublicKeyInfo.
   SECItem spki_item = MakeSECItemForBuffer(key_data);
   const ScopedCERTSubjectPublicKeyInfo spki(
       SECKEY_DecodeDERSubjectPublicKeyInfo(&spki_item));
   if (!spki)
     return Status::DataError();
 
   crypto::ScopedSECKEYPublicKey sec_public_key(
       SECKEY_ExtractPublicKey(spki.get()));
   if (!sec_public_key)
     return Status::DataError();
 
   const KeyType sec_key_type = SECKEY_GetPublicKeyType(sec_public_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
     return Status::DataError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePublicKeyAlgorithm(
           algorithm, sec_public_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   scoped_ptr<PublicKey> key_handle;
-  Status status = PublicKey::Create(sec_public_key.Pass(), &key_handle);
+  status = PublicKey::Create(sec_public_key.Pass(), &key_handle);
   if (status.IsError())
     return status;
 
   *key = blink::WebCryptoKey::create(key_handle.release(),
                                      blink::WebCryptoKeyTypePublic,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
 
   return Status::Success();
@@ skipping 119 matching lines @@
 
   buffer->assign(encoded_key->data, encoded_key->data + encoded_key->len);
   return Status::Success();
 }
 
 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,
                       const CryptoData& key_data,
                       bool extractable,
                       blink::WebCryptoKeyUsageMask usage_mask,
                       blink::WebCryptoKey* key) {
+  Status status = NssSupportsKeyImport(algorithm.id());
+  if (status.IsError())
+    return status;
+
   DCHECK(key);
 
   if (!key_data.byte_length())
     return Status::ErrorImportEmptyKeyData();
   DCHECK(key_data.bytes());
 
   // The binary blob 'key_data' is expected to be a DER-encoded ASN.1 PKCS#8
   // private key info object.
   SECItem pki_der = MakeSECItemForBuffer(key_data);
 
@@ skipping 15 matching lines @@
 
   const KeyType sec_key_type = SECKEY_GetPrivateKeyType(private_key.get());
   if (!ValidateNssKeyTypeAgainstInputAlgorithm(sec_key_type, algorithm))
     return Status::DataError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   scoped_ptr<PrivateKey> key_handle;
-  Status status =
-      PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle);
+  status = PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle);
   if (status.IsError())
     return status;
 
   *key = blink::WebCryptoKey::create(key_handle.release(),
                                      blink::WebCryptoKeyTypePrivate,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
 
   return Status::Success();
@@ skipping 473 matching lines @@
                            blink::WebCryptoKeyUsageMask usage_mask,
                            const CryptoData& modulus,
                            const CryptoData& public_exponent,
                            const CryptoData& private_exponent,
                            const CryptoData& prime1,
                            const CryptoData& prime2,
                            const CryptoData& exponent1,
                            const CryptoData& exponent2,
                            const CryptoData& coefficient,
                            blink::WebCryptoKey* key) {
+  Status status = NssSupportsKeyImport(algorithm.id());
+  if (status.IsError())
+    return status;
+
   CK_OBJECT_CLASS obj_class = CKO_PRIVATE_KEY;
   CK_KEY_TYPE key_type = CKK_RSA;
   CK_BBOOL ck_false = CK_FALSE;
 
   std::vector<CK_ATTRIBUTE> key_template;
 
   AddAttribute(CKA_CLASS, &obj_class, sizeof(obj_class), &key_template);
   AddAttribute(CKA_KEY_TYPE, &key_type, sizeof(key_type), &key_template);
   AddAttribute(CKA_TOKEN, &ck_false, sizeof(ck_false), &key_template);
   AddAttribute(CKA_SENSITIVE, &ck_false, sizeof(ck_false), &key_template);
@@ skipping 61 matching lines @@
       SECKEY_CopyPrivateKey(private_key_tmp.get()));
 
   if (!private_key)
     return Status::OperationError();
 
   blink::WebCryptoKeyAlgorithm key_algorithm;
   if (!CreatePrivateKeyAlgorithm(algorithm, private_key.get(), &key_algorithm))
     return Status::ErrorUnexpected();
 
   scoped_ptr<PrivateKey> key_handle;
-  Status status =
-      PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle);
+  status = PrivateKey::Create(private_key.Pass(), key_algorithm, &key_handle);
   if (status.IsError())
     return status;
 
   *key = blink::WebCryptoKey::create(key_handle.release(),
                                      blink::WebCryptoKeyTypePrivate,
                                      extractable,
                                      key_algorithm,
                                      usage_mask);
   return Status::Success();
 }
@@ skipping 83 matching lines @@
                            std::vector<uint8>* buffer) {
   return mode == ENCRYPT ? EncryptAesKw(wrapping_key, data, buffer)
                          : DecryptAesKw(wrapping_key, data, buffer);
 }
 
 }  // namespace platform
 
 }  // namespace webcrypto
 
 }  // namespace content