| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "content/child/webcrypto/nss/aes_key_nss.h" |
| 6 |
| 7 #include "base/logging.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/jwk.h" |
| 10 #include "content/child/webcrypto/nss/key_nss.h" |
| 11 #include "content/child/webcrypto/nss/sym_key_nss.h" |
| 12 #include "content/child/webcrypto/status.h" |
| 13 #include "content/child/webcrypto/webcrypto_util.h" |
| 14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 15 |
| 16 namespace content { |
| 17 |
| 18 namespace webcrypto { |
| 19 |
| 20 AesAlgorithm::AesAlgorithm(CK_MECHANISM_TYPE import_mechanism, |
| 21 CK_FLAGS import_flags, |
| 22 blink::WebCryptoKeyUsageMask all_key_usages, |
| 23 const char* jwk_suffix) |
| 24 : import_mechanism_(import_mechanism), |
| 25 import_flags_(import_flags), |
| 26 all_key_usages_(all_key_usages), |
| 27 jwk_suffix_(jwk_suffix) { |
| 28 } |
| 29 |
| 30 AesAlgorithm::AesAlgorithm(CK_MECHANISM_TYPE import_mechanism, |
| 31 const char* jwk_suffix) |
| 32 : import_mechanism_(import_mechanism), |
| 33 import_flags_(CKF_ENCRYPT | CKF_DECRYPT), |
| 34 all_key_usages_(blink::WebCryptoKeyUsageEncrypt | |
| 35 blink::WebCryptoKeyUsageDecrypt | |
| 36 blink::WebCryptoKeyUsageWrapKey | |
| 37 blink::WebCryptoKeyUsageUnwrapKey), |
| 38 jwk_suffix_(jwk_suffix) { |
| 39 } |
| 40 |
| 41 Status AesAlgorithm::GenerateSecretKey( |
| 42 const blink::WebCryptoAlgorithm& algorithm, |
| 43 bool extractable, |
| 44 blink::WebCryptoKeyUsageMask usage_mask, |
| 45 blink::WebCryptoKey* key) const { |
| 46 unsigned int keylen_bits = algorithm.aesKeyGenParams()->lengthBits(); |
| 47 |
| 48 if (keylen_bits == 192) |
| 49 return Status::ErrorAes192BitUnsupported(); |
| 50 |
| 51 if (keylen_bits != 128 && keylen_bits != 256) |
| 52 return Status::ErrorGenerateKeyLength(); |
| 53 |
| 54 return GenerateSecretKeyNss( |
| 55 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 56 extractable, |
| 57 usage_mask, |
| 58 keylen_bits / 8, |
| 59 CKM_AES_KEY_GEN, |
| 60 key); |
| 61 } |
| 62 |
| 63 Status AesAlgorithm::VerifyKeyUsagesBeforeImportKey( |
| 64 blink::WebCryptoKeyFormat format, |
| 65 blink::WebCryptoKeyUsageMask usage_mask) const { |
| 66 if (format != blink::WebCryptoKeyFormatRaw && |
| 67 format != blink::WebCryptoKeyFormatJwk) |
| 68 return Status::ErrorUnsupportedImportKeyFormat(); |
| 69 |
| 70 if (!ContainsKeyUsages(all_key_usages_, usage_mask)) |
| 71 return Status::ErrorCreateKeyBadUsages(); |
| 72 |
| 73 return Status::Success(); |
| 74 } |
| 75 |
| 76 Status AesAlgorithm::VerifyKeyUsagesBeforeGenerateKey( |
| 77 blink::WebCryptoKeyUsageMask usage_mask) const { |
| 78 if (!ContainsKeyUsages(all_key_usages_, usage_mask)) |
| 79 return Status::ErrorCreateKeyBadUsages(); |
| 80 |
| 81 return Status::Success(); |
| 82 } |
| 83 |
| 84 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data, |
| 85 const blink::WebCryptoAlgorithm& algorithm, |
| 86 bool extractable, |
| 87 blink::WebCryptoKeyUsageMask usage_mask, |
| 88 blink::WebCryptoKey* key) const { |
| 89 const unsigned int keylen_bytes = key_data.byte_length(); |
| 90 |
| 91 if (keylen_bytes == 24) |
| 92 return Status::ErrorAes192BitUnsupported(); |
| 93 |
| 94 if (keylen_bytes != 16 && keylen_bytes != 32) |
| 95 return Status::ErrorImportAesKeyLength(); |
| 96 |
| 97 // No possibility of overflow. |
| 98 unsigned int keylen_bits = keylen_bytes * 8; |
| 99 |
| 100 return ImportKeyRawNss( |
| 101 key_data, |
| 102 blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits), |
| 103 extractable, |
| 104 usage_mask, |
| 105 import_mechanism_, |
| 106 import_flags_, |
| 107 key); |
| 108 } |
| 109 |
| 110 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data, |
| 111 const blink::WebCryptoAlgorithm& algorithm, |
| 112 bool extractable, |
| 113 blink::WebCryptoKeyUsageMask usage_mask, |
| 114 blink::WebCryptoKey* key) const { |
| 115 std::vector<uint8> raw_data; |
| 116 std::string jwk_algorithm_name; |
| 117 Status status = ReadSecretKeyJwk( |
| 118 key_data, "", extractable, usage_mask, &raw_data, &jwk_algorithm_name); |
| 119 if (status.IsError()) |
| 120 return status; |
| 121 |
| 122 std::string expected_algorithm_name = GetJwkAlgorithmName(raw_data.size()); |
| 123 if (!jwk_algorithm_name.empty() && |
| 124 jwk_algorithm_name != expected_algorithm_name) { |
| 125 if (jwk_algorithm_name == GetJwkAlgorithmName(16) || |
| 126 jwk_algorithm_name == GetJwkAlgorithmName(24) || |
| 127 jwk_algorithm_name == GetJwkAlgorithmName(32)) { |
| 128 return Status::ErrorJwkIncorrectKeyLength(); |
| 129 } |
| 130 return Status::ErrorJwkAlgorithmInconsistent(); |
| 131 } |
| 132 |
| 133 return ImportKeyRaw( |
| 134 CryptoData(raw_data), algorithm, extractable, usage_mask, key); |
| 135 } |
| 136 |
| 137 Status AesAlgorithm::ExportKeyRaw(const blink::WebCryptoKey& key, |
| 138 std::vector<uint8>* buffer) const { |
| 139 *buffer = SymKeyNss::Cast(key)->raw_key_data(); |
| 140 return Status::Success(); |
| 141 } |
| 142 |
| 143 Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, |
| 144 std::vector<uint8>* buffer) const { |
| 145 SymKeyNss* sym_key = SymKeyNss::Cast(key); |
| 146 const std::vector<uint8>& raw_data = sym_key->raw_key_data(); |
| 147 |
| 148 WriteSecretKeyJwk(CryptoData(raw_data), |
| 149 GetJwkAlgorithmName(raw_data.size()), |
| 150 key.extractable(), |
| 151 key.usages(), |
| 152 buffer); |
| 153 |
| 154 return Status::Success(); |
| 155 } |
| 156 |
| 157 std::string AesAlgorithm::GetJwkAlgorithmName(unsigned int keylen_bytes) const { |
| 158 if (keylen_bytes == 16) |
| 159 return std::string("A128") + jwk_suffix_; |
| 160 if (keylen_bytes == 24) |
| 161 return std::string("A192") + jwk_suffix_; |
| 162 if (keylen_bytes == 32) |
| 163 return std::string("A256") + jwk_suffix_; |
| 164 return std::string(); |
| 165 } |
| 166 |
| 167 } // namespace webcrypto |
| 168 |
| 169 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
