| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <openssl/aes.h> |
| 6 #include <openssl/evp.h> |
| 7 |
| 8 #include "base/logging.h" |
| 9 #include "content/child/webcrypto/crypto_data.h" |
| 10 #include "content/child/webcrypto/openssl/aes_key_openssl.h" |
| 11 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 12 #include "content/child/webcrypto/status.h" |
| 13 #include "content/child/webcrypto/webcrypto_util.h" |
| 14 #include "crypto/scoped_openssl_types.h" |
| 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 16 |
| 17 namespace content { |
| 18 |
| 19 namespace webcrypto { |
| 20 |
| 21 namespace { |
| 22 |
| 23 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) { |
| 24 switch (key_length_bytes) { |
| 25 case 16: |
| 26 return EVP_aes_128_cbc(); |
| 27 case 24: |
| 28 return EVP_aes_192_cbc(); |
| 29 case 32: |
| 30 return EVP_aes_256_cbc(); |
| 31 default: |
| 32 return NULL; |
| 33 } |
| 34 } |
| 35 |
| 36 // OpenSSL constants for EVP_CipherInit_ex(), do not change |
| 37 enum CipherOperation { kDoDecrypt = 0, kDoEncrypt = 1 }; |
| 38 |
| 39 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation, |
| 40 const blink::WebCryptoAlgorithm& algorithm, |
| 41 const blink::WebCryptoKey& key, |
| 42 const CryptoData& data, |
| 43 std::vector<uint8>* buffer) { |
| 44 const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams(); |
| 45 const std::vector<uint8>& raw_key = SymKeyOpenSsl::Cast(key)->raw_key_data(); |
| 46 |
| 47 if (params->iv().size() != 16) |
| 48 return Status::ErrorIncorrectSizeAesCbcIv(); |
| 49 |
| 50 if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) { |
| 51 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right |
| 52 // now it doesn't make much difference since the one-shot API would end up |
| 53 // blowing out the memory and crashing anyway. |
| 54 return Status::ErrorDataTooLarge(); |
| 55 } |
| 56 |
| 57 // Note: PKCS padding is enabled by default |
| 58 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context( |
| 59 EVP_CIPHER_CTX_new()); |
| 60 |
| 61 if (!context.get()) |
| 62 return Status::OperationError(); |
| 63 |
| 64 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(raw_key.size()); |
| 65 DCHECK(cipher); |
| 66 |
| 67 if (!EVP_CipherInit_ex(context.get(), |
| 68 cipher, |
| 69 NULL, |
| 70 &raw_key[0], |
| 71 params->iv().data(), |
| 72 cipher_operation)) { |
| 73 return Status::OperationError(); |
| 74 } |
| 75 |
| 76 // According to the openssl docs, the amount of data written may be as large |
| 77 // as (data_size + cipher_block_size - 1), constrained to a multiple of |
| 78 // cipher_block_size. |
| 79 unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1; |
| 80 const unsigned remainder = output_max_len % AES_BLOCK_SIZE; |
| 81 if (remainder != 0) |
| 82 output_max_len += AES_BLOCK_SIZE - remainder; |
| 83 DCHECK_GT(output_max_len, data.byte_length()); |
| 84 |
| 85 buffer->resize(output_max_len); |
| 86 |
| 87 unsigned char* const buffer_data = Uint8VectorStart(buffer); |
| 88 |
| 89 int output_len = 0; |
| 90 if (!EVP_CipherUpdate(context.get(), |
| 91 buffer_data, |
| 92 &output_len, |
| 93 data.bytes(), |
| 94 data.byte_length())) |
| 95 return Status::OperationError(); |
| 96 int final_output_chunk_len = 0; |
| 97 if (!EVP_CipherFinal_ex( |
| 98 context.get(), buffer_data + output_len, &final_output_chunk_len)) { |
| 99 return Status::OperationError(); |
| 100 } |
| 101 |
| 102 const unsigned int final_output_len = |
| 103 static_cast<unsigned int>(output_len) + |
| 104 static_cast<unsigned int>(final_output_chunk_len); |
| 105 DCHECK_LE(final_output_len, output_max_len); |
| 106 |
| 107 buffer->resize(final_output_len); |
| 108 |
| 109 return Status::Success(); |
| 110 } |
| 111 |
| 112 class AesCbcImplementation : public AesAlgorithm { |
| 113 public: |
| 114 AesCbcImplementation() : AesAlgorithm("CBC") {} |
| 115 |
| 116 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
| 117 const blink::WebCryptoKey& key, |
| 118 const CryptoData& data, |
| 119 std::vector<uint8>* buffer) const OVERRIDE { |
| 120 return AesCbcEncryptDecrypt(kDoEncrypt, algorithm, key, data, buffer); |
| 121 } |
| 122 |
| 123 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, |
| 124 const blink::WebCryptoKey& key, |
| 125 const CryptoData& data, |
| 126 std::vector<uint8>* buffer) const OVERRIDE { |
| 127 return AesCbcEncryptDecrypt(kDoDecrypt, algorithm, key, data, buffer); |
| 128 } |
| 129 }; |
| 130 |
| 131 } // namespace |
| 132 |
| 133 AlgorithmImplementation* CreatePlatformAesCbcImplementation() { |
| 134 return new AesCbcImplementation; |
| 135 } |
| 136 |
| 137 } // namespace webcrypto |
| 138 |
| 139 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
