Chromium Code Reviews Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/webcrypto_util.h" | 5 #include "content/child/webcrypto/webcrypto_util.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( | 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( |
| 154 blink::WebCryptoAlgorithmId id, | 154 blink::WebCryptoAlgorithmId id, |
| 155 blink::WebCryptoAlgorithmId hash_id) { | 155 blink::WebCryptoAlgorithmId hash_id) { |
| 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
| 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 158 id == blink::WebCryptoAlgorithmIdRsaOaep); | 158 id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); | 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); |
| 161 } | 161 } |
| 162 | 162 |
| 163 bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, | |
| 164 unsigned int keylen_bytes, | |
| 165 blink::WebCryptoKeyAlgorithm* key_algorithm) { | |
| 166 switch (algorithm.id()) { | |
| 167 case blink::WebCryptoAlgorithmIdHmac: { | |
| 168 blink::WebCryptoAlgorithm hash = GetInnerHashAlgorithm(algorithm); | |
| 169 if (hash.isNull()) | |
| 170 return false; | |
| 171 if (keylen_bytes > UINT_MAX / 8) | |
| 172 return false; | |
| 173 *key_algorithm = | |
| 174 blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bytes * 8); | |
| 175 return true; | |
| 176 } | |
| 177 case blink::WebCryptoAlgorithmIdAesKw: | |
| 178 case blink::WebCryptoAlgorithmIdAesCbc: | |
| 179 case blink::WebCryptoAlgorithmIdAesCtr: | |
| 180 case blink::WebCryptoAlgorithmIdAesGcm: | |
| 181 *key_algorithm = blink::WebCryptoKeyAlgorithm::createAes( | |
| 182 algorithm.id(), keylen_bytes * 8); | |
| 183 return true; | |
| 184 default: | |
| 185 return false; | |
| 186 } | |
| 187 } | |
| 188 | |
| 189 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, | 163 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, |
| 190 blink::WebCryptoKeyUsageMask b) { | 164 blink::WebCryptoKeyUsageMask b) { |
| 191 return (a & b) == b; | 165 return (a & b) == b; |
| 192 } | 166 } |
| 193 | 167 |
| 168 // TODO(eroman): Move this helper to WebCryptoKey. | |
| 169 bool KeyUsageAllows(const blink::WebCryptoKey& key, | |
| 170 const blink::WebCryptoKeyUsage usage) { | |
| 171 return ((key.usages() & usage) != 0); | |
| 172 } | |
| 173 | |
| 194 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { | 174 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { |
| 195 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || | 175 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || |
| 196 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; | 176 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
| 197 } | 177 } |
| 198 | 178 |
| 199 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { | 179 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { |
| 200 // TODO(padolph): include all other asymmetric algorithms once they are | 180 // TODO(padolph): include all other asymmetric algorithms once they are |
| 201 // defined, e.g. EC and DH. | 181 // defined, e.g. EC and DH. |
| 202 return IsAlgorithmRsa(alg_id); | 182 return IsAlgorithmRsa(alg_id); |
| 203 } | 183 } |
| 204 | 184 |
| 185 Status GetAesGcmTagLength(const blink::WebCryptoAesGcmParams* params, | |
| 186 unsigned int* tag_length_bits) { | |
| 187 *tag_length_bits = 128; | |
| 188 if (params->hasTagLengthBits()) | |
| 189 *tag_length_bits = params->optionalTagLengthBits(); | |
| 190 | |
| 191 if (*tag_length_bits != 32 && *tag_length_bits != 64 && | |
| 192 *tag_length_bits != 96 && *tag_length_bits != 104 && | |
| 193 *tag_length_bits != 112 && *tag_length_bits != 120 && | |
| 194 *tag_length_bits != 128) | |
|
Ryan Sleevi
2014/07/17 00:06:55
Document where these values come from.
eroman
2014/07/17 20:37:27
Done. Documented as:
// The WebCrypto spec define
| |
| 195 return Status::ErrorInvalidAesGcmTagLength(); | |
| 196 | |
| 197 return Status::Success(); | |
| 198 } | |
| 199 | |
| 200 Status GetAesKeyGenLength(const blink::WebCryptoAesKeyGenParams* params, | |
| 201 unsigned int* keylen_bits) { | |
| 202 *keylen_bits = params->lengthBits(); | |
| 203 | |
| 204 if (*keylen_bits == 128 || *keylen_bits == 256) | |
| 205 return Status::Success(); | |
| 206 | |
| 207 if (*keylen_bits == 192) | |
|
Ryan Sleevi
2014/07/17 00:06:54
Document why.
eroman
2014/07/17 20:37:27
Done. Documented as:
// BoringSSL does not suppor
| |
| 208 return Status::ErrorAes192BitUnsupported(); | |
| 209 | |
| 210 return Status::ErrorGenerateKeyLength(); | |
| 211 } | |
| 212 | |
| 213 Status GetHmacKeyGenLength(const blink::WebCryptoHmacKeyGenParams* params, | |
| 214 unsigned int* keylen_bits) { | |
|
Ryan Sleevi
2014/07/17 00:06:55
GetHmacKeyGenLengthInBits?
keylen_bits won't be a
eroman
2014/07/17 20:37:27
Done.
| |
| 215 if (!params->hasLengthBits()) { | |
| 216 switch (params->hash().id()) { | |
| 217 case blink::WebCryptoAlgorithmIdSha1: | |
| 218 case blink::WebCryptoAlgorithmIdSha256: | |
| 219 *keylen_bits = 512; | |
| 220 return Status::Success(); | |
| 221 case blink::WebCryptoAlgorithmIdSha384: | |
| 222 case blink::WebCryptoAlgorithmIdSha512: | |
| 223 *keylen_bits = 1024; | |
| 224 return Status::Success(); | |
| 225 default: | |
| 226 return Status::ErrorUnsupported(); | |
| 227 } | |
| 228 } | |
| 229 | |
| 230 if (params->optionalLengthBits() % 8) | |
| 231 return Status::ErrorGenerateKeyLength(); | |
| 232 | |
| 233 *keylen_bits = params->optionalLengthBits(); | |
| 234 | |
| 235 // TODO(eroman): NSS fails when generating a zero-length secret key. | |
| 236 if (*keylen_bits == 0) | |
| 237 return Status::ErrorGenerateKeyLength(); | |
| 238 | |
| 239 return Status::Success(); | |
| 240 } | |
| 241 | |
| 242 Status VerifyAesKeyLengthForImport(unsigned int keylen_bytes) { | |
| 243 if (keylen_bytes == 16 || keylen_bytes == 32) | |
| 244 return Status::Success(); | |
| 245 | |
| 246 if (keylen_bytes == 24) | |
| 247 return Status::ErrorAes192BitUnsupported(); | |
| 248 | |
| 249 return Status::ErrorImportAesKeyLength(); | |
| 250 } | |
| 251 | |
| 252 Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages, | |
| 253 blink::WebCryptoKeyUsageMask actual_usages) { | |
| 254 if (!ContainsKeyUsages(all_possible_usages, actual_usages)) | |
| 255 return Status::ErrorCreateKeyBadUsages(); | |
| 256 return Status::Success(); | |
| 257 } | |
| 258 | |
| 205 } // namespace webcrypto | 259 } // namespace webcrypto |
| 206 | 260 |
| 207 } // namespace content | 261 } // namespace content |
| OLD | NEW |
