Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(138)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: content/child/webcrypto/nss/aes_cbc_nss.cc

Issue 379383002: Refactor WebCrypto code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase onto master (no longer has BoringSSL) Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « content/child/webcrypto/jwk.cc ('k') | content/child/webcrypto/nss/aes_gcm_nss.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include <cryptohi.h>
6
7 #include "content/child/webcrypto/crypto_data.h"
8 #include "content/child/webcrypto/nss/aes_key_nss.h"
9 #include "content/child/webcrypto/nss/key_nss.h"
10 #include "content/child/webcrypto/nss/util_nss.h"
11 #include "content/child/webcrypto/status.h"
12 #include "content/child/webcrypto/webcrypto_util.h"
13 #include "crypto/scoped_nss_types.h"
14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
15
16 namespace content {
17
18 namespace webcrypto {
19
20 namespace {
21
22 Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
23 const blink::WebCryptoAlgorithm& algorithm,
24 const blink::WebCryptoKey& key,
25 const CryptoData& data,
26 std::vector<uint8>* buffer) {
27 const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
28 if (!params)
29 return Status::ErrorUnexpected();
30
31 CryptoData iv(params->iv().data(), params->iv().size());
32 if (iv.byte_length() != 16)
33 return Status::ErrorIncorrectSizeAesCbcIv();
34
35 PK11SymKey* sym_key = SymKeyNss::Cast(key)->key();
36
37 CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT;
38
39 SECItem iv_item = MakeSECItemForBuffer(iv);
40
41 crypto::ScopedSECItem param(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
42 if (!param)
43 return Status::OperationError();
44
45 crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
46 CKM_AES_CBC_PAD, operation, sym_key, param.get()));
47
48 if (!context.get())
49 return Status::OperationError();
50
51 // Oddly PK11_CipherOp takes input and output lengths as "int" rather than
52 // "unsigned int". Do some checks now to avoid integer overflowing.
53 if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {
54 // TODO(eroman): Handle this by chunking the input fed into NSS. Right now
55 // it doesn't make much difference since the one-shot API would end up
56 // blowing out the memory and crashing anyway.
57 return Status::ErrorDataTooLarge();
58 }
59
60 // PK11_CipherOp does an invalid memory access when given empty decryption
61 // input, or input which is not a multiple of the block size. See also
62 // https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
63 if (operation == CKA_DECRYPT &&
64 (data.byte_length() == 0 || (data.byte_length() % AES_BLOCK_SIZE != 0))) {
65 return Status::OperationError();
66 }
67
68 // TODO(eroman): Refine the output buffer size. It can be computed exactly for
69 // encryption, and can be smaller for decryption.
70 unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE;
71 CHECK_GT(output_max_len, data.byte_length());
72
73 buffer->resize(output_max_len);
74
75 unsigned char* buffer_data = Uint8VectorStart(buffer);
76
77 int output_len;
78 if (SECSuccess != PK11_CipherOp(context.get(),
79 buffer_data,
80 &output_len,
81 buffer->size(),
82 data.bytes(),
83 data.byte_length())) {
84 return Status::OperationError();
85 }
86
87 unsigned int final_output_chunk_len;
88 if (SECSuccess != PK11_DigestFinal(context.get(),
89 buffer_data + output_len,
90 &final_output_chunk_len,
91 output_max_len - output_len)) {
92 return Status::OperationError();
93 }
94
95 buffer->resize(final_output_chunk_len + output_len);
96 return Status::Success();
97 }
98
99 class AesCbcImplementation : public AesAlgorithm {
100 public:
101 AesCbcImplementation() : AesAlgorithm(CKM_AES_CBC, "CBC") {}
102
103 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
104 const blink::WebCryptoKey& key,
105 const CryptoData& data,
106 std::vector<uint8>* buffer) const OVERRIDE {
107 return AesCbcEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
108 }
109
110 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
111 const blink::WebCryptoKey& key,
112 const CryptoData& data,
113 std::vector<uint8>* buffer) const OVERRIDE {
114 return AesCbcEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
115 }
116 };
117
118 } // namespace
119
120 AlgorithmImplementation* CreatePlatformAesCbcImplementation() {
121 return new AesCbcImplementation;
122 }
123
124 } // namespace webcrypto
125
126 } // namespace content
OLDNEW
« no previous file with comments | « content/child/webcrypto/jwk.cc ('k') | content/child/webcrypto/nss/aes_gcm_nss.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698