content/child/webcrypto/platform_crypto_openssl.cc - Issue 379383002: Refactor WebCrypto code

Side by Side Diff: content/child/webcrypto/platform_crypto_openssl.cc

Issue 379383002: Refactor WebCrypto code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Rebase onto master (no longer has BoringSSL) Created 6 years, 5 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
	(Empty)
1 // Copyright 2014 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.

4

5 #include "content/child/webcrypto/platform_crypto.h"

6

7 #include <vector>

8 #include <openssl/aes.h>

9 #include <openssl/evp.h>

10 #include <openssl/hmac.h>

11 #include <openssl/rand.h>

12 #include <openssl/sha.h>

13

14 #include "base/logging.h"

15 #include "base/memory/scoped_ptr.h"

16 #include "content/child/webcrypto/crypto_data.h"

17 #include "content/child/webcrypto/status.h"

18 #include "content/child/webcrypto/webcrypto_util.h"

19 #include "crypto/openssl_util.h"

20 #include "crypto/scoped_openssl_types.h"

21 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h"

22 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"

23 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"

24

25 namespace content {

26

27 namespace webcrypto {

28

29 namespace platform {

30

31 class SymKey : public Key {

32 public:

33 explicit SymKey(const CryptoData& key_data)

34 : key_(key_data.bytes(), key_data.bytes() + key_data.byte_length()) {}

35

36 virtual SymKey* AsSymKey() OVERRIDE { return this; }

37 virtual PublicKey* AsPublicKey() OVERRIDE { return NULL; }

38 virtual PrivateKey* AsPrivateKey() OVERRIDE { return NULL; }

39 virtual bool ThreadSafeSerializeForClone(

40 blink::WebVector<uint8>* key_data) OVERRIDE {

41 key_data->assign(Uint8VectorStart(key_), key_.size());

42 return true;

43 }

44

45 const std::vector<unsigned char>& key() const { return key_; }

46

47 private:

48 const std::vector<unsigned char> key_;

49

50 DISALLOW_COPY_AND_ASSIGN(SymKey);

51 };

52

53 namespace {

54

55 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {

56 // OpenSSL supports AES CBC ciphers for only 3 key lengths: 128, 192, 256 bits

57 switch (key_length_bytes) {

58 case 16:

59 return EVP_aes_128_cbc();

60 case 24:

61 return EVP_aes_192_cbc();

62 case 32:

63 return EVP_aes_256_cbc();

64 default:

65 return NULL;

66 }

67 }

68

69 const EVP_MD* GetDigest(blink::WebCryptoAlgorithmId id) {

70 switch (id) {

71 case blink::WebCryptoAlgorithmIdSha1:

72 return EVP_sha1();

73 case blink::WebCryptoAlgorithmIdSha256:

74 return EVP_sha256();

75 case blink::WebCryptoAlgorithmIdSha384:

76 return EVP_sha384();

77 case blink::WebCryptoAlgorithmIdSha512:

78 return EVP_sha512();

79 default:

80 return NULL;

81 }

82 }

83

84 // OpenSSL constants for EVP_CipherInit_ex(), do not change

85 enum CipherOperation { kDoDecrypt = 0, kDoEncrypt = 1 };

86

87 Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,

88 SymKey* key,

89 const CryptoData& iv,

90 const CryptoData& data,

91 std::vector<uint8>* buffer) {

92 CipherOperation cipher_operation =

93 (mode == ENCRYPT) ? kDoEncrypt : kDoDecrypt;

94

95 if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {

96 // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right

97 // now it doesn't make much difference since the one-shot API would end up

98 // blowing out the memory and crashing anyway.

99 return Status::ErrorDataTooLarge();

100 }

101

102 // Note: PKCS padding is enabled by default

103 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context(

104 EVP_CIPHER_CTX_new());

105

106 if (!context.get())

107 return Status::OperationError();

108

109 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(key->key().size());

110 DCHECK(cipher);

111

112 if (!EVP_CipherInit_ex(context.get(),

113 cipher,

114 NULL,

115 &key->key()[0],

116 iv.bytes(),

117 cipher_operation)) {

118 return Status::OperationError();

119 }

120

121 // According to the openssl docs, the amount of data written may be as large

122 // as (data_size + cipher_block_size - 1), constrained to a multiple of

123 // cipher_block_size.

124 unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1;

125 const unsigned remainder = output_max_len % AES_BLOCK_SIZE;

126 if (remainder != 0)

127 output_max_len += AES_BLOCK_SIZE - remainder;

128 DCHECK_GT(output_max_len, data.byte_length());

129

130 buffer->resize(output_max_len);

131

132 unsigned char* const buffer_data = Uint8VectorStart(buffer);

133

134 int output_len = 0;

135 if (!EVP_CipherUpdate(context.get(),

136 buffer_data,

137 &output_len,

138 data.bytes(),

139 data.byte_length()))

140 return Status::OperationError();

141 int final_output_chunk_len = 0;

142 if (!EVP_CipherFinal_ex(

143 context.get(), buffer_data + output_len, &final_output_chunk_len)) {

144 return Status::OperationError();

145 }

146

147 const unsigned int final_output_len =

148 static_cast<unsigned int>(output_len) +

149 static_cast<unsigned int>(final_output_chunk_len);

150 DCHECK_LE(final_output_len, output_max_len);

151

152 buffer->resize(final_output_len);

153

154 return Status::Success();

155 }

156

157 } // namespace

158

159 class DigestorOpenSSL : public blink::WebCryptoDigestor {

160 public:

161 explicit DigestorOpenSSL(blink::WebCryptoAlgorithmId algorithm_id)

162 : initialized_(false),

163 digest_context_(EVP_MD_CTX_create()),

164 algorithm_id_(algorithm_id) {}

165

166 virtual bool consume(const unsigned char* data, unsigned int size) {

167 return ConsumeWithStatus(data, size).IsSuccess();

168 }

169

170 Status ConsumeWithStatus(const unsigned char* data, unsigned int size) {

171 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

172 Status error = Init();

173 if (!error.IsSuccess())

174 return error;

175

176 if (!EVP_DigestUpdate(digest_context_.get(), data, size))

177 return Status::OperationError();

178

179 return Status::Success();

180 }

181

182 virtual bool finish(unsigned char*& result_data,

183 unsigned int& result_data_size) {

184 Status error = FinishInternal(result_, &result_data_size);

185 if (!error.IsSuccess())

186 return false;

187 result_data = result_;

188 return true;

189 }

190

191 Status FinishWithVectorAndStatus(std::vector<uint8>* result) {

192 const int hash_expected_size = EVP_MD_CTX_size(digest_context_.get());

193 result->resize(hash_expected_size);

194 unsigned char* const hash_buffer = Uint8VectorStart(result);

195 unsigned int hash_buffer_size; // ignored

196 return FinishInternal(hash_buffer, &hash_buffer_size);

197 }

198

199 private:

200 Status Init() {

201 if (initialized_)

202 return Status::Success();

203

204 const EVP_MD* digest_algorithm = GetDigest(algorithm_id_);

205 if (!digest_algorithm)

206 return Status::ErrorUnexpected();

207

208 if (!digest_context_.get())

209 return Status::OperationError();

210

211 if (!EVP_DigestInit_ex(digest_context_.get(), digest_algorithm, NULL))

212 return Status::OperationError();

213

214 initialized_ = true;

215 return Status::Success();

216 }

217

218 Status FinishInternal(unsigned char* result, unsigned int* result_size) {

219 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

220 Status error = Init();

221 if (!error.IsSuccess())

222 return error;

223

224 const int hash_expected_size = EVP_MD_CTX_size(digest_context_.get());

225 if (hash_expected_size <= 0)

226 return Status::ErrorUnexpected();

227 DCHECK_LE(hash_expected_size, EVP_MAX_MD_SIZE);

228

229 if (!EVP_DigestFinal_ex(digest_context_.get(), result, result_size) \|\|

230 static_cast<int>(*result_size) != hash_expected_size)

231 return Status::OperationError();

232

233 return Status::Success();

234 }

235

236 bool initialized_;

237 crypto::ScopedEVP_MD_CTX digest_context_;

238 blink::WebCryptoAlgorithmId algorithm_id_;

239 unsigned char result_[EVP_MAX_MD_SIZE];

240 };

241

242 Status ExportKeyRaw(SymKey* key, std::vector<uint8>* buffer) {

243 *buffer = key->key();

244 return Status::Success();

245 }

246

247 void Init() { crypto::EnsureOpenSSLInit(); }

248

249 Status EncryptDecryptAesCbc(EncryptOrDecrypt mode,

250 SymKey* key,

251 const CryptoData& data,

252 const CryptoData& iv,

253 std::vector<uint8>* buffer) {

254 // TODO(eroman): inline the function here.

255 return AesCbcEncryptDecrypt(mode, key, iv, data, buffer);

256 }

257

258 Status DigestSha(blink::WebCryptoAlgorithmId algorithm,

259 const CryptoData& data,

260 std::vector<uint8>* buffer) {

261 DigestorOpenSSL digestor(algorithm);

262 Status error = digestor.ConsumeWithStatus(data.bytes(), data.byte_length());

263 if (!error.IsSuccess())

264 return error;

265 return digestor.FinishWithVectorAndStatus(buffer);

266 }

267

268 scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(

269 blink::WebCryptoAlgorithmId algorithm_id) {

270 return scoped_ptr<blink::WebCryptoDigestor>(

271 new DigestorOpenSSL(algorithm_id));

272 }

273

274 Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,

275 bool extractable,

276 blink::WebCryptoKeyUsageMask usage_mask,

277 unsigned keylen_bytes,

278 blink::WebCryptoKey* key) {

279 // TODO(eroman): Is this right?

280 if (keylen_bytes == 0)

281 return Status::ErrorGenerateKeyLength();

282

283 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

284

285 std::vector<unsigned char> random_bytes(keylen_bytes, 0);

286 if (!(RAND_bytes(&random_bytes[0], keylen_bytes)))

287 return Status::OperationError();

288

289 blink::WebCryptoKeyAlgorithm key_algorithm;

290 if (!CreateSecretKeyAlgorithm(algorithm, keylen_bytes, &key_algorithm))

291 return Status::ErrorUnexpected();

292

293 *key = blink::WebCryptoKey::create(new SymKey(CryptoData(random_bytes)),

294 blink::WebCryptoKeyTypeSecret,

295 extractable,

296 key_algorithm,

297 usage_mask);

298

299 return Status::Success();

300 }

301

302 Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,

303 bool extractable,

304 blink::WebCryptoKeyUsageMask public_key_usage_mask,

305 blink::WebCryptoKeyUsageMask private_key_usage_mask,

306 unsigned int modulus_length_bits,

307 unsigned long public_exponent,

308 blink::WebCryptoKey* public_key,

309 blink::WebCryptoKey* private_key) {

310 // TODO(padolph): Placeholder for OpenSSL implementation.

311 // Issue http://crbug.com/267888.

312 return Status::ErrorUnsupported();

313 }

314

315 Status ImportKeyRaw(const blink::WebCryptoAlgorithm& algorithm,

316 const CryptoData& key_data,

317 bool extractable,

318 blink::WebCryptoKeyUsageMask usage_mask,

319 blink::WebCryptoKey* key) {

320

321 blink::WebCryptoKeyAlgorithm key_algorithm;

322 if (!CreateSecretKeyAlgorithm(

323 algorithm, key_data.byte_length(), &key_algorithm))

324 return Status::ErrorUnexpected();

325

326 *key = blink::WebCryptoKey::create(new SymKey(key_data),

327 blink::WebCryptoKeyTypeSecret,

328 extractable,

329 key_algorithm,

330 usage_mask);

331

332 return Status::Success();

333 }

334

335 Status SignHmac(SymKey* key,

336 const blink::WebCryptoAlgorithm& hash,

337 const CryptoData& data,

338 std::vector<uint8>* buffer) {

339 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

340

341 const EVP_MD* digest_algorithm = GetDigest(hash.id());

342 if (!digest_algorithm)

343 return Status::ErrorUnsupported();

344 unsigned int hmac_expected_length = EVP_MD_size(digest_algorithm);

345

346 const std::vector<unsigned char>& raw_key = key->key();

347

348 // OpenSSL wierdness here.

349 // First, HMAC() needs a void* for the key data, so make one up front as a

350 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key,

351 // which will result if the raw_key vector is empty; an entirely valid

352 // case. Handle this specific case by pointing to an empty array.

353 const unsigned char null_key[] = {};

354 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key;

355

356 buffer->resize(hmac_expected_length);

357 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result(

358 Uint8VectorStart(buffer), hmac_expected_length);

359

360 unsigned int hmac_actual_length;

361 unsigned char* const success = HMAC(digest_algorithm,

362 raw_key_voidp,

363 raw_key.size(),

364 data.bytes(),

365 data.byte_length(),

366 hmac_result.safe_buffer(),

367 &hmac_actual_length);

368 if (!success \|\| hmac_actual_length != hmac_expected_length)

369 return Status::OperationError();

370

371 return Status::Success();

372 }

373

374 Status ImportRsaPublicKey(const blink::WebCryptoAlgorithm& algorithm,

375 bool extractable,

376 blink::WebCryptoKeyUsageMask usage_mask,

377 const CryptoData& modulus_data,

378 const CryptoData& exponent_data,

379 blink::WebCryptoKey* key) {

380 // TODO(padolph): Placeholder for OpenSSL implementation.

381 // Issue

382 return Status::ErrorUnsupported();

383 }

384

385 Status ImportRsaPrivateKey(const blink::WebCryptoAlgorithm& algorithm,

386 bool extractable,

387 blink::WebCryptoKeyUsageMask usage_mask,

388 const CryptoData& modulus,

389 const CryptoData& public_exponent,

390 const CryptoData& private_exponent,

391 const CryptoData& prime1,

392 const CryptoData& prime2,

393 const CryptoData& exponent1,

394 const CryptoData& exponent2,

395 const CryptoData& coefficient,

396 blink::WebCryptoKey* key) {

397 // TODO(eroman): http://crbug.com/267888

398 return Status::ErrorUnsupported();

399 }

400

401 const EVP_AEAD* GetAesGcmAlgorithmFromKeySize(unsigned int key_size_bytes) {

402 switch (key_size_bytes) {

403 case 16:

404 return EVP_aead_aes_128_gcm();

405 // TODO(eroman): Hook up 256-bit support when it is available.

406 default:

407 return NULL;

408 }

409 }

410

411 Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,

412 SymKey* key,

413 const CryptoData& data,

414 const CryptoData& iv,

415 const CryptoData& additional_data,

416 unsigned int tag_length_bits,

417 std::vector<uint8>* buffer) {

418 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);

419

420 DCHECK(tag_length_bits % 8 == 0);

421 const unsigned int tag_length_bytes = tag_length_bits / 8;

422

423 EVP_AEAD_CTX ctx;

424

425 const EVP_AEAD* const aead_alg =

426 GetAesGcmAlgorithmFromKeySize(key->key().size());

427 if (!aead_alg)

428 return Status::ErrorUnexpected();

429

430 if (!EVP_AEAD_CTX_init(&ctx,

431 aead_alg,

432 Uint8VectorStart(key->key()),

433 key->key().size(),

434 tag_length_bytes,

435 NULL)) {

436 return Status::OperationError();

437 }

438

439 crypto::ScopedOpenSSL<EVP_AEAD_CTX, EVP_AEAD_CTX_cleanup>::Type ctx_cleanup(

440 &ctx);

441

442 ssize_t len;

443

444 if (mode == DECRYPT) {

445 if (data.byte_length() < tag_length_bytes)

446 return Status::ErrorDataTooSmall();

447

448 buffer->resize(data.byte_length() - tag_length_bytes);

449

450 len = EVP_AEAD_CTX_open(&ctx,

451 Uint8VectorStart(buffer),

452 buffer->size(),

453 iv.bytes(),

454 iv.byte_length(),

455 data.bytes(),

456 data.byte_length(),

457 additional_data.bytes(),

458 additional_data.byte_length());

459 } else {

460 // No need to check for unsigned integer overflow here (seal fails if

461 // the output buffer is too small).

462 buffer->resize(data.byte_length() + tag_length_bytes);

463

464 len = EVP_AEAD_CTX_seal(&ctx,

465 Uint8VectorStart(buffer),

466 buffer->size(),

467 iv.bytes(),

468 iv.byte_length(),

469 data.bytes(),

470 data.byte_length(),

471 additional_data.bytes(),

472 additional_data.byte_length());

473 }

474

475 if (len < 0)

476 return Status::OperationError();

477 buffer->resize(len);

478 return Status::Success();

479 }

480

481 Status EncryptRsaOaep(PublicKey* key,

482 const blink::WebCryptoAlgorithm& hash,

483 const CryptoData& label,

484 const CryptoData& data,

485 std::vector<uint8>* buffer) {

486 // TODO(eroman): http://crbug.com/267888

487 return Status::ErrorUnsupported();

488 }

489

490 Status DecryptRsaOaep(PrivateKey* key,

491 const blink::WebCryptoAlgorithm& hash,

492 const CryptoData& label,

493 const CryptoData& data,

494 std::vector<uint8>* buffer) {

495 // TODO(eroman): http://crbug.com/267888

496 return Status::ErrorUnsupported();

497 }

498

499 Status SignRsaSsaPkcs1v1_5(PrivateKey* key,

500 const blink::WebCryptoAlgorithm& hash,

501 const CryptoData& data,

502 std::vector<uint8>* buffer) {

503 // TODO(eroman): http://crbug.com/267888

504 return Status::ErrorUnsupported();

505 }

506

507 // Key is guaranteed to be an RSA SSA key.

508 Status VerifyRsaSsaPkcs1v1_5(PublicKey* key,

509 const blink::WebCryptoAlgorithm& hash,

510 const CryptoData& signature,

511 const CryptoData& data,

512 bool* signature_match) {

513 // TODO(eroman): http://crbug.com/267888

514 return Status::ErrorUnsupported();

515 }

516

517 Status ImportKeySpki(const blink::WebCryptoAlgorithm& algorithm,

518 const CryptoData& key_data,

519 bool extractable,

520 blink::WebCryptoKeyUsageMask usage_mask,

521 blink::WebCryptoKey* key) {

522 // TODO(eroman): http://crbug.com/267888

523 return Status::ErrorUnsupported();

524 }

525

526 Status ImportKeyPkcs8(const blink::WebCryptoAlgorithm& algorithm,

527 const CryptoData& key_data,

528 bool extractable,

529 blink::WebCryptoKeyUsageMask usage_mask,

530 blink::WebCryptoKey* key) {

531 // TODO(eroman): http://crbug.com/267888

532 return Status::ErrorUnsupported();

533 }

534

535 Status ExportKeySpki(PublicKey* key, std::vector<uint8>* buffer) {

536 // TODO(eroman): http://crbug.com/267888

537 return Status::ErrorUnsupported();

538 }

539

540 Status ExportKeyPkcs8(PrivateKey* key,

541 const blink::WebCryptoKeyAlgorithm& key_algorithm,

542 std::vector<uint8>* buffer) {

543 // TODO(eroman): http://crbug.com/267888

544 return Status::ErrorUnsupported();

545 }

546

547 Status ExportRsaPublicKey(PublicKey* key,

548 std::vector<uint8>* modulus,

549 std::vector<uint8>* public_exponent) {

550 // TODO(eroman): http://crbug.com/267888

551 return Status::ErrorUnsupported();

552 }

553

554 Status ExportRsaPrivateKey(PrivateKey* key,

555 std::vector<uint8>* modulus,

556 std::vector<uint8>* public_exponent,

557 std::vector<uint8>* private_exponent,

558 std::vector<uint8>* prime1,

559 std::vector<uint8>* prime2,

560 std::vector<uint8>* exponent1,

561 std::vector<uint8>* exponent2,

562 std::vector<uint8>* coefficient) {

563 // TODO(eroman): http://crbug.com/267888

564 return Status::ErrorUnsupported();

565 }

566

567 Status EncryptDecryptAesKw(EncryptOrDecrypt mode,

568 SymKey* key,

569 const CryptoData& data,

570 std::vector<uint8>* buffer) {

571 // TODO(eroman): http://crbug.com/267888

572 return Status::ErrorUnsupported();

573 }

574

575 bool ThreadSafeDeserializeKeyForClone(

576 const blink::WebCryptoKeyAlgorithm& algorithm,

577 blink::WebCryptoKeyType type,

578 bool extractable,

579 blink::WebCryptoKeyUsageMask usages,

580 const CryptoData& key_data,

581 blink::WebCryptoKey* key) {

582 // TODO(eroman): http://crbug.com/267888

583 return false;

584 }

585

586 } // namespace platform

587

588 } // namespace webcrypto

589

590 } // namespace content

OLD	NEW

« no previous file with comments | « content/child/webcrypto/platform_crypto_nss.cc ('k') | content/child/webcrypto/shared_crypto.h » ('j') | no next file with comments »