| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/webcrypto_util.h" | 5 #include "content/child/webcrypto/webcrypto_util.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( | 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( |
| 154 blink::WebCryptoAlgorithmId id, | 154 blink::WebCryptoAlgorithmId id, |
| 155 blink::WebCryptoAlgorithmId hash_id) { | 155 blink::WebCryptoAlgorithmId hash_id) { |
| 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
| 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 158 id == blink::WebCryptoAlgorithmIdRsaOaep); | 158 id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); | 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); |
| 161 } | 161 } |
| 162 | 162 |
| 163 bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, | |
| 164 unsigned int keylen_bytes, | |
| 165 blink::WebCryptoKeyAlgorithm* key_algorithm) { | |
| 166 switch (algorithm.id()) { | |
| 167 case blink::WebCryptoAlgorithmIdHmac: { | |
| 168 blink::WebCryptoAlgorithm hash = GetInnerHashAlgorithm(algorithm); | |
| 169 if (hash.isNull()) | |
| 170 return false; | |
| 171 if (keylen_bytes > UINT_MAX / 8) | |
| 172 return false; | |
| 173 *key_algorithm = | |
| 174 blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bytes * 8); | |
| 175 return true; | |
| 176 } | |
| 177 case blink::WebCryptoAlgorithmIdAesKw: | |
| 178 case blink::WebCryptoAlgorithmIdAesCbc: | |
| 179 case blink::WebCryptoAlgorithmIdAesCtr: | |
| 180 case blink::WebCryptoAlgorithmIdAesGcm: | |
| 181 *key_algorithm = blink::WebCryptoKeyAlgorithm::createAes( | |
| 182 algorithm.id(), keylen_bytes * 8); | |
| 183 return true; | |
| 184 default: | |
| 185 return false; | |
| 186 } | |
| 187 } | |
| 188 | |
| 189 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, | 163 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, |
| 190 blink::WebCryptoKeyUsageMask b) { | 164 blink::WebCryptoKeyUsageMask b) { |
| 191 return (a & b) == b; | 165 return (a & b) == b; |
| 192 } | 166 } |
| 193 | 167 |
| 168 // TODO(eroman): Move this helper to WebCryptoKey. |
| 169 bool KeyUsageAllows(const blink::WebCryptoKey& key, |
| 170 const blink::WebCryptoKeyUsage usage) { |
| 171 return ((key.usages() & usage) != 0); |
| 172 } |
| 173 |
| 194 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { | 174 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { |
| 195 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || | 175 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || |
| 196 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; | 176 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
| 197 } | 177 } |
| 198 | 178 |
| 199 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { | 179 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { |
| 200 // TODO(padolph): include all other asymmetric algorithms once they are | 180 // TODO(padolph): include all other asymmetric algorithms once they are |
| 201 // defined, e.g. EC and DH. | 181 // defined, e.g. EC and DH. |
| 202 return IsAlgorithmRsa(alg_id); | 182 return IsAlgorithmRsa(alg_id); |
| 203 } | 183 } |
| 204 | 184 |
| 185 // The WebCrypto spec defines the default value for the tag length, as well as |
| 186 // the allowed values for tag length. |
| 187 Status GetAesGcmTagLengthInBits(const blink::WebCryptoAesGcmParams* params, |
| 188 unsigned int* tag_length_bits) { |
| 189 *tag_length_bits = 128; |
| 190 if (params->hasTagLengthBits()) |
| 191 *tag_length_bits = params->optionalTagLengthBits(); |
| 192 |
| 193 if (*tag_length_bits != 32 && *tag_length_bits != 64 && |
| 194 *tag_length_bits != 96 && *tag_length_bits != 104 && |
| 195 *tag_length_bits != 112 && *tag_length_bits != 120 && |
| 196 *tag_length_bits != 128) |
| 197 return Status::ErrorInvalidAesGcmTagLength(); |
| 198 |
| 199 return Status::Success(); |
| 200 } |
| 201 |
| 202 Status GetAesKeyGenLengthInBits(const blink::WebCryptoAesKeyGenParams* params, |
| 203 unsigned int* keylen_bits) { |
| 204 *keylen_bits = params->lengthBits(); |
| 205 |
| 206 if (*keylen_bits == 128 || *keylen_bits == 256) |
| 207 return Status::Success(); |
| 208 |
| 209 // BoringSSL does not support 192-bit AES. |
| 210 if (*keylen_bits == 192) |
| 211 return Status::ErrorAes192BitUnsupported(); |
| 212 |
| 213 return Status::ErrorGenerateKeyLength(); |
| 214 } |
| 215 |
| 216 Status GetHmacKeyGenLengthInBits(const blink::WebCryptoHmacKeyGenParams* params, |
| 217 unsigned int* keylen_bits) { |
| 218 if (!params->hasLengthBits()) { |
| 219 switch (params->hash().id()) { |
| 220 case blink::WebCryptoAlgorithmIdSha1: |
| 221 case blink::WebCryptoAlgorithmIdSha256: |
| 222 *keylen_bits = 512; |
| 223 return Status::Success(); |
| 224 case blink::WebCryptoAlgorithmIdSha384: |
| 225 case blink::WebCryptoAlgorithmIdSha512: |
| 226 *keylen_bits = 1024; |
| 227 return Status::Success(); |
| 228 default: |
| 229 return Status::ErrorUnsupported(); |
| 230 } |
| 231 } |
| 232 |
| 233 if (params->optionalLengthBits() % 8) |
| 234 return Status::ErrorGenerateKeyLength(); |
| 235 |
| 236 *keylen_bits = params->optionalLengthBits(); |
| 237 |
| 238 // TODO(eroman): NSS fails when generating a zero-length secret key. |
| 239 if (*keylen_bits == 0) |
| 240 return Status::ErrorGenerateKeyLength(); |
| 241 |
| 242 return Status::Success(); |
| 243 } |
| 244 |
| 245 Status VerifyAesKeyLengthForImport(unsigned int keylen_bytes) { |
| 246 if (keylen_bytes == 16 || keylen_bytes == 32) |
| 247 return Status::Success(); |
| 248 |
| 249 // BoringSSL does not support 192-bit AES. |
| 250 if (keylen_bytes == 24) |
| 251 return Status::ErrorAes192BitUnsupported(); |
| 252 |
| 253 return Status::ErrorImportAesKeyLength(); |
| 254 } |
| 255 |
| 256 Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages, |
| 257 blink::WebCryptoKeyUsageMask actual_usages) { |
| 258 if (!ContainsKeyUsages(all_possible_usages, actual_usages)) |
| 259 return Status::ErrorCreateKeyBadUsages(); |
| 260 return Status::Success(); |
| 261 } |
| 262 |
| 205 } // namespace webcrypto | 263 } // namespace webcrypto |
| 206 | 264 |
| 207 } // namespace content | 265 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
