Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(155)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/openssl/aes_cbc_openssl.cc

Issue 379383002: Refactor WebCrypto code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase onto master (no longer has BoringSSL) Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/nss/util_nss.cc ('k') | content/child/webcrypto/openssl/aes_gcm_openssl.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/openssl/aes_cbc_openssl.cc
diff --git a/content/child/webcrypto/openssl/aes_cbc_openssl.cc b/content/child/webcrypto/openssl/aes_cbc_openssl.cc
new file mode 100644
index 0000000000000000000000000000000000000000..aaf0fc1b87381ae97085c6f92e62af19645766a7
--- /dev/null
+++ b/content/child/webcrypto/openssl/aes_cbc_openssl.cc
@@ -0,0 +1,138 @@
+// Copyright 2014 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include <openssl/aes.h>
+#include <openssl/evp.h>
+
+#include "base/logging.h"
+#include "content/child/webcrypto/crypto_data.h"
+#include "content/child/webcrypto/openssl/aes_key_openssl.h"
+#include "content/child/webcrypto/openssl/key_openssl.h"
+#include "content/child/webcrypto/status.h"
+#include "content/child/webcrypto/webcrypto_util.h"
+#include "crypto/scoped_openssl_types.h"
+#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
+
+namespace content {
+
+namespace webcrypto {
+
+namespace {
+
+const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
+ // BoringSSL does not support 192-bit AES keys.
+ switch (key_length_bytes) {
+ case 16:
+ return EVP_aes_128_cbc();
+ case 32:
+ return EVP_aes_256_cbc();
+ default:
+ return NULL;
+ }
+}
+
+// OpenSSL constants for EVP_CipherInit_ex(), do not change
+enum CipherOperation { kDoDecrypt = 0, kDoEncrypt = 1 };
+
+Status AesCbcEncryptDecrypt(CipherOperation cipher_operation,
+ const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8>* buffer) {
+ const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
+ const std::vector<uint8>& raw_key = SymKeyOpenSsl::Cast(key)->raw_key_data();
+
+ if (params->iv().size() != 16)
+ return Status::ErrorIncorrectSizeAesCbcIv();
+
+ if (data.byte_length() >= INT_MAX - AES_BLOCK_SIZE) {
+ // TODO(padolph): Handle this by chunking the input fed into OpenSSL. Right
+ // now it doesn't make much difference since the one-shot API would end up
+ // blowing out the memory and crashing anyway.
+ return Status::ErrorDataTooLarge();
+ }
+
+ // Note: PKCS padding is enabled by default
+ crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context(
+ EVP_CIPHER_CTX_new());
+
+ if (!context.get())
+ return Status::OperationError();
+
+ const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(raw_key.size());
+ DCHECK(cipher);
+
+ if (!EVP_CipherInit_ex(context.get(),
+ cipher,
+ NULL,
+ &raw_key[0],
+ params->iv().data(),
+ cipher_operation)) {
+ return Status::OperationError();
+ }
+
+ // According to the openssl docs, the amount of data written may be as large
+ // as (data_size + cipher_block_size - 1), constrained to a multiple of
+ // cipher_block_size.
+ unsigned int output_max_len = data.byte_length() + AES_BLOCK_SIZE - 1;
+ const unsigned remainder = output_max_len % AES_BLOCK_SIZE;
+ if (remainder != 0)
+ output_max_len += AES_BLOCK_SIZE - remainder;
+ DCHECK_GT(output_max_len, data.byte_length());
+
+ buffer->resize(output_max_len);
+
+ unsigned char* const buffer_data = Uint8VectorStart(buffer);
+
+ int output_len = 0;
+ if (!EVP_CipherUpdate(context.get(),
+ buffer_data,
+ &output_len,
+ data.bytes(),
+ data.byte_length()))
+ return Status::OperationError();
+ int final_output_chunk_len = 0;
+ if (!EVP_CipherFinal_ex(
+ context.get(), buffer_data + output_len, &final_output_chunk_len)) {
+ return Status::OperationError();
+ }
+
+ const unsigned int final_output_len =
+ static_cast<unsigned int>(output_len) +
+ static_cast<unsigned int>(final_output_chunk_len);
+ DCHECK_LE(final_output_len, output_max_len);
+
+ buffer->resize(final_output_len);
+
+ return Status::Success();
+}
+
+class AesCbcImplementation : public AesAlgorithm {
+ public:
+ AesCbcImplementation() : AesAlgorithm("CBC") {}
+
+ virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8>* buffer) const OVERRIDE {
+ return AesCbcEncryptDecrypt(kDoEncrypt, algorithm, key, data, buffer);
+ }
+
+ virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
+ const blink::WebCryptoKey& key,
+ const CryptoData& data,
+ std::vector<uint8>* buffer) const OVERRIDE {
+ return AesCbcEncryptDecrypt(kDoDecrypt, algorithm, key, data, buffer);
+ }
+};
+
+} // namespace
+
+AlgorithmImplementation* CreatePlatformAesCbcImplementation() {
+ return new AesCbcImplementation;
+}
+
+} // namespace webcrypto
+
+} // namespace content
« no previous file with comments | « content/child/webcrypto/nss/util_nss.cc ('k') | content/child/webcrypto/openssl/aes_gcm_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698