| Index: content/child/webcrypto/openssl/hmac_openssl.cc
|
| diff --git a/content/child/webcrypto/openssl/hmac_openssl.cc b/content/child/webcrypto/openssl/hmac_openssl.cc
|
| new file mode 100644
|
| index 0000000000000000000000000000000000000000..a40bfd930b45ad567c8f2e1aa86b4c5408a5ebf5
|
| --- /dev/null
|
| +++ b/content/child/webcrypto/openssl/hmac_openssl.cc
|
| @@ -0,0 +1,211 @@
|
| +// Copyright 2014 The Chromium Authors. All rights reserved.
|
| +// Use of this source code is governed by a BSD-style license that can be
|
| +// found in the LICENSE file.
|
| +
|
| +#include <openssl/hmac.h>
|
| +
|
| +#include "base/logging.h"
|
| +#include "content/child/webcrypto/crypto_data.h"
|
| +#include "content/child/webcrypto/jwk.h"
|
| +#include "content/child/webcrypto/openssl/key_openssl.h"
|
| +#include "content/child/webcrypto/openssl/sym_key_openssl.h"
|
| +#include "content/child/webcrypto/openssl/util_openssl.h"
|
| +#include "content/child/webcrypto/status.h"
|
| +#include "content/child/webcrypto/webcrypto_util.h"
|
| +#include "crypto/openssl_util.h"
|
| +#include "crypto/secure_util.h"
|
| +#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
|
| +#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
|
| +
|
| +namespace content {
|
| +
|
| +namespace webcrypto {
|
| +
|
| +namespace {
|
| +
|
| +const blink::WebCryptoKeyUsageMask kAllKeyUsages =
|
| + blink::WebCryptoKeyUsageSign | blink::WebCryptoKeyUsageVerify;
|
| +
|
| +Status SignHmac(const std::vector<uint8>& raw_key,
|
| + const blink::WebCryptoAlgorithm& hash,
|
| + const CryptoData& data,
|
| + std::vector<uint8>* buffer) {
|
| + crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
|
| +
|
| + const EVP_MD* digest_algorithm = GetDigest(hash.id());
|
| + if (!digest_algorithm)
|
| + return Status::ErrorUnsupported();
|
| + unsigned int hmac_expected_length = EVP_MD_size(digest_algorithm);
|
| +
|
| + // OpenSSL wierdness here.
|
| + // First, HMAC() needs a void* for the key data, so make one up front as a
|
| + // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key,
|
| + // which will result if the raw_key vector is empty; an entirely valid
|
| + // case. Handle this specific case by pointing to an empty array.
|
| + const unsigned char null_key[] = {};
|
| + const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key;
|
| +
|
| + buffer->resize(hmac_expected_length);
|
| + crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result(
|
| + Uint8VectorStart(buffer), hmac_expected_length);
|
| +
|
| + unsigned int hmac_actual_length;
|
| + unsigned char* const success = HMAC(digest_algorithm,
|
| + raw_key_voidp,
|
| + raw_key.size(),
|
| + data.bytes(),
|
| + data.byte_length(),
|
| + hmac_result.safe_buffer(),
|
| + &hmac_actual_length);
|
| + if (!success || hmac_actual_length != hmac_expected_length)
|
| + return Status::OperationError();
|
| +
|
| + return Status::Success();
|
| +}
|
| +
|
| +class HmacImplementation : public AlgorithmImplementation {
|
| + public:
|
| + HmacImplementation() {}
|
| +
|
| + virtual Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) const OVERRIDE {
|
| + const blink::WebCryptoHmacKeyGenParams* params =
|
| + algorithm.hmacKeyGenParams();
|
| +
|
| + unsigned int keylen_bits = 0;
|
| + Status status = GetHmacKeyGenLengthInBits(params, &keylen_bits);
|
| + if (status.IsError())
|
| + return status;
|
| +
|
| + return GenerateSecretKeyOpenSsl(blink::WebCryptoKeyAlgorithm::createHmac(
|
| + params->hash().id(), keylen_bits),
|
| + extractable,
|
| + usage_mask,
|
| + keylen_bits / 8,
|
| + key);
|
| + }
|
| +
|
| + virtual Status VerifyKeyUsagesBeforeImportKey(
|
| + blink::WebCryptoKeyFormat format,
|
| + blink::WebCryptoKeyUsageMask usage_mask) const OVERRIDE {
|
| + switch (format) {
|
| + case blink::WebCryptoKeyFormatRaw:
|
| + case blink::WebCryptoKeyFormatJwk:
|
| + return CheckKeyCreationUsages(kAllKeyUsages, usage_mask);
|
| + default:
|
| + return Status::ErrorUnsupportedImportKeyFormat();
|
| + }
|
| + }
|
| +
|
| + virtual Status VerifyKeyUsagesBeforeGenerateKey(
|
| + blink::WebCryptoKeyUsageMask usage_mask) const OVERRIDE {
|
| + return CheckKeyCreationUsages(kAllKeyUsages, usage_mask);
|
| + }
|
| +
|
| + virtual Status ImportKeyRaw(const CryptoData& key_data,
|
| + const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) const OVERRIDE {
|
| + const blink::WebCryptoAlgorithm& hash =
|
| + algorithm.hmacImportParams()->hash();
|
| +
|
| + // TODO(eroman): check for overflow.
|
| + unsigned int keylen_bits = key_data.byte_length() * 8;
|
| +
|
| + return ImportKeyRawOpenSsl(
|
| + key_data,
|
| + blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bits),
|
| + extractable,
|
| + usage_mask,
|
| + key);
|
| + }
|
| +
|
| + virtual Status ImportKeyJwk(const CryptoData& key_data,
|
| + const blink::WebCryptoAlgorithm& algorithm,
|
| + bool extractable,
|
| + blink::WebCryptoKeyUsageMask usage_mask,
|
| + blink::WebCryptoKey* key) const OVERRIDE {
|
| + const char* algorithm_name =
|
| + GetJwkHmacAlgorithmName(algorithm.hmacImportParams()->hash().id());
|
| + if (!algorithm_name)
|
| + return Status::ErrorUnexpected();
|
| +
|
| + std::vector<uint8> raw_data;
|
| + Status status = ReadSecretKeyJwk(
|
| + key_data, algorithm_name, extractable, usage_mask, &raw_data);
|
| + if (status.IsError())
|
| + return status;
|
| +
|
| + return ImportKeyRaw(
|
| + CryptoData(raw_data), algorithm, extractable, usage_mask, key);
|
| + }
|
| +
|
| + virtual Status ExportKeyRaw(const blink::WebCryptoKey& key,
|
| + std::vector<uint8>* buffer) const OVERRIDE {
|
| + *buffer = SymKeyOpenSsl::Cast(key)->raw_key_data();
|
| + return Status::Success();
|
| + }
|
| +
|
| + virtual Status ExportKeyJwk(const blink::WebCryptoKey& key,
|
| + std::vector<uint8>* buffer) const OVERRIDE {
|
| + SymKeyOpenSsl* sym_key = SymKeyOpenSsl::Cast(key);
|
| + const std::vector<uint8>& raw_data = sym_key->raw_key_data();
|
| +
|
| + const char* algorithm_name =
|
| + GetJwkHmacAlgorithmName(key.algorithm().hmacParams()->hash().id());
|
| + if (!algorithm_name)
|
| + return Status::ErrorUnexpected();
|
| +
|
| + WriteSecretKeyJwk(CryptoData(raw_data),
|
| + algorithm_name,
|
| + key.extractable(),
|
| + key.usages(),
|
| + buffer);
|
| +
|
| + return Status::Success();
|
| + }
|
| +
|
| + virtual Status Sign(const blink::WebCryptoAlgorithm& algorithm,
|
| + const blink::WebCryptoKey& key,
|
| + const CryptoData& data,
|
| + std::vector<uint8>* buffer) const OVERRIDE {
|
| + const blink::WebCryptoAlgorithm& hash =
|
| + key.algorithm().hmacParams()->hash();
|
| +
|
| + return SignHmac(
|
| + SymKeyOpenSsl::Cast(key)->raw_key_data(), hash, data, buffer);
|
| + }
|
| +
|
| + virtual Status Verify(const blink::WebCryptoAlgorithm& algorithm,
|
| + const blink::WebCryptoKey& key,
|
| + const CryptoData& signature,
|
| + const CryptoData& data,
|
| + bool* signature_match) const OVERRIDE {
|
| + std::vector<uint8> result;
|
| + Status status = Sign(algorithm, key, data, &result);
|
| +
|
| + if (status.IsError())
|
| + return status;
|
| +
|
| + // Do not allow verification of truncated MACs.
|
| + *signature_match = result.size() == signature.byte_length() &&
|
| + crypto::SecureMemEqual(Uint8VectorStart(result),
|
| + signature.bytes(),
|
| + signature.byte_length());
|
| +
|
| + return Status::Success();
|
| + }
|
| +};
|
| +
|
| +} // namespace
|
| +
|
| +AlgorithmImplementation* CreatePlatformHmacImplementation() {
|
| + return new HmacImplementation;
|
| +}
|
| +
|
| +} // namespace webcrypto
|
| +
|
| +} // namespace content
|
|
|
Chromium Code Reviews
