Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(907)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: content/child/webcrypto/webcrypto_util.cc

Issue 379383002: Refactor WebCrypto code (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: Rebase onto master (no longer has BoringSSL) Created 6 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « content/child/webcrypto/webcrypto_util.h ('k') | content/content_child.gypi » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: content/child/webcrypto/webcrypto_util.cc
diff --git a/content/child/webcrypto/webcrypto_util.cc b/content/child/webcrypto/webcrypto_util.cc
index 87ac17465e8639fa40b879cbdaa3d5caa91cbb30..7bedc43bb45b2a2c61a42f2c8ab80a4e44785355 100644
--- a/content/child/webcrypto/webcrypto_util.cc
+++ b/content/child/webcrypto/webcrypto_util.cc
@@ -160,37 +160,17 @@ blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm(
id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id)));
}
-bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
- unsigned int keylen_bytes,
- blink::WebCryptoKeyAlgorithm* key_algorithm) {
- switch (algorithm.id()) {
- case blink::WebCryptoAlgorithmIdHmac: {
- blink::WebCryptoAlgorithm hash = GetInnerHashAlgorithm(algorithm);
- if (hash.isNull())
- return false;
- if (keylen_bytes > UINT_MAX / 8)
- return false;
- *key_algorithm =
- blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bytes * 8);
- return true;
- }
- case blink::WebCryptoAlgorithmIdAesKw:
- case blink::WebCryptoAlgorithmIdAesCbc:
- case blink::WebCryptoAlgorithmIdAesCtr:
- case blink::WebCryptoAlgorithmIdAesGcm:
- *key_algorithm = blink::WebCryptoKeyAlgorithm::createAes(
- algorithm.id(), keylen_bytes * 8);
- return true;
- default:
- return false;
- }
-}
-
bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a,
blink::WebCryptoKeyUsageMask b) {
return (a & b) == b;
}
+// TODO(eroman): Move this helper to WebCryptoKey.
+bool KeyUsageAllows(const blink::WebCryptoKey& key,
+ const blink::WebCryptoKeyUsage usage) {
+ return ((key.usages() & usage) != 0);
+}
+
bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) {
return alg_id == blink::WebCryptoAlgorithmIdRsaOaep ||
alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
@@ -202,6 +182,84 @@ bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) {
return IsAlgorithmRsa(alg_id);
}
+// The WebCrypto spec defines the default value for the tag length, as well as
+// the allowed values for tag length.
+Status GetAesGcmTagLengthInBits(const blink::WebCryptoAesGcmParams* params,
+ unsigned int* tag_length_bits) {
+ *tag_length_bits = 128;
+ if (params->hasTagLengthBits())
+ *tag_length_bits = params->optionalTagLengthBits();
+
+ if (*tag_length_bits != 32 && *tag_length_bits != 64 &&
+ *tag_length_bits != 96 && *tag_length_bits != 104 &&
+ *tag_length_bits != 112 && *tag_length_bits != 120 &&
+ *tag_length_bits != 128)
+ return Status::ErrorInvalidAesGcmTagLength();
+
+ return Status::Success();
+}
+
+Status GetAesKeyGenLengthInBits(const blink::WebCryptoAesKeyGenParams* params,
+ unsigned int* keylen_bits) {
+ *keylen_bits = params->lengthBits();
+
+ if (*keylen_bits == 128 || *keylen_bits == 256)
+ return Status::Success();
+
+ // BoringSSL does not support 192-bit AES.
+ if (*keylen_bits == 192)
+ return Status::ErrorAes192BitUnsupported();
+
+ return Status::ErrorGenerateKeyLength();
+}
+
+Status GetHmacKeyGenLengthInBits(const blink::WebCryptoHmacKeyGenParams* params,
+ unsigned int* keylen_bits) {
+ if (!params->hasLengthBits()) {
+ switch (params->hash().id()) {
+ case blink::WebCryptoAlgorithmIdSha1:
+ case blink::WebCryptoAlgorithmIdSha256:
+ *keylen_bits = 512;
+ return Status::Success();
+ case blink::WebCryptoAlgorithmIdSha384:
+ case blink::WebCryptoAlgorithmIdSha512:
+ *keylen_bits = 1024;
+ return Status::Success();
+ default:
+ return Status::ErrorUnsupported();
+ }
+ }
+
+ if (params->optionalLengthBits() % 8)
+ return Status::ErrorGenerateKeyLength();
+
+ *keylen_bits = params->optionalLengthBits();
+
+ // TODO(eroman): NSS fails when generating a zero-length secret key.
+ if (*keylen_bits == 0)
+ return Status::ErrorGenerateKeyLength();
+
+ return Status::Success();
+}
+
+Status VerifyAesKeyLengthForImport(unsigned int keylen_bytes) {
+ if (keylen_bytes == 16 || keylen_bytes == 32)
+ return Status::Success();
+
+ // BoringSSL does not support 192-bit AES.
+ if (keylen_bytes == 24)
+ return Status::ErrorAes192BitUnsupported();
+
+ return Status::ErrorImportAesKeyLength();
+}
+
+Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages,
+ blink::WebCryptoKeyUsageMask actual_usages) {
+ if (!ContainsKeyUsages(all_possible_usages, actual_usages))
+ return Status::ErrorCreateKeyBadUsages();
+ return Status::Success();
+}
+
} // namespace webcrypto
} // namespace content
« no previous file with comments | « content/child/webcrypto/webcrypto_util.h ('k') | content/content_child.gypi » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698