Chromium Code Reviews Chromium Code Reviews
Issue 401233004:
Refactor RSA key generation for WebCrypto's NSS implementation. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/webcrypto_util.h" | 5 #include "content/child/webcrypto/webcrypto_util.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| 11 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" | 11 #include "third_party/WebKit/public/platform/WebCryptoAlgorithm.h" |
| 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 12 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 13 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 14 | 14 |
| 15 namespace content { | 15 namespace content { |
| 16 | 16 |
| 17 namespace webcrypto { | 17 namespace webcrypto { |
| 18 | 18 |
| 19 namespace { | |
| 20 | |
| 21 // Converts a (big-endian) WebCrypto BigInteger, with or without leading zeros, | |
| 22 // to unsigned int. | |
| 23 bool BigIntegerToUint(const uint8_t* data, | |
| 24 unsigned int data_size, | |
| 25 unsigned int* result) { | |
| 26 // TODO(eroman): Fix handling of empty biginteger. http://crbug.com/373552 | |
| 27 if (data_size == 0) | |
| 28 return false; | |
| 29 | |
| 30 *result = 0; | |
| 31 for (size_t i = 0; i < data_size; ++i) { | |
| 32 size_t reverse_i = data_size - i - 1; | |
| 33 | |
| 34 if (reverse_i >= sizeof(unsigned int) && data[i]) | |
|
Ryan Sleevi
2014/07/21 21:36:45
sizeof(*result)
eroman
2014/07/21 21:52:21
Done.
| |
| 35 return false; // Too large for a long. | |
| 36 | |
| 37 *result |= data[i] << 8 * reverse_i; | |
| 38 } | |
| 39 return true; | |
| 40 } | |
| 41 | |
| 42 } // namespace | |
| 43 | |
| 19 const uint8_t* Uint8VectorStart(const std::vector<uint8_t>& data) { | 44 const uint8_t* Uint8VectorStart(const std::vector<uint8_t>& data) { |
| 20 if (data.empty()) | 45 if (data.empty()) |
| 21 return NULL; | 46 return NULL; |
| 22 return &data[0]; | 47 return &data[0]; |
| 23 } | 48 } |
| 24 | 49 |
| 25 uint8_t* Uint8VectorStart(std::vector<uint8_t>* data) { | 50 uint8_t* Uint8VectorStart(std::vector<uint8_t>* data) { |
| 26 if (data->empty()) | 51 if (data->empty()) |
| 27 return NULL; | 52 return NULL; |
| 28 return &(*data)[0]; | 53 return &(*data)[0]; |
| (...skipping 224 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
| 253 return Status::ErrorImportAesKeyLength(); | 278 return Status::ErrorImportAesKeyLength(); |
| 254 } | 279 } |
| 255 | 280 |
| 256 Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages, | 281 Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages, |
| 257 blink::WebCryptoKeyUsageMask actual_usages) { | 282 blink::WebCryptoKeyUsageMask actual_usages) { |
| 258 if (!ContainsKeyUsages(all_possible_usages, actual_usages)) | 283 if (!ContainsKeyUsages(all_possible_usages, actual_usages)) |
| 259 return Status::ErrorCreateKeyBadUsages(); | 284 return Status::ErrorCreateKeyBadUsages(); |
| 260 return Status::Success(); | 285 return Status::Success(); |
| 261 } | 286 } |
| 262 | 287 |
| 288 Status GetRsaKeyGenGetParameters( | |
| 289 const blink::WebCryptoRsaHashedKeyGenParams* params, | |
| 290 unsigned int* public_exponent, | |
| 291 unsigned int* modulus_length_bits) { | |
| 292 *modulus_length_bits = params->modulusLengthBits(); | |
| 293 | |
| 294 if (!*modulus_length_bits) | |
| 295 return Status::ErrorGenerateRsaZeroModulus(); | |
| 296 | |
| 297 // Limit key sizes to those supported by NSS: | |
| 298 // * Multiple of 8 bytes | |
| 299 // * 256 bits to 16K bits | |
| 300 if (*modulus_length_bits < 256 || *modulus_length_bits > 16384 || | |
| 301 (*modulus_length_bits % 8) != 0) { | |
| 302 return Status::ErrorGenerateRsaUnsupportedModulus(); | |
| 303 } | |
| 304 | |
| 305 if (!BigIntegerToUint(params->publicExponent().data(), | |
| 306 params->publicExponent().size(), | |
| 307 public_exponent)) { | |
| 308 return Status::ErrorGenerateKeyPublicExponent(); | |
| 309 } | |
| 310 | |
| 311 // OpenSSL hangs when given bad public exponents, whereas NSS simply fails. To | |
| 312 // avoid feeding OpenSSL data that will hang use a whitelist. | |
| 313 if (*public_exponent != 3 && *public_exponent != 65537) | |
| 314 return Status::ErrorGenerateKeyPublicExponent(); | |
| 315 | |
| 316 return Status::Success(); | |
| 317 } | |
| 318 | |
| 263 } // namespace webcrypto | 319 } // namespace webcrypto |
| 264 | 320 |
| 265 } // namespace content | 321 } // namespace content |
| OLD | NEW |
