| OLD | NEW |
| (Empty) |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <vector> | |
| 6 #include <openssl/evp.h> | |
| 7 | |
| 8 #include "base/logging.h" | |
| 9 #include "content/child/webcrypto/crypto_data.h" | |
| 10 #include "content/child/webcrypto/openssl/aes_key_openssl.h" | |
| 11 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 12 #include "content/child/webcrypto/openssl/util_openssl.h" | |
| 13 #include "content/child/webcrypto/status.h" | |
| 14 #include "content/child/webcrypto/webcrypto_util.h" | |
| 15 #include "crypto/openssl_util.h" | |
| 16 #include "crypto/scoped_openssl_types.h" | |
| 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 18 | |
| 19 namespace content { | |
| 20 | |
| 21 namespace webcrypto { | |
| 22 | |
| 23 namespace { | |
| 24 | |
| 25 const EVP_AEAD* GetAesGcmAlgorithmFromKeySize(unsigned int key_size_bytes) { | |
| 26 switch (key_size_bytes) { | |
| 27 case 16: | |
| 28 return EVP_aead_aes_128_gcm(); | |
| 29 // TODO(eroman): Hook up 256-bit support when it is available. | |
| 30 default: | |
| 31 return NULL; | |
| 32 } | |
| 33 } | |
| 34 | |
| 35 Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode, | |
| 36 const blink::WebCryptoAlgorithm& algorithm, | |
| 37 const blink::WebCryptoKey& key, | |
| 38 const CryptoData& data, | |
| 39 std::vector<uint8>* buffer) { | |
| 40 const std::vector<uint8>& raw_key = SymKeyOpenSsl::Cast(key)->raw_key_data(); | |
| 41 const blink::WebCryptoAesGcmParams* params = algorithm.aesGcmParams(); | |
| 42 | |
| 43 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 44 | |
| 45 unsigned int tag_length_bits; | |
| 46 Status status = GetAesGcmTagLengthInBits(params, &tag_length_bits); | |
| 47 if (status.IsError()) | |
| 48 return status; | |
| 49 unsigned int tag_length_bytes = tag_length_bits / 8; | |
| 50 | |
| 51 CryptoData iv(params->iv()); | |
| 52 CryptoData additional_data(params->optionalAdditionalData()); | |
| 53 | |
| 54 EVP_AEAD_CTX ctx; | |
| 55 | |
| 56 const EVP_AEAD* const aead_alg = | |
| 57 GetAesGcmAlgorithmFromKeySize(raw_key.size()); | |
| 58 if (!aead_alg) | |
| 59 return Status::ErrorUnexpected(); | |
| 60 | |
| 61 if (!EVP_AEAD_CTX_init(&ctx, | |
| 62 aead_alg, | |
| 63 Uint8VectorStart(raw_key), | |
| 64 raw_key.size(), | |
| 65 tag_length_bytes, | |
| 66 NULL)) { | |
| 67 return Status::OperationError(); | |
| 68 } | |
| 69 | |
| 70 crypto::ScopedOpenSSL<EVP_AEAD_CTX, EVP_AEAD_CTX_cleanup>::Type ctx_cleanup( | |
| 71 &ctx); | |
| 72 | |
| 73 size_t len; | |
| 74 int ok; | |
| 75 | |
| 76 if (mode == DECRYPT) { | |
| 77 if (data.byte_length() < tag_length_bytes) | |
| 78 return Status::ErrorDataTooSmall(); | |
| 79 | |
| 80 buffer->resize(data.byte_length() - tag_length_bytes); | |
| 81 | |
| 82 ok = EVP_AEAD_CTX_open(&ctx, | |
| 83 Uint8VectorStart(buffer), | |
| 84 &len, | |
| 85 buffer->size(), | |
| 86 iv.bytes(), | |
| 87 iv.byte_length(), | |
| 88 data.bytes(), | |
| 89 data.byte_length(), | |
| 90 additional_data.bytes(), | |
| 91 additional_data.byte_length()); | |
| 92 } else { | |
| 93 // No need to check for unsigned integer overflow here (seal fails if | |
| 94 // the output buffer is too small). | |
| 95 buffer->resize(data.byte_length() + tag_length_bytes); | |
| 96 | |
| 97 ok = EVP_AEAD_CTX_seal(&ctx, | |
| 98 Uint8VectorStart(buffer), | |
| 99 &len, | |
| 100 buffer->size(), | |
| 101 iv.bytes(), | |
| 102 iv.byte_length(), | |
| 103 data.bytes(), | |
| 104 data.byte_length(), | |
| 105 additional_data.bytes(), | |
| 106 additional_data.byte_length()); | |
| 107 } | |
| 108 | |
| 109 if (!ok) | |
| 110 return Status::OperationError(); | |
| 111 buffer->resize(len); | |
| 112 return Status::Success(); | |
| 113 } | |
| 114 | |
| 115 class AesGcmImplementation : public AesAlgorithm { | |
| 116 public: | |
| 117 AesGcmImplementation() : AesAlgorithm("GCM") {} | |
| 118 | |
| 119 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 120 const blink::WebCryptoKey& key, | |
| 121 const CryptoData& data, | |
| 122 std::vector<uint8>* buffer) const OVERRIDE { | |
| 123 return AesGcmEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer); | |
| 124 } | |
| 125 | |
| 126 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 127 const blink::WebCryptoKey& key, | |
| 128 const CryptoData& data, | |
| 129 std::vector<uint8>* buffer) const OVERRIDE { | |
| 130 return AesGcmEncryptDecrypt(DECRYPT, algorithm, key, data, buffer); | |
| 131 } | |
| 132 }; | |
| 133 | |
| 134 } // namespace | |
| 135 | |
| 136 AlgorithmImplementation* CreatePlatformAesGcmImplementation() { | |
| 137 return new AesGcmImplementation; | |
| 138 } | |
| 139 | |
| 140 } // namespace webcrypto | |
| 141 | |
| 142 } // namespace content | |
| OLD | NEW |