| OLD | NEW |
|---|
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "content/child/webcrypto/webcrypto_util.h" | 5 #include "content/child/webcrypto/webcrypto_util.h" |
| 6 | 6 |
| 7 #include "base/base64.h" | 7 #include "base/base64.h" |
| 8 #include "base/logging.h" | 8 #include "base/logging.h" |
| 9 #include "base/strings/stringprintf.h" | 9 #include "base/strings/stringprintf.h" |
| 10 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| (...skipping 142 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( | 153 blink::WebCryptoAlgorithm CreateRsaHashedImportAlgorithm( |
| 154 blink::WebCryptoAlgorithmId id, | 154 blink::WebCryptoAlgorithmId id, |
| 155 blink::WebCryptoAlgorithmId hash_id) { | 155 blink::WebCryptoAlgorithmId hash_id) { |
| 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); | 156 DCHECK(blink::WebCryptoAlgorithm::isHash(hash_id)); |
| 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || | 157 DCHECK(id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 || |
| 158 id == blink::WebCryptoAlgorithmIdRsaOaep); | 158 id == blink::WebCryptoAlgorithmIdRsaOaep); |
| 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( | 159 return blink::WebCryptoAlgorithm::adoptParamsAndCreate( |
| 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); | 160 id, new blink::WebCryptoRsaHashedImportParams(CreateAlgorithm(hash_id))); |
| 161 } | 161 } |
| 162 | 162 |
| 163 bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm, |
| 164 unsigned int keylen_bytes, |
| 165 blink::WebCryptoKeyAlgorithm* key_algorithm) { |
| 166 switch (algorithm.id()) { |
| 167 case blink::WebCryptoAlgorithmIdHmac: { |
| 168 blink::WebCryptoAlgorithm hash = GetInnerHashAlgorithm(algorithm); |
| 169 if (hash.isNull()) |
| 170 return false; |
| 171 if (keylen_bytes > UINT_MAX / 8) |
| 172 return false; |
| 173 *key_algorithm = |
| 174 blink::WebCryptoKeyAlgorithm::createHmac(hash.id(), keylen_bytes * 8); |
| 175 return true; |
| 176 } |
| 177 case blink::WebCryptoAlgorithmIdAesKw: |
| 178 case blink::WebCryptoAlgorithmIdAesCbc: |
| 179 case blink::WebCryptoAlgorithmIdAesCtr: |
| 180 case blink::WebCryptoAlgorithmIdAesGcm: |
| 181 *key_algorithm = blink::WebCryptoKeyAlgorithm::createAes( |
| 182 algorithm.id(), keylen_bytes * 8); |
| 183 return true; |
| 184 default: |
| 185 return false; |
| 186 } |
| 187 } |
| 188 |
| 163 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, | 189 bool ContainsKeyUsages(blink::WebCryptoKeyUsageMask a, |
| 164 blink::WebCryptoKeyUsageMask b) { | 190 blink::WebCryptoKeyUsageMask b) { |
| 165 return (a & b) == b; | 191 return (a & b) == b; |
| 166 } | 192 } |
| 167 | 193 |
| 168 // TODO(eroman): Move this helper to WebCryptoKey. | |
| 169 bool KeyUsageAllows(const blink::WebCryptoKey& key, | |
| 170 const blink::WebCryptoKeyUsage usage) { | |
| 171 return ((key.usages() & usage) != 0); | |
| 172 } | |
| 173 | |
| 174 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { | 194 bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) { |
| 175 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || | 195 return alg_id == blink::WebCryptoAlgorithmIdRsaOaep || |
| 176 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; | 196 alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5; |
| 177 } | 197 } |
| 178 | 198 |
| 179 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { | 199 bool IsAlgorithmAsymmetric(blink::WebCryptoAlgorithmId alg_id) { |
| 180 // TODO(padolph): include all other asymmetric algorithms once they are | 200 // TODO(padolph): include all other asymmetric algorithms once they are |
| 181 // defined, e.g. EC and DH. | 201 // defined, e.g. EC and DH. |
| 182 return IsAlgorithmRsa(alg_id); | 202 return IsAlgorithmRsa(alg_id); |
| 183 } | 203 } |
| 184 | 204 |
| 185 // The WebCrypto spec defines the default value for the tag length, as well as | |
| 186 // the allowed values for tag length. | |
| 187 Status GetAesGcmTagLengthInBits(const blink::WebCryptoAesGcmParams* params, | |
| 188 unsigned int* tag_length_bits) { | |
| 189 *tag_length_bits = 128; | |
| 190 if (params->hasTagLengthBits()) | |
| 191 *tag_length_bits = params->optionalTagLengthBits(); | |
| 192 | |
| 193 if (*tag_length_bits != 32 && *tag_length_bits != 64 && | |
| 194 *tag_length_bits != 96 && *tag_length_bits != 104 && | |
| 195 *tag_length_bits != 112 && *tag_length_bits != 120 && | |
| 196 *tag_length_bits != 128) | |
| 197 return Status::ErrorInvalidAesGcmTagLength(); | |
| 198 | |
| 199 return Status::Success(); | |
| 200 } | |
| 201 | |
| 202 Status GetAesKeyGenLengthInBits(const blink::WebCryptoAesKeyGenParams* params, | |
| 203 unsigned int* keylen_bits) { | |
| 204 *keylen_bits = params->lengthBits(); | |
| 205 | |
| 206 if (*keylen_bits == 128 || *keylen_bits == 256) | |
| 207 return Status::Success(); | |
| 208 | |
| 209 // BoringSSL does not support 192-bit AES. | |
| 210 if (*keylen_bits == 192) | |
| 211 return Status::ErrorAes192BitUnsupported(); | |
| 212 | |
| 213 return Status::ErrorGenerateKeyLength(); | |
| 214 } | |
| 215 | |
| 216 Status GetHmacKeyGenLengthInBits(const blink::WebCryptoHmacKeyGenParams* params, | |
| 217 unsigned int* keylen_bits) { | |
| 218 if (!params->hasLengthBits()) { | |
| 219 switch (params->hash().id()) { | |
| 220 case blink::WebCryptoAlgorithmIdSha1: | |
| 221 case blink::WebCryptoAlgorithmIdSha256: | |
| 222 *keylen_bits = 512; | |
| 223 return Status::Success(); | |
| 224 case blink::WebCryptoAlgorithmIdSha384: | |
| 225 case blink::WebCryptoAlgorithmIdSha512: | |
| 226 *keylen_bits = 1024; | |
| 227 return Status::Success(); | |
| 228 default: | |
| 229 return Status::ErrorUnsupported(); | |
| 230 } | |
| 231 } | |
| 232 | |
| 233 if (params->optionalLengthBits() % 8) | |
| 234 return Status::ErrorGenerateKeyLength(); | |
| 235 | |
| 236 *keylen_bits = params->optionalLengthBits(); | |
| 237 | |
| 238 // TODO(eroman): NSS fails when generating a zero-length secret key. | |
| 239 if (*keylen_bits == 0) | |
| 240 return Status::ErrorGenerateKeyLength(); | |
| 241 | |
| 242 return Status::Success(); | |
| 243 } | |
| 244 | |
| 245 Status VerifyAesKeyLengthForImport(unsigned int keylen_bytes) { | |
| 246 if (keylen_bytes == 16 || keylen_bytes == 32) | |
| 247 return Status::Success(); | |
| 248 | |
| 249 // BoringSSL does not support 192-bit AES. | |
| 250 if (keylen_bytes == 24) | |
| 251 return Status::ErrorAes192BitUnsupported(); | |
| 252 | |
| 253 return Status::ErrorImportAesKeyLength(); | |
| 254 } | |
| 255 | |
| 256 Status CheckKeyCreationUsages(blink::WebCryptoKeyUsageMask all_possible_usages, | |
| 257 blink::WebCryptoKeyUsageMask actual_usages) { | |
| 258 if (!ContainsKeyUsages(all_possible_usages, actual_usages)) | |
| 259 return Status::ErrorCreateKeyBadUsages(); | |
| 260 return Status::Success(); | |
| 261 } | |
| 262 | |
| 263 } // namespace webcrypto | 205 } // namespace webcrypto |
| 264 | 206 |
| 265 } // namespace content | 207 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 401983002:
Revert 284192 due to a failing test. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src