| OLD | NEW |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/hmac.h> | 5 #include <openssl/hmac.h> |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/stl_util.h" |
| 8 #include "content/child/webcrypto/algorithm_implementation.h" | 9 #include "content/child/webcrypto/algorithm_implementation.h" |
| 9 #include "content/child/webcrypto/crypto_data.h" | 10 #include "content/child/webcrypto/crypto_data.h" |
| 10 #include "content/child/webcrypto/jwk.h" | 11 #include "content/child/webcrypto/jwk.h" |
| 11 #include "content/child/webcrypto/openssl/key_openssl.h" | 12 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 12 #include "content/child/webcrypto/openssl/sym_key_openssl.h" | 13 #include "content/child/webcrypto/openssl/sym_key_openssl.h" |
| 13 #include "content/child/webcrypto/openssl/util_openssl.h" | 14 #include "content/child/webcrypto/openssl/util_openssl.h" |
| 14 #include "content/child/webcrypto/status.h" | 15 #include "content/child/webcrypto/status.h" |
| 15 #include "content/child/webcrypto/webcrypto_util.h" | 16 #include "content/child/webcrypto/webcrypto_util.h" |
| 16 #include "crypto/openssl_util.h" | 17 #include "crypto/openssl_util.h" |
| 17 #include "crypto/secure_util.h" | 18 #include "crypto/secure_util.h" |
| (...skipping 23 matching lines...) Expand all Loading... |
| 41 // OpenSSL wierdness here. | 42 // OpenSSL wierdness here. |
| 42 // First, HMAC() needs a void* for the key data, so make one up front as a | 43 // First, HMAC() needs a void* for the key data, so make one up front as a |
| 43 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, | 44 // cosmetic to avoid a cast. Second, OpenSSL does not like a NULL key, |
| 44 // which will result if the raw_key vector is empty; an entirely valid | 45 // which will result if the raw_key vector is empty; an entirely valid |
| 45 // case. Handle this specific case by pointing to an empty array. | 46 // case. Handle this specific case by pointing to an empty array. |
| 46 const unsigned char null_key[] = {}; | 47 const unsigned char null_key[] = {}; |
| 47 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; | 48 const void* const raw_key_voidp = raw_key.size() ? &raw_key[0] : null_key; |
| 48 | 49 |
| 49 buffer->resize(hmac_expected_length); | 50 buffer->resize(hmac_expected_length); |
| 50 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( | 51 crypto::ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> hmac_result( |
| 51 Uint8VectorStart(buffer), hmac_expected_length); | 52 vector_as_array(buffer), hmac_expected_length); |
| 52 | 53 |
| 53 unsigned int hmac_actual_length; | 54 unsigned int hmac_actual_length; |
| 54 unsigned char* const success = HMAC(digest_algorithm, | 55 unsigned char* const success = HMAC(digest_algorithm, |
| 55 raw_key_voidp, | 56 raw_key_voidp, |
| 56 raw_key.size(), | 57 raw_key.size(), |
| 57 data.bytes(), | 58 data.bytes(), |
| 58 data.byte_length(), | 59 data.byte_length(), |
| 59 hmac_result.safe_buffer(), | 60 hmac_result.safe_buffer(), |
| 60 &hmac_actual_length); | 61 &hmac_actual_length); |
| 61 if (!success || hmac_actual_length != hmac_expected_length) | 62 if (!success || hmac_actual_length != hmac_expected_length) |
| (...skipping 124 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 186 const CryptoData& data, | 187 const CryptoData& data, |
| 187 bool* signature_match) const OVERRIDE { | 188 bool* signature_match) const OVERRIDE { |
| 188 std::vector<uint8_t> result; | 189 std::vector<uint8_t> result; |
| 189 Status status = Sign(algorithm, key, data, &result); | 190 Status status = Sign(algorithm, key, data, &result); |
| 190 | 191 |
| 191 if (status.IsError()) | 192 if (status.IsError()) |
| 192 return status; | 193 return status; |
| 193 | 194 |
| 194 // Do not allow verification of truncated MACs. | 195 // Do not allow verification of truncated MACs. |
| 195 *signature_match = result.size() == signature.byte_length() && | 196 *signature_match = result.size() == signature.byte_length() && |
| 196 crypto::SecureMemEqual(Uint8VectorStart(result), | 197 crypto::SecureMemEqual(vector_as_array(&result), |
| 197 signature.bytes(), | 198 signature.bytes(), |
| 198 signature.byte_length()); | 199 signature.byte_length()); |
| 199 | 200 |
| 200 return Status::Success(); | 201 return Status::Success(); |
| 201 } | 202 } |
| 202 }; | 203 }; |
| 203 | 204 |
| 204 } // namespace | 205 } // namespace |
| 205 | 206 |
| 206 AlgorithmImplementation* CreatePlatformHmacImplementation() { | 207 AlgorithmImplementation* CreatePlatformHmacImplementation() { |
| 207 return new HmacImplementation; | 208 return new HmacImplementation; |
| 208 } | 209 } |
| 209 | 210 |
| 210 } // namespace webcrypto | 211 } // namespace webcrypto |
| 211 | 212 |
| 212 } // namespace content | 213 } // namespace content |
| OLD | NEW |