[webcrypto] JWK: Reject keys with non-minimal bigintegers.

content/child/webcrypto/nss/rsa_key_nss.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "content/child/webcrypto/nss/rsa_key_nss.h"
 
 #include "base/logging.h"
 #include "content/child/webcrypto/crypto_data.h"
 #include "content/child/webcrypto/jwk.h"
 #include "content/child/webcrypto/nss/key_nss.h"
@@ skipping 253 matching lines @@
 
 // Helper to add an attribute to a template.
 void AddAttribute(CK_ATTRIBUTE_TYPE type,
                   void* value,
                   unsigned long length,
                   std::vector<CK_ATTRIBUTE>* templ) {
   CK_ATTRIBUTE attribute = {type, value, length};
   templ->push_back(attribute);
 }
 
-// Helper to optionally add an attribute to a template, if the provided data is
-// non-empty.
-void AddOptionalAttribute(CK_ATTRIBUTE_TYPE type,
-                          const CryptoData& data,
-                          std::vector<CK_ATTRIBUTE>* templ) {
-  if (!data.byte_length())
-    return;
+void AddAttribute(CK_ATTRIBUTE_TYPE type,
+                  const CryptoData& data,
+                  std::vector<CK_ATTRIBUTE>* templ) {
   CK_ATTRIBUTE attribute = {type, const_cast<unsigned char*>(data.bytes()),
                             data.byte_length()};
   templ->push_back(attribute);
 }
 
-void AddOptionalAttribute(CK_ATTRIBUTE_TYPE type,
-                          const std::string& data,
-                          std::vector<CK_ATTRIBUTE>* templ) {
-  AddOptionalAttribute(type, CryptoData(data), templ);
+void AddAttribute(CK_ATTRIBUTE_TYPE type,
+                  const std::string& data,
+                  std::vector<CK_ATTRIBUTE>* templ) {
+  AddAttribute(type, CryptoData(data), templ);
 }
 
 Status ExportKeyPkcs8Nss(SECKEYPrivateKey* key, std::vector<uint8_t>* buffer) {
   if (key->keyType != rsaKey)
     return Status::ErrorUnsupported();
 
 // TODO(rsleevi): Implement OAEP support according to the spec.
 
 #if defined(USE_NSS)
   // PK11_ExportDERPrivateKeyInfo isn't available. Use our fallback code.
@@ skipping 59 matching lines @@
   CK_BBOOL ck_false = CK_FALSE;
 
   std::vector<CK_ATTRIBUTE> key_template;
 
   AddAttribute(CKA_CLASS, &obj_class, sizeof(obj_class), &key_template);
   AddAttribute(CKA_KEY_TYPE, &key_type, sizeof(key_type), &key_template);
   AddAttribute(CKA_TOKEN, &ck_false, sizeof(ck_false), &key_template);
   AddAttribute(CKA_SENSITIVE, &ck_false, sizeof(ck_false), &key_template);
   AddAttribute(CKA_PRIVATE, &ck_false, sizeof(ck_false), &key_template);
 
-  // Required properties.
-  AddOptionalAttribute(CKA_MODULUS, params.n, &key_template);
-  AddOptionalAttribute(CKA_PUBLIC_EXPONENT, params.e, &key_template);
-  AddOptionalAttribute(CKA_PRIVATE_EXPONENT, params.d, &key_template);
+  // Required properties by JWA.
+  AddAttribute(CKA_MODULUS, params.n, &key_template);
+  AddAttribute(CKA_PUBLIC_EXPONENT, params.e, &key_template);
+  AddAttribute(CKA_PRIVATE_EXPONENT, params.d, &key_template);
 
   // Manufacture a CKA_ID so the created key can be retrieved later as a
   // SECKEYPrivateKey using FindKeyByKeyID(). Unfortunately there isn't a more
   // direct way to do this in NSS.
   //
   // For consistency with other NSS key creation methods, set the CKA_ID to
   // PK11_MakeIDFromPubKey(). There are some problems with
   // this approach:
   //
   //  (1) Prior to NSS 3.16.2, there is no parameter validation when creating
   //      private keys. It is therefore possible to construct a key using the
   //      known public modulus, and where all the other parameters are bogus.
   //      FindKeyByKeyID() returns the first key matching the ID. So this would
   //      effectively allow an attacker to retrieve a private key of their
   //      choice.
   //
   //  (2) The ID space is shared by different key types. So theoretically
   //      possible to retrieve a key of the wrong type which has a matching
   //      CKA_ID. In practice I am told this is not likely except for small key
   //      sizes, since would require constructing keys with the same public
   //      data.
   //
   //  (3) FindKeyByKeyID() doesn't necessarily return the object that was just
   //      created by CreateGenericObject. If the pre-existing key was
   //      provisioned with flags incompatible with WebCrypto (for instance
   //      marked sensitive) then this will break things.
   SECItem modulus_item = MakeSECItemForBuffer(CryptoData(params.n));
   crypto::ScopedSECItem object_id(PK11_MakeIDFromPubKey(&modulus_item));
-  AddOptionalAttribute(
+  AddAttribute(
       CKA_ID, CryptoData(object_id->data, object_id->len), &key_template);
 
-  // Optional properties (all of these will have been specified or none).
-  AddOptionalAttribute(CKA_PRIME_1, params.p, &key_template);
-  AddOptionalAttribute(CKA_PRIME_2, params.q, &key_template);
-  AddOptionalAttribute(CKA_EXPONENT_1, params.dp, &key_template);
-  AddOptionalAttribute(CKA_EXPONENT_2, params.dq, &key_template);
-  AddOptionalAttribute(CKA_COEFFICIENT, params.qi, &key_template);
+  // Optional properties by JWA, however guaranteed to be present by Chromium's
+  // implementation.
+  AddAttribute(CKA_PRIME_1, params.p, &key_template);
+  AddAttribute(CKA_PRIME_2, params.q, &key_template);
+  AddAttribute(CKA_EXPONENT_1, params.dp, &key_template);
+  AddAttribute(CKA_EXPONENT_2, params.dq, &key_template);
+  AddAttribute(CKA_COEFFICIENT, params.qi, &key_template);
 
   crypto::ScopedPK11Slot slot(PK11_GetInternalSlot());
 
   ScopedPK11GenericObject key_object(PK11_CreateGenericObject(
       slot.get(), &key_template[0], key_template.size(), PR_FALSE));
 
   if (!key_object)
     return Status::OperationError();
 
   crypto::ScopedSECKEYPrivateKey private_key_tmp(
@@ skipping 438 matching lines @@
       return Status::Success();
     }
     default:
       return Status::ErrorUnexpected();
   }
 }
 
 }  // namespace webcrypto
 
 }  // namespace content