| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include <openssl/evp.h> |
| 6 |
| 7 #include "base/stl_util.h" |
| 8 #include "content/child/webcrypto/crypto_data.h" |
| 9 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 10 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" |
| 11 #include "content/child/webcrypto/openssl/util_openssl.h" |
| 12 #include "content/child/webcrypto/status.h" |
| 13 #include "crypto/openssl_util.h" |
| 14 #include "crypto/scoped_openssl_types.h" |
| 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 17 |
| 18 namespace content { |
| 19 |
| 20 namespace webcrypto { |
| 21 |
| 22 namespace { |
| 23 |
| 24 typedef int (*InitFunc)(EVP_PKEY_CTX* ctx); |
| 25 typedef int (*EncryptDecryptFunc)(EVP_PKEY_CTX* ctx, |
| 26 unsigned char* out, |
| 27 size_t* outlen, |
| 28 const unsigned char* in, |
| 29 size_t inlen); |
| 30 |
| 31 // Helper for doing either RSA-OAEP encryption or decryption. |
| 32 // |
| 33 // To encrypt call with: |
| 34 // init_func=EVP_PKEY_encrypt_init, encrypt_decrypt_func=EVP_PKEY_encrypt |
| 35 // |
| 36 // To decrypt call with: |
| 37 // init_func=EVP_PKEY_decrypt_init, encrypt_decrypt_func=EVP_PKEY_decrypt |
| 38 Status CommonEncryptDecrypt(InitFunc init_func, |
| 39 EncryptDecryptFunc encrypt_decrypt_func, |
| 40 const blink::WebCryptoAlgorithm& algorithm, |
| 41 const blink::WebCryptoKey& key, |
| 42 const CryptoData& data, |
| 43 std::vector<uint8_t>* buffer) { |
| 44 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 45 |
| 46 EVP_PKEY* pkey = AsymKeyOpenSsl::Cast(key)->key(); |
| 47 const EVP_MD* digest = |
| 48 GetDigest(key.algorithm().rsaHashedParams()->hash().id()); |
| 49 if (!digest) |
| 50 return Status::ErrorUnsupported(); |
| 51 |
| 52 crypto::ScopedEVP_PKEY_CTX ctx(EVP_PKEY_CTX_new(pkey, NULL)); |
| 53 |
| 54 if (1 != init_func(ctx.get()) || |
| 55 1 != EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING) || |
| 56 1 != EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), digest) || |
| 57 1 != EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), digest)) { |
| 58 return Status::OperationError(); |
| 59 } |
| 60 |
| 61 const blink::WebVector<uint8_t>& label = |
| 62 algorithm.rsaOaepParams()->optionalLabel(); |
| 63 |
| 64 if (label.size()) { |
| 65 // Make a copy of the label, since the ctx takes ownership of it when |
| 66 // calling set0_rsa_oaep_label(). |
| 67 crypto::ScopedOpenSSLBytes label_copy; |
| 68 label_copy.reset(static_cast<uint8_t*>(OPENSSL_malloc(label.size()))); |
| 69 memcpy(label_copy.get(), label.data(), label.size()); |
| 70 |
| 71 if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label( |
| 72 ctx.get(), label_copy.release(), label.size())) { |
| 73 return Status::OperationError(); |
| 74 } |
| 75 } |
| 76 |
| 77 // Determine the maximum length of the output. |
| 78 size_t outlen = 0; |
| 79 if (1 != encrypt_decrypt_func( |
| 80 ctx.get(), NULL, &outlen, data.bytes(), data.byte_length())) { |
| 81 return Status::OperationError(); |
| 82 } |
| 83 buffer->resize(outlen); |
| 84 |
| 85 // Do the actual encryption/decryption. |
| 86 if (1 != encrypt_decrypt_func(ctx.get(), |
| 87 vector_as_array(buffer), |
| 88 &outlen, |
| 89 data.bytes(), |
| 90 data.byte_length())) { |
| 91 return Status::OperationError(); |
| 92 } |
| 93 buffer->resize(outlen); |
| 94 |
| 95 return Status::Success(); |
| 96 } |
| 97 |
| 98 class RsaOaepImplementation : public RsaHashedAlgorithm { |
| 99 public: |
| 100 RsaOaepImplementation() |
| 101 : RsaHashedAlgorithm( |
| 102 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageWrapKey, |
| 103 blink::WebCryptoKeyUsageDecrypt | |
| 104 blink::WebCryptoKeyUsageUnwrapKey) {} |
| 105 |
| 106 virtual const char* GetJwkAlgorithm( |
| 107 const blink::WebCryptoAlgorithmId hash) const OVERRIDE { |
| 108 switch (hash) { |
| 109 case blink::WebCryptoAlgorithmIdSha1: |
| 110 return "RSA-OAEP"; |
| 111 case blink::WebCryptoAlgorithmIdSha256: |
| 112 return "RSA-OAEP-256"; |
| 113 case blink::WebCryptoAlgorithmIdSha384: |
| 114 return "RSA-OAEP-384"; |
| 115 case blink::WebCryptoAlgorithmIdSha512: |
| 116 return "RSA-OAEP-512"; |
| 117 default: |
| 118 return NULL; |
| 119 } |
| 120 } |
| 121 |
| 122 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, |
| 123 const blink::WebCryptoKey& key, |
| 124 const CryptoData& data, |
| 125 std::vector<uint8_t>* buffer) const OVERRIDE { |
| 126 if (key.type() != blink::WebCryptoKeyTypePublic) |
| 127 return Status::ErrorUnexpectedKeyType(); |
| 128 |
| 129 return CommonEncryptDecrypt( |
| 130 EVP_PKEY_encrypt_init, EVP_PKEY_encrypt, algorithm, key, data, buffer); |
| 131 } |
| 132 |
| 133 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, |
| 134 const blink::WebCryptoKey& key, |
| 135 const CryptoData& data, |
| 136 std::vector<uint8_t>* buffer) const OVERRIDE { |
| 137 if (key.type() != blink::WebCryptoKeyTypePrivate) |
| 138 return Status::ErrorUnexpectedKeyType(); |
| 139 |
| 140 return CommonEncryptDecrypt( |
| 141 EVP_PKEY_decrypt_init, EVP_PKEY_decrypt, algorithm, key, data, buffer); |
| 142 } |
| 143 }; |
| 144 |
| 145 } // namespace |
| 146 |
| 147 AlgorithmImplementation* CreatePlatformRsaOaepImplementation() { |
| 148 return new RsaOaepImplementation; |
| 149 } |
| 150 |
| 151 } // namespace webcrypto |
| 152 |
| 153 } // namespace content |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 419673006:
[webcrypto] Implement RSA-OAEP using BoringSSL. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src