Chromium Code Reviews Chromium Code Reviews
Issue 419673006:
[webcrypto] Implement RSA-OAEP using BoringSSL. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/evp.h> | |
| 6 | |
| 7 #include "base/stl_util.h" | |
| 8 #include "content/child/webcrypto/crypto_data.h" | |
| 9 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 10 #include "content/child/webcrypto/openssl/rsa_key_openssl.h" | |
| 11 #include "content/child/webcrypto/openssl/util_openssl.h" | |
| 12 #include "content/child/webcrypto/status.h" | |
| 13 #include "crypto/openssl_util.h" | |
| 14 #include "crypto/scoped_openssl_types.h" | |
| 15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
| 17 | |
| 18 namespace content { | |
| 19 | |
| 20 namespace webcrypto { | |
| 21 | |
| 22 namespace { | |
| 23 | |
| 24 typedef int (*InitFunc)(EVP_PKEY_CTX* ctx); | |
| 25 typedef int (*EncryptDecryptFunc)(EVP_PKEY_CTX* ctx, | |
| 26 unsigned char* out, | |
| 27 size_t* outlen, | |
| 28 const unsigned char* in, | |
| 29 size_t inlen); | |
| 30 | |
| 31 typedef crypto::ScopedOpenSSL<EVP_PKEY_CTX, EVP_PKEY_CTX_free>::Type | |
| 32 ScopedEVP_PKEY_CTX; | |
|
Ryan Sleevi
2014/07/25 19:34:56
Should probably move this into crypto/scoped_opens
eroman
2014/07/25 20:11:47
Done.
| |
| 33 | |
| 34 struct OpenSSLFree { | |
| 35 void operator()(uint8_t* ptr) const { OPENSSL_free(ptr); } | |
|
Ryan Sleevi
2014/07/25 19:34:56
Probably this too?
eroman
2014/07/25 20:11:48
Done.
I created a typedef named "ScopedOpenSSLByt
| |
| 36 }; | |
| 37 | |
| 38 // Helper for doing RSA-OAEP encryption or decryption. The code only differs in | |
| 39 // the function for initializating the context and then performing either the | |
| 40 // encryption or decryption operation. | |
| 41 Status CommonEncryptDecrypt(InitFunc init_func, | |
| 42 EncryptDecryptFunc encrypt_decrypt_func, | |
| 43 const blink::WebCryptoAlgorithm& algorithm, | |
| 44 const blink::WebCryptoKey& key, | |
| 45 const CryptoData& data, | |
| 46 std::vector<uint8_t>* buffer) { | |
| 47 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | |
| 48 | |
| 49 EVP_PKEY* pkey = pkey = AsymKeyOpenSsl::Cast(key)->key(); | |
| 50 const EVP_MD* digest = | |
| 51 GetDigest(key.algorithm().rsaHashedParams()->hash().id()); | |
| 52 if (!digest) | |
| 53 return Status::ErrorUnsupported(); | |
| 54 | |
| 55 ScopedEVP_PKEY_CTX ctx(EVP_PKEY_CTX_new(pkey, NULL)); | |
| 56 | |
| 57 if (1 != init_func(ctx.get()) || | |
| 58 1 != EVP_PKEY_CTX_set_rsa_padding(ctx.get(), RSA_PKCS1_OAEP_PADDING) || | |
| 59 1 != EVP_PKEY_CTX_set_rsa_oaep_md(ctx.get(), digest) || | |
| 60 1 != EVP_PKEY_CTX_set_rsa_mgf1_md(ctx.get(), digest)) { | |
| 61 return Status::OperationError(); | |
| 62 } | |
| 63 | |
| 64 const blink::WebVector<uint8_t>& label = | |
| 65 algorithm.rsaOaepParams()->optionalLabel(); | |
| 66 | |
| 67 // Make a copy of the label, since the ctx takes ownership of it when | |
| 68 // calling set0_rsa_oaep_label(). | |
| 69 scoped_ptr<uint8_t, OpenSSLFree> label_copy; | |
| 70 if (label.size()) { | |
|
eroman
2014/07/25 20:11:47
Note that I slightly cleaned up the label handling
| |
| 71 label_copy.reset(static_cast<uint8_t*>(OPENSSL_malloc(label.size()))); | |
| 72 memcpy(label_copy.get(), label.data(), label.size()); | |
| 73 } | |
| 74 | |
| 75 if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label( | |
| 76 ctx.get(), label_copy.release(), label.size())) { | |
| 77 return Status::OperationError(); | |
| 78 } | |
| 79 | |
| 80 // Determine the maximum length of the output. | |
| 81 size_t outlen = 0; | |
| 82 if (1 != encrypt_decrypt_func( | |
| 83 ctx.get(), NULL, &outlen, data.bytes(), data.byte_length())) { | |
| 84 return Status::OperationError(); | |
| 85 } | |
| 86 buffer->resize(outlen); | |
| 87 | |
| 88 // Do the actual encryption/decryption. | |
| 89 if (1 != encrypt_decrypt_func(ctx.get(), | |
| 90 vector_as_array(buffer), | |
| 91 &outlen, | |
| 92 data.bytes(), | |
| 93 data.byte_length())) { | |
| 94 return Status::OperationError(); | |
| 95 } | |
| 96 buffer->resize(outlen); | |
| 97 | |
| 98 return Status::Success(); | |
| 99 } | |
| 100 | |
| 101 class RsaOaepImplementation : public RsaHashedAlgorithm { | |
| 102 public: | |
| 103 RsaOaepImplementation() | |
| 104 : RsaHashedAlgorithm( | |
| 105 blink::WebCryptoKeyUsageEncrypt | blink::WebCryptoKeyUsageWrapKey, | |
| 106 blink::WebCryptoKeyUsageDecrypt | | |
| 107 blink::WebCryptoKeyUsageUnwrapKey) {} | |
| 108 | |
| 109 virtual const char* GetJwkAlgorithm( | |
| 110 const blink::WebCryptoAlgorithmId hash) const OVERRIDE { | |
| 111 switch (hash) { | |
| 112 case blink::WebCryptoAlgorithmIdSha1: | |
| 113 return "RSA-OAEP"; | |
| 114 case blink::WebCryptoAlgorithmIdSha256: | |
| 115 return "RSA-OAEP-256"; | |
| 116 case blink::WebCryptoAlgorithmIdSha384: | |
| 117 return "RSA-OAEP-384"; | |
| 118 case blink::WebCryptoAlgorithmIdSha512: | |
| 119 return "RSA-OAEP-512"; | |
| 120 default: | |
| 121 return NULL; | |
| 122 } | |
| 123 } | |
| 124 | |
| 125 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 126 const blink::WebCryptoKey& key, | |
| 127 const CryptoData& data, | |
| 128 std::vector<uint8_t>* buffer) const OVERRIDE { | |
| 129 if (key.type() != blink::WebCryptoKeyTypePublic) | |
| 130 return Status::ErrorUnexpectedKeyType(); | |
| 131 | |
| 132 return CommonEncryptDecrypt( | |
| 133 EVP_PKEY_encrypt_init, EVP_PKEY_encrypt, algorithm, key, data, buffer); | |
| 134 } | |
| 135 | |
| 136 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm, | |
| 137 const blink::WebCryptoKey& key, | |
| 138 const CryptoData& data, | |
| 139 std::vector<uint8_t>* buffer) const OVERRIDE { | |
| 140 if (key.type() != blink::WebCryptoKeyTypePrivate) | |
| 141 return Status::ErrorUnexpectedKeyType(); | |
| 142 | |
| 143 return CommonEncryptDecrypt( | |
| 144 EVP_PKEY_decrypt_init, EVP_PKEY_decrypt, algorithm, key, data, buffer); | |
| 145 } | |
| 146 }; | |
| 147 | |
| 148 } // namespace | |
| 149 | |
| 150 AlgorithmImplementation* CreatePlatformRsaOaepImplementation() { | |
| 151 return new RsaOaepImplementation; | |
| 152 } | |
| 153 | |
| 154 } // namespace webcrypto | |
| 155 | |
| 156 } // namespace content | |
| OLD | NEW |
