1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/aes.h>
6 #include <openssl/evp.h>
8 #include "base/logging.h"
9 #include "base/numerics/safe_math.h"
10 #include "base/stl_util.h"
11 #include "content/child/webcrypto/crypto_data.h"
12 #include "content/child/webcrypto/openssl/aes_key_openssl.h"
13 #include "content/child/webcrypto/openssl/key_openssl.h"
14 #include "content/child/webcrypto/status.h"
15 #include "content/child/webcrypto/webcrypto_util.h"
16 #include "crypto/scoped_openssl_types.h"
17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
25 const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
26 // BoringSSL does not support 192-bit AES keys.
27 switch (key_length_bytes) {
29 return EVP_aes_128_cbc();
31 return EVP_aes_256_cbc();
37 // OpenSSL constants for EVP_CipherInit_ex(), do not change
38 enum CipherOperation { kDoDecrypt = 0, kDoEncrypt = 1 };
40 Status AesCbcEncryptDecrypt(CipherOperation cipher_operation,
41 const blink::WebCryptoAlgorithm& algorithm,
42 const blink::WebCryptoKey& key,
43 const CryptoData& data,
44 std::vector<uint8_t>* buffer) {
45 const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
46 const std::vector<uint8_t>& raw_key =
47 SymKeyOpenSsl::Cast(key)->raw_key_data();
49 if (params->iv().size() != 16)
50 return Status::ErrorIncorrectSizeAesCbcIv();
52 // According to the openssl docs, the amount of data written may be as large
53 // as (data_size + cipher_block_size - 1), constrained to a multiple of
55 base::CheckedNumeric<int> output_max_len = data.byte_length();
56 output_max_len += AES_BLOCK_SIZE - 1;
57 if (!output_max_len.IsValid())
58 return Status::ErrorDataTooLarge();
60 const unsigned remainder = output_max_len.ValueOrDie() % AES_BLOCK_SIZE;
62 output_max_len += AES_BLOCK_SIZE - remainder;
63 if (!output_max_len.IsValid())
64 return Status::ErrorDataTooLarge();
66 // Note: PKCS padding is enabled by default
67 crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context(
68 EVP_CIPHER_CTX_new());
71 return Status::OperationError();
73 const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(raw_key.size());
76 if (!EVP_CipherInit_ex(context.get(),
82 return Status::OperationError();
85 buffer->resize(output_max_len.ValueOrDie());
87 unsigned char* const buffer_data = vector_as_array(buffer);
90 if (!EVP_CipherUpdate(context.get(),
95 return Status::OperationError();
96 int final_output_chunk_len = 0;
97 if (!EVP_CipherFinal_ex(
98 context.get(), buffer_data + output_len, &final_output_chunk_len)) {
99 return Status::OperationError();
102 const unsigned int final_output_len =
103 static_cast<unsigned int>(output_len) +
104 static_cast<unsigned int>(final_output_chunk_len);
106 buffer->resize(final_output_len);
108 return Status::Success();
111 class AesCbcImplementation : public AesAlgorithm {
113 AesCbcImplementation() : AesAlgorithm("CBC") {}
115 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
116 const blink::WebCryptoKey& key,
117 const CryptoData& data,
118 std::vector<uint8_t>* buffer) const OVERRIDE {
119 return AesCbcEncryptDecrypt(kDoEncrypt, algorithm, key, data, buffer);
122 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
123 const blink::WebCryptoKey& key,
124 const CryptoData& data,
125 std::vector<uint8_t>* buffer) const OVERRIDE {
126 return AesCbcEncryptDecrypt(kDoDecrypt, algorithm, key, data, buffer);
132 AlgorithmImplementation* CreatePlatformAesCbcImplementation() {
133 return new AesCbcImplementation;
136 } // namespace webcrypto
138 } // namespace content