1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
6 #include <openssl/evp.h>
8 #include "base/logging.h"
9 #include "base/numerics/safe_math.h"
10 #include "base/stl_util.h"
11 #include "content/child/webcrypto/crypto_data.h"
12 #include "content/child/webcrypto/openssl/aes_key_openssl.h"
13 #include "content/child/webcrypto/openssl/key_openssl.h"
14 #include "content/child/webcrypto/openssl/util_openssl.h"
15 #include "content/child/webcrypto/status.h"
16 #include "crypto/openssl_util.h"
17 #include "crypto/scoped_openssl_types.h"
25 const EVP_AEAD* GetAesKwAlgorithmFromKeySize(unsigned int key_size_bytes) {
26 switch (key_size_bytes) {
28 return EVP_aead_aes_128_key_wrap();
30 return EVP_aead_aes_256_key_wrap();
36 Status AesKwEncryptDecrypt(EncryptOrDecrypt mode,
37 const blink::WebCryptoAlgorithm& algorithm,
38 const blink::WebCryptoKey& key,
39 const CryptoData& data,
40 std::vector<uint8_t>* buffer) {
41 // These length checks are done so the returned error matches that of NSS
42 // implementation. Other than giving a more specific error, these are not
44 if ((mode == ENCRYPT && data.byte_length() < 16) ||
45 (mode == DECRYPT && data.byte_length() < 24)) {
46 return Status::ErrorDataTooSmall();
48 if (data.byte_length() % 8)
49 return Status::ErrorInvalidAesKwDataLength();
51 const std::vector<uint8_t>& raw_key =
52 SymKeyOpenSsl::Cast(key)->raw_key_data();
54 return AeadEncryptDecrypt(mode,
57 8, // tag_length_bytes
59 CryptoData(), // additional_data
60 GetAesKwAlgorithmFromKeySize(raw_key.size()),
64 class AesKwImplementation : public AesAlgorithm {
68 blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
71 virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
72 const blink::WebCryptoKey& key,
73 const CryptoData& data,
74 std::vector<uint8_t>* buffer) const OVERRIDE {
75 return AesKwEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
78 virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
79 const blink::WebCryptoKey& key,
80 const CryptoData& data,
81 std::vector<uint8_t>* buffer) const OVERRIDE {
82 return AesKwEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
88 AlgorithmImplementation* CreatePlatformAesKwImplementation() {
89 return new AesKwImplementation;
92 } // namespace webcrypto
94 } // namespace content