src/content/child/webcrypto/openssl/aes_kw_openssl.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <vector>
   6 #include <openssl/evp.h>
   7
   8 #include "base/logging.h"
   9 #include "base/numerics/safe_math.h"
  10 #include "base/stl_util.h"
  11 #include "content/child/webcrypto/crypto_data.h"
  12 #include "content/child/webcrypto/openssl/aes_key_openssl.h"
  13 #include "content/child/webcrypto/openssl/key_openssl.h"
  14 #include "content/child/webcrypto/openssl/util_openssl.h"
  15 #include "content/child/webcrypto/status.h"
  16 #include "crypto/openssl_util.h"
  17 #include "crypto/scoped_openssl_types.h"
  18
  19 namespace content {
  20
  21 namespace webcrypto {
  22
  23 namespace {
  24
  25 const EVP_AEAD* GetAesKwAlgorithmFromKeySize(unsigned int key_size_bytes) {
  26   switch (key_size_bytes) {
  27     case 16:
  28       return EVP_aead_aes_128_key_wrap();
  29     case 32:
  30       return EVP_aead_aes_256_key_wrap();
  31     default:
  32       return NULL;
  33   }
  34 }
  35
  36 Status AesKwEncryptDecrypt(EncryptOrDecrypt mode,
  37                            const blink::WebCryptoAlgorithm& algorithm,
  38                            const blink::WebCryptoKey& key,
  39                            const CryptoData& data,
  40                            std::vector<uint8_t>* buffer) {
  41   // These length checks are done so the returned error matches that of NSS
  42   // implementation. Other than giving a more specific error, these are not
  43   // required.
  44   if ((mode == ENCRYPT && data.byte_length() < 16) ||
  45       (mode == DECRYPT && data.byte_length() < 24)) {
  46     return Status::ErrorDataTooSmall();
  47   }
  48   if (data.byte_length() % 8)
  49     return Status::ErrorInvalidAesKwDataLength();
  50
  51   const std::vector<uint8_t>& raw_key =
  52       SymKeyOpenSsl::Cast(key)->raw_key_data();
  53
  54   return AeadEncryptDecrypt(mode,
  55                             raw_key,
  56                             data,
  57                             8,             // tag_length_bytes
  58                             CryptoData(),  // iv
  59                             CryptoData(),  // additional_data
  60                             GetAesKwAlgorithmFromKeySize(raw_key.size()),
  61                             buffer);
  62 }
  63
  64 class AesKwImplementation : public AesAlgorithm {
  65  public:
  66   AesKwImplementation()
  67       : AesAlgorithm(
  68             blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
  69             "KW") {}
  70
  71   virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
  72                          const blink::WebCryptoKey& key,
  73                          const CryptoData& data,
  74                          std::vector<uint8_t>* buffer) const OVERRIDE {
  75     return AesKwEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
  76   }
  77
  78   virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
  79                          const blink::WebCryptoKey& key,
  80                          const CryptoData& data,
  81                          std::vector<uint8_t>* buffer) const OVERRIDE {
  82     return AesKwEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
  83   }
  84 };
  85
  86 }  // namespace
  87
  88 AlgorithmImplementation* CreatePlatformAesKwImplementation() {
  89   return new AesKwImplementation;
  90 }
  91
  92 }  // namespace webcrypto
  93
  94 }  // namespace content