Allow only one bookmark to be added for multiple fast starring
[chromium-blink-merge.git] / components / webcrypto / nss / aes_gcm_nss.cc
blobe4b8f752e1d7de8ee07914a184a52aae989fd09d
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/numerics/safe_math.h"
6 #include "base/stl_util.h"
7 #include "components/webcrypto/crypto_data.h"
8 #include "components/webcrypto/nss/aes_algorithm_nss.h"
9 #include "components/webcrypto/nss/key_nss.h"
10 #include "components/webcrypto/nss/util_nss.h"
11 #include "components/webcrypto/status.h"
12 #include "components/webcrypto/webcrypto_util.h"
13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
15 // At the time of this writing:
16 // * Windows and Mac builds ship with their own copy of NSS (3.15+)
17 // * Linux builds use the system's libnss, which is 3.14 on Debian (but 3.15+
18 // on other distros).
20 // Since NSS provides AES-GCM support starting in version 3.15, it may be
21 // unavailable for Linux Chrome users.
23 // * !defined(CKM_AES_GCM)
25 // This means that at build time, the NSS header pkcs11t.h is older than
26 // 3.15. However at runtime support may be present.
28 // TODO(eroman): Simplify this once 3.15+ is required by Linux builds.
29 #if !defined(CKM_AES_GCM)
30 #define CKM_AES_GCM 0x00001087
32 struct CK_GCM_PARAMS {
33 CK_BYTE_PTR pIv;
34 CK_ULONG ulIvLen;
35 CK_BYTE_PTR pAAD;
36 CK_ULONG ulAADLen;
37 CK_ULONG ulTagBits;
39 #endif // !defined(CKM_AES_GCM)
41 namespace webcrypto {
43 namespace {
45 Status NssSupportsAesGcm() {
46 if (NssRuntimeSupport::Get()->IsAesGcmSupported())
47 return Status::Success();
48 return Status::ErrorUnsupported(
49 "NSS version doesn't support AES-GCM. Try using version 3.15 or later");
52 // Helper to either encrypt or decrypt for AES-GCM. The result of encryption is
53 // the concatenation of the ciphertext and the authentication tag. Similarly,
54 // this is the expectation for the input to decryption.
55 Status AesGcmEncryptDecrypt(EncryptOrDecrypt mode,
56 const blink::WebCryptoAlgorithm& algorithm,
57 const blink::WebCryptoKey& key,
58 const CryptoData& data,
59 std::vector<uint8_t>* buffer) {
60 Status status = NssSupportsAesGcm();
61 if (status.IsError())
62 return status;
64 PK11SymKey* sym_key = SymKeyNss::Cast(key)->key();
65 const blink::WebCryptoAesGcmParams* params = algorithm.aesGcmParams();
66 if (!params)
67 return Status::ErrorUnexpected();
69 unsigned int tag_length_bits;
70 status = GetAesGcmTagLengthInBits(params, &tag_length_bits);
71 if (status.IsError())
72 return status;
73 unsigned int tag_length_bytes = tag_length_bits / 8;
75 CryptoData iv(params->iv());
76 CryptoData additional_data(params->optionalAdditionalData());
78 CK_GCM_PARAMS gcm_params = {0};
79 gcm_params.pIv = const_cast<unsigned char*>(iv.bytes());
80 gcm_params.ulIvLen = iv.byte_length();
82 gcm_params.pAAD = const_cast<unsigned char*>(additional_data.bytes());
83 gcm_params.ulAADLen = additional_data.byte_length();
85 gcm_params.ulTagBits = tag_length_bits;
87 SECItem param;
88 param.type = siBuffer;
89 param.data = reinterpret_cast<unsigned char*>(&gcm_params);
90 param.len = sizeof(gcm_params);
92 base::CheckedNumeric<unsigned int> buffer_size(data.byte_length());
94 // Calculate the output buffer size.
95 if (mode == ENCRYPT) {
96 buffer_size += tag_length_bytes;
97 if (!buffer_size.IsValid())
98 return Status::ErrorDataTooLarge();
101 // TODO(eroman): In theory the buffer allocated for the plain text should be
102 // sized as |data.byte_length() - tag_length_bytes|.
104 // However NSS has a bug whereby it will fail if the output buffer size is
105 // not at least as large as the ciphertext:
107 // https://bugzilla.mozilla.org/show_bug.cgi?id=%20853674
109 // From the analysis of that bug it looks like it might be safe to pass a
110 // correctly sized buffer but lie about its size. Since resizing the
111 // WebCryptoArrayBuffer is expensive that hack may be worth looking into.
113 buffer->resize(buffer_size.ValueOrDie());
114 unsigned char* buffer_data = vector_as_array(buffer);
116 PK11_EncryptDecryptFunction encrypt_or_decrypt_func =
117 (mode == ENCRYPT) ? NssRuntimeSupport::Get()->pk11_encrypt_func()
118 : NssRuntimeSupport::Get()->pk11_decrypt_func();
120 unsigned int output_len = 0;
121 SECStatus result = encrypt_or_decrypt_func(
122 sym_key, CKM_AES_GCM, &param, buffer_data, &output_len, buffer->size(),
123 data.bytes(), data.byte_length());
125 if (result != SECSuccess)
126 return Status::OperationError();
128 // Unfortunately the buffer needs to be shrunk for decryption (see the NSS bug
129 // above).
130 buffer->resize(output_len);
132 return Status::Success();
135 class AesGcmImplementation : public AesAlgorithm {
136 public:
137 AesGcmImplementation() : AesAlgorithm(CKM_AES_GCM, "GCM") {}
139 Status VerifyKeyUsagesBeforeImportKey(
140 blink::WebCryptoKeyFormat format,
141 blink::WebCryptoKeyUsageMask usages) const override {
142 // Prevent importing AES-GCM keys if it is unavailable.
143 Status status = NssSupportsAesGcm();
144 if (status.IsError())
145 return status;
146 return AesAlgorithm::VerifyKeyUsagesBeforeImportKey(format, usages);
149 Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm,
150 bool extractable,
151 blink::WebCryptoKeyUsageMask usages,
152 GenerateKeyResult* result) const override {
153 // Prevent generating AES-GCM keys if it is unavailable.
154 Status status = NssSupportsAesGcm();
155 if (status.IsError())
156 return status;
158 return AesAlgorithm::GenerateKey(algorithm, extractable, usages, result);
161 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
162 const blink::WebCryptoKey& key,
163 const CryptoData& data,
164 std::vector<uint8_t>* buffer) const override {
165 return AesGcmEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
168 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
169 const blink::WebCryptoKey& key,
170 const CryptoData& data,
171 std::vector<uint8_t>* buffer) const override {
172 return AesGcmEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
176 } // namespace
178 AlgorithmImplementation* CreatePlatformAesGcmImplementation() {
179 return new AesGcmImplementation;
182 } // namespace webcrypto