Don't preload rarely seen large images
[chromium-blink-merge.git] / components / webcrypto / nss / aes_cbc_nss.cc
blob16748469f1ed04fc86f9ab9a2cd5001be5322bf0
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <cryptohi.h>
7 #include "base/numerics/safe_math.h"
8 #include "base/stl_util.h"
9 #include "components/webcrypto/crypto_data.h"
10 #include "components/webcrypto/nss/aes_algorithm_nss.h"
11 #include "components/webcrypto/nss/key_nss.h"
12 #include "components/webcrypto/nss/util_nss.h"
13 #include "components/webcrypto/status.h"
14 #include "components/webcrypto/webcrypto_util.h"
15 #include "crypto/scoped_nss_types.h"
16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
18 namespace webcrypto {
20 namespace {
22 Status AesCbcEncryptDecrypt(EncryptOrDecrypt mode,
23 const blink::WebCryptoAlgorithm& algorithm,
24 const blink::WebCryptoKey& key,
25 const CryptoData& data,
26 std::vector<uint8_t>* buffer) {
27 const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
28 if (!params)
29 return Status::ErrorUnexpected();
31 CryptoData iv(params->iv().data(), params->iv().size());
32 if (iv.byte_length() != 16)
33 return Status::ErrorIncorrectSizeAesCbcIv();
35 PK11SymKey* sym_key = SymKeyNss::Cast(key)->key();
37 CK_ATTRIBUTE_TYPE operation = (mode == ENCRYPT) ? CKA_ENCRYPT : CKA_DECRYPT;
39 SECItem iv_item = MakeSECItemForBuffer(iv);
41 crypto::ScopedSECItem param(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
42 if (!param)
43 return Status::OperationError();
45 crypto::ScopedPK11Context context(PK11_CreateContextBySymKey(
46 CKM_AES_CBC_PAD, operation, sym_key, param.get()));
48 if (!context.get())
49 return Status::OperationError();
51 // Oddly PK11_CipherOp takes input and output lengths as "int" rather than
52 // "unsigned int". Do some checks now to avoid integer overflowing.
53 base::CheckedNumeric<int> output_max_len = data.byte_length();
54 output_max_len += AES_BLOCK_SIZE;
55 if (!output_max_len.IsValid()) {
56 // TODO(eroman): Handle this by chunking the input fed into NSS. Right now
57 // it doesn't make much difference since the one-shot API would end up
58 // blowing out the memory and crashing anyway.
59 return Status::ErrorDataTooLarge();
62 // PK11_CipherOp does an invalid memory access when given empty decryption
63 // input, or input which is not a multiple of the block size. See also
64 // https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
65 if (operation == CKA_DECRYPT &&
66 (data.byte_length() == 0 || (data.byte_length() % AES_BLOCK_SIZE != 0))) {
67 return Status::OperationError();
70 // TODO(eroman): Refine the output buffer size. It can be computed exactly for
71 // encryption, and can be smaller for decryption.
72 buffer->resize(output_max_len.ValueOrDie());
74 unsigned char* buffer_data = vector_as_array(buffer);
76 int output_len;
77 if (SECSuccess != PK11_CipherOp(context.get(), buffer_data, &output_len,
78 buffer->size(), data.bytes(),
79 data.byte_length())) {
80 return Status::OperationError();
83 unsigned int final_output_chunk_len;
84 if (SECSuccess !=
85 PK11_DigestFinal(context.get(), buffer_data + output_len,
86 &final_output_chunk_len,
87 (output_max_len - output_len).ValueOrDie())) {
88 return Status::OperationError();
91 buffer->resize(final_output_chunk_len + output_len);
92 return Status::Success();
95 class AesCbcImplementation : public AesAlgorithm {
96 public:
97 AesCbcImplementation() : AesAlgorithm(CKM_AES_CBC, "CBC") {}
99 Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
100 const blink::WebCryptoKey& key,
101 const CryptoData& data,
102 std::vector<uint8_t>* buffer) const override {
103 return AesCbcEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
106 Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
107 const blink::WebCryptoKey& key,
108 const CryptoData& data,
109 std::vector<uint8_t>* buffer) const override {
110 return AesCbcEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
114 } // namespace
116 AlgorithmImplementation* CreatePlatformAesCbcImplementation() {
117 return new AesCbcImplementation;
120 } // namespace webcrypto