components/webcrypto/openssl/aes_kw_openssl.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <vector>
   6 #include <openssl/evp.h>
   7
   8 #include "base/logging.h"
   9 #include "base/numerics/safe_math.h"
  10 #include "base/stl_util.h"
  11 #include "components/webcrypto/crypto_data.h"
  12 #include "components/webcrypto/openssl/aes_algorithm_openssl.h"
  13 #include "components/webcrypto/openssl/key_openssl.h"
  14 #include "components/webcrypto/openssl/util_openssl.h"
  15 #include "components/webcrypto/status.h"
  16 #include "crypto/openssl_util.h"
  17 #include "crypto/scoped_openssl_types.h"
  18
  19 namespace webcrypto {
  20
  21 namespace {
  22
  23 const EVP_AEAD* GetAesKwAlgorithmFromKeySize(size_t key_size_bytes) {
  24   switch (key_size_bytes) {
  25     case 16:
  26       return EVP_aead_aes_128_key_wrap();
  27     case 32:
  28       return EVP_aead_aes_256_key_wrap();
  29     default:
  30       return NULL;
  31   }
  32 }
  33
  34 Status AesKwEncryptDecrypt(EncryptOrDecrypt mode,
  35                            const blink::WebCryptoAlgorithm& algorithm,
  36                            const blink::WebCryptoKey& key,
  37                            const CryptoData& data,
  38                            std::vector<uint8_t>* buffer) {
  39   // These length checks are done so the returned error matches that of NSS
  40   // implementation. Other than giving a more specific error, these are not
  41   // required.
  42   if ((mode == ENCRYPT && data.byte_length() < 16) ||
  43       (mode == DECRYPT && data.byte_length() < 24)) {
  44     return Status::ErrorDataTooSmall();
  45   }
  46   if (data.byte_length() % 8)
  47     return Status::ErrorInvalidAesKwDataLength();
  48
  49   const std::vector<uint8_t>& raw_key =
  50       SymKeyOpenSsl::Cast(key)->raw_key_data();
  51
  52   return AeadEncryptDecrypt(mode, raw_key, data,
  53                             8,             // tag_length_bytes
  54                             CryptoData(),  // iv
  55                             CryptoData(),  // additional_data
  56                             GetAesKwAlgorithmFromKeySize(raw_key.size()),
  57                             buffer);
  58 }
  59
  60 class AesKwImplementation : public AesAlgorithm {
  61  public:
  62   AesKwImplementation()
  63       : AesAlgorithm(
  64             blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
  65             "KW") {}
  66
  67   Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
  68                  const blink::WebCryptoKey& key,
  69                  const CryptoData& data,
  70                  std::vector<uint8_t>* buffer) const override {
  71     return AesKwEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
  72   }
  73
  74   Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
  75                  const blink::WebCryptoKey& key,
  76                  const CryptoData& data,
  77                  std::vector<uint8_t>* buffer) const override {
  78     return AesKwEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
  79   }
  80 };
  81
  82 }  // namespace
  83
  84 AlgorithmImplementation* CreatePlatformAesKwImplementation() {
  85   return new AesKwImplementation;
  86 }
  87
  88 }  // namespace webcrypto