components/webcrypto/algorithms/aes.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "components/webcrypto/algorithms/aes.h"
   6
   7 #include "base/logging.h"
   8 #include "components/webcrypto/algorithms/secret_key_util.h"
   9 #include "components/webcrypto/crypto_data.h"
  10 #include "components/webcrypto/jwk.h"
  11 #include "components/webcrypto/key.h"
  12 #include "components/webcrypto/status.h"
  13 #include "components/webcrypto/webcrypto_util.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
  15 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  16
  17 namespace webcrypto {
  18
  19 namespace {
  20
  21 // Creates an AES algorithm name for the given key size (in bytes). For
  22 // instance "A128CBC" is the result of suffix="CBC", keylen_bytes=16.
  23 std::string MakeJwkAesAlgorithmName(const std::string& suffix,
  24                                     size_t keylen_bytes) {
  25   if (keylen_bytes == 16)
  26     return std::string("A128") + suffix;
  27   if (keylen_bytes == 24)
  28     return std::string("A192") + suffix;
  29   if (keylen_bytes == 32)
  30     return std::string("A256") + suffix;
  31   return std::string();
  32 }
  33
  34 }  // namespace
  35
  36 AesAlgorithm::AesAlgorithm(blink::WebCryptoKeyUsageMask all_key_usages,
  37                            const std::string& jwk_suffix)
  38     : all_key_usages_(all_key_usages), jwk_suffix_(jwk_suffix) {
  39 }
  40
  41 AesAlgorithm::AesAlgorithm(const std::string& jwk_suffix)
  42     : all_key_usages_(blink::WebCryptoKeyUsageEncrypt |
  43                       blink::WebCryptoKeyUsageDecrypt |
  44                       blink::WebCryptoKeyUsageWrapKey |
  45                       blink::WebCryptoKeyUsageUnwrapKey),
  46       jwk_suffix_(jwk_suffix) {
  47 }
  48
  49 Status AesAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm,
  50                                  bool extractable,
  51                                  blink::WebCryptoKeyUsageMask usages,
  52                                  GenerateKeyResult* result) const {
  53   Status status = CheckKeyCreationUsages(all_key_usages_, usages, false);
  54   if (status.IsError())
  55     return status;
  56
  57   unsigned int keylen_bits = algorithm.aesKeyGenParams()->lengthBits();
  58
  59   // BoringSSL does not support 192-bit AES.
  60   if (keylen_bits == 192)
  61     return Status::ErrorAes192BitUnsupported();
  62
  63   if (keylen_bits != 128 && keylen_bits != 256)
  64     return Status::ErrorGenerateAesKeyLength();
  65
  66   return GenerateWebCryptoSecretKey(
  67       blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits),
  68       extractable, usages, keylen_bits, result);
  69 }
  70
  71 Status AesAlgorithm::VerifyKeyUsagesBeforeImportKey(
  72     blink::WebCryptoKeyFormat format,
  73     blink::WebCryptoKeyUsageMask usages) const {
  74   switch (format) {
  75     case blink::WebCryptoKeyFormatRaw:
  76     case blink::WebCryptoKeyFormatJwk:
  77       return CheckKeyCreationUsages(all_key_usages_, usages, false);
  78     default:
  79       return Status::ErrorUnsupportedImportKeyFormat();
  80   }
  81 }
  82
  83 Status AesAlgorithm::ImportKeyRaw(const CryptoData& key_data,
  84                                   const blink::WebCryptoAlgorithm& algorithm,
  85                                   bool extractable,
  86                                   blink::WebCryptoKeyUsageMask usages,
  87                                   blink::WebCryptoKey* key) const {
  88   const unsigned int keylen_bytes = key_data.byte_length();
  89
  90   // BoringSSL does not support 192-bit AES.
  91   if (keylen_bytes == 24)
  92     return Status::ErrorAes192BitUnsupported();
  93
  94   if (keylen_bytes != 16 && keylen_bytes != 32)
  95     return Status::ErrorImportAesKeyLength();
  96
  97   // No possibility of overflow.
  98   unsigned int keylen_bits = keylen_bytes * 8;
  99
 100   return CreateWebCryptoSecretKey(
 101       key_data,
 102       blink::WebCryptoKeyAlgorithm::createAes(algorithm.id(), keylen_bits),
 103       extractable, usages, key);
 104 }
 105
 106 Status AesAlgorithm::ImportKeyJwk(const CryptoData& key_data,
 107                                   const blink::WebCryptoAlgorithm& algorithm,
 108                                   bool extractable,
 109                                   blink::WebCryptoKeyUsageMask usages,
 110                                   blink::WebCryptoKey* key) const {
 111   std::vector<uint8_t> raw_data;
 112   JwkReader jwk;
 113   Status status = ReadSecretKeyNoExpectedAlgJwk(key_data, extractable, usages,
 114                                                 &raw_data, &jwk);
 115   if (status.IsError())
 116     return status;
 117
 118   bool has_jwk_alg;
 119   std::string jwk_alg;
 120   status = jwk.GetAlg(&jwk_alg, &has_jwk_alg);
 121   if (status.IsError())
 122     return status;
 123
 124   if (has_jwk_alg) {
 125     std::string expected_algorithm_name =
 126         MakeJwkAesAlgorithmName(jwk_suffix_, raw_data.size());
 127
 128     if (jwk_alg != expected_algorithm_name) {
 129       // Give a different error message if the key length was wrong.
 130       if (jwk_alg == MakeJwkAesAlgorithmName(jwk_suffix_, 16) ||
 131           jwk_alg == MakeJwkAesAlgorithmName(jwk_suffix_, 24) ||
 132           jwk_alg == MakeJwkAesAlgorithmName(jwk_suffix_, 32)) {
 133         return Status::ErrorJwkIncorrectKeyLength();
 134       }
 135       return Status::ErrorJwkAlgorithmInconsistent();
 136     }
 137   }
 138
 139   return ImportKeyRaw(CryptoData(raw_data), algorithm, extractable, usages,
 140                       key);
 141 }
 142
 143 Status AesAlgorithm::ExportKeyRaw(const blink::WebCryptoKey& key,
 144                                   std::vector<uint8_t>* buffer) const {
 145   *buffer = GetSymmetricKeyData(key);
 146   return Status::Success();
 147 }
 148
 149 Status AesAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key,
 150                                   std::vector<uint8_t>* buffer) const {
 151   const std::vector<uint8_t>& raw_data = GetSymmetricKeyData(key);
 152
 153   WriteSecretKeyJwk(CryptoData(raw_data),
 154                     MakeJwkAesAlgorithmName(jwk_suffix_, raw_data.size()),
 155                     key.extractable(), key.usages(), buffer);
 156
 157   return Status::Success();
 158 }
 159
 160 Status AesAlgorithm::DeserializeKeyForClone(
 161     const blink::WebCryptoKeyAlgorithm& algorithm,
 162     blink::WebCryptoKeyType type,
 163     bool extractable,
 164     blink::WebCryptoKeyUsageMask usages,
 165     const CryptoData& key_data,
 166     blink::WebCryptoKey* key) const {
 167   return ImportKeyRaw(key_data, CreateAlgorithm(algorithm.id()), extractable,
 168                       usages, key);
 169 }
 170
 171 Status AesAlgorithm::GetKeyLength(
 172     const blink::WebCryptoAlgorithm& key_length_algorithm,
 173     bool* has_length_bits,
 174     unsigned int* length_bits) const {
 175   *has_length_bits = true;
 176   *length_bits = key_length_algorithm.aesDerivedKeyParams()->lengthBits();
 177
 178   if (*length_bits == 128 || *length_bits == 256)
 179     return Status::Success();
 180
 181   // BoringSSL does not support 192-bit AES.
 182   if (*length_bits == 192)
 183     return Status::ErrorAes192BitUnsupported();
 184
 185   return Status::ErrorGetAesKeyLength();
 186 }
 187
 188 }  // namespace webcrypto