1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/evp.h>
7 #include "base/stl_util.h"
8 #include "components/webcrypto/algorithms/rsa.h"
9 #include "components/webcrypto/algorithms/util_openssl.h"
10 #include "components/webcrypto/crypto_data.h"
11 #include "components/webcrypto/key.h"
12 #include "components/webcrypto/status.h"
13 #include "crypto/openssl_util.h"
14 #include "crypto/scoped_openssl_types.h"
15 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
16 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
22 typedef int (*InitFunc
)(EVP_PKEY_CTX
* ctx
);
23 typedef int (*EncryptDecryptFunc
)(EVP_PKEY_CTX
* ctx
,
26 const unsigned char* in
,
29 // Helper for doing either RSA-OAEP encryption or decryption.
31 // To encrypt call with:
32 // init_func=EVP_PKEY_encrypt_init, encrypt_decrypt_func=EVP_PKEY_encrypt
34 // To decrypt call with:
35 // init_func=EVP_PKEY_decrypt_init, encrypt_decrypt_func=EVP_PKEY_decrypt
36 Status
CommonEncryptDecrypt(InitFunc init_func
,
37 EncryptDecryptFunc encrypt_decrypt_func
,
38 const blink::WebCryptoAlgorithm
& algorithm
,
39 const blink::WebCryptoKey
& key
,
40 const CryptoData
& data
,
41 std::vector
<uint8_t>* buffer
) {
42 crypto::OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
44 EVP_PKEY
* pkey
= GetEVP_PKEY(key
);
45 const EVP_MD
* digest
=
46 GetDigest(key
.algorithm().rsaHashedParams()->hash().id());
48 return Status::ErrorUnsupported();
50 crypto::ScopedEVP_PKEY_CTX
ctx(EVP_PKEY_CTX_new(pkey
, NULL
));
52 if (!init_func(ctx
.get()) ||
53 1 != EVP_PKEY_CTX_set_rsa_padding(ctx
.get(), RSA_PKCS1_OAEP_PADDING
) ||
54 1 != EVP_PKEY_CTX_set_rsa_oaep_md(ctx
.get(), digest
) ||
55 1 != EVP_PKEY_CTX_set_rsa_mgf1_md(ctx
.get(), digest
)) {
56 return Status::OperationError();
59 const blink::WebVector
<uint8_t>& label
=
60 algorithm
.rsaOaepParams()->optionalLabel();
63 // Make a copy of the label, since the ctx takes ownership of it when
64 // calling set0_rsa_oaep_label().
65 crypto::ScopedOpenSSLBytes label_copy
;
66 label_copy
.reset(static_cast<uint8_t*>(OPENSSL_malloc(label
.size())));
67 memcpy(label_copy
.get(), label
.data(), label
.size());
69 if (1 != EVP_PKEY_CTX_set0_rsa_oaep_label(ctx
.get(), label_copy
.release(),
71 return Status::OperationError();
75 // Determine the maximum length of the output.
77 if (!encrypt_decrypt_func(ctx
.get(), NULL
, &outlen
, data
.bytes(),
78 data
.byte_length())) {
79 return Status::OperationError();
81 buffer
->resize(outlen
);
83 // Do the actual encryption/decryption.
84 if (!encrypt_decrypt_func(ctx
.get(), vector_as_array(buffer
), &outlen
,
85 data
.bytes(), data
.byte_length())) {
86 return Status::OperationError();
88 buffer
->resize(outlen
);
90 return Status::Success();
93 class RsaOaepImplementation
: public RsaHashedAlgorithm
{
95 RsaOaepImplementation()
97 blink::WebCryptoKeyUsageEncrypt
| blink::WebCryptoKeyUsageWrapKey
,
98 blink::WebCryptoKeyUsageDecrypt
|
99 blink::WebCryptoKeyUsageUnwrapKey
) {}
101 const char* GetJwkAlgorithm(
102 const blink::WebCryptoAlgorithmId hash
) const override
{
104 case blink::WebCryptoAlgorithmIdSha1
:
106 case blink::WebCryptoAlgorithmIdSha256
:
107 return "RSA-OAEP-256";
108 case blink::WebCryptoAlgorithmIdSha384
:
109 return "RSA-OAEP-384";
110 case blink::WebCryptoAlgorithmIdSha512
:
111 return "RSA-OAEP-512";
117 Status
Encrypt(const blink::WebCryptoAlgorithm
& algorithm
,
118 const blink::WebCryptoKey
& key
,
119 const CryptoData
& data
,
120 std::vector
<uint8_t>* buffer
) const override
{
121 if (key
.type() != blink::WebCryptoKeyTypePublic
)
122 return Status::ErrorUnexpectedKeyType();
124 return CommonEncryptDecrypt(EVP_PKEY_encrypt_init
, EVP_PKEY_encrypt
,
125 algorithm
, key
, data
, buffer
);
128 Status
Decrypt(const blink::WebCryptoAlgorithm
& algorithm
,
129 const blink::WebCryptoKey
& key
,
130 const CryptoData
& data
,
131 std::vector
<uint8_t>* buffer
) const override
{
132 if (key
.type() != blink::WebCryptoKeyTypePrivate
)
133 return Status::ErrorUnexpectedKeyType();
135 return CommonEncryptDecrypt(EVP_PKEY_decrypt_init
, EVP_PKEY_decrypt
,
136 algorithm
, key
, data
, buffer
);
142 scoped_ptr
<AlgorithmImplementation
> CreateRsaOaepImplementation() {
143 return make_scoped_ptr(new RsaOaepImplementation
);
146 } // namespace webcrypto