content/child/webcrypto/openssl/aes_kw_openssl.cc

   1 // Copyright 2014 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <vector>
   6 #include <openssl/evp.h>
   7
   8 #include "base/logging.h"
   9 #include "base/numerics/safe_math.h"
  10 #include "base/stl_util.h"
  11 #include "content/child/webcrypto/crypto_data.h"
  12 #include "content/child/webcrypto/openssl/aes_algorithm_openssl.h"
  13 #include "content/child/webcrypto/openssl/key_openssl.h"
  14 #include "content/child/webcrypto/openssl/util_openssl.h"
  15 #include "content/child/webcrypto/status.h"
  16 #include "crypto/openssl_util.h"
  17 #include "crypto/scoped_openssl_types.h"
  18
  19 namespace content {
  20
  21 namespace webcrypto {
  22
  23 namespace {
  24
  25 const EVP_AEAD* GetAesKwAlgorithmFromKeySize(unsigned int key_size_bytes) {
  26   switch (key_size_bytes) {
  27     case 16:
  28       return EVP_aead_aes_128_key_wrap();
  29     case 32:
  30       return EVP_aead_aes_256_key_wrap();
  31     default:
  32       return NULL;
  33   }
  34 }
  35
  36 Status AesKwEncryptDecrypt(EncryptOrDecrypt mode,
  37                            const blink::WebCryptoAlgorithm& algorithm,
  38                            const blink::WebCryptoKey& key,
  39                            const CryptoData& data,
  40                            std::vector<uint8_t>* buffer) {
  41   // These length checks are done so the returned error matches that of NSS
  42   // implementation. Other than giving a more specific error, these are not
  43   // required.
  44   if ((mode == ENCRYPT && data.byte_length() < 16) ||
  45       (mode == DECRYPT && data.byte_length() < 24)) {
  46     return Status::ErrorDataTooSmall();
  47   }
  48   if (data.byte_length() % 8)
  49     return Status::ErrorInvalidAesKwDataLength();
  50
  51   const std::vector<uint8_t>& raw_key =
  52       SymKeyOpenSsl::Cast(key)->raw_key_data();
  53
  54   return AeadEncryptDecrypt(mode, raw_key, data,
  55                             8,             // tag_length_bytes
  56                             CryptoData(),  // iv
  57                             CryptoData(),  // additional_data
  58                             GetAesKwAlgorithmFromKeySize(raw_key.size()),
  59                             buffer);
  60 }
  61
  62 class AesKwImplementation : public AesAlgorithm {
  63  public:
  64   AesKwImplementation()
  65       : AesAlgorithm(
  66             blink::WebCryptoKeyUsageWrapKey | blink::WebCryptoKeyUsageUnwrapKey,
  67             "KW") {}
  68
  69   Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
  70                  const blink::WebCryptoKey& key,
  71                  const CryptoData& data,
  72                  std::vector<uint8_t>* buffer) const override {
  73     return AesKwEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
  74   }
  75
  76   Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
  77                  const blink::WebCryptoKey& key,
  78                  const CryptoData& data,
  79                  std::vector<uint8_t>* buffer) const override {
  80     return AesKwEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
  81   }
  82 };
  83
  84 }  // namespace
  85
  86 AlgorithmImplementation* CreatePlatformAesKwImplementation() {
  87   return new AesKwImplementation;
  88 }
  89
  90 }  // namespace webcrypto
  91
  92 }  // namespace content