1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
7 #include "base/numerics/safe_math.h"
8 #include "base/stl_util.h"
9 #include "content/child/webcrypto/crypto_data.h"
10 #include "content/child/webcrypto/nss/aes_algorithm_nss.h"
11 #include "content/child/webcrypto/nss/key_nss.h"
12 #include "content/child/webcrypto/nss/util_nss.h"
13 #include "content/child/webcrypto/status.h"
14 #include "content/child/webcrypto/webcrypto_util.h"
15 #include "crypto/scoped_nss_types.h"
16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
24 Status
AesCbcEncryptDecrypt(EncryptOrDecrypt mode
,
25 const blink::WebCryptoAlgorithm
& algorithm
,
26 const blink::WebCryptoKey
& key
,
27 const CryptoData
& data
,
28 std::vector
<uint8_t>* buffer
) {
29 const blink::WebCryptoAesCbcParams
* params
= algorithm
.aesCbcParams();
31 return Status::ErrorUnexpected();
33 CryptoData
iv(params
->iv().data(), params
->iv().size());
34 if (iv
.byte_length() != 16)
35 return Status::ErrorIncorrectSizeAesCbcIv();
37 PK11SymKey
* sym_key
= SymKeyNss::Cast(key
)->key();
39 CK_ATTRIBUTE_TYPE operation
= (mode
== ENCRYPT
) ? CKA_ENCRYPT
: CKA_DECRYPT
;
41 SECItem iv_item
= MakeSECItemForBuffer(iv
);
43 crypto::ScopedSECItem
param(PK11_ParamFromIV(CKM_AES_CBC_PAD
, &iv_item
));
45 return Status::OperationError();
47 crypto::ScopedPK11Context
context(PK11_CreateContextBySymKey(
48 CKM_AES_CBC_PAD
, operation
, sym_key
, param
.get()));
51 return Status::OperationError();
53 // Oddly PK11_CipherOp takes input and output lengths as "int" rather than
54 // "unsigned int". Do some checks now to avoid integer overflowing.
55 base::CheckedNumeric
<int> output_max_len
= data
.byte_length();
56 output_max_len
+= AES_BLOCK_SIZE
;
57 if (!output_max_len
.IsValid()) {
58 // TODO(eroman): Handle this by chunking the input fed into NSS. Right now
59 // it doesn't make much difference since the one-shot API would end up
60 // blowing out the memory and crashing anyway.
61 return Status::ErrorDataTooLarge();
64 // PK11_CipherOp does an invalid memory access when given empty decryption
65 // input, or input which is not a multiple of the block size. See also
66 // https://bugzilla.mozilla.com/show_bug.cgi?id=921687.
67 if (operation
== CKA_DECRYPT
&&
68 (data
.byte_length() == 0 || (data
.byte_length() % AES_BLOCK_SIZE
!= 0))) {
69 return Status::OperationError();
72 // TODO(eroman): Refine the output buffer size. It can be computed exactly for
73 // encryption, and can be smaller for decryption.
74 buffer
->resize(output_max_len
.ValueOrDie());
76 unsigned char* buffer_data
= vector_as_array(buffer
);
79 if (SECSuccess
!= PK11_CipherOp(context
.get(), buffer_data
, &output_len
,
80 buffer
->size(), data
.bytes(),
81 data
.byte_length())) {
82 return Status::OperationError();
85 unsigned int final_output_chunk_len
;
87 PK11_DigestFinal(context
.get(), buffer_data
+ output_len
,
88 &final_output_chunk_len
,
89 (output_max_len
- output_len
).ValueOrDie())) {
90 return Status::OperationError();
93 buffer
->resize(final_output_chunk_len
+ output_len
);
94 return Status::Success();
97 class AesCbcImplementation
: public AesAlgorithm
{
99 AesCbcImplementation() : AesAlgorithm(CKM_AES_CBC
, "CBC") {}
101 Status
Encrypt(const blink::WebCryptoAlgorithm
& algorithm
,
102 const blink::WebCryptoKey
& key
,
103 const CryptoData
& data
,
104 std::vector
<uint8_t>* buffer
) const override
{
105 return AesCbcEncryptDecrypt(ENCRYPT
, algorithm
, key
, data
, buffer
);
108 Status
Decrypt(const blink::WebCryptoAlgorithm
& algorithm
,
109 const blink::WebCryptoKey
& key
,
110 const CryptoData
& data
,
111 std::vector
<uint8_t>* buffer
) const override
{
112 return AesCbcEncryptDecrypt(DECRYPT
, algorithm
, key
, data
, buffer
);
118 AlgorithmImplementation
* CreatePlatformAesCbcImplementation() {
119 return new AesCbcImplementation
;
122 } // namespace webcrypto
124 } // namespace content
