// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "components/webcrypto/algorithm_dispatch.h"
#include "base/logging.h"
#include "components/webcrypto/algorithm_implementation.h"
#include "components/webcrypto/algorithm_implementations.h"
#include "components/webcrypto/algorithm_registry.h"
#include "components/webcrypto/crypto_data.h"
#include "components/webcrypto/generate_key_result.h"
#include "components/webcrypto/status.h"
#include "crypto/openssl_util.h"
#include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
namespace webcrypto {
namespace {
Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (algorithm.id() != key.algorithm().id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->Decrypt(algorithm, key, data, buffer);
}
Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (algorithm.id() != key.algorithm().id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->Encrypt(algorithm, key, data, buffer);
}
Status ExportKeyDontCheckExtractability(blink::WebCryptoKeyFormat format,
const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(key.algorithm().id(), &impl);
if (status.IsError())
return status;
return impl->ExportKey(format, key, buffer);
}
} // namespace
Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (!key.keyUsageAllows(blink::WebCryptoKeyUsageEncrypt))
return Status::ErrorUnexpected();
return EncryptDontCheckUsage(algorithm, key, data, buffer);
}
Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (!key.keyUsageAllows(blink::WebCryptoKeyUsageDecrypt))
return Status::ErrorUnexpected();
return DecryptDontCheckKeyUsage(algorithm, key, data, buffer);
}
Status Digest(const blink::WebCryptoAlgorithm& algorithm,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->Digest(algorithm, data, buffer);
}
Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usages,
GenerateKeyResult* result) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
status = impl->GenerateKey(algorithm, extractable, usages, result);
if (status.IsError())
return status;
const blink::WebCryptoKey* key = NULL;
if (result->type() == GenerateKeyResult::TYPE_SECRET_KEY)
key = &result->secret_key();
if (result->type() == GenerateKeyResult::TYPE_PUBLIC_PRIVATE_KEY_PAIR)
key = &result->private_key();
if (key == NULL)
return Status::ErrorUnexpected();
// This should only fail if an algorithm is implemented incorrectly and
// does not do its own check of the usages.
if (key->usages() == 0) {
DCHECK(false) << "Key usages for generateKey() must not be empty";
return Status::ErrorCreateKeyEmptyUsages();
}
return status;
}
Status ImportKey(blink::WebCryptoKeyFormat format,
const CryptoData& key_data,
const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usages,
blink::WebCryptoKey* key) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
status = impl->VerifyKeyUsagesBeforeImportKey(format, usages);
if (status.IsError())
return status;
return impl->ImportKey(format, key_data, algorithm, extractable, usages, key);
}
Status ExportKey(blink::WebCryptoKeyFormat format,
const blink::WebCryptoKey& key,
std::vector<uint8_t>* buffer) {
if (!key.extractable())
return Status::ErrorKeyNotExtractable();
return ExportKeyDontCheckExtractability(format, key, buffer);
}
Status Sign(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8_t>* buffer) {
if (!key.keyUsageAllows(blink::WebCryptoKeyUsageSign))
return Status::ErrorUnexpected();
if (algorithm.id() != key.algorithm().id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->Sign(algorithm, key, data, buffer);
}
Status Verify(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& signature,
const CryptoData& data,
bool* signature_match) {
if (!key.keyUsageAllows(blink::WebCryptoKeyUsageVerify))
return Status::ErrorUnexpected();
if (algorithm.id() != key.algorithm().id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->Verify(algorithm, key, signature, data, signature_match);
}
Status WrapKey(blink::WebCryptoKeyFormat format,
const blink::WebCryptoKey& key_to_wrap,
const blink::WebCryptoKey& wrapping_key,
const blink::WebCryptoAlgorithm& wrapping_algorithm,
std::vector<uint8_t>* buffer) {
if (!wrapping_key.keyUsageAllows(blink::WebCryptoKeyUsageWrapKey))
return Status::ErrorUnexpected();
std::vector<uint8_t> exported_data;
Status status = ExportKey(format, key_to_wrap, &exported_data);
if (status.IsError())
return status;
return EncryptDontCheckUsage(wrapping_algorithm, wrapping_key,
CryptoData(exported_data), buffer);
}
Status UnwrapKey(blink::WebCryptoKeyFormat format,
const CryptoData& wrapped_key_data,
const blink::WebCryptoKey& wrapping_key,
const blink::WebCryptoAlgorithm& wrapping_algorithm,
const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usages,
blink::WebCryptoKey* key) {
if (!wrapping_key.keyUsageAllows(blink::WebCryptoKeyUsageUnwrapKey))
return Status::ErrorUnexpected();
if (wrapping_algorithm.id() != wrapping_key.algorithm().id())
return Status::ErrorUnexpected();
// Fail fast if the import is doomed to fail.
const AlgorithmImplementation* import_impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &import_impl);
if (status.IsError())
return status;
status = import_impl->VerifyKeyUsagesBeforeImportKey(format, usages);
if (status.IsError())
return status;
std::vector<uint8_t> buffer;
status = DecryptDontCheckKeyUsage(wrapping_algorithm, wrapping_key,
wrapped_key_data, &buffer);
if (status.IsError())
return status;
// NOTE that returning the details of ImportKey() failures may leak
// information about the plaintext of the encrypted key (for instance the JWK
// key_ops). As long as the ImportKey error messages don't describe actual
// key bytes however this should be OK. For more discussion see
// http://crbug.com/372040
return ImportKey(format, CryptoData(buffer), algorithm, extractable, usages,
key);
}
Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& base_key,
unsigned int length_bits,
std::vector<uint8_t>* derived_bytes) {
if (!base_key.keyUsageAllows(blink::WebCryptoKeyUsageDeriveBits))
return Status::ErrorUnexpected();
if (algorithm.id() != base_key.algorithm().id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return status;
return impl->DeriveBits(algorithm, base_key, true, length_bits,
derived_bytes);
}
Status DeriveKey(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& base_key,
const blink::WebCryptoAlgorithm& import_algorithm,
const blink::WebCryptoAlgorithm& key_length_algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usages,
blink::WebCryptoKey* derived_key) {
if (!base_key.keyUsageAllows(blink::WebCryptoKeyUsageDeriveKey))
return Status::ErrorUnexpected();
if (algorithm.id() != base_key.algorithm().id())
return Status::ErrorUnexpected();
if (import_algorithm.id() != key_length_algorithm.id())
return Status::ErrorUnexpected();
const AlgorithmImplementation* import_impl = NULL;
Status status =
GetAlgorithmImplementation(import_algorithm.id(), &import_impl);
if (status.IsError())
return status;
// Fail fast if the requested key usages are incorect.
status = import_impl->VerifyKeyUsagesBeforeImportKey(
blink::WebCryptoKeyFormatRaw, usages);
if (status.IsError())
return status;
// Determine how many bits long the derived key should be.
unsigned int length_bits = 0;
bool has_length_bits = false;
status = import_impl->GetKeyLength(key_length_algorithm, &has_length_bits,
&length_bits);
if (status.IsError())
return status;
// Derive the key bytes.
const AlgorithmImplementation* derive_impl = NULL;
status = GetAlgorithmImplementation(algorithm.id(), &derive_impl);
if (status.IsError())
return status;
std::vector<uint8_t> derived_bytes;
status = derive_impl->DeriveBits(algorithm, base_key, has_length_bits,
length_bits, &derived_bytes);
if (status.IsError())
return status;
// Create the key using the derived bytes.
return ImportKey(blink::WebCryptoKeyFormatRaw, CryptoData(derived_bytes),
import_algorithm, extractable, usages, derived_key);
}
scoped_ptr<blink::WebCryptoDigestor> CreateDigestor(
blink::WebCryptoAlgorithmId algorithm) {
crypto::EnsureOpenSSLInit();
return CreateDigestorImplementation(algorithm);
}
bool SerializeKeyForClone(const blink::WebCryptoKey& key,
blink::WebVector<uint8_t>* key_data) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(key.algorithm().id(), &impl);
if (status.IsError())
return false;
status = impl->SerializeKeyForClone(key, key_data);
return status.IsSuccess();
}
bool DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
blink::WebCryptoKeyType type,
bool extractable,
blink::WebCryptoKeyUsageMask usages,
const CryptoData& key_data,
blink::WebCryptoKey* key) {
const AlgorithmImplementation* impl = NULL;
Status status = GetAlgorithmImplementation(algorithm.id(), &impl);
if (status.IsError())
return false;
status = impl->DeserializeKeyForClone(algorithm, type, extractable, usages,
key_data, key);
return status.IsSuccess();
}
} // namespace webcrypto