Skip to content

GitLab

T
tangled
Commit 3827620e authored by eroman@chromium.org's avatar eroman@chromium.org
Browse files
Options

[webcrypto] Remove RSA-ES support (2 of 3) 

BUG=372920,245025
R=rsleevi@chromium.org

Review URL: https://codereview.chromium.org/282903002

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@272577 0039d316-1c4b-4281-b951-d872f2087c98
parent e6de8557
Expand all Hide whitespace changes
Inline Side-by-side
Showing with 119 additions and 1001 deletions
content/child/webcrypto/jwk.cc
View file @ 3827620e
......@@ -110,7 +110,6 @@
// +--------------+-------------------------------------------------------|
// | Key Management Algorithm |
// +--------------+-------------------------------------------------------+
// | "RSA1_5" | RSAES-PKCS1-V1_5 [RFC3447] |
// | "RSA-OAEP" | RSAES using Optimal Asymmetric Encryption Padding |
// | | (OAEP) [RFC3447], with the default parameters |
// | | specified by RFC3447 in Section A.2.1 |
......@@ -307,9 +306,6 @@ class JwkAlgorithmRegistry {
alg_to_info_["RS512"] =
JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaSsaImportAlgorithm,
blink::WebCryptoAlgorithmIdSha512>);
alg_to_info_["RSA1_5"] = JwkAlgorithmInfo(
&BindAlgorithmId<CreateAlgorithm,
blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5>);
alg_to_info_["RSA-OAEP"] =
JwkAlgorithmInfo(&BindAlgorithmId<CreateRsaOaepImportAlgorithm,
blink::WebCryptoAlgorithmIdSha1>);
......@@ -664,16 +660,6 @@ Status WriteAlg(const blink::WebCryptoKeyAlgorithm& algorithm,
}
break;
}
case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
switch (algorithm.id()) {
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
jwk_dict->SetString("alg", "RSA1_5");
break;
default:
NOTREACHED();
return Status::ErrorUnexpected();
}
break;
case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
switch (algorithm.id()) {
case blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5: {
......@@ -729,8 +715,7 @@ Status WriteAlg(const blink::WebCryptoKeyAlgorithm& algorithm,
bool IsRsaKey(const blink::WebCryptoKey& key) {
const blink::WebCryptoAlgorithmId algorithm_id = key.algorithm().id();
return algorithm_id == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
return algorithm_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
algorithm_id == blink::WebCryptoAlgorithmIdRsaOaep;
}
......
content/child/webcrypto/platform_crypto.h
View file @ 3827620e
......@@ -96,19 +96,6 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
unsigned int tag_length_bits,
std::vector<uint8>* buffer);
// Preconditions:
// * |key| is non-null.
// * |data| is not empty.
Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
const CryptoData& data,
std::vector<uint8>* buffer);
// Preconditions:
// * |key| is non-null.
Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
const CryptoData& data,
std::vector<uint8>* buffer);
// Preconditions:
// * |key| is non-null
// * |hash| is a digest algorithm
......@@ -181,8 +168,6 @@ Status GenerateSecretKey(const blink::WebCryptoAlgorithm& algorithm,
// * algorithm.id() is for an RSA algorithm.
// * public_exponent, modulus_length_bits and hash_or_null are the same as what
// is in algorithm. They are split out for convenience.
// * hash_or_null.isNull() may be true if a hash is not applicable to the
// algorithm
// * modulus_length_bits is not 0
// * public_exponent is not empty.
Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
......@@ -190,7 +175,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
blink::WebCryptoKeyUsageMask usage_mask,
unsigned int modulus_length_bits,
const CryptoData& public_exponent,
const blink::WebCryptoAlgorithm& hash,
blink::WebCryptoKey* public_key,
blink::WebCryptoKey* private_key);
......@@ -312,24 +296,6 @@ Status DecryptAesKw(SymKey* key,
const CryptoData& data,
std::vector<uint8>* buffer);
// Preconditions:
// * |key| is non-null
// * |wrapping_key| is non-null
Status WrapSymKeyRsaEs(SymKey* key,
PublicKey* wrapping_key,
std::vector<uint8>* buffer);
// Preconditions:
// * |wrapping_key| is non-null
// * |key| is non-null
// * |algorithm.id()| is for a symmetric key algorithm.
Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
PrivateKey* wrapping_key,
const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usage_mask,
blink::WebCryptoKey* key);
} // namespace platform
} // namespace webcrypto
......
content/child/webcrypto/platform_crypto_nss.cc
View file @ 3827620e
......@@ -553,12 +553,6 @@ bool BigIntegerToLong(const uint8* data,
return true;
}
bool IsAlgorithmRsa(const blink::WebCryptoAlgorithm& algorithm) {
return algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep ||
algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
}
bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
SECKEYPublicKey* key,
blink::WebCryptoKeyAlgorithm* key_algorithm) {
......@@ -580,14 +574,6 @@ bool CreatePublicKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
public_exponent.byte_length(),
GetInnerHashAlgorithm(algorithm).id());
return true;
case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams:
case blink::WebCryptoAlgorithmParamsTypeNone:
*key_algorithm = blink::WebCryptoKeyAlgorithm::createRsa(
algorithm.id(),
modulus_length_bits,
public_exponent.bytes(),
public_exponent.byte_length());
return true;
default:
return false;
}
......@@ -987,7 +973,7 @@ bool ValidateNssKeyTypeAgainstInputAlgorithm(
const blink::WebCryptoAlgorithm& algorithm) {
switch (key_type) {
case rsaKey:
return IsAlgorithmRsa(algorithm);
return IsAlgorithmRsa(algorithm.id());
case dsaKey:
case ecKey:
case rsaPssKey:
......@@ -1114,8 +1100,7 @@ Status ExportKeyPkcs8(PrivateKey* key,
const blink::WebCryptoKeyAlgorithm& key_algorithm,
std::vector<uint8>* buffer) {
// TODO(eroman): Support other RSA key types as they are added to Blink.
if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 &&
key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 &&
if (key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 &&
key_algorithm.id() != blink::WebCryptoAlgorithmIdRsaOaep)
return Status::ErrorUnsupported();
......@@ -1266,60 +1251,6 @@ Status SignHmac(SymKey* key,
return Status::Success();
}
// -----------------------------------
// RsaEsPkcs1v1_5
// -----------------------------------
Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
const CryptoData& data,
std::vector<uint8>* buffer) {
const unsigned int encrypted_length_bytes =
SECKEY_PublicKeyStrength(key->key());
// RSAES can operate on messages up to a length of k - 11, where k is the
// octet length of the RSA modulus.
if (encrypted_length_bytes < 11 ||
encrypted_length_bytes - 11 < data.byte_length())
return Status::ErrorDataTooLarge();
buffer->resize(encrypted_length_bytes);
unsigned char* const buffer_data = Uint8VectorStart(buffer);
if (PK11_PubEncryptPKCS1(key->key(),
buffer_data,
const_cast<unsigned char*>(data.bytes()),
data.byte_length(),
NULL) != SECSuccess) {
return Status::OperationError();
}
return Status::Success();
}
Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
const CryptoData& data,
std::vector<uint8>* buffer) {
const int modulus_length_bytes = PK11_GetPrivateModulusLen(key->key());
if (modulus_length_bytes <= 0)
return Status::ErrorUnexpected();
const unsigned int max_output_length_bytes = modulus_length_bytes;
buffer->resize(max_output_length_bytes);
unsigned char* const buffer_data = Uint8VectorStart(buffer);
unsigned int output_length_bytes = 0;
if (PK11_PrivDecryptPKCS1(key->key(),
buffer_data,
&output_length_bytes,
max_output_length_bytes,
const_cast<unsigned char*>(data.bytes()),
data.byte_length()) != SECSuccess) {
return Status::OperationError();
}
DCHECK_LE(output_length_bytes, max_output_length_bytes);
buffer->resize(output_length_bytes);
return Status::Success();
}
// -----------------------------------
// RsaOaep
// -----------------------------------
......@@ -1512,7 +1443,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
blink::WebCryptoKeyUsageMask usage_mask,
unsigned int modulus_length_bits,
const CryptoData& public_exponent,
const blink::WebCryptoAlgorithm& hash_or_null,
blink::WebCryptoKey* public_key,
blink::WebCryptoKey* private_key) {
if (algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep &&
......@@ -1540,7 +1470,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
// possible operations for the given key type.
CK_FLAGS operation_flags;
switch (algorithm.id()) {
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
case blink::WebCryptoAlgorithmIdRsaOaep:
operation_flags = CKF_ENCRYPT | CKF_DECRYPT | CKF_WRAP | CKF_UNWRAP;
break;
......@@ -1935,89 +1864,6 @@ Status DecryptAesKw(SymKey* wrapping_key,
return Status::Success();
}
Status WrapSymKeyRsaEs(SymKey* key,
PublicKey* wrapping_key,
std::vector<uint8>* buffer) {
// Check the raw length of the key to be wrapped against the max size allowed
// by the RSA wrapping key. With PKCS#1 v1.5 padding used in this function,
// the maximum data length that can be encrypted is the wrapping_key's modulus
// byte length minus eleven bytes.
const unsigned int input_length_bytes = PK11_GetKeyLength(key->key());
const unsigned int modulus_length_bytes =
SECKEY_PublicKeyStrength(wrapping_key->key());
if (modulus_length_bytes < 11 ||
modulus_length_bytes - 11 < input_length_bytes)
return Status::ErrorDataTooLarge();
buffer->resize(modulus_length_bytes);
SECItem wrapped_key_item = MakeSECItemForBuffer(CryptoData(*buffer));
if (SECSuccess !=
PK11_PubWrapSymKey(
CKM_RSA_PKCS, wrapping_key->key(), key->key(), &wrapped_key_item)) {
return Status::OperationError();
}
if (wrapped_key_item.len != modulus_length_bytes)
return Status::ErrorUnexpected();
return Status::Success();
}
Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
PrivateKey* wrapping_key,
const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usage_mask,
blink::WebCryptoKey* key) {
// Verify wrapped_key_data size does not exceed the modulus of the RSA key.
const int modulus_length_bytes =
PK11_GetPrivateModulusLen(wrapping_key->key());
if (modulus_length_bytes <= 0)
return Status::ErrorUnexpected();
if (wrapped_key_data.byte_length() >
static_cast<unsigned int>(modulus_length_bytes))
return Status::ErrorDataTooLarge();
// Determine the proper NSS key properties from the input algorithm.
CK_MECHANISM_TYPE mechanism;
CK_FLAGS flags;
Status status =
WebCryptoAlgorithmToNssMechFlags(algorithm, &mechanism, &flags);
if (status.IsError())
return status;
SECItem wrapped_key_item = MakeSECItemForBuffer(wrapped_key_data);
crypto::ScopedPK11SymKey unwrapped_key(
PK11_PubUnwrapSymKeyWithFlagsPerm(wrapping_key->key(),
&wrapped_key_item,
mechanism,
CKA_DECRYPT,
0,
flags,
false));
if (!unwrapped_key)
return Status::OperationError();
const unsigned int key_length = PK11_GetKeyLength(unwrapped_key.get());
blink::WebCryptoKeyAlgorithm key_algorithm;
if (!CreateSecretKeyAlgorithm(algorithm, key_length, &key_algorithm))
return Status::ErrorUnexpected();
scoped_ptr<SymKey> key_handle;
status = SymKey::Create(unwrapped_key.Pass(), &key_handle);
if (status.IsError())
return status;
*key = blink::WebCryptoKey::create(key_handle.release(),
blink::WebCryptoKeyTypeSecret,
extractable,
key_algorithm,
usage_mask);
return Status::Success();
}
} // namespace platform
} // namespace webcrypto
......
content/child/webcrypto/platform_crypto_openssl.cc
View file @ 3827620e
......@@ -303,7 +303,6 @@ Status GenerateRsaKeyPair(const blink::WebCryptoAlgorithm& algorithm,
blink::WebCryptoKeyUsageMask usage_mask,
unsigned int modulus_length_bits,
const CryptoData& public_exponent,
const blink::WebCryptoAlgorithm& hash,
blink::WebCryptoKey* public_key,
blink::WebCryptoKey* private_key) {
// TODO(padolph): Placeholder for OpenSSL implementation.
......@@ -408,21 +407,6 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
return Status::ErrorUnsupported();
}
// Guaranteed that key is valid.
Status EncryptRsaEsPkcs1v1_5(PublicKey* key,
const CryptoData& data,
std::vector<uint8>* buffer) {
// TODO(eroman): http://crbug.com/267888
return Status::ErrorUnsupported();
}
Status DecryptRsaEsPkcs1v1_5(PrivateKey* key,
const CryptoData& data,
std::vector<uint8>* buffer) {
// TODO(eroman): http://crbug.com/267888
return Status::ErrorUnsupported();
}
Status EncryptRsaOaep(PublicKey* key,
const blink::WebCryptoAlgorithm& hash,
const CryptoData& label,
......@@ -533,23 +517,6 @@ Status DecryptAesKw(SymKey* key,
return Status::ErrorUnsupported();
}
Status WrapSymKeyRsaEs(SymKey* key,
PublicKey* wrapping_key,
std::vector<uint8>* buffer) {
// TODO(eroman): http://crbug.com/267888
return Status::ErrorUnsupported();
}
Status UnwrapSymKeyRsaEs(const CryptoData& wrapped_key_data,
PrivateKey* wrapping_key,
const blink::WebCryptoAlgorithm& algorithm,
bool extractable,
blink::WebCryptoKeyUsageMask usage_mask,
blink::WebCryptoKey* key) {
// TODO(eroman): http://crbug.com/267888
return Status::ErrorUnsupported();
}
bool ThreadSafeDeserializeKeyForClone(
const blink::WebCryptoKeyAlgorithm& algorithm,
blink::WebCryptoKeyType type,
......
content/child/webcrypto/shared_crypto.cc
View file @ 3827620e
......@@ -103,38 +103,6 @@ Status EncryptDecryptAesGcm(EncryptOrDecrypt mode,
buffer);
}
Status EncryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8>* buffer) {
platform::PublicKey* public_key;
Status status = ToPlatformPublicKey(key, &public_key);
if (status.IsError())
return status;
// RSAES encryption does not support empty input
if (!data.byte_length())
return Status::ErrorDataTooSmall();
return platform::EncryptRsaEsPkcs1v1_5(public_key, data, buffer);
}
Status DecryptRsaEsPkcs1v1_5(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
std::vector<uint8>* buffer) {
platform::PrivateKey* private_key;
Status status = ToPlatformPrivateKey(key, &private_key);
if (status.IsError())
return status;
// RSAES decryption does not support empty input
if (!data.byte_length())
return Status::ErrorDataTooSmall();
return platform::DecryptRsaEsPkcs1v1_5(private_key, data, buffer);
}
Status EncryptRsaOaep(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& key,
const CryptoData& data,
......@@ -281,7 +249,6 @@ blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm(
const blink::WebCryptoKeyAlgorithm& algorithm) {
switch (algorithm.paramsType()) {
case blink::WebCryptoKeyAlgorithmParamsTypeAes:
case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
return CreateAlgorithm(algorithm.id());
case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
return CreateHmacImportAlgorithm(algorithm.hmacParams()->hash().id());
......@@ -290,6 +257,8 @@ blink::WebCryptoAlgorithm KeyAlgorithmToImportAlgorithm(
algorithm.id(), algorithm.rsaHashedParams()->hash().id());
case blink::WebCryptoKeyAlgorithmParamsTypeNone:
break;
default:
break;
}
return blink::WebCryptoAlgorithm::createNull();
}
......@@ -316,22 +285,24 @@ bool ValidateDeserializedKey(const blink::WebCryptoKey& key,
key.algorithm().aesParams()->lengthBits())
return false;
break;
case blink::WebCryptoKeyAlgorithmParamsTypeRsa:
case blink::WebCryptoKeyAlgorithmParamsTypeRsaHashed:
if (algorithm.rsaParams()->modulusLengthBits() !=
key.algorithm().rsaParams()->modulusLengthBits())
if (algorithm.rsaHashedParams()->modulusLengthBits() !=
key.algorithm().rsaHashedParams()->modulusLengthBits())
return false;
if (algorithm.rsaParams()->publicExponent().size() !=
key.algorithm().rsaParams()->publicExponent().size())
if (algorithm.rsaHashedParams()->publicExponent().size() !=
key.algorithm().rsaHashedParams()->publicExponent().size())
return false;
if (memcmp(algorithm.rsaParams()->publicExponent().data(),
key.algorithm().rsaParams()->publicExponent().data(),
key.algorithm().rsaParams()->publicExponent().size()) != 0)
if (memcmp(algorithm.rsaHashedParams()->publicExponent().data(),
key.algorithm().rsaHashedParams()->publicExponent().data(),
key.algorithm().rsaHashedParams()->publicExponent().size()) !=
0)
return false;
break;
case blink::WebCryptoKeyAlgorithmParamsTypeNone:
case blink::WebCryptoKeyAlgorithmParamsTypeHmac:
break;
default:
return false;
}
return true;
......@@ -371,21 +342,6 @@ Status UnwrapKeyRaw(const CryptoData& wrapped_key_data,
usage_mask,
key);
}
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
platform::PrivateKey* platform_wrapping_key;
Status status =
ToPlatformPrivateKey(wrapping_key, &platform_wrapping_key);
if (status.IsError())
return status;
if (!wrapped_key_data.byte_length())
return Status::ErrorDataTooSmall();
return platform::UnwrapSymKeyRsaEs(wrapped_key_data,
platform_wrapping_key,
algorithm,
extractable,
usage_mask,
key);
}
default:
return Status::ErrorUnsupported();
}
......@@ -411,14 +367,6 @@ Status WrapKeyRaw(const blink::WebCryptoKey& key_to_wrap,
return platform::WrapSymKeyAesKw(
platform_key, platform_wrapping_key, buffer);
}
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5: {
platform::PublicKey* platform_wrapping_key;
status = ToPlatformPublicKey(wrapping_key, &platform_wrapping_key);
if (status.IsError())
return status;
return platform::WrapSymKeyRsaEs(
platform_key, platform_wrapping_key, buffer);
}
default:
return Status::ErrorUnsupported();
}
......@@ -449,8 +397,6 @@ Status DecryptDontCheckKeyUsage(const blink::WebCryptoAlgorithm& algorithm,
return EncryptDecryptAesCbc(DECRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdAesGcm:
return EncryptDecryptAesGcm(DECRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
return DecryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaOaep:
return DecryptRsaOaep(algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdAesKw:
......@@ -471,8 +417,6 @@ Status EncryptDontCheckUsage(const blink::WebCryptoAlgorithm& algorithm,
return EncryptDecryptAesCbc(ENCRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdAesGcm:
return EncryptDecryptAesGcm(ENCRYPT, algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5:
return EncryptRsaEsPkcs1v1_5(algorithm, key, data, buffer);
case blink::WebCryptoAlgorithmIdRsaOaep:
return EncryptRsaOaep(algorithm, key, data, buffer);
default:
......@@ -625,17 +569,9 @@ Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm,
blink::WebCryptoKey* private_key) {
// TODO(padolph): Handle other asymmetric algorithm key generation.
switch (algorithm.paramsType()) {
case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams:
case blink::WebCryptoAlgorithmParamsTypeRsaKeyGenParams: {
const blink::WebCryptoRsaKeyGenParams* params = NULL;
blink::WebCryptoAlgorithm hash_or_null =
blink::WebCryptoAlgorithm::createNull();
if (algorithm.rsaHashedKeyGenParams()) {
params = algorithm.rsaHashedKeyGenParams();
hash_or_null = algorithm.rsaHashedKeyGenParams()->hash();
} else {
params = algorithm.rsaKeyGenParams();
}
case blink::WebCryptoAlgorithmParamsTypeRsaHashedKeyGenParams: {
const blink::WebCryptoRsaHashedKeyGenParams* params =
algorithm.rsaHashedKeyGenParams();
if (!params->modulusLengthBits())
return Status::ErrorGenerateRsaZeroModulus();
......@@ -649,7 +585,6 @@ Status GenerateKeyPair(const blink::WebCryptoAlgorithm& algorithm,
usage_mask,
params->modulusLengthBits(),
publicExponent,
hash_or_null,
public_key,
private_key);
}
......@@ -782,9 +717,7 @@ Status WrapKey(blink::WebCryptoKeyFormat format,
switch (format) {
case blink::WebCryptoKeyFormatRaw:
if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
wrapping_algorithm.id() ==
blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) {
// AES-KW is a special case, due to NSS's implementation only
// supporting C_Wrap/C_Unwrap with AES-KW
return WrapKeyRaw(
......@@ -819,9 +752,7 @@ Status UnwrapKey(blink::WebCryptoKeyFormat format,
switch (format) {
case blink::WebCryptoKeyFormatRaw:
if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw ||
wrapping_algorithm.id() ==
blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5) {
if (wrapping_algorithm.id() == blink::WebCryptoAlgorithmIdAesKw) {
// AES-KW is a special case, due to NSS's implementation only
// supporting C_Wrap/C_Unwrap with AES-KW
return UnwrapKeyRaw(wrapped_key_data,
......
content/child/webcrypto/status.h
View file @ 3827620e
......@@ -140,9 +140,7 @@ class CONTENT_EXPORT Status {
// The data provided to an encrypt/decrypt/sign/verify operation was too
// large. This can either represent an internal limitation (for instance
// representing buffer lengths as uints), or an algorithm restriction (for
// instance RSAES can operation on messages relative to the length of the
// key's modulus).
// representing buffer lengths as uints).
static Status ErrorDataTooLarge();
// The data provided to an encrypt/decrypt/sign/verify operation was too
......
content/child/webcrypto/webcrypto_impl.cc
View file @ 3827620e
......@@ -137,9 +137,7 @@ void CompleteWithKeyOrError(const Status& status,
bool IsAlgorithmAsymmetric(const blink::WebCryptoAlgorithm& algorithm) {
// TODO(padolph): include all other asymmetric algorithms once they are
// defined, e.g. EC and DH.
return (algorithm.id() == blink::WebCryptoAlgorithmIdRsaEsPkcs1v1_5 ||
algorithm.id() == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5 ||
algorithm.id() == blink::WebCryptoAlgorithmIdRsaOaep);
return webcrypto::IsAlgorithmRsa(algorithm.id());
}
// Gets a task runner for the current thread. The current thread is either:
......
content/child/webcrypto/webcrypto_util.cc
View file @ 3827620e
......@@ -179,6 +179,11 @@ bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
}
}
bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id) {
return alg_id == blink::WebCryptoAlgorithmIdRsaOaep ||
alg_id == blink::WebCryptoAlgorithmIdRsaSsaPkcs1v1_5;
}
} // namespace webcrypto
} // namespace content
content/child/webcrypto/webcrypto_util.h
View file @ 3827620e
......@@ -71,6 +71,8 @@ bool CreateSecretKeyAlgorithm(const blink::WebCryptoAlgorithm& algorithm,
unsigned int keylen_bytes,
blink::WebCryptoKeyAlgorithm* key_algorithm);
bool IsAlgorithmRsa(blink::WebCryptoAlgorithmId alg_id);
} // namespace webcrypto
} // namespace content
......
content/test/data/webcrypto/rsa_es.json deleted 100644 → 0
View file @ e6de8557
{
// The RSA public and private keys used for this test are produced by the
// openssl command line:
// % openssl genrsa -out pair.pem 1024
// % openssl rsa -in pair.pem -out spki.der -outform DER -pubout
// % openssl pkcs8 -topk8 -inform PEM -outform DER -in pair.pem -out
// pkcs8.der -nocrypt
// % xxd -p spki.der
// % xxd -p pkcs8.der
"rsa_spki_der": "30819f300d06092a864886f70d010101050003818d0030818902818100a8d30894b93f376f7822229bfd2483e50da944c4ab803ca31979e0f47e70bf683c687c6b3e80f280a237cea3643fd1f7f10f7cc664dbc2ecd45be53e1c9b15a53c37dbdad846c0f8340c472abc7821e4aa7df185867bf38228ac3ecc1d97d3c8b57e21ea6ba57b2bc3814a436e910ee8ab64a0b7743a927e944d3420401f7dd50203010001",
"rsa_pkcs8_der": "30820276020100300d06092a864886f70d0101010500048202603082025c02010002818100a8d30894b93f376f7822229bfd2483e50da944c4ab803ca31979e0f47e70bf683c687c6b3e80f280a237cea3643fd1f7f10f7cc664dbc2ecd45be53e1c9b15a53c37dbdad846c0f8340c472abc7821e4aa7df185867bf38228ac3ecc1d97d3c8b57e21ea6ba57b2bc3814a436e910ee8ab64a0b7743a927e944d3420401f7dd5020301000102818100896cdffb50a0691bd00ad9696933243a7c5861a64684e8d74b91aed0d76c28234da9303e8c6ea2f89b141a9d5ea9a4ddd3d8eb9503dcf05ba0b1fd76060b281e3ae4b9d497fb5519bdf1127db8ad412d6a722686c78df3e3002acca960c6b2a242a83ace5410693c03ce3d74cb9c9a7bacc8e271812920d1f53fee9312ef4eb1024100d09c14418ce92af7cc62f7cdc79836d8c6e3d0d33e7229cc11d732cbac75aa4c56c92e409a3ccbe75d4ce63ac5adca33080690782c6371e3628134c3534ca603024100cf2d3206f6deea2f39b70351c51f854362005aa8f643e49e22486736d536e040dc30a2b4f9be3ab212a88d1891280874b9a170cdeb22eaf61c27c4b082c7d1470240638411a5b3b307ec6e744802c2d4ba556f8bfe72c7b76e790b89bd91ac13f5c9b51d04138d80b3450c1d4337865601bf96748b36c8f627be719f71ac3c70b441024065ce92cfe34ea58bf173a2b8f3024b4d5282540ac581957db3e11a7f528535ec098808dca0013ffcb3b88a25716757c86c540e07d2ad8502cdd129118822c30f0240420a4983040e9db46eb29f1315a0d7b41cf60428f7460fce748e9a1a7d22d7390fa328948e7e9d1724401374e99d45eb41474781201378a4330e8e808ce63551",
// Similarly, the cleartext and public key encrypted ciphertext for this test
// are also produced by openssl. Note that since we are using a 1024-bit key,
// the cleartext size must be less than or equal to 117 bytes (modulusLength /
// 8 - 11).
// % openssl rand -out cleartext.bin 64
// % openssl rsautl -encrypt -inkey spki.der -keyform DER -pubin -in
// cleartext.bin -out ciphertext.bin
// % xxd -p cleartext.bin
// % xxd -p ciphertext.bin
"cleartext": "ec358ed141c45d7e03d4c6338aebad718e8bcbbf8f8ee6f8d9f4b9ef06d884739a398c6bcbc688418b2ff64761dc0ccd40e7d52bed03e06946d0957aeef9e822",
"ciphertext": "6106441c2b7a4b1a16260ed1ae4fe6135247345dc8e674754bbda6588c6c0d95a3d4d26bb34cdbcbe327723e80343bd7a15cd4c91c3a44e6cb9c6cd67ad2e8bf41523188d9b36dc364a838642dcbc2c25e85dfb2106ba47578ca3bbf8915055aea4fa7c3cbfdfbcc163f04c234fb6d847f39bab9612ecbee04626e945c3ccf42"
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment