// Copyright 2014 The Chromium Authors // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifdef UNSAFE_BUFFERS_BUILD // TODO(crbug.com/40285824): Remove this and convert code to safer constructs. #pragma allow_unsafe_buffers #endif #include "components/webcrypto/algorithms/ec.h" #include <stddef.h> #include <string_view> #include <utility> #include "base/containers/span.h" #include "components/webcrypto/algorithms/asymmetric_key_util.h" #include "components/webcrypto/algorithms/util.h" #include "components/webcrypto/blink_key_handle.h" #include "components/webcrypto/generate_key_result.h" #include "components/webcrypto/jwk.h" #include "components/webcrypto/status.h" #include "crypto/openssl_util.h" #include "third_party/blink/public/platform/web_crypto_algorithm_params.h" #include "third_party/blink/public/platform/web_crypto_key_algorithm.h" #include "third_party/boringssl/src/include/openssl/bn.h" #include "third_party/boringssl/src/include/openssl/bytestring.h" #include "third_party/boringssl/src/include/openssl/ec.h" #include "third_party/boringssl/src/include/openssl/ec_key.h" #include "third_party/boringssl/src/include/openssl/evp.h" #include "third_party/boringssl/src/include/openssl/mem.h" namespace webcrypto { namespace { // Maps a blink::WebCryptoNamedCurve to the corresponding NID used by // BoringSSL. Status WebCryptoCurveToNid(blink::WebCryptoNamedCurve named_curve, int* nid) { … } // Maps a BoringSSL NID to the corresponding WebCrypto named curve. Status NidToWebCryptoCurve(int nid, blink::WebCryptoNamedCurve* named_curve) { … } struct JwkCrvMapping { … }; const JwkCrvMapping kJwkCrvMappings[] = …; // Gets the "crv" parameter from a JWK and converts it to a WebCryptoNamedCurve. Status ReadJwkCrv(const JwkReader& jwk, blink::WebCryptoNamedCurve* named_curve) { … } // Converts a WebCryptoNamedCurve to an equivalent JWK "crv". Status WebCryptoCurveToJwkCrv(blink::WebCryptoNamedCurve named_curve, std::string* jwk_crv) { … } // Verifies that an EC key imported from PKCS8 or SPKI format is correct. // This involves verifying the key validity, and the NID for the named curve. // Also removes the EC_PKEY_NO_PUBKEY flag if present. Status VerifyEcKeyAfterSpkiOrPkcs8Import( EVP_PKEY* pkey, blink::WebCryptoNamedCurve expected_named_curve) { … } // Creates an EC_KEY for the given WebCryptoNamedCurve. Status CreateEC_KEY(blink::WebCryptoNamedCurve named_curve, bssl::UniquePtr<EC_KEY>* ec) { … } // Writes an unsigned BIGNUM into |jwk|, zero-padding it to a length of // |padded_length|. Status WritePaddedBIGNUM(std::string_view member_name, const BIGNUM* value, size_t padded_length, JwkWriter* jwk) { … } // Reads a fixed length BIGNUM from a JWK. Status ReadPaddedBIGNUM(const JwkReader& jwk, std::string_view member_name, size_t expected_length, bssl::UniquePtr<BIGNUM>* out) { … } int GetGroupDegreeInBytes(EC_KEY* ec) { … } // Extracts the public key as affine coordinates (x,y). Status GetPublicKey(EC_KEY* ec, bssl::UniquePtr<BIGNUM>* x, bssl::UniquePtr<BIGNUM>* y) { … } // Synthesizes an import algorithm given a key algorithm, so that // deserialization can re-use the ImportKey*() methods. blink::WebCryptoAlgorithm SynthesizeImportAlgorithmForClone( const blink::WebCryptoKeyAlgorithm& algorithm) { … } } // namespace Status EcAlgorithm::GenerateKey(const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask combined_usages, GenerateKeyResult* result) const { … } Status EcAlgorithm::ImportKey(blink::WebCryptoKeyFormat format, base::span<const uint8_t> key_data, const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask usages, blink::WebCryptoKey* key) const { … } Status EcAlgorithm::ExportKey(blink::WebCryptoKeyFormat format, const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const { … } Status EcAlgorithm::ImportKeyRaw(base::span<const uint8_t> key_data, const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask usages, blink::WebCryptoKey* key) const { … } Status EcAlgorithm::ImportKeyPkcs8(base::span<const uint8_t> key_data, const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask usages, blink::WebCryptoKey* key) const { … } Status EcAlgorithm::ImportKeySpki(base::span<const uint8_t> key_data, const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask usages, blink::WebCryptoKey* key) const { … } // The format for JWK EC keys is given by: // https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-6.2 Status EcAlgorithm::ImportKeyJwk(base::span<const uint8_t> key_data, const blink::WebCryptoAlgorithm& algorithm, bool extractable, blink::WebCryptoKeyUsageMask usages, blink::WebCryptoKey* key) const { … } Status EcAlgorithm::ExportKeyRaw(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const { … } Status EcAlgorithm::ExportKeyPkcs8(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const { … } Status EcAlgorithm::ExportKeySpki(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const { … } // The format for JWK EC keys is given by: // https://tools.ietf.org/html/draft-ietf-jose-json-web-algorithms-36#section-6.2 Status EcAlgorithm::ExportKeyJwk(const blink::WebCryptoKey& key, std::vector<uint8_t>* buffer) const { … } // TODO(eroman): Defer import to the crypto thread. http://crbug.com/430763 Status EcAlgorithm::DeserializeKeyForClone( const blink::WebCryptoKeyAlgorithm& algorithm, blink::WebCryptoKeyType type, bool extractable, blink::WebCryptoKeyUsageMask usages, base::span<const uint8_t> key_data, blink::WebCryptoKey* key) const { … } } // namespace webcrypto
Codebase Browser
chromium