1// Copyright 2014 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include <openssl/aes.h>
6#include <openssl/evp.h>
7
8#include "base/logging.h"
9#include "base/numerics/safe_math.h"
10#include "base/stl_util.h"
11#include "content/child/webcrypto/crypto_data.h"
12#include "content/child/webcrypto/openssl/aes_key_openssl.h"
13#include "content/child/webcrypto/openssl/key_openssl.h"
14#include "content/child/webcrypto/openssl/util_openssl.h"
15#include "content/child/webcrypto/status.h"
16#include "content/child/webcrypto/webcrypto_util.h"
17#include "crypto/openssl_util.h"
18#include "crypto/scoped_openssl_types.h"
19#include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
20
21namespace content {
22
23namespace webcrypto {
24
25namespace {
26
27const EVP_CIPHER* GetAESCipherByKeyLength(unsigned int key_length_bytes) {
28  // BoringSSL does not support 192-bit AES keys.
29  switch (key_length_bytes) {
30    case 16:
31      return EVP_aes_128_cbc();
32    case 32:
33      return EVP_aes_256_cbc();
34    default:
35      return NULL;
36  }
37}
38
39Status AesCbcEncryptDecrypt(EncryptOrDecrypt cipher_operation,
40                            const blink::WebCryptoAlgorithm& algorithm,
41                            const blink::WebCryptoKey& key,
42                            const CryptoData& data,
43                            std::vector<uint8_t>* buffer) {
44  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
45
46  const blink::WebCryptoAesCbcParams* params = algorithm.aesCbcParams();
47  const std::vector<uint8_t>& raw_key =
48      SymKeyOpenSsl::Cast(key)->raw_key_data();
49
50  if (params->iv().size() != 16)
51    return Status::ErrorIncorrectSizeAesCbcIv();
52
53  // According to the openssl docs, the amount of data written may be as large
54  // as (data_size + cipher_block_size - 1), constrained to a multiple of
55  // cipher_block_size.
56  base::CheckedNumeric<int> output_max_len = data.byte_length();
57  output_max_len += AES_BLOCK_SIZE - 1;
58  if (!output_max_len.IsValid())
59    return Status::ErrorDataTooLarge();
60
61  const unsigned remainder = output_max_len.ValueOrDie() % AES_BLOCK_SIZE;
62  if (remainder != 0)
63    output_max_len += AES_BLOCK_SIZE - remainder;
64  if (!output_max_len.IsValid())
65    return Status::ErrorDataTooLarge();
66
67  // Note: PKCS padding is enabled by default
68  crypto::ScopedOpenSSL<EVP_CIPHER_CTX, EVP_CIPHER_CTX_free>::Type context(
69      EVP_CIPHER_CTX_new());
70
71  if (!context.get())
72    return Status::OperationError();
73
74  const EVP_CIPHER* const cipher = GetAESCipherByKeyLength(raw_key.size());
75  DCHECK(cipher);
76
77  if (!EVP_CipherInit_ex(context.get(),
78                         cipher,
79                         NULL,
80                         &raw_key[0],
81                         params->iv().data(),
82                         cipher_operation)) {
83    return Status::OperationError();
84  }
85
86  buffer->resize(output_max_len.ValueOrDie());
87
88  unsigned char* const buffer_data = vector_as_array(buffer);
89
90  int output_len = 0;
91  if (!EVP_CipherUpdate(context.get(),
92                        buffer_data,
93                        &output_len,
94                        data.bytes(),
95                        data.byte_length()))
96    return Status::OperationError();
97  int final_output_chunk_len = 0;
98  if (!EVP_CipherFinal_ex(
99          context.get(), buffer_data + output_len, &final_output_chunk_len)) {
100    return Status::OperationError();
101  }
102
103  const unsigned int final_output_len =
104      static_cast<unsigned int>(output_len) +
105      static_cast<unsigned int>(final_output_chunk_len);
106
107  buffer->resize(final_output_len);
108
109  return Status::Success();
110}
111
112class AesCbcImplementation : public AesAlgorithm {
113 public:
114  AesCbcImplementation() : AesAlgorithm("CBC") {}
115
116  virtual Status Encrypt(const blink::WebCryptoAlgorithm& algorithm,
117                         const blink::WebCryptoKey& key,
118                         const CryptoData& data,
119                         std::vector<uint8_t>* buffer) const OVERRIDE {
120    return AesCbcEncryptDecrypt(ENCRYPT, algorithm, key, data, buffer);
121  }
122
123  virtual Status Decrypt(const blink::WebCryptoAlgorithm& algorithm,
124                         const blink::WebCryptoKey& key,
125                         const CryptoData& data,
126                         std::vector<uint8_t>* buffer) const OVERRIDE {
127    return AesCbcEncryptDecrypt(DECRYPT, algorithm, key, data, buffer);
128  }
129};
130
131}  // namespace
132
133AlgorithmImplementation* CreatePlatformAesCbcImplementation() {
134  return new AesCbcImplementation;
135}
136
137}  // namespace webcrypto
138
139}  // namespace content
140