mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-08 19:04:45 +00:00
Backed out changeset 5460c4558253 (bug 1026398) for test_WebCrypto.html timeouts on B2G; CLOSED TREE
This commit is contained in:
parent
03329fb20f
commit
65aa1f33ef
@ -50,8 +50,6 @@ KeyAlgorithm::KeyAlgorithm(nsIGlobalObject* aGlobal, const nsString& aName)
|
||||
mMechanism = CKM_RSA_PKCS;
|
||||
} else if (mName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
mMechanism = CKM_RSA_PKCS;
|
||||
} else if (mName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
mMechanism = CKM_RSA_PKCS_OAEP;
|
||||
} else {
|
||||
mMechanism = UNKNOWN_CK_MECHANISM;
|
||||
}
|
||||
|
@ -23,7 +23,6 @@
|
||||
#define WEBCRYPTO_ALG_HMAC "HMAC"
|
||||
#define WEBCRYPTO_ALG_RSAES_PKCS1 "RSAES-PKCS1-v1_5"
|
||||
#define WEBCRYPTO_ALG_RSASSA_PKCS1 "RSASSA-PKCS1-v1_5"
|
||||
#define WEBCRYPTO_ALG_RSA_OAEP "RSA-OAEP"
|
||||
|
||||
// WebCrypto key formats
|
||||
#define WEBCRYPTO_KEY_FORMAT_RAW "raw"
|
||||
|
@ -231,7 +231,7 @@ class AesTask : public ReturnArrayBufferViewTask
|
||||
{
|
||||
public:
|
||||
AesTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
|
||||
CryptoKey& aKey, const CryptoOperationData& aData,
|
||||
mozilla::dom::CryptoKey& aKey, const CryptoOperationData& aData,
|
||||
bool aEncrypt)
|
||||
: mSymKey(aKey.GetSymKey())
|
||||
, mEncrypt(aEncrypt)
|
||||
@ -408,7 +408,7 @@ class RsaesPkcs1Task : public ReturnArrayBufferViewTask
|
||||
{
|
||||
public:
|
||||
RsaesPkcs1Task(JSContext* aCx, const ObjectOrString& aAlgorithm,
|
||||
CryptoKey& aKey, const CryptoOperationData& aData,
|
||||
mozilla::dom::CryptoKey& aKey, const CryptoOperationData& aData,
|
||||
bool aEncrypt)
|
||||
: mPrivKey(aKey.GetPrivateKey())
|
||||
, mPubKey(aKey.GetPublicKey())
|
||||
@ -477,134 +477,11 @@ private:
|
||||
}
|
||||
};
|
||||
|
||||
class RsaOaepTask : public ReturnArrayBufferViewTask
|
||||
{
|
||||
public:
|
||||
RsaOaepTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
|
||||
CryptoKey& aKey, const CryptoOperationData& aData,
|
||||
bool aEncrypt)
|
||||
: mPrivKey(aKey.GetPrivateKey())
|
||||
, mPubKey(aKey.GetPublicKey())
|
||||
, mEncrypt(aEncrypt)
|
||||
{
|
||||
Telemetry::Accumulate(Telemetry::WEBCRYPTO_ALG, TA_RSA_OAEP);
|
||||
|
||||
ATTEMPT_BUFFER_INIT(mData, aData);
|
||||
|
||||
if (mEncrypt) {
|
||||
if (!mPubKey) {
|
||||
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
return;
|
||||
}
|
||||
mStrength = SECKEY_PublicKeyStrength(mPubKey);
|
||||
} else {
|
||||
if (!mPrivKey) {
|
||||
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
return;
|
||||
}
|
||||
mStrength = PK11_GetPrivateModulusLen(mPrivKey);
|
||||
}
|
||||
|
||||
RootedDictionary<RsaOaepParams> params(aCx);
|
||||
mEarlyRv = Coerce(aCx, params, aAlgorithm);
|
||||
if (NS_FAILED(mEarlyRv)) {
|
||||
mEarlyRv = NS_ERROR_DOM_SYNTAX_ERR;
|
||||
return;
|
||||
}
|
||||
|
||||
if (params.mLabel.WasPassed() && !params.mLabel.Value().IsNull()) {
|
||||
ATTEMPT_BUFFER_INIT(mLabel, params.mLabel.Value().Value());
|
||||
}
|
||||
// Otherwise mLabel remains the empty octet string, as intended
|
||||
|
||||
// Look up the MGF based on the KeyAlgorithm.
|
||||
// static_cast is safe because we only get here if the algorithm name
|
||||
// is RSA-OAEP, and that only happens if we've constructed
|
||||
// an RsaHashedKeyAlgorithm.
|
||||
// TODO: Add As* methods to KeyAlgorithm (Bug 1036734)
|
||||
nsRefPtr<RsaHashedKeyAlgorithm> rsaAlg =
|
||||
static_cast<RsaHashedKeyAlgorithm*>(aKey.Algorithm());
|
||||
mHashMechanism = rsaAlg->Hash()->Mechanism();
|
||||
|
||||
switch (mHashMechanism) {
|
||||
case CKM_SHA_1:
|
||||
mMgfMechanism = CKG_MGF1_SHA1; break;
|
||||
case CKM_SHA256:
|
||||
mMgfMechanism = CKG_MGF1_SHA256; break;
|
||||
case CKM_SHA384:
|
||||
mMgfMechanism = CKG_MGF1_SHA384; break;
|
||||
case CKM_SHA512:
|
||||
mMgfMechanism = CKG_MGF1_SHA512; break;
|
||||
default: {
|
||||
mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
private:
|
||||
CK_MECHANISM_TYPE mHashMechanism;
|
||||
CK_MECHANISM_TYPE mMgfMechanism;
|
||||
ScopedSECKEYPrivateKey mPrivKey;
|
||||
ScopedSECKEYPublicKey mPubKey;
|
||||
CryptoBuffer mLabel;
|
||||
CryptoBuffer mData;
|
||||
uint32_t mStrength;
|
||||
bool mEncrypt;
|
||||
|
||||
virtual nsresult DoCrypto() MOZ_OVERRIDE
|
||||
{
|
||||
nsresult rv;
|
||||
|
||||
// Ciphertext is an integer mod the modulus, so it will be
|
||||
// no longer than mStrength octets
|
||||
if (!mResult.SetLength(mStrength)) {
|
||||
return NS_ERROR_DOM_UNKNOWN_ERR;
|
||||
}
|
||||
|
||||
CK_RSA_PKCS_OAEP_PARAMS oaepParams;
|
||||
oaepParams.source = CKZ_DATA_SPECIFIED;
|
||||
|
||||
oaepParams.pSourceData = mLabel.Length() ? mLabel.Elements() : nullptr;
|
||||
oaepParams.ulSourceDataLen = mLabel.Length();
|
||||
|
||||
oaepParams.mgf = mMgfMechanism;
|
||||
oaepParams.hashAlg = mHashMechanism;
|
||||
|
||||
SECItem param;
|
||||
param.type = siBuffer;
|
||||
param.data = (unsigned char*) &oaepParams;
|
||||
param.len = sizeof(oaepParams);
|
||||
|
||||
uint32_t outLen;
|
||||
if (mEncrypt) {
|
||||
// PK11_PubEncrypt() checks the plaintext's length and fails if it is too
|
||||
// long to encrypt, i.e. if it is longer than (k - 2hLen - 2) with 'k'
|
||||
// being the length in octets of the RSA modulus n and 'hLen' being the
|
||||
// output length in octets of the chosen hash function.
|
||||
// <https://tools.ietf.org/html/rfc3447#section-7.1>
|
||||
rv = MapSECStatus(PK11_PubEncrypt(
|
||||
mPubKey.get(), CKM_RSA_PKCS_OAEP, ¶m,
|
||||
mResult.Elements(), &outLen, mResult.Length(),
|
||||
mData.Elements(), mData.Length(), nullptr));
|
||||
} else {
|
||||
rv = MapSECStatus(PK11_PrivDecrypt(
|
||||
mPrivKey.get(), CKM_RSA_PKCS_OAEP, ¶m,
|
||||
mResult.Elements(), &outLen, mResult.Length(),
|
||||
mData.Elements(), mData.Length()));
|
||||
}
|
||||
mResult.SetLength(outLen);
|
||||
|
||||
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
|
||||
return NS_OK;
|
||||
}
|
||||
};
|
||||
|
||||
class HmacTask : public WebCryptoTask
|
||||
{
|
||||
public:
|
||||
HmacTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
|
||||
CryptoKey& aKey,
|
||||
mozilla::dom::CryptoKey& aKey,
|
||||
const CryptoOperationData& aSignature,
|
||||
const CryptoOperationData& aData,
|
||||
bool aSign)
|
||||
@ -707,7 +584,7 @@ class RsassaPkcs1Task : public WebCryptoTask
|
||||
{
|
||||
public:
|
||||
RsassaPkcs1Task(JSContext* aCx, const ObjectOrString& aAlgorithm,
|
||||
CryptoKey& aKey,
|
||||
mozilla::dom::CryptoKey& aKey,
|
||||
const CryptoOperationData& aSignature,
|
||||
const CryptoOperationData& aData,
|
||||
bool aSign)
|
||||
@ -1050,8 +927,7 @@ public:
|
||||
}
|
||||
|
||||
// If this is RSA with a hash, cache the hash name
|
||||
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
|
||||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
RootedDictionary<RsaHashedImportParams> params(aCx);
|
||||
mEarlyRv = Coerce(aCx, params, aAlgorithm);
|
||||
if (NS_FAILED(mEarlyRv) || !params.mHash.WasPassed()) {
|
||||
@ -1122,14 +998,15 @@ private:
|
||||
{
|
||||
// Construct an appropriate KeyAlgorithm
|
||||
nsIGlobalObject* global = mKey->GetParentObject();
|
||||
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
|
||||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
|
||||
if ((mKey->GetKeyType() == CryptoKey::PUBLIC &&
|
||||
mKey->HasUsageOtherThan(CryptoKey::ENCRYPT)) ||
|
||||
(mKey->GetKeyType() == CryptoKey::PRIVATE &&
|
||||
mKey->HasUsageOtherThan(CryptoKey::DECRYPT))) {
|
||||
return NS_ERROR_DOM_DATA_ERR;
|
||||
}
|
||||
|
||||
mKey->SetAlgorithm(new RsaKeyAlgorithm(global, mAlgName, mModulusLength, mPublicExponent));
|
||||
} else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
if ((mKey->GetKeyType() == CryptoKey::PUBLIC &&
|
||||
mKey->HasUsageOtherThan(CryptoKey::VERIFY)) ||
|
||||
@ -1137,23 +1014,16 @@ private:
|
||||
mKey->HasUsageOtherThan(CryptoKey::SIGN))) {
|
||||
return NS_ERROR_DOM_DATA_ERR;
|
||||
}
|
||||
}
|
||||
|
||||
// Construct an appropriate KeyAlgorithm
|
||||
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
|
||||
mKey->SetAlgorithm(new RsaKeyAlgorithm(global, mAlgName, mModulusLength, mPublicExponent));
|
||||
} else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
|
||||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
nsRefPtr<RsaHashedKeyAlgorithm> algorithm =
|
||||
new RsaHashedKeyAlgorithm(global, mAlgName,
|
||||
mModulusLength, mPublicExponent, mHashName);
|
||||
nsRefPtr<RsaHashedKeyAlgorithm> algorithm = new RsaHashedKeyAlgorithm(
|
||||
global,
|
||||
mAlgName,
|
||||
mModulusLength,
|
||||
mPublicExponent,
|
||||
mHashName);
|
||||
if (algorithm->Mechanism() == UNKNOWN_CK_MECHANISM) {
|
||||
return NS_ERROR_DOM_SYNTAX_ERR;
|
||||
}
|
||||
|
||||
if (algorithm->Hash()->Mechanism() == UNKNOWN_CK_MECHANISM) {
|
||||
return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
|
||||
}
|
||||
mKey->SetAlgorithm(algorithm);
|
||||
}
|
||||
|
||||
@ -1406,8 +1276,7 @@ public:
|
||||
// Construct an appropriate KeyAlorithm
|
||||
KeyAlgorithm* algorithm;
|
||||
uint32_t privateAllowedUsages = 0, publicAllowedUsages = 0;
|
||||
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
|
||||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
RootedDictionary<RsaHashedKeyGenParams> params(aCx);
|
||||
mEarlyRv = Coerce(aCx, params, aAlgorithm);
|
||||
if (NS_FAILED(mEarlyRv) || !params.mModulusLength.WasPassed() ||
|
||||
@ -1442,6 +1311,9 @@ public:
|
||||
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
return;
|
||||
}
|
||||
|
||||
privateAllowedUsages = CryptoKey::SIGN;
|
||||
publicAllowedUsages = CryptoKey::VERIFY;
|
||||
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
|
||||
RootedDictionary<RsaKeyGenParams> params(aCx);
|
||||
mEarlyRv = Coerce(aCx, params, aAlgorithm);
|
||||
@ -1470,21 +1342,14 @@ public:
|
||||
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
|
||||
return;
|
||||
}
|
||||
|
||||
privateAllowedUsages = CryptoKey::DECRYPT | CryptoKey::UNWRAPKEY;
|
||||
publicAllowedUsages = CryptoKey::ENCRYPT | CryptoKey::WRAPKEY;
|
||||
} else {
|
||||
mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
|
||||
return;
|
||||
}
|
||||
|
||||
// Set key usages.
|
||||
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
privateAllowedUsages = CryptoKey::SIGN;
|
||||
publicAllowedUsages = CryptoKey::VERIFY;
|
||||
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
|
||||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
privateAllowedUsages = CryptoKey::DECRYPT | CryptoKey::UNWRAPKEY;
|
||||
publicAllowedUsages = CryptoKey::ENCRYPT | CryptoKey::WRAPKEY;
|
||||
}
|
||||
|
||||
mKeyPair->PrivateKey()->SetExtractable(aExtractable);
|
||||
mKeyPair->PrivateKey()->SetType(CryptoKey::PRIVATE);
|
||||
|
||||
@ -1588,8 +1453,6 @@ WebCryptoTask::EncryptDecryptTask(JSContext* aCx,
|
||||
return new AesTask(aCx, aAlgorithm, aKey, aData, aEncrypt);
|
||||
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
|
||||
return new RsaesPkcs1Task(aCx, aAlgorithm, aKey, aData, aEncrypt);
|
||||
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
return new RsaOaepTask(aCx, aAlgorithm, aKey, aData, aEncrypt);
|
||||
}
|
||||
|
||||
return new FailureTask(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
@ -1661,8 +1524,7 @@ WebCryptoTask::ImportKeyTask(JSContext* aCx,
|
||||
return new ImportSymmetricKeyTask(aCx, aFormat, aKeyData, aAlgorithm,
|
||||
aExtractable, aKeyUsages);
|
||||
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
|
||||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
|
||||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
return new ImportRsaKeyTask(aCx, aFormat, aKeyData, aAlgorithm,
|
||||
aExtractable, aKeyUsages);
|
||||
} else {
|
||||
@ -1704,8 +1566,7 @@ WebCryptoTask::GenerateKeyTask(JSContext* aCx,
|
||||
algName.EqualsASCII(WEBCRYPTO_ALG_HMAC)) {
|
||||
return new GenerateSymmetricKeyTask(aCx, aAlgorithm, aExtractable, aKeyUsages);
|
||||
} else if (algName.EqualsASCII(WEBCRYPTO_ALG_RSAES_PKCS1) ||
|
||||
algName.EqualsASCII(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
|
||||
algName.EqualsASCII(WEBCRYPTO_ALG_RSA_OAEP)) {
|
||||
algName.EqualsASCII(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
|
||||
return new GenerateAsymmetricKeyTask(aCx, aAlgorithm, aExtractable, aKeyUsages);
|
||||
} else {
|
||||
return new FailureTask(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
|
||||
|
@ -89,10 +89,6 @@ dictionary RsaHashedKeyGenParams : RsaKeyGenParams {
|
||||
AlgorithmIdentifier hash;
|
||||
};
|
||||
|
||||
dictionary RsaOaepParams : Algorithm {
|
||||
CryptoOperationData? label;
|
||||
};
|
||||
|
||||
dictionary DhKeyGenParams : Algorithm {
|
||||
BigInteger prime;
|
||||
BigInteger generator;
|
||||
|
@ -395,11 +395,9 @@ PK11_PBEKeyGen
|
||||
PK11_PQG_DestroyParams
|
||||
PK11_PQG_DestroyVerify
|
||||
PK11_PQG_ParamGen
|
||||
PK11_PrivDecrypt
|
||||
PK11_PrivDecryptPKCS1
|
||||
PK11_ProtectedAuthenticationPath
|
||||
PK11_PubDeriveWithKDF
|
||||
PK11_PubEncrypt
|
||||
PK11_PubEncryptPKCS1
|
||||
PK11_PubUnwrapSymKey
|
||||
PK11_PubWrapSymKey
|
||||
|
Loading…
Reference in New Issue
Block a user