2017-06-03 Zan Dobersek <zdobersek@igalia.com>
+ [GCrypt] Gather SUBTLE_CRYPTO utility functions in a single header
+ https://bugs.webkit.org/show_bug.cgi?id=172870
+
+ Reviewed by Jiewen Tan.
+
+ Gather the helper functions used across different source files
+ for libgcrypt-backed SUBTLE_CRYPTO implementations in a single
+ header file.
+
+ * crypto/gcrypt/CryptoAlgorithmECDSAGCrypt.cpp:
+ (WebCore::hashCryptoDigestAlgorithm): Deleted.
+ (WebCore::hashAlgorithmName): Deleted.
+ (WebCore::mpiData): Deleted.
+ * crypto/gcrypt/CryptoAlgorithmHKDFGCrypt.cpp:
+ (WebCore::gcryptDeriveBits):
+ (WebCore::macAlgorithmForHashFunction): Deleted.
+ * crypto/gcrypt/CryptoAlgorithmPBKDF2GCrypt.cpp:
+ (WebCore::gcryptDeriveBits):
+ * crypto/gcrypt/CryptoAlgorithmRSAES_PKCS1_v1_5GCrypt.cpp:
+ (WebCore::mpiData): Deleted.
+ * crypto/gcrypt/CryptoAlgorithmRSASSA_PKCS1_v1_5GCrypt.cpp:
+ (WebCore::hashCryptoDigestAlgorithm): Deleted.
+ (WebCore::hashAlgorithmName): Deleted.
+ (WebCore::mpiData): Deleted.
+ * crypto/gcrypt/CryptoAlgorithmRSA_OAEPGCrypt.cpp:
+ (WebCore::hashAlgorithmName): Deleted.
+ (WebCore::mpiData): Deleted.
+ * crypto/gcrypt/GCryptUtilities.h: Added.
+ (WebCore::hashAlgorithmName):
+ (WebCore::hmacAlgorithm):
+ (WebCore::digestAlgorithm):
+ (WebCore::hashCryptoDigestAlgorithm):
+ (WebCore::mpiData):
+
+2017-06-03 Zan Dobersek <zdobersek@igalia.com>
+
[GCrypt] Fix PK verification for ECDSA
https://bugs.webkit.org/show_bug.cgi?id=172857
#include "CryptoAlgorithmEcdsaParams.h"
#include "CryptoKeyEC.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "ScriptExecutionContext.h"
#include <pal/crypto/CryptoDigest.h>
-#include <pal/crypto/gcrypt/Handle.h>
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
-static std::optional<PAL::CryptoDigest::Algorithm> hashCryptoDigestAlgorithm(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return PAL::CryptoDigest::Algorithm::SHA_1;
- case CryptoAlgorithmIdentifier::SHA_224:
- return PAL::CryptoDigest::Algorithm::SHA_224;
- case CryptoAlgorithmIdentifier::SHA_256:
- return PAL::CryptoDigest::Algorithm::SHA_256;
- case CryptoAlgorithmIdentifier::SHA_384:
- return PAL::CryptoDigest::Algorithm::SHA_384;
- case CryptoAlgorithmIdentifier::SHA_512:
- return PAL::CryptoDigest::Algorithm::SHA_512;
- default:
- return std::nullopt;
- }
-}
-
-static std::optional<const char*> hashAlgorithmName(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return "sha1";
- case CryptoAlgorithmIdentifier::SHA_224:
- return "sha224";
- case CryptoAlgorithmIdentifier::SHA_256:
- return "sha256";
- case CryptoAlgorithmIdentifier::SHA_384:
- return "sha384";
- case CryptoAlgorithmIdentifier::SHA_512:
- return "sha512";
- default:
- return std::nullopt;
- }
-}
-
-std::optional<Vector<uint8_t>> mpiData(gcry_sexp_t paramSexp)
-{
- // Retrieve the MPI value stored in the s-expression: (name mpi-data)
- PAL::GCrypt::Handle<gcry_mpi_t> paramMPI(gcry_sexp_nth_mpi(paramSexp, 1, GCRYMPI_FMT_USG));
- if (!paramMPI)
- return std::nullopt;
-
- // Query the data length first to properly prepare the buffer.
- size_t dataLength = 0;
- gcry_error_t error = gcry_mpi_print(GCRYMPI_FMT_USG, nullptr, 0, &dataLength, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- // Finally, copy the MPI data into a properly-sized buffer.
- Vector<uint8_t> output(dataLength);
- error = gcry_mpi_print(GCRYMPI_FMT_USG, output.data(), output.size(), nullptr, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- return output;
-}
-
static std::optional<Vector<uint8_t>> gcryptSign(gcry_sexp_t keySexp, const Vector<uint8_t>& data, CryptoAlgorithmIdentifier hashAlgorithmIdentifier, size_t keySizeInBytes)
{
// Perform digest operation with the specified algorithm on the given data.
#include "CryptoAlgorithmHkdfParams.h"
#include "CryptoKeyRaw.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "ScriptExecutionContext.h"
-#include <pal/crypto/gcrypt/Handle.h>
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
// We should switch to the libgcrypt-provided implementation once it's available.
// https://bugs.webkit.org/show_bug.cgi?id=171536
-static std::optional<int> macAlgorithmForHashFunction(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return GCRY_MAC_HMAC_SHA1;
- case CryptoAlgorithmIdentifier::SHA_224:
- return GCRY_MAC_HMAC_SHA224;
- case CryptoAlgorithmIdentifier::SHA_256:
- return GCRY_MAC_HMAC_SHA256;
- case CryptoAlgorithmIdentifier::SHA_384:
- return GCRY_MAC_HMAC_SHA384;
- case CryptoAlgorithmIdentifier::SHA_512:
- return GCRY_MAC_HMAC_SHA512;
- default:
- return std::nullopt;
- }
-}
-
static std::optional<Vector<uint8_t>> gcryptDeriveBits(const Vector<uint8_t>& key, const Vector<uint8_t>& salt, const Vector<uint8_t>& info, size_t lengthInBytes, CryptoAlgorithmIdentifier identifier)
{
// libgcrypt doesn't provide HKDF support, so we have to implement
// the functionality ourselves as specified in RFC5869.
// https://www.ietf.org/rfc/rfc5869.txt
- auto macAlgorithm = macAlgorithmForHashFunction(identifier);
+ auto macAlgorithm = hmacAlgorithm(identifier);
if (!macAlgorithm)
return std::nullopt;
#include "CryptoAlgorithmPbkdf2Params.h"
#include "CryptoKeyRaw.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "ScriptExecutionContext.h"
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
static std::optional<Vector<uint8_t>> gcryptDeriveBits(const Vector<uint8_t>& keyData, const Vector<uint8_t>& saltData, CryptoAlgorithmIdentifier hashIdentifier, size_t iterations, size_t length)
{
- int hashAlgorithm;
- switch (hashIdentifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- hashAlgorithm = GCRY_MD_SHA1;
- break;
- case CryptoAlgorithmIdentifier::SHA_224:
- hashAlgorithm = GCRY_MD_SHA224;
- break;
- case CryptoAlgorithmIdentifier::SHA_256:
- hashAlgorithm = GCRY_MD_SHA256;
- break;
- case CryptoAlgorithmIdentifier::SHA_384:
- hashAlgorithm = GCRY_MD_SHA384;
- break;
- case CryptoAlgorithmIdentifier::SHA_512:
- hashAlgorithm = GCRY_MD_SHA512;
- break;
- default:
+ auto hashAlgorithm = digestAlgorithm(hashIdentifier);
+ if (!hashAlgorithm)
return std::nullopt;
- }
// Length, in bits, is a multiple of 8, as guaranteed by CryptoAlgorithmPBKDF2::deriveBits().
ASSERT(!(length % 8));
Vector<uint8_t> result(length / 8);
- gcry_error_t error = gcry_kdf_derive(keyData.data(), keyData.size(), GCRY_KDF_PBKDF2, hashAlgorithm, saltData.data(), saltData.size(), iterations, result.size(), result.data());
+ gcry_error_t error = gcry_kdf_derive(keyData.data(), keyData.size(), GCRY_KDF_PBKDF2, *hashAlgorithm, saltData.data(), saltData.size(), iterations, result.size(), result.data());
if (error != GPG_ERR_NO_ERROR) {
PAL::GCrypt::logError(error);
return std::nullopt;
#include "CryptoKeyRSA.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "NotImplemented.h"
#include "ScriptExecutionContext.h"
-#include <pal/crypto/gcrypt/Handle.h>
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
-static std::optional<Vector<uint8_t>> mpiData(gcry_sexp_t paramSexp)
-{
- // Retrieve the MPI value stored in the s-expression: (name mpi-data)
- PAL::GCrypt::Handle<gcry_mpi_t> paramMPI(gcry_sexp_nth_mpi(paramSexp, 1, GCRYMPI_FMT_USG));
- if (!paramMPI)
- return std::nullopt;
-
- // Query the data length first to properly prepare the buffer.
- size_t dataLength = 0;
- gcry_error_t error = gcry_mpi_print(GCRYMPI_FMT_USG, nullptr, 0, &dataLength, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- // Finally, copy the MPI data into a properly-sized buffer.
- Vector<uint8_t> output(dataLength);
- error = gcry_mpi_print(GCRYMPI_FMT_USG, output.data(), output.size(), nullptr, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- return output;
-}
-
static std::optional<Vector<uint8_t>> gcryptEncrypt(gcry_sexp_t keySexp, Vector<uint8_t>&& plainText)
{
// Embed the plain-text data in a `data` s-expression using PKCS#1 padding.
#include "CryptoAlgorithmRsaSsaParamsDeprecated.h"
#include "CryptoKeyRSA.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "NotImplemented.h"
#include "ScriptExecutionContext.h"
-#include <pal/crypto/CryptoDigest.h>
-#include <pal/crypto/gcrypt/Handle.h>
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
-static std::optional<PAL::CryptoDigest::Algorithm> hashCryptoDigestAlgorithm(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return PAL::CryptoDigest::Algorithm::SHA_1;
- case CryptoAlgorithmIdentifier::SHA_224:
- return PAL::CryptoDigest::Algorithm::SHA_224;
- case CryptoAlgorithmIdentifier::SHA_256:
- return PAL::CryptoDigest::Algorithm::SHA_256;
- case CryptoAlgorithmIdentifier::SHA_384:
- return PAL::CryptoDigest::Algorithm::SHA_384;
- case CryptoAlgorithmIdentifier::SHA_512:
- return PAL::CryptoDigest::Algorithm::SHA_512;
- default:
- return std::nullopt;
- }
-}
-
-static std::optional<const char*> hashAlgorithmName(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return "sha1";
- case CryptoAlgorithmIdentifier::SHA_224:
- return "sha224";
- case CryptoAlgorithmIdentifier::SHA_256:
- return "sha256";
- case CryptoAlgorithmIdentifier::SHA_384:
- return "sha384";
- case CryptoAlgorithmIdentifier::SHA_512:
- return "sha512";
- default:
- return std::nullopt;
- }
-}
-
-static std::optional<Vector<uint8_t>> mpiData(gcry_sexp_t paramSexp)
-{
- // Retrieve the MPI value stored in the s-expression: (name mpi-data)
- PAL::GCrypt::Handle<gcry_mpi_t> paramMPI(gcry_sexp_nth_mpi(paramSexp, 1, GCRYMPI_FMT_USG));
- if (!paramMPI)
- return std::nullopt;
-
- // Query the data length first to properly prepare the buffer.
- size_t dataLength = 0;
- gcry_error_t error = gcry_mpi_print(GCRYMPI_FMT_USG, nullptr, 0, &dataLength, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- // Finally, copy the MPI data into a properly-sized buffer.
- Vector<uint8_t> output(dataLength);
- error = gcry_mpi_print(GCRYMPI_FMT_USG, output.data(), output.size(), nullptr, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- return output;
-}
-
static std::optional<Vector<uint8_t>> gcryptSign(gcry_sexp_t keySexp, const Vector<uint8_t>& data, CryptoAlgorithmIdentifier hashAlgorithmIdentifier)
{
// Perform digest operation with the specified algorithm on the given data.
#include "CryptoAlgorithmRsaOaepParams.h"
#include "CryptoKeyRSA.h"
#include "ExceptionCode.h"
+#include "GCryptUtilities.h"
#include "NotImplemented.h"
#include "ScriptExecutionContext.h"
-#include <pal/crypto/gcrypt/Handle.h>
-#include <pal/crypto/gcrypt/Utilities.h>
namespace WebCore {
-static std::optional<const char*> hashAlgorithmName(CryptoAlgorithmIdentifier identifier)
-{
- switch (identifier) {
- case CryptoAlgorithmIdentifier::SHA_1:
- return "sha1";
- case CryptoAlgorithmIdentifier::SHA_224:
- return "sha224";
- case CryptoAlgorithmIdentifier::SHA_256:
- return "sha256";
- case CryptoAlgorithmIdentifier::SHA_384:
- return "sha384";
- case CryptoAlgorithmIdentifier::SHA_512:
- return "sha512";
- default:
- return std::nullopt;
- }
-}
-
-static std::optional<Vector<uint8_t>> mpiData(gcry_sexp_t paramSexp)
-{
- // Retrieve the MPI value stored in the s-expression: (name mpi-data)
- PAL::GCrypt::Handle<gcry_mpi_t> paramMPI(gcry_sexp_nth_mpi(paramSexp, 1, GCRYMPI_FMT_USG));
- if (!paramMPI)
- return std::nullopt;
-
- // Query the data length first to properly prepare the buffer.
- size_t dataLength = 0;
- gcry_error_t error = gcry_mpi_print(GCRYMPI_FMT_USG, nullptr, 0, &dataLength, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- // Finally, copy the MPI data into a properly-sized buffer.
- Vector<uint8_t> output(dataLength);
- error = gcry_mpi_print(GCRYMPI_FMT_USG, output.data(), output.size(), nullptr, paramMPI);
- if (error != GPG_ERR_NO_ERROR) {
- PAL::GCrypt::logError(error);
- return std::nullopt;
- }
-
- return output;
-}
-
static std::optional<Vector<uint8_t>> gcryptEncrypt(CryptoAlgorithmIdentifier hashAlgorithmIdentifier, gcry_sexp_t keySexp, const Vector<uint8_t>& labelVector, const Vector<uint8_t>& plainText)
{
// Embed the plain-text data in a data s-expression using OAEP padding.
--- /dev/null
+/*
+ * Copyright (C) 2017 Apple Inc. All rights reserved.
+ * Copyright (C) 2017 Metrological Group B.V.
+ * Copyright (C) 2017 Igalia S.L.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
+ * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
+ * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
+ * THE POSSIBILITY OF SUCH DAMAGE.
+ */
+
+#include "CryptoAlgorithmIdentifier.h"
+#include <gcrypt.h>
+#include <pal/crypto/CryptoDigest.h>
+#include <pal/crypto/gcrypt/Handle.h>
+#include <pal/crypto/gcrypt/Utilities.h>
+
+namespace WebCore {
+
+static inline std::optional<const char*> hashAlgorithmName(CryptoAlgorithmIdentifier identifier)
+{
+ switch (identifier) {
+ case CryptoAlgorithmIdentifier::SHA_1:
+ return "sha1";
+ case CryptoAlgorithmIdentifier::SHA_224:
+ return "sha224";
+ case CryptoAlgorithmIdentifier::SHA_256:
+ return "sha256";
+ case CryptoAlgorithmIdentifier::SHA_384:
+ return "sha384";
+ case CryptoAlgorithmIdentifier::SHA_512:
+ return "sha512";
+ default:
+ return std::nullopt;
+ }
+}
+
+static inline std::optional<int> hmacAlgorithm(CryptoAlgorithmIdentifier identifier)
+{
+ switch (identifier) {
+ case CryptoAlgorithmIdentifier::SHA_1:
+ return GCRY_MAC_HMAC_SHA1;
+ case CryptoAlgorithmIdentifier::SHA_224:
+ return GCRY_MAC_HMAC_SHA224;
+ case CryptoAlgorithmIdentifier::SHA_256:
+ return GCRY_MAC_HMAC_SHA256;
+ case CryptoAlgorithmIdentifier::SHA_384:
+ return GCRY_MAC_HMAC_SHA384;
+ case CryptoAlgorithmIdentifier::SHA_512:
+ return GCRY_MAC_HMAC_SHA512;
+ default:
+ return std::nullopt;
+ }
+}
+
+static inline std::optional<int> digestAlgorithm(CryptoAlgorithmIdentifier identifier)
+{
+ switch (identifier) {
+ case CryptoAlgorithmIdentifier::SHA_1:
+ return GCRY_MD_SHA1;
+ case CryptoAlgorithmIdentifier::SHA_224:
+ return GCRY_MD_SHA224;
+ case CryptoAlgorithmIdentifier::SHA_256:
+ return GCRY_MD_SHA256;
+ case CryptoAlgorithmIdentifier::SHA_384:
+ return GCRY_MD_SHA384;
+ case CryptoAlgorithmIdentifier::SHA_512:
+ return GCRY_MD_SHA512;
+ default:
+ return std::nullopt;
+ }
+}
+
+static inline std::optional<PAL::CryptoDigest::Algorithm> hashCryptoDigestAlgorithm(CryptoAlgorithmIdentifier identifier)
+{
+ switch (identifier) {
+ case CryptoAlgorithmIdentifier::SHA_1:
+ return PAL::CryptoDigest::Algorithm::SHA_1;
+ case CryptoAlgorithmIdentifier::SHA_224:
+ return PAL::CryptoDigest::Algorithm::SHA_224;
+ case CryptoAlgorithmIdentifier::SHA_256:
+ return PAL::CryptoDigest::Algorithm::SHA_256;
+ case CryptoAlgorithmIdentifier::SHA_384:
+ return PAL::CryptoDigest::Algorithm::SHA_384;
+ case CryptoAlgorithmIdentifier::SHA_512:
+ return PAL::CryptoDigest::Algorithm::SHA_512;
+ default:
+ return std::nullopt;
+ }
+}
+
+static inline std::optional<Vector<uint8_t>> mpiData(gcry_sexp_t paramSexp)
+{
+ // Retrieve the MPI value stored in the s-expression: (name mpi-data)
+ PAL::GCrypt::Handle<gcry_mpi_t> paramMPI(gcry_sexp_nth_mpi(paramSexp, 1, GCRYMPI_FMT_USG));
+ if (!paramMPI)
+ return std::nullopt;
+
+ // Query the data length first to properly prepare the buffer.
+ size_t dataLength = 0;
+ gcry_error_t error = gcry_mpi_print(GCRYMPI_FMT_USG, nullptr, 0, &dataLength, paramMPI);
+ if (error != GPG_ERR_NO_ERROR) {
+ PAL::GCrypt::logError(error);
+ return std::nullopt;
+ }
+
+ // Finally, copy the MPI data into a properly-sized buffer.
+ Vector<uint8_t> output(dataLength);
+ error = gcry_mpi_print(GCRYMPI_FMT_USG, output.data(), output.size(), nullptr, paramMPI);
+ if (error != GPG_ERR_NO_ERROR) {
+ PAL::GCrypt::logError(error);
+ return std::nullopt;
+ }
+
+ return output;
+}
+
+} // namespace WebCore
git://git.webkit.org / WebKit-https.git / commitdiff