+2017-08-19 Sam Weinig <sam@webkit.org>
+
+ [Mac] Change uint8_t* to Vector<uint8_t> type in all crypto algorithm implementation
+ https://bugs.webkit.org/show_bug.cgi?id=164939
+
+ Reviewed by Chris Dumez.
+
+ Address FIXMEs, replacing uint8_t*/size_t parameters with Vector<uint8_t>&.
+
+ * crypto/mac/CryptoAlgorithmAES_CBCMac.cpp:
+ (WebCore::transformAES_CBC):
+ (WebCore::CryptoAlgorithmAES_CBC::platformEncrypt):
+ (WebCore::CryptoAlgorithmAES_CBC::platformDecrypt):
+ * crypto/mac/CryptoAlgorithmAES_KWMac.cpp:
+ (WebCore::wrapKeyAES_KW):
+ (WebCore::unwrapKeyAES_KW):
+ (WebCore::CryptoAlgorithmAES_KW::platformWrapKey):
+ (WebCore::CryptoAlgorithmAES_KW::platformUnwrapKey):
+ * crypto/mac/CryptoAlgorithmHMACMac.cpp:
+ (WebCore::calculateSignature):
+ (WebCore::CryptoAlgorithmHMAC::platformSign):
+ (WebCore::CryptoAlgorithmHMAC::platformVerify):
+ * crypto/mac/CryptoAlgorithmRSAES_PKCS1_v1_5Mac.cpp:
+ (WebCore::encryptRSAES_PKCS1_v1_5):
+ (WebCore::decryptRSAES_PKCS1_v1_5):
+ (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformEncrypt):
+ (WebCore::CryptoAlgorithmRSAES_PKCS1_v1_5::platformDecrypt):
+ * crypto/mac/CryptoAlgorithmRSASSA_PKCS1_v1_5Mac.cpp:
+ (WebCore::signRSASSA_PKCS1_v1_5):
+ (WebCore::verifyRSASSA_PKCS1_v1_5):
+ (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformSign):
+ (WebCore::CryptoAlgorithmRSASSA_PKCS1_v1_5::platformVerify):
+ * crypto/mac/CryptoAlgorithmRSA_OAEPMac.cpp:
+ (WebCore::encryptRSA_OAEP):
+ (WebCore::decryptRSA_OAEP):
+ (WebCore::CryptoAlgorithmRSA_OAEP::platformEncrypt):
+ (WebCore::CryptoAlgorithmRSA_OAEP::platformDecrypt):
+
2017-08-18 Ryosuke Niwa <rniwa@webkit.org>
Forbid setDragImage after dragstart
namespace WebCore {
-// FIXME: We should change iv and data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> transformAES_CBC(CCOperation operation, const uint8_t* iv, const Vector<uint8_t>& key, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> transformAES_CBC(CCOperation operation, const Vector<uint8_t>& iv, const Vector<uint8_t>& key, const Vector<uint8_t>& data)
{
CCCryptorRef cryptor;
- CCCryptorStatus status = CCCryptorCreate(operation, kCCAlgorithmAES, kCCOptionPKCS7Padding, key.data(), key.size(), iv, &cryptor);
+ CCCryptorStatus status = CCCryptorCreate(operation, kCCAlgorithmAES, kCCOptionPKCS7Padding, key.data(), key.size(), iv.data(), &cryptor);
if (status)
return Exception { OperationError };
- Vector<uint8_t> result(CCCryptorGetOutputLength(cryptor, dataLength, true));
+ Vector<uint8_t> result(CCCryptorGetOutputLength(cryptor, data.size(), true));
size_t bytesWritten;
- status = CCCryptorUpdate(cryptor, data, dataLength, result.data(), result.size(), &bytesWritten);
+ status = CCCryptorUpdate(cryptor, data.data(), data.size(), result.data(), result.size(), &bytesWritten);
if (status)
return Exception { OperationError };
auto& aesParameters = downcast<CryptoAlgorithmAesCbcCfbParams>(*parameters);
auto& aesKey = downcast<CryptoKeyAES>(key.get());
ASSERT(aesParameters.ivVector().size() == kCCBlockSizeAES128);
- auto result = transformAES_CBC(kCCEncrypt, aesParameters.ivVector().data(), aesKey.key(), plainText.data(), plainText.size());
+ auto result = transformAES_CBC(kCCEncrypt, aesParameters.ivVector(), aesKey.key(), plainText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
auto& aesParameters = downcast<CryptoAlgorithmAesCbcCfbParams>(*parameters);
auto& aesKey = downcast<CryptoKeyAES>(key.get());
assert(aesParameters.ivVector().size() == kCCBlockSizeAES128);
- auto result = transformAES_CBC(kCCDecrypt, aesParameters.ivVector().data(), aesKey.key(), cipherText.data(), cipherText.size());
+ auto result = transformAES_CBC(kCCDecrypt, aesParameters.ivVector(), aesKey.key(), cipherText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
namespace WebCore {
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> wrapKeyAES_KW(const Vector<uint8_t>& key, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> wrapKeyAES_KW(const Vector<uint8_t>& key, const Vector<uint8_t>& data)
{
- Vector<uint8_t> result(CCSymmetricWrappedSize(kCCWRAPAES, dataLength));
+ Vector<uint8_t> result(CCSymmetricWrappedSize(kCCWRAPAES, data.size()));
size_t resultSize = result.size();
- if (CCSymmetricKeyWrap(kCCWRAPAES, CCrfc3394_iv, CCrfc3394_ivLen, key.data(), key.size(), data, dataLength, result.data(), &resultSize))
+ if (CCSymmetricKeyWrap(kCCWRAPAES, CCrfc3394_iv, CCrfc3394_ivLen, key.data(), key.size(), data.data(), data.size(), result.data(), &resultSize))
return Exception { OperationError };
result.shrink(resultSize);
return WTFMove(result);
}
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> unwrapKeyAES_KW(const Vector<uint8_t>& key, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> unwrapKeyAES_KW(const Vector<uint8_t>& key, const Vector<uint8_t>& data)
{
- Vector<uint8_t> result(CCSymmetricUnwrappedSize(kCCWRAPAES, dataLength));
+ Vector<uint8_t> result(CCSymmetricUnwrappedSize(kCCWRAPAES, data.size()));
size_t resultSize = result.size();
if (resultSize % 8)
return Exception { OperationError };
- if (CCSymmetricKeyUnwrap(kCCWRAPAES, CCrfc3394_iv, CCrfc3394_ivLen, key.data(), key.size(), data, dataLength, result.data(), &resultSize))
+ if (CCSymmetricKeyUnwrap(kCCWRAPAES, CCrfc3394_iv, CCrfc3394_ivLen, key.data(), key.size(), data.data(), data.size(), result.data(), &resultSize))
return Exception { OperationError };
result.shrink(resultSize);
void CryptoAlgorithmAES_KW::platformWrapKey(Ref<CryptoKey>&& key, Vector<uint8_t>&& data, VectorCallback&& callback, ExceptionCallback&& exceptionCallback)
{
auto& aesKey = downcast<CryptoKeyAES>(key.get());
- auto result = wrapKeyAES_KW(aesKey.key(), data.data(), data.size());
+ auto result = wrapKeyAES_KW(aesKey.key(), data);
if (result.hasException()) {
exceptionCallback(result.releaseException().code());
return;
void CryptoAlgorithmAES_KW::platformUnwrapKey(Ref<CryptoKey>&& key, Vector<uint8_t>&& data, VectorCallback&& callback, ExceptionCallback&& exceptionCallback)
{
auto& aesKey = downcast<CryptoKeyAES>(key.get());
- auto result = unwrapKeyAES_KW(aesKey.key(), data.data(), data.size());
+ auto result = unwrapKeyAES_KW(aesKey.key(), data);
if (result.hasException()) {
exceptionCallback(result.releaseException().code());
return;
}
}
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static Vector<uint8_t> calculateSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const uint8_t* data, size_t dataLength)
+static Vector<uint8_t> calculateSignature(CCHmacAlgorithm algorithm, const Vector<uint8_t>& key, const Vector<uint8_t>& data)
{
size_t digestLength;
switch (algorithm) {
}
Vector<uint8_t> result(digestLength);
- CCHmac(algorithm, key.data(), key.size(), data, dataLength, result.data());
+ CCHmac(algorithm, key.data(), key.size(), data.data(), data.size(), result.data());
return result;
}
});
return;
}
- auto result = calculateSignature(*algorithm, hmacKey.key(), data.data(), data.size());
+ auto result = calculateSignature(*algorithm, hmacKey.key(), data);
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([callback = WTFMove(callback), result = WTFMove(result), exceptionCallback = WTFMove(exceptionCallback)](ScriptExecutionContext& context) {
callback(result);
});
return;
}
- auto expectedSignature = calculateSignature(*algorithm, hmacKey.key(), data.data(), data.size());
+ auto expectedSignature = calculateSignature(*algorithm, hmacKey.key(), data);
// Using a constant time comparison to prevent timing attacks.
bool result = signature.size() == expectedSignature.size() && !constantTimeMemcmp(expectedSignature.data(), signature.data(), expectedSignature.size());
// We should only dereference callbacks after being back to the Document/Worker threads.
namespace WebCore {
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> encryptRSAES_PKCS1_v1_5(const PlatformRSAKey key, size_t keyLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> encryptRSAES_PKCS1_v1_5(const PlatformRSAKey key, size_t keyLength, const Vector<uint8_t>& data)
{
Vector<uint8_t> cipherText(keyLength / 8); // Per Step 3.c of https://tools.ietf.org/html/rfc3447#section-7.2.1
size_t cipherTextLength = cipherText.size();
- if (CCRSACryptorEncrypt(key, ccPKCS1Padding, data, dataLength, cipherText.data(), &cipherTextLength, 0, 0, kCCDigestNone))
+ if (CCRSACryptorEncrypt(key, ccPKCS1Padding, data.data(), data.size(), cipherText.data(), &cipherTextLength, 0, 0, kCCDigestNone))
return Exception { OperationError };
return WTFMove(cipherText);
}
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> decryptRSAES_PKCS1_v1_5(const PlatformRSAKey key, size_t keyLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> decryptRSAES_PKCS1_v1_5(const PlatformRSAKey key, size_t keyLength, const Vector<uint8_t>& data)
{
Vector<uint8_t> plainText(keyLength / 8); // Per Step 1 of https://tools.ietf.org/html/rfc3447#section-7.2.1
size_t plainTextLength = plainText.size();
- if (CCRSACryptorDecrypt(key, ccPKCS1Padding, data, dataLength, plainText.data(), &plainTextLength, 0, 0, kCCDigestNone))
+ if (CCRSACryptorDecrypt(key, ccPKCS1Padding, data.data(), data.size(), plainText.data(), &plainTextLength, 0, 0, kCCDigestNone))
return Exception { OperationError };
plainText.resize(plainTextLength);
context.ref();
workQueue.dispatch([key = WTFMove(key), plainText = WTFMove(plainText), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = encryptRSAES_PKCS1_v1_5(rsaKey.platformKey(), rsaKey.keySizeInBits(), plainText.data(), plainText.size());
+ auto result = encryptRSAES_PKCS1_v1_5(rsaKey.platformKey(), rsaKey.keySizeInBits(), plainText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
context.ref();
workQueue.dispatch([key = WTFMove(key), cipherText = WTFMove(cipherText), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = decryptRSAES_PKCS1_v1_5(rsaKey.platformKey(), rsaKey.keySizeInBits(), cipherText.data(), cipherText.size());
+ auto result = decryptRSAES_PKCS1_v1_5(rsaKey.platformKey(), rsaKey.keySizeInBits(), cipherText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
namespace WebCore {
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> signRSASSA_PKCS1_v1_5(CryptoAlgorithmIdentifier hash, const PlatformRSAKey key, size_t keyLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> signRSASSA_PKCS1_v1_5(CryptoAlgorithmIdentifier hash, const PlatformRSAKey key, size_t keyLength, const Vector<uint8_t>& data)
{
CCDigestAlgorithm digestAlgorithm;
if (!getCommonCryptoDigestAlgorithm(hash, digestAlgorithm))
auto digest = PAL::CryptoDigest::create(*cryptoDigestAlgorithm);
if (!digest)
return Exception { OperationError };
- digest->addBytes(data, dataLength);
+ digest->addBytes(data.data(), data.size());
auto digestData = digest->computeHash();
Vector<uint8_t> signature(keyLength / 8); // Per https://tools.ietf.org/html/rfc3447#section-8.2.1
return WTFMove(signature);
}
-// FIXME: We should change signature, data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<bool> verifyRSASSA_PKCS1_v1_5(CryptoAlgorithmIdentifier hash, const PlatformRSAKey key, const uint8_t* signature, size_t signatureLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<bool> verifyRSASSA_PKCS1_v1_5(CryptoAlgorithmIdentifier hash, const PlatformRSAKey key, const Vector<uint8_t>& signature, const Vector<uint8_t>& data)
{
CCDigestAlgorithm digestAlgorithm;
if (!getCommonCryptoDigestAlgorithm(hash, digestAlgorithm))
auto digest = PAL::CryptoDigest::create(*cryptoDigestAlgorithm);
if (!digest)
return Exception { OperationError };
- digest->addBytes(data, dataLength);
+ digest->addBytes(data.data(), data.size());
auto digestData = digest->computeHash();
- auto status = CCRSACryptorVerify(key, ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature, signatureLength);
+ auto status = CCRSACryptorVerify(key, ccPKCS1Padding, digestData.data(), digestData.size(), digestAlgorithm, 0, signature.data(), signature.size());
if (!status)
return true;
if (status == kCCNotVerified || status == kCCDecodeError) // <rdar://problem/15464982> CCRSACryptorVerify returns kCCDecodeError instead of kCCNotVerified sometimes
context.ref();
workQueue.dispatch([key = WTFMove(key), data = WTFMove(data), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = signRSASSA_PKCS1_v1_5(rsaKey.hashAlgorithmIdentifier(), rsaKey.platformKey(), rsaKey.keySizeInBits(), data.data(), data.size());
+ auto result = signRSASSA_PKCS1_v1_5(rsaKey.hashAlgorithmIdentifier(), rsaKey.platformKey(), rsaKey.keySizeInBits(), data);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
context.ref();
workQueue.dispatch([key = WTFMove(key), signature = WTFMove(signature), data = WTFMove(data), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = verifyRSASSA_PKCS1_v1_5(rsaKey.hashAlgorithmIdentifier(), rsaKey.platformKey(), signature.data(), signature.size(), data.data(), data.size());
+ auto result = verifyRSASSA_PKCS1_v1_5(rsaKey.hashAlgorithmIdentifier(), rsaKey.platformKey(), signature, data);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
namespace WebCore {
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> encryptRSA_OAEP(CryptoAlgorithmIdentifier hash, const Vector<uint8_t>& label, const PlatformRSAKey key, size_t keyLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> encryptRSA_OAEP(CryptoAlgorithmIdentifier hash, const Vector<uint8_t>& label, const PlatformRSAKey key, size_t keyLength, const Vector<uint8_t>& data)
{
CCDigestAlgorithm digestAlgorithm;
if (!getCommonCryptoDigestAlgorithm(hash, digestAlgorithm))
Vector<uint8_t> cipherText(keyLength / 8); // Per Step 3.c of https://tools.ietf.org/html/rfc3447#section-7.1.1
size_t cipherTextLength = cipherText.size();
- if (CCRSACryptorEncrypt(key, ccOAEPPadding, data, dataLength, cipherText.data(), &cipherTextLength, label.data(), label.size(), digestAlgorithm))
+ if (CCRSACryptorEncrypt(key, ccOAEPPadding, data.data(), data.size(), cipherText.data(), &cipherTextLength, label.data(), label.size(), digestAlgorithm))
return Exception { OperationError };
return WTFMove(cipherText);
}
-// FIXME: We should change data to Vector<uint8_t> type once WebKitSubtleCrypto is deprecated.
-// https://bugs.webkit.org/show_bug.cgi?id=164939
-static ExceptionOr<Vector<uint8_t>> decryptRSA_OAEP(CryptoAlgorithmIdentifier hash, const Vector<uint8_t>& label, const PlatformRSAKey key, size_t keyLength, const uint8_t* data, size_t dataLength)
+static ExceptionOr<Vector<uint8_t>> decryptRSA_OAEP(CryptoAlgorithmIdentifier hash, const Vector<uint8_t>& label, const PlatformRSAKey key, size_t keyLength, const Vector<uint8_t>& data)
{
CCDigestAlgorithm digestAlgorithm;
if (!getCommonCryptoDigestAlgorithm(hash, digestAlgorithm))
Vector<uint8_t> plainText(keyLength / 8); // Per Step 1.b of https://tools.ietf.org/html/rfc3447#section-7.1.1
size_t plainTextLength = plainText.size();
- if (CCRSACryptorDecrypt(key, ccOAEPPadding, data, dataLength, plainText.data(), &plainTextLength, label.data(), label.size(), digestAlgorithm))
+ if (CCRSACryptorDecrypt(key, ccOAEPPadding, data.data(), data.size(), plainText.data(), &plainTextLength, label.data(), label.size(), digestAlgorithm))
return Exception { OperationError };
plainText.resize(plainTextLength);
workQueue.dispatch([parameters = WTFMove(parameters), key = WTFMove(key), plainText = WTFMove(plainText), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaParameters = downcast<CryptoAlgorithmRsaOaepParams>(*parameters);
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = encryptRSA_OAEP(rsaKey.hashAlgorithmIdentifier(), rsaParameters.labelVector(), rsaKey.platformKey(), rsaKey.keySizeInBits(), plainText.data(), plainText.size());
+ auto result = encryptRSA_OAEP(rsaKey.hashAlgorithmIdentifier(), rsaParameters.labelVector(), rsaKey.platformKey(), rsaKey.keySizeInBits(), plainText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
workQueue.dispatch([parameters = WTFMove(parameters), key = WTFMove(key), cipherText = WTFMove(cipherText), callback = WTFMove(callback), exceptionCallback = WTFMove(exceptionCallback), &context]() mutable {
auto& rsaParameters = downcast<CryptoAlgorithmRsaOaepParams>(*parameters);
auto& rsaKey = downcast<CryptoKeyRSA>(key.get());
- auto result = decryptRSA_OAEP(rsaKey.hashAlgorithmIdentifier(), rsaParameters.labelVector(), rsaKey.platformKey(), rsaKey.keySizeInBits(), cipherText.data(), cipherText.size());
+ auto result = decryptRSA_OAEP(rsaKey.hashAlgorithmIdentifier(), rsaParameters.labelVector(), rsaKey.platformKey(), rsaKey.keySizeInBits(), cipherText);
if (result.hasException()) {
// We should only dereference callbacks after being back to the Document/Worker threads.
context.postTask([exceptionCallback = WTFMove(exceptionCallback), ec = result.releaseException().code(), callback = WTFMove(callback)](ScriptExecutionContext& context) {
git://git.webkit.org / WebKit-https.git / commitdiff