mozilla
/
gecko-dev
зеркало из https://github.com/mozilla/gecko-dev.git
1
0
Форкнуть 0
Код Задачи Пакеты Проекты Релизы Вики Активность

Backed out changeset 5460c4558253 (bug 1026398) for test_WebCrypto.html timeouts on B2G; CLOSED TREE

This commit is contained in:
Ed Morley 2014-07-11 17:01:44 +01:00
Родитель 03329fb20f
Коммит 65aa1f33ef
5 изменённых файлов: 23 добавлений и 171 удалений
Показать статистику Скачать Patch файл Скачать Diff файл Показать все файлы Свернуть все файлы

2
dom/crypto/KeyAlgorithm.cpp
Просмотреть файл

@ -50,8 +50,6 @@ KeyAlgorithm::KeyAlgorithm(nsIGlobalObject* aGlobal, const nsString& aName)
mMechanism = CKM_RSA_PKCS;
} else if (mName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
mMechanism = CKM_RSA_PKCS;
} else if (mName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
mMechanism = CKM_RSA_PKCS_OAEP;
} else {
mMechanism = UNKNOWN_CK_MECHANISM;
}

1
dom/crypto/WebCryptoCommon.h
Просмотреть файл

@ -23,7 +23,6 @@
#define WEBCRYPTO_ALG_HMAC "HMAC"
#define WEBCRYPTO_ALG_RSAES_PKCS1 "RSAES-PKCS1-v1_5"
#define WEBCRYPTO_ALG_RSASSA_PKCS1 "RSASSA-PKCS1-v1_5"
#define WEBCRYPTO_ALG_RSA_OAEP "RSA-OAEP"
// WebCrypto key formats
#define WEBCRYPTO_KEY_FORMAT_RAW "raw"

185
dom/crypto/WebCryptoTask.cpp
Просмотреть файл

@ -231,7 +231,7 @@ class AesTask : public ReturnArrayBufferViewTask
{
public:
AesTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
CryptoKey& aKey, const CryptoOperationData& aData,
mozilla::dom::CryptoKey& aKey, const CryptoOperationData& aData,
bool aEncrypt)
: mSymKey(aKey.GetSymKey())
, mEncrypt(aEncrypt)
@ -408,7 +408,7 @@ class RsaesPkcs1Task : public ReturnArrayBufferViewTask
{
public:
RsaesPkcs1Task(JSContext* aCx, const ObjectOrString& aAlgorithm,
CryptoKey& aKey, const CryptoOperationData& aData,
mozilla::dom::CryptoKey& aKey, const CryptoOperationData& aData,
bool aEncrypt)
: mPrivKey(aKey.GetPrivateKey())
, mPubKey(aKey.GetPublicKey())
@ -477,134 +477,11 @@ private:
}
};
class RsaOaepTask : public ReturnArrayBufferViewTask
{
public:
RsaOaepTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
CryptoKey& aKey, const CryptoOperationData& aData,
bool aEncrypt)
: mPrivKey(aKey.GetPrivateKey())
, mPubKey(aKey.GetPublicKey())
, mEncrypt(aEncrypt)
{
Telemetry::Accumulate(Telemetry::WEBCRYPTO_ALG, TA_RSA_OAEP);
ATTEMPT_BUFFER_INIT(mData, aData);
if (mEncrypt) {
if (!mPubKey) {
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
return;
}
mStrength = SECKEY_PublicKeyStrength(mPubKey);
} else {
if (!mPrivKey) {
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
return;
}
mStrength = PK11_GetPrivateModulusLen(mPrivKey);
}
RootedDictionary<RsaOaepParams> params(aCx);
mEarlyRv = Coerce(aCx, params, aAlgorithm);
if (NS_FAILED(mEarlyRv)) {
mEarlyRv = NS_ERROR_DOM_SYNTAX_ERR;
return;
}
if (params.mLabel.WasPassed() && !params.mLabel.Value().IsNull()) {
ATTEMPT_BUFFER_INIT(mLabel, params.mLabel.Value().Value());
}
// Otherwise mLabel remains the empty octet string, as intended
// Look up the MGF based on the KeyAlgorithm.
// static_cast is safe because we only get here if the algorithm name
// is RSA-OAEP, and that only happens if we've constructed
// an RsaHashedKeyAlgorithm.
// TODO: Add As* methods to KeyAlgorithm (Bug 1036734)
nsRefPtr<RsaHashedKeyAlgorithm> rsaAlg =
static_cast<RsaHashedKeyAlgorithm*>(aKey.Algorithm());
mHashMechanism = rsaAlg->Hash()->Mechanism();
switch (mHashMechanism) {
case CKM_SHA_1:
mMgfMechanism = CKG_MGF1_SHA1; break;
case CKM_SHA256:
mMgfMechanism = CKG_MGF1_SHA256; break;
case CKM_SHA384:
mMgfMechanism = CKG_MGF1_SHA384; break;
case CKM_SHA512:
mMgfMechanism = CKG_MGF1_SHA512; break;
default: {
mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
return;
}
}
}
private:
CK_MECHANISM_TYPE mHashMechanism;
CK_MECHANISM_TYPE mMgfMechanism;
ScopedSECKEYPrivateKey mPrivKey;
ScopedSECKEYPublicKey mPubKey;
CryptoBuffer mLabel;
CryptoBuffer mData;
uint32_t mStrength;
bool mEncrypt;
virtual nsresult DoCrypto() MOZ_OVERRIDE
{
nsresult rv;
// Ciphertext is an integer mod the modulus, so it will be
// no longer than mStrength octets
if (!mResult.SetLength(mStrength)) {
return NS_ERROR_DOM_UNKNOWN_ERR;
}
CK_RSA_PKCS_OAEP_PARAMS oaepParams;
oaepParams.source = CKZ_DATA_SPECIFIED;
oaepParams.pSourceData = mLabel.Length() ? mLabel.Elements() : nullptr;
oaepParams.ulSourceDataLen = mLabel.Length();
oaepParams.mgf = mMgfMechanism;
oaepParams.hashAlg = mHashMechanism;
SECItem param;
param.type = siBuffer;
param.data = (unsigned char*) &oaepParams;
param.len = sizeof(oaepParams);
uint32_t outLen;
if (mEncrypt) {
// PK11_PubEncrypt() checks the plaintext's length and fails if it is too
// long to encrypt, i.e. if it is longer than (k - 2hLen - 2) with 'k'
// being the length in octets of the RSA modulus n and 'hLen' being the
// output length in octets of the chosen hash function.
// <https://tools.ietf.org/html/rfc3447#section-7.1>
rv = MapSECStatus(PK11_PubEncrypt(
mPubKey.get(), CKM_RSA_PKCS_OAEP, &param,
mResult.Elements(), &outLen, mResult.Length(),
mData.Elements(), mData.Length(), nullptr));
} else {
rv = MapSECStatus(PK11_PrivDecrypt(
mPrivKey.get(), CKM_RSA_PKCS_OAEP, &param,
mResult.Elements(), &outLen, mResult.Length(),
mData.Elements(), mData.Length()));
}
mResult.SetLength(outLen);
NS_ENSURE_SUCCESS(rv, NS_ERROR_DOM_OPERATION_ERR);
return NS_OK;
}
};
class HmacTask : public WebCryptoTask
{
public:
HmacTask(JSContext* aCx, const ObjectOrString& aAlgorithm,
CryptoKey& aKey,
mozilla::dom::CryptoKey& aKey,
const CryptoOperationData& aSignature,
const CryptoOperationData& aData,
bool aSign)
@ -707,7 +584,7 @@ class RsassaPkcs1Task : public WebCryptoTask
{
public:
RsassaPkcs1Task(JSContext* aCx, const ObjectOrString& aAlgorithm,
CryptoKey& aKey,
mozilla::dom::CryptoKey& aKey,
const CryptoOperationData& aSignature,
const CryptoOperationData& aData,
bool aSign)
@ -1050,8 +927,7 @@ public:
}
// If this is RSA with a hash, cache the hash name
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
RootedDictionary<RsaHashedImportParams> params(aCx);
mEarlyRv = Coerce(aCx, params, aAlgorithm);
if (NS_FAILED(mEarlyRv) || !params.mHash.WasPassed()) {
@ -1122,14 +998,15 @@ private:
{
// Construct an appropriate KeyAlgorithm
nsIGlobalObject* global = mKey->GetParentObject();
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
if ((mKey->GetKeyType() == CryptoKey::PUBLIC &&
mKey->HasUsageOtherThan(CryptoKey::ENCRYPT)) ||
(mKey->GetKeyType() == CryptoKey::PRIVATE &&
mKey->HasUsageOtherThan(CryptoKey::DECRYPT))) {
return NS_ERROR_DOM_DATA_ERR;
}
mKey->SetAlgorithm(new RsaKeyAlgorithm(global, mAlgName, mModulusLength, mPublicExponent));
} else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
if ((mKey->GetKeyType() == CryptoKey::PUBLIC &&
mKey->HasUsageOtherThan(CryptoKey::VERIFY)) ||
@ -1137,23 +1014,16 @@ private:
mKey->HasUsageOtherThan(CryptoKey::SIGN))) {
return NS_ERROR_DOM_DATA_ERR;
}
}
// Construct an appropriate KeyAlgorithm
if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
mKey->SetAlgorithm(new RsaKeyAlgorithm(global, mAlgName, mModulusLength, mPublicExponent));
} else if (mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
mAlgName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
nsRefPtr<RsaHashedKeyAlgorithm> algorithm =
new RsaHashedKeyAlgorithm(global, mAlgName,
mModulusLength, mPublicExponent, mHashName);
nsRefPtr<RsaHashedKeyAlgorithm> algorithm = new RsaHashedKeyAlgorithm(
global,
mAlgName,
mModulusLength,
mPublicExponent,
mHashName);
if (algorithm->Mechanism() == UNKNOWN_CK_MECHANISM) {
return NS_ERROR_DOM_SYNTAX_ERR;
}
if (algorithm->Hash()->Mechanism() == UNKNOWN_CK_MECHANISM) {
return NS_ERROR_DOM_NOT_SUPPORTED_ERR;
}
mKey->SetAlgorithm(algorithm);
}
@ -1406,8 +1276,7 @@ public:
// Construct an appropriate KeyAlorithm
KeyAlgorithm* algorithm;
uint32_t privateAllowedUsages = 0, publicAllowedUsages = 0;
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
RootedDictionary<RsaHashedKeyGenParams> params(aCx);
mEarlyRv = Coerce(aCx, params, aAlgorithm);
if (NS_FAILED(mEarlyRv) || !params.mModulusLength.WasPassed() ||
@ -1442,6 +1311,9 @@ public:
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
return;
}
privateAllowedUsages = CryptoKey::SIGN;
publicAllowedUsages = CryptoKey::VERIFY;
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
RootedDictionary<RsaKeyGenParams> params(aCx);
mEarlyRv = Coerce(aCx, params, aAlgorithm);
@ -1470,21 +1342,14 @@ public:
mEarlyRv = NS_ERROR_DOM_INVALID_ACCESS_ERR;
return;
}
privateAllowedUsages = CryptoKey::DECRYPT | CryptoKey::UNWRAPKEY;
publicAllowedUsages = CryptoKey::ENCRYPT | CryptoKey::WRAPKEY;
} else {
mEarlyRv = NS_ERROR_DOM_NOT_SUPPORTED_ERR;
return;
}
// Set key usages.
if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
privateAllowedUsages = CryptoKey::SIGN;
publicAllowedUsages = CryptoKey::VERIFY;
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
privateAllowedUsages = CryptoKey::DECRYPT | CryptoKey::UNWRAPKEY;
publicAllowedUsages = CryptoKey::ENCRYPT | CryptoKey::WRAPKEY;
}
mKeyPair->PrivateKey()->SetExtractable(aExtractable);
mKeyPair->PrivateKey()->SetType(CryptoKey::PRIVATE);
@ -1588,8 +1453,6 @@ WebCryptoTask::EncryptDecryptTask(JSContext* aCx,
return new AesTask(aCx, aAlgorithm, aKey, aData, aEncrypt);
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1)) {
return new RsaesPkcs1Task(aCx, aAlgorithm, aKey, aData, aEncrypt);
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
return new RsaOaepTask(aCx, aAlgorithm, aKey, aData, aEncrypt);
}
return new FailureTask(NS_ERROR_DOM_NOT_SUPPORTED_ERR);
@ -1661,8 +1524,7 @@ WebCryptoTask::ImportKeyTask(JSContext* aCx,
return new ImportSymmetricKeyTask(aCx, aFormat, aKeyData, aAlgorithm,
aExtractable, aKeyUsages);
} else if (algName.EqualsLiteral(WEBCRYPTO_ALG_RSAES_PKCS1) ||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
algName.EqualsLiteral(WEBCRYPTO_ALG_RSA_OAEP)) {
algName.EqualsLiteral(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
return new ImportRsaKeyTask(aCx, aFormat, aKeyData, aAlgorithm,
aExtractable, aKeyUsages);
} else {
@ -1704,8 +1566,7 @@ WebCryptoTask::GenerateKeyTask(JSContext* aCx,
algName.EqualsASCII(WEBCRYPTO_ALG_HMAC)) {
return new GenerateSymmetricKeyTask(aCx, aAlgorithm, aExtractable, aKeyUsages);
} else if (algName.EqualsASCII(WEBCRYPTO_ALG_RSAES_PKCS1) ||
algName.EqualsASCII(WEBCRYPTO_ALG_RSASSA_PKCS1) ||
algName.EqualsASCII(WEBCRYPTO_ALG_RSA_OAEP)) {
algName.EqualsASCII(WEBCRYPTO_ALG_RSASSA_PKCS1)) {
return new GenerateAsymmetricKeyTask(aCx, aAlgorithm, aExtractable, aKeyUsages);
} else {
return new FailureTask(NS_ERROR_DOM_NOT_SUPPORTED_ERR);

4
dom/webidl/SubtleCrypto.webidl
Просмотреть файл

@ -89,10 +89,6 @@ dictionary RsaHashedKeyGenParams : RsaKeyGenParams {
AlgorithmIdentifier hash;
};
dictionary RsaOaepParams : Algorithm {
CryptoOperationData? label;
};
dictionary DhKeyGenParams : Algorithm {
BigInteger prime;
BigInteger generator;

2
security/build/nss.def
Просмотреть файл

@ -395,11 +395,9 @@ PK11_PBEKeyGen
PK11_PQG_DestroyParams
PK11_PQG_DestroyVerify
PK11_PQG_ParamGen
PK11_PrivDecrypt
PK11_PrivDecryptPKCS1
PK11_ProtectedAuthenticationPath
PK11_PubDeriveWithKDF
PK11_PubEncrypt
PK11_PubEncryptPKCS1
PK11_PubUnwrapSymKey
PK11_PubWrapSymKey