1/*
2 * Copyright (C) 2017 Apple Inc. All rights reserved.
3 *
4 * Redistribution and use in source and binary forms, with or without
5 * modification, are permitted provided that the following conditions
6 * are met:
7 * 1. Redistributions of source code must retain the above copyright
8 * notice, this list of conditions and the following disclaimer.
9 * 2. Redistributions in binary form must reproduce the above copyright
10 * notice, this list of conditions and the following disclaimer in the
11 * documentation and/or other materials provided with the distribution.
12 *
13 * THIS SOFTWARE IS PROVIDED BY APPLE INC. AND ITS CONTRIBUTORS ``AS IS''
14 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
15 * THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
16 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL APPLE INC. OR ITS CONTRIBUTORS
17 * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
18 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
19 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
20 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
21 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
22 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF
23 * THE POSSIBILITY OF SUCH DAMAGE.
24 */
25
26#include "config.h"
27#include "CryptoAlgorithmAES_GCM.h"
28
29#if ENABLE(WEB_CRYPTO)
30
31#include "CryptoAlgorithmAesGcmParams.h"
32#include "CryptoAlgorithmAesKeyParams.h"
33#include "CryptoKeyAES.h"
34#include <wtf/CrossThreadCopier.h>
35
36namespace WebCore {
37
38namespace CryptoAlgorithmAES_GCMInternal {
39static const char* const ALG128 = "A128GCM";
40static const char* const ALG192 = "A192GCM";
41static const char* const ALG256 = "A256GCM";
42#if __WORDSIZE >= 64
43static const uint64_t PlainTextMaxLength = 549755813632ULL; // 2^39 - 256
44#endif
45static const uint8_t DefaultTagLength = 128;
46static const uint8_t ValidTagLengths[] = { 32, 64, 96, 104, 112, 120, 128 };
47}
48
49static inline bool usagesAreInvalidForCryptoAlgorithmAES_GCM(CryptoKeyUsageBitmap usages)
50{
51 return usages & (CryptoKeyUsageSign | CryptoKeyUsageVerify | CryptoKeyUsageDeriveKey | CryptoKeyUsageDeriveBits);
52}
53
54static inline bool tagLengthIsValid(uint8_t tagLength)
55{
56 using namespace CryptoAlgorithmAES_GCMInternal;
57 for (size_t i = 0; i < sizeof(ValidTagLengths); i++) {
58 if (tagLength == ValidTagLengths[i])
59 return true;
60 }
61 return false;
62}
63
64Ref<CryptoAlgorithm> CryptoAlgorithmAES_GCM::create()
65{
66 return adoptRef(*new CryptoAlgorithmAES_GCM);
67}
68
69CryptoAlgorithmIdentifier CryptoAlgorithmAES_GCM::identifier() const
70{
71 return s_identifier;
72}
73
74void CryptoAlgorithmAES_GCM::encrypt(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& key, Vector<uint8_t>&& plainText, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
75{
76 using namespace CryptoAlgorithmAES_GCMInternal;
77
78 auto& aesParameters = downcast<CryptoAlgorithmAesGcmParams>(parameters);
79
80#if __WORDSIZE >= 64
81 if (plainText.size() > PlainTextMaxLength) {
82 exceptionCallback(OperationError);
83 return;
84 }
85 if (aesParameters.ivVector().size() > UINT64_MAX) {
86 exceptionCallback(OperationError);
87 return;
88 }
89 if (aesParameters.additionalDataVector().size() > UINT64_MAX) {
90 exceptionCallback(OperationError);
91 return;
92 }
93#endif
94
95 aesParameters.tagLength = aesParameters.tagLength ? aesParameters.tagLength : DefaultTagLength;
96 if (!tagLengthIsValid(*(aesParameters.tagLength))) {
97 exceptionCallback(OperationError);
98 return;
99 }
100
101 dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback),
102 [parameters = crossThreadCopy(aesParameters), key = WTFMove(key), plainText = WTFMove(plainText)] {
103 return platformEncrypt(parameters, downcast<CryptoKeyAES>(key.get()), plainText);
104 });
105}
106
107void CryptoAlgorithmAES_GCM::decrypt(const CryptoAlgorithmParameters& parameters, Ref<CryptoKey>&& key, Vector<uint8_t>&& cipherText, VectorCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext& context, WorkQueue& workQueue)
108{
109 using namespace CryptoAlgorithmAES_GCMInternal;
110
111 auto& aesParameters = downcast<CryptoAlgorithmAesGcmParams>(parameters);
112
113 aesParameters.tagLength = aesParameters.tagLength ? aesParameters.tagLength : DefaultTagLength;
114 if (!tagLengthIsValid(*(aesParameters.tagLength))) {
115 exceptionCallback(OperationError);
116 return;
117 }
118 if (cipherText.size() < *(aesParameters.tagLength) / 8) {
119 exceptionCallback(OperationError);
120 return;
121 }
122
123#if __WORDSIZE >= 64
124 if (aesParameters.ivVector().size() > UINT64_MAX) {
125 exceptionCallback(OperationError);
126 return;
127 }
128 if (aesParameters.additionalDataVector().size() > UINT64_MAX) {
129 exceptionCallback(OperationError);
130 return;
131 }
132#endif
133
134 dispatchOperationInWorkQueue(workQueue, context, WTFMove(callback), WTFMove(exceptionCallback),
135 [parameters = crossThreadCopy(aesParameters), key = WTFMove(key), cipherText = WTFMove(cipherText)] {
136 return platformDecrypt(parameters, downcast<CryptoKeyAES>(key.get()), cipherText);
137 });
138}
139
140void CryptoAlgorithmAES_GCM::generateKey(const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsageBitmap usages, KeyOrKeyPairCallback&& callback, ExceptionCallback&& exceptionCallback, ScriptExecutionContext&)
141{
142 const auto& aesParameters = downcast<CryptoAlgorithmAesKeyParams>(parameters);
143
144 if (usagesAreInvalidForCryptoAlgorithmAES_GCM(usages)) {
145 exceptionCallback(SyntaxError);
146 return;
147 }
148
149 auto result = CryptoKeyAES::generate(CryptoAlgorithmIdentifier::AES_GCM, aesParameters.length, extractable, usages);
150 if (!result) {
151 exceptionCallback(OperationError);
152 return;
153 }
154
155 callback(WTFMove(result));
156}
157
158void CryptoAlgorithmAES_GCM::importKey(CryptoKeyFormat format, KeyData&& data, const CryptoAlgorithmParameters& parameters, bool extractable, CryptoKeyUsageBitmap usages, KeyCallback&& callback, ExceptionCallback&& exceptionCallback)
159{
160 using namespace CryptoAlgorithmAES_GCMInternal;
161
162 if (usagesAreInvalidForCryptoAlgorithmAES_GCM(usages)) {
163 exceptionCallback(SyntaxError);
164 return;
165 }
166
167 RefPtr<CryptoKeyAES> result;
168 switch (format) {
169 case CryptoKeyFormat::Raw:
170 result = CryptoKeyAES::importRaw(parameters.identifier, WTFMove(WTF::get<Vector<uint8_t>>(data)), extractable, usages);
171 break;
172 case CryptoKeyFormat::Jwk: {
173 auto checkAlgCallback = [](size_t length, const String& alg) -> bool {
174 switch (length) {
175 case CryptoKeyAES::s_length128:
176 return alg.isNull() || alg == ALG128;
177 case CryptoKeyAES::s_length192:
178 return alg.isNull() || alg == ALG192;
179 case CryptoKeyAES::s_length256:
180 return alg.isNull() || alg == ALG256;
181 }
182 return false;
183 };
184 result = CryptoKeyAES::importJwk(parameters.identifier, WTFMove(WTF::get<JsonWebKey>(data)), extractable, usages, WTFMove(checkAlgCallback));
185 break;
186 }
187 default:
188 exceptionCallback(NotSupportedError);
189 return;
190 }
191 if (!result) {
192 exceptionCallback(DataError);
193 return;
194 }
195
196 callback(*result);
197}
198
199void CryptoAlgorithmAES_GCM::exportKey(CryptoKeyFormat format, Ref<CryptoKey>&& key, KeyDataCallback&& callback, ExceptionCallback&& exceptionCallback)
200{
201 using namespace CryptoAlgorithmAES_GCMInternal;
202 const auto& aesKey = downcast<CryptoKeyAES>(key.get());
203
204 if (aesKey.key().isEmpty()) {
205 exceptionCallback(OperationError);
206 return;
207 }
208
209 KeyData result;
210 switch (format) {
211 case CryptoKeyFormat::Raw:
212 result = Vector<uint8_t>(aesKey.key());
213 break;
214 case CryptoKeyFormat::Jwk: {
215 JsonWebKey jwk = aesKey.exportJwk();
216 switch (aesKey.key().size() * 8) {
217 case CryptoKeyAES::s_length128:
218 jwk.alg = String(ALG128);
219 break;
220 case CryptoKeyAES::s_length192:
221 jwk.alg = String(ALG192);
222 break;
223 case CryptoKeyAES::s_length256:
224 jwk.alg = String(ALG256);
225 break;
226 default:
227 ASSERT_NOT_REACHED();
228 }
229 result = WTFMove(jwk);
230 break;
231 }
232 default:
233 exceptionCallback(NotSupportedError);
234 return;
235 }
236
237 callback(format, WTFMove(result));
238}
239
240ExceptionOr<size_t> CryptoAlgorithmAES_GCM::getKeyLength(const CryptoAlgorithmParameters& parameters)
241{
242 return CryptoKeyAES::getKeyLength(parameters);
243}
244
245}
246
247#endif // ENABLE(WEB_CRYPTO)
248