<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.1//EN"
"http://www.w3.org/TR/xhtml11/DTD/xhtml11.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head><meta http-equiv="content-type" content="text/html; charset=utf-8" />
<title>[164317] trunk/Source/WebCore</title>
</head>
<body>
<style type="text/css"><!--
#msg dl.meta { border: 1px #006 solid; background: #369; padding: 6px; color: #fff; }
#msg dl.meta dt { float: left; width: 6em; font-weight: bold; }
#msg dt:after { content:':';}
#msg dl, #msg dt, #msg ul, #msg li, #header, #footer, #logmsg { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; }
#msg dl a { font-weight: bold}
#msg dl a:link { color:#fc3; }
#msg dl a:active { color:#ff0; }
#msg dl a:visited { color:#cc6; }
h3 { font-family: verdana,arial,helvetica,sans-serif; font-size: 10pt; font-weight: bold; }
#msg pre { overflow: auto; background: #ffc; border: 1px #fa0 solid; padding: 6px; }
#logmsg { background: #ffc; border: 1px #fa0 solid; padding: 1em 1em 0 1em; }
#logmsg p, #logmsg pre, #logmsg blockquote { margin: 0 0 1em 0; }
#logmsg p, #logmsg li, #logmsg dt, #logmsg dd { line-height: 14pt; }
#logmsg h1, #logmsg h2, #logmsg h3, #logmsg h4, #logmsg h5, #logmsg h6 { margin: .5em 0; }
#logmsg h1:first-child, #logmsg h2:first-child, #logmsg h3:first-child, #logmsg h4:first-child, #logmsg h5:first-child, #logmsg h6:first-child { margin-top: 0; }
#logmsg ul, #logmsg ol { padding: 0; list-style-position: inside; margin: 0 0 0 1em; }
#logmsg ul { text-indent: -1em; padding-left: 1em; }#logmsg ol { text-indent: -1.5em; padding-left: 1.5em; }
#logmsg > ul, #logmsg > ol { margin: 0 0 1em 0; }
#logmsg pre { background: #eee; padding: 1em; }
#logmsg blockquote { border: 1px solid #fa0; border-left-width: 10px; padding: 1em 1em 0 1em; background: white;}
#logmsg dl { margin: 0; }
#logmsg dt { font-weight: bold; }
#logmsg dd { margin: 0; padding: 0 0 0.5em 0; }
#logmsg dd:before { content:'\00bb';}
#logmsg table { border-spacing: 0px; border-collapse: collapse; border-top: 4px solid #fa0; border-bottom: 1px solid #fa0; background: #fff; }
#logmsg table th { text-align: left; font-weight: normal; padding: 0.2em 0.5em; border-top: 1px dotted #fa0; }
#logmsg table td { text-align: right; border-top: 1px dotted #fa0; padding: 0.2em 0.5em; }
#logmsg table thead th { text-align: center; border-bottom: 1px solid #fa0; }
#logmsg table th.Corner { text-align: left; }
#logmsg hr { border: none 0; border-top: 2px dashed #fa0; height: 1px; }
#header, #footer { color: #fff; background: #636; border: 1px #300 solid; padding: 6px; }
#patch { width: 100%; }
#patch h4 {font-family: verdana,arial,helvetica,sans-serif;font-size:10pt;padding:8px;background:#369;color:#fff;margin:0;}
#patch .propset h4, #patch .binary h4 {margin:0;}
#patch pre {padding:0;line-height:1.2em;margin:0;}
#patch .diff {width:100%;background:#eee;padding: 0 0 10px 0;overflow:auto;}
#patch .propset .diff, #patch .binary .diff {padding:10px 0;}
#patch span {display:block;padding:0 10px;}
#patch .modfile, #patch .addfile, #patch .delfile, #patch .propset, #patch .binary, #patch .copfile {border:1px solid #ccc;margin:10px 0;}
#patch ins {background:#dfd;text-decoration:none;display:block;padding:0 10px;}
#patch del {background:#fdd;text-decoration:none;display:block;padding:0 10px;}
#patch .lines, .info {color:#888;background:#fff;}
--></style>
<div id="msg">
<dl class="meta">
<dt>Revision</dt> <dd><a href="http://trac.webkit.org/projects/webkit/changeset/164317">164317</a></dd>
<dt>Author</dt> <dd>ap@apple.com</dd>
<dt>Date</dt> <dd>2014-02-18 14:23:45 -0800 (Tue, 18 Feb 2014)</dd>
</dl>
<h3>Log Message</h3>
<pre>[iOS] All WebKit clients should encrypt WebCrypto keys automatically
https://bugs.webkit.org/show_bug.cgi?id=128938
Reviewed by Dan Bernstein.
Don't pass ACLs on iOS. Key will be added to app's default Keychain access group.
Also, don't pass kSecAttrIsPermanent, which is irrelevant for password items, and
caused error -50 in DumpRenderTree for me when passed.
Added fallback to _NSGetProgname for account name, to account for tools such as
Mac DumpRenderTree that don't have bundle identifiers.
* crypto/mac/SerializedCryptoKeyWrapMac.mm:
(WebCore::masterKeyAccountNameForCurrentApplication):
(WebCore::createAndStoreMasterKey):</pre>
<h3>Modified Paths</h3>
<ul>
<li><a href="#trunkSourceWebCoreChangeLog">trunk/Source/WebCore/ChangeLog</a></li>
<li><a href="#trunkSourceWebCorecryptomacSerializedCryptoKeyWrapMacmm">trunk/Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm</a></li>
</ul>
</div>
<div id="patch">
<h3>Diff</h3>
<a id="trunkSourceWebCoreChangeLog"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/ChangeLog (164316 => 164317)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/ChangeLog 2014-02-18 22:23:17 UTC (rev 164316)
+++ trunk/Source/WebCore/ChangeLog 2014-02-18 22:23:45 UTC (rev 164317)
</span><span class="lines">@@ -1,3 +1,22 @@
</span><ins>+2014-02-17 Alexey Proskuryakov <ap@apple.com>
+
+ [iOS] All WebKit clients should encrypt WebCrypto keys automatically
+ https://bugs.webkit.org/show_bug.cgi?id=128938
+
+ Reviewed by Dan Bernstein.
+
+ Don't pass ACLs on iOS. Key will be added to app's default Keychain access group.
+
+ Also, don't pass kSecAttrIsPermanent, which is irrelevant for password items, and
+ caused error -50 in DumpRenderTree for me when passed.
+
+ Added fallback to _NSGetProgname for account name, to account for tools such as
+ Mac DumpRenderTree that don't have bundle identifiers.
+
+ * crypto/mac/SerializedCryptoKeyWrapMac.mm:
+ (WebCore::masterKeyAccountNameForCurrentApplication):
+ (WebCore::createAndStoreMasterKey):
+
</ins><span class="cx"> 2014-02-18 Ryosuke Niwa <rniwa@webkit.org>
</span><span class="cx">
</span><span class="cx"> setSelectionRange should set selection without validation
</span></span></pre></div>
<a id="trunkSourceWebCorecryptomacSerializedCryptoKeyWrapMacmm"></a>
<div class="modfile"><h4>Modified: trunk/Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm (164316 => 164317)</h4>
<pre class="diff"><span>
<span class="info">--- trunk/Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm 2014-02-18 22:23:17 UTC (rev 164316)
+++ trunk/Source/WebCore/crypto/mac/SerializedCryptoKeyWrapMac.mm 2014-02-18 22:23:45 UTC (rev 164317)
</span><span class="lines">@@ -31,11 +31,14 @@
</span><span class="cx"> #include "CommonCryptoUtilities.h"
</span><span class="cx"> #include "LocalizedStrings.h"
</span><span class="cx"> #include <CommonCrypto/CommonSymmetricKeywrap.h>
</span><ins>+#include <crt_externs.h>
</ins><span class="cx"> #include <wtf/text/Base64.h>
</span><span class="cx"> #include <wtf/text/CString.h>
</span><span class="cx"> #include <wtf/CryptographicUtilities.h>
</span><span class="cx"> #include <wtf/RetainPtr.h>
</span><span class="cx">
</span><ins>+#define WTF_USE_KEYCHAIN_ACCESS_CONTROL_LISTS (!PLATFORM(IOS))
+
</ins><span class="cx"> namespace WebCore {
</span><span class="cx">
</span><span class="cx"> const NSUInteger currentSerializationVersion = 1;
</span><span class="lines">@@ -54,21 +57,16 @@
</span><span class="cx"> return result;
</span><span class="cx"> }
</span><span class="cx">
</span><ins>+static NSString* masterKeyAccountNameForCurrentApplication()
+{
</ins><span class="cx"> #if PLATFORM(IOS)
</span><del>-
-bool getDefaultWebCryptoMasterKey(Vector<uint8_t>& masterKey)
-{
- // FIXME: Implement.
- masterKey.resize(masterKeySizeInBytes);
- memset(masterKey.data(), 0, masterKey.size());
- return true;
-}
-
</del><ins>+ NSString *bundleIdentifier = [[NSBundle mainBundle] bundleIdentifier];
</ins><span class="cx"> #else
</span><del>-
-static NSString* masterKeyAccountNameForCurrentApplication()
-{
- return [NSString stringWithFormat:@"com.apple.WebKit.WebCrypto.master+%@", [[NSRunningApplication currentApplication] bundleIdentifier]];
</del><ins>+ NSString *bundleIdentifier = [[NSRunningApplication currentApplication] bundleIdentifier];
+#endif
+ if (!bundleIdentifier)
+ bundleIdentifier = [NSString stringWithCString:*_NSGetProgname() encoding:NSASCIIStringEncoding];
+ return [NSString stringWithFormat:@"com.apple.WebKit.WebCrypto.master+%@", bundleIdentifier];
</ins><span class="cx"> }
</span><span class="cx">
</span><span class="cx"> static bool createAndStoreMasterKey(Vector<uint8_t>& masterKeyData)
</span><span class="lines">@@ -76,10 +74,23 @@
</span><span class="cx"> masterKeyData.resize(masterKeySizeInBytes);
</span><span class="cx"> CCRandomCopyBytes(kCCRandomDefault, masterKeyData.data(), masterKeyData.size());
</span><span class="cx">
</span><ins>+#if PLATFORM(IOS)
+ NSBundle *mainBundle = [NSBundle mainBundle];
+ NSString *applicationName = [mainBundle objectForInfoDictionaryKey:@"CFBundleDisplayName"];
+ if (!applicationName)
+ applicationName = [mainBundle objectForInfoDictionaryKey:(NSString *)kCFBundleNameKey];
+ if (!applicationName)
+ applicationName = [mainBundle bundleIdentifier];
+ NSString *localizedItemName = webCryptoMasterKeyKeychainLabel(applicationName);
+#else
</ins><span class="cx"> NSString *localizedItemName = webCryptoMasterKeyKeychainLabel([[NSRunningApplication currentApplication] localizedName]);
</span><ins>+#endif
</ins><span class="cx">
</span><ins>+ OSStatus status;
+
+#if USE(KEYCHAIN_ACCESS_CONTROL_LISTS)
</ins><span class="cx"> SecAccessRef accessRef;
</span><del>- OSStatus status = SecAccessCreate((CFStringRef)localizedItemName, nullptr, &accessRef);
</del><ins>+ status = SecAccessCreate((CFStringRef)localizedItemName, nullptr, &accessRef);
</ins><span class="cx"> if (status) {
</span><span class="cx"> WTFLogAlways("Cannot create a security access object for storing WebCrypto master key, error %d", (int)status);
</span><span class="cx"> return nullptr;
</span><span class="lines">@@ -102,6 +113,7 @@
</span><span class="cx"> WTFLogAlways("Cannot set ACL for WebCrypto master key, error %d", (int)status);
</span><span class="cx"> return nullptr;
</span><span class="cx"> }
</span><ins>+#endif
</ins><span class="cx">
</span><span class="cx"> Vector<char> base64EncodedMasterKeyData;
</span><span class="cx"> base64Encode(masterKeyData, base64EncodedMasterKeyData);
</span><span class="lines">@@ -110,8 +122,9 @@
</span><span class="cx"> NSDictionary *attributes = @{
</span><span class="cx"> (id)kSecClass : (id)kSecClassGenericPassword,
</span><span class="cx"> (id)kSecAttrSynchronizable : @NO,
</span><del>- (id)kSecAttrIsPermanent : @YES,
</del><ins>+#if USE(KEYCHAIN_ACCESS_CONTROL_LISTS)
</ins><span class="cx"> (id)kSecAttrAccess : (id)access.get(),
</span><ins>+#endif
</ins><span class="cx"> (id)kSecAttrComment : webCryptoMasterKeyKeychainComment(),
</span><span class="cx"> (id)kSecAttrLabel : localizedItemName,
</span><span class="cx"> (id)kSecAttrAccount : masterKeyAccountNameForCurrentApplication(),
</span><span class="lines">@@ -155,8 +168,6 @@
</span><span class="cx"> return true;
</span><span class="cx"> }
</span><span class="cx">
</span><del>-#endif
-
</del><span class="cx"> bool wrapSerializedCryptoKey(const Vector<uint8_t>& masterKey, const Vector<uint8_t>& key, Vector<uint8_t>& result)
</span><span class="cx"> {
</span><span class="cx"> Vector<uint8_t> kek(16);
</span></span></pre>
</div>
</div>
</body>
</html>