Initial commit

Netflix · Jun 28, 2013 · af8920c · af8920c
commit af8920c
Show file tree

Hide file tree

Showing 2,058 changed files with 414,884 additions and 0 deletions.
diff --git a/.cproject b/.cproject
@@ -0,0 +1,60 @@
+<?xml version="1.0" encoding="UTF-8" standalone="no"?>
+<?fileVersion 4.0.0?>
+
+<cproject storage_type_id="org.eclipse.cdt.core.XmlProjectDescriptionStorage">
+	<storageModule moduleId="org.eclipse.cdt.core.settings">
+		<cconfiguration id="cdt.managedbuild.toolchain.gnu.base.2080892113">
+			<storageModule buildSystemId="org.eclipse.cdt.managedbuilder.core.configurationDataProvider" id="cdt.managedbuild.toolchain.gnu.base.2080892113" moduleId="org.eclipse.cdt.core.settings" name="Default">
+				<externalSettings/>
+				<extensions>
+					<extension id="org.eclipse.cdt.core.ELF" point="org.eclipse.cdt.core.BinaryParser"/>
+					<extension id="org.eclipse.cdt.core.GmakeErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.CWDLocator" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GCCErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GASErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+					<extension id="org.eclipse.cdt.core.GLDErrorParser" point="org.eclipse.cdt.core.ErrorParser"/>
+				</extensions>
+			</storageModule>
+			<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+				<configuration buildProperties="" description="" id="cdt.managedbuild.toolchain.gnu.base.2080892113" name="Default" parent="org.eclipse.cdt.build.core.emptycfg">
+					<folderInfo id="cdt.managedbuild.toolchain.gnu.base.2080892113.1610461109" name="/" resourcePath="">
+						<toolChain id="cdt.managedbuild.toolchain.gnu.base.827116043" name="cdt.managedbuild.toolchain.gnu.base" superClass="cdt.managedbuild.toolchain.gnu.base">
+							<targetPlatform archList="all" binaryParser="org.eclipse.cdt.core.ELF" id="cdt.managedbuild.target.gnu.platform.base.866530532" name="Debug Platform" osList="linux,hpux,aix,qnx" superClass="cdt.managedbuild.target.gnu.platform.base"/>
+							<builder buildPath="/home/padolph/builds/nfWebCrypto/amd64/debug" id="cdt.managedbuild.target.gnu.builder.base.676978957" keepEnvironmentInBuildfile="false" managedBuildOn="false" name="Gnu Make Builder" superClass="cdt.managedbuild.target.gnu.builder.base"/>
+							<tool id="cdt.managedbuild.tool.gnu.archiver.base.4350754" name="GCC Archiver" superClass="cdt.managedbuild.tool.gnu.archiver.base"/>
+							<tool id="cdt.managedbuild.tool.gnu.cpp.compiler.base.1849423772" name="GCC C++ Compiler" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.base">
+								<inputType id="cdt.managedbuild.tool.gnu.cpp.compiler.input.1201101726" superClass="cdt.managedbuild.tool.gnu.cpp.compiler.input"/>
+							</tool>
+							<tool id="cdt.managedbuild.tool.gnu.c.compiler.base.140287223" name="GCC C Compiler" superClass="cdt.managedbuild.tool.gnu.c.compiler.base">
+								<inputType id="cdt.managedbuild.tool.gnu.c.compiler.input.966072129" superClass="cdt.managedbuild.tool.gnu.c.compiler.input"/>
+							</tool>
+							<tool id="cdt.managedbuild.tool.gnu.c.linker.base.1538540463" name="GCC C Linker" superClass="cdt.managedbuild.tool.gnu.c.linker.base"/>
+							<tool id="cdt.managedbuild.tool.gnu.cpp.linker.base.2027494435" name="GCC C++ Linker" superClass="cdt.managedbuild.tool.gnu.cpp.linker.base">
+								<inputType id="cdt.managedbuild.tool.gnu.cpp.linker.input.942471037" superClass="cdt.managedbuild.tool.gnu.cpp.linker.input">
+									<additionalInput kind="additionalinputdependency" paths="$(USER_OBJS)"/>
+									<additionalInput kind="additionalinput" paths="$(LIBS)"/>
+								</inputType>
+							</tool>
+							<tool id="cdt.managedbuild.tool.gnu.assembler.base.475446057" name="GCC Assembler" superClass="cdt.managedbuild.tool.gnu.assembler.base">
+								<inputType id="cdt.managedbuild.tool.gnu.assembler.input.1951008475" superClass="cdt.managedbuild.tool.gnu.assembler.input"/>
+							</tool>
+						</toolChain>
+					</folderInfo>
+				</configuration>
+			</storageModule>
+			<storageModule moduleId="org.eclipse.cdt.core.externalSettings"/>
+		</cconfiguration>
+	</storageModule>
+	<storageModule moduleId="cdtBuildSystem" version="4.0.0">
+		<project id="NfWebCrypto Github.null.434145122" name="NfWebCrypto Github"/>
+	</storageModule>
+	<storageModule moduleId="scannerConfiguration">
+		<autodiscovery enabled="true" problemReportingEnabled="true" selectedProfileId=""/>
+	</storageModule>
+	<storageModule moduleId="org.eclipse.cdt.core.LanguageSettingsProviders"/>
+	<storageModule moduleId="refreshScope" versionNumber="2">
+		<configuration configurationName="Default">
+			<resource resourceType="PROJECT" workspacePath="/NfWebCrypto Github"/>
+		</configuration>
+	</storageModule>
+</cproject>
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,2 @@
+/.externalToolBuilders
+/.project
diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -0,0 +1,21 @@
+#
+# Copyright 2013 Netflix, Inc.
+#
+#    Licensed under the Apache License, Version 2.0 (the "License");
+#    you may not use this file except in compliance with the License.
+#    You may obtain a copy of the License at
+#
+#        http://www.apache.org/licenses/LICENSE-2.0
+#
+#    Unless required by applicable law or agreed to in writing, software
+#    distributed under the License is distributed on an "AS IS" BASIS,
+#    WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+#    See the License for the specific language governing permissions and
+#    limitations under the License.
+
+cmake_minimum_required (VERSION 2.8)
+project (nfwebcrypto)
+
+add_subdirectory(base)
+add_subdirectory(crypto)
+add_subdirectory(plugin)
diff --git a/LICENSE.txt b/LICENSE.txt
@@ -0,0 +1,11 @@
+Licensed under the Apache License, Version 2.0 (the "License");
+you may not use this file except in compliance with the License.
+You may obtain a copy of the License at
+
+     http://www.apache.org/licenses/LICENSE-2.0
+
+Unless required by applicable law or agreed to in writing, software
+distributed under the License is distributed on an "AS IS" BASIS,
+WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+See the License for the specific language governing permissions and
+limitations under the License.
diff --git a/README.md b/README.md
@@ -0,0 +1,166 @@
+Netflix WebCrypto (NfWebCrypto)
+================================
+
+Netflix WebCrypto is a polyfill of the [W3C Web Cryptography API](http://www.w3.org/TR/WebCryptoAPI/),
+22 April 2013 Editor's Draft, as a native Chrome PPAPI plugin. Unlike a javascript polyfill, the native implementation
+supports a stronger security model with no key material exposed to javascript. The goal is to make the Web Crypto
+Javascript API [freely available](http://www.apache.org/licenses/LICENSE-2.0) to web
+developers for experimentation and use prior to its implementation by browser vendors.
+
+Currently only Google Chrome / Chromium on linux amd64 is supported.
+
+Features
+--------
+
+NfWebCrypto does not implement the Web Crypto API in its entirety, due to
+limitations of browser plugin technology and initial focus on operations and
+algorithms most useful to Netflix. However, the existing feature set supports
+many typical and common crypto use cases targeted by the Web Crypto API.
+
+Supported
+
+* Interfaces supported:
+  + Key, KeyPair
+  + KeyOperation
+  + CryptoOperation
+* SubtleCrypto interface methods supported
+  + encrypt, decrypt
+  + sign, verify
+  + generateKey
+  + exportKey, importKey
+  + wrapKey, unwrapKey
+* Key formats supported
+  + symmetric keys: raw and jwk (raw)
+  + asymmetric keys: pkcs#8 (public), spki (private), and jwk (public only)
+* Algorithms supported
+  + HMAC SHA-256: sign, verify, importKey, exportKey, generateKey
+  + AES-128 CBC w/ PKCS#5 padding: encrypt, decrypt, importKey, exportKey, generateKey
+  + RSASSA-PKCS1-v1_5: sign, verify, importKey, generateKey
+  + RSAES-PKCS1-v1_5: encrypt, decrypt, importKey, exportKey, generateKey
+  + Diffie-Hellman: generateKey, deriveKey
+  + RSA-OAEP: wrapKey*, unwrapKey*
+  + AES-KW: wrapKey*, unwrapKey*
+
+*Wrap/Unwrap operations follow the Netflix [KeyWrap Proposal](http://www.w3.org/2012/webcrypto/wiki/KeyWrap_Proposal)
+and support protection of the JWE payload with AES128-GCM.
+It is be possible to wrap/unwrap the following key types: HMAC SHA-256 and AES-128 CBC.
+
+Not Supported
+
+* The streaming/progressive processing model in not supported
+* Synchronous API's like getRandomValues() are not supported
+* Algorithm normalizing rules are not fully implemented
+* keyUsage is not currently enforced
+
+Moving forward, Netflix will continue to enhance this implementation and try to keep it as much in sync as possible
+with the latest draft Web Crypto API spec.
+
+Requirements
+------------
+
+Linux
+
+* Ubuntu 12.04 64-bit with build-essential, libssl-dev-1.0.1c or later, and cmake 2.8 or later
+* 64-bit Google Chrome / Chromium R22 or later (tested with R27)
+
+Directory Tour
+--------------
+
+    base/
+        Common C++ source for both the plugin and crypto component.
+    cmake/
+        Cmake toolchain files.
+        Linux desktop builds use the linux system build tools and libs.
+        Only 64-bit builds are supported for now.
+    crypto/
+        C++ source for the crypto component. The contents of this directory is
+        of primary interest to native devs; the entry point is the CadmiumCrypto
+        class. This directory currently builds to an archive file.
+    crypto/test/
+        Contains C++ gtest unit tests that exercise the CadmiumCrypto class
+        interface. Not fleshed out yet and currently not built.
+    misc/
+        Miscellaneous code to support development. Currently has code to run and
+        debug the Chrome browser with the plugin properly registered.
+    plugin/
+        C++ source of the PPAPI plugin. This code builds to shared library that
+        is dl-loaded by the browser when the plugin is registered. It handles
+        interfacing with the browser, bridging to the crypto thread, and decode/
+        dispatch of JSON messages to and from the browser. Native devs will
+        probably only be interested in the NativeBridge class here.
+    web/nfcrypt.js
+        The javascript front-end for the plugin. The bottom level of this code
+        handles the transport of JSON-serialized messages to and from the
+        plugin, while the top level implements the W3C WebCrypto interface.
+        Native devs will need to change the bottom level to match their bridge
+        API. This source file borrows heavily from polycrypt (polycrypt.net)
+    web/test_qa.html
+        The Jasmine HTML unit tests that exercise the javascript WebCrypto
+        API exposed to the javascript client by nfcrypt.js.
+        
+
+How to Build
+------------
+The following has been verified on Ubunutu 12.04. cmake 2.8 or later is required.
+
+    $ mkdir buildDir
+    $ cd buildDir
+    $ cmake -DCMAKE_TOOLCHAIN_FILE=(repo)/cmake/toolchains/linux64.cmake -DCMAKE_BUILD_TYPE=[Debug|Release] (repo)
+    $ make -j<N>
+
+Build Results
+-------------
+
+Browser plugin - This is registered and run within the Chrome browser.
+
+    (buildDir)/plugin/libnfwebcrypto.so
+    (buildDir)/plugin/nfwebcrypto.info
+
+Native gtest unit test executable (if built). This is run from the command
+line.
+
+    (buildDir)/crypto/test/test
+
+Native CadmiumCrypto archive. Native apps will link to this archive.
+
+    (buildDir)/crypto/libcadcrypto.a
+
+
+How to run the Unit Tests
+-------------------------
+
+Chrome must be run with a special command line option to register the plugin.
+The easiest way to do this is to use the provided start.sh script, which employs
+the .info file generated by the build.
+
+Make a directory and copy or symlink start.sh, libnfwebcrypto.so, and
+nfwebcrypto.info.
+
+    $ mkdir runNfWebCrypto
+    $ cd !$
+    $ ln -s (repo)/misc/desktop/start.sh
+    $ ln -s (buildDir)/plugin/libnfwebcrypto.so
+    $ ln -s (buildDir)/plugin/nfwebcrypto.info
+
+The start.sh script depends on the chrome executable present at
+/opt/google/chrome/chrome. Edit the script if this is not true. Finally, start
+chrome and run the [unit tests hosted on github](http://netflix.github.io/NfWebCrypto/web/test_qa.html)
+by running the script.
+
+    $ ./start.sh
+
+Note that there must not be any other chrome instance running in the system
+before the script is executed. Otherwise the action will be to just open a new
+tab on the existing instance without loading the plugin.
+
+The unit tests will run automatically and all should pass.
+
+Sample Code
+-----------
+
+Please see the javascript unit tests for examples of how to operate the
+Web Crypto API.
+
+TODO - add some simple examples here
+
+
diff --git a/TODO.md b/TODO.md
@@ -0,0 +1,17 @@
+Things To Do
+------------
+
+In priority order,
+
+1. Code review, especially security
+2. C++ gtest smoke tests, to run with the build
+3. Enforce keyUsage
+4. Port unit tests from Jasmine to [W3C test framework](https://github.com/w3c/web-platform-tests) and contribute there
+5. Documentation
+6. Refactor / tame CadmiumCryptoImpl.cpp
+7. Implement algorithm normalizing rules
+8. Keep pace with the latest editor's draft (specifically, keywrap changes)
+9. Add more algorithms
+10. Fix the error code mess
+11. Support Chrome on other platforms (macOS, Win)
+12. Port to other plugin technologies, e.g. NPAPI for Mozilla, Opera, Safari
diff --git a/base/Base64.cpp b/base/Base64.cpp
@@ -0,0 +1,108 @@
+/*
+ *
+ *  Copyright 2013 Netflix, Inc.
+ *
+ *     Licensed under the Apache License, Version 2.0 (the "License");
+ *     you may not use this file except in compliance with the License.
+ *     You may obtain a copy of the License at
+ *
+ *         http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *     Unless required by applicable law or agreed to in writing, software
+ *     distributed under the License is distributed on an "AS IS" BASIS,
+ *     WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *     See the License for the specific language governing permissions and
+ *     limitations under the License.
+ *
+ */
+#include "Base64.h"
+#include <iterator>
+#include <algorithm>
+
+namespace cadmium {
+namespace base {
+namespace Base64 {
+
+std::string encode(std::string const& s) {
+  std::string value;
+  encode(s.begin(), s.end(), std::back_inserter(value));
+  return value;
+}
+
+std::string decode(std::string const& s) {
+  std::string value;
+  decode(s.begin(), s.end(), std::back_inserter(value));
+  return value;
+}
+
+std::vector<unsigned char> encode(std::vector<unsigned char> const& v) {
+  std::vector<unsigned char> value;
+  encode(v.begin(), v.end(), std::back_inserter(value));
+  return value;
+}
+
+std::vector<unsigned char> decode(std::vector<unsigned char> const& v) {
+  std::vector<unsigned char> value;
+  decode(v.begin(), v.end(), std::back_inserter(value));
+  return value;
+}
+
+// URL-safe variants, from
+// http://tools.ietf.org/html/draft-ietf-jose-json-web-signature-08#appendix-C
+
+std::string encodeUrlSafe(std::string const& s)
+{
+    std::vector<unsigned char> v(s.begin(), s.end());
+    std::vector<unsigned char> ve = encodeUrlSafe(v);
+    return std::string(ve.begin(), ve.end());
+}
+
+std::string decodeUrlSafe(std::string const& s)
+{
+    std::vector<unsigned char> v(s.begin(), s.end());
+    std::vector<unsigned char> vd = decodeUrlSafe(v);
+    return std::string(vd.begin(), vd.end());
+}
+
+std::vector<unsigned char> encodeUrlSafe(std::vector<unsigned char> const& v)
+{
+    // Regular base64 encoder
+    std::vector<unsigned char> vv = encode(v);
+    // Remove any trailing "="s
+    vv.erase(remove(vv.begin(), vv.end(), '='), vv.end());
+    // 62nd char of encoding
+    std::replace(vv.begin(), vv.end(), '+', '-');
+    // 63rd char of encoding
+    std::replace(vv.begin(), vv.end(), '/', '_');
+    return vv;
+}
+
+std::vector<unsigned char> decodeUrlSafe(std::vector<unsigned char> const& v)
+{
+    std::vector<unsigned char> vv(v);
+    // 62nd char of encoding
+    std::replace(vv.begin(), vv.end(), '-', '+');
+    // 63rd char of encoding
+    std::replace(vv.begin(), vv.end(), '_', '/');
+    switch (vv.size() % 4)
+    {
+        case 0:
+            break;  // No pad chars in this case
+        case 2:
+            vv.push_back('=');  // Two pad chars
+            vv.push_back('=');
+            break;
+        case 3:
+            vv.push_back('=');  // One pad char
+            break;
+        default:
+            vv.clear();     // encoding error!
+            break;
+    }
+    // Standard base64 decoder
+    return decode(vv);
+}
+
+} // namespace Base64
+} // namespace base
+} // namespace cadmium