[refactor] More post-NSS WebCrypto cleanups (utility functions).

components/webcrypto/algorithms/hmac.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <openssl/hmac.h>
 
 #include "base/logging.h"
+#include "base/numerics/safe_math.h"
 #include "base/stl_util.h"
 #include "components/webcrypto/algorithm_implementation.h"
+#include "components/webcrypto/algorithms/secret_key_util.h"
 #include "components/webcrypto/algorithms/util_openssl.h"
 #include "components/webcrypto/crypto_data.h"
 #include "components/webcrypto/jwk.h"
 #include "components/webcrypto/key.h"
 #include "components/webcrypto/status.h"
 #include "components/webcrypto/webcrypto_util.h"
 #include "crypto/openssl_util.h"
 #include "crypto/secure_util.h"
 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
 
 namespace webcrypto {
 
 namespace {
 
+Status GetShaBlockSizeBits(const blink::WebCryptoAlgorithm& algorithm,
+                           unsigned int* block_size_bits) {
+  switch (algorithm.id()) {
+    case blink::WebCryptoAlgorithmIdSha1:
+    case blink::WebCryptoAlgorithmIdSha256:
+      *block_size_bits = 512;
+      return Status::Success();
+    case blink::WebCryptoAlgorithmIdSha384:
+    case blink::WebCryptoAlgorithmIdSha512:
+      *block_size_bits = 1024;

[davidben, 2015/09/18 22:15:59]

Probably for later, but OpenSSL knows this already. It's EVP_MD_block_size.

[eroman, 2015/09/18 23:13:23]

Thanks, I will look at that in a follow-up!
For now added a TODO so I don't forget.

+      return Status::Success();
+    default:
+      return Status::ErrorUnsupported();
+  }
+}
+
+// Gets the requested key length in bits for an HMAC import operation.
+Status GetHmacImportKeyLengthBits(
+    const blink::WebCryptoHmacImportParams* params,
+    unsigned int key_data_byte_length,
+    unsigned int* keylen_bits) {
+  if (key_data_byte_length == 0)
+    return Status::ErrorHmacImportEmptyKey();
+
+  // Make sure that the key data's length can be represented in bits without
+  // overflow.
+  base::CheckedNumeric<unsigned int> checked_keylen_bits(key_data_byte_length);
+  checked_keylen_bits *= 8;
+
+  if (!checked_keylen_bits.IsValid())
+    return Status::ErrorDataTooLarge();
+
+  unsigned int data_keylen_bits = checked_keylen_bits.ValueOrDie();
+
+  // Determine how many bits of the input to use.
+  *keylen_bits = data_keylen_bits;
+  if (params->hasLengthBits()) {
+    // The requested bit length must be:
+    //   * No longer than the input data length
+    //   * At most 7 bits shorter.
+    if (NumBitsToBytes(params->optionalLengthBits()) != key_data_byte_length)
+      return Status::ErrorHmacImportBadLength();
+    *keylen_bits = params->optionalLengthBits();
+  }
+
+  return Status::Success();
+}
+
 const char* GetJwkHmacAlgorithmName(blink::WebCryptoAlgorithmId hash) {
   switch (hash) {
     case blink::WebCryptoAlgorithmIdSha1:
       return "HS1";
     case blink::WebCryptoAlgorithmIdSha256:
       return "HS256";
     case blink::WebCryptoAlgorithmIdSha384:
       return "HS384";
     case blink::WebCryptoAlgorithmIdSha512:
       return "HS512";
@@ skipping 39 matching lines @@
                      blink::WebCryptoKeyUsageMask usages,
                      GenerateKeyResult* result) const override {
     Status status = CheckKeyCreationUsages(kAllKeyUsages, usages, false);
     if (status.IsError())
       return status;
 
     const blink::WebCryptoHmacKeyGenParams* params =
         algorithm.hmacKeyGenParams();
 
     unsigned int keylen_bits = 0;
-    status = GetHmacKeyGenLengthInBits(params, &keylen_bits);
-    if (status.IsError())
-      return status;
+    if (params->hasLengthBits()) {
+      keylen_bits = params->optionalLengthBits();
+      // Zero-length HMAC keys are disallowed by the spec.
+      if (keylen_bits == 0)
+        return Status::ErrorGenerateHmacKeyLengthZero();
+    } else {
+      status = GetShaBlockSizeBits(params->hash(), &keylen_bits);
+      if (status.IsError())
+        return status;
+    }
 
     return GenerateWebCryptoSecretKey(blink::WebCryptoKeyAlgorithm::createHmac(
                                           params->hash().id(), keylen_bits),
                                       extractable, usages, keylen_bits, result);
   }
 
   Status VerifyKeyUsagesBeforeImportKey(
       blink::WebCryptoKeyFormat format,
       blink::WebCryptoKeyUsageMask usages) const override {
     switch (format) {
@@ skipping 42 matching lines @@
                       bool extractable,
                       blink::WebCryptoKeyUsageMask usages,
                       blink::WebCryptoKey* key) const override {
     const char* algorithm_name =
         GetJwkHmacAlgorithmName(algorithm.hmacImportParams()->hash().id());
     if (!algorithm_name)
       return Status::ErrorUnexpected();
 
     std::vector<uint8_t> raw_data;
     JwkReader jwk;
-    Status status = ReadSecretKeyNoExpectedAlg(key_data, extractable, usages,
-                                               &raw_data, &jwk);
+    Status status = ReadSecretKeyNoExpectedAlgJwk(key_data, extractable, usages,
+                                                  &raw_data, &jwk);
     if (status.IsError())
       return status;
     status = jwk.VerifyAlg(algorithm_name);
     if (status.IsError())
       return status;
 
     return ImportKeyRaw(CryptoData(raw_data), algorithm, extractable, usages,
                         key);
   }
 
@@ skipping 54 matching lines @@
                                 blink::WebCryptoKeyUsageMask usages,
                                 const CryptoData& key_data,
                                 blink::WebCryptoKey* key) const override {
     return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
                                     key);
   }
 
   Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
                       bool* has_length_bits,
                       unsigned int* length_bits) const override {
-    return GetHmacKeyLength(key_length_algorithm, has_length_bits, length_bits);
+    const blink::WebCryptoHmacImportParams* params =
+        key_length_algorithm.hmacImportParams();
+
+    *has_length_bits = true;
+    if (params->hasLengthBits()) {
+      *length_bits = params->optionalLengthBits();
+      if (*length_bits == 0)
+        return Status::ErrorGetHmacKeyLengthZero();
+      return Status::Success();
+    }
+
+    return GetShaBlockSizeBits(params->hash(), length_bits);
   }
 };
 
 }  // namespace
 
 scoped_ptr<AlgorithmImplementation> CreateHmacImplementation() {
   return make_scoped_ptr(new HmacImplementation);
 }
 
 }  // namespace webcrypto