Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(353)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: components/webcrypto/algorithms/hkdf.cc

Issue 2289033002: Require extractable=false for KDF import (Closed)
Patch Set: update another test Created 4 years, 3 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « no previous file | components/webcrypto/algorithms/pbkdf2.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2015 The Chromium Authors. All rights reserved. 1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include <openssl/err.h> 5 #include <openssl/err.h>
6 #include <openssl/hkdf.h> 6 #include <openssl/hkdf.h>
7 #include <stdint.h> 7 #include <stdint.h>
8 8
9 #include "base/logging.h" 9 #include "base/logging.h"
10 #include "base/memory/ptr_util.h" 10 #include "base/memory/ptr_util.h"
(...skipping 34 matching lines...) Expand 10 before | Expand all | Expand 10 after
45 45
46 Status ImportKeyRaw(const CryptoData& key_data, 46 Status ImportKeyRaw(const CryptoData& key_data,
47 const blink::WebCryptoAlgorithm& algorithm, 47 const blink::WebCryptoAlgorithm& algorithm,
48 bool extractable, 48 bool extractable,
49 blink::WebCryptoKeyUsageMask usages, 49 blink::WebCryptoKeyUsageMask usages,
50 blink::WebCryptoKey* key) const { 50 blink::WebCryptoKey* key) const {
51 Status status = CheckKeyCreationUsages(kValidUsages, usages); 51 Status status = CheckKeyCreationUsages(kValidUsages, usages);
52 if (status.IsError()) 52 if (status.IsError())
53 return status; 53 return status;
54 54
55 if (extractable)
56 return Status::ErrorImportExtractableKdfKey();
57
55 return CreateWebCryptoSecretKey( 58 return CreateWebCryptoSecretKey(
56 key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams( 59 key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams(
57 blink::WebCryptoAlgorithmIdHkdf), 60 blink::WebCryptoAlgorithmIdHkdf),
58 extractable, usages, key); 61 extractable, usages, key);
59 } 62 }
60 63
61 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, 64 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
62 const blink::WebCryptoKey& base_key, 65 const blink::WebCryptoKey& base_key,
63 bool has_optional_length_bits, 66 bool has_optional_length_bits,
64 unsigned int optional_length_bits, 67 unsigned int optional_length_bits,
(...skipping 30 matching lines...) Expand all
95 TruncateToBitLength(optional_length_bits, derived_bytes); 98 TruncateToBitLength(optional_length_bits, derived_bytes);
96 return Status::Success(); 99 return Status::Success();
97 } 100 }
98 101
99 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, 102 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
100 blink::WebCryptoKeyType type, 103 blink::WebCryptoKeyType type,
101 bool extractable, 104 bool extractable,
102 blink::WebCryptoKeyUsageMask usages, 105 blink::WebCryptoKeyUsageMask usages,
103 const CryptoData& key_data, 106 const CryptoData& key_data,
104 blink::WebCryptoKey* key) const override { 107 blink::WebCryptoKey* key) const override {
108 // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false.
109 // This is intentional. Although keys cannot currently be created with
110 // extractable==true, earlier implementations permitted this, so
111 // de-serialization by structured clone should not reject them.
105 return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages, 112 return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
106 key); 113 key);
107 } 114 }
108 115
109 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm, 116 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
110 bool* has_length_bits, 117 bool* has_length_bits,
111 unsigned int* length_bits) const override { 118 unsigned int* length_bits) const override {
112 *has_length_bits = false; 119 *has_length_bits = false;
113 return Status::Success(); 120 return Status::Success();
114 } 121 }
115 }; 122 };
116 123
117 } // namespace 124 } // namespace
118 125
119 std::unique_ptr<AlgorithmImplementation> CreateHkdfImplementation() { 126 std::unique_ptr<AlgorithmImplementation> CreateHkdfImplementation() {
120 return base::WrapUnique(new HkdfImplementation); 127 return base::WrapUnique(new HkdfImplementation);
121 } 128 }
122 129
123 } // namespace webcrypto 130 } // namespace webcrypto
OLDNEW
« no previous file with comments | « no previous file | components/webcrypto/algorithms/pbkdf2.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698