WebCrypto: Implement crypto.subtle.deriveKey (chromium-side).

content/child/webcrypto/openssl/ecdh_openssl.cc

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include <openssl/ec.h>
 #include <openssl/ecdh.h>
 #include <openssl/evp.h>
 
 #include "base/logging.h"
 #include "content/child/webcrypto/algorithm_implementation.h"
@@ skipping 31 matching lines @@
                         blink::WebCryptoKeyUsageDeriveBits) {}
 
   const char* GetJwkAlgorithm(
       const blink::WebCryptoNamedCurve curve) const override {
     // JWK import for ECDH does not enforce any required value for "alg".
     return "";
   }
 
   Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
                     const blink::WebCryptoKey& base_key,
-                    unsigned int length_bits,
+                    bool has_optional_length_bits,
+                    unsigned int optional_length_bits,
                     std::vector<uint8_t>* derived_bytes) const override {
     if (base_key.type() != blink::WebCryptoKeyTypePrivate)
       return Status::ErrorUnexpectedKeyType();
 
     // Verify the "publicKey" parameter. The only guarantee from Blink is that
     // it is a valid WebCryptoKey, but it could be any type.
     const blink::WebCryptoKey& public_key =
         algorithm.ecdhKeyDeriveParams()->publicKey();
 
     if (public_key.type() != blink::WebCryptoKeyTypePublic)
       return Status::ErrorEcdhPublicKeyWrongType();
 
     // Make sure it is an EC key.
     if (!public_key.algorithm().ecParams())
       return Status::ErrorEcdhPublicKeyWrongType();
 
     // TODO(eroman): This is not described by the spec:
     // https://www.w3.org/Bugs/Public/show_bug.cgi?id=27404
     if (public_key.algorithm().id() != blink::WebCryptoAlgorithmIdEcdh)
       return Status::ErrorEcdhPublicKeyWrongAlgorithm();
 
     // The public and private keys come from different key pairs, however their
     // curves must match.
     if (public_key.algorithm().ecParams()->namedCurve() !=
         base_key.algorithm().ecParams()->namedCurve()) {
       return Status::ErrorEcdhCurveMismatch();
     }
 
-    // Handle the empty length case now to avoid calling an undefined
-    // |&derived_bytes->front()| later.
-    if (length_bits == 0) {
-      derived_bytes->clear();
-      return Status::Success();
-    }
-
     crypto::ScopedEC_KEY public_key_ec(
         EVP_PKEY_get1_EC_KEY(AsymKeyOpenSsl::Cast(public_key)->key()));
 
     const EC_POINT* public_key_point =
         EC_KEY_get0_public_key(public_key_ec.get());
 
     crypto::ScopedEC_KEY private_key_ec(
         EVP_PKEY_get1_EC_KEY(AsymKeyOpenSsl::Cast(base_key)->key()));
 
     // The size of the shared secret is the field size in bytes (rounded up).
     // Note that, if rounding was required, the most significant bits of the
     // secret are zero. So for P-521, the maximum length is 528 bits, not 521.
     int field_size_bytes = NumBitsToBytes(
         EC_GROUP_get_degree(EC_KEY_get0_group(private_key_ec.get())));
 
+    // If a desired key length was not specified, default to the field size
+    // (rounded up to nearest byte).
+    unsigned int length_bits =
+        has_optional_length_bits ? optional_length_bits : field_size_bytes * 8;
+
+    // Handle the empty length case now to avoid calling an undefined
+    // |&derived_bytes->front()| later.
+    if (length_bits == 0) {
+      derived_bytes->clear();
+      return Status::Success();
+    }
+
     if (length_bits > static_cast<unsigned int>(field_size_bytes * 8))
       return Status::ErrorEcdhLengthTooBig(field_size_bytes * 8);
 
     // Resize to target length in bytes (BoringSSL can operate on a shorter
     // buffer than field_size_bytes).
     derived_bytes->resize(NumBitsToBytes(length_bits));
 
     int result =
         ECDH_compute_key(&derived_bytes->front(), derived_bytes->size(),
                          public_key_point, private_key_ec.get(), 0);
     if (result < 0 || static_cast<size_t>(result) != derived_bytes->size())
       return Status::OperationError();
 
     TruncateToBitLength(length_bits, derived_bytes);
     return Status::Success();
   }
 };
 
 }  // namespace
 
 AlgorithmImplementation* CreatePlatformEcdhImplementation() {
   return new EcdhImplementation;
 }
 
 }  // namespace webcrypto
 
 }  // namespace content