Implement HKDF for WebCrypto (blink-side)

Source/bindings/modules/v8/ScriptValueSerializerForModules.cpp

 // Copyright 2014 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "config.h"
 #include "bindings/modules/v8/ScriptValueSerializerForModules.h"
 
 #include "bindings/core/v8/SerializationTag.h"
 #include "bindings/core/v8/V8Binding.h"
 #include "bindings/modules/v8/V8CryptoKey.h"
@@ skipping 12 matching lines @@
     Sha256Tag = 6,
     Sha384Tag = 7,
     Sha512Tag = 8,
     AesGcmTag = 9,
     RsaOaepTag = 10,
     AesCtrTag = 11,
     AesKwTag = 12,
     RsaPssTag = 13,
     EcdsaTag = 14,
     EcdhTag = 15,
+    HkdfTag = 16,
     // Maximum allowed value is 2^32-1
 };
 
 enum NamedCurveTag {
     P256Tag = 1,
     P384Tag = 2,
     P521Tag = 3,
 };
 
 enum CryptoKeyUsage {
@@ skipping 11 matching lines @@
     DeriveBitsUsage = 1 << 8,
     // Maximum allowed value is 1 << 31
 };
 
 enum CryptoKeySubTag {
     AesKeyTag = 1,
     HmacKeyTag = 2,
     // ID 3 was used by RsaKeyTag, while still behind experimental flag.
     RsaHashedKeyTag = 4,
     EcKeyTag = 5,
+    KdfKeyTag = 6,
     // Maximum allowed value is 255
 };
 
 enum AssymetricCryptoKeyType {
     PublicKeyType = 1,
     PrivateKeyType = 2,
     // Maximum allowed value is 2^32-1
 };
 
 
@@ skipping 41 matching lines @@
     case WebCryptoKeyAlgorithmParamsTypeHmac:
         doWriteHmacKey(key);
         break;
     case WebCryptoKeyAlgorithmParamsTypeRsaHashed:
         doWriteRsaHashedKey(key);
         break;
     case WebCryptoKeyAlgorithmParamsTypeEc:
         doWriteEcKey(key);
         break;
     case WebCryptoKeyAlgorithmParamsTypeNone:
-        ASSERT_NOT_REACHED();
-        return false;
+        ASSERT(WebCryptoAlgorithm::isKdf(key.algorithm().id()));
+        doWriteKdfKey(key);

[eroman, 2015/01/09 03:07:29]

Given the switch statement on params type, I think a better naming is to call
these "key without params" or some such thing, rather than KdfKey.

How about:

  doWriteKeyWithoutParams(key)

I suggest this because an understanding of the KDF class of algorithms and what
params they do and don't have is a more fuzzy concept in my opinion. Whereas a
key without any params is something readers immediately get. (The crypto
knowledge as much as possible is kept out of Blink).

[nharper, 2015/01/09 04:45:52]

I think this is reasonable, but the changes needed would be in more than just
this file (otherwise we're just pushing this inconsistency around the
serialization/deserialization code here). Specifically, it would be changing
WebCryptoKeyAlgorithm::createKdf() to be WebCryptoKeyAlgorithm::create() (or
create an explicit 1-arg constructor for WebCryptoKeyAlgorithm), and have it not
care about what type of algorithm it is, just that it's an algorithm with no
params. WebCryptoAlgorithm::isKdf() would also want to be changed to something
like WebCryptoAlgorithm::hasNoParams(WebCryptoAlgorithmId id).

Should I go ahead and make those changes (I don't know if I'll run into more
changes that will need to be made, but I think it will make it all consistent),
or should I leave it as is?

[nharper, 2015/01/09 21:21:09]

We discussed this, and I've changed it.

     }
 
     doWriteKeyUsages(key.usages(), key.extractable());
 
     WebVector<uint8_t> keyData;
     if (!Platform::current()->crypto()->serializeKeyForClone(key, keyData))
         return false;
 
     doWriteUint32(keyData.size());
     append(keyData.data(), keyData.size());
@@ skipping 40 matching lines @@
 void SerializedScriptValueWriterForModules::doWriteEcKey(const WebCryptoKey& key)
 {
     ASSERT(key.algorithm().ecParams());
     append(static_cast<uint8_t>(EcKeyTag));
 
     doWriteAlgorithmId(key.algorithm().id());
     doWriteAsymmetricKeyType(key.type());
     doWriteNamedCurve(key.algorithm().ecParams()->namedCurve());
 }
 
+void SerializedScriptValueWriterForModules::doWriteKdfKey(const WebCryptoKey& key)
+{
+    append(static_cast<uint8_t>(KdfKeyTag));
+
+    doWriteAlgorithmId(key.algorithm().id());
+}
+
 void SerializedScriptValueWriterForModules::doWriteAlgorithmId(WebCryptoAlgorithmId id)
 {
     switch (id) {
     case WebCryptoAlgorithmIdAesCbc:
         return doWriteUint32(AesCbcTag);
     case WebCryptoAlgorithmIdHmac:
         return doWriteUint32(HmacTag);
     case WebCryptoAlgorithmIdRsaSsaPkcs1v1_5:
         return doWriteUint32(RsaSsaPkcs1v1_5Tag);
     case WebCryptoAlgorithmIdSha1:
@@ skipping 11 matching lines @@
     case WebCryptoAlgorithmIdAesCtr:
         return doWriteUint32(AesCtrTag);
     case WebCryptoAlgorithmIdAesKw:
         return doWriteUint32(AesKwTag);
     case WebCryptoAlgorithmIdRsaPss:
         return doWriteUint32(RsaPssTag);
     case WebCryptoAlgorithmIdEcdsa:
         return doWriteUint32(EcdsaTag);
     case WebCryptoAlgorithmIdEcdh:
         return doWriteUint32(EcdhTag);
+    case WebCryptoAlgorithmIdHkdf:
+        return doWriteUint32(HkdfTag);
     }
     ASSERT_NOT_REACHED();
 }
 
 void SerializedScriptValueWriterForModules::doWriteAsymmetricKeyType(WebCryptoKeyType keyType)
 {
     switch (keyType) {
     case WebCryptoKeyTypePublic:
         doWriteUint32(PublicKeyType);
         break;
@@ skipping 124 matching lines @@
             return false;
         break;
     case RsaHashedKeyTag:
         if (!doReadRsaHashedKey(algorithm, type))
             return false;
         break;
     case EcKeyTag:
         if (!doReadEcKey(algorithm, type))
             return false;
         break;
+    case KdfKeyTag:
+        if (!doReadKdfKey(algorithm, type))
+            return false;
+        break;
     default:
         return false;
     }
 
     WebCryptoKeyUsageMask usages;
     bool extractable;
     if (!doReadKeyUsages(usages, extractable))
         return false;
 
     uint32_t keyDataLength;
@@ skipping 79 matching lines @@
         return false;
 
     WebCryptoNamedCurve namedCurve;
     if (!doReadNamedCurve(namedCurve))
         return false;
 
     algorithm = WebCryptoKeyAlgorithm::createEc(id, namedCurve);
     return !algorithm.isNull();
 }
 
+bool SerializedScriptValueReaderForModules::doReadKdfKey(WebCryptoKeyAlgorithm& algorithm, WebCryptoKeyType& type)
+{
+    WebCryptoAlgorithmId kdf;
+    if (!doReadAlgorithmId(kdf))
+        return false;
+    algorithm = WebCryptoKeyAlgorithm::createKdf(kdf);
+    type = WebCryptoKeyTypeSecret;
+    return !algorithm.isNull();
+}
+
 bool SerializedScriptValueReaderForModules::doReadAlgorithmId(WebCryptoAlgorithmId& id)
 {
     uint32_t rawId;
     if (!doReadUint32(&rawId))
         return false;
 
     switch (static_cast<CryptoKeyAlgorithmTag>(rawId)) {
     case AesCbcTag:
         id = WebCryptoAlgorithmIdAesCbc;
         return true;
@@ skipping 29 matching lines @@
         return true;
     case RsaPssTag:
         id = WebCryptoAlgorithmIdRsaPss;
         return true;
     case EcdsaTag:
         id = WebCryptoAlgorithmIdEcdsa;
         return true;
     case EcdhTag:
         id = WebCryptoAlgorithmIdEcdh;
         return true;
+    case HkdfTag:
+        id = WebCryptoAlgorithmIdHkdf;
+        return true;
     }
 
     return false;
 }
 
 bool SerializedScriptValueReaderForModules::doReadAsymmetricKeyType(WebCryptoKeyType& type)
 {
     uint32_t rawType;
     if (!doReadUint32(&rawType))
         return false;
@@ skipping 73 matching lines @@
     : ScriptValueDeserializer(reader, messagePorts, arrayBufferContents)
 {
 }
 
 bool ScriptValueDeserializerForModules::read(v8::Local<v8::Value>* value)
 {
     return toSerializedScriptValueReaderForModules(reader()).read(value, *this);
 }
 
 } // namespace blink