Implement HKDF for WebCrypto (blink-side)

Source/modules/crypto/NormalizeAlgorithm.cpp

 /*
  * Copyright (C) 2013 Google Inc. All rights reserved.
  *
  * Redistribution and use in source and binary forms, with or without
  * modification, are permitted provided that the following conditions are
  * met:
  *
  *     * Redistributions of source code must retain the above copyright
  * notice, this list of conditions and the following disclaimer.
  *     * Redistributions in binary form must reproduce the above
@@ skipping 49 matching lines @@
 
 #if ENABLE(ASSERT)
     bool operator<(const AlgorithmNameMapping&) const;
 #endif
 };
 
 // Must be sorted by length, and then by reverse string.
 // Also all names must be upper case ASCII.
 const AlgorithmNameMapping algorithmNameMappings[] = {
     {"HMAC", 4, WebCryptoAlgorithmIdHmac},
+    {"HKDF", 4, WebCryptoAlgorithmIdHkdf},
     {"ECDH", 4, WebCryptoAlgorithmIdEcdh},
     {"SHA-1", 5, WebCryptoAlgorithmIdSha1},
     {"ECDSA", 5, WebCryptoAlgorithmIdEcdsa},
     {"AES-KW", 6, WebCryptoAlgorithmIdAesKw},
     {"SHA-512", 7, WebCryptoAlgorithmIdSha512},
     {"SHA-384", 7, WebCryptoAlgorithmIdSha384},
     {"SHA-256", 7, WebCryptoAlgorithmIdSha256},
     {"AES-CBC", 7, WebCryptoAlgorithmIdAesCbc},
     {"AES-GCM", 7, WebCryptoAlgorithmIdAesGcm},
     {"AES-CTR", 7, WebCryptoAlgorithmIdAesCtr},
@@ skipping 686 matching lines @@
 bool parseAesDerivedKeyParams(const Dictionary& raw, OwnPtr<WebCryptoAlgorithmParams>& params, const ErrorContext& context, AlgorithmError* error)
 {
     uint16_t length;
     if (!getUint16(raw, "length", length, context, error))
         return false;
 
     params = adoptPtr(new WebCryptoAesDerivedKeyParams(length));
     return true;
 }
 
+// The WebCrypto spec hasn't been updated yet to define HKDF. I am assuming a

[eroman, 2014/12/23 20:58:24]

Please add a FIXME or a link to a bug, so that there is an action-item somewhere
to update this comment (and possibly the implementation).

[nharper, 2014/12/23 22:46:59]

Done.

+// definition along the lines of:
+//
+//    dictionary HkdfParams : Algorithm {

[eroman, 2014/12/23 20:58:24]

How confident are you that this API will match the spec changes? (Taking stuff
back is problematic).

The bigger deal would be if the reflected key parameters changed, since those
can be persisted and requires backward support forever.

[nharper, 2014/12/23 22:46:59]

I'm not confident that this will match the spec. The names of the parameters
salt and info will most likely stay the same (as I pulled them from the RFC).
It's probably more likely that the salt will be optional instead of required.
There's a chance that info will be optional, although considering that label and
context were required for what the spec called "HKDF-CTR", info will probably be
required.

Assuming the names of the parameters stay the same, how much of a problem is it
if a parameter changes from required to optional?

[eroman, 2014/12/23 23:34:29]

Changing a required parameter from required -> optional is not a problem.
Going the other direction would be.

The rule of thumb, is we don't want web pages which previously worked, to
suddenly stop working. Relaxing the constraints is pretty much always safe,
however narrowing constraints will break consumers.

+//      required HashAlgorithmIdentifier hash;
+//      required BufferSource salt;
+//      required BufferSource info;
+//    };
+//
+// It is possible that salt will be changed to be optional.

[eroman, 2014/12/23 20:58:24]

nit: no need for this comment, already covered by above in my opinion.

[nharper, 2014/12/23 22:46:59]

Done.

+bool parseHkdfParams(const Dictionary& raw, OwnPtr<WebCryptoAlgorithmParams>& params, const ErrorContext& context, AlgorithmError* error)
+{
+    WebCryptoAlgorithm hash;
+    if (!parseHash(raw, hash, context, error))
+        return false;
+    BufferSource saltBufferSource;
+    if (!getBufferSource(raw, "salt", saltBufferSource, context, error))
+        return false;
+    BufferSource infoBufferSource;
+    if (!getBufferSource(raw, "info", infoBufferSource, context, error))
+        return false;
+
+    DOMArrayPiece salt(saltBufferSource);
+    DOMArrayPiece info(infoBufferSource);
+
+    params = adoptPtr(new WebCryptoHkdfParams(hash, salt.bytes(), salt.byteLength(), info.bytes(), info.byteLength()));
+    return true;
+}
+
 bool parseAlgorithmParams(const Dictionary& raw, WebCryptoAlgorithmParamsType type, OwnPtr<WebCryptoAlgorithmParams>& params, ErrorContext& context, AlgorithmError* error)
 {
     switch (type) {
     case WebCryptoAlgorithmParamsTypeNone:
         return true;
     case WebCryptoAlgorithmParamsTypeAesCbcParams:
         context.add("AesCbcParams");
         return parseAesCbcParams(raw, params, context, error);
     case WebCryptoAlgorithmParamsTypeAesKeyGenParams:
         context.add("AesKeyGenParams");
@@ skipping 30 matching lines @@
         return parseEcKeyGenParams(raw, params, context, error);
     case WebCryptoAlgorithmParamsTypeEcKeyImportParams:
         context.add("EcKeyImportParams");
         return parseEcKeyImportParams(raw, params, context, error);
     case WebCryptoAlgorithmParamsTypeEcdhKeyDeriveParams:
         context.add("EcdhKeyDeriveParams");
         return parseEcdhKeyDeriveParams(raw, params, context, error);
     case WebCryptoAlgorithmParamsTypeAesDerivedKeyParams:
         context.add("AesDerivedKeyParams");
         return parseAesDerivedKeyParams(raw, params, context, error);
+    case WebCryptoAlgorithmParamsTypeHkdfParams:
+        context.add("HkdfParams");
+        return parseHkdfParams(raw, params, context, error);
     }
     ASSERT_NOT_REACHED();
     return false;
 }
 
 const char* operationToString(WebCryptoOperation op)
 {
     switch (op) {
     case WebCryptoOperationEncrypt:
         return "encrypt";
@@ skipping 77 matching lines @@
 }
 
 } // namespace
 
 bool normalizeAlgorithm(const AlgorithmIdentifier& raw, WebCryptoOperation op, WebCryptoAlgorithm& algorithm, AlgorithmError* error)
 {
     return parseAlgorithmIdentifier(raw, op, algorithm, ErrorContext(), error);
 }
 
 } // namespace blink