Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(129)

Issue 797723006: Implement PBKDF2 (except for generateKey) using BoringSSL (Closed)

Created:
5 years, 11 months ago by xun.sun
Modified:
5 years, 11 months ago
Reviewers:
eroman, davidben
CC:
chromium-reviews, darin-cc_chromium.org, jam, davidben
Base URL:
https://chromium.googlesource.com/chromium/src.git@pbkdf2
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Implement PBKDF2 (except for generateKey) using BoringSSL. The chromium-side implementation is https://codereview.chromium.org/820523003/. BUG=399099 R=eroman Committed: https://crrev.com/22a80e71d7199d9d51cbc1d54149cd48bc878e99 Cr-Commit-Position: refs/heads/master@{#312328}

Patch Set 1 #

Patch Set 2 : File includes ordering #

Patch Set 3 : Use PKCS5_PBKDF2_HMAC() from BoringSSL #

Total comments: 18

Patch Set 4 : Cleanup and add serialization methods #

Total comments: 10

Patch Set 5 : Added serialization and more accurate error messages #

Patch Set 6 : Rebased #

Total comments: 14

Patch Set 7 : #

Total comments: 2

Patch Set 8 : Throw OperationError on importing empty password #

Total comments: 2

Patch Set 9 : Check for empty password when deriving keys instead #

Patch Set 10 : Replace the use of std::vector::data() with &vector[0] #

Total comments: 4

Patch Set 11 : #

Unified diffs Side-by-side diffs Delta from patch set Stats (+93 lines, -42 lines) Patch
M content/child/webcrypto/algorithm_registry.cc View 1 2 3 4 5 3 chunks +5 lines, -1 line 0 comments Download
M content/child/webcrypto/nss/util_nss.cc View 1 2 3 4 5 1 chunk +6 lines, -0 lines 0 comments Download
A + content/child/webcrypto/openssl/pbkdf2_openssl.cc View 1 2 3 4 5 6 7 8 9 10 5 chunks +54 lines, -41 lines 0 comments Download
M content/child/webcrypto/platform_crypto.h View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download
M content/child/webcrypto/status.h View 1 2 3 4 5 6 7 1 chunk +9 lines, -0 lines 0 comments Download
M content/child/webcrypto/status.cc View 1 2 3 4 5 6 7 1 chunk +17 lines, -0 lines 0 comments Download
M content/content_child.gypi View 1 2 3 4 5 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 31 (4 generated)
xun.sun
PTAL.
5 years, 11 months ago (2015-01-07 06:31:14 UTC) #1
eroman
not lgtm. Does BoringSSL's PKCS5_PBKDF2_HMAC() not already implement what we need? https://code.google.com/p/chromium/codesearch#chromium/src/third_party/boringssl/src/include/openssl/evp.h&l=398
5 years, 11 months ago (2015-01-07 06:36:57 UTC) #2
xun.sun
On 2015/01/07 06:36:57, eroman wrote: > not lgtm. > > Does BoringSSL's PKCS5_PBKDF2_HMAC() not already ...
5 years, 11 months ago (2015-01-08 06:23:53 UTC) #3
eroman
https://codereview.chromium.org/797723006/diff/40001/content/child/webcrypto/nss/util_nss.cc File content/child/webcrypto/nss/util_nss.cc (right): https://codereview.chromium.org/797723006/diff/40001/content/child/webcrypto/nss/util_nss.cc#newcode105 content/child/webcrypto/nss/util_nss.cc:105: // TODO(xsun): http://crbug.com/399099 Rather than a TODO you can ...
5 years, 11 months ago (2015-01-09 02:26:21 UTC) #4
xun.sun
Revised according to @eroman's comments. https://codereview.chromium.org/797723006/diff/40001/content/child/webcrypto/nss/util_nss.cc File content/child/webcrypto/nss/util_nss.cc (right): https://codereview.chromium.org/797723006/diff/40001/content/child/webcrypto/nss/util_nss.cc#newcode105 content/child/webcrypto/nss/util_nss.cc:105: // TODO(xsun): http://crbug.com/399099 On ...
5 years, 11 months ago (2015-01-09 16:08:41 UTC) #5
eroman
https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode28 content/child/webcrypto/openssl/pbkdf2_openssl.cc:28: Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm, You can remove this alltogether ...
5 years, 11 months ago (2015-01-13 00:19:21 UTC) #6
eroman
https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode65 content/child/webcrypto/openssl/pbkdf2_openssl.cc:65: You also need a call to crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); to ...
5 years, 11 months ago (2015-01-13 00:30:17 UTC) #7
xun.sun
PTAL https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/60001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode28 content/child/webcrypto/openssl/pbkdf2_openssl.cc:28: Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm, On 2015/01/13 00:19:20, eroman ...
5 years, 11 months ago (2015-01-13 19:10:41 UTC) #8
eroman
LGTM. Also cc-ing David to verify the use of BoringSSL https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode79 ...
5 years, 11 months ago (2015-01-14 20:44:58 UTC) #9
davidben
BoringSSL bit lgtm with a style nit, but get Eric's answer on the two questions ...
5 years, 11 months ago (2015-01-14 23:42:30 UTC) #11
davidben
https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode86 content/child/webcrypto/openssl/pbkdf2_openssl.cc:86: params->salt().size(), params->iterations(), digest_algorithm, On 2015/01/14 23:42:30, David Benjamin wrote: ...
5 years, 11 months ago (2015-01-14 23:43:04 UTC) #12
eroman
https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode86 content/child/webcrypto/openssl/pbkdf2_openssl.cc:86: params->salt().size(), params->iterations(), digest_algorithm, On 2015/01/14 23:43:03, David Benjamin wrote: ...
5 years, 11 months ago (2015-01-15 01:32:07 UTC) #13
xun.sun
PTAL. https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/100001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode79 content/child/webcrypto/openssl/pbkdf2_openssl.cc:79: base::CheckedNumeric<int> password_size = password.size(); On 2015/01/14 20:44:58, eroman ...
5 years, 11 months ago (2015-01-15 17:21:17 UTC) #14
eroman
patchset 7 LGTM
5 years, 11 months ago (2015-01-15 21:22:31 UTC) #15
eroman
https://codereview.chromium.org/797723006/diff/120001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/120001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode76 content/child/webcrypto/openssl/pbkdf2_openssl.cc:76: const std::vector<uint8_t>& password = Note there is an issue ...
5 years, 11 months ago (2015-01-16 04:17:45 UTC) #16
eroman
https://codereview.chromium.org/797723006/diff/140001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/140001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode48 content/child/webcrypto/openssl/pbkdf2_openssl.cc:48: return Status::ErrorPbkdf2EmptyPassword(); Actually I had envisioned this being part ...
5 years, 11 months ago (2015-01-16 05:10:29 UTC) #17
xun.sun
https://codereview.chromium.org/797723006/diff/120001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/120001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode76 content/child/webcrypto/openssl/pbkdf2_openssl.cc:76: const std::vector<uint8_t>& password = On 2015/01/16 04:17:45, eroman wrote: ...
5 years, 11 months ago (2015-01-16 05:44:07 UTC) #18
eroman
lgtm thanks for making the changes
5 years, 11 months ago (2015-01-16 21:18:58 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/797723006/160001
5 years, 11 months ago (2015-01-20 17:02:36 UTC) #21
eroman
Try bot failed because std::vector::data() cannot be used.
5 years, 11 months ago (2015-01-20 17:14:38 UTC) #23
xun.sun
On 2015/01/20 17:14:38, eroman wrote: > Try bot failed because std::vector::data() cannot be used. Replaced ...
5 years, 11 months ago (2015-01-21 04:10:53 UTC) #24
eroman
lgtm after addressing these comments https://codereview.chromium.org/797723006/diff/180001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/180001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode96 content/child/webcrypto/openssl/pbkdf2_openssl.cc:96: if (!PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(&password.at(0)), For ...
5 years, 11 months ago (2015-01-21 04:57:35 UTC) #25
xun.sun
PTAL. https://codereview.chromium.org/797723006/diff/180001/content/child/webcrypto/openssl/pbkdf2_openssl.cc File content/child/webcrypto/openssl/pbkdf2_openssl.cc (right): https://codereview.chromium.org/797723006/diff/180001/content/child/webcrypto/openssl/pbkdf2_openssl.cc#newcode96 content/child/webcrypto/openssl/pbkdf2_openssl.cc:96: if (!PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(&password.at(0)), On 2015/01/21 04:57:35, eroman wrote: ...
5 years, 11 months ago (2015-01-21 05:11:32 UTC) #26
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/797723006/200001
5 years, 11 months ago (2015-01-21 05:15:40 UTC) #28
xun.sun
On 2015/01/21 05:15:40, I haz the power (commit-bot) wrote: > CQ is trying da patch. ...
5 years, 11 months ago (2015-01-21 13:57:28 UTC) #29
commit-bot: I haz the power
Committed patchset #11 (id:200001)
5 years, 11 months ago (2015-01-21 13:57:50 UTC) #30
commit-bot: I haz the power
5 years, 11 months ago (2015-01-21 13:59:42 UTC) #31
Message was sent while issue was closed.
Patchset 11 (id:??) landed as
https://crrev.com/22a80e71d7199d9d51cbc1d54149cd48bc878e99
Cr-Commit-Position: refs/heads/master@{#312328}

Powered by Google App Engine
This is Rietveld 408576698