Chromium Code Reviews| OLD | NEW |
|---|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include <openssl/err.h> | 5 #include "base/numerics/safe_math.h" |
| 6 #include <openssl/hkdf.h> | |
| 7 | |
| 8 #include "base/logging.h" | |
| 9 #include "base/stl_util.h" | |
| 10 #include "content/child/webcrypto/algorithm_implementation.h" | 6 #include "content/child/webcrypto/algorithm_implementation.h" |
| 11 #include "content/child/webcrypto/crypto_data.h" | 7 #include "content/child/webcrypto/crypto_data.h" |
| 12 #include "content/child/webcrypto/openssl/key_openssl.h" | 8 #include "content/child/webcrypto/openssl/key_openssl.h" |
| 13 #include "content/child/webcrypto/openssl/util_openssl.h" | 9 #include "content/child/webcrypto/openssl/util_openssl.h" |
| 14 #include "content/child/webcrypto/status.h" | 10 #include "content/child/webcrypto/status.h" |
| 15 #include "content/child/webcrypto/webcrypto_util.h" | 11 #include "content/child/webcrypto/webcrypto_util.h" |
| 16 #include "crypto/openssl_util.h" | 12 #include "crypto/openssl_util.h" |
| 17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | 13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" |
| 18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | 14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" |
| 19 | 15 |
| 20 namespace content { | 16 namespace content { |
| 21 | 17 |
| 22 namespace webcrypto { | 18 namespace webcrypto { |
| 23 | 19 |
| 24 namespace { | 20 namespace { |
| 25 | 21 |
| 26 const blink::WebCryptoKeyUsageMask kValidUsages = | 22 const blink::WebCryptoKeyUsageMask kAllKeyUsages = |
| 27 blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits; | 23 blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits; |
| 28 | 24 |
| 29 class HkdfImplementation : public AlgorithmImplementation { | 25 class Pbkdf2Implementation : public AlgorithmImplementation { |
| 30 public: | 26 public: |
| 31 HkdfImplementation() {} | 27 Pbkdf2Implementation() {} |
| 32 | 28 |
| 33 Status VerifyKeyUsagesBeforeImportKey( | 29 Status VerifyKeyUsagesBeforeImportKey( |
| 34 blink::WebCryptoKeyFormat format, | 30 blink::WebCryptoKeyFormat format, |
| 35 blink::WebCryptoKeyUsageMask usages) const override { | 31 blink::WebCryptoKeyUsageMask usages) const override { |
| 36 if (format != blink::WebCryptoKeyFormatRaw) | 32 switch (format) { |
| 37 return Status::ErrorUnsupportedImportKeyFormat(); | 33 case blink::WebCryptoKeyFormatRaw: |
| 38 return CheckKeyCreationUsages(kValidUsages, usages, false); | 34 return CheckKeyCreationUsages(kAllKeyUsages, usages, false); |
| 35 default: | |
| 36 return Status::ErrorUnsupportedImportKeyFormat(); | |
| 37 } | |
| 39 } | 38 } |
| 40 | 39 |
| 41 Status ImportKeyRaw(const CryptoData& key_data, | 40 Status ImportKeyRaw(const CryptoData& key_data, |
| 42 const blink::WebCryptoAlgorithm& algorithm, | 41 const blink::WebCryptoAlgorithm& algorithm, |
| 43 bool extractable, | 42 bool extractable, |
| 44 blink::WebCryptoKeyUsageMask usages, | 43 blink::WebCryptoKeyUsageMask usages, |
| 45 blink::WebCryptoKey* key) const override { | 44 blink::WebCryptoKey* key) const override { |
| 46 return CreateWebCryptoSecretKey( | 45 // FIXME: Empty password would derive random keys with PKCS5_PBKDF2_HMAC(). |
| 47 key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams( | 46 // Rejecting them until it is addressed in BoringSSL. |
| 48 blink::WebCryptoAlgorithmIdHkdf), | 47 if (key_data.is_empty()) |
| 49 extractable, usages, key); | 48 return Status::ErrorPbkdf2EmptyPassword(); |
|
eroman
2015/01/16 05:10:28
Actually I had envisioned this being part of deriv
xun.sun
2015/01/16 05:44:07
Done.
| |
| 49 | |
| 50 const blink::WebCryptoKeyAlgorithm key_algorithm = | |
| 51 blink::WebCryptoKeyAlgorithm::createWithoutParams( | |
| 52 blink::WebCryptoAlgorithmIdPbkdf2); | |
| 53 | |
| 54 return CreateWebCryptoSecretKey(key_data, key_algorithm, extractable, | |
| 55 usages, key); | |
| 50 } | 56 } |
| 51 | 57 |
| 52 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, | 58 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, |
| 53 const blink::WebCryptoKey& base_key, | 59 const blink::WebCryptoKey& base_key, |
| 54 bool has_optional_length_bits, | 60 bool has_optional_length_bits, |
| 55 unsigned int optional_length_bits, | 61 unsigned int optional_length_bits, |
| 56 std::vector<uint8_t>* derived_bytes) const override { | 62 std::vector<uint8_t>* derived_bytes) const override { |
| 57 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); | 63 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
| 64 | |
| 58 if (!has_optional_length_bits) | 65 if (!has_optional_length_bits) |
| 59 return Status::ErrorHkdfDeriveBitsLengthNotSpecified(); | 66 return Status::ErrorPbkdf2DeriveBitsLengthNotSpecified(); |
| 60 | 67 |
| 61 const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams(); | 68 if (optional_length_bits % 8) |
| 69 return Status::ErrorPbkdf2InvalidLength(); | |
| 62 | 70 |
| 63 const EVP_MD* digest_algorithm = GetDigest(params->hash().id()); | 71 const blink::WebCryptoPbkdf2Params* params = algorithm.pbkdf2Params(); |
| 72 | |
| 73 const blink::WebCryptoAlgorithm& hash = params->hash(); | |
| 74 const EVP_MD* digest_algorithm = GetDigest(hash.id()); | |
| 64 if (!digest_algorithm) | 75 if (!digest_algorithm) |
| 65 return Status::ErrorUnsupported(); | 76 return Status::ErrorUnsupported(); |
| 66 | 77 |
| 67 // Size output to fit length | 78 unsigned int keylen_bytes = optional_length_bits / 8; |
| 68 unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits); | 79 derived_bytes->resize(keylen_bytes); |
| 69 derived_bytes->resize(derived_bytes_len); | |
| 70 | 80 |
| 71 // Algorithm dispatch checks that the algorithm in |base_key| matches | 81 const std::vector<uint8_t>& password = |
| 72 // |algorithm|. | |
| 73 const std::vector<uint8_t>& raw_key = | |
| 74 SymKeyOpenSsl::Cast(base_key)->raw_key_data(); | 82 SymKeyOpenSsl::Cast(base_key)->raw_key_data(); |
| 75 const uint8_t* raw_key_ptr = raw_key.empty() ? NULL : &raw_key.front(); | 83 |
| 76 uint8_t* derived_bytes_ptr = | 84 // Prevent underflowing password.size() - BoringSSL expects the size as an |
| 77 derived_bytes->empty() ? NULL : &derived_bytes->front(); | 85 // signed int, and will interpret the data as a C-String if it is -1. |
| 78 if (!HKDF(derived_bytes_ptr, derived_bytes_len, digest_algorithm, | 86 base::CheckedNumeric<int> password_size = password.size(); |
| 79 raw_key_ptr, raw_key.size(), params->salt().data(), | 87 if (!password_size.IsValid()) |
| 80 params->salt().size(), params->info().data(), | 88 return Status::ErrorDataTooLarge(); |
| 81 params->info().size())) { | 89 |
| 82 uint32_t error = ERR_get_error(); | 90 if (!PKCS5_PBKDF2_HMAC(reinterpret_cast<const char*>(password.data()), |
| 83 if (ERR_GET_LIB(error) == ERR_LIB_HKDF && | 91 password_size.ValueOrDie(), params->salt().data(), |
| 84 ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) { | 92 params->salt().size(), params->iterations(), |
| 85 return Status::ErrorHkdfLengthTooLong(); | 93 digest_algorithm, keylen_bytes, |
| 86 } | 94 derived_bytes->data())) |
| 87 return Status::OperationError(); | 95 return Status::OperationError(); |
| 88 } | |
| 89 | |
| 90 TruncateToBitLength(optional_length_bits, derived_bytes); | |
| 91 return Status::Success(); | 96 return Status::Success(); |
| 92 } | 97 } |
| 93 | 98 |
| 94 Status SerializeKeyForClone( | 99 Status SerializeKeyForClone( |
| 95 const blink::WebCryptoKey& key, | 100 const blink::WebCryptoKey& key, |
| 96 blink::WebVector<uint8_t>* key_data) const override { | 101 blink::WebVector<uint8_t>* key_data) const override { |
| 97 key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); | 102 key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); |
| 98 return Status::Success(); | 103 return Status::Success(); |
| 99 } | 104 } |
| 100 | 105 |
| (...skipping 10 matching lines...) Expand all Loading... | |
| 111 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm, | 116 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm, |
| 112 bool* has_length_bits, | 117 bool* has_length_bits, |
| 113 unsigned int* length_bits) const override { | 118 unsigned int* length_bits) const override { |
| 114 *has_length_bits = false; | 119 *has_length_bits = false; |
| 115 return Status::Success(); | 120 return Status::Success(); |
| 116 } | 121 } |
| 117 }; | 122 }; |
| 118 | 123 |
| 119 } // namespace | 124 } // namespace |
| 120 | 125 |
| 121 AlgorithmImplementation* CreatePlatformHkdfImplementation() { | 126 AlgorithmImplementation* CreatePlatformPbkdf2Implementation() { |
| 122 return new HkdfImplementation; | 127 return new Pbkdf2Implementation; |
| 123 } | 128 } |
| 124 | 129 |
| 125 } // namespace webcrypto | 130 } // namespace webcrypto |
| 126 | 131 |
| 127 } // namespace content | 132 } // namespace content |
| OLD | NEW |