content/child/webcrypto/openssl/pbkdf2_openssl.cc - Issue 797723006: Implement PBKDF2 (except for generateKey) using BoringSSL

Side by Side Diff: content/child/webcrypto/openssl/pbkdf2_openssl.cc

Issue 797723006: Implement PBKDF2 (except for generateKey) using BoringSSL (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@pbkdf2

Patch Set: Use PKCS5_PBKDF2_HMAC() from BoringSSL Created 5 years, 11 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch

OLD	NEW
(Empty)
	1 // Copyright 2015 The Chromium Authors. All rights reserved.

	2 // Use of this source code is governed by a BSD-style license that can be

	3 // found in the LICENSE file.

	4

	5 #include "base/logging.h"

	6 #include "base/numerics/safe_math.h"

	7 #include "base/stl_util.h"

	8 #include "content/child/webcrypto/algorithm_implementation.h"

	9 #include "content/child/webcrypto/crypto_data.h"

	10 #include "content/child/webcrypto/jwk.h"

	11 #include "content/child/webcrypto/openssl/key_openssl.h"

	12 #include "content/child/webcrypto/openssl/util_openssl.h"

	13 #include "content/child/webcrypto/status.h"

	14 #include "content/child/webcrypto/webcrypto_util.h"

	15 #include "crypto/openssl_util.h"

	16 #include "crypto/secure_util.h"

	17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"

	18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"

	19

	20 namespace content {

	21

	22 namespace webcrypto {

	23

	24 namespace {

	25

	26 const blink::WebCryptoKeyUsageMask kAllKeyUsages =

	27 blink::WebCryptoKeyUsageDeriveKey \| blink::WebCryptoKeyUsageDeriveBits;

	28 class Pbkdf2Implementation : public AlgorithmImplementation {
	eroman 2015/01/09 02:26:21 style: Add a newline before class definition style: Add a newline before class definition xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > style: Add a newline before class definition Done.
	29 public:

	30 Pbkdf2Implementation() {}

	31

	32 Status GenerateKey(const blink::WebCryptoAlgorithm& algorithm,

	33 bool extractable,

	34 blink::WebCryptoKeyUsageMask usages,

	35 GenerateKeyResult* result) const override {

	36 return Status::ErrorUnsupported();

	37 }

	38

	39 Status VerifyKeyUsagesBeforeImportKey(

	40 blink::WebCryptoKeyFormat format,

	41 blink::WebCryptoKeyUsageMask usages) const override {

	42 switch (format) {

	43 case blink::WebCryptoKeyFormatRaw:

	44 return CheckKeyCreationUsages(kAllKeyUsages, usages, false);

	45 default:

	46 return Status::ErrorUnsupportedImportKeyFormat();

	47 }

	48 }

	49

	50 Status ImportKeyRaw(const CryptoData& key_data,

	51 const blink::WebCryptoAlgorithm& algorithm,

	52 bool extractable,

	53 blink::WebCryptoKeyUsageMask usages,

	54 blink::WebCryptoKey* key) const override {

	55 const blink::WebCryptoKeyAlgorithm key_algorithm =

	56 blink::WebCryptoKeyAlgorithm::createPbkdf2(algorithm.id());

	57

	58 return CreateWebCryptoSecretKey(key_data, key_algorithm, extractable,

	59 usages, key);

	60 }

	61

	62 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,

	63 const blink::WebCryptoKey& base_key,

	64 bool has_optional_length_bits,

	65 unsigned int optional_length_bits,

	66 std::vector<uint8_t>* derived_bytes) const override {

	67 if (!has_optional_length_bits \|\| optional_length_bits % 8)

	68 return Status::ErrorPbkdf2InvalidLength();

	69

	70 const blink::WebCryptoPbkdf2Params* params = algorithm.pbkdf2Params();

	71 const blink::WebVector<unsigned char>& salt = params->salt();

	72 const unsigned long iterations = params->iterations();
	eroman 2015/01/09 02:26:21 This should be an unsigned int, will comment on bl This should be an unsigned int, will comment on blink side changelist. That said, it isn't necessary to create an alias to params->iterations(). I think this code is more readable if the call to PKCS_PBKDF2_HMAC() just calls params->iterations() directly. Same for params->salt() and hash. xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > This should be an unsigned int, will comment on blink side changelist. > > That said, it isn't necessary to create an alias to params->iterations(). I > think this code is more readable if the call to PKCS_PBKDF2_HMAC() just calls > params->iterations() directly. Same for params->salt() and hash. Done.
	73 const blink::WebCryptoAlgorithm& hash = params->hash();

	74

	75 const EVP_MD* digest_algorithm = GetDigest(hash.id());

	76 if (!digest_algorithm)

	77 return Status::ErrorUnsupported();

	78

	79 unsigned int dkLen = optional_length_bits / 8;
	eroman 2015/01/09 02:26:21 (1) dkLen is not chromium style naming. (20 dk_len (1) dkLen is not chromium style naming. (20 dk_len is not a descriptive variable name. length_bytes or keylen_bytes would be more consistent with function parameters. xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > (1) dkLen is not chromium style naming. > (20 dk_len is not a descriptive variable name. length_bytes or keylen_bytes > would be more consistent with function parameters. Done.
	80 unsigned int hLen = EVP_MD_size(digest_algorithm);
	eroman 2015/01/09 02:26:21 style naming throughout here. style naming throughout here. xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > style naming throughout here. Done.
	81

	82 unsigned long maxLength = ((1L << 32) - 1) * hLen;
	eroman 2015/01/09 02:26:21 This doesn't make sense, what is it trying to enfo This doesn't make sense, what is it trying to enforce? dkLen should be 32-bit unsigned quantity (of bytes, which was given as a 32-bit quantity of bits). The only way to hit the operationerror below is if hlen=0 which also doesn't make sense. xun.sun 2015/01/09 16:08:41 Section 5.2 in https://www.ietf.org/rfc/rfc2898.tx Show quoted text On 2015/01/09 02:26:21, eroman wrote: > This doesn't make sense, what is it trying to enforce? > > dkLen should be 32-bit unsigned quantity (of bytes, which was given as a 32-bit > quantity of bits). > > The only way to hit the operationerror below is if hlen=0 which also doesn't > make sense. Section 5.2 in https://www.ietf.org/rfc/rfc2898.txt. But I agree this is moot since dkLen is 32-bit. So this check is removed.
	83 if (dkLen > maxLength)

	84 return Status::OperationError();

	85

	86 derived_bytes->resize(dkLen);

	87

	88 const std::vector<uint8_t>& password =

	89 SymKeyOpenSsl::Cast(base_key)->raw_key_data();

	90

	91 int result = PKCS5_PBKDF2_HMAC(

	92 (const char*)password.data(), password.size(), salt.data(), salt.size(),
	eroman 2015/01/09 02:26:21 (1) use C++ style casts, like static_cast<const ch (1) use C++ style casts, like static_cast<const char> or reinterpret_cast<const char> (2) There needs to be a test to prevent underflowing password.size(). password.size() is an unsigned quantity, however the crypto library expects a signed value. If it were to get -1 it will do something very very bad (treat the input as a null-terminated C-string, which it is not). Use base::CheckedNumeric<> to test first. xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > (1) use C++ style casts, like static_cast<const char> or reinterpret_cast<const > char> > > (2) There needs to be a test to prevent underflowing password.size(). > > password.size() is an unsigned quantity, however the crypto library expects a > signed value. If it were to get -1 it will do something very very bad (treat the > input as a null-terminated C-string, which it is not). > > Use base::CheckedNumeric<> to test first. > Done.
	93 iterations, digest_algorithm, dkLen, derived_bytes->data());

	94 if (result == 1)

	95 return Status::Success();

	96 else
	eroman 2015/01/09 02:26:21 nit: we omit "else" clauses when the "if" above re nit: we omit "else" clauses when the "if" above returns, so delete this. Or alternately: return result == 1 ? Status::Succes() : Status::OperationError(); xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > nit: we omit "else" clauses when the "if" above returns, so delete this. > > Or alternately: > > return result == 1 ? Status::Succes() : Status::OperationError(); Done.
	97 return Status::OperationError();

	98 }
	eroman 2015/01/09 02:26:21 The Serialize methods are needed here as well, sin The Serialize methods are needed here as well, since the KDFs support structured cloning. See the comments I left for Nick's change, which is implementing a very similar algorithm (https://codereview.chromium.org/803173010/) xun.sun 2015/01/09 16:08:41 Done. Show quoted text On 2015/01/09 02:26:21, eroman wrote: > The Serialize methods are needed here as well, since the KDFs support structured > cloning. > > See the comments I left for Nick's change, which is implementing a very similar > algorithm (https://codereview.chromium.org/803173010/) Done.
	99 };

	100

	101 } // namespace

	102

	103 AlgorithmImplementation* CreatePlatformPbkdf2Implementation() {

	104 return new Pbkdf2Implementation;

	105 }

	106

	107 } // namespace webcrypto

	108

	109 } // namespace content

OLD	NEW

« content/child/webcrypto/nss/util_nss.cc ('K') | « content/child/webcrypto/nss/util_nss.cc ('k') | content/child/webcrypto/platform_crypto.h » ('j') | no next file with comments »