Index: content/child/webcrypto/openssl/pbkdf2_openssl.cc |
diff --git a/content/child/webcrypto/openssl/hkdf_openssl.cc b/content/child/webcrypto/openssl/pbkdf2_openssl.cc |
similarity index 56% |
copy from content/child/webcrypto/openssl/hkdf_openssl.cc |
copy to content/child/webcrypto/openssl/pbkdf2_openssl.cc |
index 7a33b96e892accc351a501e165b9c1b4100ce544..e25d96cb4d2a54be7e16802f10dbb93d46244537 100644 |
--- a/content/child/webcrypto/openssl/hkdf_openssl.cc |
+++ b/content/child/webcrypto/openssl/pbkdf2_openssl.cc |
@@ -2,11 +2,7 @@ |
// Use of this source code is governed by a BSD-style license that can be |
// found in the LICENSE file. |
-#include <openssl/err.h> |
-#include <openssl/hkdf.h> |
- |
-#include "base/logging.h" |
-#include "base/stl_util.h" |
+#include "base/numerics/safe_math.h" |
#include "content/child/webcrypto/algorithm_implementation.h" |
#include "content/child/webcrypto/crypto_data.h" |
#include "content/child/webcrypto/openssl/key_openssl.h" |
@@ -23,19 +19,22 @@ namespace webcrypto { |
namespace { |
-const blink::WebCryptoKeyUsageMask kValidUsages = |
+const blink::WebCryptoKeyUsageMask kAllKeyUsages = |
blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits; |
-class HkdfImplementation : public AlgorithmImplementation { |
+class Pbkdf2Implementation : public AlgorithmImplementation { |
public: |
- HkdfImplementation() {} |
+ Pbkdf2Implementation() {} |
Status VerifyKeyUsagesBeforeImportKey( |
blink::WebCryptoKeyFormat format, |
blink::WebCryptoKeyUsageMask usages) const override { |
- if (format != blink::WebCryptoKeyFormatRaw) |
- return Status::ErrorUnsupportedImportKeyFormat(); |
- return CheckKeyCreationUsages(kValidUsages, usages, false); |
+ switch (format) { |
+ case blink::WebCryptoKeyFormatRaw: |
+ return CheckKeyCreationUsages(kAllKeyUsages, usages, false); |
+ default: |
+ return Status::ErrorUnsupportedImportKeyFormat(); |
+ } |
} |
Status ImportKeyRaw(const CryptoData& key_data, |
@@ -43,10 +42,12 @@ class HkdfImplementation : public AlgorithmImplementation { |
bool extractable, |
blink::WebCryptoKeyUsageMask usages, |
blink::WebCryptoKey* key) const override { |
- return CreateWebCryptoSecretKey( |
- key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams( |
- blink::WebCryptoAlgorithmIdHkdf), |
- extractable, usages, key); |
+ const blink::WebCryptoKeyAlgorithm key_algorithm = |
+ blink::WebCryptoKeyAlgorithm::createWithoutParams( |
+ blink::WebCryptoAlgorithmIdPbkdf2); |
+ |
+ return CreateWebCryptoSecretKey(key_data, key_algorithm, extractable, |
+ usages, key); |
} |
Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, |
@@ -55,39 +56,51 @@ class HkdfImplementation : public AlgorithmImplementation { |
unsigned int optional_length_bits, |
std::vector<uint8_t>* derived_bytes) const override { |
crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE); |
+ |
if (!has_optional_length_bits) |
- return Status::ErrorHkdfDeriveBitsLengthNotSpecified(); |
+ return Status::ErrorPbkdf2DeriveBitsLengthNotSpecified(); |
- const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams(); |
+ if (optional_length_bits % 8) |
+ return Status::ErrorPbkdf2InvalidLength(); |
- const EVP_MD* digest_algorithm = GetDigest(params->hash().id()); |
+ const blink::WebCryptoPbkdf2Params* params = algorithm.pbkdf2Params(); |
+ |
+ const blink::WebCryptoAlgorithm& hash = params->hash(); |
+ const EVP_MD* digest_algorithm = GetDigest(hash.id()); |
if (!digest_algorithm) |
return Status::ErrorUnsupported(); |
- // Size output to fit length |
- unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits); |
- derived_bytes->resize(derived_bytes_len); |
+ unsigned int keylen_bytes = optional_length_bits / 8; |
+ derived_bytes->resize(keylen_bytes); |
- // Algorithm dispatch checks that the algorithm in |base_key| matches |
- // |algorithm|. |
- const std::vector<uint8_t>& raw_key = |
+ const std::vector<uint8_t>& password = |
SymKeyOpenSsl::Cast(base_key)->raw_key_data(); |
- const uint8_t* raw_key_ptr = raw_key.empty() ? NULL : &raw_key.front(); |
- uint8_t* derived_bytes_ptr = |
- derived_bytes->empty() ? NULL : &derived_bytes->front(); |
- if (!HKDF(derived_bytes_ptr, derived_bytes_len, digest_algorithm, |
- raw_key_ptr, raw_key.size(), params->salt().data(), |
- params->salt().size(), params->info().data(), |
- params->info().size())) { |
- uint32_t error = ERR_get_error(); |
- if (ERR_GET_LIB(error) == ERR_LIB_HKDF && |
- ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) { |
- return Status::ErrorHkdfLengthTooLong(); |
- } |
- return Status::OperationError(); |
- } |
- TruncateToBitLength(optional_length_bits, derived_bytes); |
+ // TODO(xun.sun): Empty password would derive random keys with |
+ // PKCS5_PBKDF2_HMAC(). |
+ // https://code.google.com/p/chromium/issues/detail?id=449409 |
+ // |
+ // Rejecting them until it is addressed in BoringSSL. |
+ if (password.empty()) |
+ return Status::ErrorPbkdf2EmptyPassword(); |
+ |
+ // Prevent underflowing password.size() - BoringSSL expects the size as an |
+ // signed int, and will interpret the data as a C-String if it is -1. |
+ base::CheckedNumeric<int> password_size = password.size(); |
+ if (!password_size.IsValid()) |
+ return Status::ErrorDataTooLarge(); |
+ |
+ if (keylen_bytes == 0) |
+ return Status::Success(); |
+ |
+ const char* password_ptr = |
+ password.empty() ? NULL : reinterpret_cast<const char*>(&password[0]); |
+ |
+ if (!PKCS5_PBKDF2_HMAC(password_ptr, password_size.ValueOrDie(), |
+ params->salt().data(), params->salt().size(), |
+ params->iterations(), digest_algorithm, keylen_bytes, |
+ &derived_bytes->front())) |
+ return Status::OperationError(); |
return Status::Success(); |
} |
@@ -118,8 +131,8 @@ class HkdfImplementation : public AlgorithmImplementation { |
} // namespace |
-AlgorithmImplementation* CreatePlatformHkdfImplementation() { |
- return new HkdfImplementation; |
+AlgorithmImplementation* CreatePlatformPbkdf2Implementation() { |
+ return new Pbkdf2Implementation; |
} |
} // namespace webcrypto |