Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(19)

Issue 803173010: Implement HKDF for webcrypto (Closed)

Created:
6 years ago by nharper
Modified:
5 years, 11 months ago
Reviewers:
eroman, davidben
CC:
davidben, chromium-reviews, darin-cc_chromium.org, jam
Base URL:
https://chromium.googlesource.com/chromium/src.git@master
Target Ref:
refs/pending/heads/master
Project:
chromium
Visibility:
Public.

Description

Implement HKDF for webcrypto The webcrypto spec doesn't currently define HKDF as is implemented in this CL (https://dvcs.w3.org/hg/webcrypto-api/raw-file/tip/spec/Overview.html#hkdf-ctr is incorrect, as it refers to HKDF by name but has SP800-108 as the implementation). The HKDF implemented in this CL is the one from RFC 5869. The rest of the implementation tries to match the webcrypto spec as closely as possible (in terms of operations supported, parameters, which errors to throw under what circumstances), with the following notable change: The HkdfCtrParams dictionary is changed to have required BufferSources info and salt instead of label and context. Layout tests for this change are in https://codereview.chromium.org/822083003/. BUG=399095 Committed: https://crrev.com/6510317950146a4af1df4bac9bf4c52212b92766 Cr-Commit-Position: refs/heads/master@{#311291}

Patch Set 1 #

Total comments: 20

Patch Set 2 : #

Total comments: 19

Patch Set 3 : #

Total comments: 11

Patch Set 4 : #

Total comments: 6

Patch Set 5 : implement GetKeyLength #

Patch Set 6 : fix variable names #

Patch Set 7 : be consistent in using front() instead of [0] #

Patch Set 8 : blink::WebCryptoKeyAlgorithm::createKdf() is now createWithoutParams() #

Total comments: 7

Patch Set 9 : add curlies and OpenSSLErrStackTracer #

Unified diffs Side-by-side diffs Delta from patch set Stats (+159 lines, -2 lines) Patch
M content/child/webcrypto/algorithm_registry.cc View 3 chunks +5 lines, -1 line 0 comments Download
M content/child/webcrypto/nss/util_nss.cc View 1 2 3 1 chunk +5 lines, -0 lines 0 comments Download
A content/child/webcrypto/openssl/hkdf_openssl.cc View 1 2 3 4 5 6 7 8 1 chunk +127 lines, -0 lines 0 comments Download
M content/child/webcrypto/openssl/sha_openssl.cc View 1 2 1 chunk +1 line, -1 line 0 comments Download
M content/child/webcrypto/platform_crypto.h View 1 chunk +1 line, -0 lines 0 comments Download
M content/child/webcrypto/status.h View 1 2 1 chunk +6 lines, -0 lines 0 comments Download
M content/child/webcrypto/status.cc View 1 2 3 1 chunk +13 lines, -0 lines 0 comments Download
M content/content_child.gypi View 1 1 chunk +1 line, -0 lines 0 comments Download

Messages

Total messages: 23 (3 generated)
nharper
This is dependent on https://codereview.chromium.org/809913003/
6 years ago (2014-12-23 22:49:29 UTC) #2
eroman
https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode8 content/child/webcrypto/openssl/hkdf_openssl.cc:8: // TODO: figure out which headers belong here and ...
6 years ago (2014-12-23 23:13:36 UTC) #3
nharper
https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode8 content/child/webcrypto/openssl/hkdf_openssl.cc:8: // TODO: figure out which headers belong here and ...
5 years, 11 months ago (2015-01-06 22:53:42 UTC) #4
eroman
In the description please provide more details on what this is implementing. Ideally link to ...
5 years, 11 months ago (2015-01-07 00:23:43 UTC) #5
eroman
https://codereview.chromium.org/803173010/diff/20001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/20001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode92 content/child/webcrypto/openssl/hkdf_openssl.cc:92: } Also, the HKDF spec is woefully underwritten. However ...
5 years, 11 months ago (2015-01-07 01:00:59 UTC) #6
nharper
https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/1/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode74 content/child/webcrypto/openssl/hkdf_openssl.cc:74: GetDigest(algorithm.hkdfParams()->hash().id()); On 2015/01/07 00:23:42, eroman wrote: > On 2015/01/06 ...
5 years, 11 months ago (2015-01-08 01:31:24 UTC) #7
eroman
https://codereview.chromium.org/803173010/diff/20001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/20001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode1 content/child/webcrypto/openssl/hkdf_openssl.cc:1: // Copyright 2014 The Chromium Authors. All rights reserved. ...
5 years, 11 months ago (2015-01-08 02:39:43 UTC) #8
nharper
https://codereview.chromium.org/803173010/diff/40001/content/child/webcrypto/nss/util_nss.cc File content/child/webcrypto/nss/util_nss.cc (right): https://codereview.chromium.org/803173010/diff/40001/content/child/webcrypto/nss/util_nss.cc#newcode105 content/child/webcrypto/nss/util_nss.cc:105: // HKDF is only being imlemented for boringssl. On ...
5 years, 11 months ago (2015-01-09 18:35:55 UTC) #9
eroman
https://codereview.chromium.org/803173010/diff/40001/content/child/webcrypto/status.cc File content/child/webcrypto/status.cc (right): https://codereview.chromium.org/803173010/diff/40001/content/child/webcrypto/status.cc#newcode342 content/child/webcrypto/status.cc:342: "Length must be specified for deriveBits."); On 2015/01/09 18:35:55, ...
5 years, 11 months ago (2015-01-09 19:31:53 UTC) #10
nharper
https://codereview.chromium.org/803173010/diff/60001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/60001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode73 content/child/webcrypto/openssl/hkdf_openssl.cc:73: const uint8_t* raw_key_p = raw_key.empty() ? NULL : &raw_key[0]; ...
5 years, 11 months ago (2015-01-09 21:10:25 UTC) #11
nharper
Updated to match the change in https://codereview.chromium.org/789733009/
5 years, 11 months ago (2015-01-09 21:22:39 UTC) #12
eroman
LGTM. In the description please link to the LayoutTests changelist. Since a CL without tests ...
5 years, 11 months ago (2015-01-09 21:58:07 UTC) #13
eroman
https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode76 content/child/webcrypto/openssl/hkdf_openssl.cc:76: if (!HKDF(derived_bytes_ptr, derived_bytes_len, digest_algorithm, @davidben: Could you review the ...
5 years, 11 months ago (2015-01-09 21:59:23 UTC) #14
nharper
https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode47 content/child/webcrypto/openssl/hkdf_openssl.cc:47: blink::WebCryptoAlgorithmIdHkdf), On 2015/01/09 21:58:07, eroman wrote: > did you ...
5 years, 11 months ago (2015-01-09 22:45:58 UTC) #15
davidben
content/child/webcrypto/openssl/hkdf_openssl.cc lgtm with two comments. https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode55 content/child/webcrypto/openssl/hkdf_openssl.cc:55: std::vector<uint8_t>* derived_bytes) const override ...
5 years, 11 months ago (2015-01-09 22:54:47 UTC) #17
nharper
https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc File content/child/webcrypto/openssl/hkdf_openssl.cc (right): https://codereview.chromium.org/803173010/diff/140001/content/child/webcrypto/openssl/hkdf_openssl.cc#newcode55 content/child/webcrypto/openssl/hkdf_openssl.cc:55: std::vector<uint8_t>* derived_bytes) const override { On 2015/01/09 22:54:46, David ...
5 years, 11 months ago (2015-01-09 23:07:16 UTC) #18
eroman
lgtm
5 years, 11 months ago (2015-01-12 22:06:15 UTC) #19
commit-bot: I haz the power
CQ is trying da patch. Follow status at https://chromium-cq-status.appspot.com/patch-status/803173010/160001
5 years, 11 months ago (2015-01-13 17:01:35 UTC) #21
commit-bot: I haz the power
Committed patchset #9 (id:160001)
5 years, 11 months ago (2015-01-13 18:11:12 UTC) #22
commit-bot: I haz the power
5 years, 11 months ago (2015-01-13 18:12:26 UTC) #23
Message was sent while issue was closed.
Patchset 9 (id:??) landed as
https://crrev.com/6510317950146a4af1df4bac9bf4c52212b92766
Cr-Commit-Position: refs/heads/master@{#311291}

Powered by Google App Engine
This is Rietveld 408576698