Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2014 The Chromium Authors. All rights reserved. | |
|
eroman
2015/01/07 00:23:42
2015 perhaps?
nharper
2015/01/08 01:31:24
Done. Is there a doc that describes the appropriat
eroman
2015/01/08 02:39:42
Search for File Headers in:
http://www.chromium.or
| |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/err.h> | |
| 6 #include <openssl/hkdf.h> | |
| 7 | |
| 8 #include "base/logging.h" | |
| 9 #include "base/stl_util.h" | |
| 10 #include "content/child/webcrypto/algorithm_implementation.h" | |
| 11 #include "content/child/webcrypto/crypto_data.h" | |
| 12 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 13 #include "content/child/webcrypto/openssl/util_openssl.h" | |
| 14 #include "content/child/webcrypto/status.h" | |
| 15 #include "content/child/webcrypto/webcrypto_util.h" | |
| 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 17 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
| 18 | |
| 19 namespace content { | |
| 20 | |
| 21 namespace webcrypto { | |
| 22 | |
| 23 namespace { | |
| 24 | |
| 25 const blink::WebCryptoKeyUsageMask kValidUsages = | |
| 26 blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits; | |
| 27 | |
| 28 class HkdfImplementation : public AlgorithmImplementation { | |
| 29 public: | |
| 30 HkdfImplementation() {} | |
| 31 | |
| 32 Status VerifyKeyUsagesBeforeImportKey( | |
| 33 blink::WebCryptoKeyFormat format, | |
| 34 blink::WebCryptoKeyUsageMask usages) const override { | |
| 35 if (format != blink::WebCryptoKeyFormatRaw) | |
| 36 return Status::ErrorUnsupportedImportKeyFormat(); | |
| 37 return CheckKeyCreationUsages(kValidUsages, usages, false); | |
| 38 } | |
| 39 | |
| 40 Status ImportKeyRaw(const CryptoData& key_data, | |
| 41 const blink::WebCryptoAlgorithm& algorithm, | |
| 42 bool extractable, | |
| 43 blink::WebCryptoKeyUsageMask usages, | |
| 44 blink::WebCryptoKey* key) const override { | |
| 45 *key = blink::WebCryptoKey::create( | |
|
eroman
2015/01/07 00:23:42
Simplify to:
return CreateWebCryptoSecretKey(...)
nharper
2015/01/08 01:31:24
Done.
| |
| 46 new SymKeyOpenSsl(key_data), blink::WebCryptoKeyTypeSecret, extractable, | |
| 47 blink::WebCryptoKeyAlgorithm::createKdf( | |
| 48 blink::WebCryptoAlgorithmIdHkdf), | |
| 49 usages); | |
| 50 return Status::Success(); | |
| 51 } | |
| 52 | |
| 53 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, | |
| 54 const blink::WebCryptoKey& base_key, | |
| 55 bool has_optional_length_bits, | |
| 56 unsigned int optional_length_bits, | |
| 57 std::vector<uint8_t>* derived_bytes) const override { | |
| 58 // TODO(nharper): The spec might change so that an OperationError should be | |
|
eroman
2015/01/07 00:23:43
Link to the spec bug if you keep this comment.
Th
nharper
2015/01/08 01:31:24
I've moved the comment to the appropriate part of
| |
| 59 // thrown here instead of a TypeError. If it changes, this line will need to | |
| 60 // change as well. | |
| 61 if (!has_optional_length_bits) | |
| 62 return Status::ErrorHkdfDeriveBitsLengthNotSpecified(); | |
| 63 | |
| 64 // "If the hash member of normalizedAlgorithm does not describe a recognized | |
|
eroman
2015/01/07 00:23:42
It is unclear where this quote comes from (the spe
nharper
2015/01/08 01:31:24
Done.
| |
| 65 // algorithm that supports the digest operation, then throw a | |
| 66 // NotSupportedError" | |
| 67 const EVP_MD* digest_algorithm = | |
| 68 GetDigest(algorithm.hkdfParams()->hash().id()); | |
| 69 if (!digest_algorithm) | |
| 70 return Status::ErrorUnsupported(); | |
| 71 | |
| 72 // Size output to fit length | |
| 73 unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits); | |
| 74 derived_bytes->resize(derived_bytes_len); | |
| 75 | |
| 76 // Algorithm dispatch checks that the algorithm in |base_key| matches | |
| 77 // |algorithm|. | |
| 78 const std::vector<uint8_t>* raw_key = | |
|
eroman
2015/01/07 00:23:42
Please use const reference rather than pointers th
nharper
2015/01/08 01:31:24
Done.
| |
| 79 &SymKeyOpenSsl::Cast(base_key)->raw_key_data(); | |
| 80 const blink::WebVector<unsigned char>* salt = | |
|
eroman
2015/01/07 00:23:42
Rather than making these aliases, I think it would
nharper
2015/01/08 01:31:24
Done.
| |
| 81 &algorithm.hkdfParams()->salt(); | |
| 82 const blink::WebVector<unsigned char>* info = | |
| 83 &algorithm.hkdfParams()->info(); | |
| 84 if (!HKDF(derived_bytes->data(), derived_bytes_len, digest_algorithm, | |
|
eroman
2015/01/07 00:23:43
I don't believe we can use std::vector::data(), as
nharper
2015/01/08 01:31:24
I've removed use of std::vector::data(), although
| |
| 85 raw_key->data(), raw_key->size(), salt->data(), salt->size(), | |
| 86 info->data(), info->size())) { | |
| 87 uint32_t error = ERR_get_error(); | |
| 88 if (ERR_GET_LIB(error) == ERR_LIB_HKDF && | |
| 89 ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) | |
| 90 return Status::ErrorHkdfLengthTooLong(); | |
| 91 return Status::OperationError(); | |
| 92 } | |
|
eroman
2015/01/07 01:00:59
Also, the HKDF spec is woefully underwritten. Howe
nharper
2015/01/08 01:31:24
I'm truncating the bits now. I'll add a test for b
| |
| 93 return Status::Success(); | |
| 94 } | |
| 95 | |
| 96 Status SerializeKeyForClone( | |
| 97 const blink::WebCryptoKey& key, | |
| 98 blink::WebVector<uint8_t>* key_data) const override { | |
| 99 key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); | |
| 100 return Status::Success(); | |
| 101 } | |
| 102 | |
| 103 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, | |
| 104 blink::WebCryptoKeyType type, | |
| 105 bool extractable, | |
| 106 blink::WebCryptoKeyUsageMask usages, | |
| 107 const CryptoData& key_data, | |
| 108 blink::WebCryptoKey* key) const override { | |
| 109 return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages, | |
| 110 key); | |
| 111 } | |
| 112 }; | |
| 113 | |
| 114 } // namespace | |
| 115 | |
| 116 AlgorithmImplementation* CreatePlatformHkdfImplementation() { | |
| 117 return new HkdfImplementation; | |
| 118 } | |
| 119 | |
| 120 } // namespace webcrypto | |
| 121 | |
| 122 } // namespace content | |
| OLD | NEW |