Chromium Code Reviews| OLD | NEW |
|---|---|
| (Empty) | |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/err.h> | |
| 6 #include <openssl/hkdf.h> | |
| 7 | |
| 8 #include "base/logging.h" | |
| 9 #include "base/stl_util.h" | |
| 10 #include "content/child/webcrypto/algorithm_implementation.h" | |
| 11 #include "content/child/webcrypto/crypto_data.h" | |
| 12 #include "content/child/webcrypto/openssl/key_openssl.h" | |
| 13 #include "content/child/webcrypto/openssl/util_openssl.h" | |
| 14 #include "content/child/webcrypto/status.h" | |
| 15 #include "content/child/webcrypto/webcrypto_util.h" | |
| 16 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h" | |
| 17 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h" | |
| 18 | |
| 19 namespace content { | |
| 20 | |
| 21 namespace webcrypto { | |
| 22 | |
| 23 namespace { | |
| 24 | |
| 25 const blink::WebCryptoKeyUsageMask kValidUsages = | |
| 26 blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits; | |
| 27 | |
| 28 class HkdfImplementation : public AlgorithmImplementation { | |
| 29 public: | |
| 30 HkdfImplementation() {} | |
| 31 | |
| 32 Status VerifyKeyUsagesBeforeImportKey( | |
| 33 blink::WebCryptoKeyFormat format, | |
| 34 blink::WebCryptoKeyUsageMask usages) const override { | |
| 35 if (format != blink::WebCryptoKeyFormatRaw) | |
| 36 return Status::ErrorUnsupportedImportKeyFormat(); | |
| 37 return CheckKeyCreationUsages(kValidUsages, usages, false); | |
| 38 } | |
| 39 | |
| 40 Status ImportKeyRaw(const CryptoData& key_data, | |
| 41 const blink::WebCryptoAlgorithm& algorithm, | |
| 42 bool extractable, | |
| 43 blink::WebCryptoKeyUsageMask usages, | |
| 44 blink::WebCryptoKey* key) const override { | |
| 45 return CreateWebCryptoSecretKey(key_data, | |
| 46 blink::WebCryptoKeyAlgorithm::createKdf( | |
| 47 blink::WebCryptoAlgorithmIdHkdf), | |
| 48 extractable, usages, key); | |
| 49 } | |
| 50 | |
| 51 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm, | |
| 52 const blink::WebCryptoKey& base_key, | |
| 53 bool has_optional_length_bits, | |
| 54 unsigned int optional_length_bits, | |
| 55 std::vector<uint8_t>* derived_bytes) const override { | |
| 56 if (!has_optional_length_bits) | |
| 57 return Status::ErrorHkdfDeriveBitsLengthNotSpecified(); | |
| 58 | |
| 59 const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams(); | |
| 60 | |
| 61 const EVP_MD* digest_algorithm = GetDigest(params->hash().id()); | |
| 62 if (!digest_algorithm) | |
| 63 return Status::ErrorUnsupported(); | |
| 64 | |
| 65 // Size output to fit length | |
| 66 unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits); | |
| 67 derived_bytes->resize(derived_bytes_len); | |
| 68 | |
| 69 // Algorithm dispatch checks that the algorithm in |base_key| matches | |
| 70 // |algorithm|. | |
| 71 const std::vector<uint8_t>& raw_key = | |
| 72 SymKeyOpenSsl::Cast(base_key)->raw_key_data(); | |
| 73 const uint8_t* raw_key_p = raw_key.empty() ? NULL : &raw_key[0]; | |
|
eroman
2015/01/09 19:31:53
I don't like "_p".
I would prefer "_ptr" if you st
nharper
2015/01/09 21:10:25
Done.
| |
| 74 uint8_t* derived_bytes_p = | |
| 75 derived_bytes->empty() ? NULL : &(*derived_bytes)[0]; | |
|
eroman
2015/01/09 19:31:53
optional: &derive_bytes->front() may be easier to
nharper
2015/01/09 21:10:25
I thought that there was some reason why ->front()
| |
| 76 if (!HKDF(derived_bytes_p, derived_bytes_len, digest_algorithm, raw_key_p, | |
| 77 raw_key.size(), params->salt().data(), params->salt().size(), | |
| 78 params->info().data(), params->info().size())) { | |
| 79 uint32_t error = ERR_get_error(); | |
| 80 if (ERR_GET_LIB(error) == ERR_LIB_HKDF && | |
| 81 ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) | |
| 82 return Status::ErrorHkdfLengthTooLong(); | |
| 83 return Status::OperationError(); | |
| 84 } | |
| 85 | |
| 86 TruncateToBitLength(optional_length_bits, derived_bytes); | |
| 87 return Status::Success(); | |
| 88 } | |
| 89 | |
| 90 Status SerializeKeyForClone( | |
| 91 const blink::WebCryptoKey& key, | |
| 92 blink::WebVector<uint8_t>* key_data) const override { | |
| 93 key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data()); | |
| 94 return Status::Success(); | |
| 95 } | |
| 96 | |
| 97 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm, | |
| 98 blink::WebCryptoKeyType type, | |
| 99 bool extractable, | |
| 100 blink::WebCryptoKeyUsageMask usages, | |
| 101 const CryptoData& key_data, | |
| 102 blink::WebCryptoKey* key) const override { | |
| 103 return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages, | |
| 104 key); | |
| 105 } | |
|
eroman
2015/01/09 19:31:53
You are missing the implementing of get key length
nharper
2015/01/09 21:10:25
Done.
| |
| 106 }; | |
| 107 | |
| 108 } // namespace | |
| 109 | |
| 110 AlgorithmImplementation* CreatePlatformHkdfImplementation() { | |
| 111 return new HkdfImplementation; | |
| 112 } | |
| 113 | |
| 114 } // namespace webcrypto | |
| 115 | |
| 116 } // namespace content | |
| OLD | NEW |