content/child/webcrypto/openssl/hkdf_openssl.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <openssl/err.h>
   6 #include <openssl/hkdf.h>
   7
   8 #include "base/logging.h"
   9 #include "base/stl_util.h"
  10 #include "content/child/webcrypto/algorithm_implementation.h"
  11 #include "content/child/webcrypto/crypto_data.h"
  12 #include "content/child/webcrypto/openssl/key_openssl.h"
  13 #include "content/child/webcrypto/openssl/util_openssl.h"
  14 #include "content/child/webcrypto/status.h"
  15 #include "content/child/webcrypto/webcrypto_util.h"
  16 #include "crypto/openssl_util.h"
  17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
  18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  19
  20 namespace content {
  21
  22 namespace webcrypto {
  23
  24 namespace {
  25
  26 const blink::WebCryptoKeyUsageMask kValidUsages =
  27     blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits;
  28
  29 class HkdfImplementation : public AlgorithmImplementation {
  30  public:
  31   HkdfImplementation() {}
  32
  33   Status VerifyKeyUsagesBeforeImportKey(
  34       blink::WebCryptoKeyFormat format,
  35       blink::WebCryptoKeyUsageMask usages) const override {
  36     if (format != blink::WebCryptoKeyFormatRaw)
  37       return Status::ErrorUnsupportedImportKeyFormat();
  38     return CheckKeyCreationUsages(kValidUsages, usages, false);
  39   }
  40
  41   Status ImportKeyRaw(const CryptoData& key_data,
  42                       const blink::WebCryptoAlgorithm& algorithm,
  43                       bool extractable,
  44                       blink::WebCryptoKeyUsageMask usages,
  45                       blink::WebCryptoKey* key) const override {
  46     return CreateWebCryptoSecretKey(
  47         key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams(
  48                       blink::WebCryptoAlgorithmIdHkdf),
  49         extractable, usages, key);
  50   }
  51
  52   Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
  53                     const blink::WebCryptoKey& base_key,
  54                     bool has_optional_length_bits,
  55                     unsigned int optional_length_bits,
  56                     std::vector<uint8_t>* derived_bytes) const override {
  57     crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
  58     if (!has_optional_length_bits)
  59       return Status::ErrorHkdfDeriveBitsLengthNotSpecified();
  60
  61     const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams();
  62
  63     const EVP_MD* digest_algorithm = GetDigest(params->hash().id());
  64     if (!digest_algorithm)
  65       return Status::ErrorUnsupported();
  66
  67     // Size output to fit length
  68     unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits);
  69     derived_bytes->resize(derived_bytes_len);
  70
  71     // Algorithm dispatch checks that the algorithm in |base_key| matches
  72     // |algorithm|.
  73     const std::vector<uint8_t>& raw_key =
  74         SymKeyOpenSsl::Cast(base_key)->raw_key_data();
  75     const uint8_t* raw_key_ptr = raw_key.empty() ? NULL : &raw_key.front();
  76     uint8_t* derived_bytes_ptr =
  77         derived_bytes->empty() ? NULL : &derived_bytes->front();
  78     if (!HKDF(derived_bytes_ptr, derived_bytes_len, digest_algorithm,
  79               raw_key_ptr, raw_key.size(), params->salt().data(),
  80               params->salt().size(), params->info().data(),
  81               params->info().size())) {
  82       uint32_t error = ERR_get_error();
  83       if (ERR_GET_LIB(error) == ERR_LIB_HKDF &&
  84           ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) {
  85         return Status::ErrorHkdfLengthTooLong();
  86       }
  87       return Status::OperationError();
  88     }
  89
  90     TruncateToBitLength(optional_length_bits, derived_bytes);
  91     return Status::Success();
  92   }
  93
  94   Status SerializeKeyForClone(
  95       const blink::WebCryptoKey& key,
  96       blink::WebVector<uint8_t>* key_data) const override {
  97     key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
  98     return Status::Success();
  99   }
 100
 101   Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
 102                                 blink::WebCryptoKeyType type,
 103                                 bool extractable,
 104                                 blink::WebCryptoKeyUsageMask usages,
 105                                 const CryptoData& key_data,
 106                                 blink::WebCryptoKey* key) const override {
 107     return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
 108                                     key);
 109   }
 110
 111   Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
 112                       bool* has_length_bits,
 113                       unsigned int* length_bits) const override {
 114     *has_length_bits = false;
 115     return Status::Success();
 116   }
 117 };
 118
 119 }  // namespace
 120
 121 AlgorithmImplementation* CreatePlatformHkdfImplementation() {
 122   return new HkdfImplementation;
 123 }
 124
 125 }  // namespace webcrypto
 126
 127 }  // namespace content