1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/err.h>
6 #include <openssl/hkdf.h>
8 #include "base/logging.h"
9 #include "base/stl_util.h"
10 #include "components/webcrypto/algorithm_implementation.h"
11 #include "components/webcrypto/crypto_data.h"
12 #include "components/webcrypto/openssl/key_openssl.h"
13 #include "components/webcrypto/openssl/util_openssl.h"
14 #include "components/webcrypto/status.h"
15 #include "components/webcrypto/webcrypto_util.h"
16 #include "crypto/openssl_util.h"
17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
24 const blink::WebCryptoKeyUsageMask kValidUsages
=
25 blink::WebCryptoKeyUsageDeriveKey
| blink::WebCryptoKeyUsageDeriveBits
;
27 class HkdfImplementation
: public AlgorithmImplementation
{
29 HkdfImplementation() {}
31 Status
VerifyKeyUsagesBeforeImportKey(
32 blink::WebCryptoKeyFormat format
,
33 blink::WebCryptoKeyUsageMask usages
) const override
{
34 if (format
!= blink::WebCryptoKeyFormatRaw
)
35 return Status::ErrorUnsupportedImportKeyFormat();
36 return CheckKeyCreationUsages(kValidUsages
, usages
, false);
39 Status
ImportKeyRaw(const CryptoData
& key_data
,
40 const blink::WebCryptoAlgorithm
& algorithm
,
42 blink::WebCryptoKeyUsageMask usages
,
43 blink::WebCryptoKey
* key
) const override
{
44 return CreateWebCryptoSecretKey(
45 key_data
, blink::WebCryptoKeyAlgorithm::createWithoutParams(
46 blink::WebCryptoAlgorithmIdHkdf
),
47 extractable
, usages
, key
);
50 Status
DeriveBits(const blink::WebCryptoAlgorithm
& algorithm
,
51 const blink::WebCryptoKey
& base_key
,
52 bool has_optional_length_bits
,
53 unsigned int optional_length_bits
,
54 std::vector
<uint8_t>* derived_bytes
) const override
{
55 crypto::OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
56 if (!has_optional_length_bits
)
57 return Status::ErrorHkdfDeriveBitsLengthNotSpecified();
59 const blink::WebCryptoHkdfParams
* params
= algorithm
.hkdfParams();
61 const EVP_MD
* digest_algorithm
= GetDigest(params
->hash().id());
62 if (!digest_algorithm
)
63 return Status::ErrorUnsupported();
65 // Size output to fit length
66 unsigned int derived_bytes_len
= NumBitsToBytes(optional_length_bits
);
67 derived_bytes
->resize(derived_bytes_len
);
69 // Algorithm dispatch checks that the algorithm in |base_key| matches
71 const std::vector
<uint8_t>& raw_key
=
72 SymKeyOpenSsl::Cast(base_key
)->raw_key_data();
73 if (!HKDF(vector_as_array(derived_bytes
), derived_bytes_len
,
74 digest_algorithm
, vector_as_array(&raw_key
), raw_key
.size(),
75 params
->salt().data(), params
->salt().size(),
76 params
->info().data(), params
->info().size())) {
77 uint32_t error
= ERR_get_error();
78 if (ERR_GET_LIB(error
) == ERR_LIB_HKDF
&&
79 ERR_GET_REASON(error
) == HKDF_R_OUTPUT_TOO_LARGE
) {
80 return Status::ErrorHkdfLengthTooLong();
82 return Status::OperationError();
85 TruncateToBitLength(optional_length_bits
, derived_bytes
);
86 return Status::Success();
89 Status
SerializeKeyForClone(
90 const blink::WebCryptoKey
& key
,
91 blink::WebVector
<uint8_t>* key_data
) const override
{
92 key_data
->assign(SymKeyOpenSsl::Cast(key
)->serialized_key_data());
93 return Status::Success();
96 Status
DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm
& algorithm
,
97 blink::WebCryptoKeyType type
,
99 blink::WebCryptoKeyUsageMask usages
,
100 const CryptoData
& key_data
,
101 blink::WebCryptoKey
* key
) const override
{
102 return CreateWebCryptoSecretKey(key_data
, algorithm
, extractable
, usages
,
106 Status
GetKeyLength(const blink::WebCryptoAlgorithm
& key_length_algorithm
,
107 bool* has_length_bits
,
108 unsigned int* length_bits
) const override
{
109 *has_length_bits
= false;
110 return Status::Success();
116 AlgorithmImplementation
* CreatePlatformHkdfImplementation() {
117 return new HkdfImplementation
;
120 } // namespace webcrypto
