content/child/webcrypto/openssl/pbkdf2_openssl.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "base/numerics/safe_math.h"
   6 #include "content/child/webcrypto/algorithm_implementation.h"
   7 #include "content/child/webcrypto/crypto_data.h"
   8 #include "content/child/webcrypto/openssl/key_openssl.h"
   9 #include "content/child/webcrypto/openssl/util_openssl.h"
  10 #include "content/child/webcrypto/status.h"
  11 #include "content/child/webcrypto/webcrypto_util.h"
  12 #include "crypto/openssl_util.h"
  13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
  14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  15
  16 namespace content {
  17
  18 namespace webcrypto {
  19
  20 namespace {
  21
  22 const blink::WebCryptoKeyUsageMask kAllKeyUsages =
  23     blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits;
  24
  25 class Pbkdf2Implementation : public AlgorithmImplementation {
  26  public:
  27   Pbkdf2Implementation() {}
  28
  29   Status VerifyKeyUsagesBeforeImportKey(
  30       blink::WebCryptoKeyFormat format,
  31       blink::WebCryptoKeyUsageMask usages) const override {
  32     switch (format) {
  33       case blink::WebCryptoKeyFormatRaw:
  34         return CheckKeyCreationUsages(kAllKeyUsages, usages, false);
  35       default:
  36         return Status::ErrorUnsupportedImportKeyFormat();
  37     }
  38   }
  39
  40   Status ImportKeyRaw(const CryptoData& key_data,
  41                       const blink::WebCryptoAlgorithm& algorithm,
  42                       bool extractable,
  43                       blink::WebCryptoKeyUsageMask usages,
  44                       blink::WebCryptoKey* key) const override {
  45     const blink::WebCryptoKeyAlgorithm key_algorithm =
  46         blink::WebCryptoKeyAlgorithm::createWithoutParams(
  47             blink::WebCryptoAlgorithmIdPbkdf2);
  48
  49     return CreateWebCryptoSecretKey(key_data, key_algorithm, extractable,
  50                                     usages, key);
  51   }
  52
  53   Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
  54                     const blink::WebCryptoKey& base_key,
  55                     bool has_optional_length_bits,
  56                     unsigned int optional_length_bits,
  57                     std::vector<uint8_t>* derived_bytes) const override {
  58     crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
  59
  60     if (!has_optional_length_bits)
  61       return Status::ErrorPbkdf2DeriveBitsLengthNotSpecified();
  62
  63     if (optional_length_bits % 8)
  64       return Status::ErrorPbkdf2InvalidLength();
  65
  66     const blink::WebCryptoPbkdf2Params* params = algorithm.pbkdf2Params();
  67
  68     const blink::WebCryptoAlgorithm& hash = params->hash();
  69     const EVP_MD* digest_algorithm = GetDigest(hash.id());
  70     if (!digest_algorithm)
  71       return Status::ErrorUnsupported();
  72
  73     unsigned int keylen_bytes = optional_length_bits / 8;
  74     derived_bytes->resize(keylen_bytes);
  75
  76     const std::vector<uint8_t>& password =
  77         SymKeyOpenSsl::Cast(base_key)->raw_key_data();
  78
  79     // TODO(xun.sun): Empty password would derive random keys with
  80     // PKCS5_PBKDF2_HMAC().
  81     // https://code.google.com/p/chromium/issues/detail?id=449409
  82     //
  83     // Rejecting them until it is addressed in BoringSSL.
  84     if (password.empty())
  85       return Status::ErrorPbkdf2EmptyPassword();
  86
  87     // Prevent underflowing password.size() - BoringSSL expects the size as an
  88     // signed int, and will interpret the data as a C-String if it is -1.
  89     base::CheckedNumeric<int> password_size = password.size();
  90     if (!password_size.IsValid())
  91       return Status::ErrorDataTooLarge();
  92
  93     if (keylen_bytes == 0)
  94       return Status::Success();
  95
  96     const char* password_ptr =
  97         password.empty() ? NULL : reinterpret_cast<const char*>(&password[0]);
  98
  99     if (!PKCS5_PBKDF2_HMAC(password_ptr, password_size.ValueOrDie(),
 100                            params->salt().data(), params->salt().size(),
 101                            params->iterations(), digest_algorithm, keylen_bytes,
 102                            &derived_bytes->front()))
 103       return Status::OperationError();
 104     return Status::Success();
 105   }
 106
 107   Status SerializeKeyForClone(
 108       const blink::WebCryptoKey& key,
 109       blink::WebVector<uint8_t>* key_data) const override {
 110     key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
 111     return Status::Success();
 112   }
 113
 114   Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
 115                                 blink::WebCryptoKeyType type,
 116                                 bool extractable,
 117                                 blink::WebCryptoKeyUsageMask usages,
 118                                 const CryptoData& key_data,
 119                                 blink::WebCryptoKey* key) const override {
 120     return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
 121                                     key);
 122   }
 123
 124   Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
 125                       bool* has_length_bits,
 126                       unsigned int* length_bits) const override {
 127     *has_length_bits = false;
 128     return Status::Success();
 129   }
 130 };
 131
 132 }  // namespace
 133
 134 AlgorithmImplementation* CreatePlatformPbkdf2Implementation() {
 135   return new Pbkdf2Implementation;
 136 }
 137
 138 }  // namespace webcrypto
 139
 140 }  // namespace content