Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / components / webcrypto / algorithms / ecdh.cc
blobfb63ec2f9e93cbd4e70fac5063102a4dd736846e
1 // Copyright 2014 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/ec.h>
6 #include <openssl/ecdh.h>
7 #include <openssl/evp.h>
9 #include "base/logging.h"
10 #include "base/stl_util.h"
11 #include "components/webcrypto/algorithm_implementation.h"
12 #include "components/webcrypto/algorithms/ec.h"
13 #include "components/webcrypto/algorithms/util_openssl.h"
14 #include "components/webcrypto/crypto_data.h"
15 #include "components/webcrypto/generate_key_result.h"
16 #include "components/webcrypto/key.h"
17 #include "components/webcrypto/status.h"
18 #include "components/webcrypto/webcrypto_util.h"
19 #include "crypto/openssl_util.h"
20 #include "crypto/scoped_openssl_types.h"
21 #include "crypto/secure_util.h"
22 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
23 #include "third_party/WebKit/public/platform/WebCryptoKey.h"
24 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
26 namespace webcrypto {
28 namespace {
30 // TODO(eroman): Support the "raw" format for ECDH key import + export, as
31 // specified by WebCrypto spec.
33 // TODO(eroman): Allow id-ecDH in SPKI and PKCS#8 import
34 // (http://crbug.com/389400)
36 class EcdhImplementation : public EcAlgorithm {
37 public:
38 EcdhImplementation()
39 : EcAlgorithm(0,
40 blink::WebCryptoKeyUsageDeriveKey |
41 blink::WebCryptoKeyUsageDeriveBits) {}
43 const char* GetJwkAlgorithm(
44 const blink::WebCryptoNamedCurve curve) const override {
45 // JWK import for ECDH does not enforce any required value for "alg".
46 return "";
49 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
50 const blink::WebCryptoKey& base_key,
51 bool has_optional_length_bits,
52 unsigned int optional_length_bits,
53 std::vector<uint8_t>* derived_bytes) const override {
54 if (base_key.type() != blink::WebCryptoKeyTypePrivate)
55 return Status::ErrorUnexpectedKeyType();
57 // Verify the "publicKey" parameter. The only guarantee from Blink is that
58 // it is a valid WebCryptoKey, but it could be any type.
59 const blink::WebCryptoKey& public_key =
60 algorithm.ecdhKeyDeriveParams()->publicKey();
62 if (public_key.type() != blink::WebCryptoKeyTypePublic)
63 return Status::ErrorEcdhPublicKeyWrongType();
65 // Make sure it is an EC key.
66 if (!public_key.algorithm().ecParams())
67 return Status::ErrorEcdhPublicKeyWrongType();
69 // TODO(eroman): This is not described by the spec:
70 // https://www.w3.org/Bugs/Public/show_bug.cgi?id=27404
71 if (public_key.algorithm().id() != blink::WebCryptoAlgorithmIdEcdh)
72 return Status::ErrorEcdhPublicKeyWrongAlgorithm();
74 // The public and private keys come from different key pairs, however their
75 // curves must match.
76 if (public_key.algorithm().ecParams()->namedCurve() !=
77 base_key.algorithm().ecParams()->namedCurve()) {
78 return Status::ErrorEcdhCurveMismatch();
81 crypto::ScopedEC_KEY public_key_ec(
82 EVP_PKEY_get1_EC_KEY(GetEVP_PKEY(public_key)));
84 const EC_POINT* public_key_point =
85 EC_KEY_get0_public_key(public_key_ec.get());
87 crypto::ScopedEC_KEY private_key_ec(
88 EVP_PKEY_get1_EC_KEY(GetEVP_PKEY(base_key)));
90 // The size of the shared secret is the field size in bytes (rounded up).
91 // Note that, if rounding was required, the most significant bits of the
92 // secret are zero. So for P-521, the maximum length is 528 bits, not 521.
93 int field_size_bytes = NumBitsToBytes(
94 EC_GROUP_get_degree(EC_KEY_get0_group(private_key_ec.get())));
96 // If a desired key length was not specified, default to the field size
97 // (rounded up to nearest byte).
98 unsigned int length_bits =
99 has_optional_length_bits ? optional_length_bits : field_size_bytes * 8;
101 // Short-circuit when deriving an empty key.
102 // TODO(eroman): ECDH_compute_key() is not happy when given a NULL output.
103 // http://crbug.com/464194.
104 if (length_bits == 0) {
105 derived_bytes->clear();
106 return Status::Success();
109 if (length_bits > static_cast<unsigned int>(field_size_bytes * 8))
110 return Status::ErrorEcdhLengthTooBig(field_size_bytes * 8);
112 // Resize to target length in bytes (BoringSSL can operate on a shorter
113 // buffer than field_size_bytes).
114 derived_bytes->resize(NumBitsToBytes(length_bits));
116 int result =
117 ECDH_compute_key(vector_as_array(derived_bytes), derived_bytes->size(),
118 public_key_point, private_key_ec.get(), 0);
119 if (result < 0 || static_cast<size_t>(result) != derived_bytes->size())
120 return Status::OperationError();
122 TruncateToBitLength(length_bits, derived_bytes);
123 return Status::Success();
127 } // namespace
129 scoped_ptr<AlgorithmImplementation> CreateEcdhImplementation() {
130 return make_scoped_ptr(new EcdhImplementation);
133 } // namespace webcrypto