Re-subimission of https://codereview.chromium.org/1041213003/
[chromium-blink-merge.git] / content / child / webcrypto / openssl / hkdf_openssl.cc
blob13005baabfb0a2f55b52882e35250d8fc426a0c1
1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include <openssl/err.h>
6 #include <openssl/hkdf.h>
8 #include "base/logging.h"
9 #include "base/stl_util.h"
10 #include "content/child/webcrypto/algorithm_implementation.h"
11 #include "content/child/webcrypto/crypto_data.h"
12 #include "content/child/webcrypto/openssl/key_openssl.h"
13 #include "content/child/webcrypto/openssl/util_openssl.h"
14 #include "content/child/webcrypto/status.h"
15 #include "content/child/webcrypto/webcrypto_util.h"
16 #include "crypto/openssl_util.h"
17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
20 namespace content {
22 namespace webcrypto {
24 namespace {
26 const blink::WebCryptoKeyUsageMask kValidUsages =
27 blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits;
29 class HkdfImplementation : public AlgorithmImplementation {
30 public:
31 HkdfImplementation() {}
33 Status VerifyKeyUsagesBeforeImportKey(
34 blink::WebCryptoKeyFormat format,
35 blink::WebCryptoKeyUsageMask usages) const override {
36 if (format != blink::WebCryptoKeyFormatRaw)
37 return Status::ErrorUnsupportedImportKeyFormat();
38 return CheckKeyCreationUsages(kValidUsages, usages, false);
41 Status ImportKeyRaw(const CryptoData& key_data,
42 const blink::WebCryptoAlgorithm& algorithm,
43 bool extractable,
44 blink::WebCryptoKeyUsageMask usages,
45 blink::WebCryptoKey* key) const override {
46 return CreateWebCryptoSecretKey(
47 key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams(
48 blink::WebCryptoAlgorithmIdHkdf),
49 extractable, usages, key);
52 Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
53 const blink::WebCryptoKey& base_key,
54 bool has_optional_length_bits,
55 unsigned int optional_length_bits,
56 std::vector<uint8_t>* derived_bytes) const override {
57 crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
58 if (!has_optional_length_bits)
59 return Status::ErrorHkdfDeriveBitsLengthNotSpecified();
61 const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams();
63 const EVP_MD* digest_algorithm = GetDigest(params->hash().id());
64 if (!digest_algorithm)
65 return Status::ErrorUnsupported();
67 // Size output to fit length
68 unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits);
69 derived_bytes->resize(derived_bytes_len);
71 // Algorithm dispatch checks that the algorithm in |base_key| matches
72 // |algorithm|.
73 const std::vector<uint8_t>& raw_key =
74 SymKeyOpenSsl::Cast(base_key)->raw_key_data();
75 if (!HKDF(vector_as_array(derived_bytes), derived_bytes_len,
76 digest_algorithm, vector_as_array(&raw_key), raw_key.size(),
77 params->salt().data(), params->salt().size(),
78 params->info().data(), params->info().size())) {
79 uint32_t error = ERR_get_error();
80 if (ERR_GET_LIB(error) == ERR_LIB_HKDF &&
81 ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) {
82 return Status::ErrorHkdfLengthTooLong();
84 return Status::OperationError();
87 TruncateToBitLength(optional_length_bits, derived_bytes);
88 return Status::Success();
91 Status SerializeKeyForClone(
92 const blink::WebCryptoKey& key,
93 blink::WebVector<uint8_t>* key_data) const override {
94 key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
95 return Status::Success();
98 Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
99 blink::WebCryptoKeyType type,
100 bool extractable,
101 blink::WebCryptoKeyUsageMask usages,
102 const CryptoData& key_data,
103 blink::WebCryptoKey* key) const override {
104 return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
105 key);
108 Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
109 bool* has_length_bits,
110 unsigned int* length_bits) const override {
111 *has_length_bits = false;
112 return Status::Success();
116 } // namespace
118 AlgorithmImplementation* CreatePlatformHkdfImplementation() {
119 return new HkdfImplementation;
122 } // namespace webcrypto
124 } // namespace content