content/child/webcrypto/openssl/hkdf_openssl.cc

   1 // Copyright 2015 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include <openssl/err.h>
   6 #include <openssl/hkdf.h>
   7
   8 #include "base/logging.h"
   9 #include "base/stl_util.h"
  10 #include "content/child/webcrypto/algorithm_implementation.h"
  11 #include "content/child/webcrypto/crypto_data.h"
  12 #include "content/child/webcrypto/openssl/key_openssl.h"
  13 #include "content/child/webcrypto/openssl/util_openssl.h"
  14 #include "content/child/webcrypto/status.h"
  15 #include "content/child/webcrypto/webcrypto_util.h"
  16 #include "crypto/openssl_util.h"
  17 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
  18 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
  19
  20 namespace content {
  21
  22 namespace webcrypto {
  23
  24 namespace {
  25
  26 const blink::WebCryptoKeyUsageMask kValidUsages =
  27     blink::WebCryptoKeyUsageDeriveKey | blink::WebCryptoKeyUsageDeriveBits;
  28
  29 class HkdfImplementation : public AlgorithmImplementation {
  30  public:
  31   HkdfImplementation() {}
  32
  33   Status VerifyKeyUsagesBeforeImportKey(
  34       blink::WebCryptoKeyFormat format,
  35       blink::WebCryptoKeyUsageMask usages) const override {
  36     if (format != blink::WebCryptoKeyFormatRaw)
  37       return Status::ErrorUnsupportedImportKeyFormat();
  38     return CheckKeyCreationUsages(kValidUsages, usages, false);
  39   }
  40
  41   Status ImportKeyRaw(const CryptoData& key_data,
  42                       const blink::WebCryptoAlgorithm& algorithm,
  43                       bool extractable,
  44                       blink::WebCryptoKeyUsageMask usages,
  45                       blink::WebCryptoKey* key) const override {
  46     return CreateWebCryptoSecretKey(
  47         key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams(
  48                       blink::WebCryptoAlgorithmIdHkdf),
  49         extractable, usages, key);
  50   }
  51
  52   Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
  53                     const blink::WebCryptoKey& base_key,
  54                     bool has_optional_length_bits,
  55                     unsigned int optional_length_bits,
  56                     std::vector<uint8_t>* derived_bytes) const override {
  57     crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
  58     if (!has_optional_length_bits)
  59       return Status::ErrorHkdfDeriveBitsLengthNotSpecified();
  60
  61     const blink::WebCryptoHkdfParams* params = algorithm.hkdfParams();
  62
  63     const EVP_MD* digest_algorithm = GetDigest(params->hash().id());
  64     if (!digest_algorithm)
  65       return Status::ErrorUnsupported();
  66
  67     // Size output to fit length
  68     unsigned int derived_bytes_len = NumBitsToBytes(optional_length_bits);
  69     derived_bytes->resize(derived_bytes_len);
  70
  71     // Algorithm dispatch checks that the algorithm in |base_key| matches
  72     // |algorithm|.
  73     const std::vector<uint8_t>& raw_key =
  74         SymKeyOpenSsl::Cast(base_key)->raw_key_data();
  75     if (!HKDF(vector_as_array(derived_bytes), derived_bytes_len,
  76               digest_algorithm, vector_as_array(&raw_key), raw_key.size(),
  77               params->salt().data(), params->salt().size(),
  78               params->info().data(), params->info().size())) {
  79       uint32_t error = ERR_get_error();
  80       if (ERR_GET_LIB(error) == ERR_LIB_HKDF &&
  81           ERR_GET_REASON(error) == HKDF_R_OUTPUT_TOO_LARGE) {
  82         return Status::ErrorHkdfLengthTooLong();
  83       }
  84       return Status::OperationError();
  85     }
  86
  87     TruncateToBitLength(optional_length_bits, derived_bytes);
  88     return Status::Success();
  89   }
  90
  91   Status SerializeKeyForClone(
  92       const blink::WebCryptoKey& key,
  93       blink::WebVector<uint8_t>* key_data) const override {
  94     key_data->assign(SymKeyOpenSsl::Cast(key)->serialized_key_data());
  95     return Status::Success();
  96   }
  97
  98   Status DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm& algorithm,
  99                                 blink::WebCryptoKeyType type,
 100                                 bool extractable,
 101                                 blink::WebCryptoKeyUsageMask usages,
 102                                 const CryptoData& key_data,
 103                                 blink::WebCryptoKey* key) const override {
 104     return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
 105                                     key);
 106   }
 107
 108   Status GetKeyLength(const blink::WebCryptoAlgorithm& key_length_algorithm,
 109                       bool* has_length_bits,
 110                       unsigned int* length_bits) const override {
 111     *has_length_bits = false;
 112     return Status::Success();
 113   }
 114 };
 115
 116 }  // namespace
 117
 118 AlgorithmImplementation* CreatePlatformHkdfImplementation() {
 119   return new HkdfImplementation;
 120 }
 121
 122 }  // namespace webcrypto
 123
 124 }  // namespace content