1 // Copyright 2015 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "base/stl_util.h"
6 #include "content/child/webcrypto/algorithm_implementation.h"
7 #include "content/child/webcrypto/crypto_data.h"
8 #include "content/child/webcrypto/openssl/key_openssl.h"
9 #include "content/child/webcrypto/openssl/util_openssl.h"
10 #include "content/child/webcrypto/status.h"
11 #include "content/child/webcrypto/webcrypto_util.h"
12 #include "crypto/openssl_util.h"
13 #include "third_party/WebKit/public/platform/WebCryptoAlgorithmParams.h"
14 #include "third_party/WebKit/public/platform/WebCryptoKeyAlgorithm.h"
22 const blink::WebCryptoKeyUsageMask kAllKeyUsages
=
23 blink::WebCryptoKeyUsageDeriveKey
| blink::WebCryptoKeyUsageDeriveBits
;
25 class Pbkdf2Implementation
: public AlgorithmImplementation
{
27 Pbkdf2Implementation() {}
29 Status
VerifyKeyUsagesBeforeImportKey(
30 blink::WebCryptoKeyFormat format
,
31 blink::WebCryptoKeyUsageMask usages
) const override
{
33 case blink::WebCryptoKeyFormatRaw
:
34 return CheckKeyCreationUsages(kAllKeyUsages
, usages
, false);
36 return Status::ErrorUnsupportedImportKeyFormat();
40 Status
ImportKeyRaw(const CryptoData
& key_data
,
41 const blink::WebCryptoAlgorithm
& algorithm
,
43 blink::WebCryptoKeyUsageMask usages
,
44 blink::WebCryptoKey
* key
) const override
{
45 const blink::WebCryptoKeyAlgorithm key_algorithm
=
46 blink::WebCryptoKeyAlgorithm::createWithoutParams(
47 blink::WebCryptoAlgorithmIdPbkdf2
);
49 return CreateWebCryptoSecretKey(key_data
, key_algorithm
, extractable
,
53 Status
DeriveBits(const blink::WebCryptoAlgorithm
& algorithm
,
54 const blink::WebCryptoKey
& base_key
,
55 bool has_optional_length_bits
,
56 unsigned int optional_length_bits
,
57 std::vector
<uint8_t>* derived_bytes
) const override
{
58 crypto::OpenSSLErrStackTracer
err_tracer(FROM_HERE
);
60 if (!has_optional_length_bits
)
61 return Status::ErrorPbkdf2DeriveBitsLengthNotSpecified();
63 if (optional_length_bits
% 8)
64 return Status::ErrorPbkdf2InvalidLength();
66 const blink::WebCryptoPbkdf2Params
* params
= algorithm
.pbkdf2Params();
68 const blink::WebCryptoAlgorithm
& hash
= params
->hash();
69 const EVP_MD
* digest_algorithm
= GetDigest(hash
.id());
70 if (!digest_algorithm
)
71 return Status::ErrorUnsupported();
73 unsigned int keylen_bytes
= optional_length_bits
/ 8;
74 derived_bytes
->resize(keylen_bytes
);
76 const std::vector
<uint8_t>& password
=
77 SymKeyOpenSsl::Cast(base_key
)->raw_key_data();
79 if (!PKCS5_PBKDF2_HMAC(
80 reinterpret_cast<const char*>(vector_as_array(&password
)),
81 password
.size(), params
->salt().data(), params
->salt().size(),
82 params
->iterations(), digest_algorithm
, keylen_bytes
,
83 vector_as_array(derived_bytes
))) {
84 return Status::OperationError();
86 return Status::Success();
89 Status
SerializeKeyForClone(
90 const blink::WebCryptoKey
& key
,
91 blink::WebVector
<uint8_t>* key_data
) const override
{
92 key_data
->assign(SymKeyOpenSsl::Cast(key
)->serialized_key_data());
93 return Status::Success();
96 Status
DeserializeKeyForClone(const blink::WebCryptoKeyAlgorithm
& algorithm
,
97 blink::WebCryptoKeyType type
,
99 blink::WebCryptoKeyUsageMask usages
,
100 const CryptoData
& key_data
,
101 blink::WebCryptoKey
* key
) const override
{
102 return CreateWebCryptoSecretKey(key_data
, algorithm
, extractable
, usages
,
106 Status
GetKeyLength(const blink::WebCryptoAlgorithm
& key_length_algorithm
,
107 bool* has_length_bits
,
108 unsigned int* length_bits
) const override
{
109 *has_length_bits
= false;
110 return Status::Success();
116 AlgorithmImplementation
* CreatePlatformPbkdf2Implementation() {
117 return new Pbkdf2Implementation
;
120 } // namespace webcrypto
122 } // namespace content
