blob: ca5953b39d511d8c86587a8c32db3318a333c04d [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include <stddef.h>
#include <stdint.h>
#include "base/logging.h"
#include "base/memory/ptr_util.h"
#include "components/webcrypto/algorithm_implementation.h"
#include "components/webcrypto/algorithms/ec.h"
#include "components/webcrypto/algorithms/util.h"
#include "components/webcrypto/blink_key_handle.h"
#include "components/webcrypto/crypto_data.h"
#include "components/webcrypto/generate_key_result.h"
#include "components/webcrypto/status.h"
#include "crypto/openssl_util.h"
#include "crypto/secure_util.h"
#include "third_party/blink/public/platform/web_crypto_algorithm_params.h"
#include "third_party/blink/public/platform/web_crypto_key.h"
#include "third_party/blink/public/platform/web_crypto_key_algorithm.h"
#include "third_party/boringssl/src/include/openssl/ec.h"
#include "third_party/boringssl/src/include/openssl/ecdh.h"
#include "third_party/boringssl/src/include/openssl/evp.h"
namespace webcrypto {
namespace {
// TODO(eroman): Support the "raw" format for ECDH key import + export, as
// specified by WebCrypto spec.
// TODO(eroman): Allow id-ecDH in SPKI and PKCS#8 import
// (
class EcdhImplementation : public EcAlgorithm {
: EcAlgorithm(0,
blink::kWebCryptoKeyUsageDeriveKey |
blink::kWebCryptoKeyUsageDeriveBits) {}
const char* GetJwkAlgorithm(
const blink::WebCryptoNamedCurve curve) const override {
// JWK import for ECDH does not enforce any required value for "alg".
return "";
Status DeriveBits(const blink::WebCryptoAlgorithm& algorithm,
const blink::WebCryptoKey& base_key,
bool has_optional_length_bits,
unsigned int optional_length_bits,
std::vector<uint8_t>* derived_bytes) const override {
if (base_key.GetType() != blink::kWebCryptoKeyTypePrivate)
return Status::ErrorUnexpectedKeyType();
// Verify the "publicKey" parameter. The only guarantee from Blink is that
// it is a valid WebCryptoKey, but it could be any type.
const blink::WebCryptoKey& public_key =
if (public_key.GetType() != blink::kWebCryptoKeyTypePublic)
return Status::ErrorEcdhPublicKeyWrongType();
// Make sure it is an EC key.
if (!public_key.Algorithm().EcParams())
return Status::ErrorEcdhPublicKeyWrongType();
// TODO(eroman): This is not described by the spec:
if (public_key.Algorithm().Id() != blink::kWebCryptoAlgorithmIdEcdh)
return Status::ErrorEcdhPublicKeyWrongAlgorithm();
// The public and private keys come from different key pairs, however their
// curves must match.
if (public_key.Algorithm().EcParams()->NamedCurve() !=
base_key.Algorithm().EcParams()->NamedCurve()) {
return Status::ErrorEcdhCurveMismatch();
EC_KEY* public_key_ec = EVP_PKEY_get0_EC_KEY(GetEVP_PKEY(public_key));
const EC_POINT* public_key_point = EC_KEY_get0_public_key(public_key_ec);
EC_KEY* private_key_ec = EVP_PKEY_get0_EC_KEY(GetEVP_PKEY(base_key));
// The size of the shared secret is the field size in bytes (rounded up).
// Note that, if rounding was required, the most significant bits of the
// secret are zero. So for P-521, the maximum length is 528 bits, not 521.
int field_size_bytes =
// If a desired key length was not specified, default to the field size
// (rounded up to nearest byte).
unsigned int length_bits =
has_optional_length_bits ? optional_length_bits : field_size_bytes * 8;
// Short-circuit when deriving an empty key.
// TODO(eroman): ECDH_compute_key() is not happy when given a NULL output.
if (length_bits == 0) {
return Status::Success();
if (length_bits > static_cast<unsigned int>(field_size_bytes * 8))
return Status::ErrorEcdhLengthTooBig(field_size_bytes * 8);
// Resize to target length in bytes (BoringSSL can operate on a shorter
// buffer than field_size_bytes).
int result = ECDH_compute_key(derived_bytes->data(), derived_bytes->size(),
public_key_point, private_key_ec, nullptr);
if (result < 0 || static_cast<size_t>(result) != derived_bytes->size())
return Status::OperationError();
TruncateToBitLength(length_bits, derived_bytes);
return Status::Success();
} // namespace
std::unique_ptr<AlgorithmImplementation> CreateEcdhImplementation() {
return base::WrapUnique(new EcdhImplementation);
} // namespace webcrypto