Require extractable=false for KDF import

This was added to the spec in: https://github.com/w3c/webcrypto/commit/90d9f747da7ab2dd0f88638666c2326dcb953536 BUG=630025 Review-Url: https://codereview.chromium.org/2289033002 Cr-Commit-Position: refs/heads/master@{#417016}

Require extractable=false for KDF import
This was added to the spec in: https://github.com/w3c/webcrypto/commit/90d9f747da7ab2dd0f88638666c2326dcb953536 BUG=630025 Review-Url: https://codereview.chromium.org/2289033002 Cr-Commit-Position: refs/heads/master@{#417016}
c9529a82 · eroman · Commit bot · 7c32b700 · c9529a82 · c9529a82
Commit c9529a82 authored Sep 07, 2016 by eroman Committed by Commit bot Sep 07, 2016
19 changed files
--- a/components/webcrypto/algorithms/hkdf.cc
+++ b/components/webcrypto/algorithms/hkdf.cc
@@ -52,6 +52,9 @@ class HkdfImplementation : public AlgorithmImplementation {
    if (status.IsError())
      return status;
+    if (extractable)
+      return Status::ErrorImportExtractableKdfKey();
    return CreateWebCryptoSecretKey(
        key_data, blink::WebCryptoKeyAlgorithm::createWithoutParams(
                      blink::WebCryptoAlgorithmIdHkdf),
@@ -102,6 +105,10 @@ class HkdfImplementation : public AlgorithmImplementation {
                                blink::WebCryptoKeyUsageMask usages,
                                const CryptoData& key_data,
                                blink::WebCryptoKey* key) const override {
+    // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false.
+    // This is intentional. Although keys cannot currently be created with
+    // extractable==true, earlier implementations permitted this, so
+    // de-serialization by structured clone should not reject them.
    return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
                                    key);
  }

--- a/components/webcrypto/algorithms/pbkdf2.cc
+++ b/components/webcrypto/algorithms/pbkdf2.cc
@@ -50,6 +50,9 @@ class Pbkdf2Implementation : public AlgorithmImplementation {
    if (status.IsError())
      return status;
+    if (extractable)
+      return Status::ErrorImportExtractableKdfKey();
    const blink::WebCryptoKeyAlgorithm key_algorithm =
        blink::WebCryptoKeyAlgorithm::createWithoutParams(
            blink::WebCryptoAlgorithmIdPbkdf2);
@@ -106,6 +109,10 @@ class Pbkdf2Implementation : public AlgorithmImplementation {
                                blink::WebCryptoKeyUsageMask usages,
                                const CryptoData& key_data,
                                blink::WebCryptoKey* key) const override {
+    // NOTE: Unlike ImportKeyRaw(), this does not enforce extractable==false.
+    // This is intentional. Although keys cannot currently be created with
+    // extractable==true, earlier implementations permitted this, so
+    // de-serialization by structured clone should not reject them.
    return CreateWebCryptoSecretKey(key_data, algorithm, extractable, usages,
                                    key);
  }

--- a/components/webcrypto/status.cc
+++ b/components/webcrypto/status.cc
@@ -362,6 +362,11 @@ Status Status::ErrorPbkdf2Iterations0() {
                "PBKDF2 requires iterations > 0");
 }
+Status Status::ErrorImportExtractableKdfKey() {
+  return Status(blink::WebCryptoErrorTypeSyntax,
+                "KDF keys must set extractable=false");
+}
 Status::Status(blink::WebCryptoErrorType error_type,
               const std::string& error_details_utf8)
    : type_(TYPE_ERROR),

--- a/components/webcrypto/status.h
+++ b/components/webcrypto/status.h
@@ -273,6 +273,10 @@ class Status {
  // PBKDF2 was called with iterations == 0.
  static Status ErrorPbkdf2Iterations0();
+  // Tried importing a key with extractable=true for one of the *KDF
+  // algorithms.
+  static Status ErrorImportExtractableKdfKey();
 private:
  enum Type { TYPE_ERROR, TYPE_SUCCESS };

--- a/third_party/WebKit/LayoutTests/crypto/subtle/derive-hkdf-keys-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/derive-hkdf-keys-expected.txt
@@ -6,7 +6,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 Derive an HKDF key from ECDH keys
 PASS hkdfKey.algorithm.name is "HKDF"
 PASS typeof hkdfKey.extractable is 'boolean'
-PASS hkdfKey.extractable is true
+PASS hkdfKey.extractable is false
 PASS hkdfKey.usages.join(',') is "deriveKey,deriveBits"
 Derive 128 bits from the HKDF key

--- a/third_party/WebKit/LayoutTests/crypto/subtle/derive-hkdf-keys.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/derive-hkdf-keys.html
@@ -13,7 +13,6 @@ description("Test deriving HKDF keys with deriveKey()");
 jsTestIsAsync = true;
-var extractable = true;
 var derivingKeyAlgorithm = {
    name: "HKDF",
    hash: "SHA-256",
@@ -55,12 +54,12 @@ Promise.resolve(null).then(function(result) {
    publicKey = result;
    debug("Derive an HKDF key from ECDH keys");
-    return crypto.subtle.deriveKey({name: "ECDH", namedCurve: "P-256", public: publicKey}, privateKey, "HKDF", true, ['deriveKey', 'deriveBits']);
+    return crypto.subtle.deriveKey({name: "ECDH", namedCurve: "P-256", public: publicKey}, privateKey, "HKDF", false, ['deriveKey', 'deriveBits']);
 }).then(function(result) {
    hkdfKey = result;
    shouldEvaluateAs("hkdfKey.algorithm.name", "HKDF");
-    shouldEvaluateAs("hkdfKey.extractable", true);
+    shouldEvaluateAs("hkdfKey.extractable", false);
    shouldEvaluateAs("hkdfKey.usages.join(',')", "deriveKey,deriveBits");
    debug("\nDerive 128 bits from the HKDF key");
@@ -68,7 +67,7 @@ Promise.resolve(null).then(function(result) {
 }).then(function(result) {
    derivedBits = result;
-    return crypto.subtle.importKey("raw", secret, hkdfAlgorithm, true, ['deriveBits']);
+    return crypto.subtle.importKey("raw", secret, hkdfAlgorithm, false, ['deriveBits']);
 }).then(function(hkdfKey) {
    return crypto.subtle.deriveBits(hkdfAlgorithm, hkdfKey, 128);
 }).then(function(result) {

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-failures.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-failures.html
@@ -15,7 +15,7 @@ jsTestIsAsync = true;
 kHkdfKey = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
-var extractable = true;
+var extractable = false;
 Promise.resolve(null).then(function(result) {
    // Set up the test by creating an HKDF key...
    return crypto.subtle.importKey("raw", hexStringToUint8Array(kHkdfKey), {name: "HKDF"}, extractable, ['deriveKey', 'deriveBits']);

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-rfc5869-test-vectors-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-rfc5869-test-vectors-expected.txt
@@ -5,43 +5,43 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b] should be [3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5b887185865] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f] should be [b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99cac7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c01d5c1f3434f1d87] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b] should be [8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395faa4b61a96c8] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [0b0b0b0b0b0b0b0b0b0b0b] should be [085a01ea1b10f36933068b56efa5ad81a4f14b822f5b091568a9cdd4f155fda2c22e422478d305f3f896] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f] should be [0bd770a74d1160f7c9f12cd5912a06ebff6adcae899d92191fe4305673ba2ffe8fa3f1a4e5ad79f3f334b3b202b2173c486ea37ce3d397ed034c7f9dfeb15c5e927336d0441f4c4300e2cff0d0900b52d3b4] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b] should be [0ac1af7002b3d761d1e55298da9d0506b9ae52057220a306e07b6b87e8df21d0ea00033de03984d34918] and was
 PASS key.type is "secret"
 PASS typeof key.extractable is 'boolean'
-PASS key.extractable is true
+PASS key.extractable is false
 PASS key.algorithm.name is "HKDF"
 PASS key.usages.join(',') is "deriveKey,deriveBits"
 PASS: HKDF of [0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c0c] should be [2c91117204d745f3500d636a62f64f0ab3bae548aa53d423b0d1f27ebba6f5e5673a081d70cce7acfc48] and was

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-rfc5869-test-vectors.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits-rfc5869-test-vectors.html
@@ -73,7 +73,7 @@ kHkdfTestVectors = [
    },
 ];
-var extractable = true;
+var extractable = false;
 function runTest(testCase)
 {
    return Promise.resolve(null).then(function() {

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveBits.html
@@ -22,7 +22,7 @@ kHkdfAlgorithm = {
    info: new Uint8Array()
 };
-var extractable = true;
+var extractable = false;
 Promise.resolve(null).then(function(result) {
    // Set up the test by creating an HKDF key.
    return crypto.subtle.importKey("raw", hexStringToUint8Array(kHkdfKey), {name: "HKDF"}, extractable, ['deriveKey', 'deriveBits']);

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveKey-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveKey-expected.txt
@@ -5,7 +5,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 PASS derivedKey.type is "secret"
 PASS typeof derivedKey.extractable is 'boolean'
-PASS derivedKey.extractable is true
+PASS derivedKey.extractable is false
 PASS derivedKey.algorithm.name is "AES-GCM"
 PASS derivedKey.usages.join(',') is "encrypt"
@@ -13,12 +13,12 @@ Try to derive an HKDF key...
 error is: TypeError: No length was specified for the HKDF Derive Bits operation.
 PASS emptyKey.type is "secret"
 PASS typeof emptyKey.extractable is 'boolean'
-PASS emptyKey.extractable is true
+PASS emptyKey.extractable is false
 PASS emptyKey.algorithm.name is "HKDF"
 PASS emptyKey.usages.join(',') is "deriveKey"
 PASS derivedKey.type is "secret"
 PASS typeof derivedKey.extractable is 'boolean'
-PASS derivedKey.extractable is true
+PASS derivedKey.extractable is false
 PASS derivedKey.algorithm.name is "AES-GCM"
 PASS derivedKey.usages.join(',') is "encrypt"
 PASS successfullyParsed is true

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveKey.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/deriveKey.html
@@ -15,7 +15,7 @@ jsTestIsAsync = true;
 kHkdfKey = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
-var extractable = true;
+var extractable = false;
 var derivingKeyAlgorithm = {
    name: "HKDF",
    hash: "SHA-256",

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/exportKey-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/exportKey-expected.txt
@@ -5,7 +5,7 @@ On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE
 Calling exportKey() on an HKDF key...
-error is: NotSupportedError: The requested operation is unsupported
+error is: InvalidAccessError: key is not extractable
 PASS successfullyParsed is true
 TEST COMPLETE

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/exportKey.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/exportKey.html
@@ -15,7 +15,7 @@ jsTestIsAsync = true;
 kHkdfKey = "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b";
-var extractable = true;
+var extractable = false;
 Promise.resolve(null).then(function(result) {
    // set up the test by creating an HKDF key.
    return crypto.subtle.importKey("raw", hexStringToUint8Array(kHkdfKey), {name: "HKDF"}, extractable, ['deriveKey', 'deriveBits']);

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/importKey-failures-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/importKey-failures-expected.txt
@@ -18,6 +18,9 @@ error is: NotSupportedError: Unsupported import key format for algorithm
 importKey() with empty usages...
 error is: SyntaxError: Usages cannot be empty when creating a key.
+importKey() with extractable=true ...
+error is: SyntaxError: KDF keys must set extractable=false
 PASS successfullyParsed is true
 TEST COMPLETE

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/importKey-failures.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/importKey-failures.html
@@ -13,7 +13,7 @@ description("Test inputs to HKDF importKey()");
 jsTestIsAsync = true;
-var extractable = true;
+var extractable = false;
 rawBytes = new Uint8Array([1, 2]);
 var p = Promise.resolve(null);
@@ -40,6 +40,11 @@ p.then(function() {
    debug("\nimportKey() with empty usages...");
    return crypto.subtle.importKey("raw", rawBytes, "HKDF", extractable, []);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with extractable=true ...");
+    return crypto.subtle.importKey("raw", rawBytes, "HKDF", true, ['deriveKey']);
 }).then(failAndFinishJSTest, function(result) {
    logError(result);
 }).then(finishJSTest, failAndFinishJSTest);

--- a/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/unwrapKey.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/hkdf/unwrapKey.html
@@ -16,7 +16,6 @@ jsTestIsAsync = true;
 kHkdfKey = hexStringToUint8Array("0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b");
 kIv = new Uint8Array(16);
-var extractable = true;
 var derivingKeyAlgorithm = {
    name: "HKDF",
    hash: "SHA-256",

--- a/third_party/WebKit/LayoutTests/crypto/subtle/pbkdf2/importKey-failures-expected.txt
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/pbkdf2/importKey-failures-expected.txt
+Test bad inputs to PKBDF2 importKey()
+On success, you will see a series of "PASS" messages, followed by "TEST COMPLETE".
+importKey() with 'encrypt' usage...
+error is: SyntaxError: Cannot create a key using the specified key usages.
+importKey() with null key data...
+error is: TypeError: Key data must be a BufferSource for non-JWK formats
+importKey() with jwk format...
+error is: NotSupportedError: Unsupported import key format for algorithm
+importKey() with spki format...
+error is: NotSupportedError: Unsupported import key format for algorithm
+importKey() with empty usages...
+error is: SyntaxError: Usages cannot be empty when creating a key.
+importKey() with extractable=true ...
+error is: SyntaxError: KDF keys must set extractable=false
+PASS successfullyParsed is true
+TEST COMPLETE
--- a/third_party/WebKit/LayoutTests/crypto/subtle/pbkdf2/importKey-failures.html
+++ b/third_party/WebKit/LayoutTests/crypto/subtle/pbkdf2/importKey-failures.html
+<!DOCTYPE html>
+<html>
+<head>
+<script src="../../../resources/js-test.js"></script>
+<script src="../resources/common.js"></script>
+</head>
+<body>
+<p id="description"></p>
+<div id="console"></div>
+<script>
+description("Test bad inputs to PKBDF2 importKey()");
+jsTestIsAsync = true;
+var extractable = false;
+rawBytes = new Uint8Array([1, 2]);
+var p = Promise.resolve(null);
+p.then(function() {
+    debug("\nimportKey() with 'encrypt' usage...");
+    return crypto.subtle.importKey("raw", rawBytes, "PBKDF2", extractable, ['encrypt']);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with null key data...");
+    return crypto.subtle.importKey("raw", null, "PBKDF2", extractable, ['deriveKey']);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with jwk format...");
+    return crypto.subtle.importKey("jwk", {kty: "PBKDF2"}, "PBKDF2", extractable, ['deriveKey']);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with spki format...");
+    return crypto.subtle.importKey("spki", rawBytes, "PBKDF2", extractable, ['deriveKey']);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with empty usages...");
+    return crypto.subtle.importKey("raw", rawBytes, "PBKDF2", extractable, []);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+    debug("\nimportKey() with extractable=true ...");
+    return crypto.subtle.importKey("raw", rawBytes, "PBKDF2", true, ['deriveKey']);
+}).then(failAndFinishJSTest, function(result) {
+    logError(result);
+}).then(finishJSTest, failAndFinishJSTest);
+</script>
+</body>
+</html>