[webcrypto] Reject PBKDF2 when iterations==0.

BUG=534947

Review URL: https://codereview.chromium.org/1381333002

Cr-Commit-Position: refs/heads/master@{#352430}

3 files changed, 11 insertions, 0 deletions

diff --git a/components/webcrypto/algorithms/pbkdf2.cc b/components/webcrypto/algorithms/pbkdf2.cc
index b5cf5ca..c3449f5 100644
--- a/components/webcrypto/algorithms/pbkdf2.cc
+++ b/components/webcrypto/algorithms/pbkdf2.cc
@@ -63,6 +63,9 @@ class Pbkdf2Implementation : public AlgorithmImplementation {
 
     const blink::WebCryptoPbkdf2Params* params = algorithm.pbkdf2Params();
 
+    if (params->iterations() == 0)
+      return Status::ErrorPbkdf2Iterations0();
+
     const EVP_MD* digest_algorithm = GetDigest(params->hash());
     if (!digest_algorithm)
       return Status::ErrorUnsupported();
diff --git a/components/webcrypto/status.cc b/components/webcrypto/status.cc
index 54efffe..4747a7f 100644
--- a/components/webcrypto/status.cc
+++ b/components/webcrypto/status.cc
@@ -351,6 +351,11 @@ Status Status::ErrorPbkdf2DeriveBitsLengthNotSpecified() {
       "No length was specified for the PBKDF2 Derive Bits operation.");
 }
 
+Status Status::ErrorPbkdf2Iterations0() {
+  return Status(blink::WebCryptoErrorTypeOperation,
+                "PBKDF2 requires iterations > 0");
+}
+
 Status::Status(blink::WebCryptoErrorType error_type,
                const std::string& error_details_utf8)
     : type_(TYPE_ERROR),
diff --git a/components/webcrypto/status.h b/components/webcrypto/status.h
index 94124db..7143a29 100644
--- a/components/webcrypto/status.h
+++ b/components/webcrypto/status.h
@@ -265,6 +265,9 @@ class Status {
   // No length parameter was provided for PBKDF2's Derive Bits operation.
   static Status ErrorPbkdf2DeriveBitsLengthNotSpecified();
 
+  // PBKDF2 was called with iterations == 0.
+  static Status ErrorPbkdf2Iterations0();
+
  private:
   enum Type { TYPE_ERROR, TYPE_SUCCESS };