OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "base/crypto/symmetric_key.h" | 5 #include "base/crypto/symmetric_key.h" |
6 | 6 |
7 #include <nss.h> | 7 #include <nss.h> |
8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
9 | 9 |
10 #include "base/nss_util.h" | 10 #include "base/nss_util.h" |
11 #include "base/logging.h" | 11 #include "base/logging.h" |
12 | 12 |
13 namespace base { | 13 namespace base { |
14 | 14 |
15 // static | 15 // static |
16 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, size_t key_si
ze) { | 16 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
| 17 size_t key_size_in_bits) { |
17 DCHECK_EQ(AES, algorithm); | 18 DCHECK_EQ(AES, algorithm); |
18 | 19 |
19 EnsureNSSInit(); | 20 EnsureNSSInit(); |
20 if (key_size == 0) | 21 if (key_size_in_bits == 0) |
21 return NULL; | 22 return NULL; |
22 | 23 |
23 ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL)); | 24 ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL)); |
24 if (!slot.get()) | 25 if (!slot.get()) |
25 return NULL; | 26 return NULL; |
26 | 27 |
27 PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, key_size, | 28 PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, |
28 NULL); | 29 key_size_in_bits / 8, NULL); |
29 if (!sym_key) | 30 if (!sym_key) |
30 return NULL; | 31 return NULL; |
31 | 32 |
32 return new SymmetricKey(sym_key); | 33 return new SymmetricKey(sym_key); |
33 } | 34 } |
34 | 35 |
35 // static | 36 // static |
36 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, | 37 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, |
37 const std::string& password, | 38 const std::string& password, |
38 const std::string& salt, | 39 const std::string& salt, |
39 size_t iterations, | 40 size_t iterations, |
40 size_t key_size) { | 41 size_t key_size_in_bits) { |
41 EnsureNSSInit(); | 42 EnsureNSSInit(); |
42 if (salt.empty() || iterations == 0 || key_size == 0) | 43 if (salt.empty() || iterations == 0 || key_size_in_bits == 0) |
43 return NULL; | 44 return NULL; |
44 | 45 |
45 SECItem password_item; | 46 SECItem password_item; |
46 password_item.type = siBuffer; | 47 password_item.type = siBuffer; |
47 password_item.data = reinterpret_cast<unsigned char*>( | 48 password_item.data = reinterpret_cast<unsigned char*>( |
48 const_cast<char *>(password.data())); | 49 const_cast<char *>(password.data())); |
49 password_item.len = password.size(); | 50 password_item.len = password.size(); |
50 | 51 |
51 SECItem salt_item; | 52 SECItem salt_item; |
52 salt_item.type = siBuffer; | 53 salt_item.type = siBuffer; |
53 salt_item.data = reinterpret_cast<unsigned char*>( | 54 salt_item.data = reinterpret_cast<unsigned char*>( |
54 const_cast<char *>(salt.data())); | 55 const_cast<char *>(salt.data())); |
55 salt_item.len = salt.size(); | 56 salt_item.len = salt.size(); |
56 | 57 |
57 | 58 |
58 SECOidTag cipher_algorithm = | 59 SECOidTag cipher_algorithm = |
59 algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1; | 60 algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1; |
60 ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, | 61 ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, |
61 cipher_algorithm, | 62 cipher_algorithm, |
62 SEC_OID_HMAC_SHA1, | 63 SEC_OID_HMAC_SHA1, |
63 key_size, | 64 key_size_in_bits / 8, |
64 iterations, | 65 iterations, |
65 &salt_item)); | 66 &salt_item)); |
66 if (!alg_id.get()) | 67 if (!alg_id.get()) |
67 return NULL; | 68 return NULL; |
68 | 69 |
69 ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL)); | 70 ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL)); |
70 if (!slot.get()) | 71 if (!slot.get()) |
71 return NULL; | 72 return NULL; |
72 | 73 |
73 PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item, | 74 PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item, |
(...skipping 11 matching lines...) Expand all Loading... |
85 | 86 |
86 SECItem* key_item = PK11_GetKeyData(key_.get()); | 87 SECItem* key_item = PK11_GetKeyData(key_.get()); |
87 if (!key_item) | 88 if (!key_item) |
88 return false; | 89 return false; |
89 | 90 |
90 raw_key->assign(reinterpret_cast<char*>(key_item->data), key_item->len); | 91 raw_key->assign(reinterpret_cast<char*>(key_item->data), key_item->len); |
91 return true; | 92 return true; |
92 } | 93 } |
93 | 94 |
94 } // namespace base | 95 } // namespace base |
OLD | NEW |