| OLD | NEW |
|---|
| 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef BASE_CRYPTO_SYMMETRIC_KEY_H_ | 5 #ifndef BASE_CRYPTO_SYMMETRIC_KEY_H_ |
| 6 #define BASE_CRYPTO_SYMMETRIC_KEY_H_ | 6 #define BASE_CRYPTO_SYMMETRIC_KEY_H_ |
| 7 | 7 |
| 8 #include <string> | 8 #include <string> |
| 9 | 9 |
| 10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
| 11 | 11 |
| 12 #if defined(USE_NSS) | 12 #if defined(USE_NSS) |
| 13 #include "base/crypto/scoped_nss_types.h" | 13 #include "base/crypto/scoped_nss_types.h" |
| 14 #elif defined(OS_MACOSX) | 14 #elif defined(OS_MACOSX) |
| 15 #include <Security/cssmtype.h> | 15 #include <Security/cssmtype.h> |
| 16 #elif defined(OS_WIN) |
| 17 #include "base/crypto/scoped_capi_types.h" |
| 16 #endif | 18 #endif |
| 17 | 19 |
| 18 namespace base { | 20 namespace base { |
| 19 | 21 |
| 20 // Wraps a platform-specific symmetric key and allows it to be held in a | 22 // Wraps a platform-specific symmetric key and allows it to be held in a |
| 21 // scoped_ptr. | 23 // scoped_ptr. |
| 22 class SymmetricKey { | 24 class SymmetricKey { |
| 23 public: | 25 public: |
| 24 enum Algorithm { | 26 enum Algorithm { |
| 25 AES, | 27 AES, |
| 26 HMAC_SHA1, | 28 HMAC_SHA1, |
| 27 }; | 29 }; |
| 28 | 30 |
| 29 virtual ~SymmetricKey() {} | 31 virtual ~SymmetricKey(); |
| 30 | 32 |
| 31 // Generates a random key suitable to be used with |cipher| and of | 33 // Generates a random key suitable to be used with |cipher| and of |
| 32 // |key_size_in_bits| bits. | 34 // |key_size_in_bits| bits. |
| 33 // The caller is responsible for deleting the returned SymmetricKey. | 35 // The caller is responsible for deleting the returned SymmetricKey. |
| 34 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, | 36 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, |
| 35 size_t key_size_in_bits); | 37 size_t key_size_in_bits); |
| 36 | 38 |
| 37 // Derives a key from the supplied password and salt using PBKDF2. The caller | 39 // Derives a key from the supplied password and salt using PBKDF2. The caller |
| 38 // is responsible for deleting the returned SymmetricKey. | 40 // is responsible for deleting the returned SymmetricKey. |
| 39 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, | 41 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, |
| 40 const std::string& password, | 42 const std::string& password, |
| 41 const std::string& salt, | 43 const std::string& salt, |
| 42 size_t iterations, | 44 size_t iterations, |
| 43 size_t key_size_in_bits); | 45 size_t key_size_in_bits); |
| 44 | 46 |
| 47 // TODO(wtc): port this method to Mac and NSS. |
| 48 #if defined(OS_WIN) |
| 49 // Imports a raw key. This method is only used by unit tests. |
| 50 static SymmetricKey* Import(Algorithm algorithm, |
| 51 const void* key_data, |
| 52 size_t key_size_in_bytes); |
| 53 #endif |
| 54 |
| 45 #if defined(USE_NSS) | 55 #if defined(USE_NSS) |
| 46 PK11SymKey* key() const { return key_.get(); } | 56 PK11SymKey* key() const { return key_.get(); } |
| 47 #elif defined(OS_MACOSX) | 57 #elif defined(OS_MACOSX) |
| 48 CSSM_DATA cssm_data() const; | 58 CSSM_DATA cssm_data() const; |
| 59 #elif defined(OS_WIN) |
| 60 HCRYPTKEY key() const { return key_.get(); } |
| 49 #endif | 61 #endif |
| 50 | 62 |
| 51 // Extracts the raw key from the platform specific data. This should only be | 63 // Extracts the raw key from the platform specific data. This should only be |
| 52 // done in unit tests to verify that keys are generated correctly. | 64 // done in unit tests to verify that keys are generated correctly. |
| 53 bool GetRawKey(std::string* raw_key); | 65 bool GetRawKey(std::string* raw_key); |
| 54 | 66 |
| 55 private: | 67 private: |
| 56 #if defined(USE_NSS) | 68 #if defined(USE_NSS) |
| 57 explicit SymmetricKey(PK11SymKey* key) : key_(key) {} | 69 explicit SymmetricKey(PK11SymKey* key) : key_(key) {} |
| 58 ScopedPK11SymKey key_; | 70 ScopedPK11SymKey key_; |
| 59 #elif defined(OS_MACOSX) | 71 #elif defined(OS_MACOSX) |
| 60 SymmetricKey(const void* key_data, size_t key_size_in_bits); | 72 SymmetricKey(const void* key_data, size_t key_size_in_bits); |
| 61 std::string key_; | 73 std::string key_; |
| 74 #elif defined(OS_WIN) |
| 75 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, |
| 76 const void* key_data, size_t key_size_in_bytes); |
| 77 |
| 78 ScopedHCRYPTPROV provider_; |
| 79 ScopedHCRYPTKEY key_; |
| 80 |
| 81 // Contains the raw key, if it is known during initialization and when it |
| 82 // is likely that the associated |provider_| will be unable to export the |
| 83 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes |
| 84 // when using the default RSA provider. |
| 85 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey |
| 86 // fails with NTE_BAD_KEY/NTE_BAD_LEN |
| 87 std::string raw_key_; |
| 62 #endif | 88 #endif |
| 63 | 89 |
| 64 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); | 90 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); |
| 65 }; | 91 }; |
| 66 | 92 |
| 67 } // namespace base | 93 } // namespace base |
| 68 | 94 |
| 69 #endif // BASE_CRYPTO_SYMMETRIC_KEY_H_ | 95 #endif // BASE_CRYPTO_SYMMETRIC_KEY_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1528021:
Implement PBKDF2-based key derivation, random key generation,... (Closed)
Base URL: svn://chrome-svn/chrome/trunk/src/