OLD | NEW |
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2010 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef BASE_CRYPTO_SYMMETRIC_KEY_H_ | 5 #ifndef BASE_CRYPTO_SYMMETRIC_KEY_H_ |
6 #define BASE_CRYPTO_SYMMETRIC_KEY_H_ | 6 #define BASE_CRYPTO_SYMMETRIC_KEY_H_ |
7 | 7 |
8 #include <string> | 8 #include <string> |
9 | 9 |
10 #include "base/basictypes.h" | 10 #include "base/basictypes.h" |
11 | 11 |
12 #if defined(USE_NSS) | 12 #if defined(USE_NSS) |
13 #include "base/crypto/scoped_nss_types.h" | 13 #include "base/crypto/scoped_nss_types.h" |
14 #elif defined(OS_MACOSX) | 14 #elif defined(OS_MACOSX) |
15 #include <Security/cssmtype.h> | 15 #include <Security/cssmtype.h> |
| 16 #elif defined(OS_WIN) |
| 17 #include "base/crypto/scoped_capi_types.h" |
16 #endif | 18 #endif |
17 | 19 |
18 namespace base { | 20 namespace base { |
19 | 21 |
20 // Wraps a platform-specific symmetric key and allows it to be held in a | 22 // Wraps a platform-specific symmetric key and allows it to be held in a |
21 // scoped_ptr. | 23 // scoped_ptr. |
22 class SymmetricKey { | 24 class SymmetricKey { |
23 public: | 25 public: |
24 enum Algorithm { | 26 enum Algorithm { |
25 AES, | 27 AES, |
26 HMAC_SHA1, | 28 HMAC_SHA1, |
27 }; | 29 }; |
28 | 30 |
29 virtual ~SymmetricKey() {} | 31 virtual ~SymmetricKey(); |
30 | 32 |
31 // Generates a random key suitable to be used with |cipher| and of | 33 // Generates a random key suitable to be used with |cipher| and of |
32 // |key_size_in_bits| bits. | 34 // |key_size_in_bits| bits. |
33 // The caller is responsible for deleting the returned SymmetricKey. | 35 // The caller is responsible for deleting the returned SymmetricKey. |
34 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, | 36 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, |
35 size_t key_size_in_bits); | 37 size_t key_size_in_bits); |
36 | 38 |
37 // Derives a key from the supplied password and salt using PBKDF2. The caller | 39 // Derives a key from the supplied password and salt using PBKDF2. The caller |
38 // is responsible for deleting the returned SymmetricKey. | 40 // is responsible for deleting the returned SymmetricKey. |
39 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, | 41 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, |
40 const std::string& password, | 42 const std::string& password, |
41 const std::string& salt, | 43 const std::string& salt, |
42 size_t iterations, | 44 size_t iterations, |
43 size_t key_size_in_bits); | 45 size_t key_size_in_bits); |
44 | 46 |
| 47 // TODO(wtc): port this method to Mac and NSS. |
| 48 #if defined(OS_WIN) |
| 49 // Imports a raw key. This method is only used by unit tests. |
| 50 static SymmetricKey* Import(Algorithm algorithm, |
| 51 const void* key_data, |
| 52 size_t key_size_in_bytes); |
| 53 #endif |
| 54 |
45 #if defined(USE_NSS) | 55 #if defined(USE_NSS) |
46 PK11SymKey* key() const { return key_.get(); } | 56 PK11SymKey* key() const { return key_.get(); } |
47 #elif defined(OS_MACOSX) | 57 #elif defined(OS_MACOSX) |
48 CSSM_DATA cssm_data() const; | 58 CSSM_DATA cssm_data() const; |
| 59 #elif defined(OS_WIN) |
| 60 HCRYPTKEY key() const { return key_.get(); } |
49 #endif | 61 #endif |
50 | 62 |
51 // Extracts the raw key from the platform specific data. This should only be | 63 // Extracts the raw key from the platform specific data. This should only be |
52 // done in unit tests to verify that keys are generated correctly. | 64 // done in unit tests to verify that keys are generated correctly. |
53 bool GetRawKey(std::string* raw_key); | 65 bool GetRawKey(std::string* raw_key); |
54 | 66 |
55 private: | 67 private: |
56 #if defined(USE_NSS) | 68 #if defined(USE_NSS) |
57 explicit SymmetricKey(PK11SymKey* key) : key_(key) {} | 69 explicit SymmetricKey(PK11SymKey* key) : key_(key) {} |
58 ScopedPK11SymKey key_; | 70 ScopedPK11SymKey key_; |
59 #elif defined(OS_MACOSX) | 71 #elif defined(OS_MACOSX) |
60 SymmetricKey(const void* key_data, size_t key_size_in_bits); | 72 SymmetricKey(const void* key_data, size_t key_size_in_bits); |
61 std::string key_; | 73 std::string key_; |
| 74 #elif defined(OS_WIN) |
| 75 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, |
| 76 const void* key_data, size_t key_size_in_bytes); |
| 77 |
| 78 ScopedHCRYPTPROV provider_; |
| 79 ScopedHCRYPTKEY key_; |
| 80 |
| 81 // Contains the raw key, if it is known during initialization and when it |
| 82 // is likely that the associated |provider_| will be unable to export the |
| 83 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes |
| 84 // when using the default RSA provider. |
| 85 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey |
| 86 // fails with NTE_BAD_KEY/NTE_BAD_LEN |
| 87 std::string raw_key_; |
62 #endif | 88 #endif |
63 | 89 |
64 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); | 90 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); |
65 }; | 91 }; |
66 | 92 |
67 } // namespace base | 93 } // namespace base |
68 | 94 |
69 #endif // BASE_CRYPTO_SYMMETRIC_KEY_H_ | 95 #endif // BASE_CRYPTO_SYMMETRIC_KEY_H_ |
OLD | NEW |