Index: base/crypto/symmetric_key_openssl.cc |
diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc |
index 591252dc225393a1cbc20916a93d51f6a5b2d5af..8758abebdc4e450aae370822401cc9a5e619776c 100644 |
--- a/base/crypto/symmetric_key_openssl.cc |
+++ b/base/crypto/symmetric_key_openssl.cc |
@@ -4,18 +4,48 @@ |
#include "base/crypto/symmetric_key.h" |
+#include <openssl/err.h> |
+#include <openssl/evp.h> |
+#include <openssl/rand.h> |
+ |
#include "base/logging.h" |
+#include "base/scoped_ptr.h" |
+#include "base/stl_util-inl.h" |
namespace base { |
+SymmetricKey::SymmetricKey(std::string* key) { |
+ key->swap(key_); |
Ryan Sleevi
2010/11/10 23:18:46
Why the swap, as opposed to assignment or just tak
joth
2010/11/11 15:07:12
Just trying to reduce the number of copies of the
|
+} |
+ |
SymmetricKey::~SymmetricKey() { |
+ // Zero out the content. |
+ key_.assign(key_.length(), '\0'); |
} |
// static |
SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
size_t key_size_in_bits) { |
- NOTIMPLEMENTED(); |
- return NULL; |
+ DCHECK_EQ(AES, algorithm); |
Ryan Sleevi
2010/11/10 23:18:46
Why restrict |algorithm| to AES? See symmetric_key
joth
2010/11/11 15:07:12
Just copied this from the NSS version, I didn't wa
|
+ int key_size_in_bytes = key_size_in_bits / 8; |
Ryan Sleevi
2010/11/10 23:18:46
My bit-byte sense tingles on this, though it may b
joth
2010/11/11 15:07:12
As above, although I originally had a CHECK that t
|
+ |
+ if (key_size_in_bits == 0) |
+ return NULL; |
+ |
+ std::string key; |
+ key.resize(key_size_in_bytes); |
+ |
+ unsigned char* key_data = |
+ reinterpret_cast<unsigned char*>(string_as_array(&key)); |
+ int res = RAND_bytes(key_data, key.length()); |
+ if (res != 1) { |
+ unsigned long err = ERR_get_error(); |
Ryan Sleevi
2010/11/10 23:18:46
As a defensive measure, whenever programming OpenS
joth
2010/11/11 15:07:12
Done.
|
+ LOG(ERROR) << "Could not obtain random bytes. res = " << res |
+ << ", err = " << err << " " << ERR_error_string(err, NULL); |
+ return NULL; |
+ } |
+ return new SymmetricKey(&key); |
+ |
} |
// static |
@@ -24,20 +54,37 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, |
const std::string& salt, |
size_t iterations, |
size_t key_size_in_bits) { |
- NOTIMPLEMENTED(); |
- return NULL; |
+ DCHECK(algorithm == AES || algorithm == HMAC_SHA1); |
+ int key_size_in_bytes = key_size_in_bits / 8; |
+ |
+ std::string key; |
+ key.resize(key_size_in_bytes); |
+ |
+ const unsigned char* salt_data = |
+ reinterpret_cast<const unsigned char*>(salt.data()); |
+ unsigned char* key_data = |
+ reinterpret_cast<unsigned char*>(string_as_array(&key)); |
+ |
+ int res = PKCS5_PBKDF2_HMAC_SHA1(password.data(), password.length(), |
+ salt_data, salt.length(), iterations, |
+ key.length(), key_data); |
+ if (res != 1) { |
+ NOTREACHED() << "HMAC SHA1 failed. res = " << res; |
+ return NULL; |
+ } |
+ return new SymmetricKey(&key); |
} |
// static |
SymmetricKey* SymmetricKey::Import(Algorithm algorithm, |
const std::string& raw_key) { |
- NOTIMPLEMENTED(); |
- return NULL; |
+ std::string copy(raw_key); |
+ return new SymmetricKey(©); |
} |
bool SymmetricKey::GetRawKey(std::string* raw_key) { |
- NOTIMPLEMENTED(); |
- return false; |
+ *raw_key = key_; |
+ return true; |
} |
} // namespace base |