Chromium Code Reviews| Index: base/crypto/symmetric_key_openssl.cc |
| diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc |
| index 591252dc225393a1cbc20916a93d51f6a5b2d5af..8758abebdc4e450aae370822401cc9a5e619776c 100644 |
| --- a/base/crypto/symmetric_key_openssl.cc |
| +++ b/base/crypto/symmetric_key_openssl.cc |
| @@ -4,18 +4,48 @@ |
| #include "base/crypto/symmetric_key.h" |
| +#include <openssl/err.h> |
| +#include <openssl/evp.h> |
| +#include <openssl/rand.h> |
| + |
| #include "base/logging.h" |
| +#include "base/scoped_ptr.h" |
| +#include "base/stl_util-inl.h" |
| namespace base { |
| +SymmetricKey::SymmetricKey(std::string* key) { |
| + key->swap(key_); |
|
Ryan Sleevi
2010/11/10 23:18:46
Why the swap, as opposed to assignment or just tak
joth
2010/11/11 15:07:12
Just trying to reduce the number of copies of the
|
| +} |
| + |
| SymmetricKey::~SymmetricKey() { |
| + // Zero out the content. |
| + key_.assign(key_.length(), '\0'); |
| } |
| // static |
| SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
| size_t key_size_in_bits) { |
| - NOTIMPLEMENTED(); |
| - return NULL; |
| + DCHECK_EQ(AES, algorithm); |
|
Ryan Sleevi
2010/11/10 23:18:46
Why restrict |algorithm| to AES? See symmetric_key
joth
2010/11/11 15:07:12
Just copied this from the NSS version, I didn't wa
|
| + int key_size_in_bytes = key_size_in_bits / 8; |
|
Ryan Sleevi
2010/11/10 23:18:46
My bit-byte sense tingles on this, though it may b
joth
2010/11/11 15:07:12
As above, although I originally had a CHECK that t
|
| + |
| + if (key_size_in_bits == 0) |
| + return NULL; |
| + |
| + std::string key; |
| + key.resize(key_size_in_bytes); |
| + |
| + unsigned char* key_data = |
| + reinterpret_cast<unsigned char*>(string_as_array(&key)); |
| + int res = RAND_bytes(key_data, key.length()); |
| + if (res != 1) { |
| + unsigned long err = ERR_get_error(); |
|
Ryan Sleevi
2010/11/10 23:18:46
As a defensive measure, whenever programming OpenS
joth
2010/11/11 15:07:12
Done.
|
| + LOG(ERROR) << "Could not obtain random bytes. res = " << res |
| + << ", err = " << err << " " << ERR_error_string(err, NULL); |
| + return NULL; |
| + } |
| + return new SymmetricKey(&key); |
| + |
| } |
| // static |
| @@ -24,20 +54,37 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, |
| const std::string& salt, |
| size_t iterations, |
| size_t key_size_in_bits) { |
| - NOTIMPLEMENTED(); |
| - return NULL; |
| + DCHECK(algorithm == AES || algorithm == HMAC_SHA1); |
| + int key_size_in_bytes = key_size_in_bits / 8; |
| + |
| + std::string key; |
| + key.resize(key_size_in_bytes); |
| + |
| + const unsigned char* salt_data = |
| + reinterpret_cast<const unsigned char*>(salt.data()); |
| + unsigned char* key_data = |
| + reinterpret_cast<unsigned char*>(string_as_array(&key)); |
| + |
| + int res = PKCS5_PBKDF2_HMAC_SHA1(password.data(), password.length(), |
| + salt_data, salt.length(), iterations, |
| + key.length(), key_data); |
| + if (res != 1) { |
| + NOTREACHED() << "HMAC SHA1 failed. res = " << res; |
| + return NULL; |
| + } |
| + return new SymmetricKey(&key); |
| } |
| // static |
| SymmetricKey* SymmetricKey::Import(Algorithm algorithm, |
| const std::string& raw_key) { |
| - NOTIMPLEMENTED(); |
| - return NULL; |
| + std::string copy(raw_key); |
| + return new SymmetricKey(©); |
| } |
| bool SymmetricKey::GetRawKey(std::string* raw_key) { |
| - NOTIMPLEMENTED(); |
| - return false; |
| + *raw_key = key_; |
| + return true; |
| } |
| } // namespace base |