| OLD | NEW |
|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/symmetric_key.h" | 5 #include "crypto/symmetric_key.h" |
| 6 | 6 |
| 7 #include <vector> |
| 8 |
| 7 #include <CommonCrypto/CommonCryptor.h> | 9 #include <CommonCrypto/CommonCryptor.h> |
| 8 #include <CoreFoundation/CFString.h> | 10 #include <CoreFoundation/CFString.h> |
| 9 #include <Security/cssm.h> | 11 #include <Security/cssm.h> |
| 10 | 12 |
| 11 #include "base/logging.h" | 13 #include "base/logging.h" |
| 12 #include "crypto/cssm_init.h" | 14 #include "crypto/cssm_init.h" |
| 13 | 15 |
| 14 namespace { | 16 namespace { |
| 15 | 17 |
| 16 CSSM_KEY_TYPE CheckKeyParams(crypto::SymmetricKey::Algorithm algorithm, | 18 CSSM_KEY_TYPE CheckKeyParams(crypto::SymmetricKey::Algorithm algorithm, |
| 17 size_t key_size_in_bits) { | 19 size_t key_size_in_bits) { |
| 18 if (algorithm == crypto::SymmetricKey::AES) { | 20 if (algorithm == crypto::SymmetricKey::AES) { |
| 19 CHECK(key_size_in_bits == 128 || | 21 CHECK(key_size_in_bits == 128 || |
| 20 key_size_in_bits == 192 || | 22 key_size_in_bits == 192 || |
| 21 key_size_in_bits == 256) | 23 key_size_in_bits == 256) |
| 22 << "Invalid key size " << key_size_in_bits << " bits"; | 24 << "Invalid key size " << key_size_in_bits << " bits"; |
| 23 return CSSM_ALGID_AES; | 25 return CSSM_ALGID_AES; |
| 24 } else { | 26 } else { |
| 25 // FIPS 198 Section 3 requires a HMAC-SHA-1 derived keys to be at least | 27 // FIPS 198 Section 3 requires a HMAC-SHA-1 derived keys to be at least |
| 26 // (HMAC-SHA-1 output size / 2) to be compliant. Since the ouput size of | 28 // (HMAC-SHA-1 output size / 2) to be compliant. Since the ouput size of |
| 27 // HMAC-SHA-1 is 160 bits, we require at least 80 bits here. | 29 // HMAC-SHA-1 is 160 bits, we require at least 80 bits here. |
| 28 CHECK(algorithm == crypto::SymmetricKey::HMAC_SHA1); | 30 CHECK(algorithm == crypto::SymmetricKey::HMAC_SHA1); |
| 29 CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0) | 31 CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0) |
| 30 << "Invalid key size " << key_size_in_bits << " bits"; | 32 << "Invalid key size " << key_size_in_bits << " bits"; |
| 31 return CSSM_ALGID_SHA1HMAC_LEGACY; | 33 return CSSM_ALGID_SHA1HMAC_LEGACY; |
| 32 } | 34 } |
| 33 } | 35 } |
| 34 | 36 |
| 35 void* CreateRandomBytes(size_t size) { | |
| 36 CSSM_RETURN err; | |
| 37 CSSM_CC_HANDLE ctx; | |
| 38 err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(), | |
| 39 CSSM_ALGID_APPLE_YARROW, | |
| 40 NULL, | |
| 41 size, &ctx); | |
| 42 if (err) { | |
| 43 crypto::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err); | |
| 44 return NULL; | |
| 45 } | |
| 46 CSSM_DATA random_data = {}; | |
| 47 err = CSSM_GenerateRandom(ctx, &random_data); | |
| 48 if (err) { | |
| 49 crypto::LogCSSMError("CSSM_GenerateRandom", err); | |
| 50 random_data.Data = NULL; | |
| 51 } | |
| 52 CSSM_DeleteContext(ctx); | |
| 53 return random_data.Data; // Caller responsible for freeing this | |
| 54 } | |
| 55 | |
| 56 inline CSSM_DATA StringToData(const std::string& str) { | 37 inline CSSM_DATA StringToData(const std::string& str) { |
| 57 CSSM_DATA data = { | 38 CSSM_DATA data = { |
| 58 str.size(), | 39 str.size(), |
| 59 reinterpret_cast<uint8_t*>(const_cast<char*>(str.data())) | 40 reinterpret_cast<uint8_t*>(const_cast<char*>(str.data())) |
| 60 }; | 41 }; |
| 61 return data; | 42 return data; |
| 62 } | 43 } |
| 63 | 44 |
| 64 } // namespace | 45 } // namespace |
| 65 | 46 |
| 66 namespace crypto { | 47 namespace crypto { |
| 67 | 48 |
| 68 SymmetricKey::~SymmetricKey() {} | 49 SymmetricKey::~SymmetricKey() { |
| 50 std::fill(key_.begin(), key_.end(), 0); |
| 51 } |
| 52 |
| 53 // static |
| 54 bool SymmetricKey::GenerateRandomBytes(size_t num_bytes, uint8* out) { |
| 55 if (num_bytes == 0) |
| 56 return true; |
| 57 if (out == NULL) |
| 58 return false; |
| 59 |
| 60 CSSM_RETURN err; |
| 61 CSSM_CC_HANDLE ctx; |
| 62 err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(), |
| 63 CSSM_ALGID_APPLE_YARROW, |
| 64 NULL, |
| 65 num_bytes, &ctx); |
| 66 if (err) { |
| 67 crypto::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err); |
| 68 return false; |
| 69 } |
| 70 CSSM_DATA random_data = { num_bytes, out }; |
| 71 err = CSSM_GenerateRandom(ctx, &random_data); |
| 72 CSSM_DeleteContext(ctx); |
| 73 if (err != CSSM_OK) { |
| 74 crypto::LogCSSMError("CSSM_GenerateRandom", err); |
| 75 return false; |
| 76 } |
| 77 DCHECK(random_data.Data == out); |
| 78 return true; |
| 79 } |
| 69 | 80 |
| 70 // static | 81 // static |
| 71 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, | 82 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
| 72 size_t key_size_in_bits) { | 83 size_t key_size_in_bits) { |
| 73 CheckKeyParams(algorithm, key_size_in_bits); | 84 CheckKeyParams(algorithm, key_size_in_bits); |
| 74 void* random_bytes = CreateRandomBytes((key_size_in_bits + 7) / 8); | 85 std::vector<uint8> random_bytes((key_size_in_bits + 7) / 8); |
| 75 if (!random_bytes) | 86 if (!GenerateRandomBytes(random_bytes.size(), &random_bytes[0])) |
| 76 return NULL; | 87 return NULL; |
| 77 SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits); | 88 SymmetricKey* key = new SymmetricKey(&random_bytes[0], key_size_in_bits); |
| 78 free(random_bytes); | 89 std::fill(random_bytes.begin(), random_bytes.end(), 0u); |
| 79 return key; | 90 return key; |
| 80 } | 91 } |
| 81 | 92 |
| 82 // static | 93 // static |
| 83 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, | 94 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, |
| 84 const std::string& password, | 95 const std::string& password, |
| 85 const std::string& salt, | 96 const std::string& salt, |
| 86 size_t iterations, | 97 size_t iterations, |
| 87 size_t key_size_in_bits) { | 98 size_t key_size_in_bits) { |
| 88 // Derived (haha) from cdsaDeriveKey() in Apple's CryptoSample. | 99 // Derived (haha) from cdsaDeriveKey() in Apple's CryptoSample. |
| (...skipping 43 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 132 CSSM_FreeKey(GetSharedCSPHandle(), &credentials, &cssm_key, false); | 143 CSSM_FreeKey(GetSharedCSPHandle(), &credentials, &cssm_key, false); |
| 133 return derived_key; | 144 return derived_key; |
| 134 } | 145 } |
| 135 | 146 |
| 136 // static | 147 // static |
| 137 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, | 148 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, |
| 138 const std::string& raw_key) { | 149 const std::string& raw_key) { |
| 139 return new SymmetricKey(raw_key.data(), raw_key.size() * 8); | 150 return new SymmetricKey(raw_key.data(), raw_key.size() * 8); |
| 140 } | 151 } |
| 141 | 152 |
| 142 SymmetricKey::SymmetricKey(const void *key_data, size_t key_size_in_bits) | 153 SymmetricKey::SymmetricKey(const void* key_data, size_t key_size_in_bits) |
| 143 : key_(reinterpret_cast<const char*>(key_data), | 154 : key_(static_cast<const char*>(key_data), key_size_in_bits / 8) { |
| 144 key_size_in_bits / 8) {} | 155 } |
| 145 | 156 |
| 146 bool SymmetricKey::GetRawKey(std::string* raw_key) { | 157 bool SymmetricKey::GetRawKey(std::string* raw_key) { |
| 147 *raw_key = key_; | 158 *raw_key = key_; |
| 148 return true; | 159 return true; |
| 149 } | 160 } |
| 150 | 161 |
| 151 CSSM_DATA SymmetricKey::cssm_data() const { | 162 CSSM_DATA SymmetricKey::cssm_data() const { |
| 152 return StringToData(key_); | 163 return StringToData(key_); |
| 153 } | 164 } |
| 154 | 165 |
| 155 } // namespace crypto | 166 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 6683060:
Private API for extensions like ssh-client that need access to TCP. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src