Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(446)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/symmetric_key_mac.cc

Issue 6683060: Private API for extensions like ssh-client that need access to TCP. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: reflected comments Created 9 years, 7 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/hmac_win.cc ('k') | no next file » | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "crypto/symmetric_key.h" 5 #include "crypto/symmetric_key.h"
6 6
7 #include <CommonCrypto/CommonCryptor.h> 7 #include <CommonCrypto/CommonCryptor.h>
8 #include <CoreFoundation/CFString.h> 8 #include <CoreFoundation/CFString.h>
9 #include <Security/cssm.h> 9 #include <Security/cssm.h>
10 10
(...skipping 14 matching lines...) Expand all
25 // FIPS 198 Section 3 requires a HMAC-SHA-1 derived keys to be at least 25 // FIPS 198 Section 3 requires a HMAC-SHA-1 derived keys to be at least
26 // (HMAC-SHA-1 output size / 2) to be compliant. Since the ouput size of 26 // (HMAC-SHA-1 output size / 2) to be compliant. Since the ouput size of
27 // HMAC-SHA-1 is 160 bits, we require at least 80 bits here. 27 // HMAC-SHA-1 is 160 bits, we require at least 80 bits here.
28 CHECK(algorithm == crypto::SymmetricKey::HMAC_SHA1); 28 CHECK(algorithm == crypto::SymmetricKey::HMAC_SHA1);
29 CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0) 29 CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0)
30 << "Invalid key size " << key_size_in_bits << " bits"; 30 << "Invalid key size " << key_size_in_bits << " bits";
31 return CSSM_ALGID_SHA1HMAC_LEGACY; 31 return CSSM_ALGID_SHA1HMAC_LEGACY;
32 } 32 }
33 } 33 }
34 34
35 void* CreateRandomBytes(size_t size) { 35 uint8_t* CreateRandomBytes(size_t size) {
36 CSSM_RETURN err; 36 CSSM_RETURN err;
37 CSSM_CC_HANDLE ctx; 37 CSSM_CC_HANDLE ctx;
38 err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(), 38 err = CSSM_CSP_CreateRandomGenContext(crypto::GetSharedCSPHandle(),
39 CSSM_ALGID_APPLE_YARROW, 39 CSSM_ALGID_APPLE_YARROW,
40 NULL, 40 NULL,
41 size, &ctx); 41 size, &ctx);
42 if (err) { 42 if (err != CSSM_OK) {
wtc 2011/05/17 23:37:52 Although I prefer this form, it's more important t
Denis Lagno 2011/05/18 11:53:32 Done.
43 crypto::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err); 43 crypto::LogCSSMError("CSSM_CSP_CreateRandomGenContext", err);
44 return NULL; 44 return NULL;
45 } 45 }
46 CSSM_DATA random_data = {}; 46 CSSM_DATA random_data = {};
47 err = CSSM_GenerateRandom(ctx, &random_data); 47 err = CSSM_GenerateRandom(ctx, &random_data);
48 if (err) { 48 if (err) {
49 crypto::LogCSSMError("CSSM_GenerateRandom", err); 49 crypto::LogCSSMError("CSSM_GenerateRandom", err);
50 random_data.Data = NULL; 50 random_data.Data = NULL;
51 } 51 }
52 CSSM_DeleteContext(ctx); 52 CSSM_DeleteContext(ctx);
53 return random_data.Data; // Caller responsible for freeing this 53 return random_data.Data; // Caller responsible for freeing this.
54 } 54 }
55 55
56 inline CSSM_DATA StringToData(const std::string& str) { 56 inline CSSM_DATA StringToData(const std::string& str) {
57 CSSM_DATA data = { 57 CSSM_DATA data = {
58 str.size(), 58 str.size(),
59 reinterpret_cast<uint8_t*>(const_cast<char*>(str.data())) 59 reinterpret_cast<uint8_t*>(const_cast<char*>(str.data()))
60 }; 60 };
61 return data; 61 return data;
62 } 62 }
63 63
64 } // namespace 64 } // namespace
65 65
66 namespace crypto { 66 namespace crypto {
67 67
68 SymmetricKey::~SymmetricKey() {} 68 SymmetricKey::~SymmetricKey() {
69 std::fill(key_.begin(), key_.end(), 0);
70 }
69 71
70 // static 72 // static
71 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, 73 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
72 size_t key_size_in_bits) { 74 size_t key_size_in_bits) {
73 CheckKeyParams(algorithm, key_size_in_bits); 75 CheckKeyParams(algorithm, key_size_in_bits);
74 void* random_bytes = CreateRandomBytes((key_size_in_bits + 7) / 8); 76 size_t key_size_in_bytes = (key_size_in_bits + 7) / 8;
77 uint8_t* random_bytes = CreateRandomBytes(key_size_in_bytes);
75 if (!random_bytes) 78 if (!random_bytes)
76 return NULL; 79 return NULL;
77 SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits); 80 SymmetricKey *key = new SymmetricKey(random_bytes, key_size_in_bits);
81 std::fill(random_bytes, random_bytes + key_size_in_bytes, 0);
wtc 2011/05/17 23:37:52 You can use memset(random_bytes, 0, key_size_in_
Denis Lagno 2011/05/18 11:53:32 better leave std::fill for consistency
78 free(random_bytes); 82 free(random_bytes);
79 return key; 83 return key;
80 } 84 }
81 85
82 // static 86 // static
83 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, 87 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
84 const std::string& password, 88 const std::string& password,
85 const std::string& salt, 89 const std::string& salt,
86 size_t iterations, 90 size_t iterations,
87 size_t key_size_in_bits) { 91 size_t key_size_in_bits) {
(...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after
132 CSSM_FreeKey(GetSharedCSPHandle(), &credentials, &cssm_key, false); 136 CSSM_FreeKey(GetSharedCSPHandle(), &credentials, &cssm_key, false);
133 return derived_key; 137 return derived_key;
134 } 138 }
135 139
136 // static 140 // static
137 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, 141 SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
138 const std::string& raw_key) { 142 const std::string& raw_key) {
139 return new SymmetricKey(raw_key.data(), raw_key.size() * 8); 143 return new SymmetricKey(raw_key.data(), raw_key.size() * 8);
140 } 144 }
141 145
142 SymmetricKey::SymmetricKey(const void *key_data, size_t key_size_in_bits) 146 SymmetricKey::SymmetricKey(const void* key_data, size_t key_size_in_bits)
143 : key_(reinterpret_cast<const char*>(key_data), 147 : key_(static_cast<const char*>(key_data), key_size_in_bits / 8) {
wtc 2011/05/17 23:37:52 I was told to use reinterpret_cast to cast void* t
Denis Lagno 2011/05/18 11:53:32 Done.
144 key_size_in_bits / 8) {} 148 }
145 149
146 bool SymmetricKey::GetRawKey(std::string* raw_key) { 150 bool SymmetricKey::GetRawKey(std::string* raw_key) {
147 *raw_key = key_; 151 *raw_key = key_;
148 return true; 152 return true;
149 } 153 }
150 154
151 CSSM_DATA SymmetricKey::cssm_data() const { 155 CSSM_DATA SymmetricKey::cssm_data() const {
152 return StringToData(key_); 156 return StringToData(key_);
153 } 157 }
154 158
155 } // namespace crypto 159 } // namespace crypto
OLDNEW
« no previous file with comments | « crypto/hmac_win.cc ('k') | no next file » | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698