OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/symmetric_key.h" | 5 #include "crypto/symmetric_key.h" |
6 | 6 |
7 #include <vector> | 7 #include <vector> |
8 | 8 |
9 // TODO(wtc): replace scoped_array by std::vector. | 9 // TODO(wtc): replace scoped_array by std::vector. |
10 #include "base/memory/scoped_ptr.h" | 10 #include "base/memory/scoped_ptr.h" |
(...skipping 33 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
44 // key created for the specified |provider|. |alg| contains the algorithm of | 44 // key created for the specified |provider|. |alg| contains the algorithm of |
45 // the key being imported. | 45 // the key being imported. |
46 // If |key_data| is intended to be used as an HMAC key, then |alg| should be | 46 // If |key_data| is intended to be used as an HMAC key, then |alg| should be |
47 // CALG_HMAC. | 47 // CALG_HMAC. |
48 // If successful, returns true and stores the imported key in |*key|. | 48 // If successful, returns true and stores the imported key in |*key|. |
49 // TODO(wtc): use this function in hmac_win.cc. | 49 // TODO(wtc): use this function in hmac_win.cc. |
50 bool ImportRawKey(HCRYPTPROV provider, | 50 bool ImportRawKey(HCRYPTPROV provider, |
51 ALG_ID alg, | 51 ALG_ID alg, |
52 const void* key_data, size_t key_size, | 52 const void* key_data, size_t key_size, |
53 ScopedHCRYPTKEY* key) { | 53 ScopedHCRYPTKEY* key) { |
54 DCHECK_GT(key_size, 0); | 54 DCHECK_GT(key_size, 0u); |
55 | 55 |
56 DWORD actual_size = | 56 DWORD actual_size = |
57 static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size); | 57 static_cast<DWORD>(sizeof(PlaintextBlobHeader) + key_size); |
58 std::vector<BYTE> tmp_data(actual_size); | 58 std::vector<BYTE> tmp_data(actual_size); |
59 BYTE* actual_key = &tmp_data[0]; | 59 BYTE* actual_key = &tmp_data[0]; |
60 memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size); | 60 memcpy(actual_key + sizeof(PlaintextBlobHeader), key_data, key_size); |
61 PlaintextBlobHeader* key_header = | 61 PlaintextBlobHeader* key_header = |
62 reinterpret_cast<PlaintextBlobHeader*>(actual_key); | 62 reinterpret_cast<PlaintextBlobHeader*>(actual_key); |
63 memset(key_header, 0, sizeof(PlaintextBlobHeader)); | 63 memset(key_header, 0, sizeof(PlaintextBlobHeader)); |
64 | 64 |
(...skipping 242 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
307 SymmetricKey::~SymmetricKey() { | 307 SymmetricKey::~SymmetricKey() { |
308 // TODO(wtc): create a "secure" string type that zeroes itself in the | 308 // TODO(wtc): create a "secure" string type that zeroes itself in the |
309 // destructor. | 309 // destructor. |
310 if (!raw_key_.empty()) | 310 if (!raw_key_.empty()) |
311 SecureZeroMemory(const_cast<char *>(raw_key_.data()), raw_key_.size()); | 311 SecureZeroMemory(const_cast<char *>(raw_key_.data()), raw_key_.size()); |
312 } | 312 } |
313 | 313 |
314 // static | 314 // static |
315 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, | 315 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
316 size_t key_size_in_bits) { | 316 size_t key_size_in_bits) { |
317 DCHECK_GE(key_size_in_bits, 8); | 317 DCHECK_GE(key_size_in_bits, 8u); |
318 | 318 |
319 ScopedHCRYPTPROV provider; | 319 ScopedHCRYPTPROV provider; |
320 ScopedHCRYPTKEY key; | 320 ScopedHCRYPTKEY key; |
321 | 321 |
322 bool ok = false; | 322 bool ok = false; |
323 scoped_ptr<BYTE[]> raw_key; | 323 scoped_ptr<BYTE[]> raw_key; |
324 | 324 |
325 switch (algorithm) { | 325 switch (algorithm) { |
326 case AES: | 326 case AES: |
327 ok = GenerateAESKey(key_size_in_bits, &provider, &key); | 327 ok = GenerateAESKey(key_size_in_bits, &provider, &key); |
(...skipping 77 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
405 | 405 |
406 DWORD hLen = 0; | 406 DWORD hLen = 0; |
407 DWORD param_size = sizeof(hLen); | 407 DWORD param_size = sizeof(hLen); |
408 ok = CryptGetHashParam(prf, HP_HASHSIZE, | 408 ok = CryptGetHashParam(prf, HP_HASHSIZE, |
409 reinterpret_cast<BYTE*>(&hLen), ¶m_size, 0); | 409 reinterpret_cast<BYTE*>(&hLen), ¶m_size, 0); |
410 if (!ok || hLen == 0) | 410 if (!ok || hLen == 0) |
411 return NULL; | 411 return NULL; |
412 | 412 |
413 // 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. | 413 // 1. If dkLen > (2^32 - 1) * hLen, output "derived key too long" and stop. |
414 size_t dkLen = key_size_in_bits / 8; | 414 size_t dkLen = key_size_in_bits / 8; |
415 DCHECK_GT(dkLen, 0); | 415 DCHECK_GT(dkLen, 0u); |
416 | 416 |
417 if ((dkLen / hLen) > 0xFFFFFFFF) { | 417 if ((dkLen / hLen) > 0xFFFFFFFF) { |
418 DLOG(ERROR) << "Derived key too long."; | 418 DLOG(ERROR) << "Derived key too long."; |
419 return NULL; | 419 return NULL; |
420 } | 420 } |
421 | 421 |
422 // 2. Let l be the number of hLen-octet blocks in the derived key, | 422 // 2. Let l be the number of hLen-octet blocks in the derived key, |
423 // rounding up, and let r be the number of octets in the last | 423 // rounding up, and let r be the number of octets in the last |
424 // block: | 424 // block: |
425 size_t L = (dkLen + hLen - 1) / hLen; | 425 size_t L = (dkLen + hLen - 1) / hLen; |
426 DCHECK_GT(L, 0); | 426 DCHECK_GT(L, 0u); |
427 | 427 |
428 size_t total_generated_size = L * hLen; | 428 size_t total_generated_size = L * hLen; |
429 std::vector<BYTE> generated_key(total_generated_size); | 429 std::vector<BYTE> generated_key(total_generated_size); |
430 BYTE* block_offset = &generated_key[0]; | 430 BYTE* block_offset = &generated_key[0]; |
431 | 431 |
432 // 3. For each block of the derived key apply the function F defined below | 432 // 3. For each block of the derived key apply the function F defined below |
433 // to the password P, the salt S, the iteration count c, and the block | 433 // to the password P, the salt S, the iteration count c, and the block |
434 // index to compute the block: | 434 // index to compute the block: |
435 // T_1 = F (P, S, c, 1) | 435 // T_1 = F (P, S, c, 1) |
436 // T_2 = F (P, S, c, 2) | 436 // T_2 = F (P, S, c, 2) |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
527 HCRYPTKEY key, | 527 HCRYPTKEY key, |
528 const void* key_data, size_t key_size_in_bytes) | 528 const void* key_data, size_t key_size_in_bytes) |
529 : provider_(provider), key_(key) { | 529 : provider_(provider), key_(key) { |
530 if (key_data) { | 530 if (key_data) { |
531 raw_key_.assign(reinterpret_cast<const char*>(key_data), | 531 raw_key_.assign(reinterpret_cast<const char*>(key_data), |
532 key_size_in_bytes); | 532 key_size_in_bytes); |
533 } | 533 } |
534 } | 534 } |
535 | 535 |
536 } // namespace crypto | 536 } // namespace crypto |
OLD | NEW |