OLD | NEW |
| (Empty) |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "crypto/symmetric_key.h" | |
6 | |
7 #include <nss.h> | |
8 #include <pk11pub.h> | |
9 #include <stddef.h> | |
10 | |
11 #include "base/logging.h" | |
12 #include "crypto/nss_util.h" | |
13 #include "crypto/scoped_nss_types.h" | |
14 | |
15 namespace crypto { | |
16 | |
17 SymmetricKey::~SymmetricKey() {} | |
18 | |
19 // static | |
20 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, | |
21 size_t key_size_in_bits) { | |
22 DCHECK_EQ(AES, algorithm); | |
23 | |
24 EnsureNSSInit(); | |
25 | |
26 // Whitelist supported key sizes to avoid accidentaly relying on | |
27 // algorithms available in NSS but not BoringSSL and vice | |
28 // versa. Note that BoringSSL does not support AES-192. | |
29 if (key_size_in_bits != 128 && key_size_in_bits != 256) | |
30 return NULL; | |
31 | |
32 ScopedPK11Slot slot(PK11_GetInternalSlot()); | |
33 if (!slot.get()) | |
34 return NULL; | |
35 | |
36 PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, | |
37 key_size_in_bits / 8, NULL); | |
38 if (!sym_key) | |
39 return NULL; | |
40 | |
41 return new SymmetricKey(sym_key); | |
42 } | |
43 | |
44 // static | |
45 SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, | |
46 const std::string& password, | |
47 const std::string& salt, | |
48 size_t iterations, | |
49 size_t key_size_in_bits) { | |
50 EnsureNSSInit(); | |
51 if (salt.empty() || iterations == 0 || key_size_in_bits == 0) | |
52 return NULL; | |
53 | |
54 if (algorithm == AES) { | |
55 // Whitelist supported key sizes to avoid accidentaly relying on | |
56 // algorithms available in NSS but not BoringSSL and vice | |
57 // versa. Note that BoringSSL does not support AES-192. | |
58 if (key_size_in_bits != 128 && key_size_in_bits != 256) | |
59 return NULL; | |
60 } | |
61 | |
62 SECItem password_item; | |
63 password_item.type = siBuffer; | |
64 password_item.data = reinterpret_cast<unsigned char*>( | |
65 const_cast<char *>(password.data())); | |
66 password_item.len = password.size(); | |
67 | |
68 SECItem salt_item; | |
69 salt_item.type = siBuffer; | |
70 salt_item.data = reinterpret_cast<unsigned char*>( | |
71 const_cast<char *>(salt.data())); | |
72 salt_item.len = salt.size(); | |
73 | |
74 SECOidTag cipher_algorithm = | |
75 algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1; | |
76 ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, | |
77 cipher_algorithm, | |
78 SEC_OID_HMAC_SHA1, | |
79 key_size_in_bits / 8, | |
80 iterations, | |
81 &salt_item)); | |
82 if (!alg_id.get()) | |
83 return NULL; | |
84 | |
85 ScopedPK11Slot slot(PK11_GetInternalSlot()); | |
86 if (!slot.get()) | |
87 return NULL; | |
88 | |
89 PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item, | |
90 PR_FALSE, NULL); | |
91 if (!sym_key) | |
92 return NULL; | |
93 | |
94 return new SymmetricKey(sym_key); | |
95 } | |
96 | |
97 // static | |
98 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, | |
99 const std::string& raw_key) { | |
100 EnsureNSSInit(); | |
101 | |
102 if (algorithm == AES) { | |
103 // Whitelist supported key sizes to avoid accidentaly relying on | |
104 // algorithms available in NSS but not BoringSSL and vice | |
105 // versa. Note that BoringSSL does not support AES-192. | |
106 if (raw_key.size() != 128/8 && raw_key.size() != 256/8) | |
107 return NULL; | |
108 } | |
109 | |
110 CK_MECHANISM_TYPE cipher = | |
111 algorithm == AES ? CKM_AES_CBC : CKM_SHA_1_HMAC; | |
112 | |
113 SECItem key_item; | |
114 key_item.type = siBuffer; | |
115 key_item.data = reinterpret_cast<unsigned char*>( | |
116 const_cast<char *>(raw_key.data())); | |
117 key_item.len = raw_key.size(); | |
118 | |
119 ScopedPK11Slot slot(PK11_GetInternalSlot()); | |
120 if (!slot.get()) | |
121 return NULL; | |
122 | |
123 // The exact value of the |origin| argument doesn't matter to NSS as long as | |
124 // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a | |
125 // placeholder. | |
126 PK11SymKey* sym_key = PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap, | |
127 CKA_ENCRYPT, &key_item, NULL); | |
128 if (!sym_key) | |
129 return NULL; | |
130 | |
131 return new SymmetricKey(sym_key); | |
132 } | |
133 | |
134 bool SymmetricKey::GetRawKey(std::string* raw_key) { | |
135 SECStatus rv = PK11_ExtractKeyValue(key_.get()); | |
136 if (SECSuccess != rv) | |
137 return false; | |
138 | |
139 SECItem* key_item = PK11_GetKeyData(key_.get()); | |
140 if (!key_item) | |
141 return false; | |
142 | |
143 raw_key->assign(reinterpret_cast<char*>(key_item->data), key_item->len); | |
144 return true; | |
145 } | |
146 | |
147 SymmetricKey::SymmetricKey(PK11SymKey* key) : key_(key) { | |
148 DCHECK(key); | |
149 } | |
150 | |
151 } // namespace crypto | |
OLD | NEW |