[go: nahoru, domu]
Google Git
Sign in
chromium / chromium / src / dd373b8b7d7501cf7f3bbfe861f58dce67578a69 / . / crypto / symmetric_key_openssl.cc
blob: 2c5358f6274ac3a30128768fd35aa812ebab6e6f [file] [log] [blame]
levin@chromium.org3b63f8f42011-03-28 01:54:15[diff] [blame]1// Copyright (c) 2011 The Chromium Authors. All rights reserved.
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
rvargas@google.com4b559b4d2011-04-14 17:37:14[diff] [blame]5#include "crypto/symmetric_key.h"
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]6
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]7#include <openssl/evp.h>
8#include <openssl/rand.h>
avidd373b82015-12-21 21:34:43[diff] [blame^]9#include <stddef.h>
10#include <stdint.h>
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]11
12#include <algorithm>
13
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]14#include "base/logging.h"
levin@chromium.org3b63f8f42011-03-28 01:54:15[diff] [blame]15#include "base/memory/scoped_ptr.h"
avi@chromium.org0d8db082013-06-11 07:27:01[diff] [blame]16#include "base/strings/string_util.h"
rvargas@google.com4b559b4d2011-04-14 17:37:14[diff] [blame]17#include "crypto/openssl_util.h"
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]18
rvargas@google.com4b559b4d2011-04-14 17:37:14[diff] [blame]19namespace crypto {
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]20
21SymmetricKey::~SymmetricKey() {
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]22 std::fill(key_.begin(), key_.end(), '\0'); // Zero out the confidential key.
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]23}
24
25// static
26SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm,
27 size_t key_size_in_bits) {
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]28 DCHECK_EQ(AES, algorithm);
davidben@chromium.orga534bab2014-07-25 21:04:15[diff] [blame]29
30 // Whitelist supported key sizes to avoid accidentaly relying on
31 // algorithms available in NSS but not BoringSSL and vice
32 // versa. Note that BoringSSL does not support AES-192.
33 if (key_size_in_bits != 128 && key_size_in_bits != 256)
34 return NULL;
35
pkasting@chromium.orgfdce4782011-11-29 20:06:18[diff] [blame]36 size_t key_size_in_bytes = key_size_in_bits / 8;
37 DCHECK_EQ(key_size_in_bits, key_size_in_bytes * 8);
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]38
pkasting@chromium.orgfdce4782011-11-29 20:06:18[diff] [blame]39 if (key_size_in_bytes == 0)
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]40 return NULL;
41
joth@chromium.orgbe796bb2010-11-18 15:43:43[diff] [blame]42 OpenSSLErrStackTracer err_tracer(FROM_HERE);
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]43 scoped_ptr<SymmetricKey> key(new SymmetricKey);
avidd373b82015-12-21 21:34:43[diff] [blame^]44 uint8_t* key_data = reinterpret_cast<uint8_t*>(
Brett Wilsone3c4d1a2015-07-07 23:38:09[diff] [blame]45 base::WriteInto(&key->key_, key_size_in_bytes + 1));
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]46
pkasting@chromium.orgfdce4782011-11-29 20:06:18[diff] [blame]47 int rv = RAND_bytes(key_data, static_cast<int>(key_size_in_bytes));
joth@chromium.orgbe796bb2010-11-18 15:43:43[diff] [blame]48 return rv == 1 ? key.release() : NULL;
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]49}
50
51// static
52SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
53 const std::string& password,
54 const std::string& salt,
55 size_t iterations,
56 size_t key_size_in_bits) {
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]57 DCHECK(algorithm == AES || algorithm == HMAC_SHA1);
davidben@chromium.orga534bab2014-07-25 21:04:15[diff] [blame]58
59 if (algorithm == AES) {
60 // Whitelist supported key sizes to avoid accidentaly relying on
61 // algorithms available in NSS but not BoringSSL and vice
62 // versa. Note that BoringSSL does not support AES-192.
63 if (key_size_in_bits != 128 && key_size_in_bits != 256)
64 return NULL;
65 }
66
pkasting@chromium.orgfdce4782011-11-29 20:06:18[diff] [blame]67 size_t key_size_in_bytes = key_size_in_bits / 8;
68 DCHECK_EQ(key_size_in_bits, key_size_in_bytes * 8);
69
70 if (key_size_in_bytes == 0)
71 return NULL;
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]72
joth@chromium.orgbe796bb2010-11-18 15:43:43[diff] [blame]73 OpenSSLErrStackTracer err_tracer(FROM_HERE);
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]74 scoped_ptr<SymmetricKey> key(new SymmetricKey);
avidd373b82015-12-21 21:34:43[diff] [blame^]75 uint8_t* key_data = reinterpret_cast<uint8_t*>(
Brett Wilsone3c4d1a2015-07-07 23:38:09[diff] [blame]76 base::WriteInto(&key->key_, key_size_in_bytes + 1));
avidd373b82015-12-21 21:34:43[diff] [blame^]77 int rv = PKCS5_PBKDF2_HMAC_SHA1(
78 password.data(), password.length(),
79 reinterpret_cast<const uint8_t*>(salt.data()), salt.length(), iterations,
80 static_cast<int>(key_size_in_bytes), key_data);
joth@chromium.orgbe796bb2010-11-18 15:43:43[diff] [blame]81 return rv == 1 ? key.release() : NULL;
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]82}
83
84// static
85SymmetricKey* SymmetricKey::Import(Algorithm algorithm,
86 const std::string& raw_key) {
davidben@chromium.orga534bab2014-07-25 21:04:15[diff] [blame]87 if (algorithm == AES) {
88 // Whitelist supported key sizes to avoid accidentaly relying on
89 // algorithms available in NSS but not BoringSSL and vice
90 // versa. Note that BoringSSL does not support AES-192.
91 if (raw_key.size() != 128/8 && raw_key.size() != 256/8)
92 return NULL;
93 }
94
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]95 scoped_ptr<SymmetricKey> key(new SymmetricKey);
96 key->key_ = raw_key;
97 return key.release();
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]98}
99
100bool SymmetricKey::GetRawKey(std::string* raw_key) {
joth@chromium.orgac0f8be2010-11-12 12:03:54[diff] [blame]101 *raw_key = key_;
102 return true;
joth@chromium.org70372d42010-10-22 13:12:34[diff] [blame]103}
104
rvargas@google.com4b559b4d2011-04-14 17:37:14[diff] [blame]105} // namespace crypto