107 lines
3.7 KiB
C++
107 lines
3.7 KiB
C++
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#ifndef CRYPTO_SYMMETRIC_KEY_H_
|
|
#define CRYPTO_SYMMETRIC_KEY_H_
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <memory>
|
|
#include <string>
|
|
|
|
#include "base/macros.h"
|
|
#include "build/build_config.h"
|
|
#include "crypto/crypto_export.h"
|
|
|
|
#if defined(NACL_WIN64)
|
|
// See comments for crypto_nacl_win64 in crypto.gyp.
|
|
// Must test for NACL_WIN64 before OS_WIN since former is a subset of latter.
|
|
#include "crypto/scoped_capi_types.h"
|
|
#elif defined(USE_NSS_CERTS) || \
|
|
(!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX)))
|
|
#include "crypto/scoped_nss_types.h"
|
|
#endif
|
|
|
|
namespace crypto {
|
|
|
|
// Wraps a platform-specific symmetric key and allows it to be held in a
|
|
// scoped_ptr.
|
|
class CRYPTO_EXPORT SymmetricKey {
|
|
public:
|
|
// Defines the algorithm that a key will be used with. See also
|
|
// classs Encrptor.
|
|
enum Algorithm {
|
|
AES,
|
|
HMAC_SHA1,
|
|
};
|
|
|
|
virtual ~SymmetricKey();
|
|
|
|
// Generates a random key suitable to be used with |algorithm| and of
|
|
// |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8.
|
|
// The caller is responsible for deleting the returned SymmetricKey.
|
|
static std::unique_ptr<SymmetricKey> GenerateRandomKey(
|
|
Algorithm algorithm,
|
|
size_t key_size_in_bits);
|
|
|
|
// Derives a key from the supplied password and salt using PBKDF2, suitable
|
|
// for use with specified |algorithm|. Note |algorithm| is not the algorithm
|
|
// used to derive the key from the password. |key_size_in_bits| must be a
|
|
// multiple of 8. The caller is responsible for deleting the returned
|
|
// SymmetricKey.
|
|
static std::unique_ptr<SymmetricKey> DeriveKeyFromPassword(
|
|
Algorithm algorithm,
|
|
const std::string& password,
|
|
const std::string& salt,
|
|
size_t iterations,
|
|
size_t key_size_in_bits);
|
|
|
|
// Imports an array of key bytes in |raw_key|. This key may have been
|
|
// generated by GenerateRandomKey or DeriveKeyFromPassword and exported with
|
|
// GetRawKey, or via another compatible method. The key must be of suitable
|
|
// size for use with |algorithm|. The caller owns the returned SymmetricKey.
|
|
static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm,
|
|
const std::string& raw_key);
|
|
#if defined(NACL_WIN64)
|
|
HCRYPTKEY key() const { return key_.get(); }
|
|
#elif defined(USE_OPENSSL)
|
|
const std::string& key() { return key_; }
|
|
#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
|
|
PK11SymKey* key() const { return key_.get(); }
|
|
#endif
|
|
|
|
// Extracts the raw key from the platform specific data.
|
|
// Warning: |raw_key| holds the raw key as bytes and thus must be handled
|
|
// carefully.
|
|
bool GetRawKey(std::string* raw_key);
|
|
|
|
private:
|
|
#if defined(NACL_WIN64)
|
|
SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key,
|
|
const void* key_data, size_t key_size_in_bytes);
|
|
|
|
ScopedHCRYPTPROV provider_;
|
|
ScopedHCRYPTKEY key_;
|
|
|
|
// Contains the raw key, if it is known during initialization and when it
|
|
// is likely that the associated |provider_| will be unable to export the
|
|
// |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes
|
|
// when using the default RSA provider.
|
|
// TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey
|
|
// fails with NTE_BAD_KEY/NTE_BAD_LEN
|
|
std::string raw_key_;
|
|
#elif defined(USE_OPENSSL)
|
|
SymmetricKey() {}
|
|
std::string key_;
|
|
#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
|
|
explicit SymmetricKey(PK11SymKey* key);
|
|
ScopedPK11SymKey key_;
|
|
#endif
|
|
|
|
DISALLOW_COPY_AND_ASSIGN(SymmetricKey);
|
|
};
|
|
|
|
} // namespace crypto
|
|
|
|
#endif // CRYPTO_SYMMETRIC_KEY_H_
|