Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 1 | // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef CRYPTO_SYMMETRIC_KEY_H_ |
| 6 | #define CRYPTO_SYMMETRIC_KEY_H_ |
| 7 | |
Alex Vakulenko | 0d205d7 | 2016-01-15 13:02:14 -0800 | [diff] [blame] | 8 | #include <stddef.h> |
| 9 | |
Luis Hector Chavez | 0c4f26a | 2016-07-15 16:23:21 -0700 | [diff] [blame] | 10 | #include <memory> |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 11 | #include <string> |
| 12 | |
Alex Vakulenko | 0d205d7 | 2016-01-15 13:02:14 -0800 | [diff] [blame] | 13 | #include "base/macros.h" |
| 14 | #include "build/build_config.h" |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 15 | #include "crypto/crypto_export.h" |
| 16 | |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 17 | #if defined(NACL_WIN64) |
| 18 | // See comments for crypto_nacl_win64 in crypto.gyp. |
| 19 | // Must test for NACL_WIN64 before OS_WIN since former is a subset of latter. |
| 20 | #include "crypto/scoped_capi_types.h" |
| 21 | #elif defined(USE_NSS_CERTS) || \ |
| 22 | (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX))) |
| 23 | #include "crypto/scoped_nss_types.h" |
| 24 | #endif |
| 25 | |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 26 | namespace crypto { |
| 27 | |
| 28 | // Wraps a platform-specific symmetric key and allows it to be held in a |
| 29 | // scoped_ptr. |
| 30 | class CRYPTO_EXPORT SymmetricKey { |
| 31 | public: |
| 32 | // Defines the algorithm that a key will be used with. See also |
| 33 | // classs Encrptor. |
| 34 | enum Algorithm { |
| 35 | AES, |
| 36 | HMAC_SHA1, |
| 37 | }; |
| 38 | |
| 39 | virtual ~SymmetricKey(); |
| 40 | |
| 41 | // Generates a random key suitable to be used with |algorithm| and of |
| 42 | // |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8. |
| 43 | // The caller is responsible for deleting the returned SymmetricKey. |
Luis Hector Chavez | 0c4f26a | 2016-07-15 16:23:21 -0700 | [diff] [blame] | 44 | static std::unique_ptr<SymmetricKey> GenerateRandomKey( |
| 45 | Algorithm algorithm, |
| 46 | size_t key_size_in_bits); |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 47 | |
| 48 | // Derives a key from the supplied password and salt using PBKDF2, suitable |
| 49 | // for use with specified |algorithm|. Note |algorithm| is not the algorithm |
| 50 | // used to derive the key from the password. |key_size_in_bits| must be a |
| 51 | // multiple of 8. The caller is responsible for deleting the returned |
| 52 | // SymmetricKey. |
Luis Hector Chavez | 0c4f26a | 2016-07-15 16:23:21 -0700 | [diff] [blame] | 53 | static std::unique_ptr<SymmetricKey> DeriveKeyFromPassword( |
| 54 | Algorithm algorithm, |
| 55 | const std::string& password, |
| 56 | const std::string& salt, |
| 57 | size_t iterations, |
| 58 | size_t key_size_in_bits); |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 59 | |
| 60 | // Imports an array of key bytes in |raw_key|. This key may have been |
| 61 | // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with |
| 62 | // GetRawKey, or via another compatible method. The key must be of suitable |
| 63 | // size for use with |algorithm|. The caller owns the returned SymmetricKey. |
Luis Hector Chavez | 0c4f26a | 2016-07-15 16:23:21 -0700 | [diff] [blame] | 64 | static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm, |
| 65 | const std::string& raw_key); |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 66 | #if defined(NACL_WIN64) |
| 67 | HCRYPTKEY key() const { return key_.get(); } |
| 68 | #elif defined(USE_OPENSSL) |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 69 | const std::string& key() { return key_; } |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 70 | #elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 71 | PK11SymKey* key() const { return key_.get(); } |
| 72 | #endif |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 73 | |
| 74 | // Extracts the raw key from the platform specific data. |
| 75 | // Warning: |raw_key| holds the raw key as bytes and thus must be handled |
| 76 | // carefully. |
| 77 | bool GetRawKey(std::string* raw_key); |
| 78 | |
| 79 | private: |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 80 | #if defined(NACL_WIN64) |
| 81 | SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, |
| 82 | const void* key_data, size_t key_size_in_bytes); |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 83 | |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 84 | ScopedHCRYPTPROV provider_; |
| 85 | ScopedHCRYPTKEY key_; |
| 86 | |
| 87 | // Contains the raw key, if it is known during initialization and when it |
| 88 | // is likely that the associated |provider_| will be unable to export the |
| 89 | // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes |
| 90 | // when using the default RSA provider. |
| 91 | // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey |
| 92 | // fails with NTE_BAD_KEY/NTE_BAD_LEN |
| 93 | std::string raw_key_; |
| 94 | #elif defined(USE_OPENSSL) |
| 95 | SymmetricKey() {} |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 96 | std::string key_; |
Luis Hector Chavez | e5b2c6f | 2017-07-26 17:33:47 +0000 | [diff] [blame] | 97 | #elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) |
| 98 | explicit SymmetricKey(PK11SymKey* key); |
| 99 | ScopedPK11SymKey key_; |
| 100 | #endif |
Daniel Erat | 59c5f4b | 2015-08-24 12:50:25 -0600 | [diff] [blame] | 101 | |
| 102 | DISALLOW_COPY_AND_ASSIGN(SymmetricKey); |
| 103 | }; |
| 104 | |
| 105 | } // namespace crypto |
| 106 | |
| 107 | #endif // CRYPTO_SYMMETRIC_KEY_H_ |