Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / libchrome / 59c5f4b0fb104e8e4806e4934a3d5d112ad695ab / . / crypto / symmetric_key.h
blob: 996c5923b18981312b67f3fd9d3d52559f21fb36 [file] [log] [blame]
Daniel Erat59c5f4b2015-08-24 12:50:25 -0600[diff] [blame^]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef CRYPTO_SYMMETRIC_KEY_H_
6#define CRYPTO_SYMMETRIC_KEY_H_
7
8#include <string>
9
10#include "base/basictypes.h"
11#include "crypto/crypto_export.h"
12
13#if defined(NACL_WIN64)
14// See comments for crypto_nacl_win64 in crypto.gyp.
15// Must test for NACL_WIN64 before OS_WIN since former is a subset of latter.
16#include "crypto/scoped_capi_types.h"
17#elif defined(USE_NSS_CERTS) || \
18 (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX)))
19#include "crypto/scoped_nss_types.h"
20#endif
21
22namespace crypto {
23
24// Wraps a platform-specific symmetric key and allows it to be held in a
25// scoped_ptr.
26class CRYPTO_EXPORT SymmetricKey {
27 public:
28 // Defines the algorithm that a key will be used with. See also
29 // classs Encrptor.
30 enum Algorithm {
31 AES,
32 HMAC_SHA1,
33 };
34
35 virtual ~SymmetricKey();
36
37 // Generates a random key suitable to be used with |algorithm| and of
38 // |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8.
39 // The caller is responsible for deleting the returned SymmetricKey.
40 static SymmetricKey* GenerateRandomKey(Algorithm algorithm,
41 size_t key_size_in_bits);
42
43 // Derives a key from the supplied password and salt using PBKDF2, suitable
44 // for use with specified |algorithm|. Note |algorithm| is not the algorithm
45 // used to derive the key from the password. |key_size_in_bits| must be a
46 // multiple of 8. The caller is responsible for deleting the returned
47 // SymmetricKey.
48 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm,
49 const std::string& password,
50 const std::string& salt,
51 size_t iterations,
52 size_t key_size_in_bits);
53
54 // Imports an array of key bytes in |raw_key|. This key may have been
55 // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with
56 // GetRawKey, or via another compatible method. The key must be of suitable
57 // size for use with |algorithm|. The caller owns the returned SymmetricKey.
58 static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key);
59
60#if defined(NACL_WIN64)
61 HCRYPTKEY key() const { return key_.get(); }
62#elif defined(USE_OPENSSL)
63 const std::string& key() { return key_; }
64#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
65 PK11SymKey* key() const { return key_.get(); }
66#endif
67
68 // Extracts the raw key from the platform specific data.
69 // Warning: |raw_key| holds the raw key as bytes and thus must be handled
70 // carefully.
71 bool GetRawKey(std::string* raw_key);
72
73 private:
74#if defined(NACL_WIN64)
75 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key,
76 const void* key_data, size_t key_size_in_bytes);
77
78 ScopedHCRYPTPROV provider_;
79 ScopedHCRYPTKEY key_;
80
81 // Contains the raw key, if it is known during initialization and when it
82 // is likely that the associated |provider_| will be unable to export the
83 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes
84 // when using the default RSA provider.
85 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey
86 // fails with NTE_BAD_KEY/NTE_BAD_LEN
87 std::string raw_key_;
88#elif defined(USE_OPENSSL)
89 SymmetricKey() {}
90 std::string key_;
91#elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX)
92 explicit SymmetricKey(PK11SymKey* key);
93 ScopedPK11SymKey key_;
94#endif
95
96 DISALLOW_COPY_AND_ASSIGN(SymmetricKey);
97};
98
99} // namespace crypto
100
101#endif // CRYPTO_SYMMETRIC_KEY_H_