| OLD | NEW |
|---|
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/symmetric_key.h" | 5 #include "crypto/symmetric_key.h" |
| 6 | 6 |
| 7 #include <nss.h> | 7 #include <nss.h> |
| 8 #include <pk11pub.h> | 8 #include <pk11pub.h> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
| 12 | 12 |
| 13 namespace crypto { | 13 namespace crypto { |
| 14 | 14 |
| 15 SymmetricKey::~SymmetricKey() {} | 15 SymmetricKey::~SymmetricKey() {} |
| 16 | 16 |
| 17 // static | 17 // static |
| 18 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, | 18 SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, |
| 19 size_t key_size_in_bits) { | 19 size_t key_size_in_bits) { |
| 20 DCHECK_EQ(AES, algorithm); | 20 DCHECK_EQ(AES, algorithm); |
| 21 | 21 |
| 22 EnsureNSSInit(); | 22 EnsureNSSInit(); |
| 23 if (key_size_in_bits == 0) | 23 if (key_size_in_bits == 0) |
| 24 return NULL; | 24 return NULL; |
| 25 | 25 |
| 26 ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL)); | 26 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 27 if (!slot.get()) | 27 if (!slot.get()) |
| 28 return NULL; | 28 return NULL; |
| 29 | 29 |
| 30 PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, | 30 PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, |
| 31 key_size_in_bits / 8, NULL); | 31 key_size_in_bits / 8, NULL); |
| 32 if (!sym_key) | 32 if (!sym_key) |
| 33 return NULL; | 33 return NULL; |
| 34 | 34 |
| 35 return new SymmetricKey(sym_key); | 35 return new SymmetricKey(sym_key); |
| 36 } | 36 } |
| (...skipping 24 matching lines...) Expand all Loading... |
| 61 algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1; | 61 algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1; |
| 62 ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, | 62 ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2, |
| 63 cipher_algorithm, | 63 cipher_algorithm, |
| 64 SEC_OID_HMAC_SHA1, | 64 SEC_OID_HMAC_SHA1, |
| 65 key_size_in_bits / 8, | 65 key_size_in_bits / 8, |
| 66 iterations, | 66 iterations, |
| 67 &salt_item)); | 67 &salt_item)); |
| 68 if (!alg_id.get()) | 68 if (!alg_id.get()) |
| 69 return NULL; | 69 return NULL; |
| 70 | 70 |
| 71 ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL)); | 71 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 72 if (!slot.get()) | 72 if (!slot.get()) |
| 73 return NULL; | 73 return NULL; |
| 74 | 74 |
| 75 PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item, | 75 PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item, |
| 76 PR_FALSE, NULL); | 76 PR_FALSE, NULL); |
| 77 if (!sym_key) | 77 if (!sym_key) |
| 78 return NULL; | 78 return NULL; |
| 79 | 79 |
| 80 return new SymmetricKey(sym_key); | 80 return new SymmetricKey(sym_key); |
| 81 } | 81 } |
| 82 | 82 |
| 83 // static | 83 // static |
| 84 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, | 84 SymmetricKey* SymmetricKey::Import(Algorithm algorithm, |
| 85 const std::string& raw_key) { | 85 const std::string& raw_key) { |
| 86 EnsureNSSInit(); | 86 EnsureNSSInit(); |
| 87 CK_MECHANISM_TYPE cipher = | 87 CK_MECHANISM_TYPE cipher = |
| 88 algorithm == AES ? CKM_AES_CBC : CKM_SHA_1_HMAC; | 88 algorithm == AES ? CKM_AES_CBC : CKM_SHA_1_HMAC; |
| 89 | 89 |
| 90 SECItem key_item; | 90 SECItem key_item; |
| 91 key_item.type = siBuffer; | 91 key_item.type = siBuffer; |
| 92 key_item.data = reinterpret_cast<unsigned char*>( | 92 key_item.data = reinterpret_cast<unsigned char*>( |
| 93 const_cast<char *>(raw_key.data())); | 93 const_cast<char *>(raw_key.data())); |
| 94 key_item.len = raw_key.size(); | 94 key_item.len = raw_key.size(); |
| 95 | 95 |
| 96 ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL)); | 96 ScopedPK11Slot slot(PK11_GetInternalSlot()); |
| 97 if (!slot.get()) | 97 if (!slot.get()) |
| 98 return NULL; | 98 return NULL; |
| 99 | 99 |
| 100 // The exact value of the |origin| argument doesn't matter to NSS as long as | 100 // The exact value of the |origin| argument doesn't matter to NSS as long as |
| 101 // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a | 101 // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a |
| 102 // placeholder. | 102 // placeholder. |
| 103 PK11SymKey* sym_key = PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap, | 103 PK11SymKey* sym_key = PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap, |
| 104 CKA_ENCRYPT, &key_item, NULL); | 104 CKA_ENCRYPT, &key_item, NULL); |
| 105 if (!sym_key) | 105 if (!sym_key) |
| 106 return NULL; | 106 return NULL; |
| (...skipping 19 matching lines...) Expand all Loading... |
| 126 SymmetricKey* SymmetricKey::CreateFromKey(PK11SymKey* key) { | 126 SymmetricKey* SymmetricKey::CreateFromKey(PK11SymKey* key) { |
| 127 return new SymmetricKey(key); | 127 return new SymmetricKey(key); |
| 128 } | 128 } |
| 129 #endif | 129 #endif |
| 130 | 130 |
| 131 SymmetricKey::SymmetricKey(PK11SymKey* key) : key_(key) { | 131 SymmetricKey::SymmetricKey(PK11SymKey* key) : key_(key) { |
| 132 DCHECK(key); | 132 DCHECK(key); |
| 133 } | 133 } |
| 134 | 134 |
| 135 } // namespace crypto | 135 } // namespace crypto |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 11186004:
Use the NSS internal key slot for all temporary key operations (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src