• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright 2011 The Chromium Authors
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "crypto/symmetric_key.h"
6 
7 #include <stddef.h>
8 #include <stdint.h>
9 
10 #include <algorithm>
11 #include <utility>
12 
13 #include "base/check_op.h"
14 #include "base/notreached.h"
15 #include "base/strings/string_util.h"
16 #include "crypto/openssl_util.h"
17 #include "third_party/boringssl/src/include/openssl/evp.h"
18 #include "third_party/boringssl/src/include/openssl/rand.h"
19 
20 namespace crypto {
21 
22 namespace {
23 
CheckDerivationParameters(SymmetricKey::Algorithm algorithm,size_t key_size_in_bits)24 bool CheckDerivationParameters(SymmetricKey::Algorithm algorithm,
25                                size_t key_size_in_bits) {
26   switch (algorithm) {
27     case SymmetricKey::AES:
28       // Check for supported key sizes. Historically, NSS supported AES-192
29       // while BoringSSL did not and this check aligned their behavior.
30       return key_size_in_bits == 128 || key_size_in_bits == 256;
31     case SymmetricKey::HMAC_SHA1:
32       return key_size_in_bits % 8 == 0 && key_size_in_bits != 0;
33   }
34 
35   NOTREACHED();
36   return false;
37 }
38 
39 }  // namespace
40 
~SymmetricKey()41 SymmetricKey::~SymmetricKey() {
42   std::fill(key_.begin(), key_.end(), '\0');  // Zero out the confidential key.
43 }
44 
45 // static
GenerateRandomKey(Algorithm algorithm,size_t key_size_in_bits)46 std::unique_ptr<SymmetricKey> SymmetricKey::GenerateRandomKey(
47     Algorithm algorithm,
48     size_t key_size_in_bits) {
49   DCHECK_EQ(AES, algorithm);
50 
51   // Check for supported key sizes. Historically, NSS supported AES-192 while
52   // BoringSSL did not and this check aligned their behavior.
53   if (key_size_in_bits != 128 && key_size_in_bits != 256)
54     return nullptr;
55 
56   size_t key_size_in_bytes = key_size_in_bits / 8;
57   DCHECK_EQ(key_size_in_bits, key_size_in_bytes * 8);
58 
59   if (key_size_in_bytes == 0)
60     return nullptr;
61 
62   OpenSSLErrStackTracer err_tracer(FROM_HERE);
63   std::unique_ptr<SymmetricKey> key(new SymmetricKey);
64   uint8_t* key_data = reinterpret_cast<uint8_t*>(
65       base::WriteInto(&key->key_, key_size_in_bytes + 1));
66 
67   int rv = RAND_bytes(key_data, static_cast<int>(key_size_in_bytes));
68   return rv == 1 ? std::move(key) : nullptr;
69 }
70 
71 // static
DeriveKeyFromPasswordUsingPbkdf2(Algorithm algorithm,const std::string & password,const std::string & salt,size_t iterations,size_t key_size_in_bits)72 std::unique_ptr<SymmetricKey> SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
73     Algorithm algorithm,
74     const std::string& password,
75     const std::string& salt,
76     size_t iterations,
77     size_t key_size_in_bits) {
78   if (!CheckDerivationParameters(algorithm, key_size_in_bits))
79     return nullptr;
80 
81   size_t key_size_in_bytes = key_size_in_bits / 8;
82 
83   OpenSSLErrStackTracer err_tracer(FROM_HERE);
84   std::unique_ptr<SymmetricKey> key(new SymmetricKey);
85   uint8_t* key_data = reinterpret_cast<uint8_t*>(
86       base::WriteInto(&key->key_, key_size_in_bytes + 1));
87 
88   int rv = PKCS5_PBKDF2_HMAC_SHA1(
89       password.data(), password.length(),
90       reinterpret_cast<const uint8_t*>(salt.data()), salt.length(),
91       static_cast<unsigned>(iterations),
92       key_size_in_bytes, key_data);
93   return rv == 1 ? std::move(key) : nullptr;
94 }
95 
96 // static
DeriveKeyFromPasswordUsingScrypt(Algorithm algorithm,const std::string & password,const std::string & salt,size_t cost_parameter,size_t block_size,size_t parallelization_parameter,size_t max_memory_bytes,size_t key_size_in_bits)97 std::unique_ptr<SymmetricKey> SymmetricKey::DeriveKeyFromPasswordUsingScrypt(
98     Algorithm algorithm,
99     const std::string& password,
100     const std::string& salt,
101     size_t cost_parameter,
102     size_t block_size,
103     size_t parallelization_parameter,
104     size_t max_memory_bytes,
105     size_t key_size_in_bits) {
106   if (!CheckDerivationParameters(algorithm, key_size_in_bits))
107     return nullptr;
108 
109   size_t key_size_in_bytes = key_size_in_bits / 8;
110 
111   OpenSSLErrStackTracer err_tracer(FROM_HERE);
112   std::unique_ptr<SymmetricKey> key(new SymmetricKey);
113   uint8_t* key_data = reinterpret_cast<uint8_t*>(
114       base::WriteInto(&key->key_, key_size_in_bytes + 1));
115 
116   int rv = EVP_PBE_scrypt(password.data(), password.length(),
117                           reinterpret_cast<const uint8_t*>(salt.data()),
118                           salt.length(), cost_parameter, block_size,
119                           parallelization_parameter, max_memory_bytes, key_data,
120                           key_size_in_bytes);
121   return rv == 1 ? std::move(key) : nullptr;
122 }
123 
124 // static
Import(Algorithm algorithm,const std::string & raw_key)125 std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm algorithm,
126                                                    const std::string& raw_key) {
127   if (algorithm == AES) {
128     // Check for supported key sizes. Historically, NSS supported AES-192 while
129     // BoringSSL did not and this check aligned their behavior.
130     if (raw_key.size() != 128/8 && raw_key.size() != 256/8)
131       return nullptr;
132   }
133 
134   std::unique_ptr<SymmetricKey> key(new SymmetricKey);
135   key->key_ = raw_key;
136   return key;
137 }
138 
139 SymmetricKey::SymmetricKey() = default;
140 
141 }  // namespace crypto
142