• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CRYPTO_SYMMETRIC_KEY_H_
6 #define CRYPTO_SYMMETRIC_KEY_H_
7 #pragma once
8 
9 #include <string>
10 
11 #include "base/basictypes.h"
12 
13 #if defined(USE_NSS)
14 #include "crypto/scoped_nss_types.h"
15 #elif defined(OS_MACOSX)
16 #include <Security/cssmtype.h>
17 #elif defined(OS_WIN)
18 #include "crypto/scoped_capi_types.h"
19 #endif
20 
21 namespace crypto {
22 
23 // Wraps a platform-specific symmetric key and allows it to be held in a
24 // scoped_ptr.
25 class SymmetricKey {
26  public:
27   // Defines the algorithm that a key will be used with. See also
28   // classs Encrptor.
29   enum Algorithm {
30     AES,
31     HMAC_SHA1,
32   };
33 
34   virtual ~SymmetricKey();
35 
36   // Generates a random key suitable to be used with |algorithm| and of
37   // |key_size_in_bits| bits.
38   // The caller is responsible for deleting the returned SymmetricKey.
39   static SymmetricKey* GenerateRandomKey(Algorithm algorithm,
40                                          size_t key_size_in_bits);
41 
42   // Derives a key from the supplied password and salt using PBKDF2, suitable
43   // for use with specified |algorithm|. Note |algorithm| is not the algorithm
44   // used to derive the key from the password. The caller is responsible for
45   // deleting the returned SymmetricKey.
46   static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm,
47                                              const std::string& password,
48                                              const std::string& salt,
49                                              size_t iterations,
50                                              size_t key_size_in_bits);
51 
52   // Imports an array of key bytes in |raw_key|. This key may have been
53   // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with
54   // GetRawKey, or via another compatible method. The key must be of suitable
55   // size for use with |algorithm|. The caller owns the returned SymmetricKey.
56   static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key);
57 
58 #if defined(USE_OPENSSL)
key()59   const std::string& key() { return key_; }
60 #elif defined(USE_NSS)
key()61   PK11SymKey* key() const { return key_.get(); }
62 #elif defined(OS_MACOSX)
63   CSSM_DATA cssm_data() const;
64 #elif defined(OS_WIN)
key()65   HCRYPTKEY key() const { return key_.get(); }
66 #endif
67 
68   // Extracts the raw key from the platform specific data.
69   // Warning: |raw_key| holds the raw key as bytes and thus must be handled
70   // carefully.
71   bool GetRawKey(std::string* raw_key);
72 
73  private:
74 #if defined(USE_OPENSSL)
SymmetricKey()75   SymmetricKey() {}
76   std::string key_;
77 #elif defined(USE_NSS)
78   explicit SymmetricKey(PK11SymKey* key);
79   ScopedPK11SymKey key_;
80 #elif defined(OS_MACOSX)
81   SymmetricKey(const void* key_data, size_t key_size_in_bits);
82   std::string key_;
83 #elif defined(OS_WIN)
84   SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key,
85                const void* key_data, size_t key_size_in_bytes);
86 
87   ScopedHCRYPTPROV provider_;
88   ScopedHCRYPTKEY key_;
89 
90   // Contains the raw key, if it is known during initialization and when it
91   // is likely that the associated |provider_| will be unable to export the
92   // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes
93   // when using the default RSA provider.
94   // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey
95   // fails with NTE_BAD_KEY/NTE_BAD_LEN
96   std::string raw_key_;
97 #endif
98 
99   DISALLOW_COPY_AND_ASSIGN(SymmetricKey);
100 };
101 
102 }  // namespace crypto
103 
104 #endif  // CRYPTO_SYMMETRIC_KEY_H_
105