1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SYMMETRIC_KEY_H_ 6 #define CRYPTO_SYMMETRIC_KEY_H_ 7 8 #include <string> 9 10 #include "base/basictypes.h" 11 #include "crypto/crypto_export.h" 12 13 #if defined(NACL_WIN64) 14 // See comments for crypto_nacl_win64 in crypto.gyp. 15 // Must test for NACL_WIN64 before OS_WIN since former is a subset of latter. 16 #include "crypto/scoped_capi_types.h" 17 #elif defined(USE_NSS) || \ 18 (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX))) 19 #include "crypto/scoped_nss_types.h" 20 #endif 21 22 namespace crypto { 23 24 // Wraps a platform-specific symmetric key and allows it to be held in a 25 // scoped_ptr. 26 class CRYPTO_EXPORT SymmetricKey { 27 public: 28 // Defines the algorithm that a key will be used with. See also 29 // classs Encrptor. 30 enum Algorithm { 31 AES, 32 HMAC_SHA1, 33 }; 34 35 virtual ~SymmetricKey(); 36 37 // Generates a random key suitable to be used with |algorithm| and of 38 // |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8. 39 // The caller is responsible for deleting the returned SymmetricKey. 40 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, 41 size_t key_size_in_bits); 42 43 // Derives a key from the supplied password and salt using PBKDF2, suitable 44 // for use with specified |algorithm|. Note |algorithm| is not the algorithm 45 // used to derive the key from the password. |key_size_in_bits| must be a 46 // multiple of 8. The caller is responsible for deleting the returned 47 // SymmetricKey. 48 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, 49 const std::string& password, 50 const std::string& salt, 51 size_t iterations, 52 size_t key_size_in_bits); 53 54 // Imports an array of key bytes in |raw_key|. This key may have been 55 // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with 56 // GetRawKey, or via another compatible method. The key must be of suitable 57 // size for use with |algorithm|. The caller owns the returned SymmetricKey. 58 static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key); 59 60 #if defined(USE_OPENSSL) key()61 const std::string& key() { return key_; } 62 #elif defined(NACL_WIN64) key()63 HCRYPTKEY key() const { return key_.get(); } 64 #elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) key()65 PK11SymKey* key() const { return key_.get(); } 66 #endif 67 68 // Extracts the raw key from the platform specific data. 69 // Warning: |raw_key| holds the raw key as bytes and thus must be handled 70 // carefully. 71 bool GetRawKey(std::string* raw_key); 72 73 private: 74 #if defined(USE_OPENSSL) SymmetricKey()75 SymmetricKey() {} 76 std::string key_; 77 #elif defined(NACL_WIN64) 78 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, 79 const void* key_data, size_t key_size_in_bytes); 80 81 ScopedHCRYPTPROV provider_; 82 ScopedHCRYPTKEY key_; 83 84 // Contains the raw key, if it is known during initialization and when it 85 // is likely that the associated |provider_| will be unable to export the 86 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes 87 // when using the default RSA provider. 88 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey 89 // fails with NTE_BAD_KEY/NTE_BAD_LEN 90 std::string raw_key_; 91 #elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX) 92 explicit SymmetricKey(PK11SymKey* key); 93 ScopedPK11SymKey key_; 94 #endif 95 96 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); 97 }; 98 99 } // namespace crypto 100 101 #endif // CRYPTO_SYMMETRIC_KEY_H_ 102