diff options
| author | albertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-28 16:50:40 +0000 |
|---|---|---|
| committer | albertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-04-28 16:50:40 +0000 |
| commit | 6eacc5cfc23d536947a2982bf635dfb0ea24e464 (patch) | |
| tree | 22a4a042c2cfabe73a25b1ceac30007e35afb2d8 | |
| parent | 97a056463c8906c9cf430de764b1ae3b482eeeed (diff) | |
| download | chromium_src-6eacc5cfc23d536947a2982bf635dfb0ea24e464.zip chromium_src-6eacc5cfc23d536947a2982bf635dfb0ea24e464.tar.gz chromium_src-6eacc5cfc23d536947a2982bf635dfb0ea24e464.tar.bz2 | |
Make the Nigori user salt key 128-bits to be FIPS compliant.
BUG=none
TEST=NigoriTest.*
Review URL: http://codereview.chromium.org/1697010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@45816 0039d316-1c4b-4281-b951-d872f2087c98
| -rw-r--r-- | base/crypto/symmetric_key_mac.cc | 5 | ||||
| -rw-r--r-- | chrome/browser/sync/util/nigori.h | 2 |
2 files changed, 5 insertions, 2 deletions
diff --git a/base/crypto/symmetric_key_mac.cc b/base/crypto/symmetric_key_mac.cc index ba033a7..19c330d 100644 --- a/base/crypto/symmetric_key_mac.cc +++ b/base/crypto/symmetric_key_mac.cc @@ -23,8 +23,11 @@ CSSM_KEY_TYPE CheckKeyParams(base::SymmetricKey::Algorithm algorithm, << "Invalid key size " << key_size_in_bits << " bits"; return CSSM_ALGID_AES; } else { + // FIPS 198 Section 3 requires a HMAC-SHA-1 derived keys to be at least + // (HMAC-SHA-1 output size / 2) to be compliant. Since the ouput size of + // HMAC-SHA-1 is 160 bits, we require at least 80 bits here. CHECK(algorithm == base::SymmetricKey::HMAC_SHA1); - CHECK(key_size_in_bits >= 64 && (key_size_in_bits % 8) == 0) + CHECK(key_size_in_bits >= 80 && (key_size_in_bits % 8) == 0) << "Invalid key size " << key_size_in_bits << " bits"; return CSSM_ALGID_SHA1HMAC_LEGACY; } diff --git a/chrome/browser/sync/util/nigori.h b/chrome/browser/sync/util/nigori.h index b7d037b..ad57ad7 100644 --- a/chrome/browser/sync/util/nigori.h +++ b/chrome/browser/sync/util/nigori.h @@ -50,7 +50,7 @@ class Nigori { bool Decrypt(const std::string& value, std::string* decrypted); static const char kSaltSalt[]; // The salt used to derive the user salt. - static const size_t kSaltKeySizeInBits = 64; + static const size_t kSaltKeySizeInBits = 128; static const size_t kDerivedKeySizeInBits = 128; static const size_t kIvSize = 16; static const size_t kHashSize = 32; |