First pass of a Nigori implementation for Chrome. Only unassisted key

derivation is supported and there is no support for server authentication.

BUG=37363
TEST=unit tests

Review URL: http://codereview.chromium.org/1357003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43220 0039d316-1c4b-4281-b951-d872f2087c98

4 files changed, 11 insertions, 12 deletions

diff --git a/base/crypto/encryptor.h b/base/crypto/encryptor.h
index a09c7cd..96a6d6a 100644
--- a/base/crypto/encryptor.h
+++ b/base/crypto/encryptor.h
@@ -17,12 +17,11 @@ class Encryptor {
   enum Mode {
     CBC
   };
-  explicit Encryptor();
-  ~Encryptor();
+  Encryptor();
+  virtual ~Encryptor();
 
-  // Initializes the encryptor using |key| and |iv|. Takes ownership of |key| if
-  // successful. Returns false if either the key or the initialization vector
-  // cannot be used.
+  // Initializes the encryptor using |key| and |iv|. Returns false if either the
+  // key or the initialization vector cannot be used.
   bool Init(SymmetricKey* key, Mode mode, const std::string& iv);
 
   // Encrypts |plaintext| into |ciphertext|.
@@ -34,8 +33,8 @@ class Encryptor {
   // TODO(albertb): Support streaming encryption.
 
  private:
+  SymmetricKey* key_;
   Mode mode_;
-  scoped_ptr<SymmetricKey> key_;
 
 #if defined(USE_NSS)
   ScopedPK11Slot slot_;
diff --git a/base/crypto/encryptor_mac.cc b/base/crypto/encryptor_mac.cc
index 4e8984a..e892c12 100644
--- a/base/crypto/encryptor_mac.cc
+++ b/base/crypto/encryptor_mac.cc
@@ -28,7 +28,7 @@ bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
   if (iv.size() != kCCBlockSizeAES128)
     return false;
 
-  key_.reset(key);
+  key_ = key;
   mode_ = mode;
   iv_ = iv;
   return true;
@@ -37,12 +37,12 @@ bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
 bool Encryptor::Crypt(int /*CCOperation*/ op,
                       const std::string& input,
                       std::string* output) {
-  DCHECK(key_.get());
+  DCHECK(key_);
   CSSM_DATA raw_key = key_->cssm_data();
   // CommonCryptor.h: "A general rule for the size of the output buffer which
-  // must be provided by the caller is that for block ciphers, the output 
+  // must be provided by the caller is that for block ciphers, the output
   // length is never larger than the input length plus the block size."
-  
+
   size_t output_size = input.size() + iv_.size();
   CCCryptorStatus err = CCCrypt(op,
                                 kCCAlgorithmAES128,
diff --git a/base/crypto/encryptor_nss.cc b/base/crypto/encryptor_nss.cc
index 78ddb64..eac6779 100644
--- a/base/crypto/encryptor_nss.cc
+++ b/base/crypto/encryptor_nss.cc
@@ -23,7 +23,9 @@ bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
   DCHECK(key);
   DCHECK_EQ(CBC, mode);
 
+  key_ = key;
   mode_ = mode;
+
   if (iv.size() != AES_BLOCK_SIZE)
     return false;
 
@@ -41,7 +43,6 @@ bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
   if (!param_.get())
     return false;
 
-  key_.reset(key);
   return true;
 }
 
diff --git a/base/crypto/symmetric_key_nss.cc b/base/crypto/symmetric_key_nss.cc
index 0fb8cfa..5af7cde 100644
--- a/base/crypto/symmetric_key_nss.cc
+++ b/base/crypto/symmetric_key_nss.cc
@@ -55,7 +55,6 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
       const_cast<char *>(salt.data()));
   salt_item.len = salt.size();
 
-
   SECOidTag cipher_algorithm =
       algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1;
   ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,