summaryrefslogtreecommitdiffstats
path: root/base
diff options
context:
space:
mode:
authoralbertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-25 19:13:00 +0000
committeralbertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>2010-03-25 19:13:00 +0000
commit39422e3082cc5b3633183b53ff21f93a5c17e5f0 (patch)
treef7bced4c1c84b34858abafc629aa8da7434d4ffc /base
parent91968bc1e60c8ee2a3cab902c7f8246565974850 (diff)
downloadchromium_src-39422e3082cc5b3633183b53ff21f93a5c17e5f0.zip
chromium_src-39422e3082cc5b3633183b53ff21f93a5c17e5f0.tar.gz
chromium_src-39422e3082cc5b3633183b53ff21f93a5c17e5f0.tar.bz2
Implement random key generation and AES encryption using NSS.
BUG=none TEST=unit test Review URL: http://codereview.chromium.org/1142004 git-svn-id: svn://svn.chromium.org/chrome/trunk/src@42649 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
-rw-r--r--base/base.gyp3
-rw-r--r--base/base.gypi8
-rw-r--r--base/crypto/encryptor.h48
-rw-r--r--base/crypto/encryptor_mac.cc30
-rw-r--r--base/crypto/encryptor_nss.cc124
-rw-r--r--base/crypto/encryptor_unittest.cc40
-rw-r--r--base/crypto/encryptor_win.cc29
-rw-r--r--base/crypto/pbkdf2.h22
-rw-r--r--base/crypto/pbkdf2_mac.cc17
-rw-r--r--base/crypto/pbkdf2_nss.cc56
-rw-r--r--base/crypto/pbkdf2_win.cc17
-rw-r--r--base/crypto/scoped_nss_types.h12
-rw-r--r--base/crypto/symmetric_key.h20
-rw-r--r--base/crypto/symmetric_key_mac.cc17
-rw-r--r--base/crypto/symmetric_key_nss.cc67
-rw-r--r--base/crypto/symmetric_key_unittest.cc (renamed from base/crypto/pbkdf2_unittest.cc)33
-rw-r--r--base/crypto/symmetric_key_win.cc17
17 files changed, 422 insertions, 138 deletions
diff --git a/base/base.gyp b/base/base.gyp
index b0c7530..72255de 100644
--- a/base/base.gyp
+++ b/base/base.gyp
@@ -66,10 +66,11 @@
'cancellation_flag_unittest.cc',
'command_line_unittest.cc',
'condition_variable_unittest.cc',
- 'crypto/pbkdf2_unittest.cc',
+ 'crypto/encryptor_unittest.cc',
'crypto/rsa_private_key_unittest.cc',
'crypto/signature_creator_unittest.cc',
'crypto/signature_verifier_unittest.cc',
+ 'crypto/symmetric_key_unittest.cc',
'data_pack_unittest.cc',
'debug_util_unittest.cc',
'dir_reader_posix_unittest.cc',
diff --git a/base/base.gypi b/base/base.gypi
index eb99848..907f490 100644
--- a/base/base.gypi
+++ b/base/base.gypi
@@ -459,10 +459,10 @@
'sources': [
'crypto/cssm_init.cc',
'crypto/cssm_init.h',
- 'crypto/pbkdf2.h',
- 'crypto/pbkdf2_mac.cc',
- 'crypto/pbkdf2_nss.cc',
- 'crypto/pbkdf2_win.cc',
+ 'crypto/encryptor.h',
+ 'crypto/encryptor_mac.cc',
+ 'crypto/encryptor_nss.cc',
+ 'crypto/encryptor_win.cc',
'crypto/rsa_private_key.h',
'crypto/rsa_private_key.cc',
'crypto/rsa_private_key_mac.cc',
diff --git a/base/crypto/encryptor.h b/base/crypto/encryptor.h
new file mode 100644
index 0000000..55199d5
--- /dev/null
+++ b/base/crypto/encryptor.h
@@ -0,0 +1,48 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#ifndef BASE_CRYPTO_ENCRYPTOR_H_
+#define BASE_CRYPTO_ENCRYPTOR_H_
+
+#include <string>
+
+#include "base/crypto/symmetric_key.h"
+#include "base/scoped_ptr.h"
+
+namespace base {
+
+class Encryptor {
+ public:
+ enum Mode {
+ CBC
+ };
+ explicit Encryptor();
+ ~Encryptor();
+
+ // Initializes the encryptor using |key| and |iv|. Takes ownership of |key| if
+ // successful. Returns false if either the key or the initialization vector
+ // cannot be used.
+ bool Init(SymmetricKey* key, Mode mode, const std::string& iv);
+
+ // Encrypts |plaintext| into |ciphertext|.
+ bool Encrypt(const std::string& plaintext, std::string* ciphertext);
+
+ // Decrypts |ciphertext| into |plaintext|.
+ bool Decrypt(const std::string& ciphertext, std::string* plaintext);
+
+ // TODO(albertb): Support streaming encryption.
+
+ private:
+ Mode mode_;
+ scoped_ptr<SymmetricKey> key_;
+
+#if defined(USE_NSS)
+ ScopedPK11Slot slot_;
+ ScopedSECItem param_;
+#endif
+};
+
+} // namespace base
+
+#endif // BASE_CRYPTO_ENCRYPTOR_H_
diff --git a/base/crypto/encryptor_mac.cc b/base/crypto/encryptor_mac.cc
new file mode 100644
index 0000000..2b04537
--- /dev/null
+++ b/base/crypto/encryptor_mac.cc
@@ -0,0 +1,30 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/encryptor.h"
+
+namespace base {
+
+// TODO(albertb): Implement on Mac using the Common Crypto Library:
+// http://developer.apple.com/mac/library/documentation/Darwin/Reference/ManPages/man3/CCCryptor.3cc.html#//apple_ref/doc/man/10.5/3cc/CCCryptor?useVersion=10.5
+
+Encryptor::Encryptor() {
+}
+
+Encryptor::~Encryptor() {
+}
+
+bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
+ return false;
+}
+
+bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
+ return false;
+}
+
+bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
+ return false;
+}
+
+} // namespace base
diff --git a/base/crypto/encryptor_nss.cc b/base/crypto/encryptor_nss.cc
new file mode 100644
index 0000000..78ddb64
--- /dev/null
+++ b/base/crypto/encryptor_nss.cc
@@ -0,0 +1,124 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/encryptor.h"
+
+#include <cryptohi.h>
+#include <vector>
+
+#include "base/logging.h"
+#include "base/nss_util.h"
+
+namespace base {
+
+Encryptor::Encryptor() {
+ EnsureNSSInit();
+}
+
+Encryptor::~Encryptor() {
+}
+
+bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
+ DCHECK(key);
+ DCHECK_EQ(CBC, mode);
+
+ mode_ = mode;
+ if (iv.size() != AES_BLOCK_SIZE)
+ return false;
+
+ slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL));
+ if (!slot_.get())
+ return false;
+
+ SECItem iv_item;
+ iv_item.type = siBuffer;
+ iv_item.data = reinterpret_cast<unsigned char*>(
+ const_cast<char *>(iv.data()));
+ iv_item.len = iv.size();
+
+ param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
+ if (!param_.get())
+ return false;
+
+ key_.reset(key);
+ return true;
+}
+
+bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
+ if (plaintext.size() == 0)
+ return false;
+
+ ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
+ CKA_ENCRYPT,
+ key_->key(),
+ param_.get()));
+ if (!context.get())
+ return false;
+
+ size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE;
+ std::vector<unsigned char> buffer(ciphertext_len);
+
+ int op_len;
+ SECStatus rv = PK11_CipherOp(context.get(),
+ &buffer[0],
+ &op_len,
+ ciphertext_len,
+ reinterpret_cast<unsigned char*>(
+ const_cast<char*>(plaintext.data())),
+ plaintext.size());
+ if (SECSuccess != rv)
+ return false;
+
+ unsigned int digest_len;
+ rv = PK11_DigestFinal(context.get(),
+ &buffer[op_len],
+ &digest_len,
+ ciphertext_len - op_len);
+ if (SECSuccess != rv)
+ return false;
+
+ ciphertext->assign(reinterpret_cast<char *>(&buffer[0]),
+ op_len + digest_len);
+ return true;
+}
+
+bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
+ if (ciphertext.size() == 0)
+ return false;
+
+ ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
+ CKA_DECRYPT,
+ key_->key(),
+ param_.get()));
+ if (!context.get())
+ return false;
+
+ size_t plaintext_len = ciphertext.size();
+ std::vector<unsigned char> buffer(plaintext_len);
+
+ int op_len;
+ SECStatus rv = PK11_CipherOp(context.get(),
+ &buffer[0],
+ &op_len,
+ plaintext_len,
+ reinterpret_cast<unsigned char*>(
+ const_cast<char*>(ciphertext.data())),
+ ciphertext.size());
+ if (SECSuccess != rv)
+ return false;
+
+ unsigned int digest_len;
+ rv = PK11_DigestFinal(context.get(),
+ &buffer[op_len],
+ &digest_len,
+ plaintext_len - op_len);
+ if (SECSuccess != rv)
+ return false;
+
+ plaintext->assign(reinterpret_cast<char *>(&buffer[0]),
+ op_len + digest_len);
+ return true;
+}
+
+} // namespace base
diff --git a/base/crypto/encryptor_unittest.cc b/base/crypto/encryptor_unittest.cc
new file mode 100644
index 0000000..c183d90
--- /dev/null
+++ b/base/crypto/encryptor_unittest.cc
@@ -0,0 +1,40 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/encryptor.h"
+
+#include <string>
+
+#include "base/crypto/symmetric_key.h"
+#include "base/scoped_ptr.h"
+#include "base/string_util.h"
+#include "testing/gtest/include/gtest/gtest.h"
+
+#if defined(USE_NSS)
+#define MAYBE(name) name
+#else
+#define MAYBE(name) DISABLED_ ## name
+#endif
+
+TEST(EncryptorTest, MAYBE(EncryptDecrypt)) {
+ scoped_ptr<base::SymmetricKey> key(base::SymmetricKey::DeriveKeyFromPassword(
+ base::SymmetricKey::AES, "password", "salt", 1000, 32));
+ EXPECT_TRUE(NULL != key.get());
+
+ base::Encryptor encryptor;
+ // The IV must be exactly as long a the cipher block size.
+ std::string iv("the iv: 16 bytes");
+ EXPECT_TRUE(encryptor.Init(key.release(), base::Encryptor::CBC, iv));
+
+ std::string plaintext("this is the plaintext");
+ std::string ciphertext;
+ EXPECT_TRUE(encryptor.Encrypt(plaintext, &ciphertext));
+
+ EXPECT_LT(0U, ciphertext.size());
+
+ std::string decypted;
+ EXPECT_TRUE(encryptor.Decrypt(ciphertext, &decypted));
+
+ EXPECT_EQ(plaintext, decypted);
+}
diff --git a/base/crypto/encryptor_win.cc b/base/crypto/encryptor_win.cc
new file mode 100644
index 0000000..6411408
--- /dev/null
+++ b/base/crypto/encryptor_win.cc
@@ -0,0 +1,29 @@
+// Copyright (c) 2010 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "base/crypto/encryptor.h"
+
+namespace base {
+
+// TODO(albertb): Implement on Windows.
+
+Encryptor::Encryptor() {
+}
+
+Encryptor::~Encryptor() {
+}
+
+bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
+ return false;
+}
+
+bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
+ return false;
+}
+
+bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
+ return false;
+}
+
+} // namespace base
diff --git a/base/crypto/pbkdf2.h b/base/crypto/pbkdf2.h
deleted file mode 100644
index e5c0821..0000000
--- a/base/crypto/pbkdf2.h
+++ /dev/null
@@ -1,22 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#ifndef BASE_CRYPTO_PBKDF2_H_
-#define BASE_CRYPTO_PBKDF2_H_
-
-#include <string>
-
-#include "base/crypto/symmetric_key.h"
-
-namespace base {
-
-// Derives a key from the supplied password and salt using PBKDF2.
-SymmetricKey* DeriveKeyFromPassword(const std::string& password,
- const std::string& salt,
- unsigned int iterations,
- unsigned int key_size);
-
-} // namespace base
-
-#endif // BASE_CRYPTO_PBKDF2_H_
diff --git a/base/crypto/pbkdf2_mac.cc b/base/crypto/pbkdf2_mac.cc
deleted file mode 100644
index 64e661e..0000000
--- a/base/crypto/pbkdf2_mac.cc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/crypto/pbkdf2.h"
-
-namespace base {
-
-SymmetricKey* DeriveKeyFromPassword(const std::string& password,
- const std::string& salt,
- unsigned int iterations,
- unsigned int key_size) {
- // TODO(albertb): Implement this on Mac.
- return NULL;
-}
-
-} // namespace base
diff --git a/base/crypto/pbkdf2_nss.cc b/base/crypto/pbkdf2_nss.cc
deleted file mode 100644
index df1d898..0000000
--- a/base/crypto/pbkdf2_nss.cc
+++ /dev/null
@@ -1,56 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/crypto/pbkdf2.h"
-
-#include <nss.h>
-#include <pk11pub.h>
-
-#include "base/crypto/scoped_nss_types.h"
-#include "base/nss_util.h"
-
-namespace base {
-
-SymmetricKey* DeriveKeyFromPassword(const std::string& password,
- const std::string& salt,
- unsigned int iterations,
- unsigned int key_size) {
- EnsureNSSInit();
- if (salt.empty() || iterations == 0 || key_size == 0)
- return NULL;
-
- SECItem password_item;
- password_item.type = siBuffer;
- password_item.data = reinterpret_cast<unsigned char*>(
- const_cast<char *>(password.data()));
- password_item.len = password.size();
-
- SECItem salt_item;
- salt_item.type = siBuffer;
- salt_item.data = reinterpret_cast<unsigned char*>(
- const_cast<char *>(salt.data()));
- salt_item.len = salt.size();
-
- ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,
- SEC_OID_PKCS5_PBKDF2,
- SEC_OID_HMAC_SHA1,
- key_size,
- iterations,
- &salt_item));
- if (!alg_id.get())
- return NULL;
-
- ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
- if (!slot.get())
- return NULL;
-
- PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item,
- PR_FALSE, NULL);
- if (!sym_key)
- return NULL;
-
- return new SymmetricKey(sym_key);
-}
-
-} // namespace base
diff --git a/base/crypto/pbkdf2_win.cc b/base/crypto/pbkdf2_win.cc
deleted file mode 100644
index 172199b..0000000
--- a/base/crypto/pbkdf2_win.cc
+++ /dev/null
@@ -1,17 +0,0 @@
-// Copyright (c) 2010 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "base/crypto/pbkdf2.h"
-
-namespace base {
-
-SymmetricKey* DeriveKeyFromPassword(const std::string& password,
- const std::string& salt,
- unsigned int iterations,
- unsigned int key_size) {
- // TODO(albertb): Implement this on Windows.
- return NULL;
-}
-
-} // namespace base
diff --git a/base/crypto/scoped_nss_types.h b/base/crypto/scoped_nss_types.h
index 5d67ba1..c1c84c1 100644
--- a/base/crypto/scoped_nss_types.h
+++ b/base/crypto/scoped_nss_types.h
@@ -30,10 +30,6 @@ struct NSSDestroyer1 {
// Define some convenient scopers around NSS pointers.
typedef scoped_ptr_malloc<
- SECAlgorithmID, NSSDestroyer1<SECAlgorithmID,
- SECOID_DestroyAlgorithmID,
- PR_TRUE> > ScopedSECAlgorithmID;
-typedef scoped_ptr_malloc<
PK11Context, NSSDestroyer1<PK11Context,
PK11_DestroyContext,
PR_TRUE> > ScopedPK11Context;
@@ -41,6 +37,14 @@ typedef scoped_ptr_malloc<
PK11SlotInfo, NSSDestroyer<PK11SlotInfo, PK11_FreeSlot> > ScopedPK11Slot;
typedef scoped_ptr_malloc<
PK11SymKey, NSSDestroyer<PK11SymKey, PK11_FreeSymKey> > ScopedPK11SymKey;
+typedef scoped_ptr_malloc<
+ SECAlgorithmID, NSSDestroyer1<SECAlgorithmID,
+ SECOID_DestroyAlgorithmID,
+ PR_TRUE> > ScopedSECAlgorithmID;
+typedef scoped_ptr_malloc<
+ SECItem, NSSDestroyer1<SECItem,
+ SECITEM_FreeItem,
+ PR_TRUE> > ScopedSECItem;
} // namespace base
diff --git a/base/crypto/symmetric_key.h b/base/crypto/symmetric_key.h
index c298048..1e1aed5 100644
--- a/base/crypto/symmetric_key.h
+++ b/base/crypto/symmetric_key.h
@@ -19,12 +19,25 @@ namespace base {
// scoped_ptr.
class SymmetricKey {
public:
-#if defined(USE_NSS)
- explicit SymmetricKey(PK11SymKey* key) : key_(key) {}
-#endif // USE_NSS
+ enum Algorithm {
+ AES,
+ HMAC_SHA1,
+ };
virtual ~SymmetricKey() {}
+ // Generates a random key suitable to be used with |cipher| and of |key_size|
+ // bytes. The caller is responsible for deleting the returned SymmetricKey.
+ static SymmetricKey* GenerateRandomKey(Algorithm algorithm, size_t key_size);
+
+ // Derives a key from the supplied password and salt using PBKDF2. The caller
+ // is respnosible for deleting the returned SymmetricKey.
+ static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm,
+ const std::string& password,
+ const std::string& salt,
+ size_t iterations,
+ size_t key_size);
+
#if defined(USE_NSS)
PK11SymKey* key() const { return key_.get(); }
#endif // USE_NSS
@@ -35,6 +48,7 @@ class SymmetricKey {
private:
#if defined(USE_NSS)
+ explicit SymmetricKey(PK11SymKey* key) : key_(key) {}
ScopedPK11SymKey key_;
#endif // USE_NSS
diff --git a/base/crypto/symmetric_key_mac.cc b/base/crypto/symmetric_key_mac.cc
index b24b434..8290e71 100644
--- a/base/crypto/symmetric_key_mac.cc
+++ b/base/crypto/symmetric_key_mac.cc
@@ -6,8 +6,23 @@
namespace base {
+// TODO(albertb): Implement on Mac.
+
+// static
+SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, size_t key_size) {
+ return NULL;
+}
+
+// static
+SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
+ const std::string& password,
+ const std::string& salt,
+ size_t iterations,
+ size_t key_size) {
+ return NULL;
+}
+
bool SymmetricKey::GetRawKey(std::string* raw_key) {
- // TODO(albertb): Implement on Mac.
return false;
}
diff --git a/base/crypto/symmetric_key_nss.cc b/base/crypto/symmetric_key_nss.cc
index 2c6c1ac..7196ae4 100644
--- a/base/crypto/symmetric_key_nss.cc
+++ b/base/crypto/symmetric_key_nss.cc
@@ -7,10 +7,77 @@
#include <nss.h>
#include <pk11pub.h>
+#include "base/nss_util.h"
#include "base/logging.h"
namespace base {
+// static
+SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, size_t key_size) {
+ DCHECK_EQ(AES, algorithm);
+
+ EnsureNSSInit();
+ if (key_size == 0)
+ return NULL;
+
+ ScopedPK11Slot slot(PK11_GetBestSlot(CKM_AES_KEY_GEN, NULL));
+ if (!slot.get())
+ return NULL;
+
+ PK11SymKey* sym_key = PK11_KeyGen(slot.get(), CKM_AES_KEY_GEN, NULL, key_size,
+ NULL);
+ if (!sym_key)
+ return NULL;
+
+ return new SymmetricKey(sym_key);
+}
+
+// static
+SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
+ const std::string& password,
+ const std::string& salt,
+ size_t iterations,
+ size_t key_size) {
+ EnsureNSSInit();
+ if (salt.empty() || iterations == 0 || key_size == 0)
+ return NULL;
+
+ SECItem password_item;
+ password_item.type = siBuffer;
+ password_item.data = reinterpret_cast<unsigned char*>(
+ const_cast<char *>(password.data()));
+ password_item.len = password.size();
+
+ SECItem salt_item;
+ salt_item.type = siBuffer;
+ salt_item.data = reinterpret_cast<unsigned char*>(
+ const_cast<char *>(salt.data()));
+ salt_item.len = salt.size();
+
+
+ SECOidTag cipher_algorithm =
+ algorithm == AES ? SEC_OID_AES_256_CBC : SEC_OID_HMAC_SHA1;
+ ScopedSECAlgorithmID alg_id(PK11_CreatePBEV2AlgorithmID(SEC_OID_PKCS5_PBKDF2,
+ cipher_algorithm,
+ SEC_OID_HMAC_SHA1,
+ key_size,
+ iterations,
+ &salt_item));
+ if (!alg_id.get())
+ return NULL;
+
+ ScopedPK11Slot slot(PK11_GetBestSlot(SEC_OID_PKCS5_PBKDF2, NULL));
+ if (!slot.get())
+ return NULL;
+
+ PK11SymKey* sym_key = PK11_PBEKeyGen(slot.get(), alg_id.get(), &password_item,
+ PR_FALSE, NULL);
+ if (!sym_key)
+ return NULL;
+
+ return new SymmetricKey(sym_key);
+}
+
bool SymmetricKey::GetRawKey(std::string* raw_key) {
SECStatus rv = PK11_ExtractKeyValue(key_.get());
if (SECSuccess != rv)
diff --git a/base/crypto/pbkdf2_unittest.cc b/base/crypto/symmetric_key_unittest.cc
index 377bd61..fe94b61 100644
--- a/base/crypto/pbkdf2_unittest.cc
+++ b/base/crypto/symmetric_key_unittest.cc
@@ -2,7 +2,7 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#include "base/crypto/pbkdf2.h"
+#include "base/crypto/symmetric_key.h"
#include <string>
@@ -10,7 +10,19 @@
#include "base/string_util.h"
#include "testing/gtest/include/gtest/gtest.h"
-struct TestVector {
+#if defined(USE_NSS)
+#define MAYBE(name) name
+#else
+#define MAYBE(name) DISABLED_ ## name
+#endif
+
+TEST(SymmetricKeyTest, MAYBE(GenerateRandomKey)) {
+ scoped_ptr<base::SymmetricKey> key(
+ base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 32));
+ EXPECT_TRUE(NULL != key.get());
+}
+
+struct PBKDF2TestVector {
const char* password;
const char* salt;
unsigned int rounds;
@@ -20,7 +32,7 @@ struct TestVector {
// These are the test vectors suggested in:
// http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt
-static const TestVector test_vectors[] = {
+static const PBKDF2TestVector test_vectors[] = {
{
"password",
"salt",
@@ -58,17 +70,14 @@ static const TestVector test_vectors[] = {
#endif
};
-#if defined(USE_NSS)
-#define MAYBE_TestVectors TestVectors
-#else
-#define MAYBE_TestVectors DISABLED_TestVectors
-#endif
-TEST(PBKDF2Test, MAYBE_TestVectors) {
+TEST(SymmetricKeyTest, MAYBE(DeriveKeyFromPassword)) {
for (unsigned int i = 0; i < ARRAYSIZE_UNSAFE(test_vectors); ++i) {
SCOPED_TRACE(StringPrintf("Test[%u]", i));
- scoped_ptr<base::SymmetricKey> key(base::DeriveKeyFromPassword(
- test_vectors[i].password, test_vectors[i].salt, test_vectors[i].rounds,
- test_vectors[i].key_size));
+ scoped_ptr<base::SymmetricKey> key(
+ base::SymmetricKey::DeriveKeyFromPassword(
+ base::SymmetricKey::HMAC_SHA1,
+ test_vectors[i].password, test_vectors[i].salt,
+ test_vectors[i].rounds, test_vectors[i].key_size));
EXPECT_TRUE(NULL != key.get());
std::string raw_key;
diff --git a/base/crypto/symmetric_key_win.cc b/base/crypto/symmetric_key_win.cc
index 5a302aa..014e1ba 100644
--- a/base/crypto/symmetric_key_win.cc
+++ b/base/crypto/symmetric_key_win.cc
@@ -6,8 +6,23 @@
namespace base {
+// TODO(albertb): Implement on Windows.
+
+// static
+SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, unsigned int key_size) {
+ return NULL;
+}
+
+// static
+SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm,
+ const std::string& password,
+ const std::string& salt,
+ size_t iterations,
+ size_t key_size) {
+ return NULL;
+}
+
bool SymmetricKey::GetRawKey(std::string* raw_key) {
- // TODO(albertb): Implement on Windows.
return false;
}