diff options
| author | albertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-12 22:16:04 +0000 |
|---|---|---|
| committer | albertb@chromium.org <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2010-07-12 22:16:04 +0000 |
| commit | 191b5afba6e5cce70928dd84ab047743ace27076 (patch) | |
| tree | 14bc7b7fc2df8451f8178f53c27e47c6e534a688 /base | |
| parent | 6448b3abcfa035eaf65b7c0c15bb728513f228fe (diff) | |
| download | chromium_src-191b5afba6e5cce70928dd84ab047743ace27076.zip chromium_src-191b5afba6e5cce70928dd84ab047743ace27076.tar.gz chromium_src-191b5afba6e5cce70928dd84ab047743ace27076.tar.bz2 | |
Revert "Add support for SymmetricKey to import raw keys when using NSS."
This reverts commit e9757388eb66acc907c79a3c82b0006c36e0714a.
BUG=none
TEST=none
TBR=arv
Review URL: http://codereview.chromium.org/2962010
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@52138 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
| -rw-r--r-- | base/crypto/encryptor_unittest.cc | 9 | ||||
| -rw-r--r-- | base/crypto/symmetric_key.h | 20 | ||||
| -rw-r--r-- | base/crypto/symmetric_key_nss.cc | 31 | ||||
| -rw-r--r-- | base/crypto/symmetric_key_unittest.cc | 47 | ||||
| -rw-r--r-- | base/crypto/symmetric_key_win.cc | 9 |
5 files changed, 23 insertions, 93 deletions
diff --git a/base/crypto/encryptor_unittest.cc b/base/crypto/encryptor_unittest.cc index c5967fa..a4f4afd 100644 --- a/base/crypto/encryptor_unittest.cc +++ b/base/crypto/encryptor_unittest.cc @@ -39,8 +39,9 @@ TEST(EncryptorTest, EncryptDecrypt) { // http://gladman.plushost.co.uk/oldsite/AES/index.php // http://csrc.nist.gov/groups/STM/cavp/documents/aes/KAT_AES.zip -// TODO(wtc): implement base::SymmetricKey::Import and enable this test on Mac. -#if defined(USE_NSS) || defined(OS_WIN) +// TODO(wtc): implement base::SymmetricKey::Import and enable this test for +// other platforms. +#if defined(OS_WIN) // NIST SP 800-38A test vector F.2.5 CBC-AES256.Encrypt. TEST(EncryptorTest, EncryptAES256CBC) { // From NIST SP 800-38a test cast F.2.5 CBC-AES256.Encrypt. @@ -87,7 +88,7 @@ TEST(EncryptorTest, EncryptAES256CBC) { }; scoped_ptr<base::SymmetricKey> key(base::SymmetricKey::Import( - base::SymmetricKey::AES, reinterpret_cast<const char*>(raw_key))); + base::SymmetricKey::AES, raw_key, sizeof(raw_key))); EXPECT_TRUE(NULL != key.get()); base::Encryptor encryptor; @@ -109,4 +110,4 @@ TEST(EncryptorTest, EncryptAES256CBC) { EXPECT_EQ(plaintext, decypted); } -#endif // USE_NSS || OS_WIN +#endif // OS_WIN diff --git a/base/crypto/symmetric_key.h b/base/crypto/symmetric_key.h index c1e6f97..48b3708 100644 --- a/base/crypto/symmetric_key.h +++ b/base/crypto/symmetric_key.h @@ -44,13 +44,12 @@ class SymmetricKey { size_t iterations, size_t key_size_in_bits); -#if defined(USE_NSS) || defined(OS_WIN) - // TODO(albertb): Port this method to mac. - // Imports a raw key. For this call to be successful, |raw_key| must have been - // generated by either GenerateRandomKey or DeriveKeyFromPassword, and - // must have been exported with GetRawKey. The caller owns the returned - // SymmetricKey. - static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key); + // TODO(wtc): port this method to Mac and NSS. +#if defined(OS_WIN) + // Imports a raw key. This method is only used by unit tests. + static SymmetricKey* Import(Algorithm algorithm, + const void* key_data, + size_t key_size_in_bytes); #endif #if defined(USE_NSS) @@ -61,14 +60,13 @@ class SymmetricKey { HCRYPTKEY key() const { return key_.get(); } #endif - // Extracts the raw key from the platform specific data. - // Warning: |raw_key| holds the raw key as bytes and thus must be handled - // carefully. + // Extracts the raw key from the platform specific data. This should only be + // done in unit tests to verify that keys are generated correctly. bool GetRawKey(std::string* raw_key); private: #if defined(USE_NSS) - explicit SymmetricKey(PK11SymKey* key); + explicit SymmetricKey(PK11SymKey* key) : key_(key) {} ScopedPK11SymKey key_; #elif defined(OS_MACOSX) SymmetricKey(const void* key_data, size_t key_size_in_bits); diff --git a/base/crypto/symmetric_key_nss.cc b/base/crypto/symmetric_key_nss.cc index 1405677..ed4804f 100644 --- a/base/crypto/symmetric_key_nss.cc +++ b/base/crypto/symmetric_key_nss.cc @@ -12,10 +12,6 @@ namespace base { -SymmetricKey::SymmetricKey(PK11SymKey* key) : key_(key) { - DCHECK(key); -} - SymmetricKey::~SymmetricKey() {} // static @@ -84,33 +80,6 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, return new SymmetricKey(sym_key); } -// static -SymmetricKey* SymmetricKey::Import(Algorithm algorithm, - const std::string& raw_key) { - CK_MECHANISM_TYPE cipher = - algorithm == AES ? CKM_AES_KEY_GEN : CKM_SHA_1_HMAC; - - SECItem key_item; - key_item.type = siBuffer; - key_item.data = reinterpret_cast<unsigned char*>( - const_cast<char *>(raw_key.data())); - key_item.len = raw_key.size(); - - ScopedPK11Slot slot(PK11_GetBestSlot(cipher, NULL)); - if (!slot.get()) - return NULL; - - // The exact value of the |origin| argument doesn't matter to NSS as long as - // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a - // placeholder. - PK11SymKey* sym_key = PK11_ImportSymKey(slot.get(), cipher, PK11_OriginUnwrap, - CKA_ENCRYPT, &key_item, NULL); - if (!sym_key) - return NULL; - - return new SymmetricKey(sym_key); -} - bool SymmetricKey::GetRawKey(std::string* raw_key) { SECStatus rv = PK11_ExtractKeyValue(key_.get()); if (SECSuccess != rv) diff --git a/base/crypto/symmetric_key_unittest.cc b/base/crypto/symmetric_key_unittest.cc index 341e45b..9be846c 100644 --- a/base/crypto/symmetric_key_unittest.cc +++ b/base/crypto/symmetric_key_unittest.cc @@ -13,7 +13,7 @@ TEST(SymmetricKeyTest, GenerateRandomKey) { scoped_ptr<base::SymmetricKey> key( base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key.get()); + EXPECT_TRUE(NULL != key.get()); std::string raw_key; EXPECT_TRUE(key->GetRawKey(&raw_key)); EXPECT_EQ(32U, raw_key.size()); @@ -22,54 +22,13 @@ TEST(SymmetricKeyTest, GenerateRandomKey) { // (Note: this has a one-in-10^77 chance of failure!) scoped_ptr<base::SymmetricKey> key2( base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key2.get()); + EXPECT_TRUE(NULL != key2.get()); std::string raw_key2; EXPECT_TRUE(key2->GetRawKey(&raw_key2)); EXPECT_EQ(32U, raw_key2.size()); EXPECT_NE(raw_key, raw_key2); } -// TODO(albertb): Port this test to Mac. -#if defined(USE_NSS) || defined(OS_WIN) -TEST(SymmetricKeyTest, ImportGeneratedKey) { - scoped_ptr<base::SymmetricKey> key1( - base::SymmetricKey::GenerateRandomKey(base::SymmetricKey::AES, 256)); - ASSERT_TRUE(NULL != key1.get()); - std::string raw_key1; - EXPECT_TRUE(key1->GetRawKey(&raw_key1)); - - scoped_ptr<base::SymmetricKey> key2( - base::SymmetricKey::Import(base::SymmetricKey::AES, raw_key1)); - ASSERT_TRUE(NULL != key2.get()); - - std::string raw_key2; - EXPECT_TRUE(key2->GetRawKey(&raw_key2)); - - EXPECT_EQ(raw_key1, raw_key2); -} -#endif // USE_NSS || OS_WIN - -// TODO(albertb): Port this test to Win and Mac. -#if defined(USE_NSS) -TEST(SymmetricKeyTest, ImportDerivedKey) { - scoped_ptr<base::SymmetricKey> key1( - base::SymmetricKey::DeriveKeyFromPassword(base::SymmetricKey::HMAC_SHA1, - "password", "salt", 1024, 160)); - ASSERT_TRUE(NULL != key1.get()); - std::string raw_key1; - EXPECT_TRUE(key1->GetRawKey(&raw_key1)); - - scoped_ptr<base::SymmetricKey> key2( - base::SymmetricKey::Import(base::SymmetricKey::HMAC_SHA1, raw_key1)); - ASSERT_TRUE(NULL != key2.get()); - - std::string raw_key2; - EXPECT_TRUE(key2->GetRawKey(&raw_key2)); - - EXPECT_EQ(raw_key1, raw_key2); -} -#endif // USE_NSS - struct PBKDF2TestVector { const char* password; const char* salt; @@ -78,6 +37,8 @@ struct PBKDF2TestVector { const uint8 expected[21]; // string literals need 1 extra NUL byte }; +// These are the test vectors suggested in: +// http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt static const PBKDF2TestVector test_vectors[] = { // These tests come from // http://www.ietf.org/id/draft-josefsson-pbkdf2-test-vectors-00.txt diff --git a/base/crypto/symmetric_key_win.cc b/base/crypto/symmetric_key_win.cc index 7d2080c..eb772d5 100644 --- a/base/crypto/symmetric_key_win.cc +++ b/base/crypto/symmetric_key_win.cc @@ -454,7 +454,8 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, // static SymmetricKey* SymmetricKey::Import(Algorithm algorithm, - const std::string& raw_key) { + const void* key_data, + size_t key_size_in_bytes) { // TODO(wtc): support HMAC. DCHECK_EQ(algorithm, AES); @@ -464,16 +465,16 @@ SymmetricKey* SymmetricKey::Import(Algorithm algorithm, if (!ok) return NULL; - ALG_ID alg = GetAESAlgIDForKeySize(raw_key.size() * 8); + ALG_ID alg = GetAESAlgIDForKeySize(key_size_in_bytes * 8); if (alg == 0) return NULL; ScopedHCRYPTKEY key; - if (!ImportRawKey(provider, alg, raw_key.data(), raw_key.size(), &key)) + if (!ImportRawKey(provider, alg, key_data, key_size_in_bytes, &key)) return NULL; return new SymmetricKey(provider.release(), key.release(), - raw_key.data(), raw_key.size()); + key_data, key_size_in_bytes); } bool SymmetricKey::GetRawKey(std::string* raw_key) { |