diff options
| author | bulach@chromium.org <bulach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-27 11:21:07 +0000 |
|---|---|---|
| committer | bulach@chromium.org <bulach@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-01-27 11:21:07 +0000 |
| commit | c322aa9bac52f4ec49fbc6abb4f394ff29ae9922 (patch) | |
| tree | 9ed1e95d052397f325c938b67a90b41b4c51932f /base | |
| parent | 6954715002b52e52061bc03c1307e4e450cd910c (diff) | |
| download | chromium_src-c322aa9bac52f4ec49fbc6abb4f394ff29ae9922.zip chromium_src-c322aa9bac52f4ec49fbc6abb4f394ff29ae9922.tar.gz chromium_src-c322aa9bac52f4ec49fbc6abb4f394ff29ae9922.tar.bz2 | |
Abstracts SHA256 context for NSS / OpenSSL.
Stubs out SslServerSocket for OpenSSL.
BUG=none
TEST=Sha256Test.TestContext (and compiles with openssl flag).
Review URL: http://codereview.chromium.org/6276002
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@72782 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'base')
| -rw-r--r-- | base/base.gyp | 1 | ||||
| -rw-r--r-- | base/base.gypi | 5 | ||||
| -rw-r--r-- | base/crypto/secure_hash.h | 36 | ||||
| -rw-r--r-- | base/crypto/secure_hash_nss.cc | 49 | ||||
| -rw-r--r-- | base/crypto/secure_hash_openssl.cc | 53 | ||||
| -rw-r--r-- | base/crypto/secure_hash_unittest.cc | 34 |
6 files changed, 178 insertions, 0 deletions
diff --git a/base/base.gyp b/base/base.gyp index fbef42b..c407ce9 100644 --- a/base/base.gyp +++ b/base/base.gyp @@ -71,6 +71,7 @@ 'crypto/encryptor_unittest.cc', 'crypto/rsa_private_key_unittest.cc', 'crypto/rsa_private_key_nss_unittest.cc', + 'crypto/secure_hash_unittest.cc', 'crypto/signature_creator_unittest.cc', 'crypto/signature_verifier_unittest.cc', 'crypto/symmetric_key_unittest.cc', diff --git a/base/base.gypi b/base/base.gypi index b68ced8..7d0a55d 100644 --- a/base/base.gypi +++ b/base/base.gypi @@ -524,6 +524,7 @@ 'sources!': [ 'crypto/encryptor_nss.cc', 'crypto/rsa_private_key_nss.cc', + 'crypto/secure_hash_nss.cc', 'crypto/signature_creator_nss.cc', 'crypto/signature_verifier_nss.cc', 'crypto/symmetric_key_nss.cc', @@ -543,6 +544,7 @@ 'sources!': [ 'crypto/encryptor_openssl.cc', 'crypto/rsa_private_key_openssl.cc', + 'crypto/secure_hash_openssl.cc', 'crypto/signature_creator_openssl.cc', 'crypto/signature_verifier_openssl.cc', 'crypto/symmetric_key_openssl.cc', @@ -570,6 +572,9 @@ 'crypto/rsa_private_key_nss.cc', 'crypto/rsa_private_key_openssl.cc', 'crypto/rsa_private_key_win.cc', + 'crypto/secure_hash.h', + 'crypto/secure_hash_nss.cc', + 'crypto/secure_hash_openssl.cc', 'crypto/signature_creator.h', 'crypto/signature_creator_mac.cc', 'crypto/signature_creator_nss.cc', diff --git a/base/crypto/secure_hash.h b/base/crypto/secure_hash.h new file mode 100644 index 0000000..3759218 --- /dev/null +++ b/base/crypto/secure_hash.h @@ -0,0 +1,36 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_CRYPTO_SECURE_HASH_H_ +#define BASE_CRYPTO_SECURE_HASH_H_ +#pragma once + +#include "base/basictypes.h" + +namespace base { + +// A wrapper to calculate secure hashes incrementally, allowing to +// be used when the full input is not known in advance. +class SecureHash { + public: + enum Algorithm { + SHA256, + }; + virtual ~SecureHash() {} + + static SecureHash* Create(Algorithm type); + + virtual void Update(const void* input, size_t len) = 0; + virtual void Finish(void* output, size_t len) = 0; + + protected: + SecureHash() {} + + private: + DISALLOW_COPY_AND_ASSIGN(SecureHash); +}; + +} // namespace base + +#endif // BASE_CRYPTO_SECURE_HASH_H_ diff --git a/base/crypto/secure_hash_nss.cc b/base/crypto/secure_hash_nss.cc new file mode 100644 index 0000000..436867e --- /dev/null +++ b/base/crypto/secure_hash_nss.cc @@ -0,0 +1,49 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/secure_hash.h" + +#include "base/logging.h" +#include "base/third_party/nss/blapi.h" +#include "base/third_party/nss/sha256.h" + +namespace base { + +namespace { + +class SecureHashSHA256NSS : public SecureHash { + public: + SecureHashSHA256NSS() { + SHA256_Begin(&ctx_); + } + + virtual ~SecureHashSHA256NSS() { + } + + virtual void Update(const void* input, size_t len) { + SHA256_Update(&ctx_, static_cast<const unsigned char*>(input), len); + } + + virtual void Finish(void* output, size_t len) { + SHA256_End(&ctx_, static_cast<unsigned char*>(output), NULL, + static_cast<unsigned int>(len)); + } + + private: + SHA256Context ctx_; +}; + +} // namespace + +SecureHash* SecureHash::Create(Algorithm algorithm) { + switch (algorithm) { + case SHA256: + return new SecureHashSHA256NSS(); + default: + NOTIMPLEMENTED(); + return NULL; + } +} + +} // namespace base diff --git a/base/crypto/secure_hash_openssl.cc b/base/crypto/secure_hash_openssl.cc new file mode 100644 index 0000000..8087279 --- /dev/null +++ b/base/crypto/secure_hash_openssl.cc @@ -0,0 +1,53 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/secure_hash.h" + +#include <openssl/ssl.h> + +#include "base/basictypes.h" +#include "base/logging.h" +#include "base/openssl_util.h" + +namespace base { + +namespace { + +class SecureHashSHA256OpenSSL : public SecureHash { + public: + SecureHashSHA256OpenSSL() { + SHA256_Init(&ctx_); + } + + virtual ~SecureHashSHA256OpenSSL() { + OPENSSL_cleanse(&ctx_, sizeof(ctx_)); + } + + virtual void Update(const void* input, size_t len) { + SHA256_Update(&ctx_, static_cast<const unsigned char*>(input), len); + } + + virtual void Finish(void* output, size_t len) { + ScopedOpenSSLSafeSizeBuffer<SHA256_DIGEST_LENGTH> result( + static_cast<unsigned char*>(output), len); + SHA256_Final(result.safe_buffer(), &ctx_); + } + + private: + SHA256_CTX ctx_; +}; + +} // namespace + +SecureHash* SecureHash::Create(Algorithm algorithm) { + switch (algorithm) { + case SHA256: + return new SecureHashSHA256OpenSSL(); + default: + NOTIMPLEMENTED(); + return NULL; + } +} + +} // namespace base diff --git a/base/crypto/secure_hash_unittest.cc b/base/crypto/secure_hash_unittest.cc new file mode 100644 index 0000000..2dac928 --- /dev/null +++ b/base/crypto/secure_hash_unittest.cc @@ -0,0 +1,34 @@ +// Copyright (c) 2011 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/secure_hash.h" + +#include "base/basictypes.h" +#include "base/scoped_ptr.h" +#include "base/sha2.h" +#include "testing/gtest/include/gtest/gtest.h" + +TEST(SecureHashTest, TestUpdate) { + // Example B.3 from FIPS 180-2: long message. + std::string input3(500000, 'a'); // 'a' repeated half a million times + int expected3[] = { 0xcd, 0xc7, 0x6e, 0x5c, + 0x99, 0x14, 0xfb, 0x92, + 0x81, 0xa1, 0xc7, 0xe2, + 0x84, 0xd7, 0x3e, 0x67, + 0xf1, 0x80, 0x9a, 0x48, + 0xa4, 0x97, 0x20, 0x0e, + 0x04, 0x6d, 0x39, 0xcc, + 0xc7, 0x11, 0x2c, 0xd0 }; + + uint8 output3[base::SHA256_LENGTH]; + + scoped_ptr<base::SecureHash> ctx(base::SecureHash::Create( + base::SecureHash::SHA256)); + ctx->Update(input3.data(), input3.size()); + ctx->Update(input3.data(), input3.size()); + + ctx->Finish(output3, sizeof(output3)); + for (size_t i = 0; i < base::SHA256_LENGTH; i++) + EXPECT_EQ(expected3[i], static_cast<int>(output3[i])); +} |