diff options
Diffstat (limited to 'base')
| -rw-r--r-- | base/base.gyp | 5 | ||||
| -rw-r--r-- | base/base.gypi | 50 | ||||
| -rw-r--r-- | base/crypto/encryptor_openssl.cc | 32 | ||||
| -rw-r--r-- | base/crypto/rsa_private_key_openssl.cc | 79 | ||||
| -rw-r--r-- | base/crypto/signature_creator_openssl.cc | 32 | ||||
| -rw-r--r-- | base/crypto/signature_verifier_openssl.cc | 41 | ||||
| -rw-r--r-- | base/crypto/symmetric_key.h | 5 | ||||
| -rw-r--r-- | base/crypto/symmetric_key_openssl.cc | 43 | ||||
| -rw-r--r-- | base/hmac_openssl.cc | 57 | ||||
| -rw-r--r-- | base/openssl_util.h | 53 | ||||
| -rw-r--r-- | base/sha2_openssl.cc | 30 |
11 files changed, 425 insertions, 2 deletions
diff --git a/base/base.gyp b/base/base.gyp index 8e0b1e9..2de9b4b 100644 --- a/base/base.gyp +++ b/base/base.gyp @@ -235,6 +235,11 @@ 'win_util_unittest.cc', ], }], + [ 'use_openssl==1', { + 'sources!': [ + 'crypto/rsa_private_key_nss_unittest.cc', + ], + }], ], }, { diff --git a/base/base.gypi b/base/base.gypi index 7280eb8..b9fad5e 100644 --- a/base/base.gypi +++ b/base/base.gypi @@ -391,23 +391,28 @@ 'crypto/encryptor.h', 'crypto/encryptor_mac.cc', 'crypto/encryptor_nss.cc', + 'crypto/encryptor_openssl.cc', 'crypto/encryptor_win.cc', 'crypto/rsa_private_key.h', 'crypto/rsa_private_key.cc', 'crypto/rsa_private_key_mac.cc', 'crypto/rsa_private_key_nss.cc', + 'crypto/rsa_private_key_openssl.cc', 'crypto/rsa_private_key_win.cc', 'crypto/signature_creator.h', 'crypto/signature_creator_mac.cc', 'crypto/signature_creator_nss.cc', + 'crypto/signature_creator_openssl.cc', 'crypto/signature_creator_win.cc', 'crypto/signature_verifier.h', 'crypto/signature_verifier_mac.cc', 'crypto/signature_verifier_nss.cc', + 'crypto/signature_verifier_openssl.cc', 'crypto/signature_verifier_win.cc', 'crypto/symmetric_key.h', 'crypto/symmetric_key_mac.cc', 'crypto/symmetric_key_nss.cc', + 'crypto/symmetric_key_openssl.cc', 'crypto/symmetric_key_win.cc', 'third_party/nspr/prcpucfg.h', 'third_party/nspr/prcpucfg_win.h', @@ -432,6 +437,7 @@ 'hmac.h', 'hmac_mac.cc', 'hmac_nss.cc', + 'hmac_openssl.cc', 'hmac_win.cc', 'image_util.cc', 'image_util.h', @@ -455,6 +461,7 @@ 'setproctitle_linux.h', 'sha2.cc', 'sha2.h', + 'sha2_openssl.cc', 'string16.cc', 'string16.h', 'sync_socket.h', @@ -512,6 +519,38 @@ 'win_util.cc', ], },], + [ 'use_openssl==1', { + # TODO(joth): Use a glob to match exclude patterns once the + # OpenSSL file set is complete. + 'sources!': [ + 'crypto/encryptor_nss.cc', + 'crypto/rsa_private_key_nss.cc', + 'crypto/signature_creator_nss.cc', + 'crypto/signature_verifier_nss.cc', + 'crypto/symmetric_key_nss.cc', + 'hmac_nss.cc', + 'nss_util.cc', + 'nss_util.h', + # Note that sha2.cc depends on the NSS files bundled into + # chromium; it does not have the _nss postfix as it is required + # on platforms besides linux and *bsd. + 'sha2.cc', + 'third_party/nss/blapi.h', + 'third_party/nss/blapit.h', + 'third_party/nss/sha256.h', + 'third_party/nss/sha512.cc', + ], + }, { + 'sources!': [ + 'crypto/encryptor_openssl.cc', + 'crypto/rsa_private_key_openssl.cc', + 'crypto/signature_creator_openssl.cc', + 'crypto/signature_verifier_openssl.cc', + 'crypto/symmetric_key_openssl.cc', + 'hmac_openssl.cc', + 'sha2_openssl.cc', + ], + },], ], }], ], @@ -550,12 +589,21 @@ }, }, ], + [ 'use_openssl==1', { + 'dependencies': [ + '../build/linux/system.gyp:openssl', + ], + }, { # use_openssl==0 + 'dependencies': [ + '../build/linux/system.gyp:nss', + ], + } + ], ], 'dependencies': [ 'symbolize', '../build/util/build_util.gyp:lastchange', '../build/linux/system.gyp:gtk', - '../build/linux/system.gyp:nss', 'xdg_mime', ], 'export_dependent_settings': [ diff --git a/base/crypto/encryptor_openssl.cc b/base/crypto/encryptor_openssl.cc new file mode 100644 index 0000000..71a84be --- /dev/null +++ b/base/crypto/encryptor_openssl.cc @@ -0,0 +1,32 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/encryptor.h" + +#include "base/logging.h" + +namespace base { + +Encryptor::Encryptor() { +} + +Encryptor::~Encryptor() { +} + +bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { + NOTIMPLEMENTED(); + return false; +} + +bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { + NOTIMPLEMENTED(); + return false; +} + +bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/rsa_private_key_openssl.cc b/base/crypto/rsa_private_key_openssl.cc new file mode 100644 index 0000000..ec1d8b5 --- /dev/null +++ b/base/crypto/rsa_private_key_openssl.cc @@ -0,0 +1,79 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/rsa_private_key.h" + +#include "base/logging.h" + +namespace base { + +// static +RSAPrivateKey* RSAPrivateKey::CreateWithParams(uint16 num_bits, + bool permanent, + bool sensitive) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::Create(uint16 num_bits) { + return CreateWithParams(num_bits, + false /* not permanent */, + false /* not sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitive(uint16 num_bits) { + return CreateWithParams(num_bits, + true /* permanent */, + true /* sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfoWithParams( + const std::vector<uint8>& input, bool permanent, bool sensitive) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateFromPrivateKeyInfo( + const std::vector<uint8>& input) { + return CreateFromPrivateKeyInfoWithParams(input, + false /* not permanent */, + false /* not sensitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::CreateSensitiveFromPrivateKeyInfo( + const std::vector<uint8>& input) { + return CreateFromPrivateKeyInfoWithParams(input, + true /* permanent */, + true /* seneitive */); +} + +// static +RSAPrivateKey* RSAPrivateKey::FindFromPublicKeyInfo( + const std::vector<uint8>& input) { + NOTIMPLEMENTED(); + return NULL; +} + +RSAPrivateKey::RSAPrivateKey() { +} + +RSAPrivateKey::~RSAPrivateKey() { +} + +bool RSAPrivateKey::ExportPrivateKey(std::vector<uint8>* output) { + NOTIMPLEMENTED(); + return false; +} + +bool RSAPrivateKey::ExportPublicKey(std::vector<uint8>* output) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/signature_creator_openssl.cc b/base/crypto/signature_creator_openssl.cc new file mode 100644 index 0000000..5d70f01 --- /dev/null +++ b/base/crypto/signature_creator_openssl.cc @@ -0,0 +1,32 @@ +// Copyright (c) 2009 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/signature_creator.h" + +#include "base/logging.h" + +namespace base { + +// static +SignatureCreator* SignatureCreator::Create(RSAPrivateKey* key) { + return NULL; +} + +SignatureCreator::SignatureCreator() { +} + +SignatureCreator::~SignatureCreator() { +} + +bool SignatureCreator::Update(const uint8* data_part, int data_part_len) { + NOTIMPLEMENTED(); + return false; +} + +bool SignatureCreator::Final(std::vector<uint8>* signature) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/crypto/signature_verifier_openssl.cc b/base/crypto/signature_verifier_openssl.cc new file mode 100644 index 0000000..49b5e07 --- /dev/null +++ b/base/crypto/signature_verifier_openssl.cc @@ -0,0 +1,41 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/signature_verifier.h" + +#include "base/logging.h" + +namespace base { + +SignatureVerifier::SignatureVerifier() { +} + +SignatureVerifier::~SignatureVerifier() { +} + +bool SignatureVerifier::VerifyInit(const uint8* signature_algorithm, + int signature_algorithm_len, + const uint8* signature, + int signature_len, + const uint8* public_key_info, + int public_key_info_len) { + NOTIMPLEMENTED(); + return false; +} + +void SignatureVerifier::VerifyUpdate(const uint8* data_part, + int data_part_len) { + NOTIMPLEMENTED(); +} + +bool SignatureVerifier::VerifyFinal() { + NOTIMPLEMENTED(); + return false; +} + +void SignatureVerifier::Reset() { + NOTIMPLEMENTED(); +} + +} // namespace base diff --git a/base/crypto/symmetric_key.h b/base/crypto/symmetric_key.h index d7259be..3f2be76 100644 --- a/base/crypto/symmetric_key.h +++ b/base/crypto/symmetric_key.h @@ -65,7 +65,10 @@ class SymmetricKey { bool GetRawKey(std::string* raw_key); private: -#if defined(USE_NSS) +#if defined(USE_OPENSSL) + // TODO(joth): Add a constructor that accepts OpenSSL symmetric key data, and + // the appropriate data members to store it in. +#elif defined(USE_NSS) explicit SymmetricKey(PK11SymKey* key); ScopedPK11SymKey key_; #elif defined(OS_MACOSX) diff --git a/base/crypto/symmetric_key_openssl.cc b/base/crypto/symmetric_key_openssl.cc new file mode 100644 index 0000000..591252d --- /dev/null +++ b/base/crypto/symmetric_key_openssl.cc @@ -0,0 +1,43 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/crypto/symmetric_key.h" + +#include "base/logging.h" + +namespace base { + +SymmetricKey::~SymmetricKey() { +} + +// static +SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, + size_t key_size_in_bits) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, + const std::string& password, + const std::string& salt, + size_t iterations, + size_t key_size_in_bits) { + NOTIMPLEMENTED(); + return NULL; +} + +// static +SymmetricKey* SymmetricKey::Import(Algorithm algorithm, + const std::string& raw_key) { + NOTIMPLEMENTED(); + return NULL; +} + +bool SymmetricKey::GetRawKey(std::string* raw_key) { + NOTIMPLEMENTED(); + return false; +} + +} // namespace base diff --git a/base/hmac_openssl.cc b/base/hmac_openssl.cc new file mode 100644 index 0000000..f45d3a7 --- /dev/null +++ b/base/hmac_openssl.cc @@ -0,0 +1,57 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/hmac.h" + +#include <openssl/hmac.h> + +#include <algorithm> +#include <vector> + +#include "base/logging.h" +#include "base/openssl_util.h" +#include "base/scoped_ptr.h" +#include "base/stl_util-inl.h" + +namespace base { + +struct HMACPlatformData { + std::vector<unsigned char> key; +}; + +HMAC::HMAC(HashAlgorithm hash_alg) + : hash_alg_(hash_alg), plat_(new HMACPlatformData()) { + // Only SHA-1 and SHA-256 hash algorithms are supported now. + DCHECK(hash_alg_ == SHA1 || hash_alg_ == SHA256); +} + +bool HMAC::Init(const unsigned char* key, int key_length) { + // Init must not be called more than once on the same HMAC object. + DCHECK(plat_->key.empty()); + + plat_->key.assign(key, key + key_length); + return true; +} + +HMAC::~HMAC() { + // Zero out key copy. + plat_->key.assign(plat_->key.size(), 0); + STLClearObject(&plat_->key); +} + +bool HMAC::Sign(const std::string& data, + unsigned char* digest, + int digest_length) { + DCHECK_GE(digest_length, 0); + DCHECK(!plat_->key.empty()); // Init must be called before Sign. + + ScopedOpenSSLSafeSizeBuffer<EVP_MAX_MD_SIZE> result(digest, digest_length); + return ::HMAC(hash_alg_ == SHA1 ? EVP_sha1() : EVP_sha256(), + &plat_->key[0], plat_->key.size(), + reinterpret_cast<const unsigned char*>(data.data()), + data.size(), + result.safe_buffer(), NULL); +} + +} // namespace base diff --git a/base/openssl_util.h b/base/openssl_util.h new file mode 100644 index 0000000..4f564cf --- /dev/null +++ b/base/openssl_util.h @@ -0,0 +1,53 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef BASE_OPENNSSL_UTIL_H_ +#define BASE_OPENNSSL_UTIL_H_ +#pragma once + +#include "base/basictypes.h" + +namespace base { + +// Provides a buffer of at least MIN_SIZE bytes, for use when calling OpenSSL's +// SHA256, HMAC, etc functions, adapting the buffer sizing rules to meet those +// of the our base wrapper APIs. +// This allows the library to write directly to the caller's buffer if it is of +// sufficient size, but if not it will write to temporary |min_sized_buffer_| +// of required size and then its content is automatically copied out on +// destruction, with truncation as appropriate. +template<int MIN_SIZE> +class ScopedOpenSSLSafeSizeBuffer { + public: + ScopedOpenSSLSafeSizeBuffer(unsigned char* output, size_t output_len) + : output_(output), + output_len_(output_len) { + } + + ~ScopedOpenSSLSafeSizeBuffer() { + if (output_len_ < MIN_SIZE) { + // Copy the temporary buffer out, truncating as needed. + memcpy(output_, min_sized_buffer_, output_len_); + } + // else... any writing already happened directly into |output_|. + } + + unsigned char* safe_buffer() { + return output_len_ < MIN_SIZE ? min_sized_buffer_ : output_; + } + + private: + // Pointer to the caller's data area and it's associated size, where data + // written via safe_buffer() will [eventually] end up. + unsigned char* output_; + size_t output_len_; + + // Temporary buffer writen into in the case where the caller's + // buffer is not of sufficient size. + unsigned char min_sized_buffer_[MIN_SIZE]; +}; + +} // namespace base + +#endif // BASE_NSS_UTIL_H_ diff --git a/base/sha2_openssl.cc b/base/sha2_openssl.cc new file mode 100644 index 0000000..afbce2f --- /dev/null +++ b/base/sha2_openssl.cc @@ -0,0 +1,30 @@ +// Copyright (c) 2010 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "base/sha2.h" + +#include <openssl/ssl.h> + +#include "base/basictypes.h" +#include "base/openssl_util.h" +#include "base/stl_util-inl.h" + +namespace base { + +void SHA256HashString(const std::string& str, void* output, size_t len) { + COMPILE_ASSERT(SHA256_LENGTH == SHA256_DIGEST_LENGTH, + API_and_OpenSSL_SHA256_lengths_must_match); + ScopedOpenSSLSafeSizeBuffer<SHA256_DIGEST_LENGTH> result( + reinterpret_cast<unsigned char*>(output), len); + ::SHA256(reinterpret_cast<const unsigned char*>(str.data()), str.size(), + result.safe_buffer()); +} + +std::string SHA256HashString(const std::string& str) { + std::string output(SHA256_LENGTH, 0); + SHA256HashString(str, string_as_array(&output), output.size()); + return output; +} + +} // namespace base |