From 1b47ce2e8d25023f531f4afa8f05b044c4cef111 Mon Sep 17 00:00:00 2001
From: "albertb@chromium.org"
 <albertb@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98>
Date: Wed, 31 Mar 2010 16:18:30 +0000
Subject: First pass of a Nigori implementation for Chrome. Only unassisted key
 derivation is supported and there is no support for server authentication.

BUG=37363
TEST=unit tests

Review URL: http://codereview.chromium.org/1357003

git-svn-id: svn://svn.chromium.org/chrome/trunk/src@43220 0039d316-1c4b-4281-b951-d872f2087c98
---
 base/hmac_nss.cc | 25 +++++++++++++++----------
 1 file changed, 15 insertions(+), 10 deletions(-)

(limited to 'base/hmac_nss.cc')

diff --git a/base/hmac_nss.cc b/base/hmac_nss.cc
index 8f63d04..b3c0c67 100644
--- a/base/hmac_nss.cc
+++ b/base/hmac_nss.cc
@@ -15,31 +15,36 @@
 namespace base {
 
 struct HMACPlatformData {
+  CK_MECHANISM_TYPE mechanism_;
   ScopedPK11Slot slot_;
   ScopedPK11SymKey sym_key_;
 };
 
 HMAC::HMAC(HashAlgorithm hash_alg)
     : hash_alg_(hash_alg), plat_(new HMACPlatformData()) {
-  // Only SHA-1 digest is supported now.
-  DCHECK(hash_alg_ == SHA1);
+  // Only SHA-1 and SHA-256 hash algorithms are supported.
+  switch (hash_alg_) {
+    case SHA1:
+      plat_->mechanism_ = CKM_SHA_1_HMAC;
+      break;
+    case SHA256:
+      plat_->mechanism_ = CKM_SHA256_HMAC;
+      break;
+    default:
+      NOTREACHED() << "Unsupported hash algorithm";
+  }
 }
 
 bool HMAC::Init(const unsigned char *key, int key_length) {
   base::EnsureNSSInit();
 
-  if (hash_alg_ != SHA1) {
-    NOTREACHED();
-    return false;
-  }
-
   if (plat_->slot_.get()) {
     // Init must not be called more than twice on the same HMAC object.
     NOTREACHED();
     return false;
   }
 
-  plat_->slot_.reset(PK11_GetBestSlot(CKM_SHA_1_HMAC, NULL));
+  plat_->slot_.reset(PK11_GetBestSlot(plat_->mechanism_, NULL));
   if (!plat_->slot_.get()) {
     NOTREACHED();
     return false;
@@ -51,7 +56,7 @@ bool HMAC::Init(const unsigned char *key, int key_length) {
   key_item.len = key_length;
 
   plat_->sym_key_.reset(PK11_ImportSymKey(plat_->slot_.get(),
-                                          CKM_SHA_1_HMAC,
+                                          plat_->mechanism_,
                                           PK11_OriginUnwrap,
                                           CKA_SIGN,
                                           &key_item,
@@ -77,7 +82,7 @@ bool HMAC::Sign(const std::string& data,
   }
 
   SECItem param = { siBuffer, NULL, 0 };
-  ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_SHA_1_HMAC,
+  ScopedPK11Context context(PK11_CreateContextBySymKey(plat_->mechanism_,
                                                        CKA_SIGN,
                                                        plat_->sym_key_.get(),
                                                        &param));
-- 
cgit v1.1