1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SYMMETRIC_KEY_H_ 6 #define CRYPTO_SYMMETRIC_KEY_H_ 7 8 #include <stddef.h> 9 10 #include <memory> 11 #include <string> 12 13 #include "base/macros.h" 14 #include "build/build_config.h" 15 #include "crypto/crypto_export.h" 16 17 #if defined(NACL_WIN64) 18 // See comments for crypto_nacl_win64 in crypto.gyp. 19 // Must test for NACL_WIN64 before OS_WIN since former is a subset of latter. 20 #include "crypto/scoped_capi_types.h" 21 #elif defined(USE_NSS_CERTS) || \ 22 (!defined(USE_OPENSSL) && (defined(OS_WIN) || defined(OS_MACOSX))) 23 #include "crypto/scoped_nss_types.h" 24 #endif 25 26 namespace crypto { 27 28 // Wraps a platform-specific symmetric key and allows it to be held in a 29 // scoped_ptr. 30 class CRYPTO_EXPORT SymmetricKey { 31 public: 32 // Defines the algorithm that a key will be used with. See also 33 // classs Encrptor. 34 enum Algorithm { 35 AES, 36 HMAC_SHA1, 37 }; 38 39 virtual ~SymmetricKey(); 40 41 // Generates a random key suitable to be used with |algorithm| and of 42 // |key_size_in_bits| bits. |key_size_in_bits| must be a multiple of 8. 43 // The caller is responsible for deleting the returned SymmetricKey. 44 static std::unique_ptr<SymmetricKey> GenerateRandomKey( 45 Algorithm algorithm, 46 size_t key_size_in_bits); 47 48 // Derives a key from the supplied password and salt using PBKDF2, suitable 49 // for use with specified |algorithm|. Note |algorithm| is not the algorithm 50 // used to derive the key from the password. |key_size_in_bits| must be a 51 // multiple of 8. The caller is responsible for deleting the returned 52 // SymmetricKey. 53 static std::unique_ptr<SymmetricKey> DeriveKeyFromPassword( 54 Algorithm algorithm, 55 const std::string& password, 56 const std::string& salt, 57 size_t iterations, 58 size_t key_size_in_bits); 59 60 // Imports an array of key bytes in |raw_key|. This key may have been 61 // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with 62 // GetRawKey, or via another compatible method. The key must be of suitable 63 // size for use with |algorithm|. The caller owns the returned SymmetricKey. 64 static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm, 65 const std::string& raw_key); 66 #if defined(NACL_WIN64) key()67 HCRYPTKEY key() const { return key_.get(); } 68 #elif defined(USE_OPENSSL) key()69 const std::string& key() { return key_; } 70 #elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) key()71 PK11SymKey* key() const { return key_.get(); } 72 #endif 73 74 // Extracts the raw key from the platform specific data. 75 // Warning: |raw_key| holds the raw key as bytes and thus must be handled 76 // carefully. 77 bool GetRawKey(std::string* raw_key); 78 79 private: 80 #if defined(NACL_WIN64) 81 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, 82 const void* key_data, size_t key_size_in_bytes); 83 84 ScopedHCRYPTPROV provider_; 85 ScopedHCRYPTKEY key_; 86 87 // Contains the raw key, if it is known during initialization and when it 88 // is likely that the associated |provider_| will be unable to export the 89 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes 90 // when using the default RSA provider. 91 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey 92 // fails with NTE_BAD_KEY/NTE_BAD_LEN 93 std::string raw_key_; 94 #elif defined(USE_OPENSSL) 95 SymmetricKey() {} 96 std::string key_; 97 #elif defined(USE_NSS_CERTS) || defined(OS_WIN) || defined(OS_MACOSX) 98 explicit SymmetricKey(PK11SymKey* key); 99 ScopedPK11SymKey key_; 100 #endif 101 102 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); 103 }; 104 105 } // namespace crypto 106 107 #endif // CRYPTO_SYMMETRIC_KEY_H_ 108