1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef CRYPTO_SYMMETRIC_KEY_H_ 6 #define CRYPTO_SYMMETRIC_KEY_H_ 7 #pragma once 8 9 #include <string> 10 11 #include "base/basictypes.h" 12 13 #if defined(USE_NSS) 14 #include "crypto/scoped_nss_types.h" 15 #elif defined(OS_MACOSX) 16 #include <Security/cssmtype.h> 17 #elif defined(OS_WIN) 18 #include "crypto/scoped_capi_types.h" 19 #endif 20 21 namespace crypto { 22 23 // Wraps a platform-specific symmetric key and allows it to be held in a 24 // scoped_ptr. 25 class SymmetricKey { 26 public: 27 // Defines the algorithm that a key will be used with. See also 28 // classs Encrptor. 29 enum Algorithm { 30 AES, 31 HMAC_SHA1, 32 }; 33 34 virtual ~SymmetricKey(); 35 36 // Generates a random key suitable to be used with |algorithm| and of 37 // |key_size_in_bits| bits. 38 // The caller is responsible for deleting the returned SymmetricKey. 39 static SymmetricKey* GenerateRandomKey(Algorithm algorithm, 40 size_t key_size_in_bits); 41 42 // Derives a key from the supplied password and salt using PBKDF2, suitable 43 // for use with specified |algorithm|. Note |algorithm| is not the algorithm 44 // used to derive the key from the password. The caller is responsible for 45 // deleting the returned SymmetricKey. 46 static SymmetricKey* DeriveKeyFromPassword(Algorithm algorithm, 47 const std::string& password, 48 const std::string& salt, 49 size_t iterations, 50 size_t key_size_in_bits); 51 52 // Imports an array of key bytes in |raw_key|. This key may have been 53 // generated by GenerateRandomKey or DeriveKeyFromPassword and exported with 54 // GetRawKey, or via another compatible method. The key must be of suitable 55 // size for use with |algorithm|. The caller owns the returned SymmetricKey. 56 static SymmetricKey* Import(Algorithm algorithm, const std::string& raw_key); 57 58 #if defined(USE_OPENSSL) 59 const std::string& key() { return key_; } 60 #elif defined(USE_NSS) 61 PK11SymKey* key() const { return key_.get(); } 62 #elif defined(OS_MACOSX) 63 CSSM_DATA cssm_data() const; 64 #elif defined(OS_WIN) 65 HCRYPTKEY key() const { return key_.get(); } 66 #endif 67 68 // Extracts the raw key from the platform specific data. 69 // Warning: |raw_key| holds the raw key as bytes and thus must be handled 70 // carefully. 71 bool GetRawKey(std::string* raw_key); 72 73 private: 74 #if defined(USE_OPENSSL) 75 SymmetricKey() {} 76 std::string key_; 77 #elif defined(USE_NSS) 78 explicit SymmetricKey(PK11SymKey* key); 79 ScopedPK11SymKey key_; 80 #elif defined(OS_MACOSX) 81 SymmetricKey(const void* key_data, size_t key_size_in_bits); 82 std::string key_; 83 #elif defined(OS_WIN) 84 SymmetricKey(HCRYPTPROV provider, HCRYPTKEY key, 85 const void* key_data, size_t key_size_in_bytes); 86 87 ScopedHCRYPTPROV provider_; 88 ScopedHCRYPTKEY key_; 89 90 // Contains the raw key, if it is known during initialization and when it 91 // is likely that the associated |provider_| will be unable to export the 92 // |key_|. This is the case of HMAC keys when the key size exceeds 16 bytes 93 // when using the default RSA provider. 94 // TODO(rsleevi): See if KP_EFFECTIVE_KEYLEN is the reason why CryptExportKey 95 // fails with NTE_BAD_KEY/NTE_BAD_LEN 96 std::string raw_key_; 97 #endif 98 99 DISALLOW_COPY_AND_ASSIGN(SymmetricKey); 100 }; 101 102 } // namespace crypto 103 104 #endif // CRYPTO_SYMMETRIC_KEY_H_ 105
