crypto/symmetrickey: remove most remaining methods
This change removes: * DeriveKeyFromPasswordUsingPbkdf2 * ImportKey * HMAC-SHA1 key support generically * Test coverage for the above There are two remaining clients of random AES key generation to remove, then SymmetricKey itself will go away. :) Bug: 370724578 Change-Id: I802ab5301c8038de7b3f8cd18aedcbb6d19ec044 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6289025 Commit-Queue: Elly FJ <ellyjones@chromium.org> Reviewed-by: David Benjamin <davidben@chromium.org> Cr-Commit-Position: refs/heads/main@{#1424114}
This commit is contained in:
Elly
@ -10,9 +10,6 @@
|
||||
#include <algorithm>
|
||||
#include <utility>
|
||||
|
||||
#include "base/check_op.h"
|
||||
#include "base/notreached.h"
|
||||
#include "crypto/kdf.h"
|
||||
#include "crypto/openssl_util.h"
|
||||
#include "crypto/random.h"
|
||||
|
||||
@ -55,28 +52,6 @@ SymmetricKey SymmetricKey::RandomKey(size_t key_size_in_bits) {
|
||||
return SymmetricKey(crypto::RandBytesAsVector(key_size_in_bytes));
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SymmetricKey> SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
|
||||
Algorithm,
|
||||
const std::string& password,
|
||||
const std::string& salt,
|
||||
size_t iterations,
|
||||
size_t key_size_in_bits) {
|
||||
if ((key_size_in_bits % 8) || !IsValidKeySize(key_size_in_bits / 8)) {
|
||||
return nullptr;
|
||||
}
|
||||
|
||||
kdf::Pbkdf2HmacSha1Params params = {
|
||||
.iterations = base::checked_cast<decltype(params.iterations)>(iterations),
|
||||
};
|
||||
|
||||
std::vector<uint8_t> key(key_size_in_bits / 8);
|
||||
kdf::DeriveKeyPbkdf2HmacSha1(params, base::as_byte_span(password),
|
||||
base::as_byte_span(salt), key, SubtlePassKey{});
|
||||
|
||||
return std::make_unique<SymmetricKey>(key);
|
||||
}
|
||||
|
||||
// static
|
||||
std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm,
|
||||
const std::string& raw_key) {
|
||||
|
||||
@ -17,7 +17,7 @@
|
||||
namespace crypto {
|
||||
|
||||
// A SymmetricKey is an array of bytes which is used for symmetric cryptography
|
||||
// (encryption or MACs).
|
||||
// (encryption only).
|
||||
//
|
||||
// This whole type is deprecated: prefer to use raw std::array<uint8_t>,
|
||||
// std::vector<uint8_t>, or base::span<uint8_t> instead. This type has no
|
||||
@ -30,7 +30,6 @@ class CRYPTO_EXPORT SymmetricKey {
|
||||
// class Encryptor.
|
||||
enum Algorithm {
|
||||
AES,
|
||||
HMAC_SHA1,
|
||||
};
|
||||
|
||||
SymmetricKey() = delete;
|
||||
@ -52,24 +51,10 @@ class CRYPTO_EXPORT SymmetricKey {
|
||||
|
||||
static SymmetricKey RandomKey(size_t key_size_in_bits);
|
||||
|
||||
// Derives a key from the supplied password and salt using PBKDF2, suitable
|
||||
// for use with specified |algorithm|. Note |algorithm| is not the algorithm
|
||||
// used to derive the key from the password. |key_size_in_bits| must be a
|
||||
// multiple of 8. The caller is responsible for deleting the returned
|
||||
// SymmetricKey.
|
||||
//
|
||||
// Deprecated: use crypto::kdf::DeriveKeyPbkdf2HmacSha1() instead.
|
||||
static std::unique_ptr<SymmetricKey> DeriveKeyFromPasswordUsingPbkdf2(
|
||||
Algorithm algorithm,
|
||||
const std::string& password,
|
||||
const std::string& salt,
|
||||
size_t iterations,
|
||||
size_t key_size_in_bits);
|
||||
|
||||
// Imports an array of key bytes in |raw_key|. This key may have been
|
||||
// generated by GenerateRandomKey or DeriveKeyFromPassword{Pbkdf2,Scrypt} and
|
||||
// exported with key(). The key must be of suitable size for use with
|
||||
// |algorithm|. The caller owns the returned SymmetricKey.
|
||||
// Imports an array of key bytes in |raw_key|. The raw key must be of a valid
|
||||
// size - see IsValidKeySize() in the source for details, although in general
|
||||
// you should not need to choose key sizes yourself. Returns nullptr if the
|
||||
// key is not of valid size.
|
||||
//
|
||||
// Deprecated: use the regular constructor that accepts a span of bytes, and
|
||||
// validate that the key is of whatever length your client code expects before
|
||||
@ -77,7 +62,7 @@ class CRYPTO_EXPORT SymmetricKey {
|
||||
static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm,
|
||||
const std::string& raw_key);
|
||||
|
||||
// Returns the raw platform specific key data.
|
||||
// Returns the internal key storage.
|
||||
const std::string& key() const { return key_; }
|
||||
|
||||
private:
|
||||
|
||||
@ -37,16 +37,3 @@ TEST(SymmetricKeyTest, ImportGeneratedKey) {
|
||||
|
||||
EXPECT_EQ(key1->key(), key2->key());
|
||||
}
|
||||
|
||||
TEST(SymmetricKeyTest, ImportDerivedKey) {
|
||||
std::unique_ptr<crypto::SymmetricKey> key1(
|
||||
crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
|
||||
crypto::SymmetricKey::HMAC_SHA1, "password", "somesalt", 1024, 128));
|
||||
ASSERT_TRUE(key1);
|
||||
|
||||
std::unique_ptr<crypto::SymmetricKey> key2(crypto::SymmetricKey::Import(
|
||||
crypto::SymmetricKey::HMAC_SHA1, key1->key()));
|
||||
ASSERT_TRUE(key2);
|
||||
|
||||
EXPECT_EQ(key1->key(), key2->key());
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user