chromium/src
0
Fork 0
Code Activity

crypto/symmetrickey: remove most remaining methods

Browse Source 
This change removes:
* DeriveKeyFromPasswordUsingPbkdf2
* ImportKey
* HMAC-SHA1 key support generically
* Test coverage for the above

There are two remaining clients of random AES key generation to remove,
then SymmetricKey itself will go away. :)

Bug: 370724578
Change-Id: I802ab5301c8038de7b3f8cd18aedcbb6d19ec044
Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/6289025
Commit-Queue: Elly FJ <ellyjones@chromium.org>
Reviewed-by: David Benjamin <davidben@chromium.org>
Cr-Commit-Position: refs/heads/main@{#1424114}
This commit is contained in:
Elly
2025-02-24 13:05:30 -08:00
committed by Chromium LUCI CQ
parent 19b4814435
commit 5c6f0d42d4
3 changed files with 6 additions and 59 deletions

25
crypto/symmetric_key.cc

@@ -10,9 +10,6 @@
#include <algorithm> #include <algorithm>
#include <utility> #include <utility>
#include "base/check_op.h"
#include "base/notreached.h"
#include "crypto/kdf.h"
#include "crypto/openssl_util.h" #include "crypto/openssl_util.h"
#include "crypto/random.h" #include "crypto/random.h"
@@ -55,28 +52,6 @@ SymmetricKey SymmetricKey::RandomKey(size_t key_size_in_bits) {
return SymmetricKey(crypto::RandBytesAsVector(key_size_in_bytes)); return SymmetricKey(crypto::RandBytesAsVector(key_size_in_bytes));
} }
// static
std::unique_ptr<SymmetricKey> SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
Algorithm,
const std::string& password,
const std::string& salt,
size_t iterations,
size_t key_size_in_bits) {
if ((key_size_in_bits % 8) || !IsValidKeySize(key_size_in_bits / 8)) {
return nullptr;
}
kdf::Pbkdf2HmacSha1Params params = {
.iterations = base::checked_cast<decltype(params.iterations)>(iterations),
};
std::vector<uint8_t> key(key_size_in_bits / 8);
kdf::DeriveKeyPbkdf2HmacSha1(params, base::as_byte_span(password),
base::as_byte_span(salt), key, SubtlePassKey{});
return std::make_unique<SymmetricKey>(key);
}
// static // static
std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm, std::unique_ptr<SymmetricKey> SymmetricKey::Import(Algorithm,
const std::string& raw_key) { const std::string& raw_key) {

27
crypto/symmetric_key.h

@@ -17,7 +17,7 @@
namespace crypto { namespace crypto {
// A SymmetricKey is an array of bytes which is used for symmetric cryptography // A SymmetricKey is an array of bytes which is used for symmetric cryptography
// (encryption or MACs). // (encryption only).
// //
// This whole type is deprecated: prefer to use raw std::array<uint8_t>, // This whole type is deprecated: prefer to use raw std::array<uint8_t>,
// std::vector<uint8_t>, or base::span<uint8_t> instead. This type has no // std::vector<uint8_t>, or base::span<uint8_t> instead. This type has no
@@ -30,7 +30,6 @@ class CRYPTO_EXPORT SymmetricKey {
// class Encryptor. // class Encryptor.
enum Algorithm { enum Algorithm {
AES, AES,
HMAC_SHA1,
}; };
SymmetricKey() = delete; SymmetricKey() = delete;
@@ -52,24 +51,10 @@ class CRYPTO_EXPORT SymmetricKey {
static SymmetricKey RandomKey(size_t key_size_in_bits); static SymmetricKey RandomKey(size_t key_size_in_bits);
// Derives a key from the supplied password and salt using PBKDF2, suitable // Imports an array of key bytes in |raw_key|. The raw key must be of a valid
// for use with specified |algorithm|. Note |algorithm| is not the algorithm // size - see IsValidKeySize() in the source for details, although in general
// used to derive the key from the password. |key_size_in_bits| must be a // you should not need to choose key sizes yourself. Returns nullptr if the
// multiple of 8. The caller is responsible for deleting the returned // key is not of valid size.
// SymmetricKey.
//
// Deprecated: use crypto::kdf::DeriveKeyPbkdf2HmacSha1() instead.
static std::unique_ptr<SymmetricKey> DeriveKeyFromPasswordUsingPbkdf2(
Algorithm algorithm,
const std::string& password,
const std::string& salt,
size_t iterations,
size_t key_size_in_bits);
// Imports an array of key bytes in |raw_key|. This key may have been
// generated by GenerateRandomKey or DeriveKeyFromPassword{Pbkdf2,Scrypt} and
// exported with key(). The key must be of suitable size for use with
// |algorithm|. The caller owns the returned SymmetricKey.
// //
// Deprecated: use the regular constructor that accepts a span of bytes, and // Deprecated: use the regular constructor that accepts a span of bytes, and
// validate that the key is of whatever length your client code expects before // validate that the key is of whatever length your client code expects before
@@ -77,7 +62,7 @@ class CRYPTO_EXPORT SymmetricKey {
static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm, static std::unique_ptr<SymmetricKey> Import(Algorithm algorithm,
const std::string& raw_key); const std::string& raw_key);
// Returns the raw platform specific key data. // Returns the internal key storage.
const std::string& key() const { return key_; } const std::string& key() const { return key_; }
private: private:

13
crypto/symmetric_key_unittest.cc

@@ -37,16 +37,3 @@ TEST(SymmetricKeyTest, ImportGeneratedKey) {
EXPECT_EQ(key1->key(), key2->key()); EXPECT_EQ(key1->key(), key2->key());
} }
TEST(SymmetricKeyTest, ImportDerivedKey) {
std::unique_ptr<crypto::SymmetricKey> key1(
crypto::SymmetricKey::DeriveKeyFromPasswordUsingPbkdf2(
crypto::SymmetricKey::HMAC_SHA1, "password", "somesalt", 1024, 128));
ASSERT_TRUE(key1);
std::unique_ptr<crypto::SymmetricKey> key2(crypto::SymmetricKey::Import(
crypto::SymmetricKey::HMAC_SHA1, key1->key()));
ASSERT_TRUE(key2);
EXPECT_EQ(key1->key(), key2->key());
}