diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-08-28 15:28:34 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2018-08-28 13:54:51 +0000 |
commit | 2a19c63448c84c1805fb1a585c3651318bb86ca7 (patch) | |
tree | eb17888e8531aa6ee5e85721bd553b832a7e5156 /chromium/crypto | |
parent | b014812705fc80bff0a5c120dfcef88f349816dc (diff) | |
download | qtwebengine-chromium-2a19c63448c84c1805fb1a585c3651318bb86ca7.tar.gz |
BASELINE: Update Chromium to 69.0.3497.70
Change-Id: I2b7b56e4e7a8b26656930def0d4575dc32b900a0
Reviewed-by: Allan Sandfeld Jensen <allan.jensen@qt.io>
Diffstat (limited to 'chromium/crypto')
-rw-r--r-- | chromium/crypto/BUILD.gn | 1 | ||||
-rw-r--r-- | chromium/crypto/aead.cc | 3 | ||||
-rw-r--r-- | chromium/crypto/aead.h | 2 | ||||
-rw-r--r-- | chromium/crypto/aead_unittest.cc | 52 | ||||
-rw-r--r-- | chromium/crypto/apple_keychain.h | 27 | ||||
-rw-r--r-- | chromium/crypto/apple_keychain_ios.mm | 35 | ||||
-rw-r--r-- | chromium/crypto/apple_keychain_mac.mm | 61 | ||||
-rw-r--r-- | chromium/crypto/ec_private_key.cc | 5 | ||||
-rw-r--r-- | chromium/crypto/hkdf.cc | 129 | ||||
-rw-r--r-- | chromium/crypto/hkdf.h | 71 | ||||
-rw-r--r-- | chromium/crypto/hkdf_unittest.cc | 98 | ||||
-rw-r--r-- | chromium/crypto/mock_apple_keychain.cc | 9 | ||||
-rw-r--r-- | chromium/crypto/mock_apple_keychain.h | 13 | ||||
-rw-r--r-- | chromium/crypto/mock_apple_keychain_mac.cc | 2 | ||||
-rw-r--r-- | chromium/crypto/rsa_private_key.cc | 3 |
15 files changed, 102 insertions, 409 deletions
diff --git a/chromium/crypto/BUILD.gn b/chromium/crypto/BUILD.gn index 54539e96ea1..1097db5148c 100644 --- a/chromium/crypto/BUILD.gn +++ b/chromium/crypto/BUILD.gn @@ -133,7 +133,6 @@ test("crypto_unittests") { "ec_private_key_unittest.cc", "ec_signature_creator_unittest.cc", "encryptor_unittest.cc", - "hkdf_unittest.cc", "hmac_unittest.cc", "nss_key_util_unittest.cc", "nss_util_unittest.cc", diff --git a/chromium/crypto/aead.cc b/chromium/crypto/aead.cc index 30766054fd1..be6ea52b451 100644 --- a/chromium/crypto/aead.cc +++ b/chromium/crypto/aead.cc @@ -24,6 +24,9 @@ Aead::Aead(AeadAlgorithm algorithm) : key_(nullptr) { case AES_256_GCM: aead_ = EVP_aead_aes_256_gcm(); break; + case AES_256_GCM_SIV: + aead_ = EVP_aead_aes_256_gcm_siv(); + break; } } diff --git a/chromium/crypto/aead.h b/chromium/crypto/aead.h index 494e77630fe..5802c7ef561 100644 --- a/chromium/crypto/aead.h +++ b/chromium/crypto/aead.h @@ -19,7 +19,7 @@ namespace crypto { // This class exposes the AES-128-CTR-HMAC-SHA256 and AES_256_GCM AEAD. class CRYPTO_EXPORT Aead { public: - enum AeadAlgorithm { AES_128_CTR_HMAC_SHA256, AES_256_GCM }; + enum AeadAlgorithm { AES_128_CTR_HMAC_SHA256, AES_256_GCM, AES_256_GCM_SIV }; explicit Aead(AeadAlgorithm algorithm); diff --git a/chromium/crypto/aead_unittest.cc b/chromium/crypto/aead_unittest.cc index 7409753f284..559e1252502 100644 --- a/chromium/crypto/aead_unittest.cc +++ b/chromium/crypto/aead_unittest.cc @@ -10,45 +10,18 @@ namespace { -TEST(AeadTest, SealOpenCtrHmac) { - crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); - std::string key(aead.KeyLength(), 0); - aead.Init(&key); - std::string nonce(aead.NonceLength(), 0); - std::string plaintext("this is the plaintext"); - std::string ad("this is the additional data"); - std::string ciphertext; - EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext)); - EXPECT_LT(0U, ciphertext.size()); +const crypto::Aead::AeadAlgorithm kAllAlgorithms[]{ + crypto::Aead::AES_128_CTR_HMAC_SHA256, crypto::Aead::AES_256_GCM, + crypto::Aead::AES_256_GCM_SIV, +}; - std::string decrypted; - EXPECT_TRUE(aead.Open(ciphertext, nonce, ad, &decrypted)); +class AeadTest : public testing::TestWithParam<crypto::Aead::AeadAlgorithm> {}; - EXPECT_EQ(plaintext, decrypted); -} - -TEST(AeadTest, SealOpenWrongKeyCtrHmac) { - crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); - std::string key(aead.KeyLength(), 0); - std::string wrong_key(aead.KeyLength(), 1); - aead.Init(&key); - crypto::Aead aead_wrong_key(crypto::Aead::AES_128_CTR_HMAC_SHA256); - aead_wrong_key.Init(&wrong_key); - - std::string nonce(aead.NonceLength(), 0); - std::string plaintext("this is the plaintext"); - std::string ad("this is the additional data"); - std::string ciphertext; - EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext)); - EXPECT_LT(0U, ciphertext.size()); - - std::string decrypted; - EXPECT_FALSE(aead_wrong_key.Open(ciphertext, nonce, ad, &decrypted)); - EXPECT_EQ(0U, decrypted.size()); -} +INSTANTIATE_TEST_CASE_P(, AeadTest, testing::ValuesIn(kAllAlgorithms)); -TEST(AeadTest, SealOpenGcm) { - crypto::Aead aead(crypto::Aead::AES_256_GCM); +TEST_P(AeadTest, SealOpen) { + crypto::Aead::AeadAlgorithm alg = GetParam(); + crypto::Aead aead(alg); std::string key(aead.KeyLength(), 0); aead.Init(&key); std::string nonce(aead.NonceLength(), 0); @@ -64,12 +37,13 @@ TEST(AeadTest, SealOpenGcm) { EXPECT_EQ(plaintext, decrypted); } -TEST(AeadTest, SealOpenWrongKeyGcm) { - crypto::Aead aead(crypto::Aead::AES_256_GCM); +TEST_P(AeadTest, SealOpenWrongKey) { + crypto::Aead::AeadAlgorithm alg = GetParam(); + crypto::Aead aead(alg); std::string key(aead.KeyLength(), 0); std::string wrong_key(aead.KeyLength(), 1); aead.Init(&key); - crypto::Aead aead_wrong_key(crypto::Aead::AES_256_GCM); + crypto::Aead aead_wrong_key(alg); aead_wrong_key.Init(&wrong_key); std::string nonce(aead.NonceLength(), 0); diff --git a/chromium/crypto/apple_keychain.h b/chromium/crypto/apple_keychain.h index ca681df5e0a..01f8d285e1e 100644 --- a/chromium/crypto/apple_keychain.h +++ b/chromium/crypto/apple_keychain.h @@ -11,14 +11,14 @@ #include "build/build_config.h" #include "crypto/crypto_export.h" -#if defined (OS_IOS) -typedef void* SecKeychainRef; -typedef void* SecKeychainItemRef; -typedef void SecKeychainAttributeList; -#endif - namespace crypto { +#if defined(OS_IOS) +using AppleSecKeychainItemRef = void*; +#else +using AppleSecKeychainItemRef = SecKeychainItemRef; +#endif + // Wraps the KeychainServices API in a very thin layer, to allow it to be // mocked out for testing. @@ -32,29 +32,26 @@ class CRYPTO_EXPORT AppleKeychain { AppleKeychain(); virtual ~AppleKeychain(); - virtual OSStatus FindGenericPassword(CFTypeRef keychainOrArray, - UInt32 serviceNameLength, + virtual OSStatus FindGenericPassword(UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32* passwordLength, void** passwordData, - SecKeychainItemRef* itemRef) const; + AppleSecKeychainItemRef* itemRef) const; - virtual OSStatus ItemFreeContent(SecKeychainAttributeList* attrList, - void* data) const; + virtual OSStatus ItemFreeContent(void* data) const; - virtual OSStatus AddGenericPassword(SecKeychainRef keychain, - UInt32 serviceNameLength, + virtual OSStatus AddGenericPassword(UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32 passwordLength, const void* passwordData, - SecKeychainItemRef* itemRef) const; + AppleSecKeychainItemRef* itemRef) const; #if !defined(OS_IOS) - virtual OSStatus ItemDelete(SecKeychainItemRef itemRef) const; + virtual OSStatus ItemDelete(AppleSecKeychainItemRef itemRef) const; #endif // !defined(OS_IOS) private: diff --git a/chromium/crypto/apple_keychain_ios.mm b/chromium/crypto/apple_keychain_ios.mm index 74cf129ce1f..e16407d0af0 100644 --- a/chromium/crypto/apple_keychain_ios.mm +++ b/chromium/crypto/apple_keychain_ios.mm @@ -112,20 +112,19 @@ AppleKeychain::AppleKeychain() {} AppleKeychain::~AppleKeychain() {} -OSStatus AppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList, - void* data) const { +OSStatus AppleKeychain::ItemFreeContent(void* data) const { free(data); return noErr; } -OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain, - UInt32 serviceNameLength, - const char* serviceName, - UInt32 accountNameLength, - const char* accountName, - UInt32 passwordLength, - const void* passwordData, - SecKeychainItemRef* itemRef) const { +OSStatus AppleKeychain::AddGenericPassword( + UInt32 serviceNameLength, + const char* serviceName, + UInt32 accountNameLength, + const char* accountName, + UInt32 passwordLength, + const void* passwordData, + AppleSecKeychainItemRef* itemRef) const { base::ScopedCFTypeRef<CFDictionaryRef> query(CreateGenericPasswordQuery( serviceNameLength, serviceName, accountNameLength, accountName)); // Check that there is not already a password. @@ -157,14 +156,14 @@ OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain, return status; } -OSStatus AppleKeychain::FindGenericPassword(CFTypeRef keychainOrArray, - UInt32 serviceNameLength, - const char* serviceName, - UInt32 accountNameLength, - const char* accountName, - UInt32* passwordLength, - void** passwordData, - SecKeychainItemRef* itemRef) const { +OSStatus AppleKeychain::FindGenericPassword( + UInt32 serviceNameLength, + const char* serviceName, + UInt32 accountNameLength, + const char* accountName, + UInt32* passwordLength, + void** passwordData, + AppleSecKeychainItemRef* itemRef) const { DCHECK((passwordData && passwordLength) || (!passwordData && !passwordLength)); base::ScopedCFTypeRef<CFDictionaryRef> query(CreateGenericPasswordQuery( diff --git a/chromium/crypto/apple_keychain_mac.mm b/chromium/crypto/apple_keychain_mac.mm index a36204858b7..5158f48c08f 100644 --- a/chromium/crypto/apple_keychain_mac.mm +++ b/chromium/crypto/apple_keychain_mac.mm @@ -15,53 +15,42 @@ AppleKeychain::AppleKeychain() {} AppleKeychain::~AppleKeychain() {} -OSStatus AppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const { +OSStatus AppleKeychain::ItemDelete(AppleSecKeychainItemRef itemRef) const { base::AutoLock lock(GetMacSecurityServicesLock()); return SecKeychainItemDelete(itemRef); } -OSStatus AppleKeychain::FindGenericPassword(CFTypeRef keychainOrArray, - UInt32 serviceNameLength, - const char* serviceName, - UInt32 accountNameLength, - const char* accountName, - UInt32* passwordLength, - void** passwordData, - SecKeychainItemRef* itemRef) const { +OSStatus AppleKeychain::FindGenericPassword( + UInt32 serviceNameLength, + const char* serviceName, + UInt32 accountNameLength, + const char* accountName, + UInt32* passwordLength, + void** passwordData, + AppleSecKeychainItemRef* itemRef) const { base::AutoLock lock(GetMacSecurityServicesLock()); - return SecKeychainFindGenericPassword(keychainOrArray, - serviceNameLength, - serviceName, - accountNameLength, - accountName, - passwordLength, - passwordData, - itemRef); + return SecKeychainFindGenericPassword(nullptr, serviceNameLength, serviceName, + accountNameLength, accountName, + passwordLength, passwordData, itemRef); } -OSStatus AppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList, - void* data) const { +OSStatus AppleKeychain::ItemFreeContent(void* data) const { base::AutoLock lock(GetMacSecurityServicesLock()); - return SecKeychainItemFreeContent(attrList, data); + return SecKeychainItemFreeContent(nullptr, data); } -OSStatus AppleKeychain::AddGenericPassword(SecKeychainRef keychain, - UInt32 serviceNameLength, - const char* serviceName, - UInt32 accountNameLength, - const char* accountName, - UInt32 passwordLength, - const void* passwordData, - SecKeychainItemRef* itemRef) const { +OSStatus AppleKeychain::AddGenericPassword( + UInt32 serviceNameLength, + const char* serviceName, + UInt32 accountNameLength, + const char* accountName, + UInt32 passwordLength, + const void* passwordData, + AppleSecKeychainItemRef* itemRef) const { base::AutoLock lock(GetMacSecurityServicesLock()); - return SecKeychainAddGenericPassword(keychain, - serviceNameLength, - serviceName, - accountNameLength, - accountName, - passwordLength, - passwordData, - itemRef); + return SecKeychainAddGenericPassword(nullptr, serviceNameLength, serviceName, + accountNameLength, accountName, + passwordLength, passwordData, itemRef); } } // namespace crypto diff --git a/chromium/crypto/ec_private_key.cc b/chromium/crypto/ec_private_key.cc index 290770a50c5..c30a610719a 100644 --- a/chromium/crypto/ec_private_key.cc +++ b/chromium/crypto/ec_private_key.cc @@ -89,10 +89,7 @@ std::unique_ptr<ECPrivateKey> ECPrivateKey::CreateFromEncryptedPrivateKeyInfo( std::unique_ptr<ECPrivateKey> ECPrivateKey::Copy() const { std::unique_ptr<ECPrivateKey> copy(new ECPrivateKey()); - if (key_) { - EVP_PKEY_up_ref(key_.get()); - copy->key_.reset(key_.get()); - } + copy->key_ = bssl::UpRef(key_); return copy; } diff --git a/chromium/crypto/hkdf.cc b/chromium/crypto/hkdf.cc index 6e4f84f3216..e2d367cdd29 100644 --- a/chromium/crypto/hkdf.cc +++ b/chromium/crypto/hkdf.cc @@ -11,125 +11,24 @@ #include "base/logging.h" #include "crypto/hmac.h" +#include "third_party/boringssl/src/include/openssl/digest.h" +#include "third_party/boringssl/src/include/openssl/hkdf.h" namespace crypto { -const size_t kSHA256HashLength = 32; - -HKDF::HKDF(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, - size_t key_bytes_to_generate, - size_t iv_bytes_to_generate, - size_t subkey_secret_bytes_to_generate) - : HKDF(secret, - salt, - info, - key_bytes_to_generate, - key_bytes_to_generate, - iv_bytes_to_generate, - iv_bytes_to_generate, - subkey_secret_bytes_to_generate) {} - -HKDF::HKDF(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, - size_t client_key_bytes_to_generate, - size_t server_key_bytes_to_generate, - size_t client_iv_bytes_to_generate, - size_t server_iv_bytes_to_generate, - size_t subkey_secret_bytes_to_generate) { - // https://tools.ietf.org/html/rfc5869#section-2.2 - base::StringPiece actual_salt = salt; - char zeros[kSHA256HashLength]; - if (actual_salt.empty()) { - // If salt is not given, HashLength zeros are used. - memset(zeros, 0, sizeof(zeros)); - actual_salt.set(zeros, sizeof(zeros)); - } - - // Perform the Extract step to transform the input key and - // salt into the pseudorandom key (PRK) used for Expand. - HMAC prk_hmac(HMAC::SHA256); - bool result = prk_hmac.Init(actual_salt); - DCHECK(result); - - // |prk| is a pseudorandom key (of kSHA256HashLength octets). - uint8_t prk[kSHA256HashLength]; - DCHECK_EQ(sizeof(prk), prk_hmac.DigestLength()); - result = prk_hmac.Sign(secret, prk, sizeof(prk)); - DCHECK(result); - - // https://tools.ietf.org/html/rfc5869#section-2.3 - // Perform the Expand phase to turn the pseudorandom key - // and info into the output keying material. - const size_t material_length = - client_key_bytes_to_generate + client_iv_bytes_to_generate + - server_key_bytes_to_generate + server_iv_bytes_to_generate + - subkey_secret_bytes_to_generate; - const size_t n = - (material_length + kSHA256HashLength - 1) / kSHA256HashLength; - DCHECK_LT(n, 256u); - - output_.resize(n * kSHA256HashLength); - base::StringPiece previous; - - std::unique_ptr<char[]> buf(new char[kSHA256HashLength + info.size() + 1]); - uint8_t digest[kSHA256HashLength]; - - HMAC hmac(HMAC::SHA256); - result = hmac.Init(prk, sizeof(prk)); +std::string HkdfSha256(base::StringPiece secret, + base::StringPiece salt, + base::StringPiece info, + size_t derived_key_size) { + std::string key; + key.resize(derived_key_size); + int result = ::HKDF( + reinterpret_cast<uint8_t*>(&key[0]), derived_key_size, EVP_sha256(), + reinterpret_cast<const uint8_t*>(secret.data()), secret.size(), + reinterpret_cast<const uint8_t*>(salt.data()), salt.size(), + reinterpret_cast<const uint8_t*>(info.data()), info.size()); DCHECK(result); - - for (size_t i = 0; i < n; i++) { - memcpy(buf.get(), previous.data(), previous.size()); - size_t j = previous.size(); - memcpy(buf.get() + j, info.data(), info.size()); - j += info.size(); - buf[j++] = static_cast<char>(i + 1); - - result = hmac.Sign(base::StringPiece(buf.get(), j), digest, sizeof(digest)); - DCHECK(result); - - memcpy(&output_[i*sizeof(digest)], digest, sizeof(digest)); - previous = base::StringPiece(reinterpret_cast<char*>(digest), - sizeof(digest)); - } - - size_t j = 0; - // On Windows, when the size of output_ is zero, dereference of 0'th element - // results in a crash. C++11 solves this problem by adding a data() getter - // method to std::vector. - if (client_key_bytes_to_generate) { - client_write_key_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), - client_key_bytes_to_generate); - j += client_key_bytes_to_generate; - } - - if (server_key_bytes_to_generate) { - server_write_key_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), - server_key_bytes_to_generate); - j += server_key_bytes_to_generate; - } - - if (client_iv_bytes_to_generate) { - client_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), - client_iv_bytes_to_generate); - j += client_iv_bytes_to_generate; - } - - if (server_iv_bytes_to_generate) { - server_write_iv_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), - server_iv_bytes_to_generate); - j += server_iv_bytes_to_generate; - } - - if (subkey_secret_bytes_to_generate) { - subkey_secret_ = base::StringPiece(reinterpret_cast<char*>(&output_[j]), - subkey_secret_bytes_to_generate); - } + return key; } -HKDF::~HKDF() = default; - } // namespace crypto diff --git a/chromium/crypto/hkdf.h b/chromium/crypto/hkdf.h index ff93e2b2676..f0d7a50e84f 100644 --- a/chromium/crypto/hkdf.h +++ b/chromium/crypto/hkdf.h @@ -6,78 +6,19 @@ #define CRYPTO_HKDF_H_ #include <stddef.h> -#include <stdint.h> -#include <vector> +#include <string> #include "base/strings/string_piece.h" #include "crypto/crypto_export.h" namespace crypto { -// HKDF implements the key derivation function specified in RFC 5869 (using -// SHA-256) and outputs key material, as needed by QUIC. -// See https://tools.ietf.org/html/rfc5869 for details. -class CRYPTO_EXPORT HKDF { - public: - // |secret|: the input shared secret (or, from RFC 5869, the IKM). - // |salt|: an (optional) public salt / non-secret random value. While - // optional, callers are strongly recommended to provide a salt. There is no - // added security value in making this larger than the SHA-256 block size of - // 64 bytes. - // |info|: an (optional) label to distinguish different uses of HKDF. It is - // optional context and application specific information (can be a zero-length - // string). - // |key_bytes_to_generate|: the number of bytes of key material to generate - // for both client and server. - // |iv_bytes_to_generate|: the number of bytes of IV to generate for both - // client and server. - // |subkey_secret_bytes_to_generate|: the number of bytes of subkey secret to - // generate, shared between client and server. - HKDF(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, - size_t key_bytes_to_generate, - size_t iv_bytes_to_generate, - size_t subkey_secret_bytes_to_generate); - - // An alternative constructor that allows the client and server key/IV - // lengths to be different. - HKDF(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, - size_t client_key_bytes_to_generate, - size_t server_key_bytes_to_generate, - size_t client_iv_bytes_to_generate, - size_t server_iv_bytes_to_generate, - size_t subkey_secret_bytes_to_generate); - ~HKDF(); - - base::StringPiece client_write_key() const { - return client_write_key_; - } - base::StringPiece client_write_iv() const { - return client_write_iv_; - } - base::StringPiece server_write_key() const { - return server_write_key_; - } - base::StringPiece server_write_iv() const { - return server_write_iv_; - } - base::StringPiece subkey_secret() const { - return subkey_secret_; - } - - private: - std::vector<uint8_t> output_; - - base::StringPiece client_write_key_; - base::StringPiece server_write_key_; - base::StringPiece client_write_iv_; - base::StringPiece server_write_iv_; - base::StringPiece subkey_secret_; -}; +CRYPTO_EXPORT +std::string HkdfSha256(base::StringPiece secret, + base::StringPiece salt, + base::StringPiece info, + size_t derived_key_size); } // namespace crypto diff --git a/chromium/crypto/hkdf_unittest.cc b/chromium/crypto/hkdf_unittest.cc deleted file mode 100644 index 0412703d4f9..00000000000 --- a/chromium/crypto/hkdf_unittest.cc +++ /dev/null @@ -1,98 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/hkdf.h" - -#include <stddef.h> -#include <stdint.h> - -#include <string> - -#include "base/macros.h" -#include "base/strings/string_number_conversions.h" -#include "testing/gtest/include/gtest/gtest.h" - -using crypto::HKDF; - -namespace test { -namespace { - -struct HKDFTest { - const char* key_hex; - const char* salt_hex; - const char* info_hex; - const char* output_hex; -}; - -// These test cases are taken from -// https://tools.ietf.org/html/rfc5869#appendix-A. -static const HKDFTest kHKDFTests[] = {{ - "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", - "000102030405060708090a0b0c", - "f0f1f2f3f4f5f6f7f8f9", - "3cb25f25faacd57a90434f64d0362f2a2d2d0a90cf1a5a4c5db02d56ecc4c5bf34007208d5" - "b887185865", - }, { - "000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021222324" - "25262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f40414243444546474849" - "4a4b4c4d4e4f", - "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f8081828384" - "85868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9" - "aaabacadaeaf", - "b0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4" - "d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9" - "fafbfcfdfeff", - "b11e398dc80327a1c8e7f78c596a49344f012eda2d4efad8a050cc4c19afa97c59045a99ca" - "c7827271cb41c65e590e09da3275600c2f09b8367793a9aca3db71cc30c58179ec3e87c14c" - "01d5c1f3434f1d87", - }, { - "0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b0b", - "", - "", - "8da4e775a563c18f715f802a063c5a31b8a11f5c5ee1879ec3454e5f3c738d2d9d201395fa" - "a4b61a96c8", - }, -}; - -TEST(HKDFTest, HKDF) { - for (size_t i = 0; i < arraysize(kHKDFTests); i++) { - const HKDFTest& test(kHKDFTests[i]); - SCOPED_TRACE(i); - - std::vector<uint8_t> data; - ASSERT_TRUE(base::HexStringToBytes(test.key_hex, &data)); - const std::string key(reinterpret_cast<char*>(&data[0]), data.size()); - - data.clear(); - // |salt_hex| is optional and may be empty. - std::string salt(test.salt_hex); - if (!salt.empty()) { - ASSERT_TRUE(base::HexStringToBytes(salt, &data)); - salt.assign(reinterpret_cast<char*>(&data[0]), data.size()); - } - - data.clear(); - // |info_hex| is optional and may be empty. - std::string info(test.info_hex); - if (!info.empty()) { - ASSERT_TRUE(base::HexStringToBytes(info, &data)); - info.assign(reinterpret_cast<char*>(&data[0]), data.size()); - } - - data.clear(); - ASSERT_TRUE(base::HexStringToBytes(test.output_hex, &data)); - const std::string expected(reinterpret_cast<char*>(&data[0]), data.size()); - - // We set the key_length to the length of the expected output and then take - // the result from the first key, which is the client write key. - HKDF hkdf(key, salt, info, expected.size(), 0, 0); - - ASSERT_EQ(expected.size(), hkdf.client_write_key().size()); - EXPECT_EQ(0, memcmp(expected.data(), hkdf.client_write_key().data(), - expected.size())); - } -} - -} // namespace -} // namespace test diff --git a/chromium/crypto/mock_apple_keychain.cc b/chromium/crypto/mock_apple_keychain.cc index 173cfa713b9..453114ef43b 100644 --- a/chromium/crypto/mock_apple_keychain.cc +++ b/chromium/crypto/mock_apple_keychain.cc @@ -25,14 +25,13 @@ void IncrementKeychainAccessHistogram() { namespace crypto { OSStatus MockAppleKeychain::FindGenericPassword( - CFTypeRef keychainOrArray, UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32* passwordLength, void** passwordData, - SecKeychainItemRef* itemRef) const { + AppleSecKeychainItemRef* itemRef) const { IncrementKeychainAccessHistogram(); // When simulating |noErr|, return canned |passwordData| and @@ -50,22 +49,20 @@ OSStatus MockAppleKeychain::FindGenericPassword( return find_generic_result_; } -OSStatus MockAppleKeychain::ItemFreeContent(SecKeychainAttributeList* attrList, - void* data) const { +OSStatus MockAppleKeychain::ItemFreeContent(void* data) const { // No-op. password_data_count_--; return noErr; } OSStatus MockAppleKeychain::AddGenericPassword( - SecKeychainRef keychain, UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32 passwordLength, const void* passwordData, - SecKeychainItemRef* itemRef) const { + AppleSecKeychainItemRef* itemRef) const { IncrementKeychainAccessHistogram(); called_add_generic_ = true; diff --git a/chromium/crypto/mock_apple_keychain.h b/chromium/crypto/mock_apple_keychain.h index b256a225708..b44986d8804 100644 --- a/chromium/crypto/mock_apple_keychain.h +++ b/chromium/crypto/mock_apple_keychain.h @@ -31,24 +31,21 @@ class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain { ~MockAppleKeychain() override; // AppleKeychain implementation. - OSStatus FindGenericPassword(CFTypeRef keychainOrArray, - UInt32 serviceNameLength, + OSStatus FindGenericPassword(UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32* passwordLength, void** passwordData, - SecKeychainItemRef* itemRef) const override; - OSStatus ItemFreeContent(SecKeychainAttributeList* attrList, - void* data) const override; - OSStatus AddGenericPassword(SecKeychainRef keychain, - UInt32 serviceNameLength, + AppleSecKeychainItemRef* itemRef) const override; + OSStatus ItemFreeContent(void* data) const override; + OSStatus AddGenericPassword(UInt32 serviceNameLength, const char* serviceName, UInt32 accountNameLength, const char* accountName, UInt32 passwordLength, const void* passwordData, - SecKeychainItemRef* itemRef) const override; + AppleSecKeychainItemRef* itemRef) const override; // Returns the password that OSCrypt uses to generate its encryption key. std::string GetEncryptionPassword() const; diff --git a/chromium/crypto/mock_apple_keychain_mac.cc b/chromium/crypto/mock_apple_keychain_mac.cc index 43a3410b31c..010f00c874a 100644 --- a/chromium/crypto/mock_apple_keychain_mac.cc +++ b/chromium/crypto/mock_apple_keychain_mac.cc @@ -18,7 +18,7 @@ MockAppleKeychain::MockAppleKeychain() MockAppleKeychain::~MockAppleKeychain() {} -OSStatus MockAppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const { +OSStatus MockAppleKeychain::ItemDelete(AppleSecKeychainItemRef itemRef) const { return noErr; } diff --git a/chromium/crypto/rsa_private_key.cc b/chromium/crypto/rsa_private_key.cc index f14e4e8c47a..ab8027ca3ce 100644 --- a/chromium/crypto/rsa_private_key.cc +++ b/chromium/crypto/rsa_private_key.cc @@ -61,8 +61,7 @@ std::unique_ptr<RSAPrivateKey> RSAPrivateKey::CreateFromKey(EVP_PKEY* key) { if (EVP_PKEY_type(key->type) != EVP_PKEY_RSA) return nullptr; std::unique_ptr<RSAPrivateKey> copy(new RSAPrivateKey); - EVP_PKEY_up_ref(key); - copy->key_.reset(key); + copy->key_ = bssl::UpRef(key); return copy; } |