diff options
| author | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-08-14 11:38:45 +0200 |
|---|---|---|
| committer | Allan Sandfeld Jensen <allan.jensen@theqtcompany.com> | 2015-08-14 17:16:47 +0000 |
| commit | 3a97ca8dd9b96b599ae2d33e40df0dd2f7ea5859 (patch) | |
| tree | 43cc572ba067417c7341db81f71ae7cc6e0fcc3e /chromium/crypto | |
| parent | f61ab1ac7f855cd281809255c0aedbb1895e1823 (diff) | |
| download | qtwebengine-chromium-3a97ca8dd9b96b599ae2d33e40df0dd2f7ea5859.tar.gz | |
BASELINE: Update chromium to 45.0.2454.40
Change-Id: Id2121d9f11a8fc633677236c65a3e41feef589e4
Reviewed-by: Andras Becsi <andras.becsi@theqtcompany.com>
Diffstat (limited to 'chromium/crypto')
22 files changed, 1246 insertions, 267 deletions
diff --git a/chromium/crypto/BUILD.gn b/chromium/crypto/BUILD.gn index f84c4d455d6..c39a8db934e 100644 --- a/chromium/crypto/BUILD.gn +++ b/chromium/crypto/BUILD.gn @@ -5,187 +5,204 @@ import("//build/config/crypto.gni") import("//testing/test.gni") -component("crypto") { - output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto. - sources = [ - "aead_openssl.cc", - "aead_openssl.h", - "apple_keychain.h", - "apple_keychain_ios.mm", - "apple_keychain_mac.mm", - "capi_util.cc", - "capi_util.h", - "crypto_export.h", - "cssm_init.cc", - "cssm_init.h", - "curve25519-donna.c", - "curve25519.cc", - "curve25519.h", - "ec_private_key.h", - "ec_private_key_nss.cc", - "ec_private_key_openssl.cc", - "ec_signature_creator.cc", - "ec_signature_creator.h", - "ec_signature_creator_impl.h", - "ec_signature_creator_nss.cc", - "ec_signature_creator_openssl.cc", - "encryptor.cc", - "encryptor.h", - "encryptor_nss.cc", - "encryptor_openssl.cc", - "ghash.cc", - "ghash.h", - "hkdf.cc", - "hkdf.h", - "hmac.cc", - "hmac.h", - "hmac_nss.cc", - "hmac_openssl.cc", - "mac_security_services_lock.cc", - "mac_security_services_lock.h", - - # TODO(brettw) these mocks should be moved to a test_support_crypto target - # if possible. - "mock_apple_keychain.cc", - "mock_apple_keychain.h", - "mock_apple_keychain_ios.cc", - "mock_apple_keychain_mac.cc", - "nss_key_util.cc", - "nss_key_util.h", - "nss_util.cc", - "nss_util.h", - "nss_util_internal.h", - "openssl_bio_string.cc", - "openssl_bio_string.h", - "openssl_util.cc", - "openssl_util.h", - "p224.cc", - "p224.h", - "p224_spake.cc", - "p224_spake.h", - "random.cc", - "random.h", - "rsa_private_key.cc", - "rsa_private_key.h", - "rsa_private_key_nss.cc", - "rsa_private_key_openssl.cc", - "scoped_capi_types.h", - "scoped_nss_types.h", - "secure_hash.h", - "secure_hash_default.cc", - "secure_hash_openssl.cc", - "secure_util.cc", - "secure_util.h", - "sha2.cc", - "sha2.h", - "signature_creator.h", - "signature_creator_nss.cc", - "signature_creator_openssl.cc", - "signature_verifier.h", - "signature_verifier_nss.cc", - "signature_verifier_openssl.cc", - "symmetric_key.h", - "symmetric_key_nss.cc", - "symmetric_key_openssl.cc", - "third_party/nss/chromium-blapi.h", - "third_party/nss/chromium-blapit.h", - "third_party/nss/chromium-nss.h", - "third_party/nss/chromium-sha256.h", - "third_party/nss/pk11akey.cc", - "third_party/nss/rsawrapr.c", - "third_party/nss/secsign.cc", - "third_party/nss/sha512.cc", - ] - - # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. - configs += [ "//build/config/compiler:no_size_t_to_int_warning" ] - - deps = [ - ":platform", - "//base", - "//base/third_party/dynamic_annotations", - ] - - if (!is_mac && !is_ios) { - sources -= [ - "apple_keychain.h", - "mock_apple_keychain.cc", - "mock_apple_keychain.h", +if (is_nacl) { + component("crypto") { + output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto. + sources = [ + "random.cc", + "random.h", ] - } - - if (!is_mac) { - sources -= [ - "cssm_init.cc", - "cssm_init.h", - "mac_security_services_lock.cc", - "mac_security_services_lock.h", + deps = [ + "//base", ] } - if (!is_win) { - sources -= [ +} else { + component("crypto") { + output_name = "crcrypto" # Avoid colliding with OpenSSL's libcrypto. + sources = [ + "aead_openssl.cc", + "aead_openssl.h", + "aes_128_gcm_helpers_nss.cc", + "aes_128_gcm_helpers_nss.h", + "apple_keychain.h", + "apple_keychain_ios.mm", + "apple_keychain_mac.mm", "capi_util.cc", "capi_util.h", - ] - } - - if (is_android) { - deps += [ "//third_party/android_tools:cpu_features" ] - } - - if (use_openssl) { - # Remove NSS files when using OpenSSL - sources -= [ + "crypto_export.h", + "cssm_init.cc", + "cssm_init.h", + "curve25519-donna.c", + "curve25519.cc", + "curve25519.h", + "ec_private_key.h", "ec_private_key_nss.cc", + "ec_private_key_openssl.cc", + "ec_signature_creator.cc", + "ec_signature_creator.h", + "ec_signature_creator_impl.h", "ec_signature_creator_nss.cc", + "ec_signature_creator_openssl.cc", + "encryptor.cc", + "encryptor.h", "encryptor_nss.cc", + "encryptor_openssl.cc", + "ghash.cc", + "ghash.h", + "hkdf.cc", + "hkdf.h", + "hmac.cc", + "hmac.h", "hmac_nss.cc", + "hmac_openssl.cc", + "mac_security_services_lock.cc", + "mac_security_services_lock.h", + + # TODO(brettw) these mocks should be moved to a test_support_crypto target + # if possible. + "mock_apple_keychain.cc", + "mock_apple_keychain.h", + "mock_apple_keychain_ios.cc", + "mock_apple_keychain_mac.cc", + "nss_key_util.cc", + "nss_key_util.h", + "nss_util.cc", + "nss_util.h", + "nss_util_internal.h", + "openssl_bio_string.cc", + "openssl_bio_string.h", + "openssl_util.cc", + "openssl_util.h", + "p224.cc", + "p224.h", + "p224_spake.cc", + "p224_spake.h", + "random.cc", + "random.h", + "rsa_private_key.cc", + "rsa_private_key.h", "rsa_private_key_nss.cc", + "rsa_private_key_openssl.cc", + "scoped_capi_types.h", + "scoped_nss_types.h", + "secure_hash.h", "secure_hash_default.cc", + "secure_hash_openssl.cc", + "secure_util.cc", + "secure_util.h", + "sha2.cc", + "sha2.h", + "signature_creator.h", "signature_creator_nss.cc", + "signature_creator_openssl.cc", + "signature_verifier.h", "signature_verifier_nss.cc", + "signature_verifier_openssl.cc", + "symmetric_key.h", "symmetric_key_nss.cc", + "symmetric_key_openssl.cc", "third_party/nss/chromium-blapi.h", "third_party/nss/chromium-blapit.h", "third_party/nss/chromium-nss.h", + "third_party/nss/chromium-sha256.h", "third_party/nss/pk11akey.cc", "third_party/nss/rsawrapr.c", "third_party/nss/secsign.cc", + "third_party/nss/sha512.cc", ] - } else { - # Remove OpenSSL when using NSS. - sources -= [ - "aead_openssl.cc", - "aead_openssl.h", - "ec_private_key_openssl.cc", - "ec_signature_creator_openssl.cc", - "encryptor_openssl.cc", - "hmac_openssl.cc", - "openssl_bio_string.cc", - "openssl_bio_string.h", - "openssl_util.cc", - "openssl_util.h", - "rsa_private_key_openssl.cc", - "secure_hash_openssl.cc", - "signature_creator_openssl.cc", - "signature_verifier_openssl.cc", - "symmetric_key_openssl.cc", - ] - } - # Some files are built when NSS is used at all, either for the internal crypto - # library or the platform certificate library. - if (use_openssl && !use_nss_certs) { - sources -= [ - "nss_key_util.cc", - "nss_key_util.h", - "nss_util.cc", - "nss_util.h", - "nss_util_internal.h", + # TODO(jschuh): crbug.com/167187 fix size_t to int truncations. + configs += [ "//build/config/compiler:no_size_t_to_int_warning" ] + + deps = [ + ":platform", + "//base", + "//base/third_party/dynamic_annotations", ] - } - defines = [ "CRYPTO_IMPLEMENTATION" ] + if (!is_mac && !is_ios) { + sources -= [ + "apple_keychain.h", + "mock_apple_keychain.cc", + "mock_apple_keychain.h", + ] + } + + if (!is_mac) { + sources -= [ + "cssm_init.cc", + "cssm_init.h", + "mac_security_services_lock.cc", + "mac_security_services_lock.h", + ] + } + if (!is_win) { + sources -= [ + "capi_util.cc", + "capi_util.h", + ] + } + + if (is_android) { + deps += [ "//third_party/android_tools:cpu_features" ] + } + + if (use_openssl) { + # Remove NSS files when using OpenSSL + sources -= [ + "aes_128_gcm_helpers_nss.cc", + "aes_128_gcm_helpers_nss.h", + "ec_private_key_nss.cc", + "ec_signature_creator_nss.cc", + "encryptor_nss.cc", + "hmac_nss.cc", + "rsa_private_key_nss.cc", + "secure_hash_default.cc", + "signature_creator_nss.cc", + "signature_verifier_nss.cc", + "symmetric_key_nss.cc", + "third_party/nss/chromium-blapi.h", + "third_party/nss/chromium-blapit.h", + "third_party/nss/chromium-nss.h", + "third_party/nss/pk11akey.cc", + "third_party/nss/rsawrapr.c", + "third_party/nss/secsign.cc", + ] + } else { + # Remove OpenSSL when using NSS. + sources -= [ + "aead_openssl.cc", + "aead_openssl.h", + "ec_private_key_openssl.cc", + "ec_signature_creator_openssl.cc", + "encryptor_openssl.cc", + "hmac_openssl.cc", + "openssl_bio_string.cc", + "openssl_bio_string.h", + "openssl_util.cc", + "openssl_util.h", + "rsa_private_key_openssl.cc", + "secure_hash_openssl.cc", + "signature_creator_openssl.cc", + "signature_verifier_openssl.cc", + "symmetric_key_openssl.cc", + ] + } + + # Some files are built when NSS is used at all, either for the internal crypto + # library or the platform certificate library. + if (use_openssl && !use_nss_certs) { + sources -= [ + "nss_key_util.cc", + "nss_key_util.h", + "nss_util.cc", + "nss_util.h", + "nss_util_internal.h", + ] + } + + defines = [ "CRYPTO_IMPLEMENTATION" ] + } } # TODO(GYP): TODO(dpranke), fix the compile errors for this stuff @@ -223,6 +240,7 @@ if (false && is_win) { test("crypto_unittests") { sources = [ # Tests. + "aes_128_gcm_helpers_nss_unittest.cc", "curve25519_unittest.cc", "ec_private_key_unittest.cc", "ec_signature_creator_unittest.cc", @@ -253,7 +271,9 @@ test("crypto_unittests") { ] } - if (!use_openssl) { + if (use_openssl) { + sources -= [ "aes_128_gcm_helpers_nss_unittest.cc" ] + } else { sources -= [ "openssl_bio_string_unittest.cc" ] } diff --git a/chromium/crypto/OWNERS b/chromium/crypto/OWNERS index bde32a088b4..3ba4dd39e25 100644 --- a/chromium/crypto/OWNERS +++ b/chromium/crypto/OWNERS @@ -2,4 +2,3 @@ agl@chromium.org davidben@chromium.org rsleevi@chromium.org rvargas@chromium.org -wtc@chromium.org diff --git a/chromium/crypto/aead_openssl.cc b/chromium/crypto/aead_openssl.cc index e32168a576b..54795b8a406 100644 --- a/chromium/crypto/aead_openssl.cc +++ b/chromium/crypto/aead_openssl.cc @@ -53,7 +53,7 @@ bool Aead::Seal(const base::StringPiece& plaintext, EVP_AEAD_max_overhead(aead_) + plaintext.size(); size_t output_length; uint8* out_ptr = - reinterpret_cast<uint8*>(WriteInto(&result, max_output_length + 1)); + reinterpret_cast<uint8*>(base::WriteInto(&result, max_output_length + 1)); if (!EVP_AEAD_CTX_seal( &ctx, out_ptr, &output_length, max_output_length, @@ -91,7 +91,7 @@ bool Aead::Open(const base::StringPiece& ciphertext, const size_t max_output_length = ciphertext.size(); size_t output_length; uint8* out_ptr = - reinterpret_cast<uint8*>(WriteInto(&result, max_output_length + 1)); + reinterpret_cast<uint8*>(base::WriteInto(&result, max_output_length + 1)); if (!EVP_AEAD_CTX_open( &ctx, out_ptr, &output_length, max_output_length, diff --git a/chromium/crypto/aes_128_gcm_helpers_nss.cc b/chromium/crypto/aes_128_gcm_helpers_nss.cc new file mode 100644 index 00000000000..621f28b586f --- /dev/null +++ b/chromium/crypto/aes_128_gcm_helpers_nss.cc @@ -0,0 +1,374 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/aes_128_gcm_helpers_nss.h" + +#include <pkcs11t.h> +#include <seccomon.h> + +#include "base/lazy_instance.h" +#include "base/macros.h" +#include "crypto/ghash.h" +#include "crypto/scoped_nss_types.h" + +#if defined(USE_NSS_CERTS) +#include <dlfcn.h> +#endif + +namespace crypto { +namespace { + +// Declaration of the prototype both PK11_Decrypt and PK11_Encrypt follow. +using PK11_TransformFunction = SECStatus(PK11SymKey* symKey, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* outLen, + unsigned int maxLen, + const unsigned char* data, + unsigned int dataLen); + +// On Linux, dynamically link against the system version of libnss3.so. In +// order to continue working on systems without up-to-date versions of NSS, +// lookup PK11_Decrypt and PK11_Encrypt with dlsym. +// +// GcmSupportChecker is a singleton which caches the results of runtime symbol +// resolution of these symbols. +class GcmSupportChecker { + public: + PK11_TransformFunction* pk11_decrypt_func() { return pk11_decrypt_func_; } + + PK11_TransformFunction* pk11_encrypt_func() { return pk11_encrypt_func_; } + + private: + friend struct base::DefaultLazyInstanceTraits<GcmSupportChecker>; + + GcmSupportChecker() { +#if !defined(USE_NSS_CERTS) + // Using a bundled version of NSS that is guaranteed to have these symbols. + pk11_decrypt_func_ = PK11_Decrypt; + pk11_encrypt_func_ = PK11_Encrypt; +#else + // Using system NSS libraries and PCKS #11 modules, which may not have the + // necessary functions (PK11_Decrypt and PK11_Encrypt) or mechanism support + // (CKM_AES_GCM). + + // If PK11_Decrypt() and PK11_Encrypt() were successfully resolved, then NSS + // will support AES-GCM directly. This was introduced in NSS 3.15. + pk11_decrypt_func_ = reinterpret_cast<PK11_TransformFunction*>( + dlsym(RTLD_DEFAULT, "PK11_Decrypt")); + pk11_encrypt_func_ = reinterpret_cast<PK11_TransformFunction*>( + dlsym(RTLD_DEFAULT, "PK11_Encrypt")); +#endif + } + + ~GcmSupportChecker() {} + + // |pk11_decrypt_func_| stores the runtime symbol resolution of PK11_Decrypt. + PK11_TransformFunction* pk11_decrypt_func_; + + // |pk11_encrypt_func_| stores the runtime symbol resolution of PK11_Encrypt. + PK11_TransformFunction* pk11_encrypt_func_; + + DISALLOW_COPY_AND_ASSIGN(GcmSupportChecker); +}; + +base::LazyInstance<GcmSupportChecker>::Leaky g_gcm_support_checker = + LAZY_INSTANCE_INITIALIZER; + +} // namespace + +// Calls PK11_Decrypt if it's available. Otherwise, emulates CKM_AES_GCM using +// CKM_AES_CTR and the GaloisHash class. +SECStatus PK11DecryptHelper(PK11SymKey* key, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* out_len, + unsigned int max_len, + const unsigned char* data, + unsigned int data_len) { + // If PK11_Decrypt() was successfully resolved or if bundled version of NSS is + // being used, then NSS will support AES-GCM directly. + PK11_TransformFunction* pk11_decrypt_func = + g_gcm_support_checker.Get().pk11_decrypt_func(); + + if (pk11_decrypt_func != nullptr) { + return pk11_decrypt_func(key, mechanism, param, out, out_len, max_len, data, + data_len); + } + + // Otherwise, the user has an older version of NSS. Regrettably, NSS 3.14.x + // has a bug in the AES GCM code + // (https://bugzilla.mozilla.org/show_bug.cgi?id=853285), as well as missing + // the PK11_Decrypt function + // (https://bugzilla.mozilla.org/show_bug.cgi?id=854063), both of which are + // resolved in NSS 3.15. + + CHECK_EQ(mechanism, static_cast<CK_MECHANISM_TYPE>(CKM_AES_GCM)); + CHECK_EQ(param->len, sizeof(CK_GCM_PARAMS)); + + const CK_GCM_PARAMS* gcm_params = + reinterpret_cast<CK_GCM_PARAMS*>(param->data); + + const CK_ULONG auth_tag_size = gcm_params->ulTagBits / 8; + + if (gcm_params->ulIvLen != 12u) { + DVLOG(1) << "ulIvLen is not equal to 12"; + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + SECItem my_param = {siBuffer, nullptr, 0}; + + // Step 2. Let H = CIPH_K(128 '0' bits). + unsigned char ghash_key[16] = {0}; + crypto::ScopedPK11Context ctx( + PK11_CreateContextBySymKey(CKM_AES_ECB, CKA_ENCRYPT, key, &my_param)); + if (!ctx) { + DVLOG(1) << "PK11_CreateContextBySymKey failed"; + return SECFailure; + } + int output_len; + if (PK11_CipherOp(ctx.get(), ghash_key, &output_len, sizeof(ghash_key), + ghash_key, sizeof(ghash_key)) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + + if (PK11_Finalize(ctx.get()) != SECSuccess) { + DVLOG(1) << "PK11_Finalize failed"; + return SECFailure; + } + + if (output_len != sizeof(ghash_key)) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + // Step 3. If len(IV)=96, then let J0 = IV || 31 '0' bits || 1. + CK_AES_CTR_PARAMS ctr_params = {0}; + ctr_params.ulCounterBits = 32; + memcpy(ctr_params.cb, gcm_params->pIv, gcm_params->ulIvLen); + ctr_params.cb[12] = 0; + ctr_params.cb[13] = 0; + ctr_params.cb[14] = 0; + ctr_params.cb[15] = 1; + + my_param.type = siBuffer; + my_param.data = reinterpret_cast<unsigned char*>(&ctr_params); + my_param.len = sizeof(ctr_params); + + ctx.reset( + PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, key, &my_param)); + if (!ctx) { + DVLOG(1) << "PK11_CreateContextBySymKey failed"; + return SECFailure; + } + + // Step 6. Calculate the encryption mask of GCTR_K(J0, ...). + unsigned char tag_mask[16] = {0}; + if (PK11_CipherOp(ctx.get(), tag_mask, &output_len, sizeof(tag_mask), + tag_mask, sizeof(tag_mask)) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + if (output_len != sizeof(tag_mask)) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + if (data_len < auth_tag_size) { + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + // The const_cast for |data| can be removed if system NSS libraries are + // NSS 3.14.1 or later (NSS bug + // https://bugzilla.mozilla.org/show_bug.cgi?id=808218). + if (PK11_CipherOp(ctx.get(), out, &output_len, max_len, + const_cast<unsigned char*>(data), + data_len - auth_tag_size) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + + if (PK11_Finalize(ctx.get()) != SECSuccess) { + DVLOG(1) << "PK11_Finalize failed"; + return SECFailure; + } + + if (static_cast<unsigned int>(output_len) != data_len - auth_tag_size) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + crypto::GaloisHash ghash(ghash_key); + ghash.UpdateAdditional(gcm_params->pAAD, gcm_params->ulAADLen); + ghash.UpdateCiphertext(data, output_len); + unsigned char auth_tag[auth_tag_size]; + ghash.Finish(auth_tag, auth_tag_size); + for (unsigned int i = 0; i < auth_tag_size; i++) { + auth_tag[i] ^= tag_mask[i]; + } + + if (NSS_SecureMemcmp(auth_tag, data + output_len, auth_tag_size) != 0) { + PORT_SetError(SEC_ERROR_BAD_DATA); + return SECFailure; + } + + *out_len = output_len; + return SECSuccess; +} + +// Calls PK11_Encrypt if it's available. Otherwise, emulates CKM_AES_GCM using +// CKM_AES_CTR and the GaloisHash class. +SECStatus PK11EncryptHelper(PK11SymKey* key, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* out_len, + unsigned int max_len, + const unsigned char* data, + unsigned int data_len) { + // If PK11_Encrypt() was successfully resolved or if bundled version of NSS is + // being used, then NSS will support AES-GCM directly. + PK11_TransformFunction* pk11_encrypt_func = + g_gcm_support_checker.Get().pk11_encrypt_func(); + + if (pk11_encrypt_func != nullptr) { + return pk11_encrypt_func(key, mechanism, param, out, out_len, max_len, data, + data_len); + } + + // Otherwise, the user has an older version of NSS. Regrettably, NSS 3.14.x + // has a bug in the AES GCM code + // (https://bugzilla.mozilla.org/show_bug.cgi?id=853285), as well as missing + // the PK11_Encrypt function + // (https://bugzilla.mozilla.org/show_bug.cgi?id=854063), both of which are + // resolved in NSS 3.15. + + CHECK_EQ(mechanism, static_cast<CK_MECHANISM_TYPE>(CKM_AES_GCM)); + CHECK_EQ(param->len, sizeof(CK_GCM_PARAMS)); + + const CK_GCM_PARAMS* gcm_params = + reinterpret_cast<CK_GCM_PARAMS*>(param->data); + + const CK_ULONG auth_tag_size = gcm_params->ulTagBits / 8; + + if (max_len < auth_tag_size) { + DVLOG(1) << "max_len is less than kAuthTagSize"; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + if (gcm_params->ulIvLen != 12u) { + DVLOG(1) << "ulIvLen is not equal to 12"; + PORT_SetError(SEC_ERROR_INPUT_LEN); + return SECFailure; + } + + SECItem my_param = {siBuffer, nullptr, 0}; + + // Step 1. Let H = CIPH_K(128 '0' bits). + unsigned char ghash_key[16] = {0}; + crypto::ScopedPK11Context ctx( + PK11_CreateContextBySymKey(CKM_AES_ECB, CKA_ENCRYPT, key, &my_param)); + if (!ctx) { + DVLOG(1) << "PK11_CreateContextBySymKey failed"; + return SECFailure; + } + int output_len; + if (PK11_CipherOp(ctx.get(), ghash_key, &output_len, sizeof(ghash_key), + ghash_key, sizeof(ghash_key)) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + + if (PK11_Finalize(ctx.get()) != SECSuccess) { + DVLOG(1) << "PK11_Finalize failed"; + return SECFailure; + } + + if (output_len != sizeof(ghash_key)) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + // Step 2. If len(IV)=96, then let J0 = IV || 31 '0' bits || 1. + CK_AES_CTR_PARAMS ctr_params = {0}; + ctr_params.ulCounterBits = 32; + memcpy(ctr_params.cb, gcm_params->pIv, gcm_params->ulIvLen); + ctr_params.cb[12] = 0; + ctr_params.cb[13] = 0; + ctr_params.cb[14] = 0; + ctr_params.cb[15] = 1; + + my_param.type = siBuffer; + my_param.data = reinterpret_cast<unsigned char*>(&ctr_params); + my_param.len = sizeof(ctr_params); + + ctx.reset( + PK11_CreateContextBySymKey(CKM_AES_CTR, CKA_ENCRYPT, key, &my_param)); + if (!ctx) { + DVLOG(1) << "PK11_CreateContextBySymKey failed"; + return SECFailure; + } + + // Step 6. Calculate the encryption mask of GCTR_K(J0, ...). + unsigned char tag_mask[16] = {0}; + if (PK11_CipherOp(ctx.get(), tag_mask, &output_len, sizeof(tag_mask), + tag_mask, sizeof(tag_mask)) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + if (output_len != sizeof(tag_mask)) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + // The const_cast for |data| can be removed if system NSS libraries are + // NSS 3.14.1 or later (NSS bug + // https://bugzilla.mozilla.org/show_bug.cgi?id=808218). + if (PK11_CipherOp(ctx.get(), out, &output_len, max_len, + const_cast<unsigned char*>(data), data_len) != SECSuccess) { + DVLOG(1) << "PK11_CipherOp failed"; + return SECFailure; + } + + if (PK11_Finalize(ctx.get()) != SECSuccess) { + DVLOG(1) << "PK11_Finalize failed"; + return SECFailure; + } + + if (static_cast<unsigned int>(output_len) != data_len) { + DVLOG(1) << "Wrong output length"; + PORT_SetError(SEC_ERROR_LIBRARY_FAILURE); + return SECFailure; + } + + if ((max_len - auth_tag_size) < static_cast<unsigned int>(output_len)) { + DVLOG(1) << "(max_len - kAuthTagSize) is less than output_len"; + PORT_SetError(SEC_ERROR_OUTPUT_LEN); + return SECFailure; + } + + crypto::GaloisHash ghash(ghash_key); + ghash.UpdateAdditional(gcm_params->pAAD, gcm_params->ulAADLen); + ghash.UpdateCiphertext(out, output_len); + ghash.Finish(out + output_len, auth_tag_size); + for (unsigned int i = 0; i < auth_tag_size; i++) { + out[output_len + i] ^= tag_mask[i]; + } + + *out_len = output_len + auth_tag_size; + return SECSuccess; +} + +} // namespace crypto diff --git a/chromium/crypto/aes_128_gcm_helpers_nss.h b/chromium/crypto/aes_128_gcm_helpers_nss.h new file mode 100644 index 00000000000..dadc56e0f0d --- /dev/null +++ b/chromium/crypto/aes_128_gcm_helpers_nss.h @@ -0,0 +1,48 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef CRYPTO_AES_128_GCM_HELPERS_NSS_H_ +#define CRYPTO_AES_128_GCM_HELPERS_NSS_H_ + +#include <pk11pub.h> +#include <secerr.h> + +#include "crypto/crypto_export.h" + +namespace crypto { + +// When using the CKM_AES_GCM mechanism, one must consider that the mechanism +// had a bug in NSS 3.14.x (https://bugzilla.mozilla.org/show_bug.cgi?id=853285) +// which also lacks the PK11_Decrypt and PK11_Encrypt functions. +// (https://bugzilla.mozilla.org/show_bug.cgi?id=854063) +// +// While both these bugs were resolved in NSS 3.15, certain builds of Chromium +// may still be loading older versions of NSS as the system libraries. These +// helper methods emulate support by using CKM_AES_CTR and the GaloisHash. + +// Helper function for using PK11_Decrypt. |mechanism| must be set to +// CKM_AES_GCM for this method. +CRYPTO_EXPORT SECStatus PK11DecryptHelper(PK11SymKey* key, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* out_len, + unsigned int max_len, + const unsigned char* data, + unsigned int data_len); + +// Helper function for using PK11_Encrypt. |mechanism| must be set to +// CKM_AES_GCM for this method. +CRYPTO_EXPORT SECStatus PK11EncryptHelper(PK11SymKey* key, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* out_len, + unsigned int max_len, + const unsigned char* data, + unsigned int data_len); + +} // namespace crypto + +#endif // CRYPTO_AES_128_GCM_HELPERS_NSS_H_ diff --git a/chromium/crypto/aes_128_gcm_helpers_nss_unittest.cc b/chromium/crypto/aes_128_gcm_helpers_nss_unittest.cc new file mode 100644 index 00000000000..d741b2fe54d --- /dev/null +++ b/chromium/crypto/aes_128_gcm_helpers_nss_unittest.cc @@ -0,0 +1,580 @@ +// Copyright 2015 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#include "crypto/aes_128_gcm_helpers_nss.h" + +#include <pk11pub.h> +#include <secerr.h> +#include <string> + +#include "base/logging.h" +#include "base/rand_util.h" +#include "base/strings/string_number_conversions.h" +#include "base/strings/string_util.h" +#include "crypto/nss_util.h" +#include "crypto/random.h" +#include "crypto/scoped_nss_types.h" +#include "testing/gtest/include/gtest/gtest.h" + +namespace crypto { + +namespace { + +// The AES GCM test vectors come from the gcmDecrypt128.rsp and +// gcmEncryptExtIV128.rsp files downloaded from +// http://csrc.nist.gov/groups/STM/cavp/index.html on 2013-02-01. The test +// vectors in that file look like this: +// +// [Keylen = 128] +// [IVlen = 96] +// [PTlen = 0] +// [AADlen = 0] +// [Taglen = 128] +// +// Count = 0 +// Key = cf063a34d4a9a76c2c86787d3f96db71 +// IV = 113b9785971864c83b01c787 +// CT = +// AAD = +// Tag = 72ac8493e3a5228b5d130a69d2510e42 +// PT = +// +// Count = 1 +// Key = a49a5e26a2f8cb63d05546c2a62f5343 +// IV = 907763b19b9b4ab6bd4f0281 +// CT = +// AAD = +// Tag = a2be08210d8c470a8df6e8fbd79ec5cf +// FAIL +// +// ... +// +// These files are huge (2.6 MB and 2.8 MB), so this file contains just a +// selection of test vectors. + +// Describes a group of test vectors that all have a given key length, IV +// length, plaintext length, AAD length, and tag length. +struct TestGroupInfo { + size_t key_len; + size_t iv_len; + size_t input_len; + size_t aad_len; + size_t tag_len; +}; + +// Each test vector consists of six strings of lowercase hexadecimal digits. +// The strings may be empty (zero length). A test vector with a NULL |key| +// marks the end of an array of test vectors. +struct TestVector { + // Input: + const char* key; + const char* iv; + const char* input; + const char* aad; + const char* tag; + + // Expected output: + const char* output; // An empty string "" means decryption or encryption + // succeeded and the plaintext is zero-length. NULL means + // that the decryption or encryption failed. +}; + +const TestGroupInfo test_group_info[] = { + {128, 96, 0, 0, 128}, + {128, 96, 0, 128, 128}, + {128, 96, 128, 0, 128}, + {128, 96, 408, 160, 128}, + {128, 96, 408, 720, 128}, + {128, 96, 104, 0, 128}, +}; + +const TestVector decryption_test_group_0[] = { + {"cf063a34d4a9a76c2c86787d3f96db71", + "113b9785971864c83b01c787", + "", + "", + "72ac8493e3a5228b5d130a69d2510e42", + ""}, + { + "a49a5e26a2f8cb63d05546c2a62f5343", + "907763b19b9b4ab6bd4f0281", + "", + "", + "a2be08210d8c470a8df6e8fbd79ec5cf", + NULL // FAIL + }, + {NULL}}; + +const TestVector decryption_test_group_1[] = { + { + "d1f6af919cde85661208bdce0c27cb22", + "898c6929b435017bf031c3c5", + "", + "7c5faa40e636bbc91107e68010c92b9f", + "ae45f11777540a2caeb128be8092468a", + NULL // FAIL + }, + {"2370e320d4344208e0ff5683f243b213", + "04dbb82f044d30831c441228", + "", + "d43a8e5089eea0d026c03a85178b27da", + "2a049c049d25aa95969b451d93c31c6e", + ""}, + {NULL}}; + +const TestVector decryption_test_group_2[] = { + {"e98b72a9881a84ca6b76e0f43e68647a", + "8b23299fde174053f3d652ba", + "5a3c1cf1985dbb8bed818036fdd5ab42", + "", + "23c7ab0f952b7091cd324835043b5eb5", + "28286a321293253c3e0aa2704a278032"}, + {"33240636cd3236165f1a553b773e728e", + "17c4d61493ecdc8f31700b12", + "47bb7e23f7bdfe05a8091ac90e4f8b2e", + "", + "b723c70e931d9785f40fd4ab1d612dc9", + "95695a5b12f2870b9cc5fdc8f218a97d"}, + { + "5164df856f1e9cac04a79b808dc5be39", + "e76925d5355e0584ce871b2b", + "0216c899c88d6e32c958c7e553daa5bc", + "", + "a145319896329c96df291f64efbe0e3a", + NULL // FAIL + }, + {NULL}}; + +const TestVector decryption_test_group_3[] = { + {"af57f42c60c0fc5a09adb81ab86ca1c3", + "a2dc01871f37025dc0fc9a79", + "b9a535864f48ea7b6b1367914978f9bfa087d854bb0e269bed8d279d2eea1210e48947" + "338b22f9bad09093276a331e9c79c7f4", + "41dc38988945fcb44faf2ef72d0061289ef8efd8", + "4f71e72bde0018f555c5adcce062e005", + "3803a0727eeb0ade441e0ec107161ded2d425ec0d102f21f51bf2cf9947c7ec4aa7279" + "5b2f69b041596e8817d0a3c16f8fadeb"}, + {"ebc753e5422b377d3cb64b58ffa41b61", + "2e1821efaced9acf1f241c9b", + "069567190554e9ab2b50a4e1fbf9c147340a5025fdbd201929834eaf6532325899ccb9" + "f401823e04b05817243d2142a3589878", + "b9673412fd4f88ba0e920f46dd6438ff791d8eef", + "534d9234d2351cf30e565de47baece0b", + "39077edb35e9c5a4b1e4c2a6b9bb1fce77f00f5023af40333d6d699014c2bcf4209c18" + "353a18017f5b36bfc00b1f6dcb7ed485"}, + { + "52bdbbf9cf477f187ec010589cb39d58", + "d3be36d3393134951d324b31", + "700188da144fa692cf46e4a8499510a53d90903c967f7f13e8a1bd8151a74adc4fe63e" + "32b992760b3a5f99e9a47838867000a9", + "93c4fc6a4135f54d640b0c976bf755a06a292c33", + "8ca4e38aa3dfa6b1d0297021ccf3ea5f", + NULL // FAIL + }, + {NULL}}; + +const TestVector decryption_test_group_4[] = { + {"da2bb7d581493d692380c77105590201", + "44aa3e7856ca279d2eb020c6", + "9290d430c9e89c37f0446dbd620c9a6b34b1274aeb6f911f75867efcf95b6feda69f1a" + "f4ee16c761b3c9aeac3da03aa9889c88", + "4cd171b23bddb3a53cdf959d5c1710b481eb3785a90eb20a2345ee00d0bb7868c367ab" + "12e6f4dd1dee72af4eee1d197777d1d6499cc541f34edbf45cda6ef90b3c024f9272d7" + "2ec1909fb8fba7db88a4d6f7d3d925980f9f9f72", + "9e3ac938d3eb0cadd6f5c9e35d22ba38", + "9bbf4c1a2742f6ac80cb4e8a052e4a8f4f07c43602361355b717381edf9fabd4cb7e3a" + "d65dbd1378b196ac270588dd0621f642"}, + {"d74e4958717a9d5c0e235b76a926cae8", + "0b7471141e0c70b1995fd7b1", + "e701c57d2330bf066f9ff8cf3ca4343cafe4894651cd199bdaaa681ba486b4a65c5a22" + "b0f1420be29ea547d42c713bc6af66aa", + "4a42b7aae8c245c6f1598a395316e4b8484dbd6e64648d5e302021b1d3fa0a38f46e22" + "bd9c8080b863dc0016482538a8562a4bd0ba84edbe2697c76fd039527ac179ec5506cf" + "34a6039312774cedebf4961f3978b14a26509f96", + "e192c23cb036f0b31592989119eed55d", + "840d9fb95e32559fb3602e48590280a172ca36d9b49ab69510f5bd552bfab7a306f85f" + "f0a34bc305b88b804c60b90add594a17"}, + { + "1986310c725ac94ecfe6422e75fc3ee7", + "93ec4214fa8e6dc4e3afc775", + "b178ec72f85a311ac4168f42a4b2c23113fbea4b85f4b9dabb74e143eb1b8b0a361e02" + "43edfd365b90d5b325950df0ada058f9", + "e80b88e62c49c958b5e0b8b54f532d9ff6aa84c8a40132e93e55b59fc24e8decf28463" + "139f155d1e8ce4ee76aaeefcd245baa0fc519f83a5fb9ad9aa40c4b21126013f576c42" + "72c2cb136c8fd091cc4539877a5d1e72d607f960", + "8b347853f11d75e81e8a95010be81f17", + NULL // FAIL + }, + {NULL}}; + +const TestVector decryption_test_group_5[] = { + {"387218b246c1a8257748b56980e50c94", + "dd7e014198672be39f95b69d", + "cdba9e73eaf3d38eceb2b04a8d", + "", + "ecf90f4a47c9c626d6fb2c765d201556", + "48f5b426baca03064554cc2b30"}, + {"294de463721e359863887c820524b3d4", + "3338b35c9d57a5d28190e8c9", + "2f46634e74b8e4c89812ac83b9", + "", + "dabd506764e68b82a7e720aa18da0abe", + "46a2e55c8e264df211bd112685"}, + {"28ead7fd2179e0d12aa6d5d88c58c2dc", + "5055347f18b4d5add0ae5c41", + "142d8210c3fb84774cdbd0447a", + "", + "5fd321d9cdb01952dc85f034736c2a7d", + "3b95b981086ee73cc4d0cc1422"}, + { + "7d7b6c988137b8d470c57bf674a09c87", + "9edf2aa970d016ac962e1fd8", + "a85b66c3cb5eab91d5bdc8bc0e", + "", + "dc054efc01f3afd21d9c2484819f569a", + NULL // FAIL + }, + {NULL}}; + +const TestVector encryption_test_group_0[] = { + {"11754cd72aec309bf52f7687212e8957", + "3c819d9a9bed087615030b65", + "", + "", + "250327c674aaf477aef2675748cf6971", + ""}, + {"ca47248ac0b6f8372a97ac43508308ed", + "ffd2b598feabc9019262d2be", + "", + "", + "60d20404af527d248d893ae495707d1a", + ""}, + {NULL}}; + +const TestVector encryption_test_group_1[] = { + {"77be63708971c4e240d1cb79e8d77feb", + "e0e00f19fed7ba0136a797f3", + "", + "7a43ec1d9c0a5a78a0b16533a6213cab", + "209fcc8d3675ed938e9c7166709dd946", + ""}, + {"7680c5d3ca6154758e510f4d25b98820", + "f8f105f9c3df4965780321f8", + "", + "c94c410194c765e3dcc7964379758ed3", + "94dca8edfcf90bb74b153c8d48a17930", + ""}, + {NULL}}; + +const TestVector encryption_test_group_2[] = { + {"7fddb57453c241d03efbed3ac44e371c", + "ee283a3fc75575e33efd4887", + "d5de42b461646c255c87bd2962d3b9a2", + "", + "b36d1df9b9d5e596f83e8b7f52971cb3", + "2ccda4a5415cb91e135c2a0f78c9b2fd"}, + {"ab72c77b97cb5fe9a382d9fe81ffdbed", + "54cc7dc2c37ec006bcc6d1da", + "007c5e5b3e59df24a7c355584fc1518d", + "", + "2b4401346697138c7a4891ee59867d0c", + "0e1bde206a07a9c2c1b65300f8c64997"}, + {NULL}}; + +const TestVector encryption_test_group_3[] = { + {"fe47fcce5fc32665d2ae399e4eec72ba", + "5adb9609dbaeb58cbd6e7275", + "7c0e88c88899a779228465074797cd4c2e1498d259b54390b85e3eef1c02df60e743f1" + "b840382c4bccaf3bafb4ca8429bea063", + "88319d6e1d3ffa5f987199166c8a9b56c2aeba5a", + "291ef1982e4defedaa2249f898556b47", + "98f4826f05a265e6dd2be82db241c0fbbbf9ffb1c173aa83964b7cf539304373636525" + "3ddbc5db8778371495da76d269e5db3e"}, + {"ec0c2ba17aa95cd6afffe949da9cc3a8", + "296bce5b50b7d66096d627ef", + "b85b3753535b825cbe5f632c0b843c741351f18aa484281aebec2f45bb9eea2d79d987" + "b764b9611f6c0f8641843d5d58f3a242", + "f8d00f05d22bf68599bcdeb131292ad6e2df5d14", + "890147971946b627c40016da1ecf3e77", + "a7443d31c26bdf2a1c945e29ee4bd344a99cfaf3aa71f8b3f191f83c2adfc7a0716299" + "5506fde6309ffc19e716eddf1a828c5a"}, + {NULL}}; + +const TestVector encryption_test_group_4[] = { + {"2c1f21cf0f6fb3661943155c3e3d8492", + "23cb5ff362e22426984d1907", + "42f758836986954db44bf37c6ef5e4ac0adaf38f27252a1b82d02ea949c8a1a2dbc0d6" + "8b5615ba7c1220ff6510e259f06655d8", + "5d3624879d35e46849953e45a32a624d6a6c536ed9857c613b572b0333e701557a713e" + "3f010ecdf9a6bd6c9e3e44b065208645aff4aabee611b391528514170084ccf587177f" + "4488f33cfb5e979e42b6e1cfc0a60238982a7aec", + "57a3ee28136e94c74838997ae9823f3a", + "81824f0e0d523db30d3da369fdc0d60894c7a0a20646dd015073ad2732bd989b14a222" + "b6ad57af43e1895df9dca2a5344a62cc"}, + {"d9f7d2411091f947b4d6f1e2d1f0fb2e", + "e1934f5db57cc983e6b180e7", + "73ed042327f70fe9c572a61545eda8b2a0c6e1d6c291ef19248e973aee6c312012f490" + "c2c6f6166f4a59431e182663fcaea05a", + "0a8a18a7150e940c3d87b38e73baee9a5c049ee21795663e264b694a949822b639092d" + "0e67015e86363583fcf0ca645af9f43375f05fdb4ce84f411dcbca73c2220dea03a201" + "15d2e51398344b16bee1ed7c499b353d6c597af8", + "21b51ca862cb637cdd03b99a0f93b134", + "aaadbd5c92e9151ce3db7210b8714126b73e43436d242677afa50384f2149b831f1d57" + "3c7891c2a91fbc48db29967ec9542b23"}, + {NULL}}; + +const TestVector encryption_test_group_5[] = { + {"fe9bb47deb3a61e423c2231841cfd1fb", + "4d328eb776f500a2f7fb47aa", + "f1cc3818e421876bb6b8bbd6c9", + "", + "43fd4727fe5cdb4b5b42818dea7ef8c9", + "b88c5c1977b35b517b0aeae967"}, + {"6703df3701a7f54911ca72e24dca046a", + "12823ab601c350ea4bc2488c", + "793cd125b0b84a043e3ac67717", + "", + "38e6bcd29962e5f2c13626b85a877101", + "b2051c80014f42f08735a7b0cd"}, + {NULL}}; + +const TestVector* const decryption_test_group_array[] = { + decryption_test_group_0, + decryption_test_group_1, + decryption_test_group_2, + decryption_test_group_3, + decryption_test_group_4, + decryption_test_group_5, +}; + +const TestVector* const encryption_test_group_array[] = { + encryption_test_group_0, + encryption_test_group_1, + encryption_test_group_2, + encryption_test_group_3, + encryption_test_group_4, + encryption_test_group_5, +}; + +bool DecodeHexString(const base::StringPiece& hex, std::string* bytes) { + bytes->clear(); + if (hex.empty()) + return true; + std::vector<uint8> v; + if (!base::HexStringToBytes(hex.as_string(), &v)) + return false; + if (!v.empty()) + bytes->assign(reinterpret_cast<const char*>(&v[0]), v.size()); + return true; +} + +class Aes128GcmHelpersTest : public ::testing::Test { + public: + enum Mode { DECRYPT, ENCRYPT }; + + void SetUp() override { EnsureNSSInit(); } + + bool DecryptOrEncrypt(Mode mode, + const base::StringPiece& input, + const base::StringPiece& key, + const base::StringPiece& nonce, + const base::StringPiece& aad, + size_t auth_tag_size, + std::string* output) { + DCHECK(output); + + const CK_ATTRIBUTE_TYPE cka_mode = + mode == DECRYPT ? CKA_DECRYPT : CKA_ENCRYPT; + + SECItem key_item; + key_item.type = siBuffer; + key_item.data = const_cast<unsigned char*>( + reinterpret_cast<const unsigned char*>(key.data())); + key_item.len = key.size(); + + crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); + DCHECK(slot); + + crypto::ScopedPK11SymKey aead_key( + PK11_ImportSymKey(slot.get(), CKM_AES_GCM, PK11_OriginUnwrap, cka_mode, + &key_item, nullptr)); + + CK_GCM_PARAMS gcm_params; + gcm_params.pIv = const_cast<unsigned char*>( + reinterpret_cast<const unsigned char*>(nonce.data())); + gcm_params.ulIvLen = nonce.size(); + + gcm_params.pAAD = const_cast<unsigned char*>( + reinterpret_cast<const unsigned char*>(aad.data())); + + gcm_params.ulAADLen = aad.size(); + + gcm_params.ulTagBits = auth_tag_size * 8; + + SECItem param; + param.type = siBuffer; + param.data = reinterpret_cast<unsigned char*>(&gcm_params); + param.len = sizeof(CK_GCM_PARAMS); + + size_t maximum_output_length = input.size(); + if (mode == ENCRYPT) + maximum_output_length += auth_tag_size; + + unsigned int output_length = 0; + unsigned char* raw_input = const_cast<unsigned char*>( + reinterpret_cast<const unsigned char*>(input.data())); + unsigned char* raw_output = reinterpret_cast<unsigned char*>( + base::WriteInto(output, maximum_output_length + 1 /* null */)); + + PK11Helper_TransformFunction* transform_function = + mode == DECRYPT ? PK11DecryptHelper : PK11EncryptHelper; + + const SECStatus result = transform_function( + aead_key.get(), CKM_AES_GCM, ¶m, raw_output, &output_length, + maximum_output_length, raw_input, input.size()); + + if (result != SECSuccess) + return false; + + const size_t expected_output_length = mode == DECRYPT + ? input.size() - auth_tag_size + : input.size() + auth_tag_size; + + EXPECT_EQ(expected_output_length, output_length); + + output->resize(expected_output_length); + return true; + } + + private: + // The prototype of PK11_Decrypt and PK11_Encrypt. + using PK11Helper_TransformFunction = SECStatus(PK11SymKey* symKey, + CK_MECHANISM_TYPE mechanism, + SECItem* param, + unsigned char* out, + unsigned int* outLen, + unsigned int maxLen, + const unsigned char* data, + unsigned int dataLen); +}; + +} // namespace + +TEST_F(Aes128GcmHelpersTest, RoundTrip) { + const std::string message = "Hello, world!"; + + const size_t kKeySize = 16; + const size_t kNonceSize = 16; + + std::string key, nonce; + RandBytes(base::WriteInto(&key, kKeySize + 1), kKeySize); + RandBytes(base::WriteInto(&nonce, kNonceSize + 1), kNonceSize); + + // AEAD_AES_128_GCM is defined with a default authentication tag size of 16, + // but RFC 5282 extends this to authentication tag sizes of 8 and 12 as well. + size_t auth_tag_size = base::RandInt(2, 4) * 4; + + std::string encrypted; + ASSERT_TRUE(DecryptOrEncrypt(ENCRYPT, message, key, nonce, + base::StringPiece(), auth_tag_size, &encrypted)); + + std::string decrypted; + ASSERT_TRUE(DecryptOrEncrypt(DECRYPT, encrypted, key, nonce, + base::StringPiece(), auth_tag_size, &decrypted)); + + EXPECT_EQ(message, decrypted); +} + +TEST_F(Aes128GcmHelpersTest, DecryptionVectors) { + for (size_t i = 0; i < arraysize(decryption_test_group_array); i++) { + SCOPED_TRACE(i); + const TestVector* test_vectors = decryption_test_group_array[i]; + const TestGroupInfo& test_info = test_group_info[i]; + + for (size_t j = 0; test_vectors[j].key != nullptr; j++) { + // If not present then decryption is expected to fail. + bool has_output = test_vectors[j].output; + + // Decode the test vector. + std::string key, iv, input, aad, tag, expected_output; + ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].input, &input)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag)); + if (has_output) + ASSERT_TRUE(DecodeHexString(test_vectors[j].output, &expected_output)); + + // The test vector's lengths should look sane. Note that the lengths + // in |test_info| are in bits. + EXPECT_EQ(test_info.key_len, key.length() * 8); + EXPECT_EQ(test_info.iv_len, iv.length() * 8); + EXPECT_EQ(test_info.input_len, input.length() * 8); + EXPECT_EQ(test_info.aad_len, aad.length() * 8); + EXPECT_EQ(test_info.tag_len, tag.length() * 8); + if (has_output) + EXPECT_EQ(test_info.input_len, expected_output.length() * 8); + + const std::string ciphertext = input + tag; + std::string output; + + if (!DecryptOrEncrypt(DECRYPT, ciphertext, key, iv, aad, tag.length(), + &output)) { + EXPECT_FALSE(has_output); + continue; + } + + EXPECT_TRUE(has_output); + EXPECT_EQ(expected_output, output); + } + } +} + +TEST_F(Aes128GcmHelpersTest, EncryptionVectors) { + for (size_t i = 0; i < arraysize(encryption_test_group_array); i++) { + SCOPED_TRACE(i); + const TestVector* test_vectors = encryption_test_group_array[i]; + const TestGroupInfo& test_info = test_group_info[i]; + + for (size_t j = 0; test_vectors[j].key != nullptr; j++) { + // If not present then decryption is expected to fail. + bool has_output = test_vectors[j].output; + + // Decode the test vector. + std::string key, iv, input, aad, tag, expected_output; + ASSERT_TRUE(DecodeHexString(test_vectors[j].key, &key)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].iv, &iv)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].input, &input)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].aad, &aad)); + ASSERT_TRUE(DecodeHexString(test_vectors[j].tag, &tag)); + if (has_output) + ASSERT_TRUE(DecodeHexString(test_vectors[j].output, &expected_output)); + + // The test vector's lengths should look sane. Note that the lengths + // in |test_info| are in bits. + EXPECT_EQ(test_info.key_len, key.length() * 8); + EXPECT_EQ(test_info.iv_len, iv.length() * 8); + EXPECT_EQ(test_info.input_len, input.length() * 8); + EXPECT_EQ(test_info.aad_len, aad.length() * 8); + EXPECT_EQ(test_info.tag_len, tag.length() * 8); + if (has_output) + EXPECT_EQ(test_info.input_len, expected_output.length() * 8); + + std::string output; + + if (!DecryptOrEncrypt(ENCRYPT, input, key, iv, aad, tag.length(), + &output)) { + EXPECT_FALSE(has_output); + continue; + } + + const std::string expected_output_with_tag = expected_output + tag; + + EXPECT_TRUE(has_output); + EXPECT_EQ(expected_output_with_tag, output); + } + } +} + +} // namespace crypto diff --git a/chromium/crypto/crypto.gyp b/chromium/crypto/crypto.gyp index e6bff0b098b..6327ce76dd2 100644 --- a/chromium/crypto/crypto.gyp +++ b/chromium/crypto/crypto.gyp @@ -104,6 +104,8 @@ # TODO(joth): Use a glob to match exclude patterns once the # OpenSSL file set is complete. 'sources!': [ + 'aes_128_gcm_helpers_nss.cc', + 'aes_128_gcm_helpers_nss.h', 'ec_private_key_nss.cc', 'ec_signature_creator_nss.cc', 'encryptor_nss.cc', @@ -163,6 +165,7 @@ 'type': 'executable', 'sources': [ 'aead_openssl_unittest.cc', + 'aes_128_gcm_helpers_nss_unittest.cc', 'curve25519_unittest.cc', 'ec_private_key_unittest.cc', 'ec_signature_creator_unittest.cc', @@ -227,6 +230,9 @@ 'dependencies': [ '../third_party/boringssl/boringssl.gyp:boringssl', ], + 'sources!': [ + 'aes_128_gcm_helpers_nss_unittest.cc', + ], }, { 'sources!': [ 'openssl_bio_string_unittest.cc', diff --git a/chromium/crypto/crypto.gypi b/chromium/crypto/crypto.gypi index 73b33322605..71ffbecad11 100644 --- a/chromium/crypto/crypto.gypi +++ b/chromium/crypto/crypto.gypi @@ -29,6 +29,8 @@ '<@(hmac_win64_related_sources)', 'aead_openssl.cc', 'aead_openssl.h', + 'aes_128_gcm_helpers_nss.cc', + 'aes_128_gcm_helpers_nss.h', 'apple_keychain.h', 'apple_keychain_ios.mm', 'apple_keychain_mac.mm', diff --git a/chromium/crypto/crypto_unittests.isolate b/chromium/crypto/crypto_unittests.isolate index 93272b431ae..e09095c142b 100644 --- a/chromium/crypto/crypto_unittests.isolate +++ b/chromium/crypto/crypto_unittests.isolate @@ -2,44 +2,18 @@ # Use of this source code is governed by a BSD-style license that can be # found in the LICENSE file. { + 'variables': { + 'command': [ + '../testing/test_env.py', + '<(PRODUCT_DIR)/crypto_unittests<(EXECUTABLE_SUFFIX)', + '--brave-new-test-launcher', + '--test-launcher-bot-mode', + '--asan=<(asan)', + '--msan=<(msan)', + '--tsan=<(tsan)', + ], + }, 'conditions': [ - ['use_x11==0', { - 'variables': { - 'command': [ - '../testing/test_env.py', - '<(PRODUCT_DIR)/crypto_unittests<(EXECUTABLE_SUFFIX)', - '--brave-new-test-launcher', - '--test-launcher-bot-mode', - '--asan=<(asan)', - '--msan=<(msan)', - '--tsan=<(tsan)', - ], - }, - }], - ['use_x11==1', { - 'variables': { - 'command': [ - '../testing/xvfb.py', - '<(PRODUCT_DIR)', - '<(PRODUCT_DIR)/crypto_unittests<(EXECUTABLE_SUFFIX)', - '--brave-new-test-launcher', - '--test-launcher-bot-mode', - '--asan=<(asan)', - '--msan=<(msan)', - '--tsan=<(tsan)', - ], - 'files': [ - '../testing/xvfb.py', - ], - }, - }], - ['OS=="linux" and use_ozone==0', { - 'variables': { - 'files': [ - '<(PRODUCT_DIR)/xdisplaycheck<(EXECUTABLE_SUFFIX)', - ], - }, - }], ['OS=="linux" or OS=="mac" or OS=="win"', { 'variables': { 'files': [ diff --git a/chromium/crypto/encryptor_openssl.cc b/chromium/crypto/encryptor_openssl.cc index 0504adbcb9f..4f0e51137d7 100644 --- a/chromium/crypto/encryptor_openssl.cc +++ b/chromium/crypto/encryptor_openssl.cc @@ -113,8 +113,8 @@ bool Encryptor::Crypt(bool do_encrypt, const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); CHECK_GT(output_size, 0u); CHECK_GT(output_size + 1, input.size()); - uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, - output_size + 1)); + uint8* out_ptr = + reinterpret_cast<uint8*>(base::WriteInto(&result, output_size + 1)); int out_len; if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, reinterpret_cast<const uint8*>(input.data()), @@ -154,7 +154,8 @@ bool Encryptor::CryptCTR(bool do_encrypt, CHECK_GT(out_size + 1, input.size()); std::string result; - uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, out_size + 1)); + uint8* out_ptr = + reinterpret_cast<uint8*>(base::WriteInto(&result, out_size + 1)); uint8_t ivec[AES_BLOCK_SIZE] = { 0 }; uint8_t ecount_buf[AES_BLOCK_SIZE] = { 0 }; diff --git a/chromium/crypto/mock_apple_keychain.h b/chromium/crypto/mock_apple_keychain.h index 3948d489755..f73d3a6466e 100644 --- a/chromium/crypto/mock_apple_keychain.h +++ b/chromium/crypto/mock_apple_keychain.h @@ -118,6 +118,8 @@ class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain { }; // Adds a keychain item with the given info to the test set. void AddTestItem(const KeychainTestData& item_data); + + void set_locked(bool locked) { locked_ = locked; } #endif // !defined(OS_IOS) // |FindGenericPassword()| can return different results depending on user @@ -201,6 +203,10 @@ class CRYPTO_EXPORT MockAppleKeychain : public AppleKeychain { static const SecKeychainSearchRef kDummySearchRef; + // Simulates the state when the user refuses to unclock the Keychain. + // If true, reading and modifying a password value result in errSecAuthFailed. + bool locked_; + typedef struct KeychainPasswordData { KeychainPasswordData() : data(NULL), length(0) {} void* data; diff --git a/chromium/crypto/mock_apple_keychain_mac.cc b/chromium/crypto/mock_apple_keychain_mac.cc index d586f70b363..5f33e5b2099 100644 --- a/chromium/crypto/mock_apple_keychain_mac.cc +++ b/chromium/crypto/mock_apple_keychain_mac.cc @@ -13,7 +13,8 @@ const SecKeychainSearchRef MockAppleKeychain::kDummySearchRef = reinterpret_cast<SecKeychainSearchRef>(1000); MockAppleKeychain::MockAppleKeychain() - : next_item_key_(0), + : locked_(false), + next_item_key_(0), search_copy_count_(0), keychain_item_copy_count_(0), attribute_data_copy_count_(0), @@ -195,6 +196,9 @@ OSStatus MockAppleKeychain::ItemCopyAttributesAndData( return errSecInvalidItemRef; DCHECK(!itemClass); // itemClass not implemented in the Mock. + if (locked_ && outData) + return errSecAuthFailed; + if (attrList) *attrList = &(keychain_attr_list_[key]); if (outData) { @@ -213,6 +217,8 @@ OSStatus MockAppleKeychain::ItemModifyAttributesAndData( UInt32 length, const void* data) const { DCHECK(itemRef); + if (locked_) + return errSecAuthFailed; const char* fail_trigger = "fail_me"; if (length == strlen(fail_trigger) && memcmp(data, fail_trigger, length) == 0) { @@ -248,6 +254,8 @@ OSStatus MockAppleKeychain::ItemFreeAttributesAndData( } OSStatus MockAppleKeychain::ItemDelete(SecKeychainItemRef itemRef) const { + if (locked_) + return errSecAuthFailed; MockKeychainItemType key = reinterpret_cast<MockKeychainItemType>(itemRef) - 1; @@ -390,6 +398,8 @@ OSStatus MockAppleKeychain::AddInternetPassword( UInt32 passwordLength, const void* passwordData, SecKeychainItemRef* itemRef) const { + if (locked_) + return errSecAuthFailed; // Check for the magic duplicate item trigger. if (strcmp(serverName, "some.domain.com") == 0) diff --git a/chromium/crypto/nss_key_util_unittest.cc b/chromium/crypto/nss_key_util_unittest.cc index f8de8e236bb..ff4d55a1460 100644 --- a/chromium/crypto/nss_key_util_unittest.cc +++ b/chromium/crypto/nss_key_util_unittest.cc @@ -50,7 +50,7 @@ TEST_F(NSSKeyUtilTest, FindNSSKeyFromPublicKeyInfo) { // Create an NSS keypair, which will put the keys in the user's NSSDB. ScopedSECKEYPublicKey public_key; ScopedSECKEYPrivateKey private_key; - ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 256, + ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, false /* not permanent */, &public_key, &private_key)); @@ -68,7 +68,7 @@ TEST_F(NSSKeyUtilTest, FailedFindNSSKeyFromPublicKeyInfo) { // Create an NSS keypair, which will put the keys in the user's NSSDB. ScopedSECKEYPublicKey public_key; ScopedSECKEYPrivateKey private_key; - ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 256, + ASSERT_TRUE(GenerateRSAKeyPairNSS(internal_slot(), 512, false /* not permanent */, &public_key, &private_key)); diff --git a/chromium/crypto/nss_util.cc b/chromium/crypto/nss_util.cc index df9316054e7..125591c73f6 100644 --- a/chromium/crypto/nss_util.cc +++ b/chromium/crypto/nss_util.cc @@ -37,7 +37,6 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" #include "base/message_loop/message_loop.h" -#include "base/metrics/histogram.h" #include "base/native_library.h" #include "base/path_service.h" #include "base/stl_util.h" @@ -685,8 +684,6 @@ class NSSInitSingleton { initializing_tpm_token_(false), chaps_module_(NULL), root_(NULL) { - base::TimeTicks start_time = base::TimeTicks::Now(); - // It's safe to construct on any thread, since LazyInstance will prevent any // other threads from accessing until the constructor is done. thread_checker_.DetachFromThread(); @@ -783,14 +780,6 @@ class NSSInitSingleton { NSS_SetAlgorithmPolicy(SEC_OID_MD5, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); NSS_SetAlgorithmPolicy(SEC_OID_PKCS1_MD5_WITH_RSA_ENCRYPTION, 0, NSS_USE_ALG_IN_CERT_SIGNATURE); - - // The UMA bit is conditionally set for this histogram in - // components/startup_metric_utils.cc . - LOCAL_HISTOGRAM_CUSTOM_TIMES("Startup.SlowStartupNSSInit", - base::TimeTicks::Now() - start_time, - base::TimeDelta::FromMilliseconds(10), - base::TimeDelta::FromHours(1), - 50); } // NOTE(willchan): We don't actually execute this code since we leak NSS to diff --git a/chromium/crypto/openssl_util.cc b/chromium/crypto/openssl_util.cc index 964d83b8433..d89857f3851 100644 --- a/chromium/crypto/openssl_util.cc +++ b/chromium/crypto/openssl_util.cc @@ -9,10 +9,8 @@ #include <openssl/cpu.h> #include "base/logging.h" -#include "base/memory/scoped_vector.h" #include "base/memory/singleton.h" #include "base/strings/string_piece.h" -#include "base/synchronization/lock.h" #include "build/build_config.h" #if defined(OS_ANDROID) && defined(ARCH_CPU_ARMEL) @@ -24,11 +22,6 @@ namespace crypto { namespace { -void CurrentThreadId(CRYPTO_THREADID* id) { - CRYPTO_THREADID_set_numeric( - id, static_cast<unsigned long>(base::PlatformThread::CurrentId())); -} - // Singleton for initializing and cleaning up the OpenSSL library. class OpenSSLInitSingleton { public: @@ -60,36 +53,10 @@ class OpenSSLInitSingleton { CRYPTO_set_NEON_functional(!cpu.has_broken_neon()); #endif - SSL_load_error_strings(); SSL_library_init(); - int num_locks = CRYPTO_num_locks(); - locks_.reserve(num_locks); - for (int i = 0; i < num_locks; ++i) - locks_.push_back(new base::Lock()); - CRYPTO_set_locking_callback(LockingCallback); - CRYPTO_THREADID_set_callback(CurrentThreadId); - } - - ~OpenSSLInitSingleton() { - CRYPTO_set_locking_callback(NULL); - EVP_cleanup(); - ERR_free_strings(); - } - - static void LockingCallback(int mode, int n, const char* file, int line) { - OpenSSLInitSingleton::GetInstance()->OnLockingCallback(mode, n, file, line); - } - - void OnLockingCallback(int mode, int n, const char* file, int line) { - CHECK_LT(static_cast<size_t>(n), locks_.size()); - if (mode & CRYPTO_LOCK) - locks_[n]->Acquire(); - else - locks_[n]->Release(); } - // These locks are used and managed by OpenSSL via LockingCallback(). - ScopedVector<base::Lock> locks_; + ~OpenSSLInitSingleton() {} DISALLOW_COPY_AND_ASSIGN(OpenSSLInitSingleton); }; diff --git a/chromium/crypto/random_unittest.cc b/chromium/crypto/random_unittest.cc index 846d9b66f3d..00d4b2b5e86 100644 --- a/chromium/crypto/random_unittest.cc +++ b/chromium/crypto/random_unittest.cc @@ -22,6 +22,6 @@ bool IsTrivial(const std::string& bytes) { TEST(RandBytes, RandBytes) { std::string bytes(16, '\0'); - crypto::RandBytes(WriteInto(&bytes, bytes.size()), bytes.size()); + crypto::RandBytes(base::WriteInto(&bytes, bytes.size()), bytes.size()); EXPECT_TRUE(!IsTrivial(bytes)); } diff --git a/chromium/crypto/rsa_private_key_unittest.cc b/chromium/crypto/rsa_private_key_unittest.cc index b231cac6cc3..9e7f6ff51fe 100644 --- a/chromium/crypto/rsa_private_key_unittest.cc +++ b/chromium/crypto/rsa_private_key_unittest.cc @@ -447,7 +447,8 @@ TEST(RSAPrivateKeyUnitTest, ShortIntegers) { TEST(RSAPrivateKeyUnitTest, CreateFromKeyTest) { scoped_ptr<crypto::RSAPrivateKey> key_pair( - crypto::RSAPrivateKey::Create(256)); + crypto::RSAPrivateKey::Create(512)); + ASSERT_TRUE(key_pair.get()); scoped_ptr<crypto::RSAPrivateKey> key_copy( crypto::RSAPrivateKey::CreateFromKey(key_pair->key())); diff --git a/chromium/crypto/secure_hash.h b/chromium/crypto/secure_hash.h index 173fd0a8a3e..23349b0be00 100644 --- a/chromium/crypto/secure_hash.h +++ b/chromium/crypto/secure_hash.h @@ -8,8 +8,10 @@ #include "base/basictypes.h" #include "crypto/crypto_export.h" +namespace base { class Pickle; class PickleIterator; +} namespace crypto { @@ -30,13 +32,13 @@ class CRYPTO_EXPORT SecureHash { // Serialize the context, so it can be restored at a later time. // |pickle| will contain the serialized data. // Returns whether or not |pickle| was filled. - virtual bool Serialize(Pickle* pickle) = 0; + virtual bool Serialize(base::Pickle* pickle) = 0; // Restore the context that was saved earlier. // |data_iterator| allows this to be used as part of a larger pickle. // |pickle| holds the saved data. // Returns success or failure. - virtual bool Deserialize(PickleIterator* data_iterator) = 0; + virtual bool Deserialize(base::PickleIterator* data_iterator) = 0; protected: SecureHash() {} diff --git a/chromium/crypto/secure_hash_default.cc b/chromium/crypto/secure_hash_default.cc index 262beb7fd18..739b402b6c1 100644 --- a/chromium/crypto/secure_hash_default.cc +++ b/chromium/crypto/secure_hash_default.cc @@ -35,14 +35,14 @@ class SecureHashSHA256NSS : public SecureHash { static_cast<unsigned int>(len)); } - bool Serialize(Pickle* pickle) override; - bool Deserialize(PickleIterator* data_iterator) override; + bool Serialize(base::Pickle* pickle) override; + bool Deserialize(base::PickleIterator* data_iterator) override; private: SHA256Context ctx_; }; -bool SecureHashSHA256NSS::Serialize(Pickle* pickle) { +bool SecureHashSHA256NSS::Serialize(base::Pickle* pickle) { if (!pickle) return false; @@ -55,7 +55,7 @@ bool SecureHashSHA256NSS::Serialize(Pickle* pickle) { return true; } -bool SecureHashSHA256NSS::Deserialize(PickleIterator* data_iterator) { +bool SecureHashSHA256NSS::Deserialize(base::PickleIterator* data_iterator) { int version; if (!data_iterator->ReadInt(&version)) return false; diff --git a/chromium/crypto/secure_hash_openssl.cc b/chromium/crypto/secure_hash_openssl.cc index ee1993c58e4..1033b8e25eb 100644 --- a/chromium/crypto/secure_hash_openssl.cc +++ b/chromium/crypto/secure_hash_openssl.cc @@ -40,14 +40,14 @@ class SecureHashSHA256OpenSSL : public SecureHash { SHA256_Final(result.safe_buffer(), &ctx_); } - bool Serialize(Pickle* pickle) override; - bool Deserialize(PickleIterator* data_iterator) override; + bool Serialize(base::Pickle* pickle) override; + bool Deserialize(base::PickleIterator* data_iterator) override; private: SHA256_CTX ctx_; }; -bool SecureHashSHA256OpenSSL::Serialize(Pickle* pickle) { +bool SecureHashSHA256OpenSSL::Serialize(base::Pickle* pickle) { if (!pickle) return false; @@ -60,7 +60,7 @@ bool SecureHashSHA256OpenSSL::Serialize(Pickle* pickle) { return true; } -bool SecureHashSHA256OpenSSL::Deserialize(PickleIterator* data_iterator) { +bool SecureHashSHA256OpenSSL::Deserialize(base::PickleIterator* data_iterator) { if (!data_iterator) return false; diff --git a/chromium/crypto/secure_hash_unittest.cc b/chromium/crypto/secure_hash_unittest.cc index c21c365b1c2..facf476e0af 100644 --- a/chromium/crypto/secure_hash_unittest.cc +++ b/chromium/crypto/secure_hash_unittest.cc @@ -53,7 +53,7 @@ TEST(SecureHashTest, TestSerialization) { crypto::SecureHash::SHA256)); scoped_ptr<crypto::SecureHash> ctx2(crypto::SecureHash::Create( crypto::SecureHash::SHA256)); - Pickle pickle; + base::Pickle pickle; ctx1->Update(input1.data(), input1.size()); ctx1->Update(input2.data(), input2.size()); ctx1->Update(input3.data(), input3.size()); @@ -64,7 +64,7 @@ TEST(SecureHashTest, TestSerialization) { ctx1->Finish(output1, sizeof(output1)); - PickleIterator data_iterator(pickle); + base::PickleIterator data_iterator(pickle); EXPECT_TRUE(ctx2->Deserialize(&data_iterator)); ctx2->Update(input4.data(), input4.size()); ctx2->Update(input5.data(), input5.size()); diff --git a/chromium/crypto/symmetric_key_openssl.cc b/chromium/crypto/symmetric_key_openssl.cc index e268a1d0f98..912c9b4db2d 100644 --- a/chromium/crypto/symmetric_key_openssl.cc +++ b/chromium/crypto/symmetric_key_openssl.cc @@ -39,8 +39,8 @@ SymmetricKey* SymmetricKey::GenerateRandomKey(Algorithm algorithm, OpenSSLErrStackTracer err_tracer(FROM_HERE); scoped_ptr<SymmetricKey> key(new SymmetricKey); - uint8* key_data = - reinterpret_cast<uint8*>(WriteInto(&key->key_, key_size_in_bytes + 1)); + uint8* key_data = reinterpret_cast<uint8*>( + base::WriteInto(&key->key_, key_size_in_bytes + 1)); int rv = RAND_bytes(key_data, static_cast<int>(key_size_in_bytes)); return rv == 1 ? key.release() : NULL; @@ -70,8 +70,8 @@ SymmetricKey* SymmetricKey::DeriveKeyFromPassword(Algorithm algorithm, OpenSSLErrStackTracer err_tracer(FROM_HERE); scoped_ptr<SymmetricKey> key(new SymmetricKey); - uint8* key_data = - reinterpret_cast<uint8*>(WriteInto(&key->key_, key_size_in_bytes + 1)); + uint8* key_data = reinterpret_cast<uint8*>( + base::WriteInto(&key->key_, key_size_in_bytes + 1)); int rv = PKCS5_PBKDF2_HMAC_SHA1(password.data(), password.length(), reinterpret_cast<const uint8*>(salt.data()), salt.length(), iterations, |