Google Git
Sign in
webrtc/src//b3f887b82310f8f2d7846cee0224c5fef30c1a5b^!/./rtc_base/key_derivation.h
commit
b3f887b82310f8f2d7846cee0224c5fef30c1a5b
[log]
author
Benjamin Wright <benwright@webrtc.org>
Tue Oct 30 20:53:30 2018
committer
Commit Bot <commit-bot@chromium.org>
Tue Oct 30 21:44:28 2018
tree
cb125baac0d8eef6a6ab5a9c4dc533a7a7ce5ad2
parent
1a92cd7312cad7d312f5bd40cebf3e7499ab141b [diff] [blame]
Expose key derivation through a simple interface for use in WebRTC.

This change just wraps the openssl key derivation functions in a simple
interface in a similar way to how we do it for messagedigest.h so we aren't
coupled to openssl in the core implementation.

Bug: webrtc:9917
Change-Id: I8556bd6e38b7da34d93abbe29415c3366f6532ba
Reviewed-on: https://webrtc-review.googlesource.com/c/107981
Reviewed-by: Qingsi Wang <qingsi@webrtc.org>
Commit-Queue: Benjamin Wright <benwright@webrtc.org>
Cr-Commit-Position: refs/heads/master@{#25440}
diff --git a/rtc_base/key_derivation.h b/rtc_base/key_derivation.h
new file mode 100644
index 0000000..fa329ae
--- /dev/null
+++ b/rtc_base/key_derivation.h

@@ -0,0 +1,70 @@
+/*
+ *  Copyright 2018 The WebRTC Project Authors. All rights reserved.
+ *
+ *  Use of this source code is governed by a BSD-style license
+ *  that can be found in the LICENSE file in the root of the source
+ *  tree. An additional intellectual property rights grant can be found
+ *  in the file PATENTS.  All contributing project authors may
+ *  be found in the AUTHORS file in the root of the source tree.
+ */
+
+#ifndef RTC_BASE_KEY_DERIVATION_H_
+#define RTC_BASE_KEY_DERIVATION_H_
+
+#include <memory>
+
+#include "absl/types/optional.h"
+#include "api/array_view.h"
+#include "rtc_base/buffer.h"
+#include "rtc_base/constructormagic.h"
+
+namespace rtc {
+
+// Defines the set of key derivation algorithms that are supported. It is ideal
+// to keep this list as small as possible.
+enum class KeyDerivationAlgorithm {
+  // This algorithm is not suitable to generate a key from a password. Please
+  // only use with a cryptographically random master secret.
+  HKDF_SHA256
+};
+
+// KeyDerivation provides a generic interface for deriving keys in WebRTC. This
+// class should be used over directly accessing openssl or boringssl primitives
+// so that we can maintain seperate implementations.
+// Example:
+//   auto kd = KeyDerivation::Create(KeyDerivationAlgorithm::HDKF_SHA526);
+//   if (kd == nullptr) return;
+//   auto derived_key_or = kd->DeriveKey(secret, salt, label);
+//   if (!derived_key_or.ok()) return;
+//   DoSomethingWithKey(derived_key_or.value());
+class KeyDerivation {
+ public:
+  KeyDerivation();
+  virtual ~KeyDerivation();
+
+  // Derives a new key from existing key material.
+  // secret - The random secret value you wish to derive a key from.
+  // salt - Optional but recommended (non secret) cryptographically random.
+  // label - A non secret but unique label value to determine the derivation.
+  // derived_key_byte_size - This must be at least 128 bits.
+  // return - An optional ZeroOnFreeBuffer containing the derived key or
+  // absl::nullopt. Nullopt indicates a failure in derivation.
+  virtual absl::optional<ZeroOnFreeBuffer<uint8_t>> DeriveKey(
+      rtc::ArrayView<const uint8_t> secret,
+      rtc::ArrayView<const uint8_t> salt,
+      rtc::ArrayView<const uint8_t> label,
+      size_t derived_key_byte_size) = 0;
+
+  // Static factory that will return an implementation that is capable of
+  // handling the key derivation with the requested algorithm. If no
+  // implementation is available nullptr will be returned.
+  static std::unique_ptr<KeyDerivation> Create(
+      KeyDerivationAlgorithm key_derivation_algorithm);
+
+ private:
+  RTC_DISALLOW_COPY_AND_ASSIGN(KeyDerivation);
+};
+
+}  // namespace rtc
+
+#endif  // RTC_BASE_KEY_DERIVATION_H_