From 3bfdc52565cef25c1b36a976a27172ca492f6137 Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Fri, 1 Sep 2023 21:13:45 +0000 Subject: [PATCH] Replace base::StringPiece with std::string_view in //crypto While I'm here, use the new, more direct EC_GROUP APIs in crypto/p224_spake.cc. Bug: 691162 Change-Id: I45b25bd265aa5a10504c953fdbd4e6f689ed38f2 Reviewed-on: https://chromium-review.googlesource.com/c/chromium/src/+/4826810 Auto-Submit: David Benjamin Reviewed-by: Bob Beck Commit-Queue: David Benjamin Cr-Commit-Position: refs/heads/main@{#1191583} --- crypto/aead.cc | 14 ++++++------ crypto/aead.h | 16 ++++++------- crypto/chaps_support.cc | 6 +++-- crypto/encryptor.cc | 10 ++++----- crypto/encryptor.h | 14 ++++++------ crypto/encryptor_unittest.cc | 12 +++++----- crypto/hkdf.cc | 6 ++--- crypto/hkdf.h | 8 +++---- crypto/hmac.cc | 8 +++---- crypto/hmac.h | 16 ++++++------- crypto/hmac_unittest.cc | 38 +++++++++++++++---------------- crypto/nss_util_chromeos.cc | 1 - crypto/openssl_util.cc | 5 ++--- crypto/p224_spake.cc | 41 +++++++++++++++++----------------- crypto/p224_spake.h | 6 ++--- crypto/sha2.cc | 4 ++-- crypto/sha2.h | 6 ++--- crypto/unexportable_key_win.cc | 1 - 18 files changed, 104 insertions(+), 108 deletions(-) diff --git a/crypto/aead.cc b/crypto/aead.cc index bb556f8afb92f4..b3b26d9553bd23 100644 --- a/crypto/aead.cc +++ b/crypto/aead.cc @@ -41,7 +41,7 @@ void Aead::Init(base::span key) { key_ = key; } -static base::span ToSpan(base::StringPiece sp) { +static base::span ToSpan(std::string_view sp) { return base::as_bytes(base::make_span(sp)); } @@ -66,9 +66,9 @@ std::vector Aead::Seal( return ret; } -bool Aead::Seal(base::StringPiece plaintext, - base::StringPiece nonce, - base::StringPiece additional_data, +bool Aead::Seal(std::string_view plaintext, + std::string_view nonce, + std::string_view additional_data, std::string* ciphertext) const { const size_t max_output_length = EVP_AEAD_max_overhead(aead_) + plaintext.size(); @@ -105,9 +105,9 @@ absl::optional> Aead::Open( return ret; } -bool Aead::Open(base::StringPiece ciphertext, - base::StringPiece nonce, - base::StringPiece additional_data, +bool Aead::Open(std::string_view ciphertext, + std::string_view nonce, + std::string_view additional_data, std::string* plaintext) const { const size_t max_output_length = ciphertext.size(); CHECK(max_output_length + 1 > max_output_length); diff --git a/crypto/aead.h b/crypto/aead.h index db56e0e2c9f9a5..9a0c7061a95b3f 100644 --- a/crypto/aead.h +++ b/crypto/aead.h @@ -9,11 +9,11 @@ #include #include +#include #include #include "base/containers/span.h" #include "base/memory/raw_ptr.h" -#include "base/strings/string_piece.h" #include "crypto/crypto_export.h" #include "third_party/abseil-cpp/absl/types/optional.h" @@ -23,7 +23,7 @@ namespace crypto { // This class exposes the AES-128-CTR-HMAC-SHA256 and AES_256_GCM AEAD. Note // that there are two versions of most methods: an historical version based -// around |StringPiece| and a more modern version that takes |base::span|. +// around |std::string_view| and a more modern version that takes |base::span|. // Prefer the latter in new code. class CRYPTO_EXPORT Aead { public: @@ -51,9 +51,9 @@ class CRYPTO_EXPORT Aead { base::span nonce, base::span additional_data) const; - bool Seal(base::StringPiece plaintext, - base::StringPiece nonce, - base::StringPiece additional_data, + bool Seal(std::string_view plaintext, + std::string_view nonce, + std::string_view additional_data, std::string* ciphertext) const; absl::optional> Open( @@ -61,9 +61,9 @@ class CRYPTO_EXPORT Aead { base::span nonce, base::span additional_data) const; - bool Open(base::StringPiece ciphertext, - base::StringPiece nonce, - base::StringPiece additional_data, + bool Open(std::string_view ciphertext, + std::string_view nonce, + std::string_view additional_data, std::string* plaintext) const; size_t KeyLength() const; diff --git a/crypto/chaps_support.cc b/crypto/chaps_support.cc index 2ea8dd5a08f557..47434d30c353f0 100644 --- a/crypto/chaps_support.cc +++ b/crypto/chaps_support.cc @@ -8,6 +8,8 @@ #include #include +#include + #include "base/logging.h" #include "base/memory/raw_ptr_exclusion.h" #include "base/memory/stack_allocated.h" @@ -114,8 +116,8 @@ bool IsSlotProvidedByChaps(PK11SlotInfo* slot) { return false; SECMODModule* pk11_module = PK11_GetModule(slot); - return pk11_module && base::StringPiece(pk11_module->commonName) == - base::StringPiece(kChapsModuleName); + return pk11_module && std::string_view(pk11_module->commonName) == + std::string_view(kChapsModuleName); } } // namespace crypto diff --git a/crypto/encryptor.cc b/crypto/encryptor.cc index 6c8a1ad7b069f4..46e3be0fd78847 100644 --- a/crypto/encryptor.cc +++ b/crypto/encryptor.cc @@ -37,7 +37,7 @@ Encryptor::Encryptor() : key_(nullptr), mode_(CBC) {} Encryptor::~Encryptor() = default; -bool Encryptor::Init(const SymmetricKey* key, Mode mode, base::StringPiece iv) { +bool Encryptor::Init(const SymmetricKey* key, Mode mode, std::string_view iv) { return Init(key, mode, base::as_bytes(base::make_span(iv))); } @@ -63,7 +63,7 @@ bool Encryptor::Init(const SymmetricKey* key, return true; } -bool Encryptor::Encrypt(base::StringPiece plaintext, std::string* ciphertext) { +bool Encryptor::Encrypt(std::string_view plaintext, std::string* ciphertext) { return CryptString(/*do_encrypt=*/true, plaintext, ciphertext); } @@ -72,7 +72,7 @@ bool Encryptor::Encrypt(base::span plaintext, return CryptBytes(/*do_encrypt=*/true, plaintext, ciphertext); } -bool Encryptor::Decrypt(base::StringPiece ciphertext, std::string* plaintext) { +bool Encryptor::Decrypt(std::string_view ciphertext, std::string* plaintext) { return CryptString(/*do_encrypt=*/false, ciphertext, plaintext); } @@ -81,7 +81,7 @@ bool Encryptor::Decrypt(base::span ciphertext, return CryptBytes(/*do_encrypt=*/false, ciphertext, plaintext); } -bool Encryptor::SetCounter(base::StringPiece counter) { +bool Encryptor::SetCounter(std::string_view counter) { return SetCounter(base::as_bytes(base::make_span(counter))); } @@ -96,7 +96,7 @@ bool Encryptor::SetCounter(base::span counter) { } bool Encryptor::CryptString(bool do_encrypt, - base::StringPiece input, + std::string_view input, std::string* output) { std::string result(MaxOutput(do_encrypt, input.size()), '\0'); absl::optional len = diff --git a/crypto/encryptor.h b/crypto/encryptor.h index 7ed4625a686699..88ebb88302800d 100644 --- a/crypto/encryptor.h +++ b/crypto/encryptor.h @@ -10,10 +10,10 @@ #include #include +#include #include "base/containers/span.h" #include "base/memory/raw_ptr.h" -#include "base/strings/string_piece.h" #include "build/build_config.h" #include "crypto/crypto_export.h" #include "third_party/abseil-cpp/absl/types/optional.h" @@ -24,7 +24,7 @@ class SymmetricKey; // This class implements encryption without authentication, which is usually // unsafe. Prefer crypto::Aead for new code. If using this class, prefer the -// base::span and std::vector overloads over the base::StringPiece and +// base::span and std::vector overloads over the std::string_view and // std::string overloads. class CRYPTO_EXPORT Encryptor { public: @@ -41,12 +41,12 @@ class CRYPTO_EXPORT Encryptor { // // If |mode| is CBC, |iv| must not be empty; if it is CTR, then |iv| must be // empty. - bool Init(const SymmetricKey* key, Mode mode, base::StringPiece iv); + bool Init(const SymmetricKey* key, Mode mode, std::string_view iv); bool Init(const SymmetricKey* key, Mode mode, base::span iv); // Encrypts |plaintext| into |ciphertext|. |plaintext| may only be empty if // the mode is CBC. - bool Encrypt(base::StringPiece plaintext, std::string* ciphertext); + bool Encrypt(std::string_view plaintext, std::string* ciphertext); bool Encrypt(base::span plaintext, std::vector* ciphertext); @@ -59,7 +59,7 @@ class CRYPTO_EXPORT Encryptor { // must either authenticate the ciphertext before decrypting it, or take // care to not report decryption failure. Otherwise it could inadvertently // be used as a padding oracle to attack the cryptosystem. - bool Decrypt(base::StringPiece ciphertext, std::string* plaintext); + bool Decrypt(std::string_view ciphertext, std::string* plaintext); bool Decrypt(base::span ciphertext, std::vector* plaintext); @@ -67,7 +67,7 @@ class CRYPTO_EXPORT Encryptor { // counter value is supported. // // Returns true only if update was successful. - bool SetCounter(base::StringPiece counter); + bool SetCounter(std::string_view counter); bool SetCounter(base::span counter); // TODO(albertb): Support streaming encryption. @@ -77,7 +77,7 @@ class CRYPTO_EXPORT Encryptor { Mode mode_; bool CryptString(bool do_encrypt, - base::StringPiece input, + std::string_view input, std::string* output); bool CryptBytes(bool do_encrypt, base::span input, diff --git a/crypto/encryptor_unittest.cc b/crypto/encryptor_unittest.cc index 9e58fb0d967971..22a94898981e19 100644 --- a/crypto/encryptor_unittest.cc +++ b/crypto/encryptor_unittest.cc @@ -202,10 +202,10 @@ void TestAESCTREncrypt( crypto::Encryptor encryptor; EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); - base::StringPiece init_counter_str( - reinterpret_cast(init_counter), init_counter_size); - base::StringPiece plaintext_str( - reinterpret_cast(plaintext), plaintext_size); + std::string_view init_counter_str(reinterpret_cast(init_counter), + init_counter_size); + std::string_view plaintext_str(reinterpret_cast(plaintext), + plaintext_size); EXPECT_TRUE(encryptor.SetCounter(init_counter_str)); std::string encrypted; @@ -253,7 +253,7 @@ void TestAESCTRMultipleDecrypt( EXPECT_TRUE(encryptor.Init(sym_key.get(), crypto::Encryptor::CTR, "")); // Counter is set only once. - EXPECT_TRUE(encryptor.SetCounter(base::StringPiece( + EXPECT_TRUE(encryptor.SetCounter(std::string_view( reinterpret_cast(init_counter), init_counter_size))); std::string ciphertext_str(reinterpret_cast(ciphertext), @@ -569,5 +569,5 @@ TEST(EncryptorTest, CipherTextNotMultipleOfBlockSize) { std::string plaintext; EXPECT_FALSE( - encryptor.Decrypt(base::StringPiece(ciphertext.get(), 1), &plaintext)); + encryptor.Decrypt(std::string_view(ciphertext.get(), 1), &plaintext)); } diff --git a/crypto/hkdf.cc b/crypto/hkdf.cc index 06b6194a7c3b8d..dea57c42444e26 100644 --- a/crypto/hkdf.cc +++ b/crypto/hkdf.cc @@ -16,9 +16,9 @@ namespace crypto { -std::string HkdfSha256(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, +std::string HkdfSha256(std::string_view secret, + std::string_view salt, + std::string_view info, size_t derived_key_size) { std::string key; key.resize(derived_key_size); diff --git a/crypto/hkdf.h b/crypto/hkdf.h index cd4fb32a1ac1fc..c9aeabe2b6f8fd 100644 --- a/crypto/hkdf.h +++ b/crypto/hkdf.h @@ -8,17 +8,17 @@ #include #include +#include #include "base/containers/span.h" -#include "base/strings/string_piece.h" #include "crypto/crypto_export.h" namespace crypto { CRYPTO_EXPORT -std::string HkdfSha256(base::StringPiece secret, - base::StringPiece salt, - base::StringPiece info, +std::string HkdfSha256(std::string_view secret, + std::string_view salt, + std::string_view info, size_t derived_key_size); CRYPTO_EXPORT diff --git a/crypto/hmac.cc b/crypto/hmac.cc index 5facfc06e0c639..31c6685fe25467 100644 --- a/crypto/hmac.cc +++ b/crypto/hmac.cc @@ -55,7 +55,7 @@ bool HMAC::Init(const SymmetricKey* key) { return Init(key->key()); } -bool HMAC::Sign(base::StringPiece data, +bool HMAC::Sign(std::string_view data, unsigned char* digest, size_t digest_length) const { return Sign(base::as_bytes(base::make_span(data)), @@ -76,7 +76,7 @@ bool HMAC::Sign(base::span data, nullptr); } -bool HMAC::Verify(base::StringPiece data, base::StringPiece digest) const { +bool HMAC::Verify(std::string_view data, std::string_view digest) const { return Verify(base::as_bytes(base::make_span(data)), base::as_bytes(base::make_span(digest))); } @@ -88,8 +88,8 @@ bool HMAC::Verify(base::span data, return VerifyTruncated(data, digest); } -bool HMAC::VerifyTruncated(base::StringPiece data, - base::StringPiece digest) const { +bool HMAC::VerifyTruncated(std::string_view data, + std::string_view digest) const { return VerifyTruncated(base::as_bytes(base::make_span(data)), base::as_bytes(base::make_span(digest))); } diff --git a/crypto/hmac.h b/crypto/hmac.h index 66574a01050f5a..2b1d1ba4525354 100644 --- a/crypto/hmac.h +++ b/crypto/hmac.h @@ -5,7 +5,7 @@ // Utility class for calculating the HMAC for a given message. We currently only // support SHA-1 and SHA-256 for the hash algorithm, but this can be extended // easily. Prefer the base::span and std::vector overloads over the -// base::StringPiece and std::string overloads. +// std::string_view and std::string overloads. #ifndef CRYPTO_HMAC_H_ #define CRYPTO_HMAC_H_ @@ -13,10 +13,10 @@ #include #include +#include #include #include "base/containers/span.h" -#include "base/strings/string_piece.h" #include "crypto/crypto_export.h" namespace crypto { @@ -62,7 +62,7 @@ class CRYPTO_EXPORT HMAC { // Initializes this instance using |key|. Call Init only once. It returns // false on the second or later calls. - [[nodiscard]] bool Init(base::StringPiece key) { + [[nodiscard]] bool Init(std::string_view key) { return Init(base::as_bytes(base::make_span(key))); } @@ -77,7 +77,7 @@ class CRYPTO_EXPORT HMAC { // returned in |digest|, which has |digest_length| bytes of storage available. // If |digest_length| is smaller than DigestLength(), the output will be // truncated. If it is larger, this method will fail. - [[nodiscard]] bool Sign(base::StringPiece data, + [[nodiscard]] bool Sign(std::string_view data, unsigned char* digest, size_t digest_length) const; [[nodiscard]] bool Sign(base::span data, @@ -90,15 +90,15 @@ class CRYPTO_EXPORT HMAC { // comparisons may result in side-channel disclosures, such as timing, that // undermine the cryptographic integrity. |digest| must be exactly // |DigestLength()| bytes long. - [[nodiscard]] bool Verify(base::StringPiece data, - base::StringPiece digest) const; + [[nodiscard]] bool Verify(std::string_view data, + std::string_view digest) const; [[nodiscard]] bool Verify(base::span data, base::span digest) const; // Verifies a truncated HMAC, behaving identical to Verify(), except // that |digest| is allowed to be smaller than |DigestLength()|. - [[nodiscard]] bool VerifyTruncated(base::StringPiece data, - base::StringPiece digest) const; + [[nodiscard]] bool VerifyTruncated(std::string_view data, + std::string_view digest) const; [[nodiscard]] bool VerifyTruncated(base::span data, base::span digest) const; diff --git a/crypto/hmac_unittest.cc b/crypto/hmac_unittest.cc index 36450379198059..925f90e881c116 100644 --- a/crypto/hmac_unittest.cc +++ b/crypto/hmac_unittest.cc @@ -8,6 +8,7 @@ #include #include +#include #include "testing/gtest/include/gtest/gtest.h" @@ -223,12 +224,12 @@ TEST(HMACTest, NSSFIPSPowerUpSelfTest) { EXPECT_EQ(0, memcmp(kKnownHMACSHA1, calculated_hmac, kSHA1DigestSize)); EXPECT_TRUE(hmac.Verify( message_data, - base::StringPiece(reinterpret_cast(kKnownHMACSHA1), - kSHA1DigestSize))); + std::string_view(reinterpret_cast(kKnownHMACSHA1), + kSHA1DigestSize))); EXPECT_TRUE(hmac.VerifyTruncated( message_data, - base::StringPiece(reinterpret_cast(kKnownHMACSHA1), - kSHA1DigestSize / 2))); + std::string_view(reinterpret_cast(kKnownHMACSHA1), + kSHA1DigestSize / 2))); crypto::HMAC hmac2(crypto::HMAC::SHA256); ASSERT_TRUE(hmac2.Init(kKnownSecretKey, kKnownSecretKeySize)); @@ -261,22 +262,19 @@ TEST(HMACTest, Verify) { for (size_t i = 0; i < std::size(kSimpleHmacCases); ++i) { // Expected results EXPECT_TRUE(hmac.Verify( - base::StringPiece(kSimpleHmacCases[i].data, - kSimpleHmacCases[i].data_len), - base::StringPiece(kSimpleHmacCases[i].digest, - kSHA1DigestSize))); + std::string_view(kSimpleHmacCases[i].data, + kSimpleHmacCases[i].data_len), + std::string_view(kSimpleHmacCases[i].digest, kSHA1DigestSize))); // Mismatched size - EXPECT_FALSE(hmac.Verify( - base::StringPiece(kSimpleHmacCases[i].data, - kSimpleHmacCases[i].data_len), - base::StringPiece(kSimpleHmacCases[i].data, - kSimpleHmacCases[i].data_len))); + EXPECT_FALSE(hmac.Verify(std::string_view(kSimpleHmacCases[i].data, + kSimpleHmacCases[i].data_len), + std::string_view(kSimpleHmacCases[i].data, + kSimpleHmacCases[i].data_len))); // Expected size, mismatched data - EXPECT_FALSE(hmac.Verify( - base::StringPiece(kSimpleHmacCases[i].data, - kSimpleHmacCases[i].data_len), - base::StringPiece(empty_digest, kSHA1DigestSize))); + EXPECT_FALSE(hmac.Verify(std::string_view(kSimpleHmacCases[i].data, + kSimpleHmacCases[i].data_len), + std::string_view(empty_digest, kSHA1DigestSize))); } } @@ -285,7 +283,7 @@ TEST(HMACTest, EmptyKey) { const char* kExpectedDigest = "\xFB\xDB\x1D\x1B\x18\xAA\x6C\x08\x32\x4B\x7D\x64\xB7\x1F\xB7\x63" "\x70\x69\x0E\x1D"; - base::StringPiece data(""); + std::string_view data(""); crypto::HMAC hmac(crypto::HMAC::SHA1); ASSERT_TRUE(hmac.Init(nullptr, 0)); @@ -294,8 +292,8 @@ TEST(HMACTest, EmptyKey) { EXPECT_TRUE(hmac.Sign(data, digest, kSHA1DigestSize)); EXPECT_EQ(0, memcmp(kExpectedDigest, digest, kSHA1DigestSize)); - EXPECT_TRUE(hmac.Verify( - data, base::StringPiece(kExpectedDigest, kSHA1DigestSize))); + EXPECT_TRUE( + hmac.Verify(data, std::string_view(kExpectedDigest, kSHA1DigestSize))); } TEST(HMACTest, TooLong) { diff --git a/crypto/nss_util_chromeos.cc b/crypto/nss_util_chromeos.cc index ecfe646305f337..b2a320552cf69e 100644 --- a/crypto/nss_util_chromeos.cc +++ b/crypto/nss_util_chromeos.cc @@ -29,7 +29,6 @@ #include "base/memory/raw_ptr.h" #include "base/no_destructor.h" #include "base/path_service.h" -#include "base/strings/string_piece.h" #include "base/strings/stringprintf.h" #include "base/task/sequenced_task_runner.h" #include "base/task/single_thread_task_runner.h" diff --git a/crypto/openssl_util.cc b/crypto/openssl_util.cc index a5f466c92da906..55ddb856b40fd5 100644 --- a/crypto/openssl_util.cc +++ b/crypto/openssl_util.cc @@ -7,10 +7,9 @@ #include #include -#include +#include #include "base/logging.h" -#include "base/strings/string_piece.h" #include "third_party/boringssl/src/include/openssl/crypto.h" #include "third_party/boringssl/src/include/openssl/err.h" @@ -28,7 +27,7 @@ namespace { // error queue and return, otherwise it will continue calling this function // until all errors have been removed from the queue. int OpenSSLErrorCallback(const char* str, size_t len, void* context) { - DVLOG(1) << "\t" << base::StringPiece(str, len); + DVLOG(1) << "\t" << std::string_view(str, len); return 1; } diff --git a/crypto/p224_spake.cc b/crypto/p224_spake.cc index 49b331eb7988c9..b77da9cde4ec6f 100644 --- a/crypto/p224_spake.cc +++ b/crypto/p224_spake.cc @@ -10,15 +10,14 @@ #include #include +#include #include "base/check_op.h" #include "base/logging.h" -#include "base/strings/string_piece.h" #include "crypto/random.h" #include "crypto/secure_util.h" #include "third_party/boringssl/src/include/openssl/bn.h" #include "third_party/boringssl/src/include/openssl/ec.h" -#include "third_party/boringssl/src/include/openssl/obj.h" namespace { @@ -149,7 +148,7 @@ std::string ToMessage(const EC_GROUP* p224, const EC_POINT* in) { // FromMessage converts a message, as generated by |ToMessage|, into a point. It // returns |nullptr| if the input is invalid or not on the curve. bssl::UniquePtr FromMessage(const EC_GROUP* p224, - base::StringPiece in) { + std::string_view in) { if (in.size() != 56) { return nullptr; } @@ -172,7 +171,7 @@ bssl::UniquePtr FromMessage(const EC_GROUP* p224, namespace crypto { P224EncryptedKeyExchange::P224EncryptedKeyExchange(PeerType peer_type, - base::StringPiece password) + std::string_view password) : state_(kStateInitial), is_server_(peer_type == kPeerTypeServer) { memset(&x_, 0, sizeof(x_)); memset(&expected_authenticator_, 0, sizeof(expected_authenticator_)); @@ -189,25 +188,25 @@ P224EncryptedKeyExchange::P224EncryptedKeyExchange(PeerType peer_type, void P224EncryptedKeyExchange::Init() { // X = g**x_ - bssl::UniquePtr p224(EC_GROUP_new_by_curve_name(NID_secp224r1)); - bssl::UniquePtr X(EC_POINT_new(p224.get())); + const EC_GROUP* p224 = EC_group_p224(); + bssl::UniquePtr X(EC_POINT_new(p224)); bssl::UniquePtr x_bn(ToBignum(x_)); // x_bn may be >= the order, but |EC_POINT_mul| handles that. It doesn't do so // in constant-time, but the these values are locally generated and so this // occurs with negligible probability. (Same with |pw_|, just below.) - CHECK(EC_POINT_mul(p224.get(), X.get(), x_bn.get(), nullptr, nullptr, + CHECK(EC_POINT_mul(p224, X.get(), x_bn.get(), nullptr, nullptr, /*ctx=*/nullptr)); // The client masks the Diffie-Hellman value, X, by adding M**pw and the // server uses N**pw. - bssl::UniquePtr MNpw(GetMask(p224.get(), !is_server_, pw_)); + bssl::UniquePtr MNpw(GetMask(p224, !is_server_, pw_)); // X* = X + (N|M)**pw - bssl::UniquePtr Xstar(EC_POINT_new(p224.get())); - CHECK(EC_POINT_add(p224.get(), Xstar.get(), X.get(), MNpw.get(), + bssl::UniquePtr Xstar(EC_POINT_new(p224)); + CHECK(EC_POINT_add(p224, Xstar.get(), X.get(), MNpw.get(), /*ctx=*/nullptr)); - next_message_ = ToMessage(p224.get(), Xstar.get()); + next_message_ = ToMessage(p224, Xstar.get()); } const std::string& P224EncryptedKeyExchange::GetNextMessage() { @@ -226,7 +225,7 @@ const std::string& P224EncryptedKeyExchange::GetNextMessage() { } P224EncryptedKeyExchange::Result P224EncryptedKeyExchange::ProcessMessage( - base::StringPiece message) { + std::string_view message) { if (state_ == kStateRecvHash) { // This is the final state of the protocol: we are reading the peer's // authentication hash and checking that it matches the one that we expect. @@ -250,31 +249,31 @@ P224EncryptedKeyExchange::Result P224EncryptedKeyExchange::ProcessMessage( return kResultFailed; } - bssl::UniquePtr p224(EC_GROUP_new_by_curve_name(NID_secp224r1)); + const EC_GROUP* p224 = EC_group_p224(); // Y* is the other party's masked, Diffie-Hellman value. - bssl::UniquePtr Ystar(FromMessage(p224.get(), message)); + bssl::UniquePtr Ystar(FromMessage(p224, message)); if (!Ystar) { error_ = "failed to parse peer's masked Diffie-Hellman value"; return kResultFailed; } // We calculate the mask value: (N|M)**pw - bssl::UniquePtr MNpw(GetMask(p224.get(), is_server_, pw_)); + bssl::UniquePtr MNpw(GetMask(p224, is_server_, pw_)); // Y = Y* - (N|M)**pw - CHECK(EC_POINT_invert(p224.get(), MNpw.get(), /*ctx=*/nullptr)); - bssl::UniquePtr Y(EC_POINT_new(p224.get())); - CHECK(EC_POINT_add(p224.get(), Y.get(), Ystar.get(), MNpw.get(), + CHECK(EC_POINT_invert(p224, MNpw.get(), /*ctx=*/nullptr)); + bssl::UniquePtr Y(EC_POINT_new(p224)); + CHECK(EC_POINT_add(p224, Y.get(), Ystar.get(), MNpw.get(), /*ctx=*/nullptr)); // K = Y**x_ - bssl::UniquePtr K(EC_POINT_new(p224.get())); + bssl::UniquePtr K(EC_POINT_new(p224)); bssl::UniquePtr x_bn(ToBignum(x_)); - CHECK(EC_POINT_mul(p224.get(), K.get(), nullptr, Y.get(), x_bn.get(), + CHECK(EC_POINT_mul(p224, K.get(), nullptr, Y.get(), x_bn.get(), /*ctx=*/nullptr)); // If everything worked out, then K is the same for both parties. - key_ = ToMessage(p224.get(), K.get()); + key_ = ToMessage(p224, K.get()); std::string client_masked_dh, server_masked_dh; if (is_server_) { diff --git a/crypto/p224_spake.h b/crypto/p224_spake.h index 685f2876549714..eae2e5e13e17f0 100644 --- a/crypto/p224_spake.h +++ b/crypto/p224_spake.h @@ -8,9 +8,9 @@ #include #include +#include #include "base/gtest_prod_util.h" -#include "base/strings/string_piece.h" #include "crypto/sha2.h" namespace crypto { @@ -55,7 +55,7 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange { // password: secret session password. Both parties to the // authentication must pass the same value. For the case of a // TLS connection, see RFC 5705. - P224EncryptedKeyExchange(PeerType peer_type, base::StringPiece password); + P224EncryptedKeyExchange(PeerType peer_type, std::string_view password); // GetNextMessage returns a byte string which must be passed to the other // party in the authentication. @@ -63,7 +63,7 @@ class CRYPTO_EXPORT P224EncryptedKeyExchange { // ProcessMessage processes a message which must have been generated by a // call to GetNextMessage() by the other party. - Result ProcessMessage(base::StringPiece message); + Result ProcessMessage(std::string_view message); // In the event that ProcessMessage() returns kResultFailed, error will // return a human readable error message. diff --git a/crypto/sha2.cc b/crypto/sha2.cc index 540c2bfc3ddb0a..1560295255d524 100644 --- a/crypto/sha2.cc +++ b/crypto/sha2.cc @@ -19,13 +19,13 @@ std::array SHA256Hash(base::span input) { return digest; } -void SHA256HashString(base::StringPiece str, void* output, size_t len) { +void SHA256HashString(std::string_view str, void* output, size_t len) { std::unique_ptr ctx(SecureHash::Create(SecureHash::SHA256)); ctx->Update(str.data(), str.length()); ctx->Finish(output, len); } -std::string SHA256HashString(base::StringPiece str) { +std::string SHA256HashString(std::string_view str) { std::string output(kSHA256Length, 0); SHA256HashString(str, std::data(output), output.size()); return output; diff --git a/crypto/sha2.h b/crypto/sha2.h index d4b3d6be05a968..2535d1f58302e7 100644 --- a/crypto/sha2.h +++ b/crypto/sha2.h @@ -9,9 +9,9 @@ #include #include +#include #include "base/containers/span.h" -#include "base/strings/string_piece.h" #include "crypto/crypto_export.h" namespace crypto { @@ -28,12 +28,12 @@ CRYPTO_EXPORT std::array SHA256Hash( // Convenience version of the above that returns the result in a 32-byte // string. -CRYPTO_EXPORT std::string SHA256HashString(base::StringPiece str); +CRYPTO_EXPORT std::string SHA256HashString(std::string_view str); // Computes the SHA-256 hash of the input string 'str' and stores the first // 'len' bytes of the hash in the output buffer 'output'. If 'len' > 32, // only 32 bytes (the full hash) are stored in the 'output' buffer. -CRYPTO_EXPORT void SHA256HashString(base::StringPiece str, +CRYPTO_EXPORT void SHA256HashString(std::string_view str, void* output, size_t len); diff --git a/crypto/unexportable_key_win.cc b/crypto/unexportable_key_win.cc index 41e5d8bb8e9d1b..58d1441f030615 100644 --- a/crypto/unexportable_key_win.cc +++ b/crypto/unexportable_key_win.cc @@ -14,7 +14,6 @@ #include "base/metrics/histogram_functions.h" #include "base/numerics/checked_math.h" #include "base/strings/string_number_conversions.h" -#include "base/strings/string_piece.h" #include "base/strings/string_util.h" #include "base/strings/sys_string_conversions.h" #include "base/strings/utf_string_conversions.h"