Google Git
Sign in
chromium / chromium / src / ec7daacb718cac78b878e33fa080fb1753fbfc64 / . / crypto
tree: 06530f91614a46b94b34a6ecf5954ff8b91ee569 [path history] [tgz]
  1. apple/
  2. obsolete/
  3. test/
  4. aead.cc
  5. aead.h
  6. aead_unittest.cc
  7. aes_cbc.cc
  8. aes_cbc.h
  9. aes_cbc_unittest.cc
  10. aes_ctr.cc
  11. aes_ctr.h
  12. aes_ctr_unittest.cc
  13. BUILD.gn
  14. chaps_support.cc
  15. chaps_support.h
  16. crypto_export.h
  17. DEPS
  18. DIR_METADATA
  19. evp.cc
  20. evp.h
  21. evp_unittest.cc
  22. features.cc
  23. features.gni
  24. features.h
  25. hash.cc
  26. hash.h
  27. hash_unittest.cc
  28. hkdf.cc
  29. hkdf.h
  30. hmac.cc
  31. hmac.h
  32. hmac_unittest.cc
  33. kdf.cc
  34. kdf.h
  35. kdf_unittest.cc
  36. kex.cc
  37. kex.h
  38. kex_unittest.cc
  39. keypair.cc
  40. keypair.h
  41. keypair_unittest.cc
  42. mac_security_services_lock.cc
  43. mac_security_services_lock.h
  44. nss_crypto_module_delegate.h
  45. nss_key_util.cc
  46. nss_key_util.h
  47. nss_key_util_unittest.cc
  48. nss_util.cc
  49. nss_util.h
  50. nss_util_chromeos.cc
  51. nss_util_internal.h
  52. nss_util_unittest.cc
  53. openssl_util.cc
  54. openssl_util.h
  55. OWNERS
  56. pem.cc
  57. pem.h
  58. pem_unittest.cc
  59. PLAN.md
  60. process_bound_string.cc
  61. process_bound_string.h
  62. process_bound_string_unittest.cc
  63. random.cc
  64. random.h
  65. random_unittest.cc
  66. README.md
  67. scoped_capi_types.h
  68. scoped_cng_types.h
  69. scoped_fake_unexportable_key_provider.cc
  70. scoped_fake_unexportable_key_provider.h
  71. scoped_fake_user_verifying_key_provider.cc
  72. scoped_fake_user_verifying_key_provider.h
  73. scoped_lacontext.h
  74. scoped_lacontext.mm
  75. scoped_nss_types.h
  76. scoped_test_nss_chromeos_user.cc
  77. scoped_test_nss_chromeos_user.h
  78. scoped_test_nss_db.cc
  79. scoped_test_nss_db.h
  80. scoped_test_system_nss_key_slot.cc
  81. scoped_test_system_nss_key_slot.h
  82. secure_hash.cc
  83. secure_hash.h
  84. secure_hash_unittest.cc
  85. secure_util.cc
  86. secure_util.h
  87. sha2.cc
  88. sha2.h
  89. sha2_unittest.cc
  90. sign.cc
  91. sign.h
  92. sign_unittest.cc
  93. signature_verifier.cc
  94. signature_verifier.h
  95. signature_verifier_unittest.cc
  96. subtle_passkey.cc
  97. subtle_passkey.h
  98. test_support.cc
  99. test_support.h
  100. unexportable_key.cc
  101. unexportable_key.h
  102. unexportable_key_mac.h
  103. unexportable_key_mac.mm
  104. unexportable_key_mac_unittest.mm
  105. unexportable_key_metrics.cc
  106. unexportable_key_metrics.h
  107. unexportable_key_metrics_unittest.cc
  108. unexportable_key_software_unsecure.cc
  109. unexportable_key_unittest.cc
  110. unexportable_key_win.cc
  111. unexportable_key_win.h
  112. user_verifying_key.cc
  113. user_verifying_key.h
  114. user_verifying_key_mac.mm
  115. user_verifying_key_mac_unittest.mm
  116. user_verifying_key_win.cc
crypto/README.md

//crypto README

This directory contains implementations of crypto primitives for use in Chromium. Most of these are either:

  • Wrappers around platform-specific APIs (DPAPI, libsecret, etc), so that code elsewhere in Chromium can use cross-platform abstractions, or
  • Wrappers around BoringSSL APIs that use Chromium-native types like base::span and similar

There is very little actual cryptographic code in //crypto - it is mostly wrappers.

This directory is actively being refactored as of 2025-06. See PLAN.md.

Commonly-Used Interfaces

Many interfaces in this directory are deprecated and being changed or removed; check the comment at the top of the header file before using them.

Advice For Clients

  • Ciphertext, keys, certificates, and other cryptographic material are generally sequences of bytes, not characters, so prefer using byte-oriented types to represent them: vector<uint8_t>, array<uint8_t>, and span<uint8_t> rather than string and string_view.
  • To serialize private keys, use keypair::PrivateKey::ToPrivateKeyInfo(), which returns a PKCS#8 PrivateKeyInfo structure serialized as a byte vector. To unserialize keys in this format, use keypair::PrivateKey::FromPrivateKeyInfo().
  • To serialize public keys, use keypair::PublicKey::ToSubjectPublicKeyInfo() or keypair::PrivateKey::ToSubjectPublicKeyInfo(), which return a X.509 SubjectPublicKeyInfo structure serialized as a byte vector. To unserialize public keys in this format, use keypair::PublicKey::FromPublicKeyInfo().
  • SubjectPublicKeyInfo and PrivateKeyInfo can represent many kinds of keys, so code that expects a specific kind of key must check the kind after deserialization.
  • To serialize symmetric keys (AEAD, HMAC, or symmetric encryption keys), use a raw sequence of bytes for the key material. Represent these keys in memory using vector<uint8_t>, array<uint8_t>, or span<uint8_t> directly.