base/crypto/encryptor_openssl.cc - Issue 4777001: Implements encryptor_openssl.cc

Side by Side Diff: base/crypto/encryptor_openssl.cc

Issue 4777001: Implements encryptor_openssl.cc (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: moar witesps Created 10 years, 1 month ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2010 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "base/crypto/encryptor.h"	5 #include "base/crypto/encryptor.h"

6	6

	7 #include <openssl/aes.h>

	8 #include <openssl/evp.h>

	9

	10 #include "base/crypto/symmetric_key.h"

7 #include "base/logging.h"	11 #include "base/logging.h"

	12 #include "base/string_util.h"

8	13

9 namespace base {	14 namespace base {

10	15

11 Encryptor::Encryptor() {	16 Encryptor::Encryptor() {

12 }	17 }

13	18

14 Encryptor::~Encryptor() {	19 Encryptor::~Encryptor() {

15 }	20 }

16	21

17 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {	22 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {

18 NOTIMPLEMENTED();	23 DCHECK(key);

19 return false;	24 DCHECK_EQ(CBC, mode);

	25

	26 if (iv.size() != AES_BLOCK_SIZE) {

	27 NOTREACHED();

	28 return false;

	29 }

	30

	31 key_ = key;
	Ryan Sleevi 2010/11/10 23:46:58 Perhaps you should move the CHECKs from 52-54 here Perhaps you should move the CHECKs from 52-54 here, to match parity with the other implementations (which fail in Init() if \|key\| isn't sized appropriately) joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:46:58, rsleevi wrote: > Perhaps you should move the CHECKs from 52-54 here, to match parity with the > other implementations (which fail in Init() if \|key\| isn't sized appropriately) Done.
	32 mode_ = mode;

	33 iv_ = iv;

	34 return true;

20 }	35 }

21	36

22 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {	37 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {

23 NOTIMPLEMENTED();	38 return Crypt(1, plaintext, ciphertext);

24 return false;

25 }	39 }

26	40

27 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {	41 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {

28 NOTIMPLEMENTED();	42 return Crypt(0, ciphertext, plaintext);

29 return false;	43 }

	44

	45 bool Encryptor::Crypt(int do_encrypt,

	46 const std::string& input,

	47 std::string* output) {

	48 if (input.size() == 0)

	49 return false;

	50 const EVP_CIPHER* cipher = EVP_aes_256_cbc();
	wtc 2010/11/10 23:40:32 Why do you hardcode the AES key size to 256 bits? Why do you hardcode the AES key size to 256 bits? It seems that you should choose either EVP_aes_128_cbc() or EVP_aes_256_cbc() based on key.length(). joth 2010/11/11 17:35:58 The tests only cover the 256 bit case. OK if I add Show quoted text On 2010/11/10 23:40:32, wtc wrote: > Why do you hardcode the AES key size to 256 bits? > The tests only cover the 256 bit case. OK if I add a 128 bit test? Show quoted text > It seems that you should choose either EVP_aes_128_cbc() > or EVP_aes_256_cbc() based on key.length(). Done.
	51

	52 const std::string& key = key_->key();

	53 CHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));

	54 CHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));

	55

	56 EVP_CIPHER_CTX ctx;

	57 EVP_CIPHER_CTX_init(&ctx);

	58 EVP_CipherInit_ex(&ctx, cipher, NULL,
	Ryan Sleevi 2010/11/10 23:46:58 Check the return value here. It can fail for a num Check the return value here. It can fail for a number of reasons (FIPS mode, ENGINE failures, memory allocation), which could lead to invalid reads/writes by line 66. Also, you should drain the error queue here, or explicitly clear it, if the diagnostics aren't expected to help, as well as on lines 69 and 77. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:46:58, rsleevi wrote: > Check the return value here. It can fail for a number of reasons (FIPS mode, > ENGINE failures, memory allocation), which could lead to invalid reads/writes by > line 66. > > Also, you should drain the error queue here, or explicitly clear it, if the > diagnostics aren't expected to help, as well as on lines 69 and 77. Done.
	59 reinterpret_cast<const uint8*>(key.data()),

	60 reinterpret_cast<const uint8*>(iv_.data()), do_encrypt);

	61

	62 const size_t output_size = input.size() + iv_.size();
	wtc 2010/11/10 23:40:32 Nit: I believe that you only need to add iv_.size( Nit: I believe that you only need to add iv_.size() for Encrypt. Ryan Sleevi 2010/11/10 23:46:58 Maybe a comment here explaining why adding the iv_ Maybe a comment here explaining why adding the iv_.size(). (See EncryptorMac for an example comment). Since you're using a padded cipher, it's to ensure at least one block size of data is reserved in addition to the input, for the final block padding, but that's only for encryption. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:40:32, wtc wrote: > Nit: I believe that you only need to add iv_.size() for Encrypt. Done. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:40:32, wtc wrote: > Nit: I believe that you only need to add iv_.size() for Encrypt. Done.
	63 uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(output,

	64 output_size + 1));

	65 int out_len;

	66 if (!EVP_CipherUpdate(&ctx, out_ptr, &out_len,

	67 reinterpret_cast<const uint8*>(input.data()),

	68 input.length())) {

	69 EVP_CIPHER_CTX_cleanup(&ctx);
	Ryan Sleevi 2010/11/10 23:46:58 In the case of failure here and on line 77, you sh In the case of failure here and on line 77, you should be resizing output to 0, otherwise some of the cipher/plain text may leak out from here. The other implementations only leave data in if everything succeeds. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:46:58, rsleevi wrote: > In the case of failure here and on line 77, you should be resizing output to 0, > otherwise some of the cipher/plain text may leak out from here. The other > implementations only leave data in if everything succeeds. Done.
	70 return false;

	71 }

	72

	73 // Buffer passed to EVP_EncryptFinal() must be after data just
	wtc 2010/11/10 23:40:32 Nit: you're calling EVP_CipherFinal_ex, not EVP_En Nit: you're calling EVP_CipherFinal_ex, not EVP_EncryptFinal. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:40:32, wtc wrote: > Nit: you're calling EVP_CipherFinal_ex, not EVP_EncryptFinal. Done.
	74 // encrypted to avoid overwriting it.
	Ryan Sleevi 2010/11/10 23:46:58 Maybe rephrase this, to indicate you're writing th Maybe rephrase this, to indicate you're writing the final block, plus any appropriate padding. I think it makes it a little more obvious about what's happening, and still provides some context as to why you'd increment out_ptr. joth 2010/11/11 17:35:58 Done. Show quoted text On 2010/11/10 23:46:58, rsleevi wrote: > Maybe rephrase this, to indicate you're writing the final block, plus any > appropriate padding. I think it makes it a little more obvious about what's > happening, and still provides some context as to why you'd increment out_ptr. Done.
	75 int pad_len;

	76 if(!EVP_CipherFinal_ex(&ctx, out_ptr + out_len, &pad_len)) {

	77 EVP_CIPHER_CTX_cleanup(&ctx);

	78 return false;

	79 }

	80

	81 out_len += pad_len;

	82 DCHECK_LE(out_len, static_cast<int>(output_size));

	83 output->resize(out_len);

	84 EVP_CIPHER_CTX_cleanup(&ctx);

	85 return true;

30 }	86 }

31	87

32 } // namespace base	88 } // namespace base

OLD	NEW

« base/crypto/encryptor.h ('K') | « base/crypto/encryptor.h ('k') | base/crypto/symmetric_key.h » ('j') | base/crypto/symmetric_key.h » ('J')