crypto/encryptor.h - Issue 7056026: Implement AES-CTR for NSS.

Side by Side Diff: crypto/encryptor.h

Issue 7056026: Implement AES-CTR for NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: revised Created 9 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #ifndef CRYPTO_ENCRYPTOR_H_	5 #ifndef CRYPTO_ENCRYPTOR_H_

6 #define CRYPTO_ENCRYPTOR_H_	6 #define CRYPTO_ENCRYPTOR_H_

7 #pragma once	7 #pragma once

8	8

9 #include <string>	9 #include <string>

10	10

	11 #include "base/scoped_ptr.h"

11 #include "build/build_config.h"	12 #include "build/build_config.h"
	Ryan Sleevi 2011/06/08 01:29:23 IWYU: #include "base/basictypes.h" for uint64/uint IWYU: #include "base/basictypes.h" for uint64/uint8. Alpha Left Google 2011/06/13 23:32:45 Done. Show quoted text On 2011/06/08 01:29:23, Ryan Sleevi wrote: > IWYU: #include "base/basictypes.h" for uint64/uint8. Done.
12

13 #if defined(USE_NSS)	13 #if defined(USE_NSS)

14 #include "crypto/scoped_nss_types.h"	14 #include "crypto/scoped_nss_types.h"

15 #elif defined(OS_WIN)	15 #elif defined(OS_WIN)

16 #include "crypto/scoped_capi_types.h"	16 #include "crypto/scoped_capi_types.h"

17 #endif	17 #endif

18	18

19 namespace crypto {	19 namespace crypto {

20	20

21 class SymmetricKey;	21 class SymmetricKey;

22	22

23 class Encryptor {	23 class Encryptor {

24 public:	24 public:

25 enum Mode {	25 enum Mode {

26 CBC	26 CBC,

	27 CTR,

27 };	28 };

	29

	30 class Counter {
	Ryan Sleevi 2011/06/08 01:29:23 It's not clear why you added virtual methods and m It's not clear why you added virtual methods and made this part of the public interface, when there are no public methods that an Encryptor takes a Counter, so there is no way for clients of this API to override with custom behaviour. Note that if clients did need to derive, I think wtc's comment about CK_AES_CTR_PARAM is sufficient for the API needs, and wouldn't require any custom-derived classes to implement. Alpha Left Google 2011/06/13 23:32:45 I made it non virtual now. We could implement them Show quoted text On 2011/06/08 01:29:23, Ryan Sleevi wrote: > It's not clear why you added virtual methods and made this part of the public > interface, when there are no public methods that an Encryptor takes a Counter, > so there is no way for clients of this API to override with custom behaviour. > > Note that if clients did need to derive, I think wtc's comment about > CK_AES_CTR_PARAM is sufficient for the API needs, and wouldn't require any > custom-derived classes to implement. I made it non virtual now. We could implement them in Counter later for different number of bits.
	31 public:

	32 Counter(const std::string& counter);

	33 virtual ~Counter();

	34

	35 // Increment the counter value.

	36 virtual void Increment();

	37

	38 // Write the content of the counter to \|buf\|.
	Ryan Sleevi 2011/06/08 01:29:23 Documentation nit: Should specify that \|buf\| shoul Documentation nit: Should specify that \|buf\| should be sized to store \|GetLengthInBytes()\| bytes. API nit?: void* instead of uint8* Alpha Left Google 2011/06/13 23:32:45 Done. Show quoted text On 2011/06/08 01:29:23, Ryan Sleevi wrote: > Documentation nit: Should specify that \|buf\| should be sized to store > \|GetLengthInBytes()\| bytes. > > API nit?: void* instead of uint8* Done.
	39 virtual void Write(uint8* buf);

	40

	41 // Return the length of this counter.

	42 virtual const int GetLengthInBytes() const;

	43

	44 private:

	45 uint64 high_num_;

	46 uint64 low_num_;

	47 };

	48

28 Encryptor();	49 Encryptor();

29 virtual ~Encryptor();	50 virtual ~Encryptor();

30	51

31 // Initializes the encryptor using \|key\| and \|iv\|. Returns false if either the	52 // Initializes the encryptor using \|key\| and \|iv\|. Returns false if either the

32 // key or the initialization vector cannot be used.	53 // key or the initialization vector cannot be used.

	54 //

	55 // When \|mode\| is CTR then \|iv\| should be empty.

33 bool Init(SymmetricKey* key, Mode mode, const std::string& iv);	56 bool Init(SymmetricKey* key, Mode mode, const std::string& iv);

34	57

35 // Encrypts \|plaintext\| into \|ciphertext\|.	58 // Encrypts \|plaintext\| into \|ciphertext\|.

36 bool Encrypt(const std::string& plaintext, std::string* ciphertext);	59 bool Encrypt(const std::string& plaintext, std::string* ciphertext);

37	60

38 // Decrypts \|ciphertext\| into \|plaintext\|.	61 // Decrypts \|ciphertext\| into \|plaintext\|.

39 bool Decrypt(const std::string& ciphertext, std::string* plaintext);	62 bool Decrypt(const std::string& ciphertext, std::string* plaintext);

40	63

	64 // Update the counter value when in CTR mode. Currently only 128-bits

	65 // counter value is supported.

	66 //

	67 // Return true only if update was successful.

	68 bool UpdateCounter(const std::string& counter);

	69

41 // TODO(albertb): Support streaming encryption.	70 // TODO(albertb): Support streaming encryption.

42	71

43 private:	72 private:

	73 // Generate a mask using \|counter_\| to be used for encryption in CTR mode.

	74 // Resulting mask will be written to \|mask\| with \|mask_len\| bytes.

	75 //

	76 // The generated mask will always have at least \|plaintext_len\| bytes and

	77 // will be a multiple of the counter length.

	78 //

	79 // This method is used only in CTR mode.

	80 void GenerateCounterMask(int plaintext_len, scoped_array<uint8>* mask,

	81 int* mask_len);
	Ryan Sleevi 2011/06/08 01:29:23 style nit: I believe the style guide preference is style nit: I believe the style guide preference is to use size_t for \|plaintext_len\| and \|mask_len\| (also below) http://www.chromium.org/developers/coding-style#TOC-Types style nit: My understanding of http://www.chromium.org/developers/coding-style#TOC-Code-formatting was that each argument should be on it's own line for the declaration. I'm not sure if \|plaintext_len\| and \|mask\| have the strict relationship to justify combining. Alpha Left Google 2011/06/13 23:32:45 Done. Show quoted text On 2011/06/08 01:29:23, Ryan Sleevi wrote: > style nit: I believe the style guide preference is to use size_t for > \|plaintext_len\| and \|mask_len\| (also below) > > http://www.chromium.org/developers/coding-style#TOC-Types > > style nit: My understanding of > http://www.chromium.org/developers/coding-style#TOC-Code-formatting was that > each argument should be on it's own line for the declaration. I'm not sure if > \|plaintext_len\| and \|mask\| have the strict relationship to justify combining. Done.
	82

	83 // Mask the \|plaintext\| message using \|mask\|. The output will be written to

	84 // \|ciphertext\|.

	85 void MaskMessage(const uint8* plaintext, int plaintext_len,

	86 const uint8* mask, uint8* ciphertext) const;
	Ryan Sleevi 2011/06/08 01:29:23 Documentation nit: \|ciphertext\| must be at least \| Documentation nit: \|ciphertext\| must be at least \|plaintext_len\| bytes. API nit: Should \|plaintext\|, \|mask\|, and \|ciphertext\| be void* instead of uint8? I don't see how from a caller's perspective the type should matter... Alpha Left Google* 2011/06/13 23:32:45 Done. Show quoted text On 2011/06/08 01:29:23, Ryan Sleevi wrote: > Documentation nit: \|ciphertext\| must be at least \|plaintext_len\| bytes. > > API nit: Should \|plaintext\|, \|mask\|, and \|ciphertext\| be void* instead of > uint8*? I don't see how from a caller's perspective the type should matter... Done.
	87

44 SymmetricKey* key_;	88 SymmetricKey* key_;

45 Mode mode_;	89 Mode mode_;

	90 scoped_ptr<Counter> counter_;

46	91

47 #if defined(USE_OPENSSL)	92 #if defined(USE_OPENSSL)

48 bool Crypt(bool encrypt, // Pass true to encrypt, false to decrypt.	93 bool Crypt(bool encrypt, // Pass true to encrypt, false to decrypt.

49 const std::string& input,	94 const std::string& input,

50 std::string* output);	95 std::string* output);

51 std::string iv_;	96 std::string iv_;

52 #elif defined(USE_NSS)	97 #elif defined(USE_NSS)

53 ScopedPK11Slot slot_;	98 ScopedPK11Slot slot_;

54 ScopedSECItem param_;	99 ScopedSECItem param_;

55 #elif defined(OS_MACOSX)	100 #elif defined(OS_MACOSX)

56 bool Crypt(int /CCOperation/ op,	101 bool Crypt(int /CCOperation/ op,

57 const std::string& input,	102 const std::string& input,

58 std::string* output);	103 std::string* output);

59	104

60 std::string iv_;	105 std::string iv_;

61 #elif defined(OS_WIN)	106 #elif defined(OS_WIN)

62 ScopedHCRYPTKEY capi_key_;	107 ScopedHCRYPTKEY capi_key_;

63 DWORD block_size_;	108 DWORD block_size_;

64 #endif	109 #endif

65 };	110 };

66	111

67 } // namespace crypto	112 } // namespace crypto

68	113

69 #endif // CRYPTO_ENCRYPTOR_H_	114 #endif // CRYPTO_ENCRYPTOR_H_

OLD	NEW

« no previous file with comments | « crypto/crypto.gyp ('k') | crypto/encryptor.cc » ('j') | crypto/encryptor.cc » ('J')