Chromium Code Reviews Chromium Code Reviews
Issue 7056026:
Implement AES-CTR for NSS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/encryptor.h" | 5 #include "crypto/encryptor.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
| 12 #include "crypto/symmetric_key.h" | 12 #include "crypto/symmetric_key.h" |
| 13 | 13 |
| 14 namespace crypto { | 14 namespace crypto { |
| 15 | 15 |
| 16 namespace { | |
| 17 | |
| 18 inline CK_MECHANISM_TYPE GetMechanism(Encryptor::Mode mode) { | |
| 19 switch (mode) { | |
| 20 case Encryptor::CBC: | |
| 21 return CKM_AES_CBC_PAD; | |
| 22 case Encryptor::CTR: | |
| 23 // AES-CTR encryption uses ECB encryptor as a building block. | |
| 24 return CKM_AES_ECB; | |
| 25 default: | |
| 26 NOTREACHED() << "Unsupported mode of operation"; | |
| 27 break; | |
| 28 } | |
| 29 return 0; | |
| 30 } | |
| 31 | |
| 32 } // namespace | |
| 33 | |
| 16 Encryptor::Encryptor() | 34 Encryptor::Encryptor() |
| 17 : key_(NULL), | 35 : key_(NULL), |
| 18 mode_(CBC) { | 36 mode_(CBC) { |
| 19 EnsureNSSInit(); | 37 EnsureNSSInit(); |
| 20 } | 38 } |
| 21 | 39 |
| 22 Encryptor::~Encryptor() { | 40 Encryptor::~Encryptor() { |
| 23 } | 41 } |
| 24 | 42 |
| 25 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { | 43 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { |
| 26 DCHECK(key); | 44 DCHECK(key); |
| 27 DCHECK_EQ(CBC, mode); | 45 DCHECK(CBC == mode || CTR == mode) << "Unsupported mode of operation"; |
| 28 | 46 |
| 29 key_ = key; | 47 key_ = key; |
| 30 mode_ = mode; | 48 mode_ = mode; |
| 31 | 49 |
| 32 if (iv.size() != AES_BLOCK_SIZE) | 50 if (mode == CBC && iv.size() != AES_BLOCK_SIZE) |
| 33 return false; | 51 return false; |
| 34 | 52 |
| 35 slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL)); | 53 slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL)); |
| 36 if (!slot_.get()) | 54 if (!slot_.get()) |
| 37 return false; | 55 return false; |
| 38 | 56 |
| 39 SECItem iv_item; | 57 if (mode == CBC) { |
| 40 iv_item.type = siBuffer; | 58 SECItem iv_item; |
| 41 iv_item.data = reinterpret_cast<unsigned char*>( | 59 iv_item.type = siBuffer; |
| 42 const_cast<char *>(iv.data())); | 60 iv_item.data = reinterpret_cast<unsigned char*>( |
| 43 iv_item.len = iv.size(); | 61 const_cast<char *>(iv.data())); |
| 62 iv_item.len = iv.size(); | |
| 44 | 63 |
| 45 param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item)); | 64 param_.reset(PK11_ParamFromIV(GetMechanism(mode), &iv_item)); |
| 65 } else { | |
| 66 param_.reset(PK11_ParamFromIV(GetMechanism(mode), NULL)); | |
| 67 } | |
| 68 | |
| 46 if (!param_.get()) | 69 if (!param_.get()) |
| 47 return false; | 70 return false; |
| 48 | |
| 49 return true; | 71 return true; |
| 50 } | 72 } |
| 51 | 73 |
| 52 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { | 74 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { |
| 53 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD, | 75 ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_), |
| 54 CKA_ENCRYPT, | 76 CKA_ENCRYPT, |
| 55 key_->key(), | 77 key_->key(), |
| 56 param_.get())); | 78 param_.get())); |
| 57 if (!context.get()) | 79 if (!context.get()) |
| 58 return false; | 80 return false; |
| 59 | 81 |
| 60 size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE; | 82 return mode_ == CTR ? CryptCTR(context.get(), plaintext, ciphertext) : |
| 61 std::vector<unsigned char> buffer(ciphertext_len); | 83 Crypt(context.get(), plaintext, ciphertext); |
| 62 | |
| 63 int op_len; | |
| 64 SECStatus rv = PK11_CipherOp(context.get(), | |
| 65 &buffer[0], | |
| 66 &op_len, | |
| 67 ciphertext_len, | |
| 68 reinterpret_cast<unsigned char*>( | |
| 69 const_cast<char*>(plaintext.data())), | |
| 70 plaintext.size()); | |
| 71 if (SECSuccess != rv) | |
| 72 return false; | |
| 73 | |
| 74 unsigned int digest_len; | |
| 75 rv = PK11_DigestFinal(context.get(), | |
| 76 &buffer[op_len], | |
| 77 &digest_len, | |
| 78 ciphertext_len - op_len); | |
| 79 if (SECSuccess != rv) | |
| 80 return false; | |
| 81 | |
| 82 ciphertext->assign(reinterpret_cast<char *>(&buffer[0]), | |
| 83 op_len + digest_len); | |
| 84 return true; | |
| 85 } | 84 } |
| 86 | 85 |
| 87 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { | 86 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { |
| 88 if (ciphertext.empty()) | 87 if (ciphertext.empty()) |
| 89 return false; | 88 return false; |
| 90 | 89 |
| 91 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD, | 90 ScopedPK11Context context(PK11_CreateContextBySymKey( |
| 92 CKA_DECRYPT, | 91 GetMechanism(mode_), (mode_ == CTR ? CKA_ENCRYPT : CKA_DECRYPT), |
| 93 key_->key(), | 92 key_->key(), param_.get())); |
| 94 param_.get())); | |
| 95 if (!context.get()) | 93 if (!context.get()) |
| 96 return false; | 94 return false; |
| 97 | 95 |
| 98 size_t plaintext_len = ciphertext.size(); | 96 return mode_ == CTR ? CryptCTR(context.get(), ciphertext, plaintext) : |
| 99 std::vector<unsigned char> buffer(plaintext_len); | 97 Crypt(context.get(), ciphertext, plaintext); |
| 98 } | |
| 99 | |
| 100 bool Encryptor::Crypt(PK11Context* context, const std::string& input, | |
| 101 std::string* output) { | |
| 102 size_t output_len = input.size() + AES_BLOCK_SIZE; | |
| 103 output->resize(output_len); | |
| 104 uint8* output_data = | |
| 105 reinterpret_cast<uint8*>(const_cast<char*>(output->data())); | |
| 106 | |
| 107 int input_len = input.size(); | |
|
Ryan Sleevi
2011/06/15 06:27:00
Any issues with over/underflow here or on lines 10
Alpha Left Google
2011/06/15 18:54:42
There could be problems at 102 and 141 but not 146
| |
| 108 uint8* input_data = | |
| 109 reinterpret_cast<uint8*>(const_cast<char*>(input.data())); | |
| 100 | 110 |
| 101 int op_len; | 111 int op_len; |
| 102 SECStatus rv = PK11_CipherOp(context.get(), | 112 SECStatus rv = PK11_CipherOp(context, |
| 103 &buffer[0], | 113 output_data, |
| 104 &op_len, | 114 &op_len, |
| 105 plaintext_len, | 115 output_len, |
| 106 reinterpret_cast<unsigned char*>( | 116 input_data, |
| 107 const_cast<char*>(ciphertext.data())), | 117 input_len); |
| 108 ciphertext.size()); | 118 |
| 109 if (SECSuccess != rv) | 119 if (SECSuccess != rv) |
| 110 return false; | 120 return false; |
| 111 | 121 |
| 112 unsigned int digest_len; | 122 unsigned int digest_len; |
| 113 rv = PK11_DigestFinal(context.get(), | 123 rv = PK11_DigestFinal(context, |
| 114 &buffer[op_len], | 124 output_data + op_len, |
| 115 &digest_len, | 125 &digest_len, |
| 116 plaintext_len - op_len); | 126 output_len - op_len); |
| 117 if (SECSuccess != rv) | 127 if (SECSuccess != rv) |
| 118 return false; | 128 return false; |
| 119 | 129 |
| 120 plaintext->assign(reinterpret_cast<char *>(&buffer[0]), | 130 output->resize(op_len + digest_len); |
| 121 op_len + digest_len); | |
| 122 return true; | 131 return true; |
| 123 } | 132 } |
| 124 | 133 |
| 134 bool Encryptor::CryptCTR(PK11Context* context, const std::string& input, | |
| 135 std::string* output) { | |
| 136 if (!counter_.get()) { | |
| 137 LOG(ERROR) << "Counter value not set in CTR mode."; | |
| 138 return false; | |
| 139 } | |
| 140 | |
| 141 size_t output_len = input.size() + AES_BLOCK_SIZE; | |
| 142 output->resize(output_len); | |
| 143 uint8* output_data = | |
| 144 reinterpret_cast<uint8*>(const_cast<char*>(output->data())); | |
| 145 | |
| 146 size_t input_len = input.size(); | |
| 147 uint8* input_data = | |
| 148 reinterpret_cast<uint8*>(const_cast<char*>(input.data())); | |
| 149 | |
| 150 scoped_array<uint8> ctr_mask; | |
| 151 GenerateCounterMask(input_len, &ctr_mask, &input_len); | |
| 152 CHECK(input_len <= output_len); | |
|
Ryan Sleevi
2011/06/15 06:27:00
Any value to CHECK_LE? Only difference would be it
Alpha Left Google
2011/06/15 18:54:42
GenerateCounterMask will bump up input_len, this i
| |
| 153 input_data = ctr_mask.get(); | |
| 154 | |
| 155 int op_len; | |
| 156 SECStatus rv = PK11_CipherOp(context, | |
| 157 output_data, | |
| 158 &op_len, | |
| 159 output_len, | |
| 160 input_data, | |
| 161 input_len); | |
| 162 if (SECSuccess != rv) | |
| 163 return false; | |
| 164 | |
|
Ryan Sleevi
2011/06/15 06:27:00
According to http://www.mozilla.org/projects/secur
Alpha Left Google
2011/06/15 18:54:42
Done.
| |
| 165 // Use |output_data| to mask |input|. | |
| 166 MaskMessage( | |
| 167 reinterpret_cast<uint8*>(const_cast<char*>(input.data())), | |
| 168 input.length(), output_data, output_data); | |
| 169 output->resize(input.length()); | |
| 170 return true; | |
| 171 } | |
| 172 | |
| 125 } // namespace crypto | 173 } // namespace crypto |
| OLD | NEW |
