Chromium Code Reviews Chromium Code Reviews
Issue 7056026:
Implement AES-CTR for NSS. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src| OLD | NEW |
|---|---|
| 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "crypto/encryptor.h" | 5 #include "crypto/encryptor.h" |
| 6 | 6 |
| 7 #include <cryptohi.h> | 7 #include <cryptohi.h> |
| 8 #include <vector> | 8 #include <vector> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| 11 #include "crypto/nss_util.h" | 11 #include "crypto/nss_util.h" |
| 12 #include "crypto/symmetric_key.h" | 12 #include "crypto/symmetric_key.h" |
| 13 | 13 |
| 14 namespace crypto { | 14 namespace crypto { |
| 15 | 15 |
| 16 namespace { | |
| 17 | |
| 18 inline CK_MECHANISM_TYPE GetMechanism(Encryptor::Mode mode) { | |
| 19 switch (mode) { | |
| 20 case Encryptor::CBC: | |
| 21 return CKM_AES_CBC_PAD; | |
| 22 case Encryptor::CTR: | |
| 23 // AES-CTR encryption uses ECB encryptor as a building block since | |
| 24 // NSS doesn't support CTR encryption mode. | |
| 25 return CKM_AES_ECB; | |
| 26 default: | |
| 27 NOTREACHED() << "Unsupported mode of operation"; | |
| 28 break; | |
| 29 } | |
| 30 return 0; | |
|
wtc
2011/06/24 18:06:06
Let's use
return static_cast<CK_MECHANISM_TYPE>(
Chris Palmer
2011/10/03 19:50:09
+1
| |
| 31 } | |
| 32 | |
| 33 } // namespace | |
| 34 | |
| 16 Encryptor::Encryptor() | 35 Encryptor::Encryptor() |
| 17 : key_(NULL), | 36 : key_(NULL), |
| 18 mode_(CBC) { | 37 mode_(CBC) { |
| 19 EnsureNSSInit(); | 38 EnsureNSSInit(); |
| 20 } | 39 } |
| 21 | 40 |
| 22 Encryptor::~Encryptor() { | 41 Encryptor::~Encryptor() { |
| 23 } | 42 } |
| 24 | 43 |
| 25 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { | 44 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { |
| 26 DCHECK(key); | 45 DCHECK(key); |
| 27 DCHECK_EQ(CBC, mode); | 46 DCHECK(CBC == mode || CTR == mode) << "Unsupported mode of operation"; |
| 28 | 47 |
| 29 key_ = key; | 48 key_ = key; |
| 30 mode_ = mode; | 49 mode_ = mode; |
| 31 | 50 |
| 32 if (iv.size() != AES_BLOCK_SIZE) | 51 if (mode == CBC && iv.size() != AES_BLOCK_SIZE) |
| 33 return false; | 52 return false; |
| 34 | 53 |
| 35 slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL)); | 54 slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL)); |
| 36 if (!slot_.get()) | 55 if (!slot_.get()) |
| 37 return false; | 56 return false; |
| 38 | 57 |
| 39 SECItem iv_item; | 58 switch (mode) { |
| 40 iv_item.type = siBuffer; | 59 case CBC: |
| 41 iv_item.data = reinterpret_cast<unsigned char*>( | 60 SECItem iv_item; |
| 42 const_cast<char *>(iv.data())); | 61 iv_item.type = siBuffer; |
| 43 iv_item.len = iv.size(); | 62 iv_item.data = reinterpret_cast<unsigned char*>( |
| 63 const_cast<char *>(iv.data())); | |
| 64 iv_item.len = iv.size(); | |
| 44 | 65 |
| 45 param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item)); | 66 param_.reset(PK11_ParamFromIV(GetMechanism(mode), &iv_item)); |
| 67 break; | |
| 68 case CTR: | |
| 69 param_.reset(PK11_ParamFromIV(GetMechanism(mode), NULL)); | |
| 70 break; | |
| 71 } | |
| 72 | |
| 46 if (!param_.get()) | 73 if (!param_.get()) |
| 47 return false; | 74 return false; |
| 48 | |
| 49 return true; | 75 return true; |
| 50 } | 76 } |
| 51 | 77 |
| 52 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { | 78 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { |
| 53 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD, | 79 ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_), |
| 54 CKA_ENCRYPT, | 80 CKA_ENCRYPT, |
| 55 key_->key(), | 81 key_->key(), |
| 56 param_.get())); | 82 param_.get())); |
| 57 if (!context.get()) | 83 if (!context.get()) |
| 58 return false; | 84 return false; |
| 59 | 85 |
| 60 size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE; | 86 if (mode_ == CTR) |
| 61 std::vector<unsigned char> buffer(ciphertext_len); | 87 return CryptCTR(context.get(), plaintext, ciphertext); |
| 62 | 88 else |
| 63 int op_len; | 89 return Crypt(context.get(), plaintext, ciphertext); |
| 64 SECStatus rv = PK11_CipherOp(context.get(), | |
| 65 &buffer[0], | |
| 66 &op_len, | |
| 67 ciphertext_len, | |
| 68 reinterpret_cast<unsigned char*>( | |
| 69 const_cast<char*>(plaintext.data())), | |
| 70 plaintext.size()); | |
| 71 if (SECSuccess != rv) | |
| 72 return false; | |
| 73 | |
| 74 unsigned int digest_len; | |
| 75 rv = PK11_DigestFinal(context.get(), | |
| 76 &buffer[op_len], | |
| 77 &digest_len, | |
| 78 ciphertext_len - op_len); | |
| 79 if (SECSuccess != rv) | |
| 80 return false; | |
| 81 | |
| 82 ciphertext->assign(reinterpret_cast<char *>(&buffer[0]), | |
| 83 op_len + digest_len); | |
| 84 return true; | |
| 85 } | 90 } |
| 86 | 91 |
| 87 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { | 92 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { |
| 88 if (ciphertext.empty()) | 93 if (ciphertext.empty()) |
| 89 return false; | 94 return false; |
| 90 | 95 |
| 91 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD, | 96 ScopedPK11Context context(PK11_CreateContextBySymKey( |
| 92 CKA_DECRYPT, | 97 GetMechanism(mode_), (mode_ == CTR ? CKA_ENCRYPT : CKA_DECRYPT), |
|
wtc
2011/06/24 18:06:06
Are you sure we have to use CKA_ENCRYPT for CTR mo
Alpha Left Google
2011/06/24 18:52:27
Yup, decrypt does't work since we need to encrypt
| |
| 93 key_->key(), | 98 key_->key(), param_.get())); |
| 94 param_.get())); | |
| 95 if (!context.get()) | 99 if (!context.get()) |
| 96 return false; | 100 return false; |
| 97 | 101 |
| 98 size_t plaintext_len = ciphertext.size(); | 102 if (mode_ == CTR) |
| 99 std::vector<unsigned char> buffer(plaintext_len); | 103 return CryptCTR(context.get(), ciphertext, plaintext); |
| 104 else | |
| 105 return Crypt(context.get(), ciphertext, plaintext); | |
| 106 } | |
| 107 | |
| 108 bool Encryptor::Crypt(PK11Context* context, const std::string& input, | |
| 109 std::string* output) { | |
| 110 size_t output_len = input.size() + AES_BLOCK_SIZE; | |
| 111 CHECK(output_len > input.size()) << "Output size overflow"; | |
| 112 | |
| 113 output->resize(output_len); | |
| 114 uint8* output_data = | |
| 115 reinterpret_cast<uint8*>(const_cast<char*>(output->data())); | |
| 116 | |
| 117 int input_len = input.size(); | |
| 118 uint8* input_data = | |
| 119 reinterpret_cast<uint8*>(const_cast<char*>(input.data())); | |
| 100 | 120 |
| 101 int op_len; | 121 int op_len; |
| 102 SECStatus rv = PK11_CipherOp(context.get(), | 122 SECStatus rv = PK11_CipherOp(context, |
| 103 &buffer[0], | 123 output_data, |
| 104 &op_len, | 124 &op_len, |
| 105 plaintext_len, | 125 output_len, |
| 106 reinterpret_cast<unsigned char*>( | 126 input_data, |
| 107 const_cast<char*>(ciphertext.data())), | 127 input_len); |
| 108 ciphertext.size()); | 128 |
| 109 if (SECSuccess != rv) | 129 if (SECSuccess != rv) |
| 110 return false; | 130 return false; |
| 111 | 131 |
| 112 unsigned int digest_len; | 132 unsigned int digest_len; |
| 113 rv = PK11_DigestFinal(context.get(), | 133 rv = PK11_DigestFinal(context, |
| 114 &buffer[op_len], | 134 output_data + op_len, |
| 115 &digest_len, | 135 &digest_len, |
| 116 plaintext_len - op_len); | 136 output_len - op_len); |
| 117 if (SECSuccess != rv) | 137 if (SECSuccess != rv) |
| 118 return false; | 138 return false; |
| 119 | 139 |
| 120 plaintext->assign(reinterpret_cast<char *>(&buffer[0]), | 140 output->resize(op_len + digest_len); |
| 121 op_len + digest_len); | |
| 122 return true; | 141 return true; |
| 123 } | 142 } |
| 124 | 143 |
| 144 bool Encryptor::CryptCTR(PK11Context* context, const std::string& input, | |
| 145 std::string* output) { | |
| 146 if (!counter_.get()) { | |
| 147 LOG(ERROR) << "Counter value not set in CTR mode."; | |
| 148 return false; | |
| 149 } | |
| 150 | |
| 151 size_t output_len = input.size() + AES_BLOCK_SIZE; | |
|
wtc
2011/06/24 18:06:06
You can use the same formula as in GenerateCounter
Alpha Left Google
2011/06/24 18:52:27
Done.
Chris Palmer
2011/10/03 19:50:09
No, CTR mode gives you a stream cipher. Unlike CBC
| |
| 152 CHECK(output_len > input.size()) << "Output size overflow"; | |
| 153 output->resize(output_len); | |
| 154 uint8* output_data = | |
| 155 reinterpret_cast<uint8*>(const_cast<char*>(output->data())); | |
| 156 | |
| 157 size_t mask_len; | |
| 158 GenerateCounterMask(input.size(), output_data, &mask_len); | |
| 159 CHECK(mask_len <= output_len); | |
| 160 | |
| 161 int op_len; | |
| 162 SECStatus rv = PK11_CipherOp(context, | |
| 163 output_data, | |
| 164 &op_len, | |
| 165 output_len, | |
| 166 output_data, | |
| 167 mask_len); | |
| 168 if (SECSuccess != rv) | |
| 169 return false; | |
| 170 CHECK(op_len == static_cast<int>(mask_len)); | |
| 171 | |
| 172 unsigned int digest_len; | |
| 173 rv = PK11_DigestFinal(context, | |
| 174 NULL, | |
| 175 &digest_len, | |
| 176 0); | |
| 177 if (SECSuccess != rv) | |
| 178 return false; | |
| 179 CHECK(!digest_len); | |
| 180 | |
| 181 // Use |output_data| to mask |input|. | |
| 182 MaskMessage( | |
| 183 reinterpret_cast<uint8*>(const_cast<char*>(input.data())), | |
| 184 input.length(), output_data, output_data); | |
| 185 output->resize(input.length()); | |
| 186 return true; | |
| 187 } | |
| 188 | |
| 125 } // namespace crypto | 189 } // namespace crypto |
| OLD | NEW |
