crypto/encryptor_nss.cc - Issue 7056026: Implement AES-CTR for NSS.

Side by Side Diff: crypto/encryptor_nss.cc

Issue 7056026: Implement AES-CTR for NSS. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: done Created 9 years, 6 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "crypto/encryptor.h"	5 #include "crypto/encryptor.h"

6	6

7 #include <cryptohi.h>	7 #include <cryptohi.h>

8 #include <vector>	8 #include <vector>

9	9

10 #include "base/logging.h"	10 #include "base/logging.h"

11 #include "crypto/nss_util.h"	11 #include "crypto/nss_util.h"

12 #include "crypto/symmetric_key.h"	12 #include "crypto/symmetric_key.h"

13	13

14 namespace crypto {	14 namespace crypto {

15	15

	16 namespace {

	17

	18 inline CK_MECHANISM_TYPE GetMechanism(Encryptor::Mode mode) {
	wtc 2011/06/02 20:10:23 Nit: GetMechanism => GetPKCS11Mechanism Nit: GetMechanism => GetPKCS11Mechanism
	19 switch (mode) {

	20 case Encryptor::CBC:

	21 return CKM_AES_CBC_PAD;

	22 case Encryptor::ECB:

	23 return CKM_AES_ECB;

	24 default:

	25 NOTREACHED() << "Unsupported mode of operation";
	wtc 2011/06/02 20:10:23 We probably should crash with a CHECK... We probably should crash with a CHECK...
	26 break;

	27 }

	28 return CKM_AES_ECB;

	29 }

	30

	31 } // namespace

	32

16 Encryptor::Encryptor()	33 Encryptor::Encryptor()

17 : key_(NULL),	34 : key_(NULL),

18 mode_(CBC) {	35 mode_(CBC) {

19 EnsureNSSInit();	36 EnsureNSSInit();

20 }	37 }

21	38

22 Encryptor::~Encryptor() {	39 Encryptor::~Encryptor() {

23 }	40 }

24	41

25 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {	42 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {

26 DCHECK(key);	43 DCHECK(key);

27 DCHECK_EQ(CBC, mode);	44 DCHECK(CBC == mode \|\| ECB == mode) << "Unsupported mode of operation";

28	45

29 key_ = key;	46 key_ = key;

30 mode_ = mode;	47 mode_ = mode;

31	48

32 if (iv.size() != AES_BLOCK_SIZE)	49 if (mode == CBC && iv.size() != AES_BLOCK_SIZE)

33 return false;	50 return false;
	wtc 2011/06/02 20:10:23 Move this check into the "if (mode == CBC)" block Move this check into the "if (mode == CBC)" block on lines 56-63 below.
34	51
	Ryan Sleevi 2011/06/02 01:19:23 if (mode == ECB && !iv.empty()) return false; C if (mode == ECB && !iv.empty()) return false; Catch the odd API abuse/misuse to prevent accidentally performing an ECB Encrypt/Decrypt for something (or some key) meant to be used with CBC.
35 slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL));	52 slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));

36 if (!slot_.get())	53 if (!slot_.get())

37 return false;	54 return false;

38	55

39 SECItem iv_item;	56 if (mode == CBC) {

40 iv_item.type = siBuffer;	57 SECItem iv_item;

41 iv_item.data = reinterpret_cast<unsigned char*>(	58 iv_item.type = siBuffer;

42 const_cast<char *>(iv.data()));	59 iv_item.data = reinterpret_cast<unsigned char*>(

43 iv_item.len = iv.size();	60 const_cast<char *>(iv.data()));

	61 iv_item.len = iv.size();

44	62

45 param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));	63 param_.reset(PK11_ParamFromIV(GetMechanism(mode), &iv_item));

	64 } else {

	65 param_.reset(PK11_ParamFromIV(GetMechanism(mode), NULL));

	66 }

	67

46 if (!param_.get())	68 if (!param_.get())

47 return false;	69 return false;

48

49 return true;	70 return true;

50 }	71 }

51	72

52 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {	73 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {

53 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,	74 ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_),

54 CKA_ENCRYPT,	75 CKA_ENCRYPT,

55 key_->key(),	76 key_->key(),

56 param_.get()));	77 param_.get()));

57 if (!context.get())	78 if (!context.get())

58 return false;	79 return false;

59	80

	81 if (mode_ == ECB && (plaintext.size() % AES_BLOCK_SIZE))

	82 return false;

	83

60 size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE;	84 size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE;

61 std::vector<unsigned char> buffer(ciphertext_len);	85 std::vector<unsigned char> buffer(ciphertext_len);

62	86

63 int op_len;	87 int op_len;

64 SECStatus rv = PK11_CipherOp(context.get(),	88 SECStatus rv = PK11_CipherOp(context.get(),

65 &buffer[0],	89 &buffer[0],

66 &op_len,	90 &op_len,

67 ciphertext_len,	91 ciphertext_len,

68 reinterpret_cast<unsigned char*>(	92 reinterpret_cast<unsigned char*>(

69 const_cast<char*>(plaintext.data())),	93 const_cast<char*>(plaintext.data())),

(...skipping 11 matching lines...) Expand all Loading...
81	105

82 ciphertext->assign(reinterpret_cast<char *>(&buffer[0]),	106 ciphertext->assign(reinterpret_cast<char *>(&buffer[0]),

83 op_len + digest_len);	107 op_len + digest_len);

84 return true;	108 return true;

85 }	109 }

86	110

87 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {	111 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {

88 if (ciphertext.empty())	112 if (ciphertext.empty())

89 return false;	113 return false;

90	114

91 ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,	115 if (mode_ == ECB && (ciphertext.size() % AES_BLOCK_SIZE))

	116 return false;

	117

	118 ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_),

92 CKA_DECRYPT,	119 CKA_DECRYPT,

93 key_->key(),	120 key_->key(),

94 param_.get()));	121 param_.get()));

95 if (!context.get())	122 if (!context.get())

96 return false;	123 return false;

97	124

98 size_t plaintext_len = ciphertext.size();	125 size_t plaintext_len = ciphertext.size();

99 std::vector<unsigned char> buffer(plaintext_len);	126 std::vector<unsigned char> buffer(plaintext_len);

100	127

101 int op_len;	128 int op_len;

(...skipping 14 matching lines...) Expand all Loading...
116 plaintext_len - op_len);	143 plaintext_len - op_len);

117 if (SECSuccess != rv)	144 if (SECSuccess != rv)

118 return false;	145 return false;

119	146

120 plaintext->assign(reinterpret_cast<char *>(&buffer[0]),	147 plaintext->assign(reinterpret_cast<char *>(&buffer[0]),

121 op_len + digest_len);	148 op_len + digest_len);

122 return true;	149 return true;

123 }	150 }

124	151

125 } // namespace crypto	152 } // namespace crypto

OLD	NEW

« no previous file with comments | « crypto/encryptor.h ('k') | crypto/encryptor_unittest.cc » ('j') | crypto/encryptor_unittest.cc » ('J')