Implement AES-CTR for NSS.

crypto/encryptor.h

Index: crypto/encryptor.h
diff --git a/crypto/encryptor.h b/crypto/encryptor.h
index 0fdf758953322c60ad9118893963cdd1af4d2c47..a08391fab6a248eeac67d7d68804f46c7b954928 100644
--- a/crypto/encryptor.h
+++ b/crypto/encryptor.h
@@ -8,6 +8,8 @@
 
 #include <string>
 
+#include "base/basictypes.h"
+#include "base/scoped_ptr.h"
 #include "build/build_config.h"
 #include "crypto/crypto_api.h"
 
@@ -24,13 +26,43 @@ class SymmetricKey;
 class CRYPTO_API Encryptor {
  public:
   enum Mode {
-    CBC
+    CBC,
+    CTR,
   };
+
+  // This class implements a 128-bits counter to be used in AES-CTR encryption.
+  // Only 128-bits counter is supported in this class.
+  class Counter {
+   public:
+    Counter(const std::string& counter);
+    ~Counter();
+
+    // Increment the counter value.
+    void Increment();

[wtc, 2011/06/24 18:06:06]

Nit: please make this method return bool, or add a TODO comment
about it.  It should fail if the counter overflows.

If you do this, GenerateCounterMask also needs to return
bool, and CryptCTR needs to check the return value of
GenerateCounterMask.

[Alpha Left Google, 2011/06/24 18:52:27]

Done.

+
+    // Write the content of the counter to |buf|. |buf| should have enough
+    // space for |GetLengthInBytes()|.
+    void Write(void* buf);
+
+    // Return the length of this counter.
+    size_t GetLengthInBytes() const;
+
+   private:
+    size_t counter_bits_;

[wtc, 2011/06/24 18:06:06]

You misunderstood what I asked you to do with counter_bits_.

There are two lengths of interest for a counter block.
1. The counter block size, which must be equal to the size
of the block cipher.  For AES, this is 128 bits.
2. The number of counter bits in the counter block that
are incremented.  In our first implementation we only
support 128 bits of counter.

To make it simple, let's do the following in this CL:

1. Remove counter_bits_ and kCounterLength.

2. Replace kCounterLength with sizeof(counter_).

[Alpha Left Google, 2011/06/24 18:52:27]

Done.

+
+    union {
+      uint8 buf[16];
+      uint64 components64[2];

[wtc, 2011/06/24 18:06:06]

You can remove the 'buf' union member.

You can add the following union member for future use:
  uint32 components32[4];

This will allow us to support 32-bit, 64-bit, and 128-bit
counters.

[Alpha Left Google, 2011/06/24 18:52:27]

Done.

+    } counter_;
+  };
+
   Encryptor();
   virtual ~Encryptor();
 
   // Initializes the encryptor using |key| and |iv|. Returns false if either the
   // key or the initialization vector cannot be used.
+  //
+  // When |mode| is CTR then |iv| should be empty.
   bool Init(SymmetricKey* key, Mode mode, const std::string& iv);
 
   // Encrypts |plaintext| into |ciphertext|.
@@ -39,11 +71,39 @@ class CRYPTO_API Encryptor {
   // Decrypts |ciphertext| into |plaintext|.
   bool Decrypt(const std::string& ciphertext, std::string* plaintext);
 
+  // Update the counter value when in CTR mode. Currently only 128-bits

[wtc, 2011/06/24 18:06:06]

Nit: Update => Updates

or "Sets" if you rename the method as I suggested below.

Please make the same changes to the function comments below.
See the Style Guide for this recommendation on descriptive
vs. imperative:

http://google-styleguide.googlecode.com/svn/trunk/cppguide.xml#Function_Comments

[Alpha Left Google, 2011/06/24 18:52:27]

Done.

+  // counter value is supported.
+  //
+  // Return true only if update was successful.
+  bool UpdateCounter(const std::string& counter);

[wtc, 2011/06/24 18:06:06]

I believe this is a typical setter method.  If so, it should
be named SetCounter.

[Alpha Left Google, 2011/06/24 18:52:27]

Done.

+
   // TODO(albertb): Support streaming encryption.
 
  private:
+  // Generate a mask using |counter_| to be used for encryption in CTR mode.
+  // Resulting mask will be written to |mask| with |mask_len| bytes.
+  //
+  // Make sure there's enough space in mask when calling this method.
+  // Reserve at least |plaintext_len| + 16 bytes for |mask|.
+  //
+  // The generated mask will always have at least |plaintext_len| bytes and
+  // will be a multiple of the counter length.
+  //
+  // This method is used only in CTR mode.
+  void GenerateCounterMask(size_t plaintext_len,
+                           uint8* mask,
+                           size_t* mask_len);
+
+  // Mask the |plaintext| message using |mask|. The output will be written to
+  // |ciphertext|. |ciphertext| must have at least |plaintext_len| bytes.
+  void MaskMessage(const void* plaintext,
+                   size_t plaintext_len,
+                   const void* mask,
+                   void* ciphertext) const;
+
   SymmetricKey* key_;
   Mode mode_;
+  scoped_ptr<Counter> counter_;
 
 #if defined(USE_OPENSSL)
   bool Crypt(bool encrypt,  // Pass true to encrypt, false to decrypt.
@@ -51,6 +111,12 @@ class CRYPTO_API Encryptor {
              std::string* output);
   std::string iv_;
 #elif defined(USE_NSS)
+  bool Crypt(PK11Context* context,
+             const std::string& input,
+             std::string* output);
+  bool CryptCTR(PK11Context* context,
+                const std::string& input,
+                std::string* output);
   ScopedPK11Slot slot_;
   ScopedSECItem param_;
 #elif defined(OS_MACOSX)