Implement AES-CTR for NSS.

crypto/encryptor_nss.cc

Index: crypto/encryptor_nss.cc
diff --git a/crypto/encryptor_nss.cc b/crypto/encryptor_nss.cc
index aaa66268341623e15c87ff7e9d63e1ebe4c0e7df..7c347419bc568d9ba7be08a49bd03de7fc5d2ea9 100644
--- a/crypto/encryptor_nss.cc
+++ b/crypto/encryptor_nss.cc
@@ -13,6 +13,23 @@
 
 namespace crypto {
 
+namespace {
+
+inline CK_MECHANISM_TYPE GetMechanism(Encryptor::Mode mode) {

[wtc, 2011/06/02 20:10:23]

Nit: GetMechanism => GetPKCS11Mechanism

+  switch (mode) {
+    case Encryptor::CBC:
+      return CKM_AES_CBC_PAD;
+    case Encryptor::ECB:
+      return CKM_AES_ECB;
+    default:
+      NOTREACHED() << "Unsupported mode of operation";

[wtc, 2011/06/02 20:10:23]

We probably should crash with a CHECK...

+      break;
+  }
+  return CKM_AES_ECB;
+}
+
+}  // namespace
+
 Encryptor::Encryptor()
     : key_(NULL),
       mode_(CBC) {
@@ -24,39 +41,46 @@ Encryptor::~Encryptor() {
 
 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
   DCHECK(key);
-  DCHECK_EQ(CBC, mode);
+  DCHECK(CBC == mode || ECB == mode) << "Unsupported mode of operation";
 
   key_ = key;
   mode_ = mode;
 
-  if (iv.size() != AES_BLOCK_SIZE)
+  if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
     return false;

[wtc, 2011/06/02 20:10:23]

Move this check into the "if (mode == CBC)" block on lines
56-63 below.

[Ryan Sleevi, 2011/06/02 01:19:23]

if (mode == ECB && !iv.empty())
  return false;

Catch the odd API abuse/misuse to prevent accidentally performing an ECB
Encrypt/Decrypt for something (or some key) meant to be used with CBC.

-  slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL));
+  slot_.reset(PK11_GetBestSlot(GetMechanism(mode), NULL));
   if (!slot_.get())
     return false;
 
-  SECItem iv_item;
-  iv_item.type = siBuffer;
-  iv_item.data = reinterpret_cast<unsigned char*>(
-      const_cast<char *>(iv.data()));
-  iv_item.len = iv.size();
+  if (mode == CBC) {
+    SECItem iv_item;
+    iv_item.type = siBuffer;
+    iv_item.data = reinterpret_cast<unsigned char*>(
+        const_cast<char *>(iv.data()));
+    iv_item.len = iv.size();
+
+    param_.reset(PK11_ParamFromIV(GetMechanism(mode), &iv_item));
+  } else {
+    param_.reset(PK11_ParamFromIV(GetMechanism(mode), NULL));
+  }
 
-  param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
   if (!param_.get())
     return false;
-
   return true;
 }
 
 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
-  ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
+  ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_),
                                                        CKA_ENCRYPT,
                                                        key_->key(),
                                                        param_.get()));
   if (!context.get())
     return false;
 
+  if (mode_ == ECB && (plaintext.size() % AES_BLOCK_SIZE))
+    return false;
+
   size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE;
   std::vector<unsigned char> buffer(ciphertext_len);
 
@@ -88,7 +112,10 @@ bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
   if (ciphertext.empty())
     return false;
 
-  ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
+  if (mode_ == ECB && (ciphertext.size() % AES_BLOCK_SIZE))
+    return false;
+
+  ScopedPK11Context context(PK11_CreateContextBySymKey(GetMechanism(mode_),
                                                        CKA_DECRYPT,
                                                        key_->key(),
                                                        param_.get()));