Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(336)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: crypto/openpgp_symmetric_encryption_openssl.cc

Issue 7273080: crypto: convert OpenPGP code to NSS (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « crypto/openpgp_symmetric_encryption_nss_unittest.cc ('k') | crypto/openpgp_symmetric_encryption_test_openssl.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
(Empty)
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/openpgp_symmetric_encryption.h"
6
7 #include <vector>
8 #include <stdlib.h>
9
10 #include <openssl/evp.h>
11 #include <openssl/aes.h>
12 #include <openssl/sha.h>
13
14 #include "base/rand_util.h"
15 #include "base/logging.h"
16
17 namespace crypto {
18
19 namespace {
20
21 // Reader wraps a StringPiece and provides methods to read several datatypes
22 // while advancing the StringPiece.
23 class Reader {
24 public:
25 Reader(base::StringPiece input)
26 : data_(input) {
27 }
28
29 bool U8(uint8* out) {
30 if (data_.size() < 1)
31 return false;
32 *out = static_cast<uint8>(data_[0]);
33 data_.remove_prefix(1);
34 return true;
35 }
36
37 bool U32(uint32* out) {
38 if (data_.size() < 4)
39 return false;
40 *out = static_cast<uint32>(data_[0]) << 24 |
41 static_cast<uint32>(data_[1]) << 16 |
42 static_cast<uint32>(data_[2]) << 8 |
43 static_cast<uint32>(data_[3]);
44 data_.remove_prefix(4);
45 return true;
46 }
47
48 // Prefix sets |*out| to the first |n| bytes of the StringPiece and advances
49 // the StringPiece by |n|.
50 bool Prefix(uint32 n, base::StringPiece *out) {
51 if (data_.size() < n)
52 return false;
53 *out = base::StringPiece(data_.data(), n);
54 data_.remove_prefix(n);
55 return true;
56 }
57
58 // Remainder returns the remainer of the StringPiece and advances it to the
59 // end.
60 base::StringPiece Remainder() {
61 base::StringPiece ret = data_;
62 data_ = base::StringPiece();
63 return ret;
64 }
65
66 typedef base::StringPiece Position;
67
68 Position tell() const {
69 return data_;
70 }
71
72 void Seek(Position p) {
73 data_ = p;
74 }
75
76 bool Skip(uint32 n) {
77 if (data_.size() < n)
78 return false;
79 data_.remove_prefix(n);
80 return true;
81 }
82
83 bool empty() const {
84 return data_.empty();
85 }
86
87 size_t size() const {
88 return data_.size();
89 }
90
91 private:
92 base::StringPiece data_;
93 };
94
95 // SaltedIteratedS2K implements the salted and iterated string-to-key
96 // convertion. See RFC 4880, section 3.7.1.3.
97 void SaltedIteratedS2K(uint32 cipher_key_length,
98 const EVP_MD *hash_function,
99 base::StringPiece passphrase,
100 base::StringPiece salt,
101 uint32 count,
102 uint8 *out_key) {
103 const std::string combined = salt.as_string() + passphrase.as_string();
104 const size_t combined_len = combined.size();
105
106 uint32 done = 0;
107 uint8 zero[1] = {0};
108
109 EVP_MD_CTX ctx;
110 EVP_MD_CTX_init(&context);
111
112 for (uint32 i = 0; done < cipher_key_length; i++) {
113 CHECK_EQ(EVP_DigestInit_ex(&ctx, hash_function, NULL), 1);
114
115 for (uint32 j = 0; j < i; j++)
116 EVP_DigestUpdate(&ctx, zero, sizeof(zero));
117
118 uint32 written = 0;
119 while (written < count) {
120 if (written + combined_len > count) {
121 uint32 todo = count - written;
122 EVP_DigestUpdate(&ctx, combined.data(), todo);
123 written = count;
124 } else {
125 EVP_DigestUpdate(&ctx, combined.data(), combined_len);
126 written += combined_len;
127 }
128 }
129
130 uint32 num_hash_bytes;
131 uint8 hash[EVP_MAX_MD_SIZE];
132 CHECK_EQ(EVP_DigestFinal_ex(&ctx, hash, &num_hash_bytes), 1);
133
134 uint32 todo = cipher_key_length - done;
135 if (todo > num_hash_bytes)
136 todo = num_hash_bytes;
137 memcpy(out_key + done, hash, todo);
138 done += todo;
139 }
140
141 EVP_MD_CTX_cleanup(&context);
142 }
143
144 // These constants are the tag numbers for the various packet types that we
145 // use.
146 static const uint32 kSymmetricKeyEncryptedTag = 3;
147 static const uint32 kSymmetricallyEncryptedTag = 18;
148 static const uint32 kCompressedTag = 8;
149 static const uint32 kLiteralDataTag = 11;
150
151 class Decrypter {
152 public:
153 ~Decrypter() {
154 for (std::vector<void*>::iterator
155 i = arena_.begin(); i != arena_.end(); i++) {
156 free(*i);
157 }
158 arena_.clear();
159 }
160
161 OpenPGPSymmetricEncrytion::Result Decrypt(base::StringPiece in,
162 base::StringPiece passphrase,
163 base::StringPiece *out_contents) {
164 Reader reader(in);
165 uint32 tag;
166 base::StringPiece contents;
167 AES_KEY key;
168
169 if (!ParsePacket(&reader, &tag, &contents))
170 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
171 if (tag != kSymmetricKeyEncryptedTag)
172 return OpenPGPSymmetricEncrytion::NOT_SYMMETRICALLY_ENCRYPTED;
173 Reader inner(contents);
174 OpenPGPSymmetricEncrytion::Result result =
175 ParseSymmetricKeyEncrypted(&inner, passphrase, &key);
176 if (result != OpenPGPSymmetricEncrytion::OK)
177 return result;
178
179 if (!ParsePacket(&reader, &tag, &contents))
180 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
181 if (tag != kSymmetricallyEncryptedTag)
182 return OpenPGPSymmetricEncrytion::NOT_SYMMETRICALLY_ENCRYPTED;
183 if (!reader.empty())
184 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
185 inner = Reader(contents);
186 if (!ParseSymmetricallyEncrypted(&inner, &key, &contents))
187 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
188
189 reader = Reader(contents);
190 if (!ParsePacket(&reader, &tag, &contents))
191 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
192 if (tag == kCompressedTag)
193 return OpenPGPSymmetricEncrytion::COMPRESSED;
194 if (tag != kLiteralDataTag)
195 return OpenPGPSymmetricEncrytion::NOT_SYMMETRICALLY_ENCRYPTED;
196 inner = Reader(contents);
197 if (!ParseLiteralData(&inner, out_contents))
198 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
199
200 return OpenPGPSymmetricEncrytion::OK;
201 }
202
203 private:
204 // ParsePacket parses an OpenPGP packet from reader. See RFC 4880, section
205 // 4.2.2.
206 bool ParsePacket(Reader *reader,
207 uint32 *out_tag,
208 base::StringPiece *out_contents) {
209 uint8 header;
210 if (!reader->U8(&header))
211 return false;
212 if ((header & 0x80) == 0) {
213 // Tag byte must have MSB set.
214 return false;
215 }
216
217 if ((header & 0x40) == 0) {
218 // Old format packet.
219 *out_tag = (header & 0x3f) >> 2;
220
221 uint8 length_type = header & 3;
222 if (length_type == 3) {
223 *out_contents = reader->Remainder();
224 return true;
225 }
226
227 const uint32 length_bytes = 1 << length_type;
228 uint32 length = 0;
229 for (uint32 i = 0; i < length_bytes; i++) {
230 uint8 length_byte;
231 if (!reader->U8(&length_byte))
232 return false;
233 length <<= 8;
234 length |= length_byte;
235 }
236
237 return reader->Prefix(length, out_contents);
238 }
239
240 // New format packet.
241 *out_tag = header & 0x3f;
242 uint32 length;
243 bool is_partial;
244 if (!ParseLength(reader, &length, &is_partial))
245 return false;
246 if (is_partial)
247 return ParseStreamContents(reader, length, out_contents);
248 return reader->Prefix(length, out_contents);
249 }
250
251 // ParseStreamContents parses all the chunks of a partial length stream from
252 // reader. See http://tools.ietf.org/html/rfc4880#section-4.2.2.4
253 bool ParseStreamContents(Reader *reader,
254 uint32 length,
255 base::StringPiece *out_contents) {
256 const Reader::Position beginning_of_stream = reader->tell();
257 const uint32 first_chunk_length = length;
258
259 // First we parse the stream to find its length.
260 if (!reader->Skip(length))
261 return false;
262
263 for (;;) {
264 uint32 chunk_length;
265 bool is_partial;
266
267 if (!ParseLength(reader, &chunk_length, &is_partial))
268 return false;
269 if (length + chunk_length < length)
270 return false;
271 length += chunk_length;
272 if (!reader->Skip(chunk_length))
273 return false;
274 if (!is_partial)
275 break;
276 }
277
278 // Now we have the length of the whole stream in |length|.
279 char* buf = reinterpret_cast<char*>(malloc(length));
280 arena_.push_back(buf);
281 uint32 j = 0;
282 reader->Seek(beginning_of_stream);
283
284 base::StringPiece first_chunk;
285 if (!reader->Prefix(first_chunk_length, &first_chunk))
286 return false;
287 memcpy(buf + j, first_chunk.data(), first_chunk_length);
288 j += first_chunk_length;
289
290 // Now we parse the stream again, this time copying into |buf|
291 for (;;) {
292 uint32 chunk_length;
293 bool is_partial;
294
295 if (!ParseLength(reader, &chunk_length, &is_partial))
296 return false;
297 base::StringPiece chunk;
298 if (!reader->Prefix(chunk_length, &chunk))
299 return false;
300 memcpy(buf + j, chunk.data(), chunk_length);
301 j += chunk_length;
302 if (!is_partial)
303 break;
304 }
305
306 *out_contents = base::StringPiece(buf, length);
307 return true;
308 }
309
310 // ParseLength parses an OpenPGP length from reader. See RFC 4880, section
311 // 4.2.2.
312 bool ParseLength(Reader *reader, uint32 *out_length, bool *out_is_prefix) {
313 uint8 length_spec;
314 if (!reader->U8(&length_spec))
315 return false;
316
317 *out_is_prefix = false;
318 if (length_spec < 192) {
319 *out_length = length_spec;
320 return true;
321 } else if (length_spec < 224) {
322 uint8 next_byte;
323 if (!reader->U8(&next_byte))
324 return false;
325
326 *out_length = (length_spec - 192) << 8;
327 *out_length += next_byte;
328 return true;
329 } else if (length_spec < 255) {
330 *out_length = 1u << (length_spec & 0x1f);
331 *out_is_prefix = true;
332 return true;
333 } else {
334 return reader->U32(out_length);
335 }
336 }
337
338 // ParseSymmetricKeyEncrypted parses a passphrase protected session key. See
339 // RFC 4880, section 5.3.
340 OpenPGPSymmetricEncrytion::Result ParseSymmetricKeyEncrypted(
341 Reader *reader,
342 base::StringPiece passphrase,
343 AES_KEY *out_key) {
344 uint8 version, cipher, s2k_type, hash_func_id;
345 if (!reader->U8(&version) || version != 4)
346 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
347
348 if (!reader->U8(&cipher) ||
349 !reader->U8(&s2k_type) ||
350 !reader->U8(&hash_func_id)) {
351 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
352 }
353
354 uint8 cipher_key_length = OpenPGPCipherIdToKeyLength(cipher);
355 if (cipher_key_length == 0)
356 return OpenPGPSymmetricEncrytion::UNKNOWN_CIPHER;
357
358 const EVP_MD *hash_function;
359 switch (hash_func_id) {
360 case 2: // SHA-1
361 hash_function = EVP_sha1();
362 break;
363 case 8: // SHA-256
364 hash_function = EVP_sha256();
365 break;
366 default:
367 return OpenPGPSymmetricEncrytion::UNKNOWN_HASH;
368 }
369
370 base::StringPiece salt;
371 uint8 key[32];
372 uint8 count_spec;
373 switch (s2k_type) {
374 case 1:
375 if (!reader->Prefix(8, &salt))
376 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
377 case 0:
378 SaltedIteratedS2K(cipher_key_length, hash_function, passphrase, salt,
379 passphrase.size() + salt.size(), key);
380 break;
381 case 3:
382 if (!reader->Prefix(8, &salt) ||
383 !reader->U8(&count_spec)) {
384 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
385 }
386 SaltedIteratedS2K(
387 cipher_key_length, hash_function, passphrase, salt,
388 static_cast<uint32>(
389 16 + (count_spec&15)) << ((count_spec >> 4) + 6), key);
390 break;
391 default:
392 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
393 }
394
395 if (AES_set_encrypt_key(key, 8 * cipher_key_length, out_key))
396 return OpenPGPSymmetricEncrytion::INTERNAL_ERROR;
397
398 if (reader->empty()) {
399 // The resulting key is used directly.
400 return OpenPGPSymmetricEncrytion::OK;
401 }
402
403 // The S2K derived key encrypts another key that follows:
404 base::StringPiece encrypted_key = reader->Remainder();
405 if (encrypted_key.size() < 1)
406 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
407
408 uint8* plaintext_key = reinterpret_cast<uint8*>(
409 malloc(encrypted_key.size()));
410 arena_.push_back(plaintext_key);
411
412 int num = 0;
413 uint8 iv[16] = {0};
414
415 AES_cfb128_encrypt(reinterpret_cast<const uint8*>(encrypted_key.data()),
416 plaintext_key,
417 encrypted_key.size(),
418 out_key,
419 iv,
420 &num,
421 AES_DECRYPT);
422
423 cipher_key_length = OpenPGPCipherIdToKeyLength(plaintext_key[0]);
424 if (cipher_key_length == 0)
425 return OpenPGPSymmetricEncrytion::UNKNOWN_CIPHER;
426 if (encrypted_key.size() != 1u + cipher_key_length)
427 return OpenPGPSymmetricEncrytion::PARSE_ERROR;
428 if (AES_set_encrypt_key(plaintext_key + 1, 8 * cipher_key_length,
429 out_key)) {
430 return OpenPGPSymmetricEncrytion::INTERNAL_ERROR;
431 }
432 return OpenPGPSymmetricEncrytion::OK;
433 }
434
435 uint32 OpenPGPCipherIdToKeyLength(uint8 cipher) {
436 switch (cipher) {
437 case 7: // AES-128
438 return 16;
439 case 8: // AES-192
440 return 24;
441 case 9: // AES-256
442 return 32;
443 default:
444 return 0;
445 }
446 }
447
448 // ParseSymmetricallyEncrypted parses a Symmetrically Encrypted packet. See
449 // RFC 4880, sections 5.7 and 5.13.
450 bool ParseSymmetricallyEncrypted(Reader *reader,
451 AES_KEY *key,
452 base::StringPiece *out_plaintext) {
453 uint8 version;
454 if (!reader->U8(&version) || version != 1)
455 return false;
456
457 base::StringPiece prefix_sp;
458 if (!reader->Prefix(AES_BLOCK_SIZE + 2, &prefix_sp))
459 return false;
460 uint8 prefix[AES_BLOCK_SIZE + 2];
461 memcpy(prefix, prefix_sp.data(), sizeof(prefix));
462
463 uint8 prefix_copy[AES_BLOCK_SIZE + 2];
464 uint8 fre[AES_BLOCK_SIZE];
465
466 memset(prefix_copy, 0, AES_BLOCK_SIZE);
467 AES_ecb_encrypt(prefix_copy, fre, key, AES_ENCRYPT);
468 for (uint32 i = 0; i < AES_BLOCK_SIZE; i++)
469 prefix_copy[i] = fre[i] ^ prefix[i];
470 AES_ecb_encrypt(prefix, fre, key, AES_ENCRYPT);
471 prefix_copy[AES_BLOCK_SIZE] = prefix[AES_BLOCK_SIZE] ^ fre[0];
472 prefix_copy[AES_BLOCK_SIZE + 1] = prefix[AES_BLOCK_SIZE + 1] ^ fre[1];
473
474 if (prefix_copy[AES_BLOCK_SIZE - 2] != prefix_copy[AES_BLOCK_SIZE] ||
475 prefix_copy[AES_BLOCK_SIZE - 1] != prefix_copy[AES_BLOCK_SIZE + 1]) {
476 return false;
477 }
478
479 fre[0] = prefix[AES_BLOCK_SIZE];
480 fre[1] = prefix[AES_BLOCK_SIZE + 1];
481
482 uint32 out_used = 2;
483
484 const uint32 plaintext_size = reader->size();
485 if (plaintext_size < SHA_DIGEST_LENGTH + 2) {
486 // Too small to contain an MDC trailer.
487 return false;
488 }
489
490 uint8* plaintext = reinterpret_cast<uint8*>(malloc(plaintext_size));
491 arena_.push_back(plaintext);
492
493 for (uint32 i = 0; i < plaintext_size; i++) {
494 uint8 b;
495 if (!reader->U8(&b))
496 return false;
497 if (out_used == AES_BLOCK_SIZE) {
498 AES_ecb_encrypt(fre, fre, key, AES_ENCRYPT);
499 out_used = 0;
500 }
501
502 plaintext[i] = b ^ fre[out_used];
503 fre[out_used++] = b;
504 }
505
506 // The plaintext should be followed by a Modification Detection Code
507 // packet. This packet is specified such that the header is always
508 // serialized as exactly these two bytes:
509 if (plaintext[plaintext_size - SHA_DIGEST_LENGTH - 2] != 0xd3 ||
510 plaintext[plaintext_size - SHA_DIGEST_LENGTH - 1] != 0x14) {
511 return false;
512 }
513
514 SHA_CTX sha1;
515 SHA1_Init(&sha1);
516 SHA1_Update(&sha1, prefix_copy, sizeof(prefix_copy));
517 SHA1_Update(&sha1, plaintext, plaintext_size - SHA_DIGEST_LENGTH);
518 uint8 digest[SHA_DIGEST_LENGTH];
519 SHA1_Final(digest, &sha1);
520
521 if (memcmp(digest, &plaintext[plaintext_size - SHA_DIGEST_LENGTH],
522 SHA_DIGEST_LENGTH) != 0) {
523 return false;
524 }
525
526 *out_plaintext = base::StringPiece(reinterpret_cast<char*>(plaintext),
527 plaintext_size - SHA_DIGEST_LENGTH);
528 return true;
529 }
530
531 // ParseLiteralData parses a Literal Data packet. See RFC 4880, section 5.9.
532 bool ParseLiteralData(Reader *reader, base::StringPiece *out_data) {
533 uint8 is_binary, filename_len;
534 if (!reader->U8(&is_binary) ||
535 !reader->U8(&filename_len) ||
536 !reader->Skip(filename_len) ||
537 !reader->Skip(sizeof(uint32) /* mtime */)) {
538 return false;
539 }
540
541 *out_data = reader->Remainder();
542 return true;
543 }
544
545 // arena_ contains malloced pointers that are used as temporary space during
546 // the decryption.
547 std::vector<void*> arena_;
548 };
549
550 class Encrypter {
551 public:
552 // ByteString is used throughout in order to avoid signedness issues with a
553 // std::string.
554 typedef std::basic_string<uint8> ByteString;
555
556 static ByteString Encrypt(base::StringPiece plaintext,
557 base::StringPiece passphrase) {
558 ByteString key;
559 ByteString ske = SerializeSymmetricKeyEncrypted(passphrase, &key);
560
561 ByteString literal_data = SerializeLiteralData(plaintext);
562 ByteString se = SerializeSymmetricallyEncrypted(literal_data, key);
563 return ske + se;
564 }
565
566 private:
567 static ByteString MakePacket(uint32 tag, const ByteString& contents) {
568 ByteString header;
569 header.push_back(0x80 | 0x40 | tag);
570
571 if (contents.size() < 192) {
572 header.push_back(contents.size());
573 } else if (contents.size() < 8384) {
574 size_t length = contents.size();
575 length -= 192;
576 header.push_back(192 + (length >> 8));
577 header.push_back(length & 0xff);
578 } else {
579 size_t length = contents.size();
580 header.push_back(255);
581 header.push_back(length >> 24);
582 header.push_back(length >> 16);
583 header.push_back(length >> 8);
584 header.push_back(length);
585 }
586
587 return header + contents;
588 }
589
590 static ByteString SerializeLiteralData(base::StringPiece contents) {
591 ByteString literal_data;
592 literal_data.push_back(0x74); // text mode
593 literal_data.push_back(0x00); // no filename
594 literal_data.push_back(0x00); // zero mtime
595 literal_data.push_back(0x00);
596 literal_data.push_back(0x00);
597 literal_data.push_back(0x00);
598 literal_data += ByteString(reinterpret_cast<const uint8*>(contents.data()),
599 contents.size());
600 return MakePacket(kLiteralDataTag, literal_data);
601 }
602
603 static ByteString SerializeSymmetricKeyEncrypted(base::StringPiece passphrase,
604 ByteString *out_key) {
605 ByteString ske;
606 ske.push_back(4); // version 4
607 ske.push_back(7); // AES-128
608 ske.push_back(3); // iterated and salted S2K
609 ske.push_back(2); // SHA-1
610
611 uint64 salt64 = base::RandUint64();
612 ByteString salt(sizeof(salt64), 0);
613
614 // It's a random value, so endianness doesn't matter.
615 ske += ByteString(reinterpret_cast<uint8*>(&salt64), sizeof(salt64));
616 ske.push_back(96); // iteration count of 65536
617
618 uint8 key[16];
619 SaltedIteratedS2K(
620 sizeof(key), EVP_sha1(), passphrase,
621 base::StringPiece(reinterpret_cast<char*>(&salt64), sizeof(salt64)),
622 65536, key);
623 *out_key = ByteString(key, sizeof(key));
624 return MakePacket(kSymmetricKeyEncryptedTag, ske);
625 }
626
627 static ByteString SerializeSymmetricallyEncrypted(ByteString plaintext,
628 const ByteString& key) {
629 ByteString packet;
630 packet.push_back(1); // version 1
631 static const uint32 kBlockSize = 16; // AES block size
632
633 uint8 prefix[kBlockSize + 2], fre[kBlockSize], iv[kBlockSize];
634 base::RandBytes(iv, kBlockSize);
635 memset(fre, 0, sizeof(fre));
636
637 AES_KEY aes_key;
638 AES_set_encrypt_key(key.data(), 8 * key.size(), &aes_key);
639
640 AES_ecb_encrypt(fre, fre, &aes_key, AES_ENCRYPT);
641 for (uint32 i = 0; i < 16; i++)
642 prefix[i] = iv[i] ^ fre[i];
643 AES_ecb_encrypt(prefix, fre, &aes_key, AES_ENCRYPT);
644 prefix[kBlockSize] = iv[kBlockSize - 2] ^ fre[0];
645 prefix[kBlockSize + 1] = iv[kBlockSize - 1] ^ fre[1];
646
647 packet += ByteString(prefix, sizeof(prefix));
648
649 ByteString plaintext_copy = plaintext;
650 plaintext_copy.push_back(0xd3); // MDC packet
651 plaintext_copy.push_back(20); // packet length (20 bytes)
652
653 SHA_CTX sha1;
654 SHA1_Init(&sha1);
655 SHA1_Update(&sha1, iv, sizeof(iv));
656 SHA1_Update(&sha1, iv + kBlockSize - 2, 2);
657 SHA1_Update(&sha1, plaintext_copy.data(), plaintext_copy.size());
658 uint8 digest[SHA_DIGEST_LENGTH];
659 SHA1_Final(digest, &sha1);
660
661 plaintext_copy += ByteString(digest, sizeof(digest));
662
663 fre[0] = prefix[kBlockSize];
664 fre[1] = prefix[kBlockSize+1];
665 uint32 out_used = 2;
666
667 for (size_t i = 0; i < plaintext_copy.size(); i++) {
668 if (out_used == kBlockSize) {
669 AES_ecb_encrypt(fre, fre, &aes_key, AES_ENCRYPT);
670 out_used = 0;
671 }
672
673 uint8 c = plaintext_copy[i] ^ fre[out_used];
674 fre[out_used++] = c;
675 packet.push_back(c);
676 }
677
678 return MakePacket(kSymmetricallyEncryptedTag, packet);
679 }
680 };
681
682 } // anonymous namespace
683
684 // static
685 OpenPGPSymmetricEncrytion::Result OpenPGPSymmetricEncrytion::Decrypt(
686 base::StringPiece encrypted,
687 base::StringPiece passphrase,
688 std::string *out) {
689 Decrypter decrypter;
690
691 base::StringPiece result;
692 Result reader = decrypter.Decrypt(encrypted, passphrase, &result);
693 if (reader == OK)
694 *out = result.as_string();
695 return reader;
696 }
697
698 // static
699 std::string OpenPGPSymmetricEncrytion::Encrypt(
700 base::StringPiece plaintext,
701 base::StringPiece passphrase) {
702 Encrypter::ByteString b =
703 Encrypter::Encrypt(plaintext, passphrase);
704 return std::string(reinterpret_cast<const char*>(b.data()), b.size());
705 }
706
707 } // namespace crypto
OLDNEW
« no previous file with comments | « crypto/openpgp_symmetric_encryption_nss_unittest.cc ('k') | crypto/openpgp_symmetric_encryption_test_openssl.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698