OLD | NEW |
---|---|
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/openpgp_symmetric_encryption.h" | 5 #include "crypto/openpgp_symmetric_encryption.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <sechash.h> | 9 #include <sechash.h> |
10 #include <cryptohi.h> | 10 #include <cryptohi.h> |
11 | 11 |
12 #include <vector> | 12 #include <vector> |
13 | 13 |
14 #include "base/logging.h" | 14 #include "base/logging.h" |
15 #include "base/rand_util.h" | 15 #include "base/rand_util.h" |
16 #include "base/sha1.h" | |
wtc
2011/09/24 01:39:41
BUG: please undo the changes in this file. This f
| |
16 #include "crypto/scoped_nss_types.h" | 17 #include "crypto/scoped_nss_types.h" |
17 #include "crypto/nss_util.h" | 18 #include "crypto/nss_util.h" |
18 | 19 |
19 namespace crypto { | 20 namespace crypto { |
20 | 21 |
21 namespace { | 22 namespace { |
22 | 23 |
23 // Reader wraps a StringPiece and provides methods to read several datatypes | 24 // Reader wraps a StringPiece and provides methods to read several datatypes |
24 // while advancing the StringPiece. | 25 // while advancing the StringPiece. |
25 class Reader { | 26 class Reader { |
(...skipping 510 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
536 prefix_copy[AES_BLOCK_SIZE - 1] != prefix_copy[AES_BLOCK_SIZE + 1]) { | 537 prefix_copy[AES_BLOCK_SIZE - 1] != prefix_copy[AES_BLOCK_SIZE + 1]) { |
537 return false; | 538 return false; |
538 } | 539 } |
539 | 540 |
540 fre[0] = prefix[AES_BLOCK_SIZE]; | 541 fre[0] = prefix[AES_BLOCK_SIZE]; |
541 fre[1] = prefix[AES_BLOCK_SIZE + 1]; | 542 fre[1] = prefix[AES_BLOCK_SIZE + 1]; |
542 | 543 |
543 unsigned out_used = 2; | 544 unsigned out_used = 2; |
544 | 545 |
545 const size_t plaintext_size = reader->size(); | 546 const size_t plaintext_size = reader->size(); |
546 if (plaintext_size < SHA1_LENGTH + 2) { | 547 if (plaintext_size < kSHA1Length + 2) { |
547 // Too small to contain an MDC trailer. | 548 // Too small to contain an MDC trailer. |
548 return false; | 549 return false; |
549 } | 550 } |
550 | 551 |
551 uint8* plaintext = reinterpret_cast<uint8*>(malloc(plaintext_size)); | 552 uint8* plaintext = reinterpret_cast<uint8*>(malloc(plaintext_size)); |
552 arena_.push_back(plaintext); | 553 arena_.push_back(plaintext); |
553 | 554 |
554 for (size_t i = 0; i < plaintext_size; i++) { | 555 for (size_t i = 0; i < plaintext_size; i++) { |
555 uint8 b; | 556 uint8 b; |
556 if (!reader->U8(&b)) | 557 if (!reader->U8(&b)) |
557 return false; | 558 return false; |
558 if (out_used == AES_BLOCK_SIZE) { | 559 if (out_used == AES_BLOCK_SIZE) { |
559 PK11_CipherOp(decryption_context->get(), fre, &out_len, sizeof(fre), | 560 PK11_CipherOp(decryption_context->get(), fre, &out_len, sizeof(fre), |
560 fre, AES_BLOCK_SIZE); | 561 fre, AES_BLOCK_SIZE); |
561 out_used = 0; | 562 out_used = 0; |
562 } | 563 } |
563 | 564 |
564 plaintext[i] = b ^ fre[out_used]; | 565 plaintext[i] = b ^ fre[out_used]; |
565 fre[out_used++] = b; | 566 fre[out_used++] = b; |
566 } | 567 } |
567 | 568 |
568 // The plaintext should be followed by a Modification Detection Code | 569 // The plaintext should be followed by a Modification Detection Code |
569 // packet. This packet is specified such that the header is always | 570 // packet. This packet is specified such that the header is always |
570 // serialized as exactly these two bytes: | 571 // serialized as exactly these two bytes: |
571 if (plaintext[plaintext_size - SHA1_LENGTH - 2] != 0xd3 || | 572 if (plaintext[plaintext_size - kSHA1Length - 2] != 0xd3 || |
572 plaintext[plaintext_size - SHA1_LENGTH - 1] != 0x14) { | 573 plaintext[plaintext_size - kSHA1Length - 1] != 0x14) { |
573 return false; | 574 return false; |
574 } | 575 } |
575 | 576 |
576 HASHContext* hash_context = HASH_Create(HASH_AlgSHA1); | 577 HASHContext* hash_context = HASH_Create(HASH_AlgSHA1); |
577 HASH_Begin(hash_context); | 578 HASH_Begin(hash_context); |
578 HASH_Update(hash_context, prefix_copy, sizeof(prefix_copy)); | 579 HASH_Update(hash_context, prefix_copy, sizeof(prefix_copy)); |
579 HASH_Update(hash_context, plaintext, plaintext_size - SHA1_LENGTH); | 580 HASH_Update(hash_context, plaintext, plaintext_size - kSHA1Length); |
580 uint8 digest[SHA1_LENGTH]; | 581 uint8 digest[kSHA1Length]; |
581 unsigned num_hash_bytes; | 582 unsigned num_hash_bytes; |
582 HASH_End(hash_context, digest, &num_hash_bytes, sizeof(digest)); | 583 HASH_End(hash_context, digest, &num_hash_bytes, sizeof(digest)); |
583 HASH_Destroy(hash_context); | 584 HASH_Destroy(hash_context); |
584 | 585 |
585 if (memcmp(digest, &plaintext[plaintext_size - SHA1_LENGTH], | 586 if (memcmp(digest, &plaintext[plaintext_size - kSHA1Length], |
586 SHA1_LENGTH) != 0) { | 587 kSHA1Length) != 0) { |
587 return false; | 588 return false; |
588 } | 589 } |
589 | 590 |
590 *out_plaintext = base::StringPiece(reinterpret_cast<char*>(plaintext), | 591 *out_plaintext = base::StringPiece(reinterpret_cast<char*>(plaintext), |
591 plaintext_size - SHA1_LENGTH); | 592 plaintext_size - kSHA1Length); |
592 return true; | 593 return true; |
593 } | 594 } |
594 | 595 |
595 // ParseLiteralData parses a Literal Data packet. See RFC 4880, section 5.9. | 596 // ParseLiteralData parses a Literal Data packet. See RFC 4880, section 5.9. |
596 bool ParseLiteralData(Reader *reader, base::StringPiece *out_data) { | 597 bool ParseLiteralData(Reader *reader, base::StringPiece *out_data) { |
597 uint8 is_binary, filename_len; | 598 uint8 is_binary, filename_len; |
598 if (!reader->U8(&is_binary) || | 599 if (!reader->U8(&is_binary) || |
599 !reader->U8(&filename_len) || | 600 !reader->U8(&filename_len) || |
600 !reader->Skip(filename_len) || | 601 !reader->Skip(filename_len) || |
601 !reader->Skip(sizeof(uint32) /* mtime */)) { | 602 !reader->Skip(sizeof(uint32) /* mtime */)) { |
(...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
729 | 730 |
730 ByteString plaintext_copy = plaintext; | 731 ByteString plaintext_copy = plaintext; |
731 plaintext_copy.push_back(0xd3); // MDC packet | 732 plaintext_copy.push_back(0xd3); // MDC packet |
732 plaintext_copy.push_back(20); // packet length (20 bytes) | 733 plaintext_copy.push_back(20); // packet length (20 bytes) |
733 | 734 |
734 HASHContext* hash_context = HASH_Create(HASH_AlgSHA1); | 735 HASHContext* hash_context = HASH_Create(HASH_AlgSHA1); |
735 HASH_Begin(hash_context); | 736 HASH_Begin(hash_context); |
736 HASH_Update(hash_context, iv, sizeof(iv)); | 737 HASH_Update(hash_context, iv, sizeof(iv)); |
737 HASH_Update(hash_context, iv + kBlockSize - 2, 2); | 738 HASH_Update(hash_context, iv + kBlockSize - 2, 2); |
738 HASH_Update(hash_context, plaintext_copy.data(), plaintext_copy.size()); | 739 HASH_Update(hash_context, plaintext_copy.data(), plaintext_copy.size()); |
739 uint8 digest[SHA1_LENGTH]; | 740 uint8 digest[kSHA1Length]; |
740 unsigned num_hash_bytes; | 741 unsigned num_hash_bytes; |
741 HASH_End(hash_context, digest, &num_hash_bytes, sizeof(digest)); | 742 HASH_End(hash_context, digest, &num_hash_bytes, sizeof(digest)); |
742 HASH_Destroy(hash_context); | 743 HASH_Destroy(hash_context); |
743 | 744 |
744 plaintext_copy += ByteString(digest, sizeof(digest)); | 745 plaintext_copy += ByteString(digest, sizeof(digest)); |
745 | 746 |
746 fre[0] = prefix[kBlockSize]; | 747 fre[0] = prefix[kBlockSize]; |
747 fre[1] = prefix[kBlockSize+1]; | 748 fre[1] = prefix[kBlockSize+1]; |
748 unsigned out_used = 2; | 749 unsigned out_used = 2; |
749 | 750 |
(...skipping 35 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
785 base::StringPiece plaintext, | 786 base::StringPiece plaintext, |
786 base::StringPiece passphrase) { | 787 base::StringPiece passphrase) { |
787 EnsureNSSInit(); | 788 EnsureNSSInit(); |
788 | 789 |
789 Encrypter::ByteString b = | 790 Encrypter::ByteString b = |
790 Encrypter::Encrypt(plaintext, passphrase); | 791 Encrypter::Encrypt(plaintext, passphrase); |
791 return std::string(reinterpret_cast<const char*>(b.data()), b.size()); | 792 return std::string(reinterpret_cast<const char*>(b.data()), b.size()); |
792 } | 793 } |
793 | 794 |
794 } // namespace crypto | 795 } // namespace crypto |
OLD | NEW |