| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h" | |
| 6 | |
| 7 #include <pk11pub.h> | |
| 8 #include <secerr.h> | |
| 9 #include <stddef.h> | |
| 10 | |
| 11 #include "base/logging.h" | |
| 12 #include "base/numerics/safe_math.h" | |
| 13 #include "base/strings/string_util.h" | |
| 14 #include "crypto/scoped_nss_types.h" | |
| 15 | |
| 16 namespace gcm { | |
| 17 | |
| 18 bool GCMMessageCryptographer::EncryptDecryptRecordInternal( | |
| 19 Mode mode, | |
| 20 const base::StringPiece& input, | |
| 21 const base::StringPiece& key, | |
| 22 const base::StringPiece& nonce, | |
| 23 std::string* output) const { | |
| 24 DCHECK(output); | |
| 25 | |
| 26 SECItem key_item; | |
| 27 key_item.type = siBuffer; | |
| 28 key_item.data = const_cast<unsigned char*>( | |
| 29 reinterpret_cast<const unsigned char*>(key.data())); | |
| 30 key_item.len = key.size(); | |
| 31 | |
| 32 const CK_ATTRIBUTE_TYPE cka_mode = mode == ENCRYPT ? CKA_ENCRYPT | |
| 33 : CKA_DECRYPT; | |
| 34 | |
| 35 crypto::ScopedPK11Slot slot(PK11_GetInternalSlot()); | |
| 36 crypto::ScopedPK11SymKey aead_key( | |
| 37 PK11_ImportSymKey(slot.get(), CKM_AES_GCM, PK11_OriginUnwrap, cka_mode, | |
| 38 &key_item, nullptr)); | |
| 39 | |
| 40 CK_GCM_PARAMS gcm_params; | |
| 41 gcm_params.pIv = const_cast<unsigned char*>( | |
| 42 reinterpret_cast<const unsigned char*>(nonce.data())); | |
| 43 gcm_params.ulIvLen = nonce.size(); | |
| 44 | |
| 45 gcm_params.pAAD = nullptr; | |
| 46 gcm_params.ulAADLen = 0; | |
| 47 | |
| 48 gcm_params.ulTagBits = kAuthenticationTagBytes * 8; | |
| 49 | |
| 50 SECItem param; | |
| 51 param.type = siBuffer; | |
| 52 param.data = reinterpret_cast<unsigned char*>(&gcm_params); | |
| 53 param.len = sizeof(gcm_params); | |
| 54 | |
| 55 base::CheckedNumeric<size_t> maximum_output_length(input.size()); | |
| 56 if (mode == ENCRYPT) | |
| 57 maximum_output_length += kAuthenticationTagBytes; | |
| 58 | |
| 59 // WriteInto requires the buffer to finish with a NULL-byte. | |
| 60 maximum_output_length += 1; | |
| 61 | |
| 62 unsigned int output_length = 0; | |
| 63 unsigned char* raw_input = const_cast<unsigned char*>( | |
| 64 reinterpret_cast<const unsigned char*>(input.data())); | |
| 65 unsigned char* raw_output = reinterpret_cast<unsigned char*>( | |
| 66 base::WriteInto(output, maximum_output_length.ValueOrDie())); | |
| 67 | |
| 68 if (mode == ENCRYPT) { | |
| 69 if (PK11_Encrypt(aead_key.get(), CKM_AES_GCM, ¶m, raw_output, | |
| 70 &output_length, output->size(), raw_input, | |
| 71 input.size()) != SECSuccess) { | |
| 72 return false; | |
| 73 } | |
| 74 } else { | |
| 75 if (PK11_Decrypt(aead_key.get(), CKM_AES_GCM, ¶m, raw_output, | |
| 76 &output_length, output->size(), raw_input, | |
| 77 input.size()) != SECSuccess) { | |
| 78 return false; | |
| 79 } | |
| 80 } | |
| 81 | |
| 82 base::CheckedNumeric<size_t> expected_output_length(input.size()); | |
| 83 if (mode == ENCRYPT) | |
| 84 expected_output_length += kAuthenticationTagBytes; | |
| 85 else | |
| 86 expected_output_length -= kAuthenticationTagBytes; | |
| 87 | |
| 88 DCHECK_EQ(expected_output_length.ValueOrDie(), output_length); | |
| 89 | |
| 90 output->resize(output_length); | |
| 91 return true; | |
| 92 } | |
| 93 | |
| 94 } // namespace gcm | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master