OLD | NEW |
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "crypto/encryptor.h" | 5 #include "crypto/encryptor.h" |
6 | 6 |
7 #include <openssl/aes.h> | 7 #include <openssl/aes.h> |
8 #include <openssl/evp.h> | 8 #include <openssl/evp.h> |
9 #include <stddef.h> | 9 #include <stddef.h> |
10 #include <stdint.h> | 10 #include <stdint.h> |
11 | 11 |
12 #include "base/logging.h" | 12 #include "base/logging.h" |
13 #include "base/strings/string_util.h" | 13 #include "base/strings/string_util.h" |
14 #include "base/sys_byteorder.h" | 14 #include "base/sys_byteorder.h" |
15 #include "crypto/openssl_util.h" | 15 #include "crypto/openssl_util.h" |
16 #include "crypto/symmetric_key.h" | 16 #include "crypto/symmetric_key.h" |
17 | 17 |
18 namespace crypto { | 18 namespace crypto { |
19 | 19 |
20 namespace { | 20 namespace { |
21 | 21 |
22 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { | 22 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { |
23 switch (key->key().length()) { | 23 switch (key->key().length()) { |
24 case 16: return EVP_aes_128_cbc(); | 24 case 16: return EVP_aes_128_cbc(); |
25 case 32: return EVP_aes_256_cbc(); | 25 case 32: return EVP_aes_256_cbc(); |
26 default: return NULL; | 26 default: |
| 27 return nullptr; |
27 } | 28 } |
28 } | 29 } |
29 | 30 |
30 // On destruction this class will cleanup the ctx, and also clear the OpenSSL | 31 // On destruction this class will cleanup the ctx, and also clear the OpenSSL |
31 // ERR stack as a convenience. | 32 // ERR stack as a convenience. |
32 class ScopedCipherCTX { | 33 class ScopedCipherCTX { |
33 public: | 34 public: |
34 explicit ScopedCipherCTX() { | 35 explicit ScopedCipherCTX() { |
35 EVP_CIPHER_CTX_init(&ctx_); | 36 EVP_CIPHER_CTX_init(&ctx_); |
36 } | 37 } |
(...skipping 40 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
77 memcpy(buf_ptr, &counter_, sizeof(counter_)); | 78 memcpy(buf_ptr, &counter_, sizeof(counter_)); |
78 } | 79 } |
79 | 80 |
80 size_t Encryptor::Counter::GetLengthInBytes() const { | 81 size_t Encryptor::Counter::GetLengthInBytes() const { |
81 return sizeof(counter_); | 82 return sizeof(counter_); |
82 } | 83 } |
83 | 84 |
84 ///////////////////////////////////////////////////////////////////////////// | 85 ///////////////////////////////////////////////////////////////////////////// |
85 // Encryptor Implementation. | 86 // Encryptor Implementation. |
86 | 87 |
87 Encryptor::Encryptor() | 88 Encryptor::Encryptor() : key_(nullptr), mode_(CBC) {} |
88 : key_(NULL), | |
89 mode_(CBC) { | |
90 } | |
91 | 89 |
92 Encryptor::~Encryptor() { | 90 Encryptor::~Encryptor() { |
93 } | 91 } |
94 | 92 |
95 bool Encryptor::Init(SymmetricKey* key, | 93 bool Encryptor::Init(SymmetricKey* key, |
96 Mode mode, | 94 Mode mode, |
97 const base::StringPiece& iv) { | 95 const base::StringPiece& iv) { |
98 DCHECK(key); | 96 DCHECK(key); |
99 DCHECK(mode == CBC || mode == CTR); | 97 DCHECK(mode == CBC || mode == CTR); |
100 | 98 |
101 EnsureOpenSSLInit(); | 99 EnsureOpenSSLInit(); |
102 if (mode == CBC && iv.size() != AES_BLOCK_SIZE) | 100 if (mode == CBC && iv.size() != AES_BLOCK_SIZE) |
103 return false; | 101 return false; |
104 | 102 |
105 if (GetCipherForKey(key) == NULL) | 103 if (GetCipherForKey(key) == nullptr) |
106 return false; | 104 return false; |
107 | 105 |
108 key_ = key; | 106 key_ = key; |
109 mode_ = mode; | 107 mode_ = mode; |
110 iv.CopyToString(&iv_); | 108 iv.CopyToString(&iv_); |
111 return true; | 109 return true; |
112 } | 110 } |
113 | 111 |
114 bool Encryptor::Encrypt(const base::StringPiece& plaintext, | 112 bool Encryptor::Encrypt(const base::StringPiece& plaintext, |
115 std::string* ciphertext) { | 113 std::string* ciphertext) { |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
184 output->clear(); | 182 output->clear(); |
185 | 183 |
186 const EVP_CIPHER* cipher = GetCipherForKey(key_); | 184 const EVP_CIPHER* cipher = GetCipherForKey(key_); |
187 DCHECK(cipher); // Already handled in Init(); | 185 DCHECK(cipher); // Already handled in Init(); |
188 | 186 |
189 const std::string& key = key_->key(); | 187 const std::string& key = key_->key(); |
190 DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length()); | 188 DCHECK_EQ(EVP_CIPHER_iv_length(cipher), iv_.length()); |
191 DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length()); | 189 DCHECK_EQ(EVP_CIPHER_key_length(cipher), key.length()); |
192 | 190 |
193 ScopedCipherCTX ctx; | 191 ScopedCipherCTX ctx; |
194 if (!EVP_CipherInit_ex( | 192 if (!EVP_CipherInit_ex(ctx.get(), cipher, nullptr, |
195 ctx.get(), cipher, NULL, reinterpret_cast<const uint8_t*>(key.data()), | 193 reinterpret_cast<const uint8_t*>(key.data()), |
196 reinterpret_cast<const uint8_t*>(iv_.data()), do_encrypt)) | 194 reinterpret_cast<const uint8_t*>(iv_.data()), |
| 195 do_encrypt)) |
197 return false; | 196 return false; |
198 | 197 |
199 // When encrypting, add another block size of space to allow for any padding. | 198 // When encrypting, add another block size of space to allow for any padding. |
200 const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); | 199 const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); |
201 CHECK_GT(output_size, 0u); | 200 CHECK_GT(output_size, 0u); |
202 CHECK_GT(output_size + 1, input.size()); | 201 CHECK_GT(output_size + 1, input.size()); |
203 uint8_t* out_ptr = | 202 uint8_t* out_ptr = |
204 reinterpret_cast<uint8_t*>(base::WriteInto(&result, output_size + 1)); | 203 reinterpret_cast<uint8_t*>(base::WriteInto(&result, output_size + 1)); |
205 int out_len; | 204 int out_len; |
206 if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, | 205 if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, |
(...skipping 48 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
255 | 254 |
256 // AES_ctr128_encrypt() updates |ivec|. Update the |counter_| here. | 255 // AES_ctr128_encrypt() updates |ivec|. Update the |counter_| here. |
257 SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec), | 256 SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec), |
258 AES_BLOCK_SIZE)); | 257 AES_BLOCK_SIZE)); |
259 | 258 |
260 output->swap(result); | 259 output->swap(result); |
261 return true; | 260 return true; |
262 } | 261 } |
263 | 262 |
264 } // namespace crypto | 263 } // namespace crypto |
OLD | NEW |