diff options
author | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-24 20:46:06 +0000 |
---|---|---|
committer | hclam@chromium.org <hclam@chromium.org@0039d316-1c4b-4281-b951-d872f2087c98> | 2011-06-24 20:46:06 +0000 |
commit | 2377cdee7b2d027acf4dea98d747637b94213ff1 (patch) | |
tree | f423ef27f7bb0f7e20475746fce8061c4ab1bb25 /crypto/encryptor.h | |
parent | 93fdd2501f8714dbf1b120a4a276027e7c633d74 (diff) | |
download | chromium_src-2377cdee7b2d027acf4dea98d747637b94213ff1.zip chromium_src-2377cdee7b2d027acf4dea98d747637b94213ff1.tar.gz chromium_src-2377cdee7b2d027acf4dea98d747637b94213ff1.tar.bz2 |
Implement AES-CTR for NSS.
Implement AES-128-CTR.
BUG=87152
TEST=None
Review URL: http://codereview.chromium.org/7056026
git-svn-id: svn://svn.chromium.org/chrome/trunk/src@90425 0039d316-1c4b-4281-b951-d872f2087c98
Diffstat (limited to 'crypto/encryptor.h')
-rw-r--r-- | crypto/encryptor.h | 68 |
1 files changed, 67 insertions, 1 deletions
diff --git a/crypto/encryptor.h b/crypto/encryptor.h index 0fdf758..712a19c 100644 --- a/crypto/encryptor.h +++ b/crypto/encryptor.h @@ -8,6 +8,8 @@ #include <string> +#include "base/basictypes.h" +#include "base/scoped_ptr.h" #include "build/build_config.h" #include "crypto/crypto_api.h" @@ -24,13 +26,41 @@ class SymmetricKey; class CRYPTO_API Encryptor { public: enum Mode { - CBC + CBC, + CTR, }; + + // This class implements a 128-bits counter to be used in AES-CTR encryption. + // Only 128-bits counter is supported in this class. + class Counter { + public: + Counter(const std::string& counter); + ~Counter(); + + // Increment the counter value. + bool Increment(); + + // Write the content of the counter to |buf|. |buf| should have enough + // space for |GetLengthInBytes()|. + void Write(void* buf); + + // Return the length of this counter. + size_t GetLengthInBytes() const; + + private: + union { + uint32 components32[4]; + uint64 components64[2]; + } counter_; + }; + Encryptor(); virtual ~Encryptor(); // Initializes the encryptor using |key| and |iv|. Returns false if either the // key or the initialization vector cannot be used. + // + // When |mode| is CTR then |iv| should be empty. bool Init(SymmetricKey* key, Mode mode, const std::string& iv); // Encrypts |plaintext| into |ciphertext|. @@ -39,11 +69,41 @@ class CRYPTO_API Encryptor { // Decrypts |ciphertext| into |plaintext|. bool Decrypt(const std::string& ciphertext, std::string* plaintext); + // Sets the counter value when in CTR mode. Currently only 128-bits + // counter value is supported. + // + // Returns true only if update was successful. + bool SetCounter(const std::string& counter); + // TODO(albertb): Support streaming encryption. private: + // Generates a mask using |counter_| to be used for encryption in CTR mode. + // Resulting mask will be written to |mask| with |mask_len| bytes. + // + // Make sure there's enough space in mask when calling this method. + // Reserve at least |plaintext_len| + 16 bytes for |mask|. + // + // The generated mask will always have at least |plaintext_len| bytes and + // will be a multiple of the counter length. + // + // This method is used only in CTR mode. + // + // Returns false if this call failed. + bool GenerateCounterMask(size_t plaintext_len, + uint8* mask, + size_t* mask_len); + + // Mask the |plaintext| message using |mask|. The output will be written to + // |ciphertext|. |ciphertext| must have at least |plaintext_len| bytes. + void MaskMessage(const void* plaintext, + size_t plaintext_len, + const void* mask, + void* ciphertext) const; + SymmetricKey* key_; Mode mode_; + scoped_ptr<Counter> counter_; #if defined(USE_OPENSSL) bool Crypt(bool encrypt, // Pass true to encrypt, false to decrypt. @@ -51,6 +111,12 @@ class CRYPTO_API Encryptor { std::string* output); std::string iv_; #elif defined(USE_NSS) + bool Crypt(PK11Context* context, + const std::string& input, + std::string* output); + bool CryptCTR(PK11Context* context, + const std::string& input, + std::string* output); ScopedPK11Slot slot_; ScopedSECItem param_; #elif defined(OS_MACOSX) |