diff options
Diffstat (limited to 'base/crypto/encryptor_openssl.cc')
| -rw-r--r-- | base/crypto/encryptor_openssl.cc | 103 |
1 files changed, 97 insertions, 6 deletions
diff --git a/base/crypto/encryptor_openssl.cc b/base/crypto/encryptor_openssl.cc index 71a84be..6b08bd6 100644 --- a/base/crypto/encryptor_openssl.cc +++ b/base/crypto/encryptor_openssl.cc @@ -4,10 +4,46 @@ #include "base/crypto/encryptor.h" +#include <openssl/aes.h> +#include <openssl/evp.h> + +#include "base/crypto/symmetric_key.h" #include "base/logging.h" +#include "base/openssl_util.h" +#include "base/string_util.h" namespace base { +namespace { + +const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { + switch (key->key().length()) { + case 16: return EVP_aes_128_cbc(); + case 24: return EVP_aes_192_cbc(); + case 32: return EVP_aes_256_cbc(); + default: return NULL; + } +} + +// On destruction this class will cleanup the ctx, and also clear the OpenSSL +// ERR stack as a convenience. +class ScopedCipherCTX { + public: + explicit ScopedCipherCTX() { + EVP_CIPHER_CTX_init(&ctx_); + } + ~ScopedCipherCTX() { + EVP_CIPHER_CTX_cleanup(&ctx_); + ClearOpenSSLERRStack(); + } + EVP_CIPHER_CTX* get() { return &ctx_; } + + private: + EVP_CIPHER_CTX ctx_; +}; + +} // namespace + Encryptor::Encryptor() { } @@ -15,18 +51,73 @@ Encryptor::~Encryptor() { } bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) { - NOTIMPLEMENTED(); - return false; + DCHECK(key); + DCHECK_EQ(CBC, mode); + + if (iv.size() != AES_BLOCK_SIZE) + return false; + + if (GetCipherForKey(key) == NULL) + return false; + + key_ = key; + mode_ = mode; + iv_ = iv; + return true; } bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) { - NOTIMPLEMENTED(); - return false; + return Crypt(true, plaintext, ciphertext); } bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) { - NOTIMPLEMENTED(); - return false; + return Crypt(false, ciphertext, plaintext); +} + +bool Encryptor::Crypt(bool do_encrypt, + const std::string& input, + std::string* output) { + // Work on the result in a local variable, and then only transfer it to + // |output| on success to ensure no partial data is returned. + std::string result; + output->swap(result); + + const EVP_CIPHER* cipher = GetCipherForKey(key_); + DCHECK(cipher); // Already handled in Init(); + + const std::string& key = key_->key(); + DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length())); + DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length())); + + ScopedCipherCTX ctx; + if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL, + reinterpret_cast<const uint8*>(key.data()), + reinterpret_cast<const uint8*>(iv_.data()), + do_encrypt)) + return false; + + // When encrypting, add another block size of space to allow for any padding. + const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); + uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, + output_size + 1)); + int out_len; + if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, + reinterpret_cast<const uint8*>(input.data()), + input.length())) + return false; + + // Write out the final block plus padding (if any) to the end of the data + // just written. + int tail_len; + if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len)) + return false; + + out_len += tail_len; + DCHECK_LE(out_len, static_cast<int>(output_size)); + result.resize(out_len); + + output->swap(result); + return true; } } // namespace base |