1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef CRYPTO_ENCRYPTOR_H_
#define CRYPTO_ENCRYPTOR_H_
#include <string>
#include "base/basictypes.h"
#include "base/memory/scoped_ptr.h"
#include "base/string_piece.h"
#include "build/build_config.h"
#include "crypto/crypto_export.h"
#if defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
#include "crypto/scoped_nss_types.h"
#endif
namespace crypto {
class SymmetricKey;
class CRYPTO_EXPORT Encryptor {
public:
enum Mode {
CBC,
CTR,
};
// This class implements a 128-bits counter to be used in AES-CTR encryption.
// Only 128-bits counter is supported in this class.
class CRYPTO_EXPORT Counter {
public:
explicit Counter(const base::StringPiece& counter);
~Counter();
// Increment the counter value.
bool Increment();
// Write the content of the counter to |buf|. |buf| should have enough
// space for |GetLengthInBytes()|.
void Write(void* buf);
// Return the length of this counter.
size_t GetLengthInBytes() const;
private:
union {
uint32 components32[4];
uint64 components64[2];
} counter_;
};
Encryptor();
virtual ~Encryptor();
// Initializes the encryptor using |key| and |iv|. Returns false if either the
// key or the initialization vector cannot be used.
//
// If |mode| is CBC, |iv| must not be empty; if it is CTR, then |iv| must be
// empty.
bool Init(SymmetricKey* key, Mode mode, const base::StringPiece& iv);
// Encrypts |plaintext| into |ciphertext|. |plaintext| may only be empty if
// the mode is CBC.
bool Encrypt(const base::StringPiece& plaintext, std::string* ciphertext);
// Decrypts |ciphertext| into |plaintext|. |ciphertext| must not be empty.
//
// WARNING: In CBC mode, Decrypt() returns false if it detects the padding
// in the decrypted plaintext is wrong. Padding errors can result from
// tampered ciphertext or a wrong decryption key. But successful decryption
// does not imply the authenticity of the data. The caller of Decrypt()
// must either authenticate the ciphertext before decrypting it, or take
// care to not report decryption failure. Otherwise it could inadvertently
// be used as a padding oracle to attack the cryptosystem.
bool Decrypt(const base::StringPiece& ciphertext, std::string* plaintext);
// Sets the counter value when in CTR mode. Currently only 128-bits
// counter value is supported.
//
// Returns true only if update was successful.
bool SetCounter(const base::StringPiece& counter);
// TODO(albertb): Support streaming encryption.
private:
// Generates a mask using |counter_| to be used for encryption in CTR mode.
// Resulting mask will be written to |mask| with |mask_len| bytes.
//
// Make sure there's enough space in mask when calling this method.
// Reserve at least |plaintext_len| + 16 bytes for |mask|.
//
// The generated mask will always have at least |plaintext_len| bytes and
// will be a multiple of the counter length.
//
// This method is used only in CTR mode.
//
// Returns false if this call failed.
bool GenerateCounterMask(size_t plaintext_len,
uint8* mask,
size_t* mask_len);
// Mask the |plaintext| message using |mask|. The output will be written to
// |ciphertext|. |ciphertext| must have at least |plaintext_len| bytes.
void MaskMessage(const void* plaintext,
size_t plaintext_len,
const void* mask,
void* ciphertext) const;
SymmetricKey* key_;
Mode mode_;
scoped_ptr<Counter> counter_;
#if defined(USE_OPENSSL)
bool Crypt(bool encrypt, // Pass true to encrypt, false to decrypt.
const base::StringPiece& input,
std::string* output);
std::string iv_;
#elif defined(USE_NSS) || defined(OS_WIN) || defined(OS_MACOSX)
bool Crypt(PK11Context* context,
const base::StringPiece& input,
std::string* output);
bool CryptCTR(PK11Context* context,
const base::StringPiece& input,
std::string* output);
ScopedPK11Slot slot_;
ScopedSECItem param_;
#endif
};
} // namespace crypto
#endif // CRYPTO_ENCRYPTOR_H_
|