1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
|
// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/encryptor.h"
#include <cryptohi.h>
#include <vector>
#include "base/logging.h"
#include "crypto/nss_util.h"
#include "crypto/symmetric_key.h"
namespace crypto {
Encryptor::Encryptor()
: key_(NULL),
mode_(CBC) {
EnsureNSSInit();
}
Encryptor::~Encryptor() {
}
bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
DCHECK(key);
DCHECK_EQ(CBC, mode);
key_ = key;
mode_ = mode;
if (iv.size() != AES_BLOCK_SIZE)
return false;
slot_.reset(PK11_GetBestSlot(CKM_AES_CBC_PAD, NULL));
if (!slot_.get())
return false;
SECItem iv_item;
iv_item.type = siBuffer;
iv_item.data = reinterpret_cast<unsigned char*>(
const_cast<char *>(iv.data()));
iv_item.len = iv.size();
param_.reset(PK11_ParamFromIV(CKM_AES_CBC_PAD, &iv_item));
if (!param_.get())
return false;
return true;
}
bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
CKA_ENCRYPT,
key_->key(),
param_.get()));
if (!context.get())
return false;
size_t ciphertext_len = plaintext.size() + AES_BLOCK_SIZE;
std::vector<unsigned char> buffer(ciphertext_len);
int op_len;
SECStatus rv = PK11_CipherOp(context.get(),
&buffer[0],
&op_len,
ciphertext_len,
reinterpret_cast<unsigned char*>(
const_cast<char*>(plaintext.data())),
plaintext.size());
if (SECSuccess != rv)
return false;
unsigned int digest_len;
rv = PK11_DigestFinal(context.get(),
&buffer[op_len],
&digest_len,
ciphertext_len - op_len);
if (SECSuccess != rv)
return false;
ciphertext->assign(reinterpret_cast<char *>(&buffer[0]),
op_len + digest_len);
return true;
}
bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
if (ciphertext.empty())
return false;
ScopedPK11Context context(PK11_CreateContextBySymKey(CKM_AES_CBC_PAD,
CKA_DECRYPT,
key_->key(),
param_.get()));
if (!context.get())
return false;
size_t plaintext_len = ciphertext.size();
std::vector<unsigned char> buffer(plaintext_len);
int op_len;
SECStatus rv = PK11_CipherOp(context.get(),
&buffer[0],
&op_len,
plaintext_len,
reinterpret_cast<unsigned char*>(
const_cast<char*>(ciphertext.data())),
ciphertext.size());
if (SECSuccess != rv)
return false;
unsigned int digest_len;
rv = PK11_DigestFinal(context.get(),
&buffer[op_len],
&digest_len,
plaintext_len - op_len);
if (SECSuccess != rv)
return false;
plaintext->assign(reinterpret_cast<char *>(&buffer[0]),
op_len + digest_len);
return true;
}
} // namespace crypto
|