Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 1 | // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "crypto/encryptor.h" |
| 6 | |
| 7 | #include <openssl/aes.h> |
| 8 | #include <openssl/evp.h> |
| 9 | |
| 10 | #include "base/logging.h" |
Torne (Richard Coles) | 868fa2f | 2013-06-11 10:57:03 +0100 | [diff] [blame] | 11 | #include "base/strings/string_util.h" |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 12 | #include "crypto/openssl_util.h" |
| 13 | #include "crypto/symmetric_key.h" |
| 14 | |
| 15 | namespace crypto { |
| 16 | |
| 17 | namespace { |
| 18 | |
| 19 | const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { |
| 20 | switch (key->key().length()) { |
| 21 | case 16: return EVP_aes_128_cbc(); |
| 22 | case 24: return EVP_aes_192_cbc(); |
| 23 | case 32: return EVP_aes_256_cbc(); |
| 24 | default: return NULL; |
| 25 | } |
| 26 | } |
| 27 | |
| 28 | // On destruction this class will cleanup the ctx, and also clear the OpenSSL |
| 29 | // ERR stack as a convenience. |
| 30 | class ScopedCipherCTX { |
| 31 | public: |
| 32 | explicit ScopedCipherCTX() { |
| 33 | EVP_CIPHER_CTX_init(&ctx_); |
| 34 | } |
| 35 | ~ScopedCipherCTX() { |
| 36 | EVP_CIPHER_CTX_cleanup(&ctx_); |
| 37 | ClearOpenSSLERRStack(FROM_HERE); |
| 38 | } |
| 39 | EVP_CIPHER_CTX* get() { return &ctx_; } |
| 40 | |
| 41 | private: |
| 42 | EVP_CIPHER_CTX ctx_; |
| 43 | }; |
| 44 | |
| 45 | } // namespace |
| 46 | |
| 47 | Encryptor::Encryptor() |
| 48 | : key_(NULL), |
| 49 | mode_(CBC) { |
| 50 | } |
| 51 | |
| 52 | Encryptor::~Encryptor() { |
| 53 | } |
| 54 | |
| 55 | bool Encryptor::Init(SymmetricKey* key, |
| 56 | Mode mode, |
| 57 | const base::StringPiece& iv) { |
| 58 | DCHECK(key); |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 59 | DCHECK(mode == CBC || mode == CTR); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 60 | |
| 61 | EnsureOpenSSLInit(); |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 62 | if (mode == CBC && iv.size() != AES_BLOCK_SIZE) |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 63 | return false; |
| 64 | |
| 65 | if (GetCipherForKey(key) == NULL) |
| 66 | return false; |
| 67 | |
| 68 | key_ = key; |
| 69 | mode_ = mode; |
| 70 | iv.CopyToString(&iv_); |
| 71 | return true; |
| 72 | } |
| 73 | |
| 74 | bool Encryptor::Encrypt(const base::StringPiece& plaintext, |
| 75 | std::string* ciphertext) { |
| 76 | CHECK(!plaintext.empty() || (mode_ == CBC)); |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 77 | return (mode_ == CTR) ? |
| 78 | CryptCTR(true, plaintext, ciphertext) : |
| 79 | Crypt(true, plaintext, ciphertext); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 80 | } |
| 81 | |
| 82 | bool Encryptor::Decrypt(const base::StringPiece& ciphertext, |
| 83 | std::string* plaintext) { |
| 84 | CHECK(!ciphertext.empty()); |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 85 | return (mode_ == CTR) ? |
| 86 | CryptCTR(false, ciphertext, plaintext) : |
| 87 | Crypt(false, ciphertext, plaintext); |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 88 | } |
| 89 | |
| 90 | bool Encryptor::Crypt(bool do_encrypt, |
| 91 | const base::StringPiece& input, |
| 92 | std::string* output) { |
| 93 | DCHECK(key_); // Must call Init() before En/De-crypt. |
| 94 | // Work on the result in a local variable, and then only transfer it to |
| 95 | // |output| on success to ensure no partial data is returned. |
| 96 | std::string result; |
| 97 | output->clear(); |
| 98 | |
| 99 | const EVP_CIPHER* cipher = GetCipherForKey(key_); |
| 100 | DCHECK(cipher); // Already handled in Init(); |
| 101 | |
| 102 | const std::string& key = key_->key(); |
| 103 | DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length())); |
| 104 | DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length())); |
| 105 | |
| 106 | ScopedCipherCTX ctx; |
| 107 | if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL, |
| 108 | reinterpret_cast<const uint8*>(key.data()), |
| 109 | reinterpret_cast<const uint8*>(iv_.data()), |
| 110 | do_encrypt)) |
| 111 | return false; |
| 112 | |
| 113 | // When encrypting, add another block size of space to allow for any padding. |
| 114 | const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); |
| 115 | CHECK_GT(output_size, 0u); |
| 116 | CHECK_GT(output_size + 1, input.size()); |
| 117 | uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, |
| 118 | output_size + 1)); |
| 119 | int out_len; |
| 120 | if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, |
| 121 | reinterpret_cast<const uint8*>(input.data()), |
| 122 | input.length())) |
| 123 | return false; |
| 124 | |
| 125 | // Write out the final block plus padding (if any) to the end of the data |
| 126 | // just written. |
| 127 | int tail_len; |
| 128 | if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len)) |
| 129 | return false; |
| 130 | |
| 131 | out_len += tail_len; |
| 132 | DCHECK_LE(out_len, static_cast<int>(output_size)); |
| 133 | result.resize(out_len); |
| 134 | |
| 135 | output->swap(result); |
| 136 | return true; |
| 137 | } |
| 138 | |
Torne (Richard Coles) | 7d4cd47 | 2013-06-19 11:58:07 +0100 | [diff] [blame] | 139 | bool Encryptor::CryptCTR(bool do_encrypt, |
| 140 | const base::StringPiece& input, |
| 141 | std::string* output) { |
| 142 | if (!counter_.get()) { |
| 143 | LOG(ERROR) << "Counter value not set in CTR mode."; |
| 144 | return false; |
| 145 | } |
| 146 | |
| 147 | AES_KEY aes_key; |
| 148 | if (AES_set_encrypt_key(reinterpret_cast<const uint8*>(key_->key().data()), |
| 149 | key_->key().size() * 8, &aes_key) != 0) { |
| 150 | return false; |
| 151 | } |
| 152 | |
| 153 | const size_t out_size = input.size(); |
| 154 | CHECK_GT(out_size, 0u); |
| 155 | CHECK_GT(out_size + 1, input.size()); |
| 156 | |
| 157 | std::string result; |
| 158 | uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, out_size + 1)); |
| 159 | |
| 160 | uint8_t ivec[AES_BLOCK_SIZE] = { 0 }; |
| 161 | uint8_t ecount_buf[AES_BLOCK_SIZE] = { 0 }; |
| 162 | unsigned int block_offset = 0; |
| 163 | |
| 164 | counter_->Write(ivec); |
| 165 | |
| 166 | AES_ctr128_encrypt(reinterpret_cast<const uint8*>(input.data()), out_ptr, |
| 167 | input.size(), &aes_key, ivec, ecount_buf, &block_offset); |
| 168 | |
| 169 | // AES_ctr128_encrypt() updates |ivec|. Update the |counter_| here. |
| 170 | SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec), |
| 171 | AES_BLOCK_SIZE)); |
| 172 | |
| 173 | output->swap(result); |
| 174 | return true; |
| 175 | } |
| 176 | |
Torne (Richard Coles) | 5821806 | 2012-11-14 11:43:16 +0000 | [diff] [blame] | 177 | } // namespace crypto |