1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "crypto/encryptor.h" 6 7 #include <openssl/aes.h> 8 #include <openssl/evp.h> 9 10 #include "base/logging.h" 11 #include "base/strings/string_util.h" 12 #include "crypto/openssl_util.h" 13 #include "crypto/symmetric_key.h" 14 15 namespace crypto { 16 17 namespace { 18 19 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) { 20 switch (key->key().length()) { 21 case 16: return EVP_aes_128_cbc(); 22 case 24: return EVP_aes_192_cbc(); 23 case 32: return EVP_aes_256_cbc(); 24 default: return NULL; 25 } 26 } 27 28 // On destruction this class will cleanup the ctx, and also clear the OpenSSL 29 // ERR stack as a convenience. 30 class ScopedCipherCTX { 31 public: 32 explicit ScopedCipherCTX() { 33 EVP_CIPHER_CTX_init(&ctx_); 34 } 35 ~ScopedCipherCTX() { 36 EVP_CIPHER_CTX_cleanup(&ctx_); 37 ClearOpenSSLERRStack(FROM_HERE); 38 } 39 EVP_CIPHER_CTX* get() { return &ctx_; } 40 41 private: 42 EVP_CIPHER_CTX ctx_; 43 }; 44 45 } // namespace 46 47 Encryptor::Encryptor() 48 : key_(NULL), 49 mode_(CBC) { 50 } 51 52 Encryptor::~Encryptor() { 53 } 54 55 bool Encryptor::Init(SymmetricKey* key, 56 Mode mode, 57 const base::StringPiece& iv) { 58 DCHECK(key); 59 DCHECK(mode == CBC || mode == CTR); 60 61 EnsureOpenSSLInit(); 62 if (mode == CBC && iv.size() != AES_BLOCK_SIZE) 63 return false; 64 65 if (GetCipherForKey(key) == NULL) 66 return false; 67 68 key_ = key; 69 mode_ = mode; 70 iv.CopyToString(&iv_); 71 return true; 72 } 73 74 bool Encryptor::Encrypt(const base::StringPiece& plaintext, 75 std::string* ciphertext) { 76 CHECK(!plaintext.empty() || (mode_ == CBC)); 77 return (mode_ == CTR) ? 78 CryptCTR(true, plaintext, ciphertext) : 79 Crypt(true, plaintext, ciphertext); 80 } 81 82 bool Encryptor::Decrypt(const base::StringPiece& ciphertext, 83 std::string* plaintext) { 84 CHECK(!ciphertext.empty()); 85 return (mode_ == CTR) ? 86 CryptCTR(false, ciphertext, plaintext) : 87 Crypt(false, ciphertext, plaintext); 88 } 89 90 bool Encryptor::Crypt(bool do_encrypt, 91 const base::StringPiece& input, 92 std::string* output) { 93 DCHECK(key_); // Must call Init() before En/De-crypt. 94 // Work on the result in a local variable, and then only transfer it to 95 // |output| on success to ensure no partial data is returned. 96 std::string result; 97 output->clear(); 98 99 const EVP_CIPHER* cipher = GetCipherForKey(key_); 100 DCHECK(cipher); // Already handled in Init(); 101 102 const std::string& key = key_->key(); 103 DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length())); 104 DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length())); 105 106 ScopedCipherCTX ctx; 107 if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL, 108 reinterpret_cast<const uint8*>(key.data()), 109 reinterpret_cast<const uint8*>(iv_.data()), 110 do_encrypt)) 111 return false; 112 113 // When encrypting, add another block size of space to allow for any padding. 114 const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0); 115 CHECK_GT(output_size, 0u); 116 CHECK_GT(output_size + 1, input.size()); 117 uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, 118 output_size + 1)); 119 int out_len; 120 if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len, 121 reinterpret_cast<const uint8*>(input.data()), 122 input.length())) 123 return false; 124 125 // Write out the final block plus padding (if any) to the end of the data 126 // just written. 127 int tail_len; 128 if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len)) 129 return false; 130 131 out_len += tail_len; 132 DCHECK_LE(out_len, static_cast<int>(output_size)); 133 result.resize(out_len); 134 135 output->swap(result); 136 return true; 137 } 138 139 bool Encryptor::CryptCTR(bool do_encrypt, 140 const base::StringPiece& input, 141 std::string* output) { 142 if (!counter_.get()) { 143 LOG(ERROR) << "Counter value not set in CTR mode."; 144 return false; 145 } 146 147 AES_KEY aes_key; 148 if (AES_set_encrypt_key(reinterpret_cast<const uint8*>(key_->key().data()), 149 key_->key().size() * 8, &aes_key) != 0) { 150 return false; 151 } 152 153 const size_t out_size = input.size(); 154 CHECK_GT(out_size, 0u); 155 CHECK_GT(out_size + 1, input.size()); 156 157 std::string result; 158 uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, out_size + 1)); 159 160 uint8_t ivec[AES_BLOCK_SIZE] = { 0 }; 161 uint8_t ecount_buf[AES_BLOCK_SIZE] = { 0 }; 162 unsigned int block_offset = 0; 163 164 counter_->Write(ivec); 165 166 AES_ctr128_encrypt(reinterpret_cast<const uint8*>(input.data()), out_ptr, 167 input.size(), &aes_key, ivec, ecount_buf, &block_offset); 168 169 // AES_ctr128_encrypt() updates |ivec|. Update the |counter_| here. 170 SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec), 171 AES_BLOCK_SIZE)); 172 173 output->swap(result); 174 return true; 175 } 176 177 } // namespace crypto 178
