This source file includes following definitions.
- GetCipherForKey
- get
- mode_
- Init
- Decrypt
- Crypt
- CryptCTR
#include "crypto/encryptor.h"
#include <openssl/aes.h>
#include <openssl/evp.h>
#include "base/logging.h"
#include "base/strings/string_util.h"
#include "crypto/openssl_util.h"
#include "crypto/symmetric_key.h"
namespace crypto {
namespace {
const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
switch (key->key().length()) {
case 16: return EVP_aes_128_cbc();
case 24: return EVP_aes_192_cbc();
case 32: return EVP_aes_256_cbc();
default: return NULL;
}
}
class ScopedCipherCTX {
public:
explicit ScopedCipherCTX() {
EVP_CIPHER_CTX_init(&ctx_);
}
~ScopedCipherCTX() {
EVP_CIPHER_CTX_cleanup(&ctx_);
ClearOpenSSLERRStack(FROM_HERE);
}
EVP_CIPHER_CTX* get() { return &ctx_; }
private:
EVP_CIPHER_CTX ctx_;
};
}
Encryptor::Encryptor()
: key_(NULL),
mode_(CBC) {
}
Encryptor::~Encryptor() {
}
bool Encryptor::Init(SymmetricKey* key,
Mode mode,
const base::StringPiece& iv) {
DCHECK(key);
DCHECK(mode == CBC || mode == CTR);
EnsureOpenSSLInit();
if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
return false;
if (GetCipherForKey(key) == NULL)
return false;
key_ = key;
mode_ = mode;
iv.CopyToString(&iv_);
return true;
}
bool Encryptor::Encrypt(const base::StringPiece& plaintext,
std::string* ciphertext) {
CHECK(!plaintext.empty() || (mode_ == CBC));
return (mode_ == CTR) ?
CryptCTR(true, plaintext, ciphertext) :
Crypt(true, plaintext, ciphertext);
}
bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
std::string* plaintext) {
CHECK(!ciphertext.empty());
return (mode_ == CTR) ?
CryptCTR(false, ciphertext, plaintext) :
Crypt(false, ciphertext, plaintext);
}
bool Encryptor::Crypt(bool do_encrypt,
const base::StringPiece& input,
std::string* output) {
DCHECK(key_);
std::string result;
output->clear();
const EVP_CIPHER* cipher = GetCipherForKey(key_);
DCHECK(cipher);
const std::string& key = key_->key();
DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
ScopedCipherCTX ctx;
if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,
reinterpret_cast<const uint8*>(key.data()),
reinterpret_cast<const uint8*>(iv_.data()),
do_encrypt))
return false;
const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0);
CHECK_GT(output_size, 0u);
CHECK_GT(output_size + 1, input.size());
uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result,
output_size + 1));
int out_len;
if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len,
reinterpret_cast<const uint8*>(input.data()),
input.length()))
return false;
int tail_len;
if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len))
return false;
out_len += tail_len;
DCHECK_LE(out_len, static_cast<int>(output_size));
result.resize(out_len);
output->swap(result);
return true;
}
bool Encryptor::CryptCTR(bool do_encrypt,
const base::StringPiece& input,
std::string* output) {
if (!counter_.get()) {
LOG(ERROR) << "Counter value not set in CTR mode.";
return false;
}
AES_KEY aes_key;
if (AES_set_encrypt_key(reinterpret_cast<const uint8*>(key_->key().data()),
key_->key().size() * 8, &aes_key) != 0) {
return false;
}
const size_t out_size = input.size();
CHECK_GT(out_size, 0u);
CHECK_GT(out_size + 1, input.size());
std::string result;
uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, out_size + 1));
uint8_t ivec[AES_BLOCK_SIZE] = { 0 };
uint8_t ecount_buf[AES_BLOCK_SIZE] = { 0 };
unsigned int block_offset = 0;
counter_->Write(ivec);
AES_ctr128_encrypt(reinterpret_cast<const uint8*>(input.data()), out_ptr,
input.size(), &aes_key, ivec, ecount_buf, &block_offset);
SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec),
AES_BLOCK_SIZE));
output->swap(result);
return true;
}
}