crypto/encryptor_openssl.cc

   1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "crypto/encryptor.h"
   6
   7 #include <openssl/aes.h>
   8 #include <openssl/evp.h>
   9
  10 #include "base/logging.h"
  11 #include "base/strings/string_util.h"
  12 #include "crypto/openssl_util.h"
  13 #include "crypto/symmetric_key.h"
  14
  15 namespace crypto {
  16
  17 namespace {
  18
  19 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
  20   switch (key->key().length()) {
  21     case 16: return EVP_aes_128_cbc();
  22     case 24: return EVP_aes_192_cbc();
  23     case 32: return EVP_aes_256_cbc();
  24     default: return NULL;
  25   }
  26 }
  27
  28 // On destruction this class will cleanup the ctx, and also clear the OpenSSL
  29 // ERR stack as a convenience.
  30 class ScopedCipherCTX {
  31  public:
  32   explicit ScopedCipherCTX() {
  33     EVP_CIPHER_CTX_init(&ctx_);
  34   }
  35   ~ScopedCipherCTX() {
  36     EVP_CIPHER_CTX_cleanup(&ctx_);
  37     ClearOpenSSLERRStack(FROM_HERE);
  38   }
  39   EVP_CIPHER_CTX* get() { return &ctx_; }
  40
  41  private:
  42   EVP_CIPHER_CTX ctx_;
  43 };
  44
  45 }  // namespace
  46
  47 Encryptor::Encryptor()
  48     : key_(NULL),
  49       mode_(CBC) {
  50 }
  51
  52 Encryptor::~Encryptor() {
  53 }
  54
  55 bool Encryptor::Init(SymmetricKey* key,
  56                      Mode mode,
  57                      const base::StringPiece& iv) {
  58   DCHECK(key);
  59   DCHECK(mode == CBC || mode == CTR);
  60
  61   EnsureOpenSSLInit();
  62   if (mode == CBC && iv.size() != AES_BLOCK_SIZE)
  63     return false;
  64
  65   if (GetCipherForKey(key) == NULL)
  66     return false;
  67
  68   key_ = key;
  69   mode_ = mode;
  70   iv.CopyToString(&iv_);
  71   return true;
  72 }
  73
  74 bool Encryptor::Encrypt(const base::StringPiece& plaintext,
  75                         std::string* ciphertext) {
  76   CHECK(!plaintext.empty() || (mode_ == CBC));
  77   return (mode_ == CTR) ?
  78       CryptCTR(true, plaintext, ciphertext) :
  79       Crypt(true, plaintext, ciphertext);
  80 }
  81
  82 bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
  83                         std::string* plaintext) {
  84   CHECK(!ciphertext.empty());
  85   return (mode_ == CTR) ?
  86       CryptCTR(false, ciphertext, plaintext) :
  87       Crypt(false, ciphertext, plaintext);
  88 }
  89
  90 bool Encryptor::Crypt(bool do_encrypt,
  91                       const base::StringPiece& input,
  92                       std::string* output) {
  93   DCHECK(key_);  // Must call Init() before En/De-crypt.
  94   // Work on the result in a local variable, and then only transfer it to
  95   // |output| on success to ensure no partial data is returned.
  96   std::string result;
  97   output->clear();
  98
  99   const EVP_CIPHER* cipher = GetCipherForKey(key_);
 100   DCHECK(cipher);  // Already handled in Init();
 101
 102   const std::string& key = key_->key();
 103   DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
 104   DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
 105
 106   ScopedCipherCTX ctx;
 107   if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,
 108                          reinterpret_cast<const uint8*>(key.data()),
 109                          reinterpret_cast<const uint8*>(iv_.data()),
 110                          do_encrypt))
 111     return false;
 112
 113   // When encrypting, add another block size of space to allow for any padding.
 114   const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0);
 115   CHECK_GT(output_size, 0u);
 116   CHECK_GT(output_size + 1, input.size());
 117   uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result,
 118                                                       output_size + 1));
 119   int out_len;
 120   if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len,
 121                         reinterpret_cast<const uint8*>(input.data()),
 122                         input.length()))
 123     return false;
 124
 125   // Write out the final block plus padding (if any) to the end of the data
 126   // just written.
 127   int tail_len;
 128   if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len))
 129     return false;
 130
 131   out_len += tail_len;
 132   DCHECK_LE(out_len, static_cast<int>(output_size));
 133   result.resize(out_len);
 134
 135   output->swap(result);
 136   return true;
 137 }
 138
 139 bool Encryptor::CryptCTR(bool do_encrypt,
 140                          const base::StringPiece& input,
 141                          std::string* output) {
 142   if (!counter_.get()) {
 143     LOG(ERROR) << "Counter value not set in CTR mode.";
 144     return false;
 145   }
 146
 147   AES_KEY aes_key;
 148   if (AES_set_encrypt_key(reinterpret_cast<const uint8*>(key_->key().data()),
 149                           key_->key().size() * 8, &aes_key) != 0) {
 150     return false;
 151   }
 152
 153   const size_t out_size = input.size();
 154   CHECK_GT(out_size, 0u);
 155   CHECK_GT(out_size + 1, input.size());
 156
 157   std::string result;
 158   uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result, out_size + 1));
 159
 160   uint8_t ivec[AES_BLOCK_SIZE] = { 0 };
 161   uint8_t ecount_buf[AES_BLOCK_SIZE] = { 0 };
 162   unsigned int block_offset = 0;
 163
 164   counter_->Write(ivec);
 165
 166   AES_ctr128_encrypt(reinterpret_cast<const uint8*>(input.data()), out_ptr,
 167                      input.size(), &aes_key, ivec, ecount_buf, &block_offset);
 168
 169   // AES_ctr128_encrypt() updates |ivec|. Update the |counter_| here.
 170   SetCounter(base::StringPiece(reinterpret_cast<const char*>(ivec),
 171                                AES_BLOCK_SIZE));
 172
 173   output->swap(result);
 174   return true;
 175 }
 176
 177 }  // namespace crypto