Fix up #ifdefs in crypto/encryptor.h.
[chromium-blink-merge.git] / crypto / encryptor.h
blob85ebaeb14993d9ab86eb01f619b4a43843db17dd
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef CRYPTO_ENCRYPTOR_H_
6 #define CRYPTO_ENCRYPTOR_H_
8 #include <string>
10 #include "base/basictypes.h"
11 #include "base/memory/scoped_ptr.h"
12 #include "base/strings/string_piece.h"
13 #include "build/build_config.h"
14 #include "crypto/crypto_export.h"
16 #if !defined(USE_OPENSSL)
17 #include "crypto/scoped_nss_types.h"
18 #endif
20 namespace crypto {
22 class SymmetricKey;
24 class CRYPTO_EXPORT Encryptor {
25 public:
26 enum Mode {
27 CBC,
28 CTR,
31 // This class implements a 128-bits counter to be used in AES-CTR encryption.
32 // Only 128-bits counter is supported in this class.
33 class CRYPTO_EXPORT Counter {
34 public:
35 explicit Counter(const base::StringPiece& counter);
36 ~Counter();
38 // Increment the counter value.
39 bool Increment();
41 // Write the content of the counter to |buf|. |buf| should have enough
42 // space for |GetLengthInBytes()|.
43 void Write(void* buf);
45 // Return the length of this counter.
46 size_t GetLengthInBytes() const;
48 private:
49 union {
50 uint32 components32[4];
51 uint64 components64[2];
52 } counter_;
55 Encryptor();
56 virtual ~Encryptor();
58 // Initializes the encryptor using |key| and |iv|. Returns false if either the
59 // key or the initialization vector cannot be used.
61 // If |mode| is CBC, |iv| must not be empty; if it is CTR, then |iv| must be
62 // empty.
63 bool Init(SymmetricKey* key, Mode mode, const base::StringPiece& iv);
65 // Encrypts |plaintext| into |ciphertext|. |plaintext| may only be empty if
66 // the mode is CBC.
67 bool Encrypt(const base::StringPiece& plaintext, std::string* ciphertext);
69 // Decrypts |ciphertext| into |plaintext|. |ciphertext| must not be empty.
71 // WARNING: In CBC mode, Decrypt() returns false if it detects the padding
72 // in the decrypted plaintext is wrong. Padding errors can result from
73 // tampered ciphertext or a wrong decryption key. But successful decryption
74 // does not imply the authenticity of the data. The caller of Decrypt()
75 // must either authenticate the ciphertext before decrypting it, or take
76 // care to not report decryption failure. Otherwise it could inadvertently
77 // be used as a padding oracle to attack the cryptosystem.
78 bool Decrypt(const base::StringPiece& ciphertext, std::string* plaintext);
80 // Sets the counter value when in CTR mode. Currently only 128-bits
81 // counter value is supported.
83 // Returns true only if update was successful.
84 bool SetCounter(const base::StringPiece& counter);
86 // TODO(albertb): Support streaming encryption.
88 private:
89 // Generates a mask using |counter_| to be used for encryption in CTR mode.
90 // Resulting mask will be written to |mask| with |mask_len| bytes.
92 // Make sure there's enough space in mask when calling this method.
93 // Reserve at least |plaintext_len| + 16 bytes for |mask|.
95 // The generated mask will always have at least |plaintext_len| bytes and
96 // will be a multiple of the counter length.
98 // This method is used only in CTR mode.
100 // Returns false if this call failed.
101 bool GenerateCounterMask(size_t plaintext_len,
102 uint8* mask,
103 size_t* mask_len);
105 // Mask the |plaintext| message using |mask|. The output will be written to
106 // |ciphertext|. |ciphertext| must have at least |plaintext_len| bytes.
107 void MaskMessage(const void* plaintext,
108 size_t plaintext_len,
109 const void* mask,
110 void* ciphertext) const;
112 SymmetricKey* key_;
113 Mode mode_;
114 scoped_ptr<Counter> counter_;
116 #if defined(USE_OPENSSL)
117 bool Crypt(bool do_encrypt, // Pass true to encrypt, false to decrypt.
118 const base::StringPiece& input,
119 std::string* output);
120 bool CryptCTR(bool do_encrypt,
121 const base::StringPiece& input,
122 std::string* output);
123 std::string iv_;
124 #else
125 bool Crypt(PK11Context* context,
126 const base::StringPiece& input,
127 std::string* output);
128 bool CryptCTR(PK11Context* context,
129 const base::StringPiece& input,
130 std::string* output);
131 ScopedSECItem param_;
132 #endif
135 } // namespace crypto
137 #endif // CRYPTO_ENCRYPTOR_H_