search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Handle small window sizes better in SafeBrowsing interstitials.
[chromium-blink-merge.git] / crypto / encryptor_openssl.cc
blobcb26e221a029cd11b98c6b3bf70cc1ab42734648
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/encryptor.h"
6
7 #include <openssl/aes.h>
8 #include <openssl/evp.h>
9
10 #include "base/logging.h"
11 #include "base/string_util.h"
12 #include "crypto/openssl_util.h"
13 #include "crypto/symmetric_key.h"
14
15 namespace crypto {
16
17 namespace {
18
19 const EVP_CIPHER* GetCipherForKey(SymmetricKey* key) {
20 switch (key->key().length()) {
21 case 16: return EVP_aes_128_cbc();
22 case 24: return EVP_aes_192_cbc();
23 case 32: return EVP_aes_256_cbc();
24 default: return NULL;
25 }
26 }
27
28 // On destruction this class will cleanup the ctx, and also clear the OpenSSL
29 // ERR stack as a convenience.
30 class ScopedCipherCTX {
31 public:
32 explicit ScopedCipherCTX() {
33 EVP_CIPHER_CTX_init(&ctx_);
34 }
35 ~ScopedCipherCTX() {
36 EVP_CIPHER_CTX_cleanup(&ctx_);
37 ClearOpenSSLERRStack(FROM_HERE);
38 }
39 EVP_CIPHER_CTX* get() { return &ctx_; }
40
41 private:
42 EVP_CIPHER_CTX ctx_;
43 };
44
45 } // namespace
46
47 Encryptor::Encryptor()
48 : key_(NULL),
49 mode_(CBC) {
50 }
51
52 Encryptor::~Encryptor() {
53 }
54
55 bool Encryptor::Init(SymmetricKey* key,
56 Mode mode,
57 const base::StringPiece& iv) {
58 DCHECK(key);
59 DCHECK_EQ(CBC, mode);
60
61 EnsureOpenSSLInit();
62 if (iv.size() != AES_BLOCK_SIZE)
63 return false;
64
65 if (GetCipherForKey(key) == NULL)
66 return false;
67
68 key_ = key;
69 mode_ = mode;
70 iv.CopyToString(&iv_);
71 return true;
72 }
73
74 bool Encryptor::Encrypt(const base::StringPiece& plaintext,
75 std::string* ciphertext) {
76 CHECK(!plaintext.empty() || (mode_ == CBC));
77 return Crypt(true, plaintext, ciphertext);
78 }
79
80 bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
81 std::string* plaintext) {
82 CHECK(!ciphertext.empty());
83 return Crypt(false, ciphertext, plaintext);
84 }
85
86 bool Encryptor::Crypt(bool do_encrypt,
87 const base::StringPiece& input,
88 std::string* output) {
89 DCHECK(key_); // Must call Init() before En/De-crypt.
90 // Work on the result in a local variable, and then only transfer it to
91 // |output| on success to ensure no partial data is returned.
92 std::string result;
93 output->clear();
94
95 const EVP_CIPHER* cipher = GetCipherForKey(key_);
96 DCHECK(cipher); // Already handled in Init();
97
98 const std::string& key = key_->key();
99 DCHECK_EQ(EVP_CIPHER_iv_length(cipher), static_cast<int>(iv_.length()));
100 DCHECK_EQ(EVP_CIPHER_key_length(cipher), static_cast<int>(key.length()));
101
102 ScopedCipherCTX ctx;
103 if (!EVP_CipherInit_ex(ctx.get(), cipher, NULL,
104 reinterpret_cast<const uint8*>(key.data()),
105 reinterpret_cast<const uint8*>(iv_.data()),
106 do_encrypt))
107 return false;
108
109 // When encrypting, add another block size of space to allow for any padding.
110 const size_t output_size = input.size() + (do_encrypt ? iv_.size() : 0);
111 CHECK_GT(output_size, 0u);
112 CHECK_GT(output_size + 1, input.size());
113 uint8* out_ptr = reinterpret_cast<uint8*>(WriteInto(&result,
114 output_size + 1));
115 int out_len;
116 if (!EVP_CipherUpdate(ctx.get(), out_ptr, &out_len,
117 reinterpret_cast<const uint8*>(input.data()),
118 input.length()))
119 return false;
120
121 // Write out the final block plus padding (if any) to the end of the data
122 // just written.
123 int tail_len;
124 if (!EVP_CipherFinal_ex(ctx.get(), out_ptr + out_len, &tail_len))
125 return false;
126
127 out_len += tail_len;
128 DCHECK_LE(out_len, static_cast<int>(output_size));
129 result.resize(out_len);
130
131 output->swap(result);
132 return true;
133 }
134
135 } // namespace crypto