search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Open NaCl IRT file only once at startup
[chromium-blink-merge.git] / crypto / encryptor_win.cc
blobfae1f8220b73035252e91751bfcb8877f5d7d781
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/encryptor.h"
6
7 #include <string.h>
8
9 #include "base/string_util.h"
10 #include "crypto/symmetric_key.h"
11
12 namespace crypto {
13
14 namespace {
15
16 // On success, returns the block size (in bytes) for the algorithm that |key|
17 // is for. On failure, returns 0.
18 DWORD GetCipherBlockSize(HCRYPTKEY key) {
19 DWORD block_size_in_bits = 0;
20 DWORD param_size = sizeof(block_size_in_bits);
21 BOOL ok = CryptGetKeyParam(key, KP_BLOCKLEN,
22 reinterpret_cast<BYTE*>(&block_size_in_bits),
23 &param_size, 0);
24 if (!ok)
25 return 0;
26
27 return block_size_in_bits / 8;
28 }
29
30 } // namespace
31
32 Encryptor::Encryptor()
33 : key_(NULL),
34 mode_(CBC),
35 block_size_(0) {
36 }
37
38 Encryptor::~Encryptor() {
39 }
40
41 bool Encryptor::Init(SymmetricKey* key,
42 Mode mode,
43 const base::StringPiece& iv) {
44 DCHECK(key);
45 DCHECK_EQ(CBC, mode) << "Unsupported mode of operation";
46
47 // In CryptoAPI, the IV, padding mode, and feedback register (for a chaining
48 // mode) are properties of a key, so we have to create a copy of the key for
49 // the Encryptor. See the Remarks section of the CryptEncrypt MSDN page.
50 BOOL ok = CryptDuplicateKey(key->key(), NULL, 0, capi_key_.receive());
51 if (!ok)
52 return false;
53
54 // CRYPT_MODE_CBC is the default for Microsoft Base Cryptographic Provider,
55 // but we set it anyway to be safe.
56 DWORD cipher_mode = CRYPT_MODE_CBC;
57 ok = CryptSetKeyParam(capi_key_.get(), KP_MODE,
58 reinterpret_cast<BYTE*>(&cipher_mode), 0);
59 if (!ok)
60 return false;
61
62 block_size_ = GetCipherBlockSize(capi_key_.get());
63 if (block_size_ == 0)
64 return false;
65
66 if (iv.size() != block_size_)
67 return false;
68
69 ok = CryptSetKeyParam(capi_key_.get(), KP_IV,
70 reinterpret_cast<const BYTE*>(iv.data()), 0);
71 if (!ok)
72 return false;
73
74 DWORD padding_method = PKCS5_PADDING;
75 ok = CryptSetKeyParam(capi_key_.get(), KP_PADDING,
76 reinterpret_cast<BYTE*>(&padding_method), 0);
77 if (!ok)
78 return false;
79
80 return true;
81 }
82
83 bool Encryptor::Encrypt(const base::StringPiece& plaintext,
84 std::string* ciphertext) {
85 DWORD data_len = plaintext.size();
86 DWORD total_len = data_len + block_size_;
87 CHECK_GT(total_len, data_len);
88
89 // CryptoAPI encrypts/decrypts in place.
90 char* ciphertext_data = WriteInto(ciphertext, total_len + 1);
91 memcpy(ciphertext_data, plaintext.data(), data_len);
92
93 BOOL ok = CryptEncrypt(capi_key_.get(), NULL, TRUE, 0,
94 reinterpret_cast<BYTE*>(ciphertext_data), &data_len,
95 total_len);
96 if (!ok) {
97 ciphertext->clear();
98 return false;
99 }
100
101 ciphertext->resize(data_len);
102 return true;
103 }
104
105 bool Encryptor::Decrypt(const base::StringPiece& ciphertext,
106 std::string* plaintext) {
107 DWORD data_len = ciphertext.size();
108 if (data_len == 0 || (data_len + 1) < data_len)
109 return false;
110
111 // CryptoAPI encrypts/decrypts in place.
112 char* plaintext_data = WriteInto(plaintext, data_len + 1);
113 memcpy(plaintext_data, ciphertext.data(), data_len);
114
115 BOOL ok = CryptDecrypt(capi_key_.get(), NULL, TRUE, 0,
116 reinterpret_cast<BYTE*>(plaintext_data), &data_len);
117 if (!ok) {
118 plaintext->clear();
119 return false;
120 }
121
122 plaintext->resize(data_len);
123 return true;
124 }
125
126 } // namespace crypto