1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "components/webdata/encryptor/encryptor.h"
7 #include "base/logging.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "base/strings/utf_string_conversions.h"
10 #include "crypto/encryptor.h"
11 #include "crypto/symmetric_key.h"
15 // Salt for Symmetric key derivation.
16 const char kSalt
[] = "saltysalt";
18 // Key size required for 128 bit AES.
19 const size_t kDerivedKeySizeInBits
= 128;
21 // Constant for Symmetic key derivation.
22 const size_t kEncryptionIterations
= 1;
24 // Size of initialization vector for AES 128-bit.
25 const size_t kIVBlockSizeAES128
= 16;
27 // Prefix for cypher text returned by obfuscation version. We prefix the
28 // cyphertext with this string so that future data migration can detect
29 // this and migrate to full encryption without data loss.
30 const char kObfuscationPrefix
[] = "v10";
32 // Generates a newly allocated SymmetricKey object based a hard-coded password.
33 // Ownership of the key is passed to the caller. Returns NULL key if a key
34 // generation error occurs.
35 crypto::SymmetricKey
* GetEncryptionKey() {
36 // We currently "obfuscate" by encrypting and decrypting with hard-coded
37 // password. We need to improve this password situation by moving a secure
38 // password into a system-level key store.
39 // http://crbug.com/25404 and http://crbug.com/49115
40 std::string password
= "peanuts";
41 std::string
salt(kSalt
);
43 // Create an encryption key from our password and salt.
44 scoped_ptr
<crypto::SymmetricKey
> encryption_key(
45 crypto::SymmetricKey::DeriveKeyFromPassword(crypto::SymmetricKey::AES
,
48 kEncryptionIterations
,
49 kDerivedKeySizeInBits
));
50 DCHECK(encryption_key
.get());
52 return encryption_key
.release();
57 bool Encryptor::EncryptString16(const base::string16
& plaintext
,
58 std::string
* ciphertext
) {
59 return EncryptString(base::UTF16ToUTF8(plaintext
), ciphertext
);
62 bool Encryptor::DecryptString16(const std::string
& ciphertext
,
63 base::string16
* plaintext
) {
65 if (!DecryptString(ciphertext
, &utf8
))
68 *plaintext
= base::UTF8ToUTF16(utf8
);
72 bool Encryptor::EncryptString(const std::string
& plaintext
,
73 std::string
* ciphertext
) {
74 // This currently "obfuscates" by encrypting with hard-coded password.
75 // We need to improve this password situation by moving a secure password
76 // into a system-level key store.
77 // http://crbug.com/25404 and http://crbug.com/49115
79 if (plaintext
.empty()) {
80 *ciphertext
= std::string();
84 scoped_ptr
<crypto::SymmetricKey
> encryption_key(GetEncryptionKey());
85 if (!encryption_key
.get())
88 std::string
iv(kIVBlockSizeAES128
, ' ');
89 crypto::Encryptor encryptor
;
90 if (!encryptor
.Init(encryption_key
.get(), crypto::Encryptor::CBC
, iv
))
93 if (!encryptor
.Encrypt(plaintext
, ciphertext
))
96 // Prefix the cypher text with version information.
97 ciphertext
->insert(0, kObfuscationPrefix
);
101 bool Encryptor::DecryptString(const std::string
& ciphertext
,
102 std::string
* plaintext
) {
103 // This currently "obfuscates" by encrypting with hard-coded password.
104 // We need to improve this password situation by moving a secure password
105 // into a system-level key store.
106 // http://crbug.com/25404 and http://crbug.com/49115
108 if (ciphertext
.empty()) {
109 *plaintext
= std::string();
113 // Check that the incoming cyphertext was indeed encrypted with the expected
114 // version. If the prefix is not found then we'll assume we're dealing with
115 // old data saved as clear text and we'll return it directly.
116 // Credit card numbers are current legacy data, so false match with prefix
118 if (ciphertext
.find(kObfuscationPrefix
) != 0) {
119 *plaintext
= ciphertext
;
123 // Strip off the versioning prefix before decrypting.
124 std::string raw_ciphertext
= ciphertext
.substr(strlen(kObfuscationPrefix
));
126 scoped_ptr
<crypto::SymmetricKey
> encryption_key(GetEncryptionKey());
127 if (!encryption_key
.get())
130 std::string
iv(kIVBlockSizeAES128
, ' ');
131 crypto::Encryptor encryptor
;
132 if (!encryptor
.Init(encryption_key
.get(), crypto::Encryptor::CBC
, iv
))
135 if (!encryptor
.Decrypt(raw_ciphertext
, plaintext
))