Google Git
Sign in
chromium / chromium / src.git / dd373b8b7d7501cf7f3bbfe861f58dce67578a69 / . / crypto / encryptor.h
blob: e07eb3233b31df76c0d47540f161acc4f72896b8 [file] [log] [blame]
[email protected]ef0677462012-04-25 00:27:43[diff] [blame]1// Copyright (c) 2012 The Chromium Authors. All rights reserved.
[email protected]39422e32010-03-25 19:13:00[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]5#ifndef CRYPTO_ENCRYPTOR_H_
6#define CRYPTO_ENCRYPTOR_H_
[email protected]39422e32010-03-25 19:13:00[diff] [blame]7
avidd373b8b2015-12-21 21:34:43[diff] [blame^]8#include <stddef.h>
9#include <stdint.h>
10
[email protected]39422e32010-03-25 19:13:00[diff] [blame]11#include <string>
12
[email protected]7226b33c2011-08-18 08:44:22[diff] [blame]13#include "base/memory/scoped_ptr.h"
[email protected]daf079a2013-04-17 21:42:40[diff] [blame]14#include "base/strings/string_piece.h"
[email protected]692033a2010-04-09 18:40:50[diff] [blame]15#include "build/build_config.h"
[email protected]d613a9902011-08-05 20:59:11[diff] [blame]16#include "crypto/crypto_export.h"
[email protected]692033a2010-04-09 18:40:50[diff] [blame]17
davidben591b117f2015-08-11 23:41:54[diff] [blame]18#if !defined(USE_OPENSSL)
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]19#include "crypto/scoped_nss_types.h"
[email protected]692033a2010-04-09 18:40:50[diff] [blame]20#endif
[email protected]39422e32010-03-25 19:13:00[diff] [blame]21
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]22namespace crypto {
[email protected]39422e32010-03-25 19:13:00[diff] [blame]23
[email protected]692033a2010-04-09 18:40:50[diff] [blame]24class SymmetricKey;
25
[email protected]d613a9902011-08-05 20:59:11[diff] [blame]26class CRYPTO_EXPORT Encryptor {
[email protected]39422e32010-03-25 19:13:00[diff] [blame]27 public:
28 enum Mode {
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]29 CBC,
30 CTR,
[email protected]39422e32010-03-25 19:13:00[diff] [blame]31 };
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]32
33 // This class implements a 128-bits counter to be used in AES-CTR encryption.
34 // Only 128-bits counter is supported in this class.
[email protected]45a445212012-06-15 08:11:52[diff] [blame]35 class CRYPTO_EXPORT Counter {
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]36 public:
[email protected]7226b33c2011-08-18 08:44:22[diff] [blame]37 explicit Counter(const base::StringPiece& counter);
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]38 ~Counter();
39
40 // Increment the counter value.
41 bool Increment();
42
43 // Write the content of the counter to |buf|. |buf| should have enough
44 // space for |GetLengthInBytes()|.
45 void Write(void* buf);
46
47 // Return the length of this counter.
48 size_t GetLengthInBytes() const;
49
50 private:
51 union {
avidd373b8b2015-12-21 21:34:43[diff] [blame^]52 uint32_t components32[4];
53 uint64_t components64[2];
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]54 } counter_;
55 };
56
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]57 Encryptor();
58 virtual ~Encryptor();
[email protected]39422e32010-03-25 19:13:00[diff] [blame]59
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]60 // Initializes the encryptor using |key| and |iv|. Returns false if either the
61 // key or the initialization vector cannot be used.
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]62 //
[email protected]fdce4782011-11-29 20:06:18[diff] [blame]63 // If |mode| is CBC, |iv| must not be empty; if it is CTR, then |iv| must be
64 // empty.
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]65 bool Init(SymmetricKey* key, Mode mode, const base::StringPiece& iv);
[email protected]39422e32010-03-25 19:13:00[diff] [blame]66
[email protected]fdce4782011-11-29 20:06:18[diff] [blame]67 // Encrypts |plaintext| into |ciphertext|. |plaintext| may only be empty if
68 // the mode is CBC.
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]69 bool Encrypt(const base::StringPiece& plaintext, std::string* ciphertext);
[email protected]39422e32010-03-25 19:13:00[diff] [blame]70
[email protected]fdce4782011-11-29 20:06:18[diff] [blame]71 // Decrypts |ciphertext| into |plaintext|. |ciphertext| must not be empty.
[email protected]ef0677462012-04-25 00:27:43[diff] [blame]72 //
73 // WARNING: In CBC mode, Decrypt() returns false if it detects the padding
74 // in the decrypted plaintext is wrong. Padding errors can result from
75 // tampered ciphertext or a wrong decryption key. But successful decryption
76 // does not imply the authenticity of the data. The caller of Decrypt()
77 // must either authenticate the ciphertext before decrypting it, or take
78 // care to not report decryption failure. Otherwise it could inadvertently
79 // be used as a padding oracle to attack the cryptosystem.
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]80 bool Decrypt(const base::StringPiece& ciphertext, std::string* plaintext);
[email protected]39422e32010-03-25 19:13:00[diff] [blame]81
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]82 // Sets the counter value when in CTR mode. Currently only 128-bits
83 // counter value is supported.
84 //
85 // Returns true only if update was successful.
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]86 bool SetCounter(const base::StringPiece& counter);
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]87
[email protected]39422e32010-03-25 19:13:00[diff] [blame]88 // TODO(albertb): Support streaming encryption.
89
90 private:
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]91 // Generates a mask using |counter_| to be used for encryption in CTR mode.
92 // Resulting mask will be written to |mask| with |mask_len| bytes.
93 //
94 // Make sure there's enough space in mask when calling this method.
95 // Reserve at least |plaintext_len| + 16 bytes for |mask|.
96 //
97 // The generated mask will always have at least |plaintext_len| bytes and
98 // will be a multiple of the counter length.
99 //
100 // This method is used only in CTR mode.
101 //
102 // Returns false if this call failed.
103 bool GenerateCounterMask(size_t plaintext_len,
avidd373b8b2015-12-21 21:34:43[diff] [blame^]104 uint8_t* mask,
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]105 size_t* mask_len);
106
107 // Mask the |plaintext| message using |mask|. The output will be written to
108 // |ciphertext|. |ciphertext| must have at least |plaintext_len| bytes.
109 void MaskMessage(const void* plaintext,
110 size_t plaintext_len,
111 const void* mask,
112 void* ciphertext) const;
113
[email protected]1b47ce22010-03-31 16:18:30[diff] [blame]114 SymmetricKey* key_;
[email protected]39422e32010-03-25 19:13:00[diff] [blame]115 Mode mode_;
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]116 scoped_ptr<Counter> counter_;
[email protected]39422e32010-03-25 19:13:00[diff] [blame]117
[email protected]25007102010-11-12 16:29:06[diff] [blame]118#if defined(USE_OPENSSL)
[email protected]a3f742692013-06-13 19:48:01[diff] [blame]119 bool Crypt(bool do_encrypt, // Pass true to encrypt, false to decrypt.
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]120 const base::StringPiece& input,
[email protected]25007102010-11-12 16:29:06[diff] [blame]121 std::string* output);
[email protected]a3f742692013-06-13 19:48:01[diff] [blame]122 bool CryptCTR(bool do_encrypt,
123 const base::StringPiece& input,
124 std::string* output);
[email protected]25007102010-11-12 16:29:06[diff] [blame]125 std::string iv_;
davidben591b117f2015-08-11 23:41:54[diff] [blame]126#else
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]127 bool Crypt(PK11Context* context,
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]128 const base::StringPiece& input,
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]129 std::string* output);
130 bool CryptCTR(PK11Context* context,
[email protected]44a016a82011-07-08 02:53:09[diff] [blame]131 const base::StringPiece& input,
[email protected]2377cdee2011-06-24 20:46:06[diff] [blame]132 std::string* output);
[email protected]39422e32010-03-25 19:13:00[diff] [blame]133 ScopedSECItem param_;
[email protected]39422e32010-03-25 19:13:00[diff] [blame]134#endif
135};
136
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]137} // namespace crypto
[email protected]39422e32010-03-25 19:13:00[diff] [blame]138
[email protected]4b559b4d2011-04-14 17:37:14[diff] [blame]139#endif // CRYPTO_ENCRYPTOR_H_