| // Copyright (c) 2011 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "crypto/encryptor.h" |
| |
| #include <string.h> |
| |
| #include "base/string_util.h" |
| #include "crypto/symmetric_key.h" |
| |
| namespace crypto { |
| |
| namespace { |
| |
| // On success, returns the block size (in bytes) for the algorithm that |key| |
| // is for. On failure, returns 0. |
| DWORD GetCipherBlockSize(HCRYPTKEY key) { |
| DWORD block_size_in_bits = 0; |
| DWORD param_size = sizeof(block_size_in_bits); |
| BOOL ok = CryptGetKeyParam(key, KP_BLOCKLEN, |
| reinterpret_cast<BYTE*>(&block_size_in_bits), |
| ¶m_size, 0); |
| if (!ok) |
| return 0; |
| |
| return block_size_in_bits / 8; |
| } |
| |
| } // namespace |
| |
| Encryptor::Encryptor() |
| : key_(NULL), |
| mode_(CBC), |
| block_size_(0) { |
| } |
| |
| Encryptor::~Encryptor() { |
| } |
| |
| bool Encryptor::Init(SymmetricKey* key, |
| Mode mode, |
| const base::StringPiece& iv) { |
| DCHECK(key); |
| DCHECK_EQ(CBC, mode) << "Unsupported mode of operation"; |
| |
| // In CryptoAPI, the IV, padding mode, and feedback register (for a chaining |
| // mode) are properties of a key, so we have to create a copy of the key for |
| // the Encryptor. See the Remarks section of the CryptEncrypt MSDN page. |
| BOOL ok = CryptDuplicateKey(key->key(), NULL, 0, capi_key_.receive()); |
| if (!ok) |
| return false; |
| |
| // CRYPT_MODE_CBC is the default for Microsoft Base Cryptographic Provider, |
| // but we set it anyway to be safe. |
| DWORD cipher_mode = CRYPT_MODE_CBC; |
| ok = CryptSetKeyParam(capi_key_.get(), KP_MODE, |
| reinterpret_cast<BYTE*>(&cipher_mode), 0); |
| if (!ok) |
| return false; |
| |
| block_size_ = GetCipherBlockSize(capi_key_.get()); |
| if (block_size_ == 0) |
| return false; |
| |
| if (iv.size() != block_size_) |
| return false; |
| |
| ok = CryptSetKeyParam(capi_key_.get(), KP_IV, |
| reinterpret_cast<const BYTE*>(iv.data()), 0); |
| if (!ok) |
| return false; |
| |
| DWORD padding_method = PKCS5_PADDING; |
| ok = CryptSetKeyParam(capi_key_.get(), KP_PADDING, |
| reinterpret_cast<BYTE*>(&padding_method), 0); |
| if (!ok) |
| return false; |
| |
| return true; |
| } |
| |
| bool Encryptor::Encrypt(const base::StringPiece& plaintext, |
| std::string* ciphertext) { |
| DWORD data_len = plaintext.size(); |
| CHECK((data_len > 0u) || (mode_ == CBC)); |
| DWORD total_len = data_len + block_size_; |
| CHECK_GT(total_len, 0u); |
| CHECK_GT(total_len + 1, data_len); |
| |
| // CryptoAPI encrypts/decrypts in place. |
| char* ciphertext_data = WriteInto(ciphertext, total_len + 1); |
| memcpy(ciphertext_data, plaintext.data(), data_len); |
| |
| BOOL ok = CryptEncrypt(capi_key_.get(), NULL, TRUE, 0, |
| reinterpret_cast<BYTE*>(ciphertext_data), &data_len, |
| total_len); |
| if (!ok) { |
| ciphertext->clear(); |
| return false; |
| } |
| |
| ciphertext->resize(data_len); |
| return true; |
| } |
| |
| bool Encryptor::Decrypt(const base::StringPiece& ciphertext, |
| std::string* plaintext) { |
| DWORD data_len = ciphertext.size(); |
| CHECK_GT(data_len, 0u); |
| CHECK_GT(data_len + 1, data_len); |
| |
| // CryptoAPI encrypts/decrypts in place. |
| char* plaintext_data = WriteInto(plaintext, data_len + 1); |
| memcpy(plaintext_data, ciphertext.data(), data_len); |
| |
| BOOL ok = CryptDecrypt(capi_key_.get(), NULL, TRUE, 0, |
| reinterpret_cast<BYTE*>(plaintext_data), &data_len); |
| if (!ok) { |
| plaintext->clear(); |
| return false; |
| } |
| |
| plaintext->resize(data_len); |
| return true; |
| } |
| |
| } // namespace crypto |
