1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "crypto/encryptor.h"
6
7 #include <vector>
8
9 #include "crypto/symmetric_key.h"
10
11 namespace crypto {
12
13 namespace {
14
15 // On success, returns the block size (in bytes) for the algorithm that |key|
16 // is for. On failure, returns 0.
GetCipherBlockSize(HCRYPTKEY key)17 DWORD GetCipherBlockSize(HCRYPTKEY key) {
18 DWORD block_size_in_bits = 0;
19 DWORD param_size = sizeof(block_size_in_bits);
20 BOOL ok = CryptGetKeyParam(key, KP_BLOCKLEN,
21 reinterpret_cast<BYTE*>(&block_size_in_bits),
22 ¶m_size, 0);
23 if (!ok)
24 return 0;
25
26 return block_size_in_bits / 8;
27 }
28
29 } // namespace
30
Encryptor()31 Encryptor::Encryptor()
32 : key_(NULL),
33 mode_(CBC),
34 block_size_(0) {
35 }
36
~Encryptor()37 Encryptor::~Encryptor() {
38 }
39
Init(SymmetricKey * key,Mode mode,const std::string & iv)40 bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
41 DCHECK(key);
42 DCHECK_EQ(CBC, mode) << "Unsupported mode of operation";
43
44 // In CryptoAPI, the IV, padding mode, and feedback register (for a chaining
45 // mode) are properties of a key, so we have to create a copy of the key for
46 // the Encryptor. See the Remarks section of the CryptEncrypt MSDN page.
47 BOOL ok = CryptDuplicateKey(key->key(), NULL, 0, capi_key_.receive());
48 if (!ok)
49 return false;
50
51 // CRYPT_MODE_CBC is the default for Microsoft Base Cryptographic Provider,
52 // but we set it anyway to be safe.
53 DWORD cipher_mode = CRYPT_MODE_CBC;
54 ok = CryptSetKeyParam(capi_key_.get(), KP_MODE,
55 reinterpret_cast<BYTE*>(&cipher_mode), 0);
56 if (!ok)
57 return false;
58
59 block_size_ = GetCipherBlockSize(capi_key_.get());
60 if (block_size_ == 0)
61 return false;
62
63 if (iv.size() != block_size_)
64 return false;
65
66 ok = CryptSetKeyParam(capi_key_.get(), KP_IV,
67 reinterpret_cast<const BYTE*>(iv.data()), 0);
68 if (!ok)
69 return false;
70
71 DWORD padding_method = PKCS5_PADDING;
72 ok = CryptSetKeyParam(capi_key_.get(), KP_PADDING,
73 reinterpret_cast<BYTE*>(&padding_method), 0);
74 if (!ok)
75 return false;
76
77 return true;
78 }
79
Encrypt(const std::string & plaintext,std::string * ciphertext)80 bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
81 DWORD data_len = plaintext.size();
82 DWORD total_len = data_len + block_size_;
83
84 // CryptoAPI encrypts/decrypts in place.
85 std::vector<BYTE> tmp(total_len);
86 memcpy(&tmp[0], plaintext.data(), data_len);
87
88 BOOL ok = CryptEncrypt(capi_key_.get(), NULL, TRUE, 0, &tmp[0],
89 &data_len, total_len);
90 if (!ok)
91 return false;
92
93 ciphertext->assign(reinterpret_cast<char*>(&tmp[0]), data_len);
94 return true;
95 }
96
Decrypt(const std::string & ciphertext,std::string * plaintext)97 bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
98 DWORD data_len = ciphertext.size();
99 if (data_len == 0)
100 return false;
101
102 std::vector<BYTE> tmp(data_len);
103 memcpy(&tmp[0], ciphertext.data(), data_len);
104
105 BOOL ok = CryptDecrypt(capi_key_.get(), NULL, TRUE, 0, &tmp[0], &data_len);
106 if (!ok)
107 return false;
108
109 DCHECK_GT(tmp.size(), data_len);
110
111 plaintext->assign(reinterpret_cast<char*>(&tmp[0]), data_len);
112 return true;
113 }
114
115 } // namespace crypto
116