// Copyright (c) 2011 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "crypto/encryptor.h"
#include <vector>
#include "crypto/symmetric_key.h"
namespace crypto {
namespace {
// On success, returns the block size (in bytes) for the algorithm that |key|
// is for. On failure, returns 0.
DWORD GetCipherBlockSize(HCRYPTKEY key) {
DWORD block_size_in_bits = 0;
DWORD param_size = sizeof(block_size_in_bits);
BOOL ok = CryptGetKeyParam(key, KP_BLOCKLEN,
reinterpret_cast<BYTE*>(&block_size_in_bits),
¶m_size, 0);
if (!ok)
return 0;
return block_size_in_bits / 8;
}
} // namespace
Encryptor::Encryptor()
: key_(NULL),
mode_(CBC),
block_size_(0) {
}
Encryptor::~Encryptor() {
}
bool Encryptor::Init(SymmetricKey* key, Mode mode, const std::string& iv) {
DCHECK(key);
DCHECK_EQ(CBC, mode) << "Unsupported mode of operation";
// In CryptoAPI, the IV, padding mode, and feedback register (for a chaining
// mode) are properties of a key, so we have to create a copy of the key for
// the Encryptor. See the Remarks section of the CryptEncrypt MSDN page.
BOOL ok = CryptDuplicateKey(key->key(), NULL, 0, capi_key_.receive());
if (!ok)
return false;
// CRYPT_MODE_CBC is the default for Microsoft Base Cryptographic Provider,
// but we set it anyway to be safe.
DWORD cipher_mode = CRYPT_MODE_CBC;
ok = CryptSetKeyParam(capi_key_.get(), KP_MODE,
reinterpret_cast<BYTE*>(&cipher_mode), 0);
if (!ok)
return false;
block_size_ = GetCipherBlockSize(capi_key_.get());
if (block_size_ == 0)
return false;
if (iv.size() != block_size_)
return false;
ok = CryptSetKeyParam(capi_key_.get(), KP_IV,
reinterpret_cast<const BYTE*>(iv.data()), 0);
if (!ok)
return false;
DWORD padding_method = PKCS5_PADDING;
ok = CryptSetKeyParam(capi_key_.get(), KP_PADDING,
reinterpret_cast<BYTE*>(&padding_method), 0);
if (!ok)
return false;
return true;
}
bool Encryptor::Encrypt(const std::string& plaintext, std::string* ciphertext) {
DWORD data_len = plaintext.size();
DWORD total_len = data_len + block_size_;
// CryptoAPI encrypts/decrypts in place.
std::vector<BYTE> tmp(total_len);
memcpy(&tmp[0], plaintext.data(), data_len);
BOOL ok = CryptEncrypt(capi_key_.get(), NULL, TRUE, 0, &tmp[0],
&data_len, total_len);
if (!ok)
return false;
ciphertext->assign(reinterpret_cast<char*>(&tmp[0]), data_len);
return true;
}
bool Encryptor::Decrypt(const std::string& ciphertext, std::string* plaintext) {
DWORD data_len = ciphertext.size();
if (data_len == 0)
return false;
std::vector<BYTE> tmp(data_len);
memcpy(&tmp[0], ciphertext.data(), data_len);
BOOL ok = CryptDecrypt(capi_key_.get(), NULL, TRUE, 0, &tmp[0], &data_len);
if (!ok)
return false;
DCHECK_GT(tmp.size(), data_len);
plaintext->assign(reinterpret_cast<char*>(&tmp[0]), data_len);
return true;
}
} // namespace crypto