| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/crypto_secret_boxer.h" | 5 #include "net/quic/crypto/crypto_secret_boxer.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" | 9 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" |
| 10 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" | 10 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" |
| 11 #include "net/quic/crypto/crypto_protocol.h" | 11 #include "net/quic/crypto/crypto_protocol.h" |
| 12 #include "net/quic/crypto/quic_decrypter.h" | 12 #include "net/quic/crypto/quic_decrypter.h" |
| 13 #include "net/quic/crypto/quic_encrypter.h" | 13 #include "net/quic/crypto/quic_encrypter.h" |
| 14 #include "net/quic/crypto/quic_random.h" | 14 #include "net/quic/crypto/quic_random.h" |
| 15 | 15 |
| 16 using base::StringPiece; | 16 using base::StringPiece; |
| 17 using std::string; | 17 using std::string; |
| 18 using std::vector; |
| 18 | 19 |
| 19 namespace net { | 20 namespace net { |
| 20 | 21 |
| 21 // Defined kKeySize for GetKeySize() and SetKey(). | 22 // Defined kKeySize for GetKeySize() and SetKey(). |
| 22 static const size_t kKeySize = 16; | 23 static const size_t kKeySize = 16; |
| 23 | 24 |
| 24 // kBoxNonceSize contains the number of bytes of nonce that we use in each box. | 25 // kBoxNonceSize contains the number of bytes of nonce that we use in each box. |
| 25 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes. | 26 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes. |
| 26 // | 27 // |
| 27 // From agl@: | 28 // From agl@: |
| 28 // 96-bit nonces are on the edge. An attacker who can collect 2^41 | 29 // 96-bit nonces are on the edge. An attacker who can collect 2^41 |
| 29 // source-address tokens has a 1% chance of finding a duplicate. | 30 // source-address tokens has a 1% chance of finding a duplicate. |
| 30 // | 31 // |
| 31 // The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens | 32 // The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens |
| 32 // per second. So one day of that DDoS botnot would reach the 1% mark. | 33 // per second. So one day of that DDoS botnot would reach the 1% mark. |
| 33 // | 34 // |
| 34 // It's not terrible, but it's not a "forget about it" margin. | 35 // It's not terrible, but it's not a "forget about it" margin. |
| 35 static const size_t kBoxNonceSize = 12; | 36 static const size_t kBoxNonceSize = 12; |
| 36 | 37 |
| 38 CryptoSecretBoxer::CryptoSecretBoxer() {} |
| 39 |
| 40 CryptoSecretBoxer::~CryptoSecretBoxer() {} |
| 41 |
| 37 // static | 42 // static |
| 38 size_t CryptoSecretBoxer::GetKeySize() { | 43 size_t CryptoSecretBoxer::GetKeySize() { |
| 39 return kKeySize; | 44 return kKeySize; |
| 40 } | 45 } |
| 41 | 46 |
| 42 void CryptoSecretBoxer::SetKey(StringPiece key) { | 47 void CryptoSecretBoxer::SetKeys(const vector<string>& keys) { |
| 43 DCHECK_EQ(kKeySize, key.size()); | 48 DCHECK(!keys.empty()); |
| 44 key_ = key.as_string(); | 49 vector<string> copy = keys; |
| 50 for (const string& key : keys) { |
| 51 DCHECK_EQ(kKeySize, key.size()); |
| 52 } |
| 53 base::AutoLock l(lock_); |
| 54 keys_.swap(copy); |
| 45 } | 55 } |
| 46 | 56 |
| 47 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { | 57 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { |
| 48 scoped_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter()); | 58 scoped_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter()); |
| 49 if (!encrypter->SetKey(key_)) { | 59 { |
| 50 DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed."; | 60 base::AutoLock l(lock_); |
| 51 return string(); | 61 DCHECK_EQ(kKeySize, keys_[0].size()); |
| 62 if (!encrypter->SetKey(keys_[0])) { |
| 63 DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed."; |
| 64 return string(); |
| 65 } |
| 52 } | 66 } |
| 53 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); | 67 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); |
| 54 | 68 |
| 55 string ret; | 69 string ret; |
| 56 const size_t len = kBoxNonceSize + ciphertext_size; | 70 const size_t len = kBoxNonceSize + ciphertext_size; |
| 57 ret.resize(len); | 71 ret.resize(len); |
| 58 char* data = &ret[0]; | 72 char* data = &ret[0]; |
| 59 | 73 |
| 60 // Generate nonce. | 74 // Generate nonce. |
| 61 rand->RandBytes(data, kBoxNonceSize); | 75 rand->RandBytes(data, kBoxNonceSize); |
| (...skipping 17 matching lines...) Expand all Loading... |
| 79 } | 93 } |
| 80 | 94 |
| 81 StringPiece nonce(ciphertext.data(), kBoxNonceSize); | 95 StringPiece nonce(ciphertext.data(), kBoxNonceSize); |
| 82 ciphertext.remove_prefix(kBoxNonceSize); | 96 ciphertext.remove_prefix(kBoxNonceSize); |
| 83 QuicPacketNumber packet_number; | 97 QuicPacketNumber packet_number; |
| 84 StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); | 98 StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number)); |
| 85 memcpy(&packet_number, nonce.data() + nonce_prefix.size(), | 99 memcpy(&packet_number, nonce.data() + nonce_prefix.size(), |
| 86 sizeof(packet_number)); | 100 sizeof(packet_number)); |
| 87 | 101 |
| 88 scoped_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter()); | 102 scoped_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter()); |
| 89 if (!decrypter->SetKey(key_)) { | |
| 90 DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed."; | |
| 91 return false; | |
| 92 } | |
| 93 decrypter->SetNoncePrefix(nonce_prefix); | |
| 94 char plaintext[kMaxPacketSize]; | 103 char plaintext[kMaxPacketSize]; |
| 95 size_t plaintext_length = 0; | 104 size_t plaintext_length = 0; |
| 96 const bool success = decrypter->DecryptPacket( | 105 bool ok = false; |
| 97 /*path_id=*/0u, packet_number, /*associated data=*/StringPiece(), | 106 { |
| 98 ciphertext, plaintext, &plaintext_length, kMaxPacketSize); | 107 base::AutoLock l(lock_); |
| 99 if (!success) { | 108 for (const string& key : keys_) { |
| 109 if (decrypter->SetKey(key)) { |
| 110 decrypter->SetNoncePrefix(nonce_prefix); |
| 111 if (decrypter->DecryptPacket( |
| 112 /*path_id=*/0u, packet_number, |
| 113 /*associated data=*/StringPiece(), ciphertext, plaintext, |
| 114 &plaintext_length, kMaxPacketSize)) { |
| 115 ok = true; |
| 116 break; |
| 117 } |
| 118 } |
| 119 } |
| 120 } |
| 121 if (!ok) { |
| 100 return false; | 122 return false; |
| 101 } | 123 } |
| 102 | 124 |
| 103 out_storage->resize(plaintext_length); | 125 out_storage->resize(plaintext_length); |
| 104 out_storage->assign(plaintext, plaintext_length); | 126 out_storage->assign(plaintext, plaintext_length); |
| 105 out->set(out_storage->data(), plaintext_length); | 127 out->set(out_storage->data(), plaintext_length); |
| 106 return true; | 128 return true; |
| 107 } | 129 } |
| 108 | 130 |
| 109 } // namespace net | 131 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1714713002:
Landing Recent QUIC changes until 2/12/2016 21:32 UTC (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master