| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h" | 5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h" |
| 6 | 6 |
| 7 #include <algorithm> | 7 #include <algorithm> |
| 8 #include <sstream> | 8 #include <sstream> |
| 9 | 9 |
| 10 #include "base/logging.h" | 10 #include "base/logging.h" |
| (...skipping 152 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 163 | 163 |
| 164 // Records must be at least two octets in size (to hold the padding). Records | 164 // Records must be at least two octets in size (to hold the padding). Records |
| 165 // that are smaller, i.e. a single octet, are invalid. | 165 // that are smaller, i.e. a single octet, are invalid. |
| 166 if (decrypted_record.size() < sizeof(uint16_t)) | 166 if (decrypted_record.size() < sizeof(uint16_t)) |
| 167 return false; | 167 return false; |
| 168 | 168 |
| 169 // Records contain a two-byte, big-endian padding length followed by zero to | 169 // Records contain a two-byte, big-endian padding length followed by zero to |
| 170 // 65535 bytes of padding. Padding bytes must be zero but, since AES-GCM | 170 // 65535 bytes of padding. Padding bytes must be zero but, since AES-GCM |
| 171 // authenticates the plaintext, checking and removing padding need not be done | 171 // authenticates the plaintext, checking and removing padding need not be done |
| 172 // in constant-time. | 172 // in constant-time. |
| 173 uint16_t padding_length = (decrypted_record[0] << 8) | decrypted_record[1]; | 173 uint16_t padding_length = (static_cast<uint8_t>(decrypted_record[0]) << 8) | |
| 174 static_cast<uint8_t>(decrypted_record[1]); |
| 174 decrypted_record.remove_prefix(sizeof(uint16_t)); | 175 decrypted_record.remove_prefix(sizeof(uint16_t)); |
| 175 | 176 |
| 176 if (padding_length > decrypted_record.size()) { | 177 if (padding_length > decrypted_record.size()) { |
| 177 return false; | 178 return false; |
| 178 } | 179 } |
| 179 | 180 |
| 180 for (size_t i = 0; i < padding_length; ++i) { | 181 for (size_t i = 0; i < padding_length; ++i) { |
| 181 if (decrypted_record[i] != 0) | 182 if (decrypted_record[i] != 0) |
| 182 return false; | 183 return false; |
| 183 } | 184 } |
| (...skipping 44 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 228 0 /* subkey_secret_bytes_to_generate */); | 229 0 /* subkey_secret_bytes_to_generate */); |
| 229 | 230 |
| 230 // draft-thomson-http-encryption defines that the result should be XOR'ed with | 231 // draft-thomson-http-encryption defines that the result should be XOR'ed with |
| 231 // the record's sequence number, however, Web Push encryption is limited to a | 232 // the record's sequence number, however, Web Push encryption is limited to a |
| 232 // single record per draft-ietf-webpush-encryption. | 233 // single record per draft-ietf-webpush-encryption. |
| 233 | 234 |
| 234 return hkdf.client_write_key().as_string(); | 235 return hkdf.client_write_key().as_string(); |
| 235 } | 236 } |
| 236 | 237 |
| 237 } // namespace gcm | 238 } // namespace gcm |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1817143003:
Add static_casts when combining the padding length (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master