OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include <pk11pub.h> | |
6 | |
7 #include <memory> | |
8 | |
9 #include "crypto/scoped_nss_types.h" | |
10 #include "net/quic/crypto/aead_base_decrypter.h" | |
11 #include "net/quic/quic_flags.h" | |
12 #include "net/quic/quic_utils.h" | |
13 | |
14 using base::StringPiece; | |
15 | |
16 namespace net { | |
17 | |
18 AeadBaseDecrypter::AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, | |
19 size_t key_size, | |
20 size_t auth_tag_size, | |
21 size_t nonce_prefix_size) | |
22 : aead_mechanism_(aead_mechanism), | |
23 key_size_(key_size), | |
24 auth_tag_size_(auth_tag_size), | |
25 nonce_prefix_size_(nonce_prefix_size) { | |
26 DCHECK_LE(key_size_, sizeof(key_)); | |
27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | |
28 } | |
29 | |
30 AeadBaseDecrypter::~AeadBaseDecrypter() {} | |
31 | |
32 bool AeadBaseDecrypter::SetKey(StringPiece key) { | |
33 DCHECK_EQ(key.size(), key_size_); | |
34 if (key.size() != key_size_) { | |
35 return false; | |
36 } | |
37 memcpy(key_, key.data(), key.size()); | |
38 return true; | |
39 } | |
40 | |
41 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { | |
42 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); | |
43 if (nonce_prefix.size() != nonce_prefix_size_) { | |
44 return false; | |
45 } | |
46 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); | |
47 return true; | |
48 } | |
49 | |
50 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, | |
51 QuicPacketNumber packet_number, | |
52 StringPiece associated_data, | |
53 StringPiece ciphertext, | |
54 char* output, | |
55 size_t* output_length, | |
56 size_t max_output_length) { | |
57 if (ciphertext.length() < auth_tag_size_) { | |
58 return false; | |
59 } | |
60 | |
61 uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; | |
62 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); | |
63 DCHECK_LE(nonce_size, sizeof(nonce)); | |
64 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | |
65 uint64_t path_id_packet_number = | |
66 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); | |
67 memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, | |
68 sizeof(path_id_packet_number)); | |
69 | |
70 // NSS 3.14.x incorrectly requires an output buffer at least as long as | |
71 // the ciphertext (NSS bug | |
72 // https://bugzilla.mozilla.org/show_bug.cgi?id= 853674). Fortunately | |
73 // QuicDecrypter::Decrypt() specifies that |output| must be as long as | |
74 // |ciphertext| on entry. | |
75 size_t plaintext_size = ciphertext.length() - auth_tag_size_; | |
76 | |
77 // Import key_ into NSS. | |
78 SECItem key_item; | |
79 key_item.type = siBuffer; | |
80 key_item.data = key_; | |
81 key_item.len = key_size_; | |
82 PK11SlotInfo* slot = PK11_GetInternalSlot(); | |
83 | |
84 // The exact value of the |origin| argument doesn't matter to NSS as long as | |
85 // it's not PK11_OriginFortezzaHack, so pass PK11_OriginUnwrap as a | |
86 // placeholder. | |
87 crypto::ScopedPK11SymKey aead_key( | |
88 PK11_ImportSymKey(slot, aead_mechanism_, PK11_OriginUnwrap, CKA_DECRYPT, | |
89 &key_item, nullptr)); | |
90 PK11_FreeSlot(slot); | |
91 slot = nullptr; | |
92 if (!aead_key) { | |
93 DVLOG(1) << "PK11_ImportSymKey failed"; | |
94 return false; | |
95 } | |
96 | |
97 AeadParams aead_params = {0}; | |
98 FillAeadParams(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), | |
99 associated_data, auth_tag_size_, &aead_params); | |
100 | |
101 SECItem param; | |
102 param.type = siBuffer; | |
103 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); | |
104 param.len = aead_params.len; | |
105 | |
106 unsigned int output_len; | |
107 if (PK11_Decrypt(aead_key.get(), aead_mechanism_, ¶m, | |
108 reinterpret_cast<uint8_t*>(output), &output_len, | |
109 max_output_length, | |
110 reinterpret_cast<const unsigned char*>(ciphertext.data()), | |
111 ciphertext.length()) != SECSuccess) { | |
112 return false; | |
113 } | |
114 | |
115 if (output_len != plaintext_size) { | |
116 DVLOG(1) << "Wrong output length"; | |
117 return false; | |
118 } | |
119 *output_length = output_len; | |
120 return true; | |
121 } | |
122 | |
123 StringPiece AeadBaseDecrypter::GetKey() const { | |
124 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | |
125 } | |
126 | |
127 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { | |
128 if (nonce_prefix_size_ == 0) { | |
129 return StringPiece(); | |
130 } | |
131 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | |
132 nonce_prefix_size_); | |
133 } | |
134 | |
135 } // namespace net | |
OLD | NEW |