| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <pk11pub.h> | |
| 6 | |
| 7 #include <memory> | |
| 8 | |
| 9 #include "crypto/scoped_nss_types.h" | |
| 10 #include "net/quic/crypto/aead_base_decrypter.h" | |
| 11 #include "net/quic/quic_flags.h" | |
| 12 #include "net/quic/quic_utils.h" | |
| 13 | |
| 14 using base::StringPiece; | |
| 15 | |
| 16 namespace net { | |
| 17 | |
| 18 AeadBaseDecrypter::AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, | |
| 19 size_t key_size, | |
| 20 size_t auth_tag_size, | |
| 21 size_t nonce_prefix_size) | |
| 22 : aead_mechanism_(aead_mechanism), | |
| 23 key_size_(key_size), | |
| 24 auth_tag_size_(auth_tag_size), | |
| 25 nonce_prefix_size_(nonce_prefix_size) { | |
| 26 DCHECK_LE(key_size_, sizeof(key_)); | |
| 27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | |
| 28 } | |
| 29 | |
| 30 AeadBaseDecrypter::~AeadBaseDecrypter() {} | |
| 31 | |
| 32 bool AeadBaseDecrypter::SetKey(StringPiece key) { | |
| 33 DCHECK_EQ(key.size(), key_size_); | |
| 34 if (key.size() != key_size_) { | |
| 35 return false; | |
| 36 } | |
| 37 memcpy(key_, key.data(), key.size()); | |
| 38 return true; | |
| 39 } | |
| 40 | |
| 41 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { | |
| 42 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); | |
| 43 if (nonce_prefix.size() != nonce_prefix_size_) { | |
| 44 return false; | |
| 45 } | |
| 46 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); | |
| 47 return true; | |
| 48 } | |
| 49 | |
| 50 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, | |
| 51 QuicPacketNumber packet_number, | |
| 52 StringPiece associated_data, | |
| 53 StringPiece ciphertext, | |
| 54 char* output, | |
| 55 size_t* output_length, | |
| 56 size_t max_output_length) { | |
| 57 if (ciphertext.length() < auth_tag_size_) { | |
| 58 return false; | |
| 59 } | |
| 60 | |
| 61 uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; | |
| 62 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); | |
| 63 DCHECK_LE(nonce_size, sizeof(nonce)); | |
| 64 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | |
| 65 uint64_t path_id_packet_number = | |
| 66 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); | |
| 67 memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, | |
| 68 sizeof(path_id_packet_number)); | |
| 69 | |
| 70 // NSS 3.14.x incorrectly requires an output buffer at least as long as | |
| 71 // the ciphertext (NSS bug | |
| 72 // https://bugzilla.mozilla.org/show_bug.cgi?id= 853674). Fortunately | |
| 73 // QuicDecrypter::Decrypt() specifies that |output| must be as long as | |
| 74 // |ciphertext| on entry. | |
| 75 size_t plaintext_size = ciphertext.length() - auth_tag_size_; | |
| 76 | |
| 77 // Import key_ into NSS. | |
| 78 SECItem key_item; | |
| 79 key_item.type = siBuffer; | |
| 80 key_item.data = key_; | |
| 81 key_item.len = key_size_; | |
| 82 PK11SlotInfo* slot = PK11_GetInternalSlot(); | |
| 83 | |
| 84 // The exact value of the |origin| argument doesn't matter to NSS as long as | |
| 85 // it's not PK11_OriginFortezzaHack, so pass PK11_OriginUnwrap as a | |
| 86 // placeholder. | |
| 87 crypto::ScopedPK11SymKey aead_key( | |
| 88 PK11_ImportSymKey(slot, aead_mechanism_, PK11_OriginUnwrap, CKA_DECRYPT, | |
| 89 &key_item, nullptr)); | |
| 90 PK11_FreeSlot(slot); | |
| 91 slot = nullptr; | |
| 92 if (!aead_key) { | |
| 93 DVLOG(1) << "PK11_ImportSymKey failed"; | |
| 94 return false; | |
| 95 } | |
| 96 | |
| 97 AeadParams aead_params = {0}; | |
| 98 FillAeadParams(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), | |
| 99 associated_data, auth_tag_size_, &aead_params); | |
| 100 | |
| 101 SECItem param; | |
| 102 param.type = siBuffer; | |
| 103 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); | |
| 104 param.len = aead_params.len; | |
| 105 | |
| 106 unsigned int output_len; | |
| 107 if (PK11_Decrypt(aead_key.get(), aead_mechanism_, ¶m, | |
| 108 reinterpret_cast<uint8_t*>(output), &output_len, | |
| 109 max_output_length, | |
| 110 reinterpret_cast<const unsigned char*>(ciphertext.data()), | |
| 111 ciphertext.length()) != SECSuccess) { | |
| 112 return false; | |
| 113 } | |
| 114 | |
| 115 if (output_len != plaintext_size) { | |
| 116 DVLOG(1) << "Wrong output length"; | |
| 117 return false; | |
| 118 } | |
| 119 *output_length = output_len; | |
| 120 return true; | |
| 121 } | |
| 122 | |
| 123 StringPiece AeadBaseDecrypter::GetKey() const { | |
| 124 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | |
| 125 } | |
| 126 | |
| 127 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { | |
| 128 if (nonce_prefix_size_ == 0) { | |
| 129 return StringPiece(); | |
| 130 } | |
| 131 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | |
| 132 nonce_prefix_size_); | |
| 133 } | |
| 134 | |
| 135 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1882433002:
Removing NSS files and USE_OPENSSL flag (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master