OLD | NEW |
| (Empty) |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
2 // Use of this source code is governed by a BSD-style license that can be | |
3 // found in the LICENSE file. | |
4 | |
5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" | |
6 | |
7 #include <pk11pub.h> | |
8 #include <secerr.h> | |
9 | |
10 using base::StringPiece; | |
11 | |
12 namespace net { | |
13 | |
14 namespace { | |
15 | |
16 const size_t kKeySize = 16; | |
17 const size_t kNoncePrefixSize = 4; | |
18 | |
19 } // namespace | |
20 | |
21 Aes128Gcm12Decrypter::Aes128Gcm12Decrypter() | |
22 : AeadBaseDecrypter(CKM_AES_GCM, kKeySize, kAuthTagSize, kNoncePrefixSize) { | |
23 static_assert(kKeySize <= kMaxKeySize, "key size too big"); | |
24 static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize, | |
25 "nonce prefix size too big"); | |
26 } | |
27 | |
28 Aes128Gcm12Decrypter::~Aes128Gcm12Decrypter() {} | |
29 | |
30 void Aes128Gcm12Decrypter::FillAeadParams(StringPiece nonce, | |
31 StringPiece associated_data, | |
32 size_t auth_tag_size, | |
33 AeadParams* aead_params) const { | |
34 aead_params->len = sizeof(aead_params->data.gcm_params); | |
35 CK_GCM_PARAMS* gcm_params = &aead_params->data.gcm_params; | |
36 gcm_params->pIv = reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data())); | |
37 gcm_params->ulIvLen = nonce.size(); | |
38 gcm_params->pAAD = | |
39 reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data())); | |
40 gcm_params->ulAADLen = associated_data.size(); | |
41 gcm_params->ulTagBits = auth_tag_size * 8; | |
42 } | |
43 | |
44 const char* Aes128Gcm12Decrypter::cipher_name() const { | |
45 // TODO(rtenneti): Use TLS1_TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead | |
46 // of hard coded string. | |
47 // return TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256; | |
48 return "ECDHE-RSA-AES128-GCM-SHA256"; | |
49 } | |
50 | |
51 uint32_t Aes128Gcm12Decrypter::cipher_id() const { | |
52 // TODO(rtenneti): when Chromium requires NSS 3.15.2 or later, use | |
53 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead of 0xC02F. | |
54 // Or'ed with 0x03000000 to match OpenSSL/BoringSSL implementations. | |
55 return 0x03000000 | 0xC02F; | |
56 } | |
57 | |
58 } // namespace net | |
OLD | NEW |