| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_ | 5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ |
| 6 #define NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_ | 6 #define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ |
| 7 | |
| 8 #include <string> | |
| 9 | 7 |
| 10 #include "base/compiler_specific.h" | 8 #include "base/compiler_specific.h" |
| 11 #include "net/quic/crypto/quic_encrypter.h" | 9 #include "net/quic/crypto/quic_encrypter.h" |
| 12 | 10 |
| 13 #if defined(USE_OPENSSL) | 11 #if defined(USE_OPENSSL) |
| 14 #include "net/quic/crypto/scoped_evp_aead_ctx.h" | 12 #include "net/quic/crypto/scoped_evp_aead_ctx.h" |
| 13 #else |
| 14 #include <pkcs11t.h> |
| 15 #endif | 15 #endif |
| 16 | 16 |
| 17 namespace net { | 17 namespace net { |
| 18 | 18 |
| 19 namespace test { | 19 // AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses. |
| 20 class Aes128Gcm12EncrypterPeer; | 20 class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { |
| 21 } // namespace test | |
| 22 | |
| 23 // An Aes128Gcm12Encrypter is a QuicEncrypter that implements the | |
| 24 // AEAD_AES_128_GCM_12 algorithm specified in RFC 5282. Create an instance by | |
| 25 // calling QuicEncrypter::Create(kAESG). | |
| 26 // | |
| 27 // It uses an authentication tag of 12 bytes (96 bits). The fixed prefix | |
| 28 // of the nonce is four bytes. | |
| 29 class NET_EXPORT_PRIVATE Aes128Gcm12Encrypter : public QuicEncrypter { | |
| 30 public: | 21 public: |
| 31 enum { | 22 #if defined(USE_OPENSSL) |
| 32 // Authentication tags are truncated to 96 bits. | 23 AeadBaseEncrypter(const EVP_AEAD* aead_alg, |
| 33 kAuthTagSize = 12, | 24 size_t key_size, |
| 34 }; | 25 size_t auth_tag_size, |
| 35 | 26 size_t nonce_prefix_size); |
| 36 Aes128Gcm12Encrypter(); | 27 #else |
| 37 virtual ~Aes128Gcm12Encrypter(); | 28 AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism, |
| 29 size_t key_size, |
| 30 size_t auth_tag_size, |
| 31 size_t nonce_prefix_size); |
| 32 #endif |
| 33 virtual ~AeadBaseEncrypter(); |
| 38 | 34 |
| 39 // QuicEncrypter implementation | 35 // QuicEncrypter implementation |
| 40 virtual bool SetKey(base::StringPiece key) OVERRIDE; | 36 virtual bool SetKey(base::StringPiece key) OVERRIDE; |
| 41 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; | 37 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; |
| 42 virtual bool Encrypt(base::StringPiece nonce, | 38 virtual bool Encrypt(base::StringPiece nonce, |
| 43 base::StringPiece associated_data, | 39 base::StringPiece associated_data, |
| 44 base::StringPiece plaintext, | 40 base::StringPiece plaintext, |
| 45 unsigned char* output) OVERRIDE; | 41 unsigned char* output) OVERRIDE; |
| 46 virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number, | 42 virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number, |
| 47 base::StringPiece associated_data, | 43 base::StringPiece associated_data, |
| 48 base::StringPiece plaintext) OVERRIDE; | 44 base::StringPiece plaintext) OVERRIDE; |
| 49 virtual size_t GetKeySize() const OVERRIDE; | 45 virtual size_t GetKeySize() const OVERRIDE; |
| 50 virtual size_t GetNoncePrefixSize() const OVERRIDE; | 46 virtual size_t GetNoncePrefixSize() const OVERRIDE; |
| 51 virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const OVERRIDE; | 47 virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const OVERRIDE; |
| 52 virtual size_t GetCiphertextSize(size_t plaintext_size) const OVERRIDE; | 48 virtual size_t GetCiphertextSize(size_t plaintext_size) const OVERRIDE; |
| 53 virtual base::StringPiece GetKey() const OVERRIDE; | 49 virtual base::StringPiece GetKey() const OVERRIDE; |
| 54 virtual base::StringPiece GetNoncePrefix() const OVERRIDE; | 50 virtual base::StringPiece GetNoncePrefix() const OVERRIDE; |
| 55 | 51 |
| 52 protected: |
| 53 // Make these constants available to the subclasses so that the subclasses |
| 54 // can assert at compile time their key_size_ and nonce_prefix_size_ do not |
| 55 // exceed the maximum. |
| 56 static const size_t kMaxKeySize = 32; |
| 57 static const size_t kMaxNoncePrefixSize = 4; |
| 58 |
| 59 #if !defined(USE_OPENSSL) |
| 60 struct AeadParams { |
| 61 unsigned int len; |
| 62 union { |
| 63 CK_GCM_PARAMS gcm_params; |
| 64 #if !defined(USE_NSS) |
| 65 // The system NSS <pkcs11n.h> header doesn't define this type yet. |
| 66 CK_NSS_AEAD_PARAMS nss_aead_params; |
| 67 #endif |
| 68 } data; |
| 69 }; |
| 70 |
| 71 virtual void FillAeadParams(base::StringPiece nonce, |
| 72 base::StringPiece associated_data, |
| 73 size_t auth_tag_size, |
| 74 AeadParams* aead_params) const = 0; |
| 75 #endif |
| 76 |
| 56 private: | 77 private: |
| 57 // The 128-bit AES key. | 78 #if defined(USE_OPENSSL) |
| 58 unsigned char key_[16]; | 79 const EVP_AEAD* aead_alg_; |
| 80 #else |
| 81 const CK_MECHANISM_TYPE aead_mechanism_; |
| 82 #endif |
| 83 const size_t key_size_; |
| 84 const size_t auth_tag_size_; |
| 85 const size_t nonce_prefix_size_; |
| 86 |
| 87 // The key. |
| 88 unsigned char key_[kMaxKeySize]; |
| 59 // The nonce prefix. | 89 // The nonce prefix. |
| 60 unsigned char nonce_prefix_[4]; | 90 unsigned char nonce_prefix_[kMaxNoncePrefixSize]; |
| 61 | 91 |
| 62 #if defined(USE_OPENSSL) | 92 #if defined(USE_OPENSSL) |
| 63 ScopedEVPAEADCtx ctx_; | 93 ScopedEVPAEADCtx ctx_; |
| 64 #endif | 94 #endif |
| 65 }; | 95 }; |
| 66 | 96 |
| 67 } // namespace net | 97 } // namespace net |
| 68 | 98 |
| 69 #endif // NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_ | 99 #endif // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 189893002:
Add ChaCha20Poly1305Encrypter, based on (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/