| Index: net/quic/crypto/aead_base_decrypter_openssl.cc
|
| ===================================================================
|
| --- net/quic/crypto/aead_base_decrypter_openssl.cc (revision 255481)
|
| +++ net/quic/crypto/aead_base_decrypter_openssl.cc (working copy)
|
| @@ -2,7 +2,7 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
|
| +#include "net/quic/crypto/aead_base_decrypter.h"
|
|
|
| #include <openssl/err.h>
|
| #include <openssl/evp.h>
|
| @@ -15,53 +15,68 @@
|
|
|
| namespace {
|
|
|
| -const size_t kNoncePrefixSize = 4;
|
| -const size_t kAESNonceSize = 12;
|
| +// Clear OpenSSL error stack.
|
| +void ClearOpenSslErrors() {
|
| +#ifdef NDEBUG
|
| + while (ERR_get_error()) {}
|
| +#else
|
| + while (unsigned long error = ERR_get_error()) {
|
| + char buf[120];
|
| + ERR_error_string_n(error, buf, arraysize(buf));
|
| + DLOG(ERROR) << "OpenSSL error: " << buf;
|
| + }
|
| +#endif
|
| +}
|
|
|
| } // namespace
|
|
|
| -Aes128Gcm12Decrypter::Aes128Gcm12Decrypter() {}
|
| +AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg,
|
| + size_t key_size,
|
| + size_t auth_tag_size,
|
| + size_t nonce_prefix_size)
|
| + : aead_alg_(aead_alg),
|
| + key_size_(key_size),
|
| + auth_tag_size_(auth_tag_size),
|
| + nonce_prefix_size_(nonce_prefix_size) {
|
| + DCHECK_LE(key_size_, sizeof(key_));
|
| + DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
|
| +}
|
|
|
| -Aes128Gcm12Decrypter::~Aes128Gcm12Decrypter() {}
|
| +AeadBaseDecrypter::~AeadBaseDecrypter() {}
|
|
|
| -// static
|
| -bool Aes128Gcm12Decrypter::IsSupported() { return true; }
|
| -
|
| -bool Aes128Gcm12Decrypter::SetKey(StringPiece key) {
|
| - DCHECK_EQ(key.size(), sizeof(key_));
|
| - if (key.size() != sizeof(key_)) {
|
| +bool AeadBaseDecrypter::SetKey(StringPiece key) {
|
| + DCHECK_EQ(key.size(), key_size_);
|
| + if (key.size() != key_size_) {
|
| return false;
|
| }
|
| memcpy(key_, key.data(), key.size());
|
|
|
| EVP_AEAD_CTX_cleanup(ctx_.get());
|
| - if (!EVP_AEAD_CTX_init(ctx_.get(), EVP_aead_aes_128_gcm(), key_,
|
| - sizeof(key_), kAuthTagSize, NULL)) {
|
| - // Clear OpenSSL error stack.
|
| - while (ERR_get_error()) {}
|
| + if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
|
| + auth_tag_size_, NULL)) {
|
| + ClearOpenSslErrors();
|
| return false;
|
| }
|
|
|
| return true;
|
| }
|
|
|
| -bool Aes128Gcm12Decrypter::SetNoncePrefix(StringPiece nonce_prefix) {
|
| - DCHECK_EQ(nonce_prefix.size(), kNoncePrefixSize);
|
| - if (nonce_prefix.size() != kNoncePrefixSize) {
|
| +bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
|
| + DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
|
| + if (nonce_prefix.size() != nonce_prefix_size_) {
|
| return false;
|
| }
|
| - COMPILE_ASSERT(sizeof(nonce_prefix_) == kNoncePrefixSize, bad_nonce_length);
|
| memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
|
| return true;
|
| }
|
|
|
| -bool Aes128Gcm12Decrypter::Decrypt(StringPiece nonce,
|
| - StringPiece associated_data,
|
| - StringPiece ciphertext,
|
| - uint8* output,
|
| - size_t* output_length) {
|
| - if (ciphertext.length() < kAuthTagSize ||
|
| - nonce.size() != kNoncePrefixSize + sizeof(QuicPacketSequenceNumber)) {
|
| +bool AeadBaseDecrypter::Decrypt(StringPiece nonce,
|
| + StringPiece associated_data,
|
| + StringPiece ciphertext,
|
| + uint8* output,
|
| + size_t* output_length) {
|
| + if (ciphertext.length() < auth_tag_size_ ||
|
| + nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
|
| return false;
|
| }
|
|
|
| @@ -73,8 +88,7 @@
|
| associated_data.size());
|
|
|
| if (len < 0) {
|
| - // Clear OpenSSL error stack.
|
| - while (ERR_get_error()) {}
|
| + ClearOpenSslErrors();
|
| return false;
|
| }
|
|
|
| @@ -82,21 +96,22 @@
|
| return true;
|
| }
|
|
|
| -QuicData* Aes128Gcm12Decrypter::DecryptPacket(
|
| +QuicData* AeadBaseDecrypter::DecryptPacket(
|
| QuicPacketSequenceNumber sequence_number,
|
| StringPiece associated_data,
|
| StringPiece ciphertext) {
|
| - if (ciphertext.length() < kAuthTagSize) {
|
| + if (ciphertext.length() < auth_tag_size_) {
|
| return NULL;
|
| }
|
| size_t plaintext_size = ciphertext.length();
|
| scoped_ptr<char[]> plaintext(new char[plaintext_size]);
|
|
|
| - uint8 nonce[kNoncePrefixSize + sizeof(sequence_number)];
|
| - COMPILE_ASSERT(sizeof(nonce) == kAESNonceSize, bad_sequence_number_size);
|
| - memcpy(nonce, nonce_prefix_, kNoncePrefixSize);
|
| - memcpy(nonce + kNoncePrefixSize, &sequence_number, sizeof(sequence_number));
|
| - if (!Decrypt(StringPiece(reinterpret_cast<char*>(nonce), sizeof(nonce)),
|
| + uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)];
|
| + const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
|
| + DCHECK_LE(nonce_size, sizeof(nonce));
|
| + memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
|
| + memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number));
|
| + if (!Decrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
|
| associated_data, ciphertext,
|
| reinterpret_cast<uint8*>(plaintext.get()),
|
| &plaintext_size)) {
|
| @@ -105,13 +120,16 @@
|
| return new QuicData(plaintext.release(), plaintext_size, true);
|
| }
|
|
|
| -StringPiece Aes128Gcm12Decrypter::GetKey() const {
|
| - return StringPiece(reinterpret_cast<const char*>(key_), sizeof(key_));
|
| +StringPiece AeadBaseDecrypter::GetKey() const {
|
| + return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
|
| }
|
|
|
| -StringPiece Aes128Gcm12Decrypter::GetNoncePrefix() const {
|
| +StringPiece AeadBaseDecrypter::GetNoncePrefix() const {
|
| + if (nonce_prefix_size_ == 0) {
|
| + return StringPiece();
|
| + }
|
| return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
|
| - kNoncePrefixSize);
|
| + nonce_prefix_size_);
|
| }
|
|
|
| } // namespace net
|
|
|
Chromium Code Reviews
Issue 189893002:
Add ChaCha20Poly1305Encrypter, based on (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/