Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(333)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/aead_base_decrypter.h

Issue 189893002: Add ChaCha20Poly1305Encrypter, based on (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src/
Patch Set: Move GCM-specific code back to the Aes128Gcm12En/Decrypter classes Created 6 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/net.gyp ('k') | net/quic/crypto/aead_base_decrypter_nss.cc » ('j') | net/quic/crypto/aead_base_decrypter_nss.cc » ('J')
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/aead_base_decrypter.h
===================================================================
--- net/quic/crypto/aead_base_decrypter.h (revision 255481)
+++ net/quic/crypto/aead_base_decrypter.h (working copy)
@@ -2,43 +2,43 @@
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
-#ifndef NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_
-#define NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_
+#ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
+#define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
-#include <string>
-
#include "base/compiler_specific.h"
#include "net/quic/crypto/quic_decrypter.h"
#if defined(USE_OPENSSL)
#include "net/quic/crypto/scoped_evp_aead_ctx.h"
+#else
+#include <pkcs11t.h>
+#include <seccomon.h>
+typedef struct PK11SymKeyStr PK11SymKey;
+typedef SECStatus (*PK11_DecryptFunction)(
+ PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
+ unsigned char* out, unsigned int* outLen, unsigned int maxLen,
+ const unsigned char* enc, unsigned encLen);
#endif
namespace net {
-namespace test {
-class Aes128Gcm12DecrypterPeer;
-} // namespace test
-
-// An Aes128Gcm12Decrypter is a QuicDecrypter that implements the
-// AEAD_AES_128_GCM_12 algorithm specified in RFC 5282. Create an instance by
-// calling QuicDecrypter::Create(kAESG).
-//
-// It uses an authentication tag of 12 bytes (96 bits). The fixed prefix
-// of the nonce is four bytes.
-class NET_EXPORT_PRIVATE Aes128Gcm12Decrypter : public QuicDecrypter {
+// AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses.
+class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
public:
- enum {
- // Authentication tags are truncated to 96 bits.
- kAuthTagSize = 12,
- };
+#if defined(USE_OPENSSL)
+ AeadBaseDecrypter(const EVP_AEAD* aead_alg,
+ size_t key_size,
+ size_t auth_tag_size,
+ size_t nonce_prefix_size);
+#else
+ AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
+ PK11_DecryptFunction pk11_decrypt,
+ size_t key_size,
+ size_t auth_tag_size,
+ size_t nonce_prefix_size);
+#endif
+ virtual ~AeadBaseDecrypter();
- Aes128Gcm12Decrypter();
- virtual ~Aes128Gcm12Decrypter();
-
- // Returns true if the underlying crypto library supports AES GCM.
- static bool IsSupported();
-
// QuicDecrypter implementation
virtual bool SetKey(base::StringPiece key) OVERRIDE;
virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
@@ -53,11 +53,47 @@
virtual base::StringPiece GetKey() const OVERRIDE;
virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
+ protected:
+ // Make these constants available to the subclasses so that the subclasses
+ // can assert at compile time their key_size_ and nonce_prefix_size_ do not
+ // exceed the maximum.
+ static const size_t kMaxKeySize = 32;
+ static const size_t kMaxNoncePrefixSize = 4;
+
+#if !defined(USE_OPENSSL)
+ struct AeadParams {
+ unsigned int len;
+ union {
+ CK_GCM_PARAMS gcm_params;
+#if !defined(USE_NSS)
+ // USE_NSS means we are using system NSS rather than our copy of NSS.
+ // The system NSS <pkcs11n.h> header doesn't define this type yet.
+ CK_NSS_AEAD_PARAMS nss_aead_params;
+#endif
+ } data;
+ };
+
+ virtual void FillAeadParams(base::StringPiece nonce,
+ base::StringPiece associated_data,
+ size_t auth_tag_size,
+ AeadParams* aead_params) const = 0;
+#endif // !defined(USE_OPENSSL)
+
private:
- // The 128-bit AES key.
- unsigned char key_[16];
+#if defined(USE_OPENSSL)
+ const EVP_AEAD* aead_alg_;
wtc 2014/03/11 04:21:12 Note to self: make this member const: const EVP
+#else
+ CK_MECHANISM_TYPE aead_mechanism_;
wtc 2014/03/11 04:21:12 Note to self: make this member const.
+ const PK11_DecryptFunction pk11_decrypt_;
wtc 2014/03/11 15:53:50 I just realized that pk11_decrypt_ is essentially
+#endif
+ const size_t key_size_;
+ const size_t auth_tag_size_;
+ const size_t nonce_prefix_size_;
+
+ // The key.
+ unsigned char key_[kMaxKeySize];
// The nonce prefix.
- unsigned char nonce_prefix_[4];
+ unsigned char nonce_prefix_[kMaxNoncePrefixSize];
#if defined(USE_OPENSSL)
ScopedEVPAEADCtx ctx_;
@@ -66,4 +102,4 @@
} // namespace net
-#endif // NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_
+#endif // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
« no previous file with comments | « net/net.gyp ('k') | net/quic/crypto/aead_base_decrypter_nss.cc » ('j') | net/quic/crypto/aead_base_decrypter_nss.cc » ('J')

Powered by Google App Engine
This is Rietveld 408576698