OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include <openssl/err.h> | 5 #include <openssl/err.h> |
6 #include <openssl/evp.h> | 6 #include <openssl/evp.h> |
7 | 7 |
8 #include <memory> | 8 #include <memory> |
9 | 9 |
10 #include "net/quic/crypto/aead_base_decrypter.h" | 10 #include "net/quic/crypto/aead_base_decrypter.h" |
| 11 #include "net/quic/quic_bug_tracker.h" |
11 #include "net/quic/quic_flags.h" | 12 #include "net/quic/quic_flags.h" |
12 #include "net/quic/quic_utils.h" | 13 #include "net/quic/quic_utils.h" |
13 | 14 |
14 using base::StringPiece; | 15 using base::StringPiece; |
| 16 using std::string; |
15 | 17 |
16 namespace net { | 18 namespace net { |
17 | 19 |
18 namespace { | 20 namespace { |
19 | 21 |
20 // Clear OpenSSL error stack. | 22 // Clear OpenSSL error stack. |
21 void ClearOpenSslErrors() { | 23 void ClearOpenSslErrors() { |
22 while (ERR_get_error()) { | 24 while (ERR_get_error()) { |
23 } | 25 } |
24 } | 26 } |
(...skipping 14 matching lines...) Expand all Loading... |
39 | 41 |
40 } // namespace | 42 } // namespace |
41 | 43 |
42 AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, | 44 AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, |
43 size_t key_size, | 45 size_t key_size, |
44 size_t auth_tag_size, | 46 size_t auth_tag_size, |
45 size_t nonce_prefix_size) | 47 size_t nonce_prefix_size) |
46 : aead_alg_(aead_alg), | 48 : aead_alg_(aead_alg), |
47 key_size_(key_size), | 49 key_size_(key_size), |
48 auth_tag_size_(auth_tag_size), | 50 auth_tag_size_(auth_tag_size), |
49 nonce_prefix_size_(nonce_prefix_size) { | 51 nonce_prefix_size_(nonce_prefix_size), |
| 52 have_preliminary_key_(false) { |
| 53 DCHECK_GT(256u, key_size); |
| 54 DCHECK_GT(256u, auth_tag_size); |
| 55 DCHECK_GT(256u, nonce_prefix_size); |
50 DCHECK_LE(key_size_, sizeof(key_)); | 56 DCHECK_LE(key_size_, sizeof(key_)); |
51 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | 57 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); |
52 } | 58 } |
53 | 59 |
54 AeadBaseDecrypter::~AeadBaseDecrypter() {} | 60 AeadBaseDecrypter::~AeadBaseDecrypter() {} |
55 | 61 |
56 bool AeadBaseDecrypter::SetKey(StringPiece key) { | 62 bool AeadBaseDecrypter::SetKey(StringPiece key) { |
57 DCHECK_EQ(key.size(), key_size_); | 63 DCHECK_EQ(key.size(), key_size_); |
58 if (key.size() != key_size_) { | 64 if (key.size() != key_size_) { |
59 return false; | 65 return false; |
(...skipping 12 matching lines...) Expand all Loading... |
72 | 78 |
73 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { | 79 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { |
74 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); | 80 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); |
75 if (nonce_prefix.size() != nonce_prefix_size_) { | 81 if (nonce_prefix.size() != nonce_prefix_size_) { |
76 return false; | 82 return false; |
77 } | 83 } |
78 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); | 84 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); |
79 return true; | 85 return true; |
80 } | 86 } |
81 | 87 |
| 88 bool AeadBaseDecrypter::SetPreliminaryKey(StringPiece key) { |
| 89 DCHECK(!have_preliminary_key_); |
| 90 SetKey(key); |
| 91 have_preliminary_key_ = true; |
| 92 |
| 93 return true; |
| 94 } |
| 95 |
| 96 bool AeadBaseDecrypter::SetDiversificationNonce(DiversificationNonce nonce) { |
| 97 if (!have_preliminary_key_) { |
| 98 return true; |
| 99 } |
| 100 |
| 101 string key, nonce_prefix; |
| 102 DiversifyPreliminaryKey( |
| 103 StringPiece(reinterpret_cast<const char*>(key_), key_size_), |
| 104 StringPiece(reinterpret_cast<const char*>(nonce_prefix_), |
| 105 nonce_prefix_size_), |
| 106 nonce, key_size_, nonce_prefix_size_, &key, &nonce_prefix); |
| 107 |
| 108 if (!SetKey(key) || !SetNoncePrefix(nonce_prefix)) { |
| 109 DCHECK(false); |
| 110 return false; |
| 111 } |
| 112 |
| 113 have_preliminary_key_ = false; |
| 114 return true; |
| 115 } |
| 116 |
82 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, | 117 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, |
83 QuicPacketNumber packet_number, | 118 QuicPacketNumber packet_number, |
84 StringPiece associated_data, | 119 StringPiece associated_data, |
85 StringPiece ciphertext, | 120 StringPiece ciphertext, |
86 char* output, | 121 char* output, |
87 size_t* output_length, | 122 size_t* output_length, |
88 size_t max_output_length) { | 123 size_t max_output_length) { |
89 if (ciphertext.length() < auth_tag_size_) { | 124 if (ciphertext.length() < auth_tag_size_) { |
90 return false; | 125 return false; |
91 } | 126 } |
92 | 127 |
| 128 if (have_preliminary_key_) { |
| 129 QUIC_BUG << "Unable to decrypt while key diversification is pending"; |
| 130 return false; |
| 131 } |
| 132 |
93 uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; | 133 uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; |
94 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); | 134 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); |
95 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | 135 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); |
96 uint64_t path_id_packet_number = | 136 uint64_t path_id_packet_number = |
97 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); | 137 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); |
98 memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, | 138 memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, |
99 sizeof(path_id_packet_number)); | 139 sizeof(path_id_packet_number)); |
100 if (!EVP_AEAD_CTX_open( | 140 if (!EVP_AEAD_CTX_open( |
101 ctx_.get(), reinterpret_cast<uint8_t*>(output), output_length, | 141 ctx_.get(), reinterpret_cast<uint8_t*>(output), output_length, |
102 max_output_length, reinterpret_cast<const uint8_t*>(nonce), | 142 max_output_length, reinterpret_cast<const uint8_t*>(nonce), |
(...skipping 15 matching lines...) Expand all Loading... |
118 | 158 |
119 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { | 159 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { |
120 if (nonce_prefix_size_ == 0) { | 160 if (nonce_prefix_size_ == 0) { |
121 return StringPiece(); | 161 return StringPiece(); |
122 } | 162 } |
123 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | 163 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), |
124 nonce_prefix_size_); | 164 nonce_prefix_size_); |
125 } | 165 } |
126 | 166 |
127 } // namespace net | 167 } // namespace net |
OLD | NEW |