net/quic/crypto/aead_base_decrypter.cc - Issue 1904213002: QUIC: support diversified keys with version 33.

Keyboard Shortcuts

	File
u :	up to issue
j / k :	jump to file after / before current file
J / K :	jump to next file with a comment after / before current file
	Side-by-side diff
i :	toggle intra-line diffs
e :	expand all comments
c :	collapse all comments
s :	toggle showing all comments
n / p :	next / previous diff chunk or comment
N / P :	next / previous comment
<Up> / <Down> :	next / previous line

	Issue
u :	up to list of issues
j / k :	jump to patch after / before current patch
o / <Enter> :	open current patch in side-by-side view
i :	open current patch in unified diff view

	Issue List
j / k :	jump to issue after / before current issue
o / <Enter> :	open current issue

Unified Diff: net/quic/crypto/aead_base_decrypter.cc

Issue 1904213002: QUIC: support diversified keys with version 33. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@hkdf

Patch Set: Rebase Created 4 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View side-by-side diff with in-line comments

Download patch

Index: net/quic/crypto/aead_base_decrypter.cc

diff --git a/net/quic/crypto/aead_base_decrypter.cc b/net/quic/crypto/aead_base_decrypter.cc

index aa62a45f6fd96b77b11abdb831a72f0933666946..8b6661a9ba9c1f9e7f56fbe789170b8c7451cfc6 100644

--- a/net/quic/crypto/aead_base_decrypter.cc

+++ b/net/quic/crypto/aead_base_decrypter.cc

@@ -8,10 +8,12 @@

#include <memory>

#include "net/quic/crypto/aead_base_decrypter.h"

+#include "net/quic/quic_bug_tracker.h"

#include "net/quic/quic_flags.h"

#include "net/quic/quic_utils.h"

using base::StringPiece;

+using std::string;

namespace net {

@@ -46,7 +48,11 @@ AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg,

: aead_alg_(aead_alg),

key_size_(key_size),

auth_tag_size_(auth_tag_size),

- nonce_prefix_size_(nonce_prefix_size) {

+ nonce_prefix_size_(nonce_prefix_size),

+ have_preliminary_key_(false) {

+ DCHECK_GT(256u, key_size);

+ DCHECK_GT(256u, auth_tag_size);

+ DCHECK_GT(256u, nonce_prefix_size);

DCHECK_LE(key_size_, sizeof(key_));

DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));

}

@@ -79,6 +85,35 @@ bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {

return true;

}

+bool AeadBaseDecrypter::SetPreliminaryKey(StringPiece key) {

+ DCHECK(!have_preliminary_key_);

+ SetKey(key);

+ have_preliminary_key_ = true;

+ return true;

+bool AeadBaseDecrypter::SetDiversificationNonce(DiversificationNonce nonce) {

+ if (!have_preliminary_key_) {

+ return true;

+ }

+ string key, nonce_prefix;

+ DiversifyPreliminaryKey(

+ StringPiece(reinterpret_cast<const char*>(key_), key_size_),

+ StringPiece(reinterpret_cast<const char*>(nonce_prefix_),

+ nonce_prefix_size_),

+ nonce, key_size_, nonce_prefix_size_, &key, &nonce_prefix);

+ if (!SetKey(key) || !SetNoncePrefix(nonce_prefix)) {

+ DCHECK(false);

+ return false;

+ }

+ have_preliminary_key_ = false;

+ return true;

bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id,

QuicPacketNumber packet_number,

StringPiece associated_data,

@@ -90,6 +125,11 @@ bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id,

return false;

}

+ if (have_preliminary_key_) {

+ QUIC_BUG << "Unable to decrypt while key diversification is pending";

+ return false;

+ }

uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)];

const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number);

memcpy(nonce, nonce_prefix_, nonce_prefix_size_);

« no previous file with comments | « net/quic/crypto/aead_base_decrypter.h ('k') | net/quic/crypto/crypto_server_test.cc » ('j') | no next file with comments »