| Index: net/quic/crypto/aead_base_encrypter.h
|
| ===================================================================
|
| --- net/quic/crypto/aead_base_encrypter.h (revision 255481)
|
| +++ net/quic/crypto/aead_base_encrypter.h (working copy)
|
| @@ -2,40 +2,43 @@
|
| // Use of this source code is governed by a BSD-style license that can be
|
| // found in the LICENSE file.
|
|
|
| -#ifndef NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_
|
| -#define NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_
|
| +#ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
|
| +#define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
|
|
|
| -#include <string>
|
| -
|
| #include "base/compiler_specific.h"
|
| #include "net/quic/crypto/quic_encrypter.h"
|
|
|
| #if defined(USE_OPENSSL)
|
| #include "net/quic/crypto/scoped_evp_aead_ctx.h"
|
| +#else
|
| +#include <pkcs11t.h>
|
| +#include <seccomon.h>
|
| +typedef struct PK11SymKeyStr PK11SymKey;
|
| +typedef SECStatus (*PK11_EncryptFunction)(
|
| + PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
|
| + unsigned char* out, unsigned int* outLen, unsigned int maxLen,
|
| + const unsigned char* data, unsigned int dataLen);
|
| #endif
|
|
|
| namespace net {
|
|
|
| -namespace test {
|
| -class Aes128Gcm12EncrypterPeer;
|
| -} // namespace test
|
| -
|
| -// An Aes128Gcm12Encrypter is a QuicEncrypter that implements the
|
| -// AEAD_AES_128_GCM_12 algorithm specified in RFC 5282. Create an instance by
|
| -// calling QuicEncrypter::Create(kAESG).
|
| -//
|
| -// It uses an authentication tag of 12 bytes (96 bits). The fixed prefix
|
| -// of the nonce is four bytes.
|
| -class NET_EXPORT_PRIVATE Aes128Gcm12Encrypter : public QuicEncrypter {
|
| +// AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses.
|
| +class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
|
| public:
|
| - enum {
|
| - // Authentication tags are truncated to 96 bits.
|
| - kAuthTagSize = 12,
|
| - };
|
| +#if defined(USE_OPENSSL)
|
| + AeadBaseEncrypter(const EVP_AEAD* aead_alg,
|
| + size_t key_size,
|
| + size_t auth_tag_size,
|
| + size_t nonce_prefix_size);
|
| +#else
|
| + AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
|
| + PK11_EncryptFunction pk11_encrypt,
|
| + size_t key_size,
|
| + size_t auth_tag_size,
|
| + size_t nonce_prefix_size);
|
| +#endif
|
| + virtual ~AeadBaseEncrypter();
|
|
|
| - Aes128Gcm12Encrypter();
|
| - virtual ~Aes128Gcm12Encrypter();
|
| -
|
| // QuicEncrypter implementation
|
| virtual bool SetKey(base::StringPiece key) OVERRIDE;
|
| virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
|
| @@ -53,11 +56,47 @@
|
| virtual base::StringPiece GetKey() const OVERRIDE;
|
| virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
|
|
|
| + protected:
|
| + // Make these constants available to the subclasses so that the subclasses
|
| + // can assert at compile time their key_size_ and nonce_prefix_size_ do not
|
| + // exceed the maximum.
|
| + static const size_t kMaxKeySize = 32;
|
| + static const size_t kMaxNoncePrefixSize = 4;
|
| +
|
| +#if !defined(USE_OPENSSL)
|
| + struct AeadParams {
|
| + unsigned int len;
|
| + union {
|
| + CK_GCM_PARAMS gcm_params;
|
| +#if !defined(USE_NSS)
|
| + // USE_NSS means we are using system NSS rather than our copy of NSS.
|
| + // The system NSS <pkcs11n.h> header doesn't define this type yet.
|
| + CK_NSS_AEAD_PARAMS nss_aead_params;
|
| +#endif
|
| + } data;
|
| + };
|
| +
|
| + virtual void FillAeadParams(base::StringPiece nonce,
|
| + base::StringPiece associated_data,
|
| + size_t auth_tag_size,
|
| + AeadParams* aead_params) const = 0;
|
| +#endif
|
| +
|
| private:
|
| - // The 128-bit AES key.
|
| - unsigned char key_[16];
|
| +#if defined(USE_OPENSSL)
|
| + const EVP_AEAD* const aead_alg_;
|
| +#else
|
| + const CK_MECHANISM_TYPE aead_mechanism_;
|
| + const PK11_EncryptFunction pk11_encrypt_;
|
| +#endif
|
| + const size_t key_size_;
|
| + const size_t auth_tag_size_;
|
| + const size_t nonce_prefix_size_;
|
| +
|
| + // The key.
|
| + unsigned char key_[kMaxKeySize];
|
| // The nonce prefix.
|
| - unsigned char nonce_prefix_[4];
|
| + unsigned char nonce_prefix_[kMaxNoncePrefixSize];
|
|
|
| #if defined(USE_OPENSSL)
|
| ScopedEVPAEADCtx ctx_;
|
| @@ -66,4 +105,4 @@
|
|
|
| } // namespace net
|
|
|
| -#endif // NET_QUIC_CRYPTO_AES_128_GCM_12_ENCRYPTER_H_
|
| +#endif // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
|
|
|
Chromium Code Reviews
Issue 196743005:
Add the files created with "svn copy" first. (Closed)
Base URL: svn://svn.chromium.org/chrome/trunk/src/