net/quic/crypto/crypto_secret_boxer.cc - Issue 213473003: This change introduces a way to tie source address token keys to specific QUIC server configs

Side by Side Diff: net/quic/crypto/crypto_secret_boxer.cc

Issue 213473003: This change introduces a way to tie source address token keys to specific QUIC server configs (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src

Patch Set: Use QuicEncrypter and QuicDecrypter to encrypt and decrypt SecretBoxer's Box/Unbox methods Created 6 years, 8 months ago

Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.

Jump to:

View unified diff | Download patch | Annotate | Revision Log

OLD	NEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.	1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.

2 // Use of this source code is governed by a BSD-style license that can be	2 // Use of this source code is governed by a BSD-style license that can be

3 // found in the LICENSE file.	3 // found in the LICENSE file.

4	4

5 #include "net/quic/crypto/crypto_secret_boxer.h"	5 #include "net/quic/crypto/crypto_secret_boxer.h"

6	6

7 #include "base/logging.h"	7 #include "base/logging.h"

8 #include "base/memory/scoped_ptr.h"	8 #include "base/memory/scoped_ptr.h"

9 #include "crypto/secure_hash.h"	9 #include "crypto/secure_hash.h"

10 #include "crypto/sha2.h"	10 #include "crypto/sha2.h"
	wtc 2014/04/07 18:38:24 Please remove "crypto/secure_hash.h" and "crypto/s Please remove "crypto/secure_hash.h" and "crypto/sha2.h". ramant (doing other things) 2014/04/21 22:39:29 Done. Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > Please remove "crypto/secure_hash.h" and "crypto/sha2.h". Done.
	11 #include "net/quic/crypto/crypto_protocol.h"

	12 #include "net/quic/crypto/quic_decrypter.h"

	13 #include "net/quic/crypto/quic_encrypter.h"

11 #include "net/quic/crypto/quic_random.h"	14 #include "net/quic/crypto/quic_random.h"

12	15

13 using base::StringPiece;	16 using base::StringPiece;

14 using std::string;	17 using std::string;

15	18

16 namespace net {	19 namespace net {

17	20

18 // Defined kKeySize for GetKeySize() and SetKey().	21 // Defined kKeySize for GetKeySize() and SetKey().

19 static const size_t kKeySize = 16;	22 static const size_t kKeySize = 16;

20	23

21 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.	24 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.

22 static const size_t kBoxNonceSize = 16;	25 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
	wtc 2014/04/07 18:38:24 Please explain why we want to switch to an algorit Please explain why we want to switch to an algorithm that allows us to use a 16-byte nonce size. You can copy the explanation from Adam's email. ramant (doing other things) 2014/04/21 22:39:29 Done. Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > Please explain why we want to switch to an algorithm that allows us to use a > 16-byte nonce size. You can copy the explanation from Adam's email. Done.
	26 static const size_t kBoxNonceSize = 12;

23	27

24 // static	28 // static

25 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }	29 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }
	wtc 2014/04/07 18:38:24 We should ideally get the key size from QuicEncryp We should ideally get the key size from QuicEncrypter::GetKeySize(). But this may require changing this method to a non-static method. (It is not necessary to make this change.) ramant (doing other things) 2014/04/21 22:39:29 Acknowledged. Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > We should ideally get the key size from QuicEncrypter::GetKeySize(). But this > may require changing this method to a non-static method. (It is not necessary to > make this change.) Acknowledged.
26	30

27 void CryptoSecretBoxer::SetKey(StringPiece key) {	31 void CryptoSecretBoxer::SetKey(StringPiece key) {

28 DCHECK_EQ(static_cast<size_t>(kKeySize), key.size());	32 DCHECK_EQ(static_cast<size_t>(kKeySize), key.size());

29 key_ = key.as_string();	33 key_ = key.as_string();

30 }	34 }

31	35

32 // TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Encrypter to Box the

33 // plaintext. This is temporary solution for tests to pass.

34 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {	36 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {

	37 scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG));
	wtc 2014/04/07 18:38:24 It seems that \|encrypter\| and \|decrypter\| should b It seems that \|encrypter\| and \|decrypter\| should be data members and created in the constructor. Then, SetKey can just invoke encrypter_->SetKey() and decrypter_->SetKey(). The only downside I can see is that we may create encrypter_ without ever using it, if Box() is never called. (Similarly for decrypter_.) ramant (doing other things) 2014/04/21 22:39:29 Will make this change in internal source code and Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > It seems that \|encrypter\| and \|decrypter\| should be data members and created in > the constructor. Then, SetKey can just invoke encrypter_->SetKey() and > decrypter_->SetKey(). The only downside I can see is that we may create > encrypter_ without ever using it, if Box() is never called. (Similarly for > decrypter_.) Will make this change in internal source code and will merge in chromium code. ramant (doing other things) 2014/04/22 01:09:09 Done. Show quoted text On 2014/04/21 22:39:29, ramant wrote: > On 2014/04/07 18:38:24, wtc wrote: > > > > It seems that \|encrypter\| and \|decrypter\| should be data members and created > in > > the constructor. Then, SetKey can just invoke encrypter_->SetKey() and > > decrypter_->SetKey(). The only downside I can see is that we may create > > encrypter_ without ever using it, if Box() is never called. (Similarly for > > decrypter_.) Done. Show quoted text > > Will make this change in internal source code and will merge in chromium code. "The only downside I can see is that we may create encrypter_ without ever using it, if Box() is never called.". BTW: It looks like Box is not always called (the following are couple of examples). https://code.google.com/p/chromium/codesearch#chromium/src/net/quic/crypto/qu... https://code.google.com/p/chromium/codesearch#chromium/src/net/quic/crypto/qu... ramant (doing other things) 2014/04/22 01:35:15 Please ignore this comment. This change is n/a in Show quoted text On 2014/04/21 22:39:29, ramant wrote: > On 2014/04/07 18:38:24, wtc wrote: > > > > It seems that \|encrypter\| and \|decrypter\| should be data members and created > in > > the constructor. Then, SetKey can just invoke encrypter_->SetKey() and > > decrypter_->SetKey(). The only downside I can see is that we may create > > encrypter_ without ever using it, if Box() is never called. (Similarly for > > decrypter_.) > > Will make this change in internal source code and will merge in chromium code. Please ignore this comment. This change is n/a in the internal source.
	38 if (!encrypter->SetKey(key_)) {

	39 DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
	wtc 2014/04/07 18:38:24 This log message should say "SetKey" instead of "E This log message should say "SetKey" instead of "Encrypt". ramant (doing other things) 2014/04/21 22:39:29 Done. Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > This log message should say "SetKey" instead of "Encrypt". Done.
	40 return string();

	41 }

	42 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());

	43

35 string ret;	44 string ret;

36 const size_t len = kBoxNonceSize + plaintext.size() + crypto::kSHA256Length;	45 const size_t len = kBoxNonceSize + ciphertext_size;

37 ret.resize(len);	46 ret.resize(len);

38 char* data = &ret[0];	47 char* data = &ret[0];

39	48

40 // Generate nonce.	49 // Generate nonce.

41 rand->RandBytes(data, kBoxNonceSize);	50 rand->RandBytes(data, kBoxNonceSize);

42 memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());	51 memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());

43	52

44 // Compute sha256 for nonce + plaintext.	53 if (!encrypter->Encrypt(string(data, kBoxNonceSize), StringPiece(), plaintext,
	wtc 2014/04/07 18:38:24 1. Change string(data, kBoxNonceSize) to S 1. Change string(data, kBoxNonceSize) to StringPiece(data, kBoxNonceSize) 2. Make the same change to line 80. ramant (doing other things) 2014/04/21 22:39:29 Done. Show quoted text On 2014/04/07 18:38:24, wtc wrote: > > 1. Change > string(data, kBoxNonceSize) > to > StringPiece(data, kBoxNonceSize) > > 2. Make the same change to line 80. Done.
45 scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create(	54 reinterpret_cast<unsigned char*>(

46 crypto::SecureHash::SHA256));	55 data + kBoxNonceSize))) {

47 sha256->Update(data, kBoxNonceSize + plaintext.size());	56 DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";

48 sha256->Finish(data + kBoxNonceSize + plaintext.size(),	57 return string();

49 crypto::kSHA256Length);	58 }

50	59

51 return ret;	60 return ret;

52 }	61 }

53	62

54 // TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Decrypter to Unbox

55 // the plaintext. This is temporary solution for tests to pass.

56 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,	63 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,

57 string* out_storage,	64 string* out_storage,

58 StringPiece* out) const {	65 StringPiece* out) const {

59 if (ciphertext.size() < kBoxNonceSize + crypto::kSHA256Length) {	66 if (ciphertext.size() < kBoxNonceSize) {

60 return false;	67 return false;

61 }	68 }

62	69

63 const size_t plaintext_len =	70 char nonce[kBoxNonceSize];

64 ciphertext.size() - kBoxNonceSize - crypto::kSHA256Length;	71 memcpy(nonce, ciphertext.data(), kBoxNonceSize);

65 out_storage->resize(plaintext_len);	72 ciphertext.remove_prefix(kBoxNonceSize);

	73

	74 size_t len = ciphertext.size();

	75 out_storage->resize(len);

66 char* data = const_cast<char*>(out_storage->data());	76 char* data = const_cast<char*>(out_storage->data());

67	77

68 // Copy plaintext from ciphertext.	78 scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG));

69 if (plaintext_len != 0) {	79 decrypter->SetKey(key_);

70 memcpy(data, ciphertext.data() + kBoxNonceSize, plaintext_len);	80 if (!decrypter->Decrypt(string(nonce, kBoxNonceSize), StringPiece(),

71 }	81 ciphertext, reinterpret_cast<unsigned char*>(data),

72	82 &len)) {

73 // Compute sha256 for nonce + plaintext.

74 scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create(

75 crypto::SecureHash::SHA256));

76 sha256->Update(ciphertext.data(), ciphertext.size() - crypto::kSHA256Length);

77 char sha256_bytes[crypto::kSHA256Length];

78 sha256->Finish(sha256_bytes, sizeof(sha256_bytes));

79

80 // Verify sha256.

81 if (0 != memcmp(ciphertext.data() + ciphertext.size() - crypto::kSHA256Length,

82 sha256_bytes, crypto::kSHA256Length)) {

83 return false;	83 return false;

84 }	84 }

85	85

86 out->set(data, plaintext_len);	86 out->set(data, len);

87 return true;	87 return true;

88 }	88 }

89	89

90 } // namespace net	90 } // namespace net

OLD	NEW

« no previous file with comments | « no previous file | net/quic/crypto/crypto_server_config_protobuf.h » ('j') | net/quic/crypto/crypto_server_config_protobuf.h » ('J')