| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/err.h> | |
| 6 #include <openssl/evp.h> | |
| 7 | |
| 8 #include <memory> | |
| 9 | |
| 10 #include "net/quic/crypto/aead_base_decrypter.h" | |
| 11 #include "net/quic/quic_bug_tracker.h" | |
| 12 #include "net/quic/quic_flags.h" | |
| 13 #include "net/quic/quic_utils.h" | |
| 14 | |
| 15 using base::StringPiece; | |
| 16 using std::string; | |
| 17 | |
| 18 namespace net { | |
| 19 | |
| 20 namespace { | |
| 21 | |
| 22 // Clear OpenSSL error stack. | |
| 23 void ClearOpenSslErrors() { | |
| 24 while (ERR_get_error()) { | |
| 25 } | |
| 26 } | |
| 27 | |
| 28 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error | |
| 29 // stack. | |
| 30 void DLogOpenSslErrors() { | |
| 31 #ifdef NDEBUG | |
| 32 ClearOpenSslErrors(); | |
| 33 #else | |
| 34 while (uint32_t error = ERR_get_error()) { | |
| 35 char buf[120]; | |
| 36 ERR_error_string_n(error, buf, arraysize(buf)); | |
| 37 DLOG(ERROR) << "OpenSSL error: " << buf; | |
| 38 } | |
| 39 #endif | |
| 40 } | |
| 41 | |
| 42 } // namespace | |
| 43 | |
| 44 AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, | |
| 45 size_t key_size, | |
| 46 size_t auth_tag_size, | |
| 47 size_t nonce_prefix_size) | |
| 48 : aead_alg_(aead_alg), | |
| 49 key_size_(key_size), | |
| 50 auth_tag_size_(auth_tag_size), | |
| 51 nonce_prefix_size_(nonce_prefix_size), | |
| 52 have_preliminary_key_(false) { | |
| 53 DCHECK_GT(256u, key_size); | |
| 54 DCHECK_GT(256u, auth_tag_size); | |
| 55 DCHECK_GT(256u, nonce_prefix_size); | |
| 56 DCHECK_LE(key_size_, sizeof(key_)); | |
| 57 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | |
| 58 } | |
| 59 | |
| 60 AeadBaseDecrypter::~AeadBaseDecrypter() {} | |
| 61 | |
| 62 bool AeadBaseDecrypter::SetKey(StringPiece key) { | |
| 63 DCHECK_EQ(key.size(), key_size_); | |
| 64 if (key.size() != key_size_) { | |
| 65 return false; | |
| 66 } | |
| 67 memcpy(key_, key.data(), key.size()); | |
| 68 | |
| 69 EVP_AEAD_CTX_cleanup(ctx_.get()); | |
| 70 if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_, auth_tag_size_, | |
| 71 nullptr)) { | |
| 72 DLogOpenSslErrors(); | |
| 73 return false; | |
| 74 } | |
| 75 | |
| 76 return true; | |
| 77 } | |
| 78 | |
| 79 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { | |
| 80 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); | |
| 81 if (nonce_prefix.size() != nonce_prefix_size_) { | |
| 82 return false; | |
| 83 } | |
| 84 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); | |
| 85 return true; | |
| 86 } | |
| 87 | |
| 88 bool AeadBaseDecrypter::SetPreliminaryKey(StringPiece key) { | |
| 89 DCHECK(!have_preliminary_key_); | |
| 90 SetKey(key); | |
| 91 have_preliminary_key_ = true; | |
| 92 | |
| 93 return true; | |
| 94 } | |
| 95 | |
| 96 bool AeadBaseDecrypter::SetDiversificationNonce(DiversificationNonce nonce) { | |
| 97 if (!have_preliminary_key_) { | |
| 98 return true; | |
| 99 } | |
| 100 | |
| 101 string key, nonce_prefix; | |
| 102 DiversifyPreliminaryKey( | |
| 103 StringPiece(reinterpret_cast<const char*>(key_), key_size_), | |
| 104 StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | |
| 105 nonce_prefix_size_), | |
| 106 nonce, key_size_, nonce_prefix_size_, &key, &nonce_prefix); | |
| 107 | |
| 108 if (!SetKey(key) || !SetNoncePrefix(nonce_prefix)) { | |
| 109 DCHECK(false); | |
| 110 return false; | |
| 111 } | |
| 112 | |
| 113 have_preliminary_key_ = false; | |
| 114 return true; | |
| 115 } | |
| 116 | |
| 117 bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, | |
| 118 QuicPacketNumber packet_number, | |
| 119 StringPiece associated_data, | |
| 120 StringPiece ciphertext, | |
| 121 char* output, | |
| 122 size_t* output_length, | |
| 123 size_t max_output_length) { | |
| 124 if (ciphertext.length() < auth_tag_size_) { | |
| 125 return false; | |
| 126 } | |
| 127 | |
| 128 if (have_preliminary_key_) { | |
| 129 QUIC_BUG << "Unable to decrypt while key diversification is pending"; | |
| 130 return false; | |
| 131 } | |
| 132 | |
| 133 uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; | |
| 134 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); | |
| 135 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | |
| 136 uint64_t path_id_packet_number = | |
| 137 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); | |
| 138 memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, | |
| 139 sizeof(path_id_packet_number)); | |
| 140 if (!EVP_AEAD_CTX_open( | |
| 141 ctx_.get(), reinterpret_cast<uint8_t*>(output), output_length, | |
| 142 max_output_length, reinterpret_cast<const uint8_t*>(nonce), | |
| 143 nonce_size, reinterpret_cast<const uint8_t*>(ciphertext.data()), | |
| 144 ciphertext.size(), | |
| 145 reinterpret_cast<const uint8_t*>(associated_data.data()), | |
| 146 associated_data.size())) { | |
| 147 // Because QuicFramer does trial decryption, decryption errors are expected | |
| 148 // when encryption level changes. So we don't log decryption errors. | |
| 149 ClearOpenSslErrors(); | |
| 150 return false; | |
| 151 } | |
| 152 return true; | |
| 153 } | |
| 154 | |
| 155 StringPiece AeadBaseDecrypter::GetKey() const { | |
| 156 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | |
| 157 } | |
| 158 | |
| 159 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { | |
| 160 if (nonce_prefix_size_ == 0) { | |
| 161 return StringPiece(); | |
| 162 } | |
| 163 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | |
| 164 nonce_prefix_size_); | |
| 165 } | |
| 166 | |
| 167 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2193073003:
Move shared files in net/quic/ into net/quic/core/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master