| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #include <openssl/err.h> | |
| 6 #include <openssl/evp.h> | |
| 7 #include <string.h> | |
| 8 | |
| 9 #include <memory> | |
| 10 | |
| 11 #include "net/quic/crypto/aead_base_encrypter.h" | |
| 12 #include "net/quic/quic_flags.h" | |
| 13 #include "net/quic/quic_utils.h" | |
| 14 | |
| 15 using base::StringPiece; | |
| 16 | |
| 17 namespace net { | |
| 18 | |
| 19 namespace { | |
| 20 | |
| 21 // The maximum size in bytes of the nonce, including 8 bytes of sequence number. | |
| 22 // ChaCha20 uses only the 8 byte sequence number and AES-GCM uses 12 bytes. | |
| 23 const size_t kMaxNonceSize = 12; | |
| 24 | |
| 25 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error | |
| 26 // stack. | |
| 27 void DLogOpenSslErrors() { | |
| 28 #ifdef NDEBUG | |
| 29 while (ERR_get_error()) { | |
| 30 } | |
| 31 #else | |
| 32 while (unsigned long error = ERR_get_error()) { | |
| 33 char buf[120]; | |
| 34 ERR_error_string_n(error, buf, arraysize(buf)); | |
| 35 DLOG(ERROR) << "OpenSSL error: " << buf; | |
| 36 } | |
| 37 #endif | |
| 38 } | |
| 39 | |
| 40 } // namespace | |
| 41 | |
| 42 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg, | |
| 43 size_t key_size, | |
| 44 size_t auth_tag_size, | |
| 45 size_t nonce_prefix_size) | |
| 46 : aead_alg_(aead_alg), | |
| 47 key_size_(key_size), | |
| 48 auth_tag_size_(auth_tag_size), | |
| 49 nonce_prefix_size_(nonce_prefix_size) { | |
| 50 DCHECK_LE(key_size_, sizeof(key_)); | |
| 51 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | |
| 52 DCHECK_GE(kMaxNonceSize, nonce_prefix_size_); | |
| 53 } | |
| 54 | |
| 55 AeadBaseEncrypter::~AeadBaseEncrypter() {} | |
| 56 | |
| 57 bool AeadBaseEncrypter::SetKey(StringPiece key) { | |
| 58 DCHECK_EQ(key.size(), key_size_); | |
| 59 if (key.size() != key_size_) { | |
| 60 return false; | |
| 61 } | |
| 62 memcpy(key_, key.data(), key.size()); | |
| 63 | |
| 64 EVP_AEAD_CTX_cleanup(ctx_.get()); | |
| 65 | |
| 66 if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_, auth_tag_size_, | |
| 67 nullptr)) { | |
| 68 DLogOpenSslErrors(); | |
| 69 return false; | |
| 70 } | |
| 71 | |
| 72 return true; | |
| 73 } | |
| 74 | |
| 75 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) { | |
| 76 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); | |
| 77 if (nonce_prefix.size() != nonce_prefix_size_) { | |
| 78 return false; | |
| 79 } | |
| 80 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); | |
| 81 return true; | |
| 82 } | |
| 83 | |
| 84 bool AeadBaseEncrypter::Encrypt(StringPiece nonce, | |
| 85 StringPiece associated_data, | |
| 86 StringPiece plaintext, | |
| 87 unsigned char* output) { | |
| 88 if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketNumber)) { | |
| 89 return false; | |
| 90 } | |
| 91 | |
| 92 size_t ciphertext_len; | |
| 93 if (!EVP_AEAD_CTX_seal( | |
| 94 ctx_.get(), output, &ciphertext_len, | |
| 95 plaintext.size() + auth_tag_size_, | |
| 96 reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(), | |
| 97 reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size(), | |
| 98 reinterpret_cast<const uint8_t*>(associated_data.data()), | |
| 99 associated_data.size())) { | |
| 100 DLogOpenSslErrors(); | |
| 101 return false; | |
| 102 } | |
| 103 | |
| 104 return true; | |
| 105 } | |
| 106 | |
| 107 bool AeadBaseEncrypter::EncryptPacket(QuicPathId path_id, | |
| 108 QuicPacketNumber packet_number, | |
| 109 StringPiece associated_data, | |
| 110 StringPiece plaintext, | |
| 111 char* output, | |
| 112 size_t* output_length, | |
| 113 size_t max_output_length) { | |
| 114 size_t ciphertext_size = GetCiphertextSize(plaintext.length()); | |
| 115 if (max_output_length < ciphertext_size) { | |
| 116 return false; | |
| 117 } | |
| 118 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the | |
| 119 // same packet number twice. | |
| 120 const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); | |
| 121 ALIGNAS(4) char nonce_buffer[kMaxNonceSize]; | |
| 122 memcpy(nonce_buffer, nonce_prefix_, nonce_prefix_size_); | |
| 123 uint64_t path_id_packet_number = | |
| 124 QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); | |
| 125 memcpy(nonce_buffer + nonce_prefix_size_, &path_id_packet_number, | |
| 126 sizeof(path_id_packet_number)); | |
| 127 | |
| 128 if (!Encrypt(StringPiece(nonce_buffer, nonce_size), associated_data, | |
| 129 plaintext, reinterpret_cast<unsigned char*>(output))) { | |
| 130 return false; | |
| 131 } | |
| 132 *output_length = ciphertext_size; | |
| 133 return true; | |
| 134 } | |
| 135 | |
| 136 size_t AeadBaseEncrypter::GetKeySize() const { | |
| 137 return key_size_; | |
| 138 } | |
| 139 | |
| 140 size_t AeadBaseEncrypter::GetNoncePrefixSize() const { | |
| 141 return nonce_prefix_size_; | |
| 142 } | |
| 143 | |
| 144 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const { | |
| 145 return ciphertext_size - auth_tag_size_; | |
| 146 } | |
| 147 | |
| 148 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const { | |
| 149 return plaintext_size + auth_tag_size_; | |
| 150 } | |
| 151 | |
| 152 StringPiece AeadBaseEncrypter::GetKey() const { | |
| 153 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | |
| 154 } | |
| 155 | |
| 156 StringPiece AeadBaseEncrypter::GetNoncePrefix() const { | |
| 157 if (nonce_prefix_size_ == 0) { | |
| 158 return StringPiece(); | |
| 159 } | |
| 160 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | |
| 161 nonce_prefix_size_); | |
| 162 } | |
| 163 | |
| 164 } // namespace net | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2193073003:
Move shared files in net/quic/ into net/quic/core/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master