Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(282)

Unified Diff: net/quic/crypto/crypto_secret_boxer.cc

Issue 2193073003: Move shared files in net/quic/ into net/quic/core/ (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: io_thread_unittest.cc Created 4 years, 5 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/crypto_secret_boxer.h ('k') | net/quic/crypto/crypto_secret_boxer_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/crypto_secret_boxer.cc
diff --git a/net/quic/crypto/crypto_secret_boxer.cc b/net/quic/crypto/crypto_secret_boxer.cc
deleted file mode 100644
index 347333fb0d8556b8c4ea2a210d3e38a3d9eec881..0000000000000000000000000000000000000000
--- a/net/quic/crypto/crypto_secret_boxer.cc
+++ /dev/null
@@ -1,132 +0,0 @@
-// Copyright (c) 2013 The Chromium Authors. All rights reserved.
-// Use of this source code is governed by a BSD-style license that can be
-// found in the LICENSE file.
-
-#include "net/quic/crypto/crypto_secret_boxer.h"
-
-#include <memory>
-
-#include "base/logging.h"
-#include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
-#include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
-#include "net/quic/crypto/crypto_protocol.h"
-#include "net/quic/crypto/quic_decrypter.h"
-#include "net/quic/crypto/quic_encrypter.h"
-#include "net/quic/crypto/quic_random.h"
-
-using base::StringPiece;
-using std::string;
-using std::vector;
-
-namespace net {
-
-// Defined kKeySize for GetKeySize() and SetKey().
-static const size_t kKeySize = 16;
-
-// kBoxNonceSize contains the number of bytes of nonce that we use in each box.
-// TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
-//
-// From agl@:
-// 96-bit nonces are on the edge. An attacker who can collect 2^41
-// source-address tokens has a 1% chance of finding a duplicate.
-//
-// The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens
-// per second. So one day of that DDoS botnot would reach the 1% mark.
-//
-// It's not terrible, but it's not a "forget about it" margin.
-static const size_t kBoxNonceSize = 12;
-
-CryptoSecretBoxer::CryptoSecretBoxer() {}
-
-CryptoSecretBoxer::~CryptoSecretBoxer() {}
-
-// static
-size_t CryptoSecretBoxer::GetKeySize() {
- return kKeySize;
-}
-
-void CryptoSecretBoxer::SetKeys(const vector<string>& keys) {
- DCHECK(!keys.empty());
- vector<string> copy = keys;
- for (const string& key : keys) {
- DCHECK_EQ(kKeySize, key.size());
- }
- base::AutoLock l(lock_);
- keys_.swap(copy);
-}
-
-string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
- std::unique_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter());
- {
- base::AutoLock l(lock_);
- DCHECK_EQ(kKeySize, keys_[0].size());
- if (!encrypter->SetKey(keys_[0])) {
- DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed.";
- return string();
- }
- }
- size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
-
- string ret;
- const size_t len = kBoxNonceSize + ciphertext_size;
- ret.resize(len);
- char* data = &ret[0];
-
- // Generate nonce.
- rand->RandBytes(data, kBoxNonceSize);
- memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());
-
- if (!encrypter->Encrypt(
- StringPiece(data, kBoxNonceSize), StringPiece(), plaintext,
- reinterpret_cast<unsigned char*>(data + kBoxNonceSize))) {
- DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
- return string();
- }
-
- return ret;
-}
-
-bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
- string* out_storage,
- StringPiece* out) const {
- if (ciphertext.size() < kBoxNonceSize) {
- return false;
- }
-
- StringPiece nonce(ciphertext.data(), kBoxNonceSize);
- ciphertext.remove_prefix(kBoxNonceSize);
- QuicPacketNumber packet_number;
- StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number));
- memcpy(&packet_number, nonce.data() + nonce_prefix.size(),
- sizeof(packet_number));
-
- std::unique_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter());
- char plaintext[kMaxPacketSize];
- size_t plaintext_length = 0;
- bool ok = false;
- {
- base::AutoLock l(lock_);
- for (const string& key : keys_) {
- if (decrypter->SetKey(key)) {
- decrypter->SetNoncePrefix(nonce_prefix);
- if (decrypter->DecryptPacket(
- /*path_id=*/0u, packet_number,
- /*associated data=*/StringPiece(), ciphertext, plaintext,
- &plaintext_length, kMaxPacketSize)) {
- ok = true;
- break;
- }
- }
- }
- }
- if (!ok) {
- return false;
- }
-
- out_storage->resize(plaintext_length);
- out_storage->assign(plaintext, plaintext_length);
- out->set(out_storage->data(), plaintext_length);
- return true;
-}
-
-} // namespace net
« no previous file with comments | « net/quic/crypto/crypto_secret_boxer.h ('k') | net/quic/crypto/crypto_secret_boxer_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698