| OLD | NEW |
|---|
| 1 // Copyright 2015 The Chromium Authors. All rights reserved. | 1 // Copyright 2015 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h" | 5 #include "components/gcm_driver/crypto/gcm_message_cryptographer.h" |
| 6 | 6 |
| 7 #include <stddef.h> | 7 #include <stddef.h> |
| 8 #include <stdint.h> | 8 #include <stdint.h> |
| 9 | 9 |
| 10 #include <algorithm> | 10 #include <algorithm> |
| 11 #include <sstream> | 11 #include <sstream> |
| 12 | 12 |
| 13 #include "base/logging.h" | 13 #include "base/logging.h" |
| 14 #include "base/numerics/safe_math.h" | 14 #include "base/numerics/safe_math.h" |
| 15 #include "base/strings/string_util.h" | 15 #include "base/strings/string_util.h" |
| 16 #include "base/sys_byteorder.h" | 16 #include "base/sys_byteorder.h" |
| 17 #include "crypto/hkdf.h" | 17 #include "crypto/hkdf.h" |
| 18 #include "third_party/boringssl/src/include/openssl/aead.h" | 18 #include "third_party/boringssl/src/include/openssl/aead.h" |
| 19 | 19 |
| 20 namespace gcm { | 20 namespace gcm { |
| 21 namespace { | 21 namespace { |
| 22 | 22 |
| 23 // Size, in bytes, of the nonce for a record. This must be at least the size | 23 // Size, in bytes, of the nonce for a record. This must be at least the size |
| 24 // of a uint64_t, which is used to indicate the record sequence number. | 24 // of a uint64_t, which is used to indicate the record sequence number. |
| 25 const uint64_t kNonceSize = 12; | 25 const uint64_t kNonceSize = 12; |
| 26 | 26 |
| 27 // The default record size as defined by draft-thomson-http-encryption. | 27 // The default record size as defined by httpbis-encryption-encoding-06. |
| 28 const size_t kDefaultRecordSize = 4096; | 28 const size_t kDefaultRecordSize = 4096; |
| 29 | 29 |
| 30 // Key size, in bytes, of a valid AEAD_AES_128_GCM key. | 30 // Key size, in bytes, of a valid AEAD_AES_128_GCM key. |
| 31 const size_t kContentEncryptionKeySize = 16; | 31 const size_t kContentEncryptionKeySize = 16; |
| 32 | 32 |
| 33 // The BoringSSL functions used to seal (encrypt) and open (decrypt) a payload | 33 // The BoringSSL functions used to seal (encrypt) and open (decrypt) a payload |
| 34 // follow the same prototype, declared as follows. | 34 // follow the same prototype, declared as follows. |
| 35 using EVP_AEAD_CTX_TransformFunction = | 35 using EVP_AEAD_CTX_TransformFunction = |
| 36 int(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, | 36 int(const EVP_AEAD_CTX *ctx, uint8_t *out, size_t *out_len, |
| 37 size_t max_out_len, const uint8_t *nonce, size_t nonce_len, | 37 size_t max_out_len, const uint8_t *nonce, size_t nonce_len, |
| 38 const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len); | 38 const uint8_t *in, size_t in_len, const uint8_t *ad, size_t ad_len); |
| 39 | 39 |
| 40 // Creates the info parameter for an HKDF value for the given |content_encoding| | 40 // Creates the info parameter for an HKDF value for the given |content_encoding| |
| 41 // in accordance with draft-thomson-http-encryption. | 41 // in accordance with draft-thomson-http-encryption. |
| 42 // | 42 // |
| 43 // cek_info = "Content-Encoding: aesgcm" || 0x00 || context | 43 // cek_info = "Content-Encoding: aesgcm" || 0x00 || context |
| 44 // nonce_info = "Content-Encoding: nonce" || 0x00 || context | 44 // nonce_info = "Content-Encoding: nonce" || 0x00 || context |
| 45 // | 45 // |
| 46 // context = label || 0x00 || | 46 // context = "P-256" || 0x00 || |
| 47 // length(recipient_public) || recipient_public || | 47 // length(recipient_public) || recipient_public || |
| 48 // length(sender_public) || sender_public | 48 // length(sender_public) || sender_public |
| 49 // | 49 // |
| 50 // The length of the public keys must be written as a two octet unsigned integer | 50 // The length of the public keys must be written as a two octet unsigned integer |
| 51 // in network byte order (big endian). | 51 // in network byte order (big endian). |
| 52 std::string InfoForContentEncoding( | 52 std::string InfoForContentEncoding( |
| 53 const char* content_encoding, | 53 const char* content_encoding, |
| 54 GCMMessageCryptographer::Label label, | |
| 55 const base::StringPiece& recipient_public_key, | 54 const base::StringPiece& recipient_public_key, |
| 56 const base::StringPiece& sender_public_key) { | 55 const base::StringPiece& sender_public_key) { |
| 57 DCHECK(GCMMessageCryptographer::Label::P256 == label); | |
| 58 DCHECK_EQ(recipient_public_key.size(), 65u); | 56 DCHECK_EQ(recipient_public_key.size(), 65u); |
| 59 DCHECK_EQ(sender_public_key.size(), 65u); | 57 DCHECK_EQ(sender_public_key.size(), 65u); |
| 60 | 58 |
| 61 std::stringstream info_stream; | 59 std::stringstream info_stream; |
| 62 info_stream << "Content-Encoding: " << content_encoding << '\x00'; | 60 info_stream << "Content-Encoding: " << content_encoding << '\x00'; |
| 63 | 61 info_stream << "P-256" << '\x00'; |
| 64 switch (label) { | |
| 65 case GCMMessageCryptographer::Label::P256: | |
| 66 info_stream << "P-256" << '\x00'; | |
| 67 break; | |
| 68 } | |
| 69 | 62 |
| 70 uint16_t local_len = | 63 uint16_t local_len = |
| 71 base::HostToNet16(static_cast<uint16_t>(recipient_public_key.size())); | 64 base::HostToNet16(static_cast<uint16_t>(recipient_public_key.size())); |
| 72 info_stream.write(reinterpret_cast<char*>(&local_len), sizeof(local_len)); | 65 info_stream.write(reinterpret_cast<char*>(&local_len), sizeof(local_len)); |
| 73 info_stream << recipient_public_key; | 66 info_stream << recipient_public_key; |
| 74 | 67 |
| 75 uint16_t peer_len = | 68 uint16_t peer_len = |
| 76 base::HostToNet16(static_cast<uint16_t>(sender_public_key.size())); | 69 base::HostToNet16(static_cast<uint16_t>(sender_public_key.size())); |
| 77 info_stream.write(reinterpret_cast<char*>(&peer_len), sizeof(peer_len)); | 70 info_stream.write(reinterpret_cast<char*>(&peer_len), sizeof(peer_len)); |
| 78 info_stream << sender_public_key; | 71 info_stream << sender_public_key; |
| 79 | 72 |
| 80 return info_stream.str(); | 73 return info_stream.str(); |
| 81 } | 74 } |
| 82 | 75 |
| 83 } // namespace | 76 } // namespace |
| 84 | 77 |
| 85 const size_t GCMMessageCryptographer::kAuthenticationTagBytes = 16; | 78 const size_t GCMMessageCryptographer::kAuthenticationTagBytes = 16; |
| 86 const size_t GCMMessageCryptographer::kSaltSize = 16; | 79 const size_t GCMMessageCryptographer::kSaltSize = 16; |
| 87 | 80 |
| 88 GCMMessageCryptographer::GCMMessageCryptographer( | 81 GCMMessageCryptographer::GCMMessageCryptographer( |
| 89 Label label, | |
| 90 const base::StringPiece& recipient_public_key, | 82 const base::StringPiece& recipient_public_key, |
| 91 const base::StringPiece& sender_public_key, | 83 const base::StringPiece& sender_public_key, |
| 92 const std::string& auth_secret) | 84 const std::string& auth_secret) |
| 93 : content_encryption_key_info_( | 85 : content_encryption_key_info_( |
| 94 InfoForContentEncoding("aesgcm", label, recipient_public_key, | 86 InfoForContentEncoding("aesgcm", recipient_public_key, |
| 95 sender_public_key)), | 87 sender_public_key)), |
| 96 nonce_info_( | 88 nonce_info_( |
| 97 InfoForContentEncoding("nonce", label, recipient_public_key, | 89 InfoForContentEncoding("nonce", recipient_public_key, |
| 98 sender_public_key)), | 90 sender_public_key)), |
| 99 auth_secret_(auth_secret) { | 91 auth_secret_(auth_secret) { |
| 100 } | 92 } |
| 101 | 93 |
| 102 GCMMessageCryptographer::~GCMMessageCryptographer() {} | 94 GCMMessageCryptographer::~GCMMessageCryptographer() {} |
| 103 | 95 |
| 104 bool GCMMessageCryptographer::Encrypt(const base::StringPiece& plaintext, | 96 bool GCMMessageCryptographer::Encrypt(const base::StringPiece& plaintext, |
| 105 const base::StringPiece& ikm, | 97 const base::StringPiece& ikm, |
| 106 const base::StringPiece& salt, | 98 const base::StringPiece& salt, |
| 107 size_t* record_size, | 99 size_t* record_size, |
| (...skipping 190 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 298 0 /* subkey_secret_bytes_to_generate */); | 290 0 /* subkey_secret_bytes_to_generate */); |
| 299 | 291 |
| 300 // draft-thomson-http-encryption defines that the result should be XOR'ed with | 292 // draft-thomson-http-encryption defines that the result should be XOR'ed with |
| 301 // the record's sequence number, however, Web Push encryption is limited to a | 293 // the record's sequence number, however, Web Push encryption is limited to a |
| 302 // single record per draft-ietf-webpush-encryption. | 294 // single record per draft-ietf-webpush-encryption. |
| 303 | 295 |
| 304 return hkdf.client_write_key().as_string(); | 296 return hkdf.client_write_key().as_string(); |
| 305 } | 297 } |
| 306 | 298 |
| 307 } // namespace gcm | 299 } // namespace gcm |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2621103002:
Remove GCMMessageCryptographer::Label (Closed)
