| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/aead_base_decrypter.h" | 5 #include "net/quic/crypto/aead_base_decrypter.h" |
| 6 | 6 |
| 7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "crypto/scoped_nss_types.h" | 10 #include "crypto/scoped_nss_types.h" |
| 11 | 11 |
| 12 using base::StringPiece; | 12 using base::StringPiece; |
| 13 | 13 |
| 14 namespace net { | 14 namespace net { |
| 15 | 15 |
| 16 AeadBaseDecrypter::AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, | 16 AeadBaseDecrypter::AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, |
| 17 PK11_DecryptFunction pk11_decrypt, | 17 PK11_DecryptFunction pk11_decrypt, |
| 18 size_t key_size, | 18 size_t key_size, |
| 19 size_t auth_tag_size, | 19 size_t auth_tag_size, |
| 20 size_t nonce_prefix_size) | 20 size_t nonce_prefix_size) |
| 21 : aead_mechanism_(aead_mechanism), | 21 : aead_mechanism_(aead_mechanism), |
| 22 pk11_decrypt_(pk11_decrypt), | 22 pk11_decrypt_(pk11_decrypt), |
| 23 key_size_(key_size), | 23 key_size_(key_size), |
| 24 auth_tag_size_(auth_tag_size), | 24 auth_tag_size_(auth_tag_size), |
| 25 nonce_prefix_size_(nonce_prefix_size) { | 25 nonce_prefix_size_(nonce_prefix_size) { |
| 26 DCHECK_LE(key_size_, sizeof(key_)); | 26 DCHECK_LE(key_size_, sizeof(key_)); |
| 27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | 27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); |
| 28 } | 28 } |
| 29 | 29 |
| 30 AeadBaseDecrypter::~AeadBaseDecrypter() {} | 30 AeadBaseDecrypter::~AeadBaseDecrypter() { |
| 31 } |
| 31 | 32 |
| 32 bool AeadBaseDecrypter::SetKey(StringPiece key) { | 33 bool AeadBaseDecrypter::SetKey(StringPiece key) { |
| 33 DCHECK_EQ(key.size(), key_size_); | 34 DCHECK_EQ(key.size(), key_size_); |
| 34 if (key.size() != key_size_) { | 35 if (key.size() != key_size_) { |
| 35 return false; | 36 return false; |
| 36 } | 37 } |
| 37 memcpy(key_, key.data(), key.size()); | 38 memcpy(key_, key.data(), key.size()); |
| 38 return true; | 39 return true; |
| 39 } | 40 } |
| 40 | 41 |
| (...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 93 | 94 |
| 94 AeadParams aead_params = {0}; | 95 AeadParams aead_params = {0}; |
| 95 FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params); | 96 FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params); |
| 96 | 97 |
| 97 SECItem param; | 98 SECItem param; |
| 98 param.type = siBuffer; | 99 param.type = siBuffer; |
| 99 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); | 100 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); |
| 100 param.len = aead_params.len; | 101 param.len = aead_params.len; |
| 101 | 102 |
| 102 unsigned int output_len; | 103 unsigned int output_len; |
| 103 if (pk11_decrypt_(aead_key.get(), aead_mechanism_, ¶m, | 104 if (pk11_decrypt_(aead_key.get(), |
| 104 output, &output_len, ciphertext.length(), | 105 aead_mechanism_, |
| 106 ¶m, |
| 107 output, |
| 108 &output_len, |
| 109 ciphertext.length(), |
| 105 reinterpret_cast<const unsigned char*>(ciphertext.data()), | 110 reinterpret_cast<const unsigned char*>(ciphertext.data()), |
| 106 ciphertext.length()) != SECSuccess) { | 111 ciphertext.length()) != SECSuccess) { |
| 107 return false; | 112 return false; |
| 108 } | 113 } |
| 109 | 114 |
| 110 if (output_len != plaintext_size) { | 115 if (output_len != plaintext_size) { |
| 111 DVLOG(1) << "Wrong output length"; | 116 DVLOG(1) << "Wrong output length"; |
| 112 return false; | 117 return false; |
| 113 } | 118 } |
| 114 *output_length = output_len; | 119 *output_length = output_len; |
| 115 return true; | 120 return true; |
| 116 } | 121 } |
| 117 | 122 |
| 118 QuicData* AeadBaseDecrypter::DecryptPacket( | 123 QuicData* AeadBaseDecrypter::DecryptPacket( |
| 119 QuicPacketSequenceNumber sequence_number, | 124 QuicPacketSequenceNumber sequence_number, |
| 120 StringPiece associated_data, | 125 StringPiece associated_data, |
| 121 StringPiece ciphertext) { | 126 StringPiece ciphertext) { |
| 122 if (ciphertext.length() < auth_tag_size_) { | 127 if (ciphertext.length() < auth_tag_size_) { |
| 123 return NULL; | 128 return NULL; |
| 124 } | 129 } |
| 125 size_t plaintext_size; | 130 size_t plaintext_size; |
| 126 scoped_ptr<char[]> plaintext(new char[ciphertext.length()]); | 131 scoped_ptr<char[]> plaintext(new char[ciphertext.length()]); |
| 127 | 132 |
| 128 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)]; | 133 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)]; |
| 129 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number); | 134 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number); |
| 130 DCHECK_LE(nonce_size, sizeof(nonce)); | 135 DCHECK_LE(nonce_size, sizeof(nonce)); |
| 131 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | 136 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); |
| 132 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number)); | 137 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number)); |
| 133 if (!Decrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), | 138 if (!Decrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), |
| 134 associated_data, ciphertext, | 139 associated_data, |
| 140 ciphertext, |
| 135 reinterpret_cast<uint8*>(plaintext.get()), | 141 reinterpret_cast<uint8*>(plaintext.get()), |
| 136 &plaintext_size)) { | 142 &plaintext_size)) { |
| 137 return NULL; | 143 return NULL; |
| 138 } | 144 } |
| 139 return new QuicData(plaintext.release(), plaintext_size, true); | 145 return new QuicData(plaintext.release(), plaintext_size, true); |
| 140 } | 146 } |
| 141 | 147 |
| 142 StringPiece AeadBaseDecrypter::GetKey() const { | 148 StringPiece AeadBaseDecrypter::GetKey() const { |
| 143 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | 149 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); |
| 144 } | 150 } |
| 145 | 151 |
| 146 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { | 152 StringPiece AeadBaseDecrypter::GetNoncePrefix() const { |
| 147 if (nonce_prefix_size_ == 0) { | 153 if (nonce_prefix_size_ == 0) { |
| 148 return StringPiece(); | 154 return StringPiece(); |
| 149 } | 155 } |
| 150 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | 156 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), |
| 151 nonce_prefix_size_); | 157 nonce_prefix_size_); |
| 152 } | 158 } |
| 153 | 159 |
| 154 } // namespace net | 160 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
