| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/aead_base_encrypter.h" | 5 #include "net/quic/crypto/aead_base_encrypter.h" |
| 6 | 6 |
| 7 #include <pk11pub.h> | 7 #include <pk11pub.h> |
| 8 | 8 |
| 9 #include "base/memory/scoped_ptr.h" | 9 #include "base/memory/scoped_ptr.h" |
| 10 #include "crypto/scoped_nss_types.h" | 10 #include "crypto/scoped_nss_types.h" |
| 11 | 11 |
| 12 using base::StringPiece; | 12 using base::StringPiece; |
| 13 | 13 |
| 14 namespace net { | 14 namespace net { |
| 15 | 15 |
| 16 AeadBaseEncrypter::AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism, | 16 AeadBaseEncrypter::AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism, |
| 17 PK11_EncryptFunction pk11_encrypt, | 17 PK11_EncryptFunction pk11_encrypt, |
| 18 size_t key_size, | 18 size_t key_size, |
| 19 size_t auth_tag_size, | 19 size_t auth_tag_size, |
| 20 size_t nonce_prefix_size) | 20 size_t nonce_prefix_size) |
| 21 : aead_mechanism_(aead_mechanism), | 21 : aead_mechanism_(aead_mechanism), |
| 22 pk11_encrypt_(pk11_encrypt), | 22 pk11_encrypt_(pk11_encrypt), |
| 23 key_size_(key_size), | 23 key_size_(key_size), |
| 24 auth_tag_size_(auth_tag_size), | 24 auth_tag_size_(auth_tag_size), |
| 25 nonce_prefix_size_(nonce_prefix_size) { | 25 nonce_prefix_size_(nonce_prefix_size) { |
| 26 DCHECK_LE(key_size_, sizeof(key_)); | 26 DCHECK_LE(key_size_, sizeof(key_)); |
| 27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); | 27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); |
| 28 } | 28 } |
| 29 | 29 |
| 30 AeadBaseEncrypter::~AeadBaseEncrypter() {} | 30 AeadBaseEncrypter::~AeadBaseEncrypter() { |
| 31 } |
| 31 | 32 |
| 32 bool AeadBaseEncrypter::SetKey(StringPiece key) { | 33 bool AeadBaseEncrypter::SetKey(StringPiece key) { |
| 33 DCHECK_EQ(key.size(), key_size_); | 34 DCHECK_EQ(key.size(), key_size_); |
| 34 if (key.size() != key_size_) { | 35 if (key.size() != key_size_) { |
| 35 return false; | 36 return false; |
| 36 } | 37 } |
| 37 memcpy(key_, key.data(), key.size()); | 38 memcpy(key_, key.data(), key.size()); |
| 38 return true; | 39 return true; |
| 39 } | 40 } |
| 40 | 41 |
| (...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 87 | 88 |
| 88 AeadParams aead_params = {0}; | 89 AeadParams aead_params = {0}; |
| 89 FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params); | 90 FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params); |
| 90 | 91 |
| 91 SECItem param; | 92 SECItem param; |
| 92 param.type = siBuffer; | 93 param.type = siBuffer; |
| 93 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); | 94 param.data = reinterpret_cast<unsigned char*>(&aead_params.data); |
| 94 param.len = aead_params.len; | 95 param.len = aead_params.len; |
| 95 | 96 |
| 96 unsigned int output_len; | 97 unsigned int output_len; |
| 97 if (pk11_encrypt_(aead_key.get(), aead_mechanism_, ¶m, | 98 if (pk11_encrypt_(aead_key.get(), |
| 98 output, &output_len, ciphertext_size, | 99 aead_mechanism_, |
| 100 ¶m, |
| 101 output, |
| 102 &output_len, |
| 103 ciphertext_size, |
| 99 reinterpret_cast<const unsigned char*>(plaintext.data()), | 104 reinterpret_cast<const unsigned char*>(plaintext.data()), |
| 100 plaintext.size()) != SECSuccess) { | 105 plaintext.size()) != SECSuccess) { |
| 101 DVLOG(1) << "pk11_encrypt_ failed"; | 106 DVLOG(1) << "pk11_encrypt_ failed"; |
| 102 return false; | 107 return false; |
| 103 } | 108 } |
| 104 | 109 |
| 105 if (output_len != ciphertext_size) { | 110 if (output_len != ciphertext_size) { |
| 106 DVLOG(1) << "Wrong output length"; | 111 DVLOG(1) << "Wrong output length"; |
| 107 return false; | 112 return false; |
| 108 } | 113 } |
| 109 | 114 |
| 110 return true; | 115 return true; |
| 111 } | 116 } |
| 112 | 117 |
| 113 QuicData* AeadBaseEncrypter::EncryptPacket( | 118 QuicData* AeadBaseEncrypter::EncryptPacket( |
| 114 QuicPacketSequenceNumber sequence_number, | 119 QuicPacketSequenceNumber sequence_number, |
| 115 StringPiece associated_data, | 120 StringPiece associated_data, |
| 116 StringPiece plaintext) { | 121 StringPiece plaintext) { |
| 117 size_t ciphertext_size = GetCiphertextSize(plaintext.length()); | 122 size_t ciphertext_size = GetCiphertextSize(plaintext.length()); |
| 118 scoped_ptr<char[]> ciphertext(new char[ciphertext_size]); | 123 scoped_ptr<char[]> ciphertext(new char[ciphertext_size]); |
| 119 | 124 |
| 120 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the | 125 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the |
| 121 // same sequence number twice. | 126 // same sequence number twice. |
| 122 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)]; | 127 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)]; |
| 123 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number); | 128 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number); |
| 124 DCHECK_LE(nonce_size, sizeof(nonce)); | 129 DCHECK_LE(nonce_size, sizeof(nonce)); |
| 125 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); | 130 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); |
| 126 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number)); | 131 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number)); |
| 127 if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), | 132 if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), |
| 128 associated_data, plaintext, | 133 associated_data, |
| 134 plaintext, |
| 129 reinterpret_cast<unsigned char*>(ciphertext.get()))) { | 135 reinterpret_cast<unsigned char*>(ciphertext.get()))) { |
| 130 return NULL; | 136 return NULL; |
| 131 } | 137 } |
| 132 | 138 |
| 133 return new QuicData(ciphertext.release(), ciphertext_size, true); | 139 return new QuicData(ciphertext.release(), ciphertext_size, true); |
| 134 } | 140 } |
| 135 | 141 |
| 136 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; } | 142 size_t AeadBaseEncrypter::GetKeySize() const { |
| 143 return key_size_; |
| 144 } |
| 137 | 145 |
| 138 size_t AeadBaseEncrypter::GetNoncePrefixSize() const { | 146 size_t AeadBaseEncrypter::GetNoncePrefixSize() const { |
| 139 return nonce_prefix_size_; | 147 return nonce_prefix_size_; |
| 140 } | 148 } |
| 141 | 149 |
| 142 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const { | 150 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const { |
| 143 return ciphertext_size - auth_tag_size_; | 151 return ciphertext_size - auth_tag_size_; |
| 144 } | 152 } |
| 145 | 153 |
| 146 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const { | 154 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const { |
| 147 return plaintext_size + auth_tag_size_; | 155 return plaintext_size + auth_tag_size_; |
| 148 } | 156 } |
| 149 | 157 |
| 150 StringPiece AeadBaseEncrypter::GetKey() const { | 158 StringPiece AeadBaseEncrypter::GetKey() const { |
| 151 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); | 159 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); |
| 152 } | 160 } |
| 153 | 161 |
| 154 StringPiece AeadBaseEncrypter::GetNoncePrefix() const { | 162 StringPiece AeadBaseEncrypter::GetNoncePrefix() const { |
| 155 if (nonce_prefix_size_ == 0) { | 163 if (nonce_prefix_size_ == 0) { |
| 156 return StringPiece(); | 164 return StringPiece(); |
| 157 } | 165 } |
| 158 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), | 166 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), |
| 159 nonce_prefix_size_); | 167 nonce_prefix_size_); |
| 160 } | 168 } |
| 161 | 169 |
| 162 } // namespace net | 170 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
