| OLD | NEW |
|---|
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/crypto_secret_boxer.h" | 5 #include "net/quic/crypto/crypto_secret_boxer.h" |
| 6 | 6 |
| 7 #include "base/logging.h" | 7 #include "base/logging.h" |
| 8 #include "base/memory/scoped_ptr.h" | 8 #include "base/memory/scoped_ptr.h" |
| 9 #include "net/quic/crypto/crypto_protocol.h" | 9 #include "net/quic/crypto/crypto_protocol.h" |
| 10 #include "net/quic/crypto/quic_decrypter.h" | 10 #include "net/quic/crypto/quic_decrypter.h" |
| (...skipping 15 matching lines...) Expand all Loading... |
| 26 // 96-bit nonces are on the edge. An attacker who can collect 2^41 | 26 // 96-bit nonces are on the edge. An attacker who can collect 2^41 |
| 27 // source-address tokens has a 1% chance of finding a duplicate. | 27 // source-address tokens has a 1% chance of finding a duplicate. |
| 28 // | 28 // |
| 29 // The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens | 29 // The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens |
| 30 // per second. So one day of that DDoS botnot would reach the 1% mark. | 30 // per second. So one day of that DDoS botnot would reach the 1% mark. |
| 31 // | 31 // |
| 32 // It's not terrible, but it's not a "forget about it" margin. | 32 // It's not terrible, but it's not a "forget about it" margin. |
| 33 static const size_t kBoxNonceSize = 12; | 33 static const size_t kBoxNonceSize = 12; |
| 34 | 34 |
| 35 // static | 35 // static |
| 36 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; } | 36 size_t CryptoSecretBoxer::GetKeySize() { |
| 37 return kKeySize; |
| 38 } |
| 37 | 39 |
| 38 void CryptoSecretBoxer::SetKey(StringPiece key) { | 40 void CryptoSecretBoxer::SetKey(StringPiece key) { |
| 39 DCHECK_EQ(kKeySize, key.size()); | 41 DCHECK_EQ(kKeySize, key.size()); |
| 40 key_ = key.as_string(); | 42 key_ = key.as_string(); |
| 41 } | 43 } |
| 42 | 44 |
| 43 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { | 45 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { |
| 44 scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG)); | 46 scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG)); |
| 45 if (!encrypter->SetKey(key_)) { | 47 if (!encrypter->SetKey(key_)) { |
| 46 DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed."; | 48 DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed."; |
| 47 return string(); | 49 return string(); |
| 48 } | 50 } |
| 49 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); | 51 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); |
| 50 | 52 |
| 51 string ret; | 53 string ret; |
| 52 const size_t len = kBoxNonceSize + ciphertext_size; | 54 const size_t len = kBoxNonceSize + ciphertext_size; |
| 53 ret.resize(len); | 55 ret.resize(len); |
| 54 char* data = &ret[0]; | 56 char* data = &ret[0]; |
| 55 | 57 |
| 56 // Generate nonce. | 58 // Generate nonce. |
| 57 rand->RandBytes(data, kBoxNonceSize); | 59 rand->RandBytes(data, kBoxNonceSize); |
| 58 memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size()); | 60 memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size()); |
| 59 | 61 |
| 60 if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(), | 62 if (!encrypter->Encrypt( |
| 61 plaintext, reinterpret_cast<unsigned char*>( | 63 StringPiece(data, kBoxNonceSize), |
| 62 data + kBoxNonceSize))) { | 64 StringPiece(), |
| 65 plaintext, |
| 66 reinterpret_cast<unsigned char*>(data + kBoxNonceSize))) { |
| 63 DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed."; | 67 DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed."; |
| 64 return string(); | 68 return string(); |
| 65 } | 69 } |
| 66 | 70 |
| 67 return ret; | 71 return ret; |
| 68 } | 72 } |
| 69 | 73 |
| 70 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext, | 74 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext, |
| 71 string* out_storage, | 75 string* out_storage, |
| 72 StringPiece* out) const { | 76 StringPiece* out) const { |
| 73 if (ciphertext.size() < kBoxNonceSize) { | 77 if (ciphertext.size() < kBoxNonceSize) { |
| 74 return false; | 78 return false; |
| 75 } | 79 } |
| 76 | 80 |
| 77 char nonce[kBoxNonceSize]; | 81 char nonce[kBoxNonceSize]; |
| 78 memcpy(nonce, ciphertext.data(), kBoxNonceSize); | 82 memcpy(nonce, ciphertext.data(), kBoxNonceSize); |
| 79 ciphertext.remove_prefix(kBoxNonceSize); | 83 ciphertext.remove_prefix(kBoxNonceSize); |
| 80 | 84 |
| 81 size_t len = ciphertext.size(); | 85 size_t len = ciphertext.size(); |
| 82 out_storage->resize(len); | 86 out_storage->resize(len); |
| 83 char* data = const_cast<char*>(out_storage->data()); | 87 char* data = const_cast<char*>(out_storage->data()); |
| 84 | 88 |
| 85 scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG)); | 89 scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG)); |
| 86 if (!decrypter->SetKey(key_)) { | 90 if (!decrypter->SetKey(key_)) { |
| 87 DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed."; | 91 DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed."; |
| 88 return false; | 92 return false; |
| 89 } | 93 } |
| 90 if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), StringPiece(), | 94 if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), |
| 91 ciphertext, reinterpret_cast<unsigned char*>(data), | 95 StringPiece(), |
| 96 ciphertext, |
| 97 reinterpret_cast<unsigned char*>(data), |
| 92 &len)) { | 98 &len)) { |
| 93 return false; | 99 return false; |
| 94 } | 100 } |
| 95 | 101 |
| 96 out->set(data, len); | 102 out->set(data, len); |
| 97 return true; | 103 return true; |
| 98 } | 104 } |
| 99 | 105 |
| 100 } // namespace net | 106 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
