Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(105)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc

Issue 612323013: QUIC - (no behavior change) s/NULL/nullptr/g in .../quic/... (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 6 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/aead_base_encrypter_openssl.cc ('k') | net/quic/crypto/aes_128_gcm_12_decrypter_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" 5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
6 6
7 #include <pk11pub.h> 7 #include <pk11pub.h>
8 #include <secerr.h> 8 #include <secerr.h>
9 9
10 #include "base/lazy_instance.h" 10 #include "base/lazy_instance.h"
(...skipping 41 matching lines...) Expand 10 before | Expand all | Expand 10 after
52 pk11_decrypt_func_ = (PK11_DecryptFunction)dlsym(RTLD_DEFAULT, 52 pk11_decrypt_func_ = (PK11_DecryptFunction)dlsym(RTLD_DEFAULT,
53 "PK11_Decrypt"); 53 "PK11_Decrypt");
54 #endif 54 #endif
55 } 55 }
56 56
57 // |pk11_decrypt_func_| stores the runtime symbol resolution of PK11_Decrypt. 57 // |pk11_decrypt_func_| stores the runtime symbol resolution of PK11_Decrypt.
58 static PK11_DecryptFunction pk11_decrypt_func_; 58 static PK11_DecryptFunction pk11_decrypt_func_;
59 }; 59 };
60 60
61 // static 61 // static
62 PK11_DecryptFunction GcmSupportChecker::pk11_decrypt_func_ = NULL; 62 PK11_DecryptFunction GcmSupportChecker::pk11_decrypt_func_ = nullptr;
63 63
64 base::LazyInstance<GcmSupportChecker>::Leaky g_gcm_support_checker = 64 base::LazyInstance<GcmSupportChecker>::Leaky g_gcm_support_checker =
65 LAZY_INSTANCE_INITIALIZER; 65 LAZY_INSTANCE_INITIALIZER;
66 66
67 // Calls PK11_Decrypt if it's available. Otherwise, emulates CKM_AES_GCM using 67 // Calls PK11_Decrypt if it's available. Otherwise, emulates CKM_AES_GCM using
68 // CKM_AES_CTR and the GaloisHash class. 68 // CKM_AES_CTR and the GaloisHash class.
69 SECStatus My_Decrypt(PK11SymKey* key, 69 SECStatus My_Decrypt(PK11SymKey* key,
70 CK_MECHANISM_TYPE mechanism, 70 CK_MECHANISM_TYPE mechanism,
71 SECItem* param, 71 SECItem* param,
72 unsigned char* out, 72 unsigned char* out,
73 unsigned int* out_len, 73 unsigned int* out_len,
74 unsigned int max_len, 74 unsigned int max_len,
75 const unsigned char* enc, 75 const unsigned char* enc,
76 unsigned int enc_len) { 76 unsigned int enc_len) {
77 // If PK11_Decrypt() was successfully resolved or if bundled version of NSS is 77 // If PK11_Decrypt() was successfully resolved or if bundled version of NSS is
78 // being used, then NSS will support AES-GCM directly. 78 // being used, then NSS will support AES-GCM directly.
79 PK11_DecryptFunction pk11_decrypt_func = 79 PK11_DecryptFunction pk11_decrypt_func =
80 GcmSupportChecker::pk11_decrypt_func(); 80 GcmSupportChecker::pk11_decrypt_func();
81 if (pk11_decrypt_func != NULL) { 81 if (pk11_decrypt_func != nullptr) {
82 return pk11_decrypt_func(key, mechanism, param, out, out_len, max_len, enc, 82 return pk11_decrypt_func(key, mechanism, param, out, out_len, max_len, enc,
83 enc_len); 83 enc_len);
84 } 84 }
85 85
86 // Otherwise, the user has an older version of NSS. Regrettably, NSS 3.14.x 86 // Otherwise, the user has an older version of NSS. Regrettably, NSS 3.14.x
87 // has a bug in the AES GCM code 87 // has a bug in the AES GCM code
88 // (https://bugzilla.mozilla.org/show_bug.cgi?id=853285), as well as missing 88 // (https://bugzilla.mozilla.org/show_bug.cgi?id=853285), as well as missing
89 // the PK11_Decrypt function 89 // the PK11_Decrypt function
90 // (https://bugzilla.mozilla.org/show_bug.cgi?id=854063), both of which are 90 // (https://bugzilla.mozilla.org/show_bug.cgi?id=854063), both of which are
91 // resolved in NSS 3.15. 91 // resolved in NSS 3.15.
92 92
93 DCHECK_EQ(mechanism, static_cast<CK_MECHANISM_TYPE>(CKM_AES_GCM)); 93 DCHECK_EQ(mechanism, static_cast<CK_MECHANISM_TYPE>(CKM_AES_GCM));
94 DCHECK_EQ(param->len, sizeof(CK_GCM_PARAMS)); 94 DCHECK_EQ(param->len, sizeof(CK_GCM_PARAMS));
95 95
96 const CK_GCM_PARAMS* gcm_params = 96 const CK_GCM_PARAMS* gcm_params =
97 reinterpret_cast<CK_GCM_PARAMS*>(param->data); 97 reinterpret_cast<CK_GCM_PARAMS*>(param->data);
98 98
99 DCHECK_EQ(gcm_params->ulTagBits, 99 DCHECK_EQ(gcm_params->ulTagBits,
100 static_cast<CK_ULONG>(Aes128Gcm12Decrypter::kAuthTagSize * 8)); 100 static_cast<CK_ULONG>(Aes128Gcm12Decrypter::kAuthTagSize * 8));
101 if (gcm_params->ulIvLen != 12u) { 101 if (gcm_params->ulIvLen != 12u) {
102 DVLOG(1) << "ulIvLen is not equal to 12"; 102 DVLOG(1) << "ulIvLen is not equal to 12";
103 PORT_SetError(SEC_ERROR_INPUT_LEN); 103 PORT_SetError(SEC_ERROR_INPUT_LEN);
104 return SECFailure; 104 return SECFailure;
105 } 105 }
106 106
107 SECItem my_param = { siBuffer, NULL, 0 }; 107 SECItem my_param = { siBuffer, nullptr, 0 };
108 108
109 // Step 2. Let H = CIPH_K(128 '0' bits). 109 // Step 2. Let H = CIPH_K(128 '0' bits).
110 unsigned char ghash_key[16] = {0}; 110 unsigned char ghash_key[16] = {0};
111 crypto::ScopedPK11Context ctx(PK11_CreateContextBySymKey( 111 crypto::ScopedPK11Context ctx(PK11_CreateContextBySymKey(
112 CKM_AES_ECB, CKA_ENCRYPT, key, &my_param)); 112 CKM_AES_ECB, CKA_ENCRYPT, key, &my_param));
113 if (!ctx) { 113 if (!ctx) {
114 DVLOG(1) << "PK11_CreateContextBySymKey failed"; 114 DVLOG(1) << "PK11_CreateContextBySymKey failed";
115 return SECFailure; 115 return SECFailure;
116 } 116 }
117 int output_len; 117 int output_len;
(...skipping 109 matching lines...) Expand 10 before | Expand all | Expand 10 after
227 gcm_params->pIv = 227 gcm_params->pIv =
228 reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data())); 228 reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data()));
229 gcm_params->ulIvLen = nonce.size(); 229 gcm_params->ulIvLen = nonce.size();
230 gcm_params->pAAD = 230 gcm_params->pAAD =
231 reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data())); 231 reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data()));
232 gcm_params->ulAADLen = associated_data.size(); 232 gcm_params->ulAADLen = associated_data.size();
233 gcm_params->ulTagBits = auth_tag_size * 8; 233 gcm_params->ulTagBits = auth_tag_size * 8;
234 } 234 }
235 235
236 } // namespace net 236 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/aead_base_encrypter_openssl.cc ('k') | net/quic/crypto/aes_128_gcm_12_decrypter_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698