1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 6 #define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 7 8 #include "base/compiler_specific.h" 9 #include "net/quic/crypto/quic_decrypter.h" 10 11 #if defined(USE_OPENSSL) 12 #include "net/quic/crypto/scoped_evp_aead_ctx.h" 13 #else 14 #include <pkcs11t.h> 15 #include <seccomon.h> 16 typedef struct PK11SymKeyStr PK11SymKey; 17 typedef SECStatus (*PK11_DecryptFunction)( 18 PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param, 19 unsigned char* out, unsigned int* outLen, unsigned int maxLen, 20 const unsigned char* enc, unsigned encLen); 21 #endif 22 23 namespace net { 24 25 // AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses. 26 class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter { 27 public: 28 #if defined(USE_OPENSSL) 29 AeadBaseDecrypter(const EVP_AEAD* aead_alg, 30 size_t key_size, 31 size_t auth_tag_size, 32 size_t nonce_prefix_size); 33 #else 34 AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, 35 PK11_DecryptFunction pk11_decrypt, 36 size_t key_size, 37 size_t auth_tag_size, 38 size_t nonce_prefix_size); 39 #endif 40 virtual ~AeadBaseDecrypter(); 41 42 // QuicDecrypter implementation 43 virtual bool SetKey(base::StringPiece key) OVERRIDE; 44 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; 45 virtual bool Decrypt(base::StringPiece nonce, 46 base::StringPiece associated_data, 47 base::StringPiece ciphertext, 48 unsigned char* output, 49 size_t* output_length) OVERRIDE; 50 virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number, 51 base::StringPiece associated_data, 52 base::StringPiece ciphertext) OVERRIDE; 53 virtual base::StringPiece GetKey() const OVERRIDE; 54 virtual base::StringPiece GetNoncePrefix() const OVERRIDE; 55 56 protected: 57 // Make these constants available to the subclasses so that the subclasses 58 // can assert at compile time their key_size_ and nonce_prefix_size_ do not 59 // exceed the maximum. 60 static const size_t kMaxKeySize = 32; 61 static const size_t kMaxNoncePrefixSize = 4; 62 63 #if !defined(USE_OPENSSL) 64 struct AeadParams { 65 unsigned int len; 66 union { 67 CK_GCM_PARAMS gcm_params; 68 #if !defined(USE_NSS) 69 // USE_NSS means we are using system NSS rather than our copy of NSS. 70 // The system NSS <pkcs11n.h> header doesn't define this type yet. 71 CK_NSS_AEAD_PARAMS nss_aead_params; 72 #endif 73 } data; 74 }; 75 76 virtual void FillAeadParams(base::StringPiece nonce, 77 base::StringPiece associated_data, 78 size_t auth_tag_size, 79 AeadParams* aead_params) const = 0; 80 #endif // !defined(USE_OPENSSL) 81 82 private: 83 #if defined(USE_OPENSSL) 84 const EVP_AEAD* const aead_alg_; 85 #else 86 const CK_MECHANISM_TYPE aead_mechanism_; 87 const PK11_DecryptFunction pk11_decrypt_; 88 #endif 89 const size_t key_size_; 90 const size_t auth_tag_size_; 91 const size_t nonce_prefix_size_; 92 93 // The key. 94 unsigned char key_[kMaxKeySize]; 95 // The nonce prefix. 96 unsigned char nonce_prefix_[kMaxNoncePrefixSize]; 97 98 #if defined(USE_OPENSSL) 99 ScopedEVPAEADCtx ctx_; 100 #endif 101 102 DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter); 103 }; 104 105 } // namespace net 106 107 #endif // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 108
