1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 6 #define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 7 8 #include "base/compiler_specific.h" 9 #include "net/quic/crypto/quic_encrypter.h" 10 11 #if defined(USE_OPENSSL) 12 #include "net/quic/crypto/scoped_evp_aead_ctx.h" 13 #else 14 #include <pkcs11t.h> 15 #include <seccomon.h> 16 typedef struct PK11SymKeyStr PK11SymKey; 17 typedef SECStatus (*PK11_EncryptFunction)( 18 PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param, 19 unsigned char* out, unsigned int* outLen, unsigned int maxLen, 20 const unsigned char* data, unsigned int dataLen); 21 #endif 22 23 namespace net { 24 25 // AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses. 26 class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { 27 public: 28 #if defined(USE_OPENSSL) 29 AeadBaseEncrypter(const EVP_AEAD* aead_alg, 30 size_t key_size, 31 size_t auth_tag_size, 32 size_t nonce_prefix_size); 33 #else 34 AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism, 35 PK11_EncryptFunction pk11_encrypt, 36 size_t key_size, 37 size_t auth_tag_size, 38 size_t nonce_prefix_size); 39 #endif 40 virtual ~AeadBaseEncrypter(); 41 42 // QuicEncrypter implementation 43 virtual bool SetKey(base::StringPiece key) OVERRIDE; 44 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; 45 virtual bool Encrypt(base::StringPiece nonce, 46 base::StringPiece associated_data, 47 base::StringPiece plaintext, 48 unsigned char* output) OVERRIDE; 49 virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number, 50 base::StringPiece associated_data, 51 base::StringPiece plaintext) OVERRIDE; 52 virtual size_t GetKeySize() const OVERRIDE; 53 virtual size_t GetNoncePrefixSize() const OVERRIDE; 54 virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const OVERRIDE; 55 virtual size_t GetCiphertextSize(size_t plaintext_size) const OVERRIDE; 56 virtual base::StringPiece GetKey() const OVERRIDE; 57 virtual base::StringPiece GetNoncePrefix() const OVERRIDE; 58 59 protected: 60 // Make these constants available to the subclasses so that the subclasses 61 // can assert at compile time their key_size_ and nonce_prefix_size_ do not 62 // exceed the maximum. 63 static const size_t kMaxKeySize = 32; 64 static const size_t kMaxNoncePrefixSize = 4; 65 66 #if !defined(USE_OPENSSL) 67 struct AeadParams { 68 unsigned int len; 69 union { 70 CK_GCM_PARAMS gcm_params; 71 #if !defined(USE_NSS) 72 // USE_NSS means we are using system NSS rather than our copy of NSS. 73 // The system NSS <pkcs11n.h> header doesn't define this type yet. 74 CK_NSS_AEAD_PARAMS nss_aead_params; 75 #endif 76 } data; 77 }; 78 79 virtual void FillAeadParams(base::StringPiece nonce, 80 base::StringPiece associated_data, 81 size_t auth_tag_size, 82 AeadParams* aead_params) const = 0; 83 #endif 84 85 private: 86 #if defined(USE_OPENSSL) 87 const EVP_AEAD* const aead_alg_; 88 #else 89 const CK_MECHANISM_TYPE aead_mechanism_; 90 const PK11_EncryptFunction pk11_encrypt_; 91 #endif 92 const size_t key_size_; 93 const size_t auth_tag_size_; 94 const size_t nonce_prefix_size_; 95 96 // The key. 97 unsigned char key_[kMaxKeySize]; 98 // The nonce prefix. 99 unsigned char nonce_prefix_[kMaxNoncePrefixSize]; 100 101 #if defined(USE_OPENSSL) 102 ScopedEVPAEADCtx ctx_; 103 #endif 104 105 DISALLOW_COPY_AND_ASSIGN(AeadBaseEncrypter); 106 }; 107 108 } // namespace net 109 110 #endif // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 111