Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/quic/crypto/aead_base_encrypter.h"
      6 
      7 #include <openssl/err.h>
      8 #include <openssl/evp.h>
      9 #include <string.h>
     10 
     11 #include "base/memory/scoped_ptr.h"
     12 
     13 using base::StringPiece;
     14 
     15 namespace net {
     16 
     17 namespace {
     18 
     19 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error
     20 // stack.
     21 void DLogOpenSslErrors() {
     22 #ifdef NDEBUG
     23   while (ERR_get_error()) {}
     24 #else
     25   while (unsigned long error = ERR_get_error()) {
     26     char buf[120];
     27     ERR_error_string_n(error, buf, arraysize(buf));
     28     DLOG(ERROR) << "OpenSSL error: " << buf;
     29   }
     30 #endif
     31 }
     32 
     33 }  // namespace
     34 
     35 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg,
     36                                      size_t key_size,
     37                                      size_t auth_tag_size,
     38                                      size_t nonce_prefix_size)
     39     : aead_alg_(aead_alg),
     40       key_size_(key_size),
     41       auth_tag_size_(auth_tag_size),
     42       nonce_prefix_size_(nonce_prefix_size) {
     43   DCHECK_LE(key_size_, sizeof(key_));
     44   DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
     45 }
     46 
     47 AeadBaseEncrypter::~AeadBaseEncrypter() {}
     48 
     49 bool AeadBaseEncrypter::SetKey(StringPiece key) {
     50   DCHECK_EQ(key.size(), key_size_);
     51   if (key.size() != key_size_) {
     52     return false;
     53   }
     54   memcpy(key_, key.data(), key.size());
     55 
     56   EVP_AEAD_CTX_cleanup(ctx_.get());
     57 
     58   if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
     59                          auth_tag_size_, NULL)) {
     60     DLogOpenSslErrors();
     61     return false;
     62   }
     63 
     64   return true;
     65 }
     66 
     67 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) {
     68   DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
     69   if (nonce_prefix.size() != nonce_prefix_size_) {
     70     return false;
     71   }
     72   memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
     73   return true;
     74 }
     75 
     76 bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
     77                                 StringPiece associated_data,
     78                                 StringPiece plaintext,
     79                                 unsigned char* output) {
     80   if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
     81     return false;
     82   }
     83 
     84   size_t len;
     85   if (!EVP_AEAD_CTX_seal(
     86           ctx_.get(),
     87           output,
     88           &len,
     89           plaintext.size() + auth_tag_size_,
     90           reinterpret_cast<const uint8_t*>(nonce.data()),
     91           nonce.size(),
     92           reinterpret_cast<const uint8_t*>(plaintext.data()),
     93           plaintext.size(),
     94           reinterpret_cast<const uint8_t*>(associated_data.data()),
     95           associated_data.size())) {
     96     DLogOpenSslErrors();
     97     return false;
     98   }
     99 
    100   return true;
    101 }
    102 
    103 QuicData* AeadBaseEncrypter::EncryptPacket(
    104     QuicPacketSequenceNumber sequence_number,
    105     StringPiece associated_data,
    106     StringPiece plaintext) {
    107   size_t ciphertext_size = GetCiphertextSize(plaintext.length());
    108   scoped_ptr<char[]> ciphertext(new char[ciphertext_size]);
    109 
    110   // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
    111   // same sequence number twice.
    112   uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)];
    113   const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
    114   DCHECK_LE(nonce_size, sizeof(nonce));
    115   memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
    116   memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number));
    117   if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
    118                associated_data, plaintext,
    119                reinterpret_cast<unsigned char*>(ciphertext.get()))) {
    120     return NULL;
    121   }
    122 
    123   return new QuicData(ciphertext.release(), ciphertext_size, true);
    124 }
    125 
    126 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; }
    127 
    128 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
    129   return nonce_prefix_size_;
    130 }
    131 
    132 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const {
    133   return ciphertext_size - auth_tag_size_;
    134 }
    135 
    136 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const {
    137   return plaintext_size + auth_tag_size_;
    138 }
    139 
    140 StringPiece AeadBaseEncrypter::GetKey() const {
    141   return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
    142 }
    143 
    144 StringPiece AeadBaseEncrypter::GetNoncePrefix() const {
    145   if (nonce_prefix_size_ == 0) {
    146     return StringPiece();
    147   }
    148   return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
    149                      nonce_prefix_size_);
    150 }
    151 
    152 }  // namespace net
    153