Home | History | Annotate | Download | only in crypto 
      1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 #include "net/quic/crypto/crypto_secret_boxer.h"
      6 
      7 #include "base/logging.h"
      8 #include "base/memory/scoped_ptr.h"
      9 #include "net/quic/crypto/crypto_protocol.h"
     10 #include "net/quic/crypto/quic_decrypter.h"
     11 #include "net/quic/crypto/quic_encrypter.h"
     12 #include "net/quic/crypto/quic_random.h"
     13 
     14 using base::StringPiece;
     15 using std::string;
     16 
     17 namespace net {
     18 
     19 // Defined kKeySize for GetKeySize() and SetKey().
     20 static const size_t kKeySize = 16;
     21 
     22 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.
     23 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
     24 //
     25 // From agl@:
     26 //   96-bit nonces are on the edge. An attacker who can collect 2^41
     27 //   source-address tokens has a 1% chance of finding a duplicate.
     28 //
     29 //   The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens
     30 //   per second. So one day of that DDoS botnot would reach the 1% mark.
     31 //
     32 //   It's not terrible, but it's not a "forget about it" margin.
     33 static const size_t kBoxNonceSize = 12;
     34 
     35 // static
     36 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }
     37 
     38 void CryptoSecretBoxer::SetKey(StringPiece key) {
     39   DCHECK_EQ(kKeySize, key.size());
     40   key_ = key.as_string();
     41 }
     42 
     43 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
     44   scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG));
     45   if (!encrypter->SetKey(key_)) {
     46     DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed.";
     47     return string();
     48   }
     49   size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
     50 
     51   string ret;
     52   const size_t len = kBoxNonceSize + ciphertext_size;
     53   ret.resize(len);
     54   char* data = &ret[0];
     55 
     56   // Generate nonce.
     57   rand->RandBytes(data, kBoxNonceSize);
     58   memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());
     59 
     60   if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(),
     61                           plaintext, reinterpret_cast<unsigned char*>(
     62                                          data + kBoxNonceSize))) {
     63     DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
     64     return string();
     65   }
     66 
     67   return ret;
     68 }
     69 
     70 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
     71                               string* out_storage,
     72                               StringPiece* out) const {
     73   if (ciphertext.size() < kBoxNonceSize) {
     74     return false;
     75   }
     76 
     77   char nonce[kBoxNonceSize];
     78   memcpy(nonce, ciphertext.data(), kBoxNonceSize);
     79   ciphertext.remove_prefix(kBoxNonceSize);
     80 
     81   size_t len = ciphertext.size();
     82   out_storage->resize(len);
     83   char* data = const_cast<char*>(out_storage->data());
     84 
     85   scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG));
     86   if (!decrypter->SetKey(key_)) {
     87     DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed.";
     88     return false;
     89   }
     90   if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), StringPiece(),
     91                           ciphertext, reinterpret_cast<unsigned char*>(data),
     92                           &len)) {
     93     return false;
     94   }
     95 
     96   out->set(data, len);
     97   return true;
     98 }
     99 
    100 }  // namespace net
    101