1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 6#define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 7 8#include "base/compiler_specific.h" 9#include "net/quic/crypto/quic_decrypter.h" 10 11#if defined(USE_OPENSSL) 12#include "net/quic/crypto/scoped_evp_aead_ctx.h" 13#else 14#include <pkcs11t.h> 15#include <seccomon.h> 16typedef struct PK11SymKeyStr PK11SymKey; 17typedef SECStatus (*PK11_DecryptFunction)( 18 PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param, 19 unsigned char* out, unsigned int* outLen, unsigned int maxLen, 20 const unsigned char* enc, unsigned encLen); 21#endif 22 23namespace net { 24 25// AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses. 26class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter { 27 public: 28#if defined(USE_OPENSSL) 29 AeadBaseDecrypter(const EVP_AEAD* aead_alg, 30 size_t key_size, 31 size_t auth_tag_size, 32 size_t nonce_prefix_size); 33#else 34 AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, 35 PK11_DecryptFunction pk11_decrypt, 36 size_t key_size, 37 size_t auth_tag_size, 38 size_t nonce_prefix_size); 39#endif 40 virtual ~AeadBaseDecrypter(); 41 42 // QuicDecrypter implementation 43 virtual bool SetKey(base::StringPiece key) OVERRIDE; 44 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; 45 virtual bool Decrypt(base::StringPiece nonce, 46 base::StringPiece associated_data, 47 base::StringPiece ciphertext, 48 unsigned char* output, 49 size_t* output_length) OVERRIDE; 50 virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number, 51 base::StringPiece associated_data, 52 base::StringPiece ciphertext) OVERRIDE; 53 virtual base::StringPiece GetKey() const OVERRIDE; 54 virtual base::StringPiece GetNoncePrefix() const OVERRIDE; 55 56 protected: 57 // Make these constants available to the subclasses so that the subclasses 58 // can assert at compile time their key_size_ and nonce_prefix_size_ do not 59 // exceed the maximum. 60 static const size_t kMaxKeySize = 32; 61 static const size_t kMaxNoncePrefixSize = 4; 62 63#if !defined(USE_OPENSSL) 64 struct AeadParams { 65 unsigned int len; 66 union { 67 CK_GCM_PARAMS gcm_params; 68#if !defined(USE_NSS) 69 // USE_NSS means we are using system NSS rather than our copy of NSS. 70 // The system NSS <pkcs11n.h> header doesn't define this type yet. 71 CK_NSS_AEAD_PARAMS nss_aead_params; 72#endif 73 } data; 74 }; 75 76 virtual void FillAeadParams(base::StringPiece nonce, 77 base::StringPiece associated_data, 78 size_t auth_tag_size, 79 AeadParams* aead_params) const = 0; 80#endif // !defined(USE_OPENSSL) 81 82 private: 83#if defined(USE_OPENSSL) 84 const EVP_AEAD* const aead_alg_; 85#else 86 const CK_MECHANISM_TYPE aead_mechanism_; 87 const PK11_DecryptFunction pk11_decrypt_; 88#endif 89 const size_t key_size_; 90 const size_t auth_tag_size_; 91 const size_t nonce_prefix_size_; 92 93 // The key. 94 unsigned char key_[kMaxKeySize]; 95 // The nonce prefix. 96 unsigned char nonce_prefix_[kMaxNoncePrefixSize]; 97 98#if defined(USE_OPENSSL) 99 ScopedEVPAEADCtx ctx_; 100#endif 101 102 DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter); 103}; 104 105} // namespace net 106 107#endif // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ 108