1// Copyright (c) 2013 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
6#define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
7
8#include "base/compiler_specific.h"
9#include "net/quic/crypto/quic_encrypter.h"
10
11#if defined(USE_OPENSSL)
12#include "net/quic/crypto/scoped_evp_aead_ctx.h"
13#else
14#include <pkcs11t.h>
15#include <seccomon.h>
16typedef struct PK11SymKeyStr PK11SymKey;
17typedef SECStatus (*PK11_EncryptFunction)(
18    PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
19    unsigned char* out, unsigned int* outLen, unsigned int maxLen,
20    const unsigned char* data, unsigned int dataLen);
21#endif
22
23namespace net {
24
25// AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses.
26class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
27 public:
28#if defined(USE_OPENSSL)
29  AeadBaseEncrypter(const EVP_AEAD* aead_alg,
30                    size_t key_size,
31                    size_t auth_tag_size,
32                    size_t nonce_prefix_size);
33#else
34  AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
35                    PK11_EncryptFunction pk11_encrypt,
36                    size_t key_size,
37                    size_t auth_tag_size,
38                    size_t nonce_prefix_size);
39#endif
40  virtual ~AeadBaseEncrypter();
41
42  // QuicEncrypter implementation
43  virtual bool SetKey(base::StringPiece key) OVERRIDE;
44  virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
45  virtual bool Encrypt(base::StringPiece nonce,
46                       base::StringPiece associated_data,
47                       base::StringPiece plaintext,
48                       unsigned char* output) OVERRIDE;
49  virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number,
50                                  base::StringPiece associated_data,
51                                  base::StringPiece plaintext) OVERRIDE;
52  virtual size_t GetKeySize() const OVERRIDE;
53  virtual size_t GetNoncePrefixSize() const OVERRIDE;
54  virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const OVERRIDE;
55  virtual size_t GetCiphertextSize(size_t plaintext_size) const OVERRIDE;
56  virtual base::StringPiece GetKey() const OVERRIDE;
57  virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
58
59 protected:
60  // Make these constants available to the subclasses so that the subclasses
61  // can assert at compile time their key_size_ and nonce_prefix_size_ do not
62  // exceed the maximum.
63  static const size_t kMaxKeySize = 32;
64  static const size_t kMaxNoncePrefixSize = 4;
65
66#if !defined(USE_OPENSSL)
67  struct AeadParams {
68    unsigned int len;
69    union {
70      CK_GCM_PARAMS gcm_params;
71#if !defined(USE_NSS)
72      // USE_NSS means we are using system NSS rather than our copy of NSS.
73      // The system NSS <pkcs11n.h> header doesn't define this type yet.
74      CK_NSS_AEAD_PARAMS nss_aead_params;
75#endif
76    } data;
77  };
78
79  virtual void FillAeadParams(base::StringPiece nonce,
80                              base::StringPiece associated_data,
81                              size_t auth_tag_size,
82                              AeadParams* aead_params) const = 0;
83#endif
84
85 private:
86#if defined(USE_OPENSSL)
87  const EVP_AEAD* const aead_alg_;
88#else
89  const CK_MECHANISM_TYPE aead_mechanism_;
90  const PK11_EncryptFunction pk11_encrypt_;
91#endif
92  const size_t key_size_;
93  const size_t auth_tag_size_;
94  const size_t nonce_prefix_size_;
95
96  // The key.
97  unsigned char key_[kMaxKeySize];
98  // The nonce prefix.
99  unsigned char nonce_prefix_[kMaxNoncePrefixSize];
100
101#if defined(USE_OPENSSL)
102  ScopedEVPAEADCtx ctx_;
103#endif
104
105  DISALLOW_COPY_AND_ASSIGN(AeadBaseEncrypter);
106};
107
108}  // namespace net
109
110#endif  // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
111