1a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// Use of this source code is governed by a BSD-style license that can be 3a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// found in the LICENSE file. 4a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 5a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 6a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 7a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 8a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "base/compiler_specific.h" 9a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "net/quic/crypto/quic_encrypter.h" 10a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 11a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(USE_OPENSSL) 12a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include "net/quic/crypto/scoped_evp_aead_ctx.h" 13a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#else 14a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <pkcs11t.h> 15a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#include <seccomon.h> 16a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)typedef struct PK11SymKeyStr PK11SymKey; 17a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)typedef SECStatus (*PK11_EncryptFunction)( 18a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param, 19a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) unsigned char* out, unsigned int* outLen, unsigned int maxLen, 20a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const unsigned char* data, unsigned int dataLen); 21a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 22a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 23a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)namespace net { 24a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 25a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)// AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses. 26a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter { 27a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) public: 28a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(USE_OPENSSL) 29a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) AeadBaseEncrypter(const EVP_AEAD* aead_alg, 30a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t key_size, 31a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t auth_tag_size, 32a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t nonce_prefix_size); 33a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#else 34a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism, 35a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) PK11_EncryptFunction pk11_encrypt, 36a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t key_size, 37a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t auth_tag_size, 38a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t nonce_prefix_size); 39a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 40a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual ~AeadBaseEncrypter(); 41a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 42a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // QuicEncrypter implementation 43a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool SetKey(base::StringPiece key) OVERRIDE; 44a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; 45a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual bool Encrypt(base::StringPiece nonce, 46a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::StringPiece associated_data, 47a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::StringPiece plaintext, 48a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) unsigned char* output) OVERRIDE; 49a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual QuicData* EncryptPacket(QuicPacketSequenceNumber sequence_number, 50a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::StringPiece associated_data, 51a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::StringPiece plaintext) OVERRIDE; 52a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual size_t GetKeySize() const OVERRIDE; 53a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual size_t GetNoncePrefixSize() const OVERRIDE; 54a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual size_t GetMaxPlaintextSize(size_t ciphertext_size) const OVERRIDE; 55a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual size_t GetCiphertextSize(size_t plaintext_size) const OVERRIDE; 56a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual base::StringPiece GetKey() const OVERRIDE; 57a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual base::StringPiece GetNoncePrefix() const OVERRIDE; 58a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 59a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) protected: 60a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // Make these constants available to the subclasses so that the subclasses 61a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // can assert at compile time their key_size_ and nonce_prefix_size_ do not 62a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // exceed the maximum. 63a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) static const size_t kMaxKeySize = 32; 64a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) static const size_t kMaxNoncePrefixSize = 4; 65a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 66a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if !defined(USE_OPENSSL) 67a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) struct AeadParams { 68a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) unsigned int len; 69a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) union { 70a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) CK_GCM_PARAMS gcm_params; 71a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if !defined(USE_NSS) 72a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // USE_NSS means we are using system NSS rather than our copy of NSS. 73a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // The system NSS <pkcs11n.h> header doesn't define this type yet. 74a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) CK_NSS_AEAD_PARAMS nss_aead_params; 75a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 76a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) } data; 77a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) }; 78a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 79a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) virtual void FillAeadParams(base::StringPiece nonce, 80a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) base::StringPiece associated_data, 81a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) size_t auth_tag_size, 82a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) AeadParams* aead_params) const = 0; 83a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 84a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 85a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) private: 86a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(USE_OPENSSL) 87a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const EVP_AEAD* const aead_alg_; 88a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#else 89a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const CK_MECHANISM_TYPE aead_mechanism_; 90a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const PK11_EncryptFunction pk11_encrypt_; 91a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 92a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const size_t key_size_; 93a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const size_t auth_tag_size_; 94a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) const size_t nonce_prefix_size_; 95a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 96a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // The key. 97a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) unsigned char key_[kMaxKeySize]; 98a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) // The nonce prefix. 99a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) unsigned char nonce_prefix_[kMaxNoncePrefixSize]; 100a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 101a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#if defined(USE_OPENSSL) 102a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) ScopedEVPAEADCtx ctx_; 103a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif 1040529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch 1050529e5d033099cbfc42635f6f6183833b09dff6eBen Murdoch DISALLOW_COPY_AND_ASSIGN(AeadBaseEncrypter); 106a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)}; 107a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 108a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)} // namespace net 109a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles) 110a1401311d1ab56c4ed0a474bd38c108f75cb0cd9Torne (Richard Coles)#endif // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_ 111