aead_base_encrypter_openssl.cc revision a1401311d1ab56c4ed0a474bd38c108f75cb0cd9
1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#include "net/quic/crypto/aead_base_encrypter.h" 6 7#include <openssl/err.h> 8#include <openssl/evp.h> 9#include <string.h> 10 11#include "base/memory/scoped_ptr.h" 12 13using base::StringPiece; 14 15namespace net { 16 17namespace { 18 19// Clear OpenSSL error stack. 20void ClearOpenSslErrors() { 21#ifdef NDEBUG 22 while (ERR_get_error()) {} 23#else 24 while (unsigned long error = ERR_get_error()) { 25 char buf[120]; 26 ERR_error_string_n(error, buf, arraysize(buf)); 27 DLOG(ERROR) << "OpenSSL error: " << buf; 28 } 29#endif 30} 31 32} // namespace 33 34AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg, 35 size_t key_size, 36 size_t auth_tag_size, 37 size_t nonce_prefix_size) 38 : aead_alg_(aead_alg), 39 key_size_(key_size), 40 auth_tag_size_(auth_tag_size), 41 nonce_prefix_size_(nonce_prefix_size) { 42 DCHECK_LE(key_size_, sizeof(key_)); 43 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); 44} 45 46AeadBaseEncrypter::~AeadBaseEncrypter() {} 47 48bool AeadBaseEncrypter::SetKey(StringPiece key) { 49 DCHECK_EQ(key.size(), key_size_); 50 if (key.size() != key_size_) { 51 return false; 52 } 53 memcpy(key_, key.data(), key.size()); 54 55 EVP_AEAD_CTX_cleanup(ctx_.get()); 56 57 if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_, 58 auth_tag_size_, NULL)) { 59 ClearOpenSslErrors(); 60 return false; 61 } 62 63 return true; 64} 65 66bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) { 67 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); 68 if (nonce_prefix.size() != nonce_prefix_size_) { 69 return false; 70 } 71 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); 72 return true; 73} 74 75bool AeadBaseEncrypter::Encrypt(StringPiece nonce, 76 StringPiece associated_data, 77 StringPiece plaintext, 78 unsigned char* output) { 79 if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) { 80 return false; 81 } 82 83 ssize_t len = EVP_AEAD_CTX_seal( 84 ctx_.get(), output, plaintext.size() + auth_tag_size_, 85 reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(), 86 reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size(), 87 reinterpret_cast<const uint8_t*>(associated_data.data()), 88 associated_data.size()); 89 90 if (len < 0) { 91 ClearOpenSslErrors(); 92 return false; 93 } 94 95 return true; 96} 97 98QuicData* AeadBaseEncrypter::EncryptPacket( 99 QuicPacketSequenceNumber sequence_number, 100 StringPiece associated_data, 101 StringPiece plaintext) { 102 size_t ciphertext_size = GetCiphertextSize(plaintext.length()); 103 scoped_ptr<char[]> ciphertext(new char[ciphertext_size]); 104 105 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the 106 // same sequence number twice. 107 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)]; 108 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number); 109 DCHECK_LE(nonce_size, sizeof(nonce)); 110 memcpy(nonce, nonce_prefix_, nonce_prefix_size_); 111 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number)); 112 if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size), 113 associated_data, plaintext, 114 reinterpret_cast<unsigned char*>(ciphertext.get()))) { 115 return NULL; 116 } 117 118 return new QuicData(ciphertext.release(), ciphertext_size, true); 119} 120 121size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; } 122 123size_t AeadBaseEncrypter::GetNoncePrefixSize() const { 124 return nonce_prefix_size_; 125} 126 127size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const { 128 return ciphertext_size - auth_tag_size_; 129} 130 131size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const { 132 return plaintext_size + auth_tag_size_; 133} 134 135StringPiece AeadBaseEncrypter::GetKey() const { 136 return StringPiece(reinterpret_cast<const char*>(key_), key_size_); 137} 138 139StringPiece AeadBaseEncrypter::GetNoncePrefix() const { 140 if (nonce_prefix_size_ == 0) { 141 return StringPiece(); 142 } 143 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_), 144 nonce_prefix_size_); 145} 146 147} // namespace net 148