1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/aead_base_encrypter.h"
6
7 #include <openssl/err.h>
8 #include <openssl/evp.h>
9 #include <string.h>
10
11 #include "base/memory/scoped_ptr.h"
12
13 using base::StringPiece;
14
15 namespace net {
16
17 namespace {
18
19 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error
20 // stack.
DLogOpenSslErrors()21 void DLogOpenSslErrors() {
22 #ifdef NDEBUG
23 while (ERR_get_error()) {}
24 #else
25 while (unsigned long error = ERR_get_error()) {
26 char buf[120];
27 ERR_error_string_n(error, buf, arraysize(buf));
28 DLOG(ERROR) << "OpenSSL error: " << buf;
29 }
30 #endif
31 }
32
33 } // namespace
34
AeadBaseEncrypter(const EVP_AEAD * aead_alg,size_t key_size,size_t auth_tag_size,size_t nonce_prefix_size)35 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg,
36 size_t key_size,
37 size_t auth_tag_size,
38 size_t nonce_prefix_size)
39 : aead_alg_(aead_alg),
40 key_size_(key_size),
41 auth_tag_size_(auth_tag_size),
42 nonce_prefix_size_(nonce_prefix_size) {
43 DCHECK_LE(key_size_, sizeof(key_));
44 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
45 }
46
~AeadBaseEncrypter()47 AeadBaseEncrypter::~AeadBaseEncrypter() {}
48
SetKey(StringPiece key)49 bool AeadBaseEncrypter::SetKey(StringPiece key) {
50 DCHECK_EQ(key.size(), key_size_);
51 if (key.size() != key_size_) {
52 return false;
53 }
54 memcpy(key_, key.data(), key.size());
55
56 EVP_AEAD_CTX_cleanup(ctx_.get());
57
58 if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
59 auth_tag_size_, NULL)) {
60 DLogOpenSslErrors();
61 return false;
62 }
63
64 return true;
65 }
66
SetNoncePrefix(StringPiece nonce_prefix)67 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) {
68 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
69 if (nonce_prefix.size() != nonce_prefix_size_) {
70 return false;
71 }
72 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
73 return true;
74 }
75
Encrypt(StringPiece nonce,StringPiece associated_data,StringPiece plaintext,unsigned char * output)76 bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
77 StringPiece associated_data,
78 StringPiece plaintext,
79 unsigned char* output) {
80 if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
81 return false;
82 }
83
84 size_t len;
85 if (!EVP_AEAD_CTX_seal(
86 ctx_.get(),
87 output,
88 &len,
89 plaintext.size() + auth_tag_size_,
90 reinterpret_cast<const uint8_t*>(nonce.data()),
91 nonce.size(),
92 reinterpret_cast<const uint8_t*>(plaintext.data()),
93 plaintext.size(),
94 reinterpret_cast<const uint8_t*>(associated_data.data()),
95 associated_data.size())) {
96 DLogOpenSslErrors();
97 return false;
98 }
99
100 return true;
101 }
102
EncryptPacket(QuicPacketSequenceNumber sequence_number,StringPiece associated_data,StringPiece plaintext)103 QuicData* AeadBaseEncrypter::EncryptPacket(
104 QuicPacketSequenceNumber sequence_number,
105 StringPiece associated_data,
106 StringPiece plaintext) {
107 size_t ciphertext_size = GetCiphertextSize(plaintext.length());
108 scoped_ptr<char[]> ciphertext(new char[ciphertext_size]);
109
110 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
111 // same sequence number twice.
112 uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)];
113 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
114 DCHECK_LE(nonce_size, sizeof(nonce));
115 memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
116 memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number));
117 if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
118 associated_data, plaintext,
119 reinterpret_cast<unsigned char*>(ciphertext.get()))) {
120 return NULL;
121 }
122
123 return new QuicData(ciphertext.release(), ciphertext_size, true);
124 }
125
GetKeySize() const126 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; }
127
GetNoncePrefixSize() const128 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
129 return nonce_prefix_size_;
130 }
131
GetMaxPlaintextSize(size_t ciphertext_size) const132 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const {
133 return ciphertext_size - auth_tag_size_;
134 }
135
GetCiphertextSize(size_t plaintext_size) const136 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const {
137 return plaintext_size + auth_tag_size_;
138 }
139
GetKey() const140 StringPiece AeadBaseEncrypter::GetKey() const {
141 return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
142 }
143
GetNoncePrefix() const144 StringPiece AeadBaseEncrypter::GetNoncePrefix() const {
145 if (nonce_prefix_size_ == 0) {
146 return StringPiece();
147 }
148 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
149 nonce_prefix_size_);
150 }
151
152 } // namespace net
153