search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updating trunk VERSION from 2139.0 to 2140.0
[chromium-blink-merge.git] / net / quic / crypto / aead_base_decrypter.h
blob6257409f9fbc132ad593ba6ba6b796760c5eb6e2
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
6 #define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
7
8 #include "base/compiler_specific.h"
9 #include "net/quic/crypto/quic_decrypter.h"
10
11 #if defined(USE_OPENSSL)
12 #include "net/quic/crypto/scoped_evp_aead_ctx.h"
13 #else
14 #include <pkcs11t.h>
15 #include <seccomon.h>
16 typedef struct PK11SymKeyStr PK11SymKey;
17 typedef SECStatus (*PK11_DecryptFunction)(
18 PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
19 unsigned char* out, unsigned int* outLen, unsigned int maxLen,
20 const unsigned char* enc, unsigned encLen);
21 #endif
22
23 namespace net {
24
25 // AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses.
26 class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
27 public:
28 #if defined(USE_OPENSSL)
29 AeadBaseDecrypter(const EVP_AEAD* aead_alg,
30 size_t key_size,
31 size_t auth_tag_size,
32 size_t nonce_prefix_size);
33 #else
34 AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
35 PK11_DecryptFunction pk11_decrypt,
36 size_t key_size,
37 size_t auth_tag_size,
38 size_t nonce_prefix_size);
39 #endif
40 virtual ~AeadBaseDecrypter();
41
42 // QuicDecrypter implementation
43 virtual bool SetKey(base::StringPiece key) OVERRIDE;
44 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
45 virtual bool Decrypt(base::StringPiece nonce,
46 base::StringPiece associated_data,
47 base::StringPiece ciphertext,
48 unsigned char* output,
49 size_t* output_length) OVERRIDE;
50 virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number,
51 base::StringPiece associated_data,
52 base::StringPiece ciphertext) OVERRIDE;
53 virtual base::StringPiece GetKey() const OVERRIDE;
54 virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
55
56 protected:
57 // Make these constants available to the subclasses so that the subclasses
58 // can assert at compile time their key_size_ and nonce_prefix_size_ do not
59 // exceed the maximum.
60 static const size_t kMaxKeySize = 32;
61 static const size_t kMaxNoncePrefixSize = 4;
62
63 #if !defined(USE_OPENSSL)
64 struct AeadParams {
65 unsigned int len;
66 union {
67 CK_GCM_PARAMS gcm_params;
68 #if !defined(USE_NSS)
69 // USE_NSS means we are using system NSS rather than our copy of NSS.
70 // The system NSS <pkcs11n.h> header doesn't define this type yet.
71 CK_NSS_AEAD_PARAMS nss_aead_params;
72 #endif
73 } data;
74 };
75
76 virtual void FillAeadParams(base::StringPiece nonce,
77 base::StringPiece associated_data,
78 size_t auth_tag_size,
79 AeadParams* aead_params) const = 0;
80 #endif // !defined(USE_OPENSSL)
81
82 private:
83 #if defined(USE_OPENSSL)
84 const EVP_AEAD* const aead_alg_;
85 #else
86 const CK_MECHANISM_TYPE aead_mechanism_;
87 const PK11_DecryptFunction pk11_decrypt_;
88 #endif
89 const size_t key_size_;
90 const size_t auth_tag_size_;
91 const size_t nonce_prefix_size_;
92
93 // The key.
94 unsigned char key_[kMaxKeySize];
95 // The nonce prefix.
96 unsigned char nonce_prefix_[kMaxNoncePrefixSize];
97
98 #if defined(USE_OPENSSL)
99 ScopedEVPAEADCtx ctx_;
100 #endif
101
102 DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter);
103 };
104
105 } // namespace net
106
107 #endif // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_