net/quic/crypto/crypto_secret_boxer.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/crypto_secret_boxer.h"
   6
   7 #include "base/logging.h"
   8 #include "base/memory/scoped_ptr.h"
   9 #include "net/quic/crypto/crypto_protocol.h"
  10 #include "net/quic/crypto/quic_decrypter.h"
  11 #include "net/quic/crypto/quic_encrypter.h"
  12 #include "net/quic/crypto/quic_random.h"
  13
  14 using base::StringPiece;
  15 using std::string;
  16
  17 namespace net {
  18
  19 // Defined kKeySize for GetKeySize() and SetKey().
  20 static const size_t kKeySize = 16;
  21
  22 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.
  23 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
  24 //
  25 // From agl@:
  26 //   96-bit nonces are on the edge. An attacker who can collect 2^41
  27 //   source-address tokens has a 1% chance of finding a duplicate.
  28 //
  29 //   The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens
  30 //   per second. So one day of that DDoS botnot would reach the 1% mark.
  31 //
  32 //   It's not terrible, but it's not a "forget about it" margin.
  33 static const size_t kBoxNonceSize = 12;
  34
  35 // static
  36 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }
  37
  38 void CryptoSecretBoxer::SetKey(StringPiece key) {
  39   DCHECK_EQ(kKeySize, key.size());
  40   key_ = key.as_string();
  41 }
  42
  43 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
  44   scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG));
  45   if (!encrypter->SetKey(key_)) {
  46     DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed.";
  47     return string();
  48   }
  49   size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
  50
  51   string ret;
  52   const size_t len = kBoxNonceSize + ciphertext_size;
  53   ret.resize(len);
  54   char* data = &ret[0];
  55
  56   // Generate nonce.
  57   rand->RandBytes(data, kBoxNonceSize);
  58   memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());
  59
  60   if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(),
  61                           plaintext, reinterpret_cast<unsigned char*>(
  62                                          data + kBoxNonceSize))) {
  63     DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
  64     return string();
  65   }
  66
  67   return ret;
  68 }
  69
  70 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
  71                               string* out_storage,
  72                               StringPiece* out) const {
  73   if (ciphertext.size() < kBoxNonceSize) {
  74     return false;
  75   }
  76
  77   char nonce[kBoxNonceSize];
  78   memcpy(nonce, ciphertext.data(), kBoxNonceSize);
  79   ciphertext.remove_prefix(kBoxNonceSize);
  80
  81   size_t len = ciphertext.size();
  82   out_storage->resize(len);
  83   char* data = const_cast<char*>(out_storage->data());
  84
  85   scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG));
  86   if (!decrypter->SetKey(key_)) {
  87     DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed.";
  88     return false;
  89   }
  90   if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), StringPiece(),
  91                           ciphertext, reinterpret_cast<unsigned char*>(data),
  92                           &len)) {
  93     return false;
  94   }
  95
  96   out->set(data, len);
  97   return true;
  98 }
  99
 100 }  // namespace net