net/quic/crypto/aead_base_decrypter_openssl.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/aead_base_decrypter.h"
   6
   7 #include <openssl/err.h>
   8 #include <openssl/evp.h>
   9
  10 #include "base/memory/scoped_ptr.h"
  11
  12 using base::StringPiece;
  13
  14 namespace net {
  15
  16 namespace {
  17
  18 // Clear OpenSSL error stack.
  19 void ClearOpenSslErrors() {
  20   while (ERR_get_error()) {}
  21 }
  22
  23 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error
  24 // stack.
  25 void DLogOpenSslErrors() {
  26 #ifdef NDEBUG
  27   ClearOpenSslErrors();
  28 #else
  29   while (uint32_t error = ERR_get_error()) {
  30     char buf[120];
  31     ERR_error_string_n(error, buf, arraysize(buf));
  32     DLOG(ERROR) << "OpenSSL error: " << buf;
  33   }
  34 #endif
  35 }
  36
  37 }  // namespace
  38
  39 AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg,
  40                                      size_t key_size,
  41                                      size_t auth_tag_size,
  42                                      size_t nonce_prefix_size)
  43     : aead_alg_(aead_alg),
  44       key_size_(key_size),
  45       auth_tag_size_(auth_tag_size),
  46       nonce_prefix_size_(nonce_prefix_size) {
  47   DCHECK_LE(key_size_, sizeof(key_));
  48   DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
  49 }
  50
  51 AeadBaseDecrypter::~AeadBaseDecrypter() {}
  52
  53 bool AeadBaseDecrypter::SetKey(StringPiece key) {
  54   DCHECK_EQ(key.size(), key_size_);
  55   if (key.size() != key_size_) {
  56     return false;
  57   }
  58   memcpy(key_, key.data(), key.size());
  59
  60   EVP_AEAD_CTX_cleanup(ctx_.get());
  61   if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
  62                          auth_tag_size_, nullptr)) {
  63     DLogOpenSslErrors();
  64     return false;
  65   }
  66
  67   return true;
  68 }
  69
  70 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
  71   DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
  72   if (nonce_prefix.size() != nonce_prefix_size_) {
  73     return false;
  74   }
  75   memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
  76   return true;
  77 }
  78
  79 bool AeadBaseDecrypter::Decrypt(StringPiece nonce,
  80                                 const StringPiece& associated_data,
  81                                 const StringPiece& ciphertext,
  82                                 uint8* output,
  83                                 size_t* output_length,
  84                                 size_t max_output_length) {
  85   if (ciphertext.length() < auth_tag_size_ ||
  86       nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
  87     return false;
  88   }
  89
  90   if (!EVP_AEAD_CTX_open(
  91           ctx_.get(), output, output_length, max_output_length,
  92           reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(),
  93           reinterpret_cast<const uint8_t*>(ciphertext.data()),
  94           ciphertext.size(),
  95           reinterpret_cast<const uint8_t*>(associated_data.data()),
  96           associated_data.size())) {
  97     // Because QuicFramer does trial decryption, decryption errors are expected
  98     // when encryption level changes. So we don't log decryption errors.
  99     ClearOpenSslErrors();
 100     return false;
 101   }
 102   return true;
 103 }
 104
 105 bool AeadBaseDecrypter::DecryptPacket(QuicPacketSequenceNumber sequence_number,
 106                                       const StringPiece& associated_data,
 107                                       const StringPiece& ciphertext,
 108                                       char* output,
 109                                       size_t* output_length,
 110                                       size_t max_output_length) {
 111   if (ciphertext.length() < auth_tag_size_) {
 112     return false;
 113   }
 114
 115   uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)];
 116   const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
 117   DCHECK_LE(nonce_size, sizeof(nonce));
 118   memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
 119   memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number));
 120   return Decrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
 121                  associated_data, ciphertext, reinterpret_cast<uint8*>(output),
 122                  output_length, max_output_length);
 123 }
 124
 125 StringPiece AeadBaseDecrypter::GetKey() const {
 126   return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
 127 }
 128
 129 StringPiece AeadBaseDecrypter::GetNoncePrefix() const {
 130   if (nonce_prefix_size_ == 0) {
 131     return StringPiece();
 132   }
 133   return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
 134                      nonce_prefix_size_);
 135 }
 136
 137 }  // namespace net