1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/aead_base_encrypter.h"
7 #include <openssl/err.h>
8 #include <openssl/evp.h>
11 #include "base/memory/scoped_ptr.h"
13 using base::StringPiece
;
19 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error
21 void DLogOpenSslErrors() {
23 while (ERR_get_error()) {}
25 while (unsigned long error
= ERR_get_error()) {
27 ERR_error_string_n(error
, buf
, arraysize(buf
));
28 DLOG(ERROR
) << "OpenSSL error: " << buf
;
35 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD
* aead_alg
,
38 size_t nonce_prefix_size
)
39 : aead_alg_(aead_alg
),
41 auth_tag_size_(auth_tag_size
),
42 nonce_prefix_size_(nonce_prefix_size
) {
43 DCHECK_LE(key_size_
, sizeof(key_
));
44 DCHECK_LE(nonce_prefix_size_
, sizeof(nonce_prefix_
));
47 AeadBaseEncrypter::~AeadBaseEncrypter() {}
49 bool AeadBaseEncrypter::SetKey(StringPiece key
) {
50 DCHECK_EQ(key
.size(), key_size_
);
51 if (key
.size() != key_size_
) {
54 memcpy(key_
, key
.data(), key
.size());
56 EVP_AEAD_CTX_cleanup(ctx_
.get());
58 if (!EVP_AEAD_CTX_init(ctx_
.get(), aead_alg_
, key_
, key_size_
,
59 auth_tag_size_
, nullptr)) {
67 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix
) {
68 DCHECK_EQ(nonce_prefix
.size(), nonce_prefix_size_
);
69 if (nonce_prefix
.size() != nonce_prefix_size_
) {
72 memcpy(nonce_prefix_
, nonce_prefix
.data(), nonce_prefix
.size());
76 bool AeadBaseEncrypter::Encrypt(StringPiece nonce
,
77 StringPiece associated_data
,
78 StringPiece plaintext
,
79 unsigned char* output
) {
80 if (nonce
.size() != nonce_prefix_size_
+ sizeof(QuicPacketSequenceNumber
)) {
84 size_t ciphertext_len
;
85 if (!EVP_AEAD_CTX_seal(
86 ctx_
.get(), output
, &ciphertext_len
,
87 plaintext
.size() + auth_tag_size_
,
88 reinterpret_cast<const uint8_t*>(nonce
.data()), nonce
.size(),
89 reinterpret_cast<const uint8_t*>(plaintext
.data()), plaintext
.size(),
90 reinterpret_cast<const uint8_t*>(associated_data
.data()),
91 associated_data
.size())) {
99 bool AeadBaseEncrypter::EncryptPacket(QuicPacketSequenceNumber sequence_number
,
100 StringPiece associated_data
,
101 StringPiece plaintext
,
103 size_t* output_length
,
104 size_t max_output_length
) {
105 size_t ciphertext_size
= GetCiphertextSize(plaintext
.length());
106 if (max_output_length
< ciphertext_size
) {
109 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
110 // same sequence number twice.
111 const size_t nonce_size
= nonce_prefix_size_
+ sizeof(sequence_number
);
112 memcpy(output
, nonce_prefix_
, nonce_prefix_size_
);
113 memcpy(output
+ nonce_prefix_size_
, &sequence_number
,
114 sizeof(sequence_number
));
115 if (!Encrypt(StringPiece(output
, nonce_size
), associated_data
, plaintext
,
116 reinterpret_cast<unsigned char*>(output
))) {
119 *output_length
= ciphertext_size
;
123 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_
; }
125 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
126 return nonce_prefix_size_
;
129 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size
) const {
130 return ciphertext_size
- auth_tag_size_
;
133 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size
) const {
134 return plaintext_size
+ auth_tag_size_
;
137 StringPiece
AeadBaseEncrypter::GetKey() const {
138 return StringPiece(reinterpret_cast<const char*>(key_
), key_size_
);
141 StringPiece
AeadBaseEncrypter::GetNoncePrefix() const {
142 if (nonce_prefix_size_
== 0) {
143 return StringPiece();
145 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_
),