search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Merge Chromium + Blink git repositories
[chromium-blink-merge.git] / net / quic / crypto / aead_base_encrypter.h
blob869cc43dadef7a14b1db4f2c7ee27a44d05de7c6
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
6 #define NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_
7
8 #include "base/compiler_specific.h"
9 #include "net/quic/crypto/quic_encrypter.h"
10
11 #if defined(USE_OPENSSL)
12 #include "net/quic/crypto/scoped_evp_aead_ctx.h"
13 #else
14 #include <pkcs11t.h>
15 #include <seccomon.h>
16 typedef struct PK11SymKeyStr PK11SymKey;
17 typedef SECStatus (*PK11_EncryptFunction)(
18 PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
19 unsigned char* out, unsigned int* outLen, unsigned int maxLen,
20 const unsigned char* data, unsigned int dataLen);
21 #endif
22
23 namespace net {
24
25 // AeadBaseEncrypter is the base class of AEAD QuicEncrypter subclasses.
26 class NET_EXPORT_PRIVATE AeadBaseEncrypter : public QuicEncrypter {
27 public:
28 #if defined(USE_OPENSSL)
29 AeadBaseEncrypter(const EVP_AEAD* aead_alg,
30 size_t key_size,
31 size_t auth_tag_size,
32 size_t nonce_prefix_size);
33 #else
34 AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
35 PK11_EncryptFunction pk11_encrypt,
36 size_t key_size,
37 size_t auth_tag_size,
38 size_t nonce_prefix_size);
39 #endif
40 ~AeadBaseEncrypter() override;
41
42 // QuicEncrypter implementation
43 bool SetKey(base::StringPiece key) override;
44 bool SetNoncePrefix(base::StringPiece nonce_prefix) override;
45 bool EncryptPacket(QuicPacketNumber packet_number,
46 base::StringPiece associated_data,
47 base::StringPiece plaintext,
48 char* output,
49 size_t* output_length,
50 size_t max_output_length) override;
51 size_t GetKeySize() const override;
52 size_t GetNoncePrefixSize() const override;
53 size_t GetMaxPlaintextSize(size_t ciphertext_size) const override;
54 size_t GetCiphertextSize(size_t plaintext_size) const override;
55 base::StringPiece GetKey() const override;
56 base::StringPiece GetNoncePrefix() const override;
57
58 // Necessary so unit tests can explicitly specify a nonce, instead of a
59 // nonce prefix and packet number.
60 bool Encrypt(base::StringPiece nonce,
61 base::StringPiece associated_data,
62 base::StringPiece plaintext,
63 unsigned char* output);
64
65 protected:
66 // Make these constants available to the subclasses so that the subclasses
67 // can assert at compile time their key_size_ and nonce_prefix_size_ do not
68 // exceed the maximum.
69 static const size_t kMaxKeySize = 32;
70 static const size_t kMaxNoncePrefixSize = 4;
71
72 #if !defined(USE_OPENSSL)
73 struct AeadParams {
74 unsigned int len;
75 union {
76 CK_GCM_PARAMS gcm_params;
77 #if !defined(USE_NSS_CERTS)
78 // USE_NSS_CERTS implies we are using system NSS rather than our copy of
79 // NSS. The system NSS <pkcs11n.h> header doesn't define this type yet.
80 CK_NSS_AEAD_PARAMS nss_aead_params;
81 #endif
82 } data;
83 };
84
85 virtual void FillAeadParams(base::StringPiece nonce,
86 base::StringPiece associated_data,
87 size_t auth_tag_size,
88 AeadParams* aead_params) const = 0;
89 #endif
90
91 private:
92 #if defined(USE_OPENSSL)
93 const EVP_AEAD* const aead_alg_;
94 #else
95 const CK_MECHANISM_TYPE aead_mechanism_;
96 const PK11_EncryptFunction pk11_encrypt_;
97 #endif
98 const size_t key_size_;
99 const size_t auth_tag_size_;
100 const size_t nonce_prefix_size_;
101
102 // The key.
103 unsigned char key_[kMaxKeySize];
104 // The nonce prefix.
105 unsigned char nonce_prefix_[kMaxNoncePrefixSize];
106
107 #if defined(USE_OPENSSL)
108 ScopedEVPAEADCtx ctx_;
109 #endif
110
111 DISALLOW_COPY_AND_ASSIGN(AeadBaseEncrypter);
112 };
113
114 } // namespace net
115
116 #endif // NET_QUIC_CRYPTO_AEAD_BASE_ENCRYPTER_H_