net/quic/crypto/aead_base_encrypter_openssl.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/aead_base_encrypter.h"
   6
   7 #include <openssl/err.h>
   8 #include <openssl/evp.h>
   9 #include <string.h>
  10
  11 #include "base/memory/scoped_ptr.h"
  12
  13 using base::StringPiece;
  14
  15 namespace net {
  16
  17 namespace {
  18
  19 // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error
  20 // stack.
  21 void DLogOpenSslErrors() {
  22 #ifdef NDEBUG
  23   while (ERR_get_error()) {}
  24 #else
  25   while (unsigned long error = ERR_get_error()) {
  26     char buf[120];
  27     ERR_error_string_n(error, buf, arraysize(buf));
  28     DLOG(ERROR) << "OpenSSL error: " << buf;
  29   }
  30 #endif
  31 }
  32
  33 }  // namespace
  34
  35 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD* aead_alg,
  36                                      size_t key_size,
  37                                      size_t auth_tag_size,
  38                                      size_t nonce_prefix_size)
  39     : aead_alg_(aead_alg),
  40       key_size_(key_size),
  41       auth_tag_size_(auth_tag_size),
  42       nonce_prefix_size_(nonce_prefix_size) {
  43   DCHECK_LE(key_size_, sizeof(key_));
  44   DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
  45 }
  46
  47 AeadBaseEncrypter::~AeadBaseEncrypter() {}
  48
  49 bool AeadBaseEncrypter::SetKey(StringPiece key) {
  50   DCHECK_EQ(key.size(), key_size_);
  51   if (key.size() != key_size_) {
  52     return false;
  53   }
  54   memcpy(key_, key.data(), key.size());
  55
  56   EVP_AEAD_CTX_cleanup(ctx_.get());
  57
  58   if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
  59                          auth_tag_size_, nullptr)) {
  60     DLogOpenSslErrors();
  61     return false;
  62   }
  63
  64   return true;
  65 }
  66
  67 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) {
  68   DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
  69   if (nonce_prefix.size() != nonce_prefix_size_) {
  70     return false;
  71   }
  72   memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
  73   return true;
  74 }
  75
  76 bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
  77                                 StringPiece associated_data,
  78                                 StringPiece plaintext,
  79                                 unsigned char* output) {
  80   if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketNumber)) {
  81     return false;
  82   }
  83
  84   size_t ciphertext_len;
  85   if (!EVP_AEAD_CTX_seal(
  86           ctx_.get(), output, &ciphertext_len,
  87           plaintext.size() + auth_tag_size_,
  88           reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(),
  89           reinterpret_cast<const uint8_t*>(plaintext.data()), plaintext.size(),
  90           reinterpret_cast<const uint8_t*>(associated_data.data()),
  91           associated_data.size())) {
  92     DLogOpenSslErrors();
  93     return false;
  94   }
  95
  96   return true;
  97 }
  98
  99 bool AeadBaseEncrypter::EncryptPacket(QuicPacketNumber packet_number,
 100                                       StringPiece associated_data,
 101                                       StringPiece plaintext,
 102                                       char* output,
 103                                       size_t* output_length,
 104                                       size_t max_output_length) {
 105   size_t ciphertext_size = GetCiphertextSize(plaintext.length());
 106   if (max_output_length < ciphertext_size) {
 107     return false;
 108   }
 109   // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
 110   // same packet number twice.
 111   const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number);
 112   memcpy(output, nonce_prefix_, nonce_prefix_size_);
 113   memcpy(output + nonce_prefix_size_, &packet_number, sizeof(packet_number));
 114   if (!Encrypt(StringPiece(output, nonce_size), associated_data, plaintext,
 115                reinterpret_cast<unsigned char*>(output))) {
 116     return false;
 117   }
 118   *output_length = ciphertext_size;
 119   return true;
 120 }
 121
 122 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; }
 123
 124 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
 125   return nonce_prefix_size_;
 126 }
 127
 128 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const {
 129   return ciphertext_size - auth_tag_size_;
 130 }
 131
 132 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const {
 133   return plaintext_size + auth_tag_size_;
 134 }
 135
 136 StringPiece AeadBaseEncrypter::GetKey() const {
 137   return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
 138 }
 139
 140 StringPiece AeadBaseEncrypter::GetNoncePrefix() const {
 141   if (nonce_prefix_size_ == 0) {
 142     return StringPiece();
 143   }
 144   return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
 145                      nonce_prefix_size_);
 146 }
 147
 148 }  // namespace net