search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Roll src/third_party/WebKit eac3800:0237a66 (svn 202606:202607)
[chromium-blink-merge.git] / net / quic / crypto / crypto_secret_boxer.cc
blob4e95442f3fffaf64f488f9e15ba02769f2a9b536
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/crypto_secret_boxer.h"
6
7 #include "base/logging.h"
8 #include "base/memory/scoped_ptr.h"
9 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
10 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h"
11 #include "net/quic/crypto/crypto_protocol.h"
12 #include "net/quic/crypto/quic_decrypter.h"
13 #include "net/quic/crypto/quic_encrypter.h"
14 #include "net/quic/crypto/quic_random.h"
15
16 using base::StringPiece;
17 using std::string;
18
19 namespace net {
20
21 // Defined kKeySize for GetKeySize() and SetKey().
22 static const size_t kKeySize = 16;
23
24 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.
25 // TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
26 //
27 // From agl@:
28 // 96-bit nonces are on the edge. An attacker who can collect 2^41
29 // source-address tokens has a 1% chance of finding a duplicate.
30 //
31 // The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens
32 // per second. So one day of that DDoS botnot would reach the 1% mark.
33 //
34 // It's not terrible, but it's not a "forget about it" margin.
35 static const size_t kBoxNonceSize = 12;
36
37 // static
38 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }
39
40 void CryptoSecretBoxer::SetKey(StringPiece key) {
41 DCHECK_EQ(kKeySize, key.size());
42 key_ = key.as_string();
43 }
44
45 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
46 scoped_ptr<Aes128Gcm12Encrypter> encrypter(new Aes128Gcm12Encrypter());
47 if (!encrypter->SetKey(key_)) {
48 DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed.";
49 return string();
50 }
51 size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
52
53 string ret;
54 const size_t len = kBoxNonceSize + ciphertext_size;
55 ret.resize(len);
56 char* data = &ret[0];
57
58 // Generate nonce.
59 rand->RandBytes(data, kBoxNonceSize);
60 memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());
61
62 if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(),
63 plaintext, reinterpret_cast<unsigned char*>(
64 data + kBoxNonceSize))) {
65 DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
66 return string();
67 }
68
69 return ret;
70 }
71
72 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
73 string* out_storage,
74 StringPiece* out) const {
75 if (ciphertext.size() < kBoxNonceSize) {
76 return false;
77 }
78
79 StringPiece nonce(ciphertext.data(), kBoxNonceSize);
80 ciphertext.remove_prefix(kBoxNonceSize);
81 QuicPacketNumber packet_number;
82 StringPiece nonce_prefix(nonce.data(), nonce.size() - sizeof(packet_number));
83 memcpy(&packet_number, nonce.data() + nonce_prefix.size(),
84 sizeof(packet_number));
85
86 scoped_ptr<Aes128Gcm12Decrypter> decrypter(new Aes128Gcm12Decrypter());
87 if (!decrypter->SetKey(key_)) {
88 DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed.";
89 return false;
90 }
91 decrypter->SetNoncePrefix(nonce_prefix);
92 char plaintext[kMaxPacketSize];
93 size_t plaintext_length = 0;
94 const bool success = decrypter->DecryptPacket(
95 packet_number, StringPiece() /* associated data */, ciphertext, plaintext,
96 &plaintext_length, kMaxPacketSize);
97 if (!success) {
98 return false;
99 }
100
101 out_storage->resize(plaintext_length);
102 out_storage->assign(plaintext, plaintext_length);
103 out->set(out_storage->data(), plaintext_length);
104 return true;
105 }
106
107 } // namespace net