net/quic/crypto/aead_base_decrypter_openssl.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/aead_base_decrypter.h"
   6
   7 #include <openssl/err.h>
   8 #include <openssl/evp.h>
   9
  10 #include "base/memory/scoped_ptr.h"
  11
  12 using base::StringPiece;
  13
  14 namespace net {
  15
  16 namespace {
  17
  18 // Clear OpenSSL error stack.
  19 void ClearOpenSslErrors() {
  20 #ifdef NDEBUG
  21   while (ERR_get_error()) {}
  22 #else
  23   while (unsigned long error = ERR_get_error()) {
  24     char buf[120];
  25     ERR_error_string_n(error, buf, arraysize(buf));
  26     DLOG(ERROR) << "OpenSSL error: " << buf;
  27   }
  28 #endif
  29 }
  30
  31 }  // namespace
  32
  33 AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg,
  34                                      size_t key_size,
  35                                      size_t auth_tag_size,
  36                                      size_t nonce_prefix_size)
  37     : aead_alg_(aead_alg),
  38       key_size_(key_size),
  39       auth_tag_size_(auth_tag_size),
  40       nonce_prefix_size_(nonce_prefix_size) {
  41   DCHECK_LE(key_size_, sizeof(key_));
  42   DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
  43 }
  44
  45 AeadBaseDecrypter::~AeadBaseDecrypter() {}
  46
  47 bool AeadBaseDecrypter::SetKey(StringPiece key) {
  48   DCHECK_EQ(key.size(), key_size_);
  49   if (key.size() != key_size_) {
  50     return false;
  51   }
  52   memcpy(key_, key.data(), key.size());
  53
  54   EVP_AEAD_CTX_cleanup(ctx_.get());
  55   if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_,
  56                          auth_tag_size_, NULL)) {
  57     ClearOpenSslErrors();
  58     return false;
  59   }
  60
  61   return true;
  62 }
  63
  64 bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) {
  65   DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
  66   if (nonce_prefix.size() != nonce_prefix_size_) {
  67     return false;
  68   }
  69   memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
  70   return true;
  71 }
  72
  73 bool AeadBaseDecrypter::Decrypt(StringPiece nonce,
  74                                 StringPiece associated_data,
  75                                 StringPiece ciphertext,
  76                                 uint8* output,
  77                                 size_t* output_length) {
  78   if (ciphertext.length() < auth_tag_size_ ||
  79       nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
  80     return false;
  81   }
  82
  83   ssize_t len = EVP_AEAD_CTX_open(
  84       ctx_.get(), output, ciphertext.size(),
  85       reinterpret_cast<const uint8_t*>(nonce.data()), nonce.size(),
  86       reinterpret_cast<const uint8_t*>(ciphertext.data()), ciphertext.size(),
  87       reinterpret_cast<const uint8_t*>(associated_data.data()),
  88       associated_data.size());
  89
  90   if (len < 0) {
  91     ClearOpenSslErrors();
  92     return false;
  93   }
  94
  95   *output_length = len;
  96   return true;
  97 }
  98
  99 QuicData* AeadBaseDecrypter::DecryptPacket(
 100     QuicPacketSequenceNumber sequence_number,
 101     StringPiece associated_data,
 102     StringPiece ciphertext) {
 103   if (ciphertext.length() < auth_tag_size_) {
 104     return NULL;
 105   }
 106   size_t plaintext_size = ciphertext.length();
 107   scoped_ptr<char[]> plaintext(new char[plaintext_size]);
 108
 109   uint8 nonce[sizeof(nonce_prefix_) + sizeof(sequence_number)];
 110   const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
 111   DCHECK_LE(nonce_size, sizeof(nonce));
 112   memcpy(nonce, nonce_prefix_, nonce_prefix_size_);
 113   memcpy(nonce + nonce_prefix_size_, &sequence_number, sizeof(sequence_number));
 114   if (!Decrypt(StringPiece(reinterpret_cast<char*>(nonce), nonce_size),
 115                associated_data, ciphertext,
 116                reinterpret_cast<uint8*>(plaintext.get()),
 117                &plaintext_size)) {
 118     return NULL;
 119   }
 120   return new QuicData(plaintext.release(), plaintext_size, true);
 121 }
 122
 123 StringPiece AeadBaseDecrypter::GetKey() const {
 124   return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
 125 }
 126
 127 StringPiece AeadBaseDecrypter::GetNoncePrefix() const {
 128   if (nonce_prefix_size_ == 0) {
 129     return StringPiece();
 130   }
 131   return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
 132                      nonce_prefix_size_);
 133 }
 134
 135 }  // namespace net