1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/aead_base_encrypter.h"
7 #include <openssl/err.h>
8 #include <openssl/evp.h>
11 #include "base/memory/scoped_ptr.h"
13 using base::StringPiece
;
19 // Clear OpenSSL error stack.
20 void ClearOpenSslErrors() {
22 while (ERR_get_error()) {}
24 while (unsigned long error
= ERR_get_error()) {
26 ERR_error_string_n(error
, buf
, arraysize(buf
));
27 DLOG(ERROR
) << "OpenSSL error: " << buf
;
34 AeadBaseEncrypter::AeadBaseEncrypter(const EVP_AEAD
* aead_alg
,
37 size_t nonce_prefix_size
)
38 : aead_alg_(aead_alg
),
40 auth_tag_size_(auth_tag_size
),
41 nonce_prefix_size_(nonce_prefix_size
) {
42 DCHECK_LE(key_size_
, sizeof(key_
));
43 DCHECK_LE(nonce_prefix_size_
, sizeof(nonce_prefix_
));
46 AeadBaseEncrypter::~AeadBaseEncrypter() {}
48 bool AeadBaseEncrypter::SetKey(StringPiece key
) {
49 DCHECK_EQ(key
.size(), key_size_
);
50 if (key
.size() != key_size_
) {
53 memcpy(key_
, key
.data(), key
.size());
55 EVP_AEAD_CTX_cleanup(ctx_
.get());
57 if (!EVP_AEAD_CTX_init(ctx_
.get(), aead_alg_
, key_
, key_size_
,
58 auth_tag_size_
, NULL
)) {
66 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix
) {
67 DCHECK_EQ(nonce_prefix
.size(), nonce_prefix_size_
);
68 if (nonce_prefix
.size() != nonce_prefix_size_
) {
71 memcpy(nonce_prefix_
, nonce_prefix
.data(), nonce_prefix
.size());
75 bool AeadBaseEncrypter::Encrypt(StringPiece nonce
,
76 StringPiece associated_data
,
77 StringPiece plaintext
,
78 unsigned char* output
) {
79 if (nonce
.size() != nonce_prefix_size_
+ sizeof(QuicPacketSequenceNumber
)) {
83 ssize_t len
= EVP_AEAD_CTX_seal(
84 ctx_
.get(), output
, plaintext
.size() + auth_tag_size_
,
85 reinterpret_cast<const uint8_t*>(nonce
.data()), nonce
.size(),
86 reinterpret_cast<const uint8_t*>(plaintext
.data()), plaintext
.size(),
87 reinterpret_cast<const uint8_t*>(associated_data
.data()),
88 associated_data
.size());
98 QuicData
* AeadBaseEncrypter::EncryptPacket(
99 QuicPacketSequenceNumber sequence_number
,
100 StringPiece associated_data
,
101 StringPiece plaintext
) {
102 size_t ciphertext_size
= GetCiphertextSize(plaintext
.length());
103 scoped_ptr
<char[]> ciphertext(new char[ciphertext_size
]);
105 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
106 // same sequence number twice.
107 uint8 nonce
[sizeof(nonce_prefix_
) + sizeof(sequence_number
)];
108 const size_t nonce_size
= nonce_prefix_size_
+ sizeof(sequence_number
);
109 DCHECK_LE(nonce_size
, sizeof(nonce
));
110 memcpy(nonce
, nonce_prefix_
, nonce_prefix_size_
);
111 memcpy(nonce
+ nonce_prefix_size_
, &sequence_number
, sizeof(sequence_number
));
112 if (!Encrypt(StringPiece(reinterpret_cast<char*>(nonce
), nonce_size
),
113 associated_data
, plaintext
,
114 reinterpret_cast<unsigned char*>(ciphertext
.get()))) {
118 return new QuicData(ciphertext
.release(), ciphertext_size
, true);
121 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_
; }
123 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
124 return nonce_prefix_size_
;
127 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size
) const {
128 return ciphertext_size
- auth_tag_size_
;
131 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size
) const {
132 return plaintext_size
+ auth_tag_size_
;
135 StringPiece
AeadBaseEncrypter::GetKey() const {
136 return StringPiece(reinterpret_cast<const char*>(key_
), key_size_
);
139 StringPiece
AeadBaseEncrypter::GetNoncePrefix() const {
140 if (nonce_prefix_size_
== 0) {
141 return StringPiece();
143 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_
),
