Pin Chrome's shortcut to the Win10 Start menu on install and OS upgrade.
[chromium-blink-merge.git] / net / quic / crypto / aes_128_gcm_12_decrypter_nss.cc
blobfd14456022189d72f4d78e41fb8db6bd6a4f1e59
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
7 #include <pk11pub.h>
8 #include <secerr.h>
10 #include "crypto/aes_128_gcm_helpers_nss.h"
12 using base::StringPiece;
14 namespace net {
16 namespace {
18 const size_t kKeySize = 16;
19 const size_t kNoncePrefixSize = 4;
21 SECStatus My_Decrypt(PK11SymKey* key,
22 CK_MECHANISM_TYPE mechanism,
23 SECItem* param,
24 unsigned char* out,
25 unsigned int* out_len,
26 unsigned int max_len,
27 const unsigned char* data,
28 unsigned int data_len) {
29 return crypto::PK11DecryptHelper(key, mechanism, param, out, out_len, max_len,
30 data, data_len);
33 } // namespace
35 Aes128Gcm12Decrypter::Aes128Gcm12Decrypter()
36 : AeadBaseDecrypter(CKM_AES_GCM, My_Decrypt, kKeySize, kAuthTagSize,
37 kNoncePrefixSize) {
38 static_assert(kKeySize <= kMaxKeySize, "key size too big");
39 static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
40 "nonce prefix size too big");
43 Aes128Gcm12Decrypter::~Aes128Gcm12Decrypter() {}
45 void Aes128Gcm12Decrypter::FillAeadParams(StringPiece nonce,
46 const StringPiece& associated_data,
47 size_t auth_tag_size,
48 AeadParams* aead_params) const {
49 aead_params->len = sizeof(aead_params->data.gcm_params);
50 CK_GCM_PARAMS* gcm_params = &aead_params->data.gcm_params;
51 gcm_params->pIv =
52 reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data()));
53 gcm_params->ulIvLen = nonce.size();
54 gcm_params->pAAD =
55 reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data()));
56 gcm_params->ulAADLen = associated_data.size();
57 gcm_params->ulTagBits = auth_tag_size * 8;
60 const char* Aes128Gcm12Decrypter::cipher_name() const {
61 // TODO(rtenneti): Use TLS1_TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead
62 // of hard coded string.
63 // return TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
64 return "ECDHE-RSA-AES128-GCM-SHA256";
67 uint32 Aes128Gcm12Decrypter::cipher_id() const {
68 // TODO(rtenneti): when Chromium requires NSS 3.15.2 or later, use
69 // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead of 0xC02F.
70 // Or'ed with 0x03000000 to match OpenSSL/BoringSSL implementations.
71 return 0x03000000 | 0xC02F;
74 } // namespace net