search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[Android WebView] Fix webview perf bot switchover to use org.chromium.webview_shell...
[chromium-blink-merge.git] / net / quic / crypto / aead_base_encrypter_nss.cc
blobca2e2a9cca9d870de655c3b39f9aef7891c2c1e1
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4
5 #include "net/quic/crypto/aead_base_encrypter.h"
6
7 #include <pk11pub.h>
8
9 #include "base/memory/scoped_ptr.h"
10 #include "crypto/scoped_nss_types.h"
11
12 using base::StringPiece;
13
14 namespace net {
15
16 AeadBaseEncrypter::AeadBaseEncrypter(CK_MECHANISM_TYPE aead_mechanism,
17 PK11_EncryptFunction pk11_encrypt,
18 size_t key_size,
19 size_t auth_tag_size,
20 size_t nonce_prefix_size)
21 : aead_mechanism_(aead_mechanism),
22 pk11_encrypt_(pk11_encrypt),
23 key_size_(key_size),
24 auth_tag_size_(auth_tag_size),
25 nonce_prefix_size_(nonce_prefix_size) {
26 DCHECK_LE(key_size_, sizeof(key_));
27 DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_));
28 }
29
30 AeadBaseEncrypter::~AeadBaseEncrypter() {}
31
32 bool AeadBaseEncrypter::SetKey(StringPiece key) {
33 DCHECK_EQ(key.size(), key_size_);
34 if (key.size() != key_size_) {
35 return false;
36 }
37 memcpy(key_, key.data(), key.size());
38 return true;
39 }
40
41 bool AeadBaseEncrypter::SetNoncePrefix(StringPiece nonce_prefix) {
42 DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_);
43 if (nonce_prefix.size() != nonce_prefix_size_) {
44 return false;
45 }
46 memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size());
47 return true;
48 }
49
50 bool AeadBaseEncrypter::Encrypt(StringPiece nonce,
51 StringPiece associated_data,
52 StringPiece plaintext,
53 unsigned char* output) {
54 if (nonce.size() != nonce_prefix_size_ + sizeof(QuicPacketSequenceNumber)) {
55 return false;
56 }
57
58 size_t ciphertext_size = GetCiphertextSize(plaintext.length());
59
60 // Import key_ into NSS.
61 SECItem key_item;
62 key_item.type = siBuffer;
63 key_item.data = key_;
64 key_item.len = key_size_;
65 PK11SlotInfo* slot = PK11_GetInternalSlot();
66
67 // TODO(wtc): For an AES-GCM key, the correct value for |key_mechanism| is
68 // CKM_AES_GCM, but because of NSS bug
69 // https://bugzilla.mozilla.org/show_bug.cgi?id=853285, use CKM_AES_ECB as a
70 // workaround. Remove this when we require NSS 3.15.
71 CK_MECHANISM_TYPE key_mechanism = aead_mechanism_;
72 if (key_mechanism == CKM_AES_GCM) {
73 key_mechanism = CKM_AES_ECB;
74 }
75
76 // The exact value of the |origin| argument doesn't matter to NSS as long as
77 // it's not PK11_OriginFortezzaHack, so we pass PK11_OriginUnwrap as a
78 // placeholder.
79 crypto::ScopedPK11SymKey aead_key(PK11_ImportSymKey(
80 slot, key_mechanism, PK11_OriginUnwrap, CKA_ENCRYPT, &key_item, nullptr));
81 PK11_FreeSlot(slot);
82 slot = nullptr;
83 if (!aead_key) {
84 DVLOG(1) << "PK11_ImportSymKey failed";
85 return false;
86 }
87
88 AeadParams aead_params = {0};
89 FillAeadParams(nonce, associated_data, auth_tag_size_, &aead_params);
90
91 SECItem param;
92 param.type = siBuffer;
93 param.data = reinterpret_cast<unsigned char*>(&aead_params.data);
94 param.len = aead_params.len;
95
96 unsigned int output_len;
97 if (pk11_encrypt_(aead_key.get(), aead_mechanism_, &param,
98 output, &output_len, ciphertext_size,
99 reinterpret_cast<const unsigned char*>(plaintext.data()),
100 plaintext.size()) != SECSuccess) {
101 DVLOG(1) << "pk11_encrypt_ failed";
102 return false;
103 }
104
105 if (output_len != ciphertext_size) {
106 DVLOG(1) << "Wrong output length";
107 return false;
108 }
109
110 return true;
111 }
112
113 bool AeadBaseEncrypter::EncryptPacket(QuicPacketSequenceNumber sequence_number,
114 StringPiece associated_data,
115 StringPiece plaintext,
116 char* output,
117 size_t* output_length,
118 size_t max_output_length) {
119 size_t ciphertext_size = GetCiphertextSize(plaintext.length());
120 if (max_output_length < ciphertext_size) {
121 return false;
122 }
123 // TODO(ianswett): Introduce a check to ensure that we don't encrypt with the
124 // same sequence number twice.
125 const size_t nonce_size = nonce_prefix_size_ + sizeof(sequence_number);
126 memcpy(output, nonce_prefix_, nonce_prefix_size_);
127 memcpy(output + nonce_prefix_size_, &sequence_number,
128 sizeof(sequence_number));
129 if (!Encrypt(StringPiece(output, nonce_size), associated_data, plaintext,
130 reinterpret_cast<unsigned char*>(output))) {
131 return false;
132 }
133 *output_length = ciphertext_size;
134 return true;
135 }
136
137 size_t AeadBaseEncrypter::GetKeySize() const { return key_size_; }
138
139 size_t AeadBaseEncrypter::GetNoncePrefixSize() const {
140 return nonce_prefix_size_;
141 }
142
143 size_t AeadBaseEncrypter::GetMaxPlaintextSize(size_t ciphertext_size) const {
144 return ciphertext_size - auth_tag_size_;
145 }
146
147 size_t AeadBaseEncrypter::GetCiphertextSize(size_t plaintext_size) const {
148 return plaintext_size + auth_tag_size_;
149 }
150
151 StringPiece AeadBaseEncrypter::GetKey() const {
152 return StringPiece(reinterpret_cast<const char*>(key_), key_size_);
153 }
154
155 StringPiece AeadBaseEncrypter::GetNoncePrefix() const {
156 if (nonce_prefix_size_ == 0) {
157 return StringPiece();
158 }
159 return StringPiece(reinterpret_cast<const char*>(nonce_prefix_),
160 nonce_prefix_size_);
161 }
162
163 } // namespace net