net/quic/crypto/aes_128_gcm_12_decrypter_nss.cc

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h"
   6
   7 #include <pk11pub.h>
   8 #include <secerr.h>
   9
  10 #include "crypto/aes_128_gcm_helpers_nss.h"
  11
  12 using base::StringPiece;
  13
  14 namespace net {
  15
  16 namespace {
  17
  18 const size_t kKeySize = 16;
  19 const size_t kNoncePrefixSize = 4;
  20
  21 SECStatus My_Decrypt(PK11SymKey* key,
  22                      CK_MECHANISM_TYPE mechanism,
  23                      SECItem* param,
  24                      unsigned char* out,
  25                      unsigned int* out_len,
  26                      unsigned int max_len,
  27                      const unsigned char* data,
  28                      unsigned int data_len) {
  29   return crypto::PK11DecryptHelper(key, mechanism, param, out, out_len, max_len,
  30                                    data, data_len);
  31 }
  32
  33 }  // namespace
  34
  35 Aes128Gcm12Decrypter::Aes128Gcm12Decrypter()
  36     : AeadBaseDecrypter(CKM_AES_GCM, My_Decrypt, kKeySize, kAuthTagSize,
  37                         kNoncePrefixSize) {
  38   static_assert(kKeySize <= kMaxKeySize, "key size too big");
  39   static_assert(kNoncePrefixSize <= kMaxNoncePrefixSize,
  40                 "nonce prefix size too big");
  41 }
  42
  43 Aes128Gcm12Decrypter::~Aes128Gcm12Decrypter() {}
  44
  45 void Aes128Gcm12Decrypter::FillAeadParams(StringPiece nonce,
  46                                           const StringPiece& associated_data,
  47                                           size_t auth_tag_size,
  48                                           AeadParams* aead_params) const {
  49   aead_params->len = sizeof(aead_params->data.gcm_params);
  50   CK_GCM_PARAMS* gcm_params = &aead_params->data.gcm_params;
  51   gcm_params->pIv =
  52       reinterpret_cast<CK_BYTE*>(const_cast<char*>(nonce.data()));
  53   gcm_params->ulIvLen = nonce.size();
  54   gcm_params->pAAD =
  55       reinterpret_cast<CK_BYTE*>(const_cast<char*>(associated_data.data()));
  56   gcm_params->ulAADLen = associated_data.size();
  57   gcm_params->ulTagBits = auth_tag_size * 8;
  58 }
  59
  60 const char* Aes128Gcm12Decrypter::cipher_name() const {
  61   // TODO(rtenneti): Use TLS1_TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead
  62   // of hard coded string.
  63   // return TLS1_TXT_ECDHE_RSA_WITH_AES_128_GCM_SHA256;
  64   return "ECDHE-RSA-AES128-GCM-SHA256";
  65 }
  66
  67 uint32 Aes128Gcm12Decrypter::cipher_id() const {
  68   // TODO(rtenneti): when Chromium requires NSS 3.15.2 or later, use
  69   // TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 instead of 0xC02F.
  70   // Or'ed with 0x03000000 to match OpenSSL/BoringSSL implementations.
  71   return 0x03000000 | 0xC02F;
  72 }
  73
  74 }  // namespace net