src/net/quic/crypto/aead_base_decrypter.h

   1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
   6 #define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
   7
   8 #include "base/compiler_specific.h"
   9 #include "net/quic/crypto/quic_decrypter.h"
  10
  11 #if defined(USE_OPENSSL)
  12 #include "net/quic/crypto/scoped_evp_aead_ctx.h"
  13 #else
  14 #include <pkcs11t.h>
  15 #include <seccomon.h>
  16 typedef struct PK11SymKeyStr PK11SymKey;
  17 typedef SECStatus (*PK11_DecryptFunction)(
  18       PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
  19       unsigned char* out, unsigned int* outLen, unsigned int maxLen,
  20       const unsigned char* enc, unsigned encLen);
  21 #endif
  22
  23 namespace net {
  24
  25 // AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses.
  26 class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
  27  public:
  28 #if defined(USE_OPENSSL)
  29   AeadBaseDecrypter(const EVP_AEAD* aead_alg,
  30                     size_t key_size,
  31                     size_t auth_tag_size,
  32                     size_t nonce_prefix_size);
  33 #else
  34   AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
  35                     PK11_DecryptFunction pk11_decrypt,
  36                     size_t key_size,
  37                     size_t auth_tag_size,
  38                     size_t nonce_prefix_size);
  39 #endif
  40   ~AeadBaseDecrypter() override;
  41
  42   // QuicDecrypter implementation
  43   bool SetKey(base::StringPiece key) override;
  44   bool SetNoncePrefix(base::StringPiece nonce_prefix) override;
  45   bool Decrypt(base::StringPiece nonce,
  46                base::StringPiece associated_data,
  47                base::StringPiece ciphertext,
  48                unsigned char* output,
  49                size_t* output_length) override;
  50   QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number,
  51                           base::StringPiece associated_data,
  52                           base::StringPiece ciphertext) override;
  53   base::StringPiece GetKey() const override;
  54   base::StringPiece GetNoncePrefix() const override;
  55
  56  protected:
  57   // Make these constants available to the subclasses so that the subclasses
  58   // can assert at compile time their key_size_ and nonce_prefix_size_ do not
  59   // exceed the maximum.
  60   static const size_t kMaxKeySize = 32;
  61   static const size_t kMaxNoncePrefixSize = 4;
  62
  63 #if !defined(USE_OPENSSL)
  64   struct AeadParams {
  65     unsigned int len;
  66     union {
  67       CK_GCM_PARAMS gcm_params;
  68 #if !defined(USE_NSS)
  69       // USE_NSS means we are using system NSS rather than our copy of NSS.
  70       // The system NSS <pkcs11n.h> header doesn't define this type yet.
  71       CK_NSS_AEAD_PARAMS nss_aead_params;
  72 #endif
  73     } data;
  74   };
  75
  76   virtual void FillAeadParams(base::StringPiece nonce,
  77                               base::StringPiece associated_data,
  78                               size_t auth_tag_size,
  79                               AeadParams* aead_params) const = 0;
  80 #endif  // !defined(USE_OPENSSL)
  81
  82  private:
  83 #if defined(USE_OPENSSL)
  84   const EVP_AEAD* const aead_alg_;
  85 #else
  86   const CK_MECHANISM_TYPE aead_mechanism_;
  87   const PK11_DecryptFunction pk11_decrypt_;
  88 #endif
  89   const size_t key_size_;
  90   const size_t auth_tag_size_;
  91   const size_t nonce_prefix_size_;
  92
  93   // The key.
  94   unsigned char key_[kMaxKeySize];
  95   // The nonce prefix.
  96   unsigned char nonce_prefix_[kMaxNoncePrefixSize];
  97
  98 #if defined(USE_OPENSSL)
  99   ScopedEVPAEADCtx ctx_;
 100 #endif
 101
 102   DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter);
 103 };
 104
 105 }  // namespace net
 106
 107 #endif  // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_