1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_
6 #define NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_
10 #include "base/compiler_specific.h"
11 #include "net/quic/crypto/quic_decrypter.h"
13 #if defined(USE_OPENSSL)
14 #include "net/quic/crypto/scoped_evp_cipher_ctx.h"
20 class Aes128Gcm12DecrypterPeer;
23 // An Aes128Gcm12Decrypter is a QuicDecrypter that implements the
24 // AEAD_AES_128_GCM_12 algorithm specified in RFC 5282. Create an instance by
25 // calling QuicDecrypter::Create(kAESG).
27 // It uses an authentication tag of 12 bytes (96 bits). The fixed prefix
28 // of the nonce is four bytes.
29 class NET_EXPORT_PRIVATE Aes128Gcm12Decrypter : public QuicDecrypter {
32 // Authentication tags are truncated to 96 bits.
36 Aes128Gcm12Decrypter();
37 virtual ~Aes128Gcm12Decrypter();
39 // Returns true if the underlying crypto library supports AES GCM.
40 static bool IsSupported();
42 // QuicDecrypter implementation
43 virtual bool SetKey(base::StringPiece key) OVERRIDE;
44 virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
45 virtual bool Decrypt(base::StringPiece nonce,
46 base::StringPiece associated_data,
47 base::StringPiece ciphertext,
48 unsigned char* output,
49 size_t* output_length) OVERRIDE;
50 virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number,
51 base::StringPiece associated_data,
52 base::StringPiece ciphertext) OVERRIDE;
53 virtual base::StringPiece GetKey() const OVERRIDE;
54 virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
57 // The 128-bit AES key.
58 unsigned char key_[16];
60 unsigned char nonce_prefix_[4];
62 #if defined(USE_OPENSSL)
63 // TODO(rtenneti): when Chromium's version of OpenSSL has EVP_AEAD_CTX, merge
64 // internal CL 53267501.
65 ScopedEVPCipherCtx ctx_;
71 #endif // NET_QUIC_CRYPTO_AES_128_GCM_12_DECRYPTER_H_