diff options
Diffstat (limited to 'chromium/net/quic/crypto/aead_base_decrypter.h')
-rw-r--r-- | chromium/net/quic/crypto/aead_base_decrypter.h | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/chromium/net/quic/crypto/aead_base_decrypter.h b/chromium/net/quic/crypto/aead_base_decrypter.h new file mode 100644 index 00000000000..6257409f9fb --- /dev/null +++ b/chromium/net/quic/crypto/aead_base_decrypter.h @@ -0,0 +1,107 @@ +// Copyright (c) 2013 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ +#define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ + +#include "base/compiler_specific.h" +#include "net/quic/crypto/quic_decrypter.h" + +#if defined(USE_OPENSSL) +#include "net/quic/crypto/scoped_evp_aead_ctx.h" +#else +#include <pkcs11t.h> +#include <seccomon.h> +typedef struct PK11SymKeyStr PK11SymKey; +typedef SECStatus (*PK11_DecryptFunction)( + PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param, + unsigned char* out, unsigned int* outLen, unsigned int maxLen, + const unsigned char* enc, unsigned encLen); +#endif + +namespace net { + +// AeadBaseDecrypter is the base class of AEAD QuicDecrypter subclasses. +class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter { + public: +#if defined(USE_OPENSSL) + AeadBaseDecrypter(const EVP_AEAD* aead_alg, + size_t key_size, + size_t auth_tag_size, + size_t nonce_prefix_size); +#else + AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism, + PK11_DecryptFunction pk11_decrypt, + size_t key_size, + size_t auth_tag_size, + size_t nonce_prefix_size); +#endif + virtual ~AeadBaseDecrypter(); + + // QuicDecrypter implementation + virtual bool SetKey(base::StringPiece key) OVERRIDE; + virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE; + virtual bool Decrypt(base::StringPiece nonce, + base::StringPiece associated_data, + base::StringPiece ciphertext, + unsigned char* output, + size_t* output_length) OVERRIDE; + virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number, + base::StringPiece associated_data, + base::StringPiece ciphertext) OVERRIDE; + virtual base::StringPiece GetKey() const OVERRIDE; + virtual base::StringPiece GetNoncePrefix() const OVERRIDE; + + protected: + // Make these constants available to the subclasses so that the subclasses + // can assert at compile time their key_size_ and nonce_prefix_size_ do not + // exceed the maximum. + static const size_t kMaxKeySize = 32; + static const size_t kMaxNoncePrefixSize = 4; + +#if !defined(USE_OPENSSL) + struct AeadParams { + unsigned int len; + union { + CK_GCM_PARAMS gcm_params; +#if !defined(USE_NSS) + // USE_NSS means we are using system NSS rather than our copy of NSS. + // The system NSS <pkcs11n.h> header doesn't define this type yet. + CK_NSS_AEAD_PARAMS nss_aead_params; +#endif + } data; + }; + + virtual void FillAeadParams(base::StringPiece nonce, + base::StringPiece associated_data, + size_t auth_tag_size, + AeadParams* aead_params) const = 0; +#endif // !defined(USE_OPENSSL) + + private: +#if defined(USE_OPENSSL) + const EVP_AEAD* const aead_alg_; +#else + const CK_MECHANISM_TYPE aead_mechanism_; + const PK11_DecryptFunction pk11_decrypt_; +#endif + const size_t key_size_; + const size_t auth_tag_size_; + const size_t nonce_prefix_size_; + + // The key. + unsigned char key_[kMaxKeySize]; + // The nonce prefix. + unsigned char nonce_prefix_[kMaxNoncePrefixSize]; + +#if defined(USE_OPENSSL) + ScopedEVPAEADCtx ctx_; +#endif + + DISALLOW_COPY_AND_ASSIGN(AeadBaseDecrypter); +}; + +} // namespace net + +#endif // NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_ |