diff options
Diffstat (limited to 'chromium/net/quic/crypto/crypto_secret_boxer.cc')
-rw-r--r-- | chromium/net/quic/crypto/crypto_secret_boxer.cc | 78 |
1 files changed, 44 insertions, 34 deletions
diff --git a/chromium/net/quic/crypto/crypto_secret_boxer.cc b/chromium/net/quic/crypto/crypto_secret_boxer.cc index 73562c638bc..5d8a11b27a3 100644 --- a/chromium/net/quic/crypto/crypto_secret_boxer.cc +++ b/chromium/net/quic/crypto/crypto_secret_boxer.cc @@ -6,8 +6,9 @@ #include "base/logging.h" #include "base/memory/scoped_ptr.h" -#include "crypto/secure_hash.h" -#include "crypto/sha2.h" +#include "net/quic/crypto/crypto_protocol.h" +#include "net/quic/crypto/quic_decrypter.h" +#include "net/quic/crypto/quic_encrypter.h" #include "net/quic/crypto/quic_random.h" using base::StringPiece; @@ -19,21 +20,36 @@ namespace net { static const size_t kKeySize = 16; // kBoxNonceSize contains the number of bytes of nonce that we use in each box. -static const size_t kBoxNonceSize = 16; +// TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes. +// +// From agl@: +// 96-bit nonces are on the edge. An attacker who can collect 2^41 +// source-address tokens has a 1% chance of finding a duplicate. +// +// The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens +// per second. So one day of that DDoS botnot would reach the 1% mark. +// +// It's not terrible, but it's not a "forget about it" margin. +static const size_t kBoxNonceSize = 12; // static size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; } void CryptoSecretBoxer::SetKey(StringPiece key) { - DCHECK_EQ(static_cast<size_t>(kKeySize), key.size()); + DCHECK_EQ(kKeySize, key.size()); key_ = key.as_string(); } -// TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Encrypter to Box the -// plaintext. This is temporary solution for tests to pass. string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { + scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG)); + if (!encrypter->SetKey(key_)) { + DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed."; + return string(); + } + size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length()); + string ret; - const size_t len = kBoxNonceSize + plaintext.size() + crypto::kSHA256Length; + const size_t len = kBoxNonceSize + ciphertext_size; ret.resize(len); char* data = &ret[0]; @@ -41,49 +57,43 @@ string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const { rand->RandBytes(data, kBoxNonceSize); memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size()); - // Compute sha256 for nonce + plaintext. - scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create( - crypto::SecureHash::SHA256)); - sha256->Update(data, kBoxNonceSize + plaintext.size()); - sha256->Finish(data + kBoxNonceSize + plaintext.size(), - crypto::kSHA256Length); + if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(), + plaintext, reinterpret_cast<unsigned char*>( + data + kBoxNonceSize))) { + DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed."; + return string(); + } return ret; } -// TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Decrypter to Unbox -// the plaintext. This is temporary solution for tests to pass. bool CryptoSecretBoxer::Unbox(StringPiece ciphertext, string* out_storage, StringPiece* out) const { - if (ciphertext.size() < kBoxNonceSize + crypto::kSHA256Length) { + if (ciphertext.size() < kBoxNonceSize) { return false; } - const size_t plaintext_len = - ciphertext.size() - kBoxNonceSize - crypto::kSHA256Length; - out_storage->resize(plaintext_len); + char nonce[kBoxNonceSize]; + memcpy(nonce, ciphertext.data(), kBoxNonceSize); + ciphertext.remove_prefix(kBoxNonceSize); + + size_t len = ciphertext.size(); + out_storage->resize(len); char* data = const_cast<char*>(out_storage->data()); - // Copy plaintext from ciphertext. - if (plaintext_len != 0) { - memcpy(data, ciphertext.data() + kBoxNonceSize, plaintext_len); + scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG)); + if (!decrypter->SetKey(key_)) { + DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed."; + return false; } - - // Compute sha256 for nonce + plaintext. - scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create( - crypto::SecureHash::SHA256)); - sha256->Update(ciphertext.data(), ciphertext.size() - crypto::kSHA256Length); - char sha256_bytes[crypto::kSHA256Length]; - sha256->Finish(sha256_bytes, sizeof(sha256_bytes)); - - // Verify sha256. - if (0 != memcmp(ciphertext.data() + ciphertext.size() - crypto::kSHA256Length, - sha256_bytes, crypto::kSHA256Length)) { + if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), StringPiece(), + ciphertext, reinterpret_cast<unsigned char*>(data), + &len)) { return false; } - out->set(data, plaintext_len); + out->set(data, len); return true; } |