1 files changed, 44 insertions, 34 deletions

diff --git a/chromium/net/quic/crypto/crypto_secret_boxer.cc b/chromium/net/quic/crypto/crypto_secret_boxer.cc
index 73562c638bc..5d8a11b27a3 100644
--- a/chromium/net/quic/crypto/crypto_secret_boxer.cc
+++ b/chromium/net/quic/crypto/crypto_secret_boxer.cc
@@ -6,8 +6,9 @@
 
 #include "base/logging.h"
 #include "base/memory/scoped_ptr.h"
-#include "crypto/secure_hash.h"
-#include "crypto/sha2.h"
+#include "net/quic/crypto/crypto_protocol.h"
+#include "net/quic/crypto/quic_decrypter.h"
+#include "net/quic/crypto/quic_encrypter.h"
 #include "net/quic/crypto/quic_random.h"
 
 using base::StringPiece;
@@ -19,21 +20,36 @@ namespace net {
 static const size_t kKeySize = 16;
 
 // kBoxNonceSize contains the number of bytes of nonce that we use in each box.
-static const size_t kBoxNonceSize = 16;
+// TODO(rtenneti): Add support for kBoxNonceSize to be 16 bytes.
+//
+// From agl@:
+//   96-bit nonces are on the edge. An attacker who can collect 2^41
+//   source-address tokens has a 1% chance of finding a duplicate.
+//
+//   The "average" DDoS is now 32.4M PPS. That's 2^25 source-address tokens
+//   per second. So one day of that DDoS botnot would reach the 1% mark.
+//
+//   It's not terrible, but it's not a "forget about it" margin.
+static const size_t kBoxNonceSize = 12;
 
 // static
 size_t CryptoSecretBoxer::GetKeySize() { return kKeySize; }
 
 void CryptoSecretBoxer::SetKey(StringPiece key) {
-  DCHECK_EQ(static_cast<size_t>(kKeySize), key.size());
+  DCHECK_EQ(kKeySize, key.size());
   key_ = key.as_string();
 }
 
-// TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Encrypter to Box the
-// plaintext. This is temporary solution for tests to pass.
 string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
+  scoped_ptr<QuicEncrypter> encrypter(QuicEncrypter::Create(kAESG));
+  if (!encrypter->SetKey(key_)) {
+    DLOG(DFATAL) << "CryptoSecretBoxer's encrypter->SetKey failed.";
+    return string();
+  }
+  size_t ciphertext_size = encrypter->GetCiphertextSize(plaintext.length());
+
   string ret;
-  const size_t len = kBoxNonceSize + plaintext.size() + crypto::kSHA256Length;
+  const size_t len = kBoxNonceSize + ciphertext_size;
   ret.resize(len);
   char* data = &ret[0];
 
@@ -41,49 +57,43 @@ string CryptoSecretBoxer::Box(QuicRandom* rand, StringPiece plaintext) const {
   rand->RandBytes(data, kBoxNonceSize);
   memcpy(data + kBoxNonceSize, plaintext.data(), plaintext.size());
 
-  // Compute sha256 for nonce + plaintext.
-  scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create(
-      crypto::SecureHash::SHA256));
-  sha256->Update(data, kBoxNonceSize + plaintext.size());
-  sha256->Finish(data + kBoxNonceSize + plaintext.size(),
-                 crypto::kSHA256Length);
+  if (!encrypter->Encrypt(StringPiece(data, kBoxNonceSize), StringPiece(),
+                          plaintext, reinterpret_cast<unsigned char*>(
+                                         data + kBoxNonceSize))) {
+    DLOG(DFATAL) << "CryptoSecretBoxer's Encrypt failed.";
+    return string();
+  }
 
   return ret;
 }
 
-// TODO(rtenneti): Delete sha256 based code. Use Aes128Gcm12Decrypter to Unbox
-// the plaintext. This is temporary solution for tests to pass.
 bool CryptoSecretBoxer::Unbox(StringPiece ciphertext,
                               string* out_storage,
                               StringPiece* out) const {
-  if (ciphertext.size() < kBoxNonceSize + crypto::kSHA256Length) {
+  if (ciphertext.size() < kBoxNonceSize) {
     return false;
   }
 
-  const size_t plaintext_len =
-      ciphertext.size() - kBoxNonceSize - crypto::kSHA256Length;
-  out_storage->resize(plaintext_len);
+  char nonce[kBoxNonceSize];
+  memcpy(nonce, ciphertext.data(), kBoxNonceSize);
+  ciphertext.remove_prefix(kBoxNonceSize);
+
+  size_t len = ciphertext.size();
+  out_storage->resize(len);
   char* data = const_cast<char*>(out_storage->data());
 
-  // Copy plaintext from ciphertext.
-  if (plaintext_len != 0) {
-    memcpy(data, ciphertext.data() + kBoxNonceSize, plaintext_len);
+  scoped_ptr<QuicDecrypter> decrypter(QuicDecrypter::Create(kAESG));
+  if (!decrypter->SetKey(key_)) {
+    DLOG(DFATAL) << "CryptoSecretBoxer's decrypter->SetKey failed.";
+    return false;
   }
-
-  // Compute sha256 for nonce + plaintext.
-  scoped_ptr<crypto::SecureHash> sha256(crypto::SecureHash::Create(
-      crypto::SecureHash::SHA256));
-  sha256->Update(ciphertext.data(), ciphertext.size() - crypto::kSHA256Length);
-  char sha256_bytes[crypto::kSHA256Length];
-  sha256->Finish(sha256_bytes, sizeof(sha256_bytes));
-
-  // Verify sha256.
-  if (0 != memcmp(ciphertext.data() + ciphertext.size() - crypto::kSHA256Length,
-                  sha256_bytes, crypto::kSHA256Length)) {
+  if (!decrypter->Decrypt(StringPiece(nonce, kBoxNonceSize), StringPiece(),
+                          ciphertext, reinterpret_cast<unsigned char*>(data),
+                          &len)) {
     return false;
   }
 
-  out->set(data, plaintext_len);
+  out->set(data, len);
   return true;
 }