diff options
author | jdonnelly <jdonnelly@chromium.org> | 2015-04-24 14:31:02 -0700 |
---|---|---|
committer | Commit bot <commit-bot@chromium.org> | 2015-04-24 21:31:08 +0000 |
commit | 7f606b38af8a2897d0490ede6f1e745c31523409 (patch) | |
tree | 83231565d620c6141d89c931556ecafb0ff8a41b /crypto | |
parent | f57a7bbada10a659c251400a0d400dc4efe79f31 (diff) | |
download | chromium_src-7f606b38af8a2897d0490ede6f1e745c31523409.zip chromium_src-7f606b38af8a2897d0490ede6f1e745c31523409.tar.gz chromium_src-7f606b38af8a2897d0490ede6f1e745c31523409.tar.bz2 |
Revert of Encrypt certificate reports before uploading to HTTP URLs (patchset #20 id:400001 of https://codereview.chromium.org/1083493003/)
Reason for revert:
This CL broke the Win8 GN bot:
http://build.chromium.org/p/chromium.win/builders/Win8%20GN/builds/6514
Original issue's description:
> Encrypt certificate reports before uploading to HTTP URLs
>
> This CL introduces a new protobuf to store encrypted
> CertLoggerRequests. Serialized certificate reports are encrypted with an
> AES-CTR-128-HMAC-SHA256 AEAD (from BoringSSL, thus encrypted reports are
> only supported on BoringSSL platforms) before being uploaded to HTTP
> endpoints. |CertificateErrorReporter::IsHttpUploadUrlSupported| allows
> users of the class to set an HTTP URL if supported.
>
> BUG=461590
>
> Committed: https://crrev.com/0a3351c2a7c81284f82e6531380a21d079f55056
> Cr-Commit-Position: refs/heads/master@{#326876}
TBR=agl@chromium.org,felt@chromium.org,mattm@chromium.org,estark@chromium.org
NOPRESUBMIT=true
NOTREECHECKS=true
NOTRY=true
BUG=461590
Review URL: https://codereview.chromium.org/1073913004
Cr-Commit-Position: refs/heads/master@{#326878}
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/aead_openssl.cc | 125 | ||||
-rw-r--r-- | crypto/aead_openssl.h | 48 | ||||
-rw-r--r-- | crypto/aead_openssl_unittest.cc | 54 | ||||
-rw-r--r-- | crypto/crypto.gyp | 3 | ||||
-rw-r--r-- | crypto/crypto.gypi | 2 |
5 files changed, 0 insertions, 232 deletions
diff --git a/crypto/aead_openssl.cc b/crypto/aead_openssl.cc deleted file mode 100644 index e32168a..0000000 --- a/crypto/aead_openssl.cc +++ /dev/null @@ -1,125 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/aead_openssl.h" - -#if defined(USE_OPENSSL) - -#include <openssl/aes.h> -#include <openssl/evp.h> -#include <string> - -#include "base/basictypes.h" -#include "base/strings/string_util.h" -#include "crypto/openssl_util.h" - -namespace crypto { - -Aead::Aead(AeadAlgorithm algorithm) : key_(nullptr) { - EnsureOpenSSLInit(); - switch (algorithm) { - case AES_128_CTR_HMAC_SHA256: - aead_ = EVP_aead_aes_128_ctr_hmac_sha256(); - break; - } -} - -Aead::~Aead() { -} - -void Aead::Init(const std::string* key) { - DCHECK(!key_); - DCHECK_EQ(KeyLength(), key->size()); - key_ = key; -} - -bool Aead::Seal(const base::StringPiece& plaintext, - const base::StringPiece& nonce, - const base::StringPiece& additional_data, - std::string* ciphertext) const { - DCHECK(key_); - DCHECK_EQ(NonceLength(), nonce.size()); - EVP_AEAD_CTX ctx; - - if (!EVP_AEAD_CTX_init(&ctx, aead_, - reinterpret_cast<const uint8*>(key_->data()), - key_->size(), EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr)) { - return false; - } - - std::string result; - const size_t max_output_length = - EVP_AEAD_max_overhead(aead_) + plaintext.size(); - size_t output_length; - uint8* out_ptr = - reinterpret_cast<uint8*>(WriteInto(&result, max_output_length + 1)); - - if (!EVP_AEAD_CTX_seal( - &ctx, out_ptr, &output_length, max_output_length, - reinterpret_cast<const uint8*>(nonce.data()), nonce.size(), - reinterpret_cast<const uint8*>(plaintext.data()), plaintext.size(), - reinterpret_cast<const uint8*>(additional_data.data()), - additional_data.size())) { - EVP_AEAD_CTX_cleanup(&ctx); - return false; - } - - DCHECK_LE(output_length, max_output_length); - result.resize(output_length); - - ciphertext->swap(result); - EVP_AEAD_CTX_cleanup(&ctx); - - return true; -} - -bool Aead::Open(const base::StringPiece& ciphertext, - const base::StringPiece& nonce, - const base::StringPiece& additional_data, - std::string* plaintext) const { - DCHECK(key_); - EVP_AEAD_CTX ctx; - - if (!EVP_AEAD_CTX_init(&ctx, aead_, - reinterpret_cast<const uint8*>(key_->data()), - key_->size(), EVP_AEAD_DEFAULT_TAG_LENGTH, nullptr)) { - return false; - } - - std::string result; - const size_t max_output_length = ciphertext.size(); - size_t output_length; - uint8* out_ptr = - reinterpret_cast<uint8*>(WriteInto(&result, max_output_length + 1)); - - if (!EVP_AEAD_CTX_open( - &ctx, out_ptr, &output_length, max_output_length, - reinterpret_cast<const uint8*>(nonce.data()), nonce.size(), - reinterpret_cast<const uint8*>(ciphertext.data()), ciphertext.size(), - reinterpret_cast<const uint8*>(additional_data.data()), - additional_data.size())) { - EVP_AEAD_CTX_cleanup(&ctx); - return false; - } - - DCHECK_LE(output_length, max_output_length); - result.resize(output_length); - - plaintext->swap(result); - EVP_AEAD_CTX_cleanup(&ctx); - - return true; -} - -size_t Aead::KeyLength() const { - return EVP_AEAD_key_length(aead_); -} - -size_t Aead::NonceLength() const { - return EVP_AEAD_nonce_length(aead_); -} - -} // namespace - -#endif diff --git a/crypto/aead_openssl.h b/crypto/aead_openssl.h deleted file mode 100644 index 773cce1..0000000 --- a/crypto/aead_openssl.h +++ /dev/null @@ -1,48 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#ifndef CRYPTO_AEAD_H_ -#define CRYPTO_AEAD_H_ - -#include "base/strings/string_piece.h" -#include "crypto/crypto_export.h" - -struct evp_aead_st; - -namespace crypto { - -// This class exposes the AES-128-CTR-HMAC-SHA256 AEAD, currently only -// for OpenSSL builds. -class CRYPTO_EXPORT Aead { - public: - enum AeadAlgorithm { AES_128_CTR_HMAC_SHA256 }; - - explicit Aead(AeadAlgorithm algorithm); - - ~Aead(); - - void Init(const std::string* key); - - bool Seal(const base::StringPiece& plaintext, - const base::StringPiece& nonce, - const base::StringPiece& additional_data, - std::string* ciphertext) const; - - bool Open(const base::StringPiece& ciphertext, - const base::StringPiece& nonce, - const base::StringPiece& additional_data, - std::string* plaintext) const; - - size_t KeyLength() const; - - size_t NonceLength() const; - - private: - const std::string* key_; - const evp_aead_st* aead_; -}; - -} // namespace crypto - -#endif // CRYPTO_ENCRYPTOR_H_ diff --git a/crypto/aead_openssl_unittest.cc b/crypto/aead_openssl_unittest.cc deleted file mode 100644 index 446bca2..0000000 --- a/crypto/aead_openssl_unittest.cc +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2015 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include "crypto/aead_openssl.h" - -#include <string> - -#include "testing/gtest/include/gtest/gtest.h" - -namespace { - -#if defined(USE_OPENSSL) - -TEST(AeadTest, SealOpen) { - crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); - std::string key(aead.KeyLength(), 0); - aead.Init(&key); - std::string nonce(aead.NonceLength(), 0); - std::string plaintext("this is the plaintext"); - std::string ad("this is the additional data"); - std::string ciphertext; - EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext)); - EXPECT_LT(0U, ciphertext.size()); - - std::string decrypted; - EXPECT_TRUE(aead.Open(ciphertext, nonce, ad, &decrypted)); - - EXPECT_EQ(plaintext, decrypted); -} - -TEST(AeadTest, SealOpenWrongKey) { - crypto::Aead aead(crypto::Aead::AES_128_CTR_HMAC_SHA256); - std::string key(aead.KeyLength(), 0); - std::string wrong_key(aead.KeyLength(), 1); - aead.Init(&key); - crypto::Aead aead_wrong_key(crypto::Aead::AES_128_CTR_HMAC_SHA256); - aead_wrong_key.Init(&wrong_key); - - std::string nonce(aead.NonceLength(), 0); - std::string plaintext("this is the plaintext"); - std::string ad("this is the additional data"); - std::string ciphertext; - EXPECT_TRUE(aead.Seal(plaintext, nonce, ad, &ciphertext)); - EXPECT_LT(0U, ciphertext.size()); - - std::string decrypted; - EXPECT_FALSE(aead_wrong_key.Open(ciphertext, nonce, ad, &decrypted)); - EXPECT_EQ(0U, decrypted.size()); -} - -#endif - -} // namespace diff --git a/crypto/crypto.gyp b/crypto/crypto.gyp index 00b59b5..a9cff55 100644 --- a/crypto/crypto.gyp +++ b/crypto/crypto.gyp @@ -125,8 +125,6 @@ ], }, { 'sources!': [ - 'aead_openssl.cc', - 'aead_openssl.h', 'ec_private_key_openssl.cc', 'ec_signature_creator_openssl.cc', 'encryptor_openssl.cc', @@ -160,7 +158,6 @@ 'target_name': 'crypto_unittests', 'type': 'executable', 'sources': [ - 'aead_openssl_unittest.cc', 'curve25519_unittest.cc', 'ec_private_key_unittest.cc', 'ec_signature_creator_unittest.cc', diff --git a/crypto/crypto.gypi b/crypto/crypto.gypi index 4456b10..6fdbdf4 100644 --- a/crypto/crypto.gypi +++ b/crypto/crypto.gypi @@ -27,8 +27,6 @@ # NOTE: all transitive dependencies of HMAC on windows need # to be placed in the source list above. '<@(hmac_win64_related_sources)', - 'aead_openssl.cc', - 'aead_openssl.h', 'apple_keychain.h', 'apple_keychain_ios.mm', 'apple_keychain_mac.mm', |