// Copyright (c) 2013 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "net/quic/crypto/aead_base_decrypter.h" #include #include #include "base/memory/scoped_ptr.h" #include "net/quic/quic_flags.h" #include "net/quic/quic_utils.h" using base::StringPiece; namespace net { namespace { // Clear OpenSSL error stack. void ClearOpenSslErrors() { while (ERR_get_error()) { } } // In debug builds only, log OpenSSL error stack. Then clear OpenSSL error // stack. void DLogOpenSslErrors() { #ifdef NDEBUG ClearOpenSslErrors(); #else while (uint32_t error = ERR_get_error()) { char buf[120]; ERR_error_string_n(error, buf, arraysize(buf)); DLOG(ERROR) << "OpenSSL error: " << buf; } #endif } } // namespace AeadBaseDecrypter::AeadBaseDecrypter(const EVP_AEAD* aead_alg, size_t key_size, size_t auth_tag_size, size_t nonce_prefix_size) : aead_alg_(aead_alg), key_size_(key_size), auth_tag_size_(auth_tag_size), nonce_prefix_size_(nonce_prefix_size) { DCHECK_LE(key_size_, sizeof(key_)); DCHECK_LE(nonce_prefix_size_, sizeof(nonce_prefix_)); } AeadBaseDecrypter::~AeadBaseDecrypter() {} bool AeadBaseDecrypter::SetKey(StringPiece key) { DCHECK_EQ(key.size(), key_size_); if (key.size() != key_size_) { return false; } memcpy(key_, key.data(), key.size()); EVP_AEAD_CTX_cleanup(ctx_.get()); if (!EVP_AEAD_CTX_init(ctx_.get(), aead_alg_, key_, key_size_, auth_tag_size_, nullptr)) { DLogOpenSslErrors(); return false; } return true; } bool AeadBaseDecrypter::SetNoncePrefix(StringPiece nonce_prefix) { DCHECK_EQ(nonce_prefix.size(), nonce_prefix_size_); if (nonce_prefix.size() != nonce_prefix_size_) { return false; } memcpy(nonce_prefix_, nonce_prefix.data(), nonce_prefix.size()); return true; } bool AeadBaseDecrypter::DecryptPacket(QuicPathId path_id, QuicPacketNumber packet_number, const StringPiece& associated_data, const StringPiece& ciphertext, char* output, size_t* output_length, size_t max_output_length) { if (ciphertext.length() < auth_tag_size_) { return false; } uint8_t nonce[sizeof(nonce_prefix_) + sizeof(packet_number)]; const size_t nonce_size = nonce_prefix_size_ + sizeof(packet_number); memcpy(nonce, nonce_prefix_, nonce_prefix_size_); if (FLAGS_quic_include_path_id_in_iv) { uint64_t path_id_packet_number = QuicUtils::PackPathIdAndPacketNumber(path_id, packet_number); memcpy(nonce + nonce_prefix_size_, &path_id_packet_number, sizeof(path_id_packet_number)); } else { memcpy(nonce + nonce_prefix_size_, &packet_number, sizeof(packet_number)); } if (!EVP_AEAD_CTX_open( ctx_.get(), reinterpret_cast(output), output_length, max_output_length, reinterpret_cast(nonce), nonce_size, reinterpret_cast(ciphertext.data()), ciphertext.size(), reinterpret_cast(associated_data.data()), associated_data.size())) { // Because QuicFramer does trial decryption, decryption errors are expected // when encryption level changes. So we don't log decryption errors. ClearOpenSslErrors(); return false; } return true; } StringPiece AeadBaseDecrypter::GetKey() const { return StringPiece(reinterpret_cast(key_), key_size_); } StringPiece AeadBaseDecrypter::GetNoncePrefix() const { if (nonce_prefix_size_ == 0) { return StringPiece(); } return StringPiece(reinterpret_cast(nonce_prefix_), nonce_prefix_size_); } } // namespace net