diff options
Diffstat (limited to 'chromium/net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.cc')
| -rw-r--r-- | chromium/net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.cc | 148 |
1 files changed, 0 insertions, 148 deletions
diff --git a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.cc b/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.cc deleted file mode 100644 index a4a7a2a615d..00000000000 --- a/chromium/net/third_party/quiche/src/quic/core/crypto/crypto_secret_boxer.cc +++ /dev/null @@ -1,148 +0,0 @@ -// Copyright (c) 2013 The Chromium Authors. All rights reserved. -// Use of this source code is governed by a BSD-style license that can be -// found in the LICENSE file. - -#include <cstdint> -#include <string> - -#include "quic/core/crypto/crypto_secret_boxer.h" - -#include "absl/strings/string_view.h" -#include "third_party/boringssl/src/include/openssl/aead.h" -#include "third_party/boringssl/src/include/openssl/err.h" -#include "quic/core/crypto/quic_random.h" -#include "quic/platform/api/quic_logging.h" - -namespace quic { - -// kSIVNonceSize contains the number of bytes of nonce in each AES-GCM-SIV box. -// AES-GCM-SIV takes a 12-byte nonce and, since the messages are so small, each -// key is good for more than 2^64 source-address tokens. See table 1 of -// https://eprint.iacr.org/2017/168.pdf -static const size_t kSIVNonceSize = 12; - -// AES-GCM-SIV comes in AES-128 and AES-256 flavours. The AES-256 version is -// used here so that the key size matches the 256-bit XSalsa20 keys that we -// used to use. -static const size_t kBoxKeySize = 32; - -struct CryptoSecretBoxer::State { - // ctxs are the initialised AEAD contexts. These objects contain the - // scheduled AES state for each of the keys. - std::vector<bssl::UniquePtr<EVP_AEAD_CTX>> ctxs; -}; - -CryptoSecretBoxer::CryptoSecretBoxer() {} - -CryptoSecretBoxer::~CryptoSecretBoxer() {} - -// static -size_t CryptoSecretBoxer::GetKeySize() { - return kBoxKeySize; -} - -// kAEAD is the AEAD used for boxing: AES-256-GCM-SIV. -static const EVP_AEAD* (*const kAEAD)() = EVP_aead_aes_256_gcm_siv; - -bool CryptoSecretBoxer::SetKeys(const std::vector<std::string>& keys) { - if (keys.empty()) { - QUIC_LOG(DFATAL) << "No keys supplied!"; - return false; - } - const EVP_AEAD* const aead = kAEAD(); - std::unique_ptr<State> new_state(new State); - - for (const std::string& key : keys) { - QUICHE_DCHECK_EQ(kBoxKeySize, key.size()); - bssl::UniquePtr<EVP_AEAD_CTX> ctx( - EVP_AEAD_CTX_new(aead, reinterpret_cast<const uint8_t*>(key.data()), - key.size(), EVP_AEAD_DEFAULT_TAG_LENGTH)); - if (!ctx) { - ERR_clear_error(); - QUIC_LOG(DFATAL) << "EVP_AEAD_CTX_init failed"; - return false; - } - - new_state->ctxs.push_back(std::move(ctx)); - } - - QuicWriterMutexLock l(&lock_); - state_ = std::move(new_state); - return true; -} - -std::string CryptoSecretBoxer::Box(QuicRandom* rand, - absl::string_view plaintext) const { - // The box is formatted as: - // 12 bytes of random nonce - // n bytes of ciphertext - // 16 bytes of authenticator - size_t out_len = - kSIVNonceSize + plaintext.size() + EVP_AEAD_max_overhead(kAEAD()); - - std::string ret; - ret.resize(out_len); - uint8_t* out = reinterpret_cast<uint8_t*>(const_cast<char*>(ret.data())); - - // Write kSIVNonceSize bytes of random nonce to the beginning of the output - // buffer. - rand->RandBytes(out, kSIVNonceSize); - const uint8_t* const nonce = out; - out += kSIVNonceSize; - out_len -= kSIVNonceSize; - - size_t bytes_written; - { - QuicReaderMutexLock l(&lock_); - if (!EVP_AEAD_CTX_seal(state_->ctxs[0].get(), out, &bytes_written, out_len, - nonce, kSIVNonceSize, - reinterpret_cast<const uint8_t*>(plaintext.data()), - plaintext.size(), nullptr, 0)) { - ERR_clear_error(); - QUIC_LOG(DFATAL) << "EVP_AEAD_CTX_seal failed"; - return ""; - } - } - - QUICHE_DCHECK_EQ(out_len, bytes_written); - return ret; -} - -bool CryptoSecretBoxer::Unbox(absl::string_view in_ciphertext, - std::string* out_storage, - absl::string_view* out) const { - if (in_ciphertext.size() < kSIVNonceSize) { - return false; - } - - const uint8_t* const nonce = - reinterpret_cast<const uint8_t*>(in_ciphertext.data()); - const uint8_t* const ciphertext = nonce + kSIVNonceSize; - const size_t ciphertext_len = in_ciphertext.size() - kSIVNonceSize; - - out_storage->resize(ciphertext_len); - - bool ok = false; - { - QuicReaderMutexLock l(&lock_); - for (const bssl::UniquePtr<EVP_AEAD_CTX>& ctx : state_->ctxs) { - size_t bytes_written; - if (EVP_AEAD_CTX_open(ctx.get(), - reinterpret_cast<uint8_t*>( - const_cast<char*>(out_storage->data())), - &bytes_written, ciphertext_len, nonce, - kSIVNonceSize, ciphertext, ciphertext_len, nullptr, - 0)) { - ok = true; - *out = absl::string_view(out_storage->data(), bytes_written); - break; - } - - ERR_clear_error(); - } - } - - return ok; -} - -} // namespace quic |