xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/quic/core/crypto/aes_base_decrypter.cc (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "quiche/quic/core/crypto/aes_base_decrypter.h"
6 
7 #include "absl/strings/string_view.h"
8 #include "openssl/aes.h"
9 #include "quiche/quic/platform/api/quic_bug_tracker.h"
10 
11 namespace quic {
12 
SetHeaderProtectionKey(absl::string_view key)13 bool AesBaseDecrypter::SetHeaderProtectionKey(absl::string_view key) {
14   if (key.size() != GetKeySize()) {
15     QUIC_BUG(quic_bug_10649_1) << "Invalid key size for header protection";
16     return false;
17   }
18   if (AES_set_encrypt_key(reinterpret_cast<const uint8_t*>(key.data()),
19                           key.size() * 8, &pne_key_) != 0) {
20     QUIC_BUG(quic_bug_10649_2) << "Unexpected failure of AES_set_encrypt_key";
21     return false;
22   }
23   return true;
24 }
25 
GenerateHeaderProtectionMask(QuicDataReader * sample_reader)26 std::string AesBaseDecrypter::GenerateHeaderProtectionMask(
27     QuicDataReader* sample_reader) {
28   absl::string_view sample;
29   if (!sample_reader->ReadStringPiece(&sample, AES_BLOCK_SIZE)) {
30     return std::string();
31   }
32   std::string out(AES_BLOCK_SIZE, 0);
33   AES_encrypt(reinterpret_cast<const uint8_t*>(sample.data()),
34               reinterpret_cast<uint8_t*>(const_cast<char*>(out.data())),
35               &pne_key_);
36   return out;
37 }
38 
GetIntegrityLimit() const39 QuicPacketCount AesBaseDecrypter::GetIntegrityLimit() const {
40   // For AEAD_AES_128_GCM ... endpoints that do not attempt to remove
41   // protection from packets larger than 2^11 bytes can attempt to remove
42   // protection from at most 2^57 packets.
43   // For AEAD_AES_256_GCM [the limit] is substantially larger than the limit for
44   // AEAD_AES_128_GCM. However, this document recommends that the same limit be
45   // applied to both functions as either limit is acceptably large.
46   // https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-integrity-limit
47   static_assert(kMaxIncomingPacketSize <= 2048,
48                 "This key limit requires limits on decryption payload sizes");
49   return 144115188075855872U;
50 }
51 
52 }  // namespace quic
53