#ifndef NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
#define NET_QUIC_CRYPTO_AEAD_BASE_DECRYPTER_H_
#include "base/compiler_specific.h"
#include "net/quic/crypto/quic_decrypter.h"
#if defined(USE_OPENSSL)
#include "net/quic/crypto/scoped_evp_aead_ctx.h"
#else
#include <pkcs11t.h>
#include <seccomon.h>
typedef struct PK11SymKeyStr PK11SymKey;
typedef SECStatus (*PK11_DecryptFunction)(
PK11SymKey* symKey, CK_MECHANISM_TYPE mechanism, SECItem* param,
unsigned char* out, unsigned int* outLen, unsigned int maxLen,
const unsigned char* enc, unsigned encLen);
#endif
namespace net {
class NET_EXPORT_PRIVATE AeadBaseDecrypter : public QuicDecrypter {
public:
#if defined(USE_OPENSSL)
AeadBaseDecrypter(const EVP_AEAD* aead_alg,
size_t key_size,
size_t auth_tag_size,
size_t nonce_prefix_size);
#else
AeadBaseDecrypter(CK_MECHANISM_TYPE aead_mechanism,
PK11_DecryptFunction pk11_decrypt,
size_t key_size,
size_t auth_tag_size,
size_t nonce_prefix_size);
#endif
virtual ~AeadBaseDecrypter();
virtual bool SetKey(base::StringPiece key) OVERRIDE;
virtual bool SetNoncePrefix(base::StringPiece nonce_prefix) OVERRIDE;
virtual bool Decrypt(base::StringPiece nonce,
base::StringPiece associated_data,
base::StringPiece ciphertext,
unsigned char* output,
size_t* output_length) OVERRIDE;
virtual QuicData* DecryptPacket(QuicPacketSequenceNumber sequence_number,
base::StringPiece associated_data,
base::StringPiece ciphertext) OVERRIDE;
virtual base::StringPiece GetKey() const OVERRIDE;
virtual base::StringPiece GetNoncePrefix() const OVERRIDE;
protected:
static const size_t kMaxKeySize = 32;
static const size_t kMaxNoncePrefixSize = 4;
#if !defined(USE_OPENSSL)
struct AeadParams {
unsigned int len;
union {
CK_GCM_PARAMS gcm_params;
#if !defined(USE_NSS)
CK_NSS_AEAD_PARAMS nss_aead_params;
#endif
} data;
};
virtual void FillAeadParams(base::StringPiece nonce,
base::StringPiece associated_data,
size_t auth_tag_size,
AeadParams* aead_params) const = 0;
#endif
private:
#if defined(USE_OPENSSL)
const EVP_AEAD* const aead_alg_;
#else
const CK_MECHANISM_TYPE aead_mechanism_;
const PK11_DecryptFunction pk11_decrypt_;
#endif
const size_t key_size_;
const size_t auth_tag_size_;
const size_t nonce_prefix_size_;
unsigned char key_[kMaxKeySize];
unsigned char nonce_prefix_[kMaxNoncePrefixSize];
#if defined(USE_OPENSSL)
ScopedEVPAEADCtx ctx_;
#endif
};
}
#endif