1 // Copyright 2019 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef CAST_STREAMING_FRAME_CRYPTO_H_
6 #define CAST_STREAMING_FRAME_CRYPTO_H_
7 
8 #include <stddef.h>
9 #include <stdint.h>
10 
11 #include <array>
12 #include <vector>
13 
14 #include "absl/types/span.h"
15 #include "cast/streaming/encoded_frame.h"
16 #include "openssl/aes.h"
17 #include "platform/base/macros.h"
18 
19 namespace openscreen {
20 namespace cast {
21 
22 class FrameCollector;
23 class FrameCrypto;
24 
25 // A subclass of EncodedFrame that represents an EncodedFrame with encrypted
26 // payload data, and owns the buffer storing the encrypted payload data. Use
27 // FrameCrypto (below) to explicitly convert between EncryptedFrames and
28 // EncodedFrames.
29 struct EncryptedFrame : public EncodedFrame {
30   EncryptedFrame();
31   ~EncryptedFrame();
32   EncryptedFrame(EncryptedFrame&&) noexcept;
33   EncryptedFrame& operator=(EncryptedFrame&&);
34 
35  protected:
36   // Since only FrameCrypto and FrameCollector are trusted to generate the
37   // payload data, only they are allowed direct access to the storage.
38   friend class FrameCollector;
39   friend class FrameCrypto;
40 
41   // Note: EncodedFrame::data must be updated whenever any mutations are
42   // performed on this member!
43   std::vector<uint8_t> owned_data_;
44 };
45 
46 // Encrypts EncodedFrames before sending, or decrypts EncryptedFrames that have
47 // been received.
48 class FrameCrypto {
49  public:
50   // Construct with the given 16-bytes AES key and IV mask. Both arguments
51   // should be randomly-generated for each new streaming session.
52   // GenerateRandomBytes() can be used to create them.
53   FrameCrypto(const std::array<uint8_t, 16>& aes_key,
54               const std::array<uint8_t, 16>& cast_iv_mask);
55 
56   ~FrameCrypto();
57 
58   EncryptedFrame Encrypt(const EncodedFrame& encoded_frame) const;
59 
60   // Decrypt the given |encrypted_frame| into the output |encoded_frame|. The
61   // caller must provide a sufficiently-sized data buffer (see
62   // GetPlaintextSize()).
63   void Decrypt(const EncryptedFrame& encrypted_frame,
64                EncodedFrame* encoded_frame) const;
65 
66   // AES crypto inputs and outputs (for either encrypting or decrypting) are
67   // always the same size in bytes. The following are just "documentative code."
GetEncryptedSize(const EncodedFrame & encoded_frame)68   static int GetEncryptedSize(const EncodedFrame& encoded_frame) {
69     return encoded_frame.data.size();
70   }
GetPlaintextSize(const EncryptedFrame & encrypted_frame)71   static int GetPlaintextSize(const EncryptedFrame& encrypted_frame) {
72     return encrypted_frame.data.size();
73   }
74 
75  private:
76   // The 244-byte AES_KEY struct, derived from the |aes_key| passed to the ctor,
77   // and initialized by boringssl's AES_set_encrypt_key() function.
78   const AES_KEY aes_key_;
79 
80   // Random bytes used in the custom heuristic to generate a different
81   // initialization vector for each frame.
82   const std::array<uint8_t, 16> cast_iv_mask_;
83 
84   // AES-CTR is symmetric. Thus, the "meat" of both Encrypt() and Decrypt() is
85   // the same.
86   void EncryptCommon(FrameId frame_id,
87                      absl::Span<const uint8_t> in,
88                      absl::Span<uint8_t> out) const;
89 };
90 
91 }  // namespace cast
92 }  // namespace openscreen
93 
94 #endif  // CAST_STREAMING_FRAME_CRYPTO_H_
95