blob: 330c5091094e7e12a41bb5fa201a44704c62d786 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
|
// Copyright 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_
#define QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_
#include "third_party/boringssl/src/include/openssl/aead.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h"
#include "net/third_party/quiche/src/quic/core/quic_clock.h"
#include "net/third_party/quiche/src/quic/core/quic_time.h"
namespace quic {
// SimpleTicketCrypter implements the QUIC ProofSource::TicketCrypter interface.
// It generates a random key at startup and every 7 days it rotates the key,
// keeping track of the previous key used to facilitate decrypting older
// tickets. This implementation is not suitable for server setups where multiple
// servers need to share keys.
class QUIC_NO_EXPORT SimpleTicketCrypter
: public quic::ProofSource::TicketCrypter {
public:
explicit SimpleTicketCrypter(QuicClock* clock);
~SimpleTicketCrypter() override;
size_t MaxOverhead() override;
std::vector<uint8_t> Encrypt(quiche::QuicheStringPiece in) override;
void Decrypt(
quiche::QuicheStringPiece in,
std::unique_ptr<quic::ProofSource::DecryptCallback> callback) override;
private:
std::vector<uint8_t> Decrypt(quiche::QuicheStringPiece in);
void MaybeRotateKeys();
static constexpr size_t kKeySize = 16;
struct Key {
uint8_t key[kKeySize];
bssl::ScopedEVP_AEAD_CTX aead_ctx;
QuicTime expiration = QuicTime::Zero();
};
std::unique_ptr<Key> NewKey();
std::unique_ptr<Key> current_key_;
std::unique_ptr<Key> previous_key_;
uint8_t key_epoch_ = 0;
QuicClock* clock_;
};
} // namespace quic
#endif // QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_
|
