blob: 052bc5872a3f75a74c325eb7e6cc7768756cbd9c [file] [log] [blame]
// Copyright 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "third_party/boringssl/src/include/openssl/aead.h"
#include "quic/core/crypto/proof_source.h"
#include "quic/core/quic_clock.h"
#include "quic/core/quic_time.h"
namespace quic {
// SimpleTicketCrypter implements the QUIC ProofSource::TicketCrypter interface.
// It generates a random key at startup and every 7 days it rotates the key,
// keeping track of the previous key used to facilitate decrypting older
// tickets. This implementation is not suitable for server setups where multiple
// servers need to share keys.
class QUIC_NO_EXPORT SimpleTicketCrypter
: public quic::ProofSource::TicketCrypter {
explicit SimpleTicketCrypter(QuicClock* clock);
~SimpleTicketCrypter() override;
size_t MaxOverhead() override;
std::vector<uint8_t> Encrypt(absl::string_view in,
absl::string_view encryption_key) override;
void Decrypt(
absl::string_view in,
std::unique_ptr<quic::ProofSource::DecryptCallback> callback) override;
std::vector<uint8_t> Decrypt(absl::string_view in);
void MaybeRotateKeys();
static constexpr size_t kKeySize = 16;
struct Key {
uint8_t key[kKeySize];
bssl::ScopedEVP_AEAD_CTX aead_ctx;
QuicTime expiration = QuicTime::Zero();
std::unique_ptr<Key> NewKey();
std::unique_ptr<Key> current_key_;
std::unique_ptr<Key> previous_key_;
uint8_t key_epoch_ = 0;
QuicClock* clock_;
} // namespace quic