blob: 31758b43245727510a6fa34ea77c80b89b66442c [file] [log] [blame]
// Copyright 2014 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#include "quiche/quic/core/crypto/chacha20_poly1305_decrypter.h"
#include "openssl/aead.h"
#include "openssl/tls1.h"
namespace quic {
namespace {
const size_t kKeySize = 32;
const size_t kNonceSize = 12;
} // namespace
ChaCha20Poly1305Decrypter::ChaCha20Poly1305Decrypter()
: ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize,
kNonceSize,
/* use_ietf_nonce_construction */ false) {
static_assert(kKeySize <= kMaxKeySize, "key size too big");
static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
}
ChaCha20Poly1305Decrypter::~ChaCha20Poly1305Decrypter() {}
uint32_t ChaCha20Poly1305Decrypter::cipher_id() const {
return TLS1_CK_CHACHA20_POLY1305_SHA256;
}
QuicPacketCount ChaCha20Poly1305Decrypter::GetIntegrityLimit() const {
// For AEAD_CHACHA20_POLY1305, the integrity limit is 2^36 invalid packets.
// https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-limits-on-aead-usage
static_assert(kMaxIncomingPacketSize < 16384,
"This key limit requires limits on decryption payload sizes");
return 68719476736U;
}
} // namespace quic