Google Git
Sign in
apache / trafficserver / a80d779480e51c61e82d36f8e152d8d3ffa2367c / . / iocore / net / quic / QUICPacketProtectionKeyInfo.h
blob: 71d077d8b10b827658f03fa5f71d724e1c2bdcd3 [file] [log] [blame]
/** @file
*
* QUIC Packet Protection Key Info
*
* @section license License
*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
#pragma once
#include "QUICTypes.h"
#include "QUICKeyGenerator.h"
class QUICPacketProtectionKeyInfoProvider
{
public:
virtual ~QUICPacketProtectionKeyInfoProvider() {}
// Payload Protection (common)
virtual const EVP_CIPHER *get_cipher(QUICKeyPhase phase) const = 0;
virtual size_t get_tag_len(QUICKeyPhase phase) const = 0;
// Payload Protection (encryption)
virtual bool is_encryption_key_available(QUICKeyPhase phase) const = 0;
virtual const uint8_t *encryption_key(QUICKeyPhase phase) const = 0;
virtual size_t encryption_key_len(QUICKeyPhase phase) const = 0;
virtual const uint8_t *encryption_iv(QUICKeyPhase phase) const = 0;
virtual const size_t *encryption_iv_len(QUICKeyPhase phase) const = 0;
// Payload Protection (decryption)
virtual bool is_decryption_key_available(QUICKeyPhase phase) const = 0;
virtual const uint8_t *decryption_key(QUICKeyPhase phase) const = 0;
virtual size_t decryption_key_len(QUICKeyPhase phase) const = 0;
virtual const uint8_t *decryption_iv(QUICKeyPhase phase) const = 0;
virtual const size_t *decryption_iv_len(QUICKeyPhase phase) const = 0;
// Header Protection
virtual const EVP_CIPHER *get_cipher_for_hp(QUICKeyPhase phase) const = 0;
virtual const uint8_t *encryption_key_for_hp(QUICKeyPhase phase) const = 0;
virtual size_t encryption_key_for_hp_len(QUICKeyPhase phase) const = 0;
virtual const uint8_t *decryption_key_for_hp(QUICKeyPhase phase) const = 0;
virtual size_t decryption_key_for_hp_len(QUICKeyPhase phase) const = 0;
};
class QUICPacketProtectionKeyInfo : public QUICPacketProtectionKeyInfoProvider
{
public:
enum class Context { SERVER, CLIENT };
virtual ~QUICPacketProtectionKeyInfo() {}
// FIXME This should be passed to the constructor but NetVC cannot pass it because it has set_context too.
void set_context(Context ctx);
void drop_keys(QUICKeyPhase phase);
// Payload Protection (common)
virtual const EVP_CIPHER *get_cipher(QUICKeyPhase phase) const override;
virtual size_t get_tag_len(QUICKeyPhase phase) const override;
virtual void set_cipher_initial(const EVP_CIPHER *cipher);
virtual void set_cipher(const EVP_CIPHER *cipher, size_t tag_len);
// Payload Protection (encryption)
virtual bool is_encryption_key_available(QUICKeyPhase phase) const override;
virtual void set_encryption_key_available(QUICKeyPhase phase);
virtual const uint8_t *encryption_key(QUICKeyPhase phase) const override;
virtual uint8_t *encryption_key(QUICKeyPhase phase);
virtual size_t encryption_key_len(QUICKeyPhase phase) const override;
virtual const uint8_t *encryption_iv(QUICKeyPhase phase) const override;
virtual uint8_t *encryption_iv(QUICKeyPhase phase);
virtual const size_t *encryption_iv_len(QUICKeyPhase phase) const override;
virtual size_t *encryption_iv_len(QUICKeyPhase phase);
// Payload Protection (decryption)
virtual bool is_decryption_key_available(QUICKeyPhase phase) const override;
virtual void set_decryption_key_available(QUICKeyPhase phase);
virtual const uint8_t *decryption_key(QUICKeyPhase phase) const override;
virtual uint8_t *decryption_key(QUICKeyPhase phase);
virtual size_t decryption_key_len(QUICKeyPhase phase) const override;
virtual const uint8_t *decryption_iv(QUICKeyPhase phase) const override;
virtual uint8_t *decryption_iv(QUICKeyPhase phase);
virtual const size_t *decryption_iv_len(QUICKeyPhase phase) const override;
virtual size_t *decryption_iv_len(QUICKeyPhase phase);
// Header Protection
virtual const EVP_CIPHER *get_cipher_for_hp(QUICKeyPhase phase) const override;
virtual void set_cipher_for_hp_initial(const EVP_CIPHER *cipher);
virtual void set_cipher_for_hp(const EVP_CIPHER *cipher);
virtual const uint8_t *encryption_key_for_hp(QUICKeyPhase phase) const override;
virtual uint8_t *encryption_key_for_hp(QUICKeyPhase phase);
virtual size_t encryption_key_for_hp_len(QUICKeyPhase phase) const override;
virtual const uint8_t *decryption_key_for_hp(QUICKeyPhase phase) const override;
virtual uint8_t *decryption_key_for_hp(QUICKeyPhase phase);
virtual size_t decryption_key_for_hp_len(QUICKeyPhase phase) const override;
private:
Context _ctx = Context::SERVER;
// Payload Protection
const EVP_CIPHER *_cipher_initial = nullptr;
const EVP_CIPHER *_cipher = nullptr;
size_t _tag_len = 0;
bool _is_client_key_available[5] = {false};
bool _is_server_key_available[5] = {false};
// FIXME EVP_MAX_KEY_LENGTH and EVP_MAX_IV_LENGTH are not enough somehow
uint8_t _client_key[5][512];
uint8_t _server_key[5][512];
uint8_t _client_iv[5][512];
uint8_t _server_iv[5][512];
size_t _client_iv_len[5];
size_t _server_iv_len[5];
// Header Protection
const EVP_CIPHER *_cipher_for_hp_initial = nullptr;
const EVP_CIPHER *_cipher_for_hp = nullptr;
uint8_t _client_key_for_hp[5][512];
uint8_t _server_key_for_hp[5][512];
};