1 // Copyright 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #include "quiche/quic/core/crypto/chacha20_poly1305_tls_decrypter.h"
6 
7 #include "openssl/aead.h"
8 #include "openssl/tls1.h"
9 #include "quiche/quic/platform/api/quic_flag_utils.h"
10 #include "quiche/quic/platform/api/quic_flags.h"
11 
12 namespace quic {
13 
14 namespace {
15 
16 const size_t kKeySize = 32;
17 const size_t kNonceSize = 12;
18 
19 }  // namespace
20 
ChaCha20Poly1305TlsDecrypter()21 ChaCha20Poly1305TlsDecrypter::ChaCha20Poly1305TlsDecrypter()
22     : ChaChaBaseDecrypter(EVP_aead_chacha20_poly1305, kKeySize, kAuthTagSize,
23                           kNonceSize,
24                           /* use_ietf_nonce_construction */ true) {
25   static_assert(kKeySize <= kMaxKeySize, "key size too big");
26   static_assert(kNonceSize <= kMaxNonceSize, "nonce size too big");
27 }
28 
~ChaCha20Poly1305TlsDecrypter()29 ChaCha20Poly1305TlsDecrypter::~ChaCha20Poly1305TlsDecrypter() {}
30 
cipher_id() const31 uint32_t ChaCha20Poly1305TlsDecrypter::cipher_id() const {
32   return TLS1_CK_CHACHA20_POLY1305_SHA256;
33 }
34 
GetIntegrityLimit() const35 QuicPacketCount ChaCha20Poly1305TlsDecrypter::GetIntegrityLimit() const {
36   // For AEAD_CHACHA20_POLY1305, the integrity limit is 2^36 invalid packets.
37   // https://quicwg.org/base-drafts/draft-ietf-quic-tls.html#name-limits-on-aead-usage
38   static_assert(kMaxIncomingPacketSize < 16384,
39                 "This key limit requires limits on decryption payload sizes");
40   return 68719476736U;
41 }
42 
43 }  // namespace quic
44