1 // Copyright 2020 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ 6 #define QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ 7 8 #include "openssl/aead.h" 9 #include "quiche/quic/core/crypto/proof_source.h" 10 #include "quiche/quic/core/quic_clock.h" 11 #include "quiche/quic/core/quic_time.h" 12 13 namespace quic { 14 15 // SimpleTicketCrypter implements the QUIC ProofSource::TicketCrypter interface. 16 // It generates a random key at startup and every 7 days it rotates the key, 17 // keeping track of the previous key used to facilitate decrypting older 18 // tickets. This implementation is not suitable for server setups where multiple 19 // servers need to share keys. 20 class QUIC_NO_EXPORT SimpleTicketCrypter 21 : public quic::ProofSource::TicketCrypter { 22 public: 23 explicit SimpleTicketCrypter(QuicClock* clock); 24 ~SimpleTicketCrypter() override; 25 26 size_t MaxOverhead() override; 27 std::vector<uint8_t> Encrypt(absl::string_view in, 28 absl::string_view encryption_key) override; 29 void Decrypt( 30 absl::string_view in, 31 std::shared_ptr<quic::ProofSource::DecryptCallback> callback) override; 32 33 private: 34 std::vector<uint8_t> Decrypt(absl::string_view in); 35 36 void MaybeRotateKeys(); 37 38 static constexpr size_t kKeySize = 16; 39 40 struct Key { 41 uint8_t key[kKeySize]; 42 bssl::ScopedEVP_AEAD_CTX aead_ctx; 43 QuicTime expiration = QuicTime::Zero(); 44 }; 45 46 std::unique_ptr<Key> NewKey(); 47 48 std::unique_ptr<Key> current_key_; 49 std::unique_ptr<Key> previous_key_; 50 uint8_t key_epoch_ = 0; 51 QuicClock* clock_; 52 }; 53 54 } // namespace quic 55 56 #endif // QUICHE_QUIC_TOOLS_SIMPLE_TICKET_CRYPTER_H_ 57