proxygen
OpenSSLEVPCipher.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #pragma once
10 
11 #include <fizz/crypto/aead/AESGCM128.h>
12 #include <fizz/crypto/aead/Aead.h>
13 #include <fizz/crypto/aead/IOBufUtil.h>
14 #include <folly/Conv.h>
15 #include <folly/Memory.h>
16 #include <folly/Range.h>
17 #include <folly/String.h>
18 #include <folly/lang/Bits.h>
19 #include <folly/ssl/OpenSSLPtrTypes.h>
20 #include <glog/logging.h>
21 #include <openssl/evp.h>
22 
23 namespace fizz {
24 
38 template <typename EVPImpl>
39 class OpenSSLEVPCipher : public Aead {
40  static_assert(EVPImpl::kIVLength >= sizeof(uint64_t), "iv too small");
41 
42  public:
43  OpenSSLEVPCipher();
44  ~OpenSSLEVPCipher() override = default;
45 
46  OpenSSLEVPCipher(OpenSSLEVPCipher&& other) = default;
47  OpenSSLEVPCipher& operator=(OpenSSLEVPCipher&& other) = default;
48 
49  void setKey(TrafficKey trafficKey) override;
50 
51  size_t keyLength() const override {
52  return EVPImpl::kKeyLength;
53  }
54 
55  size_t ivLength() const override {
56  return EVPImpl::kIVLength;
57  }
58 
59  // If plaintext is not shared, encrypt in place and append a tag,
60  // either in the tail room if available, or by appending a new buf
61  // If plaintext is shared, alloc a new output and encrypt to output.
62  // The returned buffer will have head room == headroom_
63  std::unique_ptr<folly::IOBuf> encrypt(
64  std::unique_ptr<folly::IOBuf>&& plaintext,
65  const folly::IOBuf* associatedData,
66  uint64_t seqNum) const override;
67 
68  folly::Optional<std::unique_ptr<folly::IOBuf>> tryDecrypt(
69  std::unique_ptr<folly::IOBuf>&& ciphertext,
70  const folly::IOBuf* associatedData,
71  uint64_t seqNum) const override;
72 
73  size_t getCipherOverhead() const override;
74 
75  void setEncryptedBufferHeadroom(size_t headroom) override {
76  headroom_ = headroom;
77  }
78 
79  private:
80  std::array<uint8_t, EVPImpl::kIVLength> createIV(uint64_t seqNum) const;
81 
82  TrafficKey trafficKey_;
83  size_t headroom_{5};
84 
85  folly::ssl::EvpCipherCtxUniquePtr encryptCtx_;
86  folly::ssl::EvpCipherCtxUniquePtr decryptCtx_;
87 };
88 } // namespace fizz
89 #include <fizz/crypto/aead/OpenSSLEVPCipher-inl.h>
fizz::OpenSSLEVPCipher::encrypt
std::unique_ptr< folly::IOBuf > encrypt(std::unique_ptr< folly::IOBuf > &&plaintext, const folly::IOBuf *associatedData, uint64_t seqNum) const override
Definition: OpenSSLEVPCipher-inl.h:113
fizz::OpenSSLEVPCipher::operator=
OpenSSLEVPCipher & operator=(OpenSSLEVPCipher &&other)=default
fizz::OpenSSLEVPCipher::~OpenSSLEVPCipher
~OpenSSLEVPCipher() override=default
fizz::OpenSSLEVPCipher::encryptCtx_
folly::ssl::EvpCipherCtxUniquePtr encryptCtx_
Definition: OpenSSLEVPCipher.h:85
fizz::OpenSSLEVPCipher::ivLength
size_t ivLength() const override
Definition: OpenSSLEVPCipher.h:55
fizz
Definition: Actions.h:16
fizz::OpenSSLEVPCipher::decryptCtx_
folly::ssl::EvpCipherCtxUniquePtr decryptCtx_
Definition: OpenSSLEVPCipher.h:86
fizz::OpenSSLEVPCipher::createIV
std::array< uint8_t, EVPImpl::kIVLength > createIV(uint64_t seqNum) const
Definition: OpenSSLEVPCipher-inl.h:153
fizz::OpenSSLEVPCipher::keyLength
size_t keyLength() const override
Definition: OpenSSLEVPCipher.h:51
fizz::OpenSSLEVPCipher::tryDecrypt
folly::Optional< std::unique_ptr< folly::IOBuf > > tryDecrypt(std::unique_ptr< folly::IOBuf > &&ciphertext, const folly::IOBuf *associatedData, uint64_t seqNum) const override
Definition: OpenSSLEVPCipher-inl.h:130
folly::ssl::EvpCipherCtxUniquePtr
std::unique_ptr< EVP_CIPHER_CTX, EvpCipherCtxDeleter > EvpCipherCtxUniquePtr
Definition: OpenSSLPtrTypes.h:83
fizz::OpenSSLEVPCipher::setKey
void setKey(TrafficKey trafficKey) override
Definition: OpenSSLEVPCipher-inl.h:84
fizz::OpenSSLEVPCipher::setEncryptedBufferHeadroom
void setEncryptedBufferHeadroom(size_t headroom) override
Definition: OpenSSLEVPCipher.h:75
fizz::OpenSSLEVPCipher::getCipherOverhead
size_t getCipherOverhead() const override
Definition: OpenSSLEVPCipher-inl.h:148