fizz::server::AeadCookieCipher< AeadType, HkdfType > Class Template Reference

#include <AeadCookieCipher.h>

Inheritance diagram for fizz::server::AeadCookieCipher< AeadType, HkdfType >:

Public Member Functions
	AeadCookieCipher ()
bool	setCookieSecrets (const std::vector< folly::ByteRange > &cookieSecrets)
void	setContext (const FizzServerContext *context)
boost::variant< AppToken, StatelessHelloRetryRequest >	getTokenOrRetry (Buf clientHello, Buf appToken) const
folly::Optional< CookieState >	decrypt (Buf cookie) const override
Public Member Functions inherited from fizz::server::CookieCipher
virtual	~CookieCipher ()=default

Private Member Functions
Buf	getStatelessResponse (const ClientHello &chlo, Buf appToken) const

Private Attributes
AeadTokenCipher< AeadType, HkdfType >	tokenCipher_
const FizzServerContext *	context_ = nullptr

Detailed Description

template<typename AeadType, typename HkdfType>
class fizz::server::AeadCookieCipher< AeadType, HkdfType >

Definition at line 25 of file AeadCookieCipher.h.

Constructor & Destructor Documentation

template<typename AeadType, typename HkdfType>

fizz::server::AeadCookieCipher< AeadType, HkdfType >::AeadCookieCipher ( )

inline

Definition at line 27 of file AeadCookieCipher.h.

      : tokenCipher_(std::vector<std::string>({"Fizz Cookie Cipher v1"})) {}

Member Function Documentation

template<typename AeadType , typename HkdfType >

folly::Optional< CookieState > fizz::server::AeadCookieCipher< AeadType, HkdfType >::decrypt ( Buf  cookie ) const

overridevirtual

Implements fizz::server::CookieCipher.

Definition at line 93 of file AeadCookieCipher-inl.h.

References fizz::server::detail::decodeCookie(), folly::gen::move, and folly::none.

                      {
  auto plaintext = tokenCipher_.decrypt(std::move(cookie));
  if (plaintext) {
    return detail::decodeCookie(std::move(*plaintext));
  } else {
    return folly::none;
  }
}

template<typename AeadType , typename HkdfType >

Buf fizz::server::AeadCookieCipher< AeadType, HkdfType >::getStatelessResponse ( const ClientHello &  chlo, Buf  appToken  ) const

private

Definition at line 104 of file AeadCookieCipher-inl.h.

References chlo, cookie, fizz::TLSContent::data, fizz::server::detail::encodeCookie(), fizz::server::getCookieState(), fizz::server::getStatelessHelloRetryRequest(), folly::gen::move, and fizz::WriteRecordLayer::writeHandshake().

                        {
  auto state = getCookieState(
      *context_->getFactory(),
      context_->getSupportedVersions(),
      context_->getSupportedCiphers(),
      context_->getSupportedGroups(),
      chlo,
      std::move(appToken));

  auto encoded = detail::encodeCookie(state);
  auto cookie = tokenCipher_.encrypt(std::move(encoded));
  if (!cookie) {
    throw std::runtime_error("could not encrypt cookie");
  }

  auto statelessMessage = getStatelessHelloRetryRequest(
      state.version, state.cipher, state.group, std::move(*cookie));

  return PlaintextWriteRecordLayer()
      .writeHandshake(std::move(statelessMessage))
      .data;
}

template<typename AeadType , typename HkdfType >

boost::variant< AppToken, StatelessHelloRetryRequest > fizz::server::AeadCookieCipher< AeadType, HkdfType >::getTokenOrRetry	(	Buf	clientHello,
		Buf	appToken
	)		const

Returns either a stateless hello retry request, or a verified token contained in the client hello.

Definition at line 64 of file AeadCookieCipher-inl.h.

References folly::IOBufQueue::cacheChainLength(), chlo, cookie, fizz::server::StatelessHelloRetryRequest::data, folly::gen::move, fizz::ReadRecordLayer::readEvent(), and fizz::server::AppToken::token.

                        {
  folly::IOBufQueue queue{folly::IOBufQueue::cacheChainLength()};
  queue.append(std::move(clientHello));
  auto msg = PlaintextReadRecordLayer().readEvent(queue);
  if (!msg) {
    throw std::runtime_error("no TLS message in initial");
  }

  auto chlo = std::move(boost::get<ClientHello>(*msg));

  auto cookie = getExtension<Cookie>(chlo.extensions);
  if (cookie) {
    auto state = decrypt(std::move(cookie->cookie));
    if (!state) {
      throw std::runtime_error("cookie could not be decrypted");
    }
    AppToken token;
    token.token = std::move(state->appToken);
    return std::move(token);
  } else {
    StatelessHelloRetryRequest hrr;
    hrr.data = getStatelessResponse(chlo, std::move(appToken));
    return std::move(hrr);
  }
}

template<typename AeadType, typename HkdfType>

void fizz::server::AeadCookieCipher< AeadType, HkdfType >::setContext ( const FizzServerContext *  context )

inline

Set the Fizz context to use when negotiating the parameters for a stateless hello retry request.

Definition at line 41 of file AeadCookieCipher.h.

References chlo, context, and cookie.

                                                    {
    context_ = context;
  }

template<typename AeadType, typename HkdfType>

bool fizz::server::AeadCookieCipher< AeadType, HkdfType >::setCookieSecrets ( const std::vector< folly::ByteRange > &  cookieSecrets )

inline

Set cookie secrets to use for cookie encryption/decryption.

Definition at line 33 of file AeadCookieCipher.h.

                                                                        {
    return tokenCipher_.setSecrets(cookieSecrets);
  }

Member Data Documentation

template<typename AeadType, typename HkdfType>

const FizzServerContext* fizz::server::AeadCookieCipher< AeadType, HkdfType >::context_ = nullptr

private

Definition at line 60 of file AeadCookieCipher.h.

template<typename AeadType, typename HkdfType>

AeadTokenCipher<AeadType, HkdfType> fizz::server::AeadCookieCipher< AeadType, HkdfType >::tokenCipher_

private

Definition at line 58 of file AeadCookieCipher.h.

---

The documentation for this class was generated from the following files:

• proxygen/fizz/fizz/server/AeadCookieCipher.h
• proxygen/fizz/fizz/server/AeadCookieCipher-inl.h