proxygen
Public Member Functions | Private Attributes | List of all members
fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType > Class Template Reference

#include <AeadTicketCipher.h>

Inheritance diagram for fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >:
fizz::server::TicketCipher

Public Member Functions

 AeadTicketCipher (std::string pskContext)
 
 AeadTicketCipher ()
 
bool setTicketSecrets (const std::vector< folly::ByteRange > &ticketSecrets)
 
void setContext (const FizzServerContext *context)
 
void setValidity (std::chrono::seconds validity)
 
folly::Future< folly::Optional< std::pair< Buf, std::chrono::seconds > > > encrypt (ResumptionState resState) const override
 
folly::Future< std::pair< PskType, folly::Optional< ResumptionState > > > decrypt (std::unique_ptr< folly::IOBuf > encryptedTicket) const override
 
- Public Member Functions inherited from fizz::server::TicketCipher
virtual ~TicketCipher ()=default
 

Private Attributes

AeadTokenCipher< AeadType, HkdfType > tokenCipher_
 
std::chrono::seconds validity_ {std::chrono::hours(1)}
 
const FizzServerContextcontext_ = nullptr
 

Detailed Description

template<typename AeadType, typename CodecType, typename HkdfType>
class fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >

Definition at line 19 of file AeadTicketCipher.h.

Constructor & Destructor Documentation

template<typename AeadType , typename CodecType , typename HkdfType >
fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::AeadTicketCipher ( std::string  pskContext)
inlineexplicit

Set the PSK context used for these tickets. The PSK context is used as part of the key derivation so that different contexts will result in different keys, preventing keys from one context from being used for another.

Definition at line 27 of file AeadTicketCipher.h.

28  : tokenCipher_(std::vector<std::string>(
29  {CodecType::Label.toString(), pskContext})) {}
fizz::server::AeadTicketCipher::tokenCipher_
AeadTokenCipher< AeadType, HkdfType > tokenCipher_
Definition: AeadTicketCipher.h:78
template<typename AeadType , typename CodecType , typename HkdfType >
fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::AeadTicketCipher ( )
inline

Definition at line 31 of file AeadTicketCipher.h.

32  : tokenCipher_(std::vector<std::string>({CodecType::Label.toString()})) {}
fizz::server::AeadTicketCipher::tokenCipher_
AeadTokenCipher< AeadType, HkdfType > tokenCipher_
Definition: AeadTicketCipher.h:78

Member Function Documentation

template<typename AeadType , typename CodecType , typename HkdfType >
folly::Future<std::pair<PskType, folly::Optional<ResumptionState> > > fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::decrypt ( std::unique_ptr< folly::IOBuf encryptedTicket) const
inlineoverridevirtual

Returns the ResumptionState for an opaque PSK, and the type of PSK (resumption or external).

Returns Rejected if the PSK is not recognized.

Implements fizz::server::TicketCipher.

Definition at line 62 of file AeadTicketCipher.h.

References fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::context_, fizz::decode(), folly::gen::move, folly::none, fizz::Rejected, fizz::Resumption, and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::tokenCipher_.

63  {
64  auto plaintext = tokenCipher_.decrypt(std::move(encryptedTicket));
65  if (plaintext) {
66  try {
67  auto decoded = CodecType::decode(std::move(*plaintext), context_);
68  return std::make_pair(PskType::Resumption, std::move(decoded));
69  } catch (const std::exception& ex) {
70  VLOG(6) << "Failed to decode ticket, ex=" << ex.what();
71  }
72  }
73 
74  return std::make_pair(PskType::Rejected, folly::none);
75  }
fizz::server::AeadTicketCipher::tokenCipher_
AeadTokenCipher< AeadType, HkdfType > tokenCipher_
Definition: AeadTicketCipher.h:78
fizz::decode
TokenBindingMessage decode(folly::io::Cursor &cursor)
Definition: Types.cpp:132
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::server::AeadTicketCipher::context_
const FizzServerContext * context_
Definition: AeadTicketCipher.h:82
folly::none
constexpr None none
Definition: Optional.h:87
template<typename AeadType , typename CodecType , typename HkdfType >
folly::Future<folly::Optional<std::pair<Buf, std::chrono::seconds> > > fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::encrypt ( ResumptionState  resState) const
inlineoverridevirtual

Returns an opaque PSK for ResumptionState, and its validity time.

Implements fizz::server::TicketCipher.

Definition at line 51 of file AeadTicketCipher.h.

References encode(), folly::gen::move, folly::none, ticket, fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::tokenCipher_, and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::validity_.

Referenced by fizz::server::test::AeadTicketCipherTest::checkUnsetEncrypt().

52  {
53  auto encoded = CodecType::encode(std::move(resState));
54  auto ticket = tokenCipher_.encrypt(std::move(encoded));
55  if (!ticket) {
56  return folly::none;
57  } else {
58  return std::make_pair(std::move(*ticket), validity_);
59  }
60  }
encode
unique_ptr< IOBuf > encode(vector< HPACKHeader > &headers, HPACKEncoder &encoder)
Definition: HPACKBenchmark.cpp:22
fizz::server::AeadTicketCipher::tokenCipher_
AeadTokenCipher< AeadType, HkdfType > tokenCipher_
Definition: AeadTicketCipher.h:78
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
ticket
static constexpr StringPiece ticket
Definition: TicketCodecTest.cpp:21
fizz::server::AeadTicketCipher::validity_
std::chrono::seconds validity_
Definition: AeadTicketCipher.h:80
folly::none
constexpr None none
Definition: Optional.h:87
template<typename AeadType , typename CodecType , typename HkdfType >
void fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setContext ( const FizzServerContext context)
inline

Definition at line 43 of file AeadTicketCipher.h.

References context, and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::context_.

43  {
44  context_ = context;
45  }
context
context
Definition: CMakeCache.txt:563
fizz::server::AeadTicketCipher::context_
const FizzServerContext * context_
Definition: AeadTicketCipher.h:82
template<typename AeadType , typename CodecType , typename HkdfType >
bool fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setTicketSecrets ( const std::vector< folly::ByteRange > &  ticketSecrets)
inline

Set ticket secrets to use for ticket encryption/decryption. The first one will be used for encryption. All secrets must be at least kMinTicketSecretLength long.

Definition at line 39 of file AeadTicketCipher.h.

References fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::tokenCipher_.

Referenced by fizz::server::test::AeadTicketCipherTest::setTicketSecrets().

39  {
40  return tokenCipher_.setSecrets(ticketSecrets);
41  }
fizz::server::AeadTicketCipher::tokenCipher_
AeadTokenCipher< AeadType, HkdfType > tokenCipher_
Definition: AeadTicketCipher.h:78
template<typename AeadType , typename CodecType , typename HkdfType >
void fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setValidity ( std::chrono::seconds  validity)
inline

Definition at line 47 of file AeadTicketCipher.h.

References fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::validity_.

47  {
48  validity_ = validity;
49  }
fizz::server::AeadTicketCipher::validity_
std::chrono::seconds validity_
Definition: AeadTicketCipher.h:80

Member Data Documentation

template<typename AeadType , typename CodecType , typename HkdfType >
const FizzServerContext* fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::context_ = nullptr
private

Definition at line 82 of file AeadTicketCipher.h.

Referenced by fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::decrypt(), and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setContext().

template<typename AeadType , typename CodecType , typename HkdfType >
AeadTokenCipher<AeadType, HkdfType> fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::tokenCipher_
private

Definition at line 78 of file AeadTicketCipher.h.

Referenced by fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::decrypt(), fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::encrypt(), and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setTicketSecrets().

template<typename AeadType , typename CodecType , typename HkdfType >
std::chrono::seconds fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::validity_ {std::chrono::hours(1)}
private

Definition at line 80 of file AeadTicketCipher.h.

Referenced by fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::encrypt(), and fizz::server::AeadTicketCipher< AeadType, CodecType, HkdfType >::setValidity().

The documentation for this class was generated from the following file: