proxygen
Public Member Functions | Static Public Attributes | Private Types | Private Member Functions | Private Attributes | Static Private Attributes | List of all members
fizz::server::AeadTokenCipher< AeadType, HkdfType > Class Template Reference

#include <AeadTokenCipher.h>

Public Member Functions

 AeadTokenCipher (std::vector< std::string > contextStrings)
 
 ~AeadTokenCipher ()
 
bool setSecrets (const std::vector< folly::ByteRange > &tokenSecrets)
 
folly::Optional< Bufencrypt (Buf plaintext) const
 
folly::Optional< Bufdecrypt (Buf) const
 

Static Public Attributes

static constexpr size_t kMinTokenSecretLength = 32
 

Private Types

using Secret = std::vector< uint8_t >
 
using Salt = std::array< uint8_t, kSaltLength >
 
using SeqNum = uint32_t
 

Private Member Functions

AeadType createAead (folly::ByteRange secret, folly::ByteRange salt) const
 
void clearSecrets ()
 

Private Attributes

std::vector< Secretsecrets_
 
std::vector< std::stringcontextStrings_
 

Static Private Attributes

static constexpr size_t kSaltLength = HkdfType::HashLen
 
static constexpr size_t kTokenHeaderLength = kSaltLength + sizeof(SeqNum)
 

Detailed Description

template<typename AeadType, typename HkdfType>
class fizz::server::AeadTokenCipher< AeadType, HkdfType >

Used to encrypt and decrypt various tokens (for example PSKs).

Definition at line 22 of file AeadTokenCipher.h.

Member Typedef Documentation

template<typename AeadType, typename HkdfType>
using fizz::server::AeadTokenCipher< AeadType, HkdfType >::Salt = std::array<uint8_t, kSaltLength>
private

Definition at line 53 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
using fizz::server::AeadTokenCipher< AeadType, HkdfType >::Secret = std::vector<uint8_t>
private

Definition at line 51 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
using fizz::server::AeadTokenCipher< AeadType, HkdfType >::SeqNum = uint32_t
private

Definition at line 54 of file AeadTokenCipher.h.

Constructor & Destructor Documentation

template<typename AeadType, typename HkdfType>
fizz::server::AeadTokenCipher< AeadType, HkdfType >::AeadTokenCipher ( std::vector< std::string contextStrings)
inlineexplicit

Set additional context strings for use with these tokens. The strings will be used, in order, as part of the key derivation so that different contexts will result in different keys, preventing keys from one context from being used for another.

Definition at line 32 of file AeadTokenCipher.h.

33  : contextStrings_(std::move(contextStrings)) {}
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::server::AeadTokenCipher::contextStrings_
std::vector< std::string > contextStrings_
Definition: AeadTokenCipher.h:64
template<typename AeadType, typename HkdfType>
fizz::server::AeadTokenCipher< AeadType, HkdfType >::~AeadTokenCipher ( )
inline

Definition at line 35 of file AeadTokenCipher.h.

References fizz::server::AeadTokenCipher< AeadType, HkdfType >::clearSecrets(), fizz::server::AeadTokenCipher< AeadType, HkdfType >::decrypt(), fizz::server::AeadTokenCipher< AeadType, HkdfType >::encrypt(), and fizz::server::AeadTokenCipher< AeadType, HkdfType >::setSecrets().

35  {
36  clearSecrets();
37  }

Member Function Documentation

template<typename AeadType , typename HkdfType >
void fizz::server::AeadTokenCipher< AeadType, HkdfType >::clearSecrets ( )
private

Definition at line 125 of file AeadTokenCipher-inl.h.

References fizz::CryptoUtils::clean(), folly::range(), and secret.

Referenced by fizz::server::AeadTokenCipher< AeadType, HkdfType >::~AeadTokenCipher().

125  {
126  for (auto& secret : secrets_) {
127  CryptoUtils::clean(folly::range(secret));
128  }
129  secrets_.clear();
130 }
fizz::CryptoUtils::clean
static void clean(folly::MutableByteRange range)
Definition: Utils.cpp:38
folly::range
constexpr Range< Iter > range(Iter first, Iter last)
Definition: Range.h:1114
fizz::server::AeadTokenCipher::secrets_
std::vector< Secret > secrets_
Definition: AeadTokenCipher.h:62
secret
static constexpr StringPiece secret
Definition: AeadCookieCipherTest.cpp:21
template<typename AeadType , typename HkdfType >
AeadType fizz::server::AeadTokenCipher< AeadType, HkdfType >::createAead ( folly::ByteRange  secret,
folly::ByteRange  salt 
) const
private

Definition at line 109 of file AeadTokenCipher-inl.h.

References deadlock::info(), folly::gen::move, and folly::IOBuf::wrapBuffer().

111  {
112  AeadType aead;
113  std::unique_ptr<folly::IOBuf> info = folly::IOBuf::wrapBuffer(salt);
114  auto keys =
115  HkdfType().expand(secret, *info, aead.keyLength() + aead.ivLength());
116  folly::io::Cursor cursor(keys.get());
117  TrafficKey key;
118  cursor.clone(key.key, aead.keyLength());
119  cursor.clone(key.iv, aead.ivLength());
120  aead.setKey(std::move(key));
121  return aead;
122 }
deadlock.info
def info()
Definition: deadlock.py:447
folly::IOBuf::wrapBuffer
static std::unique_ptr< IOBuf > wrapBuffer(const void *buf, std::size_t capacity)
Definition: IOBuf.cpp:353
folly::io::detail::CursorBase::clone
void clone(std::unique_ptr< folly::IOBuf > &buf, size_t len)
Definition: Cursor.h:456
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
template<typename AeadType , typename HkdfType >
folly::Optional< Buf > fizz::server::AeadTokenCipher< AeadType, HkdfType >::decrypt ( Buf  token) const

Definition at line 83 of file AeadTokenCipher-inl.h.

References folly::gen::move, folly::none, folly::range(), and secret.

Referenced by fizz::server::AeadTokenCipher< AeadType, HkdfType >::~AeadTokenCipher().

84  {
85  folly::io::Cursor cursor(token.get());
86  if (secrets_.empty() || !cursor.canAdvance(kTokenHeaderLength)) {
87  return folly::none;
88  }
89 
90  Salt salt;
91  cursor.pull(salt.data(), salt.size());
92  auto seqNum = cursor.readBE<SeqNum>();
93  Buf ciphertext;
94  cursor.clone(ciphertext, cursor.totalLength());
95 
96  for (const auto& secret : secrets_) {
97  auto aead = createAead(folly::range(secret), folly::range(salt));
98  auto result = aead.tryDecrypt(ciphertext->clone(), nullptr, seqNum);
99  if (result) {
100  return std::move(result);
101  }
102  }
103 
104  VLOG(6) << "Failed to decrypt token.";
105  return folly::none;
106 }
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::server::AeadTokenCipher::Salt
std::array< uint8_t, kSaltLength > Salt
Definition: AeadTokenCipher.h:53
folly::range
constexpr Range< Iter > range(Iter first, Iter last)
Definition: Range.h:1114
fizz::server::AeadTokenCipher::kTokenHeaderLength
static constexpr size_t kTokenHeaderLength
Definition: AeadTokenCipher.h:55
fizz::server::AeadTokenCipher::secrets_
std::vector< Secret > secrets_
Definition: AeadTokenCipher.h:62
fizz::Buf
std::unique_ptr< folly::IOBuf > Buf
Definition: Types.h:22
secret
static constexpr StringPiece secret
Definition: AeadCookieCipherTest.cpp:21
folly::none
constexpr None none
Definition: Optional.h:87
fizz::server::AeadTokenCipher::createAead
AeadType createAead(folly::ByteRange secret, folly::ByteRange salt) const
Definition: AeadTokenCipher-inl.h:109
template<typename AeadType , typename HkdfType >
folly::Optional< Buf > fizz::server::AeadTokenCipher< AeadType, HkdfType >::encrypt ( Buf  plaintext) const

Definition at line 62 of file AeadTokenCipher-inl.h.

References folly::IOBuf::create(), folly::gen::move, folly::none, folly::io::detail::Writable< Derived >::push(), and folly::range().

Referenced by fizz::server::AeadTokenCipher< AeadType, HkdfType >::~AeadTokenCipher().

63  {
64  if (secrets_.empty()) {
65  return folly::none;
66  }
67 
68  auto salt = RandomGenerator<kSaltLength>().generateRandom();
69  auto aead = createAead(folly::range(secrets_.front()), folly::range(salt));
70 
71  // For now we always use sequence number 0.
72  SeqNum seqNum = 0;
73  auto token = folly::IOBuf::create(kTokenHeaderLength);
74  folly::io::Appender appender(token.get(), kTokenHeaderLength);
75  appender.push(folly::range(salt));
76  appender.writeBE(seqNum);
77  token->prependChain(aead.encrypt(std::move(plaintext), nullptr, seqNum));
78 
79  return std::move(token);
80 }
folly::IOBuf::create
static std::unique_ptr< IOBuf > create(std::size_t capacity)
Definition: IOBuf.cpp:229
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
folly::io::detail::Writable::push
void push(const uint8_t *buf, size_t len)
Definition: Cursor.h:755
folly::range
constexpr Range< Iter > range(Iter first, Iter last)
Definition: Range.h:1114
fizz::server::AeadTokenCipher::kTokenHeaderLength
static constexpr size_t kTokenHeaderLength
Definition: AeadTokenCipher.h:55
fizz::server::AeadTokenCipher::secrets_
std::vector< Secret > secrets_
Definition: AeadTokenCipher.h:62
folly::none
constexpr None none
Definition: Optional.h:87
fizz::server::AeadTokenCipher::createAead
AeadType createAead(folly::ByteRange secret, folly::ByteRange salt) const
Definition: AeadTokenCipher-inl.h:109
template<typename AeadType , typename HkdfType >
bool fizz::server::AeadTokenCipher< AeadType, HkdfType >::setSecrets ( const std::vector< folly::ByteRange > &  tokenSecrets)

Set secrets to use for token encryption/decryption. The first one will be used for encryption. All secrets must be at least kMinTokenSecretLength long.

Definition at line 37 of file AeadTokenCipher-inl.h.

References folly::gen::move, and folly::range().

Referenced by fizz::server::AeadTokenCipher< AeadType, HkdfType >::~AeadTokenCipher().

38  {
39  VLOG(3) << "Updating token secrets";
40 
41  for (const auto& tokenSecret : tokenSecrets) {
42  if (tokenSecret.size() < kMinTokenSecretLength) {
43  LOG(ERROR) << "Token cipher secret too small - not updating.";
44  return false;
45  }
46  }
47 
48  VLOG(4) << "Updating token secrets, num=" << tokenSecrets.size();
49  clearSecrets();
50  for (const auto& tokenSecret : tokenSecrets) {
51  Secret extracted(tokenSecret.begin(), tokenSecret.end());
52  for (const auto& contextString : contextStrings_) {
53  extracted = HkdfType().extract(
54  folly::range(contextString), folly::range(extracted));
55  }
56  secrets_.push_back(std::move(extracted));
57  }
58  return true;
59 }
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::server::AeadTokenCipher::Secret
std::vector< uint8_t > Secret
Definition: AeadTokenCipher.h:51
fizz::server::AeadTokenCipher::kMinTokenSecretLength
static constexpr size_t kMinTokenSecretLength
Definition: AeadTokenCipher.h:24
folly::range
constexpr Range< Iter > range(Iter first, Iter last)
Definition: Range.h:1114
fizz::server::AeadTokenCipher::secrets_
std::vector< Secret > secrets_
Definition: AeadTokenCipher.h:62
fizz::server::AeadTokenCipher::contextStrings_
std::vector< std::string > contextStrings_
Definition: AeadTokenCipher.h:64

Member Data Documentation

template<typename AeadType, typename HkdfType>
std::vector<std::string> fizz::server::AeadTokenCipher< AeadType, HkdfType >::contextStrings_
private

Definition at line 64 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
constexpr size_t fizz::server::AeadTokenCipher< AeadType, HkdfType >::kMinTokenSecretLength = 32
static

Definition at line 24 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
constexpr size_t fizz::server::AeadTokenCipher< AeadType, HkdfType >::kSaltLength = HkdfType::HashLen
staticprivate

Definition at line 52 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
constexpr size_t fizz::server::AeadTokenCipher< AeadType, HkdfType >::kTokenHeaderLength = kSaltLength + sizeof(SeqNum)
staticprivate

Definition at line 55 of file AeadTokenCipher.h.

template<typename AeadType, typename HkdfType>
std::vector<Secret> fizz::server::AeadTokenCipher< AeadType, HkdfType >::secrets_
private

Definition at line 62 of file AeadTokenCipher.h.

The documentation for this class was generated from the following files: