View Javadoc
1   /*
2    * Copyright 2023 The Netty Project
3    *
4    * The Netty Project licenses this file to you under the Apache License,
5    * version 2.0 (the "License"); you may not use this file except in compliance
6    * with the License. You may obtain a copy of the License at:
7    *
8    *   https://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
12   * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
13   * License for the specific language governing permissions and limitations
14   * under the License.
15   */
16  package io.netty.handler.codec.quic;
17  
18  import io.netty.util.concurrent.FastThreadLocal;
19  
20  import javax.crypto.Mac;
21  import javax.crypto.spec.SecretKeySpec;
22  import java.nio.ByteBuffer;
23  import java.security.InvalidKeyException;
24  import java.security.NoSuchAlgorithmException;
25  import java.security.SecureRandom;
26  import java.util.Arrays;
27  
28  final class Hmac {
29  
30      private static final String ALGORITHM = "HmacSHA256";
31  
32      // Two independent keys so that CID signing and reset-token signing are
33      // cryptographically decoupled: an observer cannot derive one output from
34      // the other even when both use the same input value (RFC 9000 §21.11).
35      private static final byte[] CID_KEY   = new byte[32];
36      private static final byte[] TOKEN_KEY = new byte[32];
37  
38      static {
39          SecureRandom rng = new SecureRandom();
40          rng.nextBytes(CID_KEY);
41          rng.nextBytes(TOKEN_KEY);
42      }
43  
44      private static final FastThreadLocal<Mac> CID_MACS = new FastThreadLocal<Mac>() {
45          @Override
46          protected Mac initialValue() {
47              return newMac(CID_KEY);
48          }
49      };
50  
51      private static final FastThreadLocal<Mac> TOKEN_MACS = new FastThreadLocal<Mac>() {
52          @Override
53          protected Mac initialValue() {
54              return newMac(TOKEN_KEY);
55          }
56      };
57  
58      private static Mac newMac(byte[] key) {
59          try {
60              SecretKeySpec keySpec = new SecretKeySpec(key, ALGORITHM);
61              Mac mac = Mac.getInstance(ALGORITHM);
62              mac.init(keySpec);
63              return mac;
64          } catch (NoSuchAlgorithmException | InvalidKeyException exception) {
65              throw new IllegalStateException(exception);
66          }
67      }
68  
69      private static ByteBuffer sign(Mac mac, ByteBuffer input, int outLength) {
70          mac.reset();
71          mac.update(input);
72          byte[] signBytes = mac.doFinal();
73          if (signBytes.length != outLength) {
74              signBytes = Arrays.copyOf(signBytes, outLength);
75          }
76          return ByteBuffer.wrap(signBytes);
77      }
78  
79      static ByteBuffer signCid(ByteBuffer input, int outLength) {
80          return sign(CID_MACS.get(), input, outLength);
81      }
82  
83      static ByteBuffer signToken(ByteBuffer input, int outLength) {
84          return sign(TOKEN_MACS.get(), input, outLength);
85      }
86  
87      private Hmac() { }
88  }