1 /* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */
2 /* vim: set ts=8 sts=2 et sw=2 tw=80: */
3 /* This Source Code Form is subject to the terms of the Mozilla Public
4 * License, v. 2.0. If a copy of the MPL was not distributed with this file,
5 * You can obtain one at http://mozilla.org/MPL/2.0/. */
7 #ifndef mozilla_dom_quota_EncryptedBlock_h
8 #define mozilla_dom_quota_EncryptedBlock_h
13 #include "mozilla/Assertions.h"
14 #include "mozilla/Span.h"
17 namespace mozilla::dom::quota
{
19 // An encrypted block has the following format:
20 // - one basic block containing a uint16_t stating the actual payload length
21 // - one basic block containing the cipher prefix (tyipically a nonce)
22 // - encrypted payload up to the remainder of the specified overall size
23 // We currently assume the basic block size is the same as the cipher prefix
26 // XXX Actually, we don't need the actual payload length in every block. Only
27 // the last block may be incomplete. The tricky thing is just that it might be
28 // incomplete by just one or two bytes.
29 template <size_t CipherPrefixLength
, size_t BasicBlockSize
>
30 class EncryptedBlock
{
32 explicit EncryptedBlock(const size_t aOverallSize
) {
33 MOZ_RELEASE_ASSERT(aOverallSize
>
34 CipherPrefixOffset() + CipherPrefixLength
);
35 MOZ_RELEASE_ASSERT(aOverallSize
<= std::numeric_limits
<uint16_t>::max());
36 // XXX Do we need this to be fallible? Then we need a factory/init function.
37 // But maybe that's not necessary as the block size is not user-provided and
39 mData
.SetLength(aOverallSize
);
41 // Bug 1867394: Making sure to zero-initialize first block as there might
42 // be some unused bytes in it which could expose sensitive data.
43 // Currently, only sizeof(uint16_t) bytes gets used in the first block.
44 std::fill(mData
.begin(), mData
.begin() + CipherPrefixOffset(), 0);
45 SetActualPayloadLength(MaxPayloadLength());
48 size_t MaxPayloadLength() const {
49 return mData
.Length() - CipherPrefixLength
- CipherPrefixOffset();
52 void SetActualPayloadLength(uint16_t aActualPayloadLength
) {
53 memcpy(mData
.Elements(), &aActualPayloadLength
, sizeof(uint16_t));
55 size_t ActualPayloadLength() const {
56 return *reinterpret_cast<const uint16_t*>(mData
.Elements());
59 using ConstSpan
= Span
<const uint8_t>;
60 using MutableSpan
= Span
<uint8_t>;
62 ConstSpan
CipherPrefix() const {
63 return WholeBlock().Subspan(CipherPrefixOffset(), CipherPrefixLength
);
65 MutableSpan
MutableCipherPrefix() {
66 return MutableWholeBlock().Subspan(CipherPrefixOffset(),
70 ConstSpan
Payload() const {
72 .SplitAt(CipherPrefixOffset() + CipherPrefixLength
)
73 .second
.First(RoundedUpToBasicBlockSize(ActualPayloadLength()));
75 MutableSpan
MutablePayload() {
76 return MutableWholeBlock()
77 .SplitAt(CipherPrefixOffset() + CipherPrefixLength
)
78 .second
.First(RoundedUpToBasicBlockSize(ActualPayloadLength()));
81 ConstSpan
WholeBlock() const { return mData
; }
82 MutableSpan
MutableWholeBlock() { return mData
; }
85 static constexpr size_t CipherPrefixOffset() {
86 return RoundedUpToBasicBlockSize(sizeof(uint16_t));
89 static constexpr size_t RoundedUpToBasicBlockSize(const size_t aValue
) {
90 return (aValue
+ BasicBlockSize
- 1) / BasicBlockSize
* BasicBlockSize
;
93 nsTArray
<uint8_t> mData
;
96 } // namespace mozilla::dom::quota