From 26a029d407be480d791972afb5975cf62c9360a6 Mon Sep 17 00:00:00 2001 From: Daniel Baumann Date: Fri, 19 Apr 2024 02:47:55 +0200 Subject: Adding upstream version 124.0.1. Signed-off-by: Daniel Baumann --- dom/quota/EncryptedBlock.h | 98 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 98 insertions(+) create mode 100644 dom/quota/EncryptedBlock.h (limited to 'dom/quota/EncryptedBlock.h') diff --git a/dom/quota/EncryptedBlock.h b/dom/quota/EncryptedBlock.h new file mode 100644 index 0000000000..eea3d302b2 --- /dev/null +++ b/dom/quota/EncryptedBlock.h @@ -0,0 +1,98 @@ +/* -*- Mode: C++; tab-width: 8; indent-tabs-mode: nil; c-basic-offset: 2 -*- */ +/* vim: set ts=8 sts=2 et sw=2 tw=80: */ +/* This Source Code Form is subject to the terms of the Mozilla Public + * License, v. 2.0. If a copy of the MPL was not distributed with this file, + * You can obtain one at http://mozilla.org/MPL/2.0/. */ + +#ifndef mozilla_dom_quota_EncryptedBlock_h +#define mozilla_dom_quota_EncryptedBlock_h + +#include +#include +#include +#include "mozilla/Assertions.h" +#include "mozilla/Span.h" +#include "nsTArray.h" + +namespace mozilla::dom::quota { + +// An encrypted block has the following format: +// - one basic block containing a uint16_t stating the actual payload length +// - one basic block containing the cipher prefix (tyipically a nonce) +// - encrypted payload up to the remainder of the specified overall size +// We currently assume the basic block size is the same as the cipher prefix +// length. +// +// XXX Actually, we don't need the actual payload length in every block. Only +// the last block may be incomplete. The tricky thing is just that it might be +// incomplete by just one or two bytes. +template +class EncryptedBlock { + public: + explicit EncryptedBlock(const size_t aOverallSize) { + MOZ_RELEASE_ASSERT(aOverallSize > + CipherPrefixOffset() + CipherPrefixLength); + MOZ_RELEASE_ASSERT(aOverallSize <= std::numeric_limits::max()); + // XXX Do we need this to be fallible? Then we need a factory/init function. + // But maybe that's not necessary as the block size is not user-provided and + // small. + mData.SetLength(aOverallSize); + + // Bug 1867394: Making sure to zero-initialize first block as there might + // be some unused bytes in it which could expose sensitive data. + // Currently, only sizeof(uint16_t) bytes gets used in the first block. + std::fill(mData.begin(), mData.begin() + CipherPrefixOffset(), 0); + SetActualPayloadLength(MaxPayloadLength()); + } + + size_t MaxPayloadLength() const { + return mData.Length() - CipherPrefixLength - CipherPrefixOffset(); + } + + void SetActualPayloadLength(uint16_t aActualPayloadLength) { + memcpy(mData.Elements(), &aActualPayloadLength, sizeof(uint16_t)); + } + size_t ActualPayloadLength() const { + return *reinterpret_cast(mData.Elements()); + } + + using ConstSpan = Span; + using MutableSpan = Span; + + ConstSpan CipherPrefix() const { + return WholeBlock().Subspan(CipherPrefixOffset(), CipherPrefixLength); + } + MutableSpan MutableCipherPrefix() { + return MutableWholeBlock().Subspan(CipherPrefixOffset(), + CipherPrefixLength); + } + + ConstSpan Payload() const { + return WholeBlock() + .SplitAt(CipherPrefixOffset() + CipherPrefixLength) + .second.First(RoundedUpToBasicBlockSize(ActualPayloadLength())); + } + MutableSpan MutablePayload() { + return MutableWholeBlock() + .SplitAt(CipherPrefixOffset() + CipherPrefixLength) + .second.First(RoundedUpToBasicBlockSize(ActualPayloadLength())); + } + + ConstSpan WholeBlock() const { return mData; } + MutableSpan MutableWholeBlock() { return mData; } + + private: + static constexpr size_t CipherPrefixOffset() { + return RoundedUpToBasicBlockSize(sizeof(uint16_t)); + } + + static constexpr size_t RoundedUpToBasicBlockSize(const size_t aValue) { + return (aValue + BasicBlockSize - 1) / BasicBlockSize * BasicBlockSize; + } + + nsTArray mData; +}; + +} // namespace mozilla::dom::quota + +#endif -- cgit v1.2.3