remove fizz::openssl versions for aead cipher tag types

Summary:
as titled. Following from previous commit (which split the openssl related fields from the aead cipher tag types), this diff removes the `fizz::openssl::<cipher>` versions and just uses the `fizz::<cipher>` or `fizz::openssl::Properties<cipher>` types as necessary.

Also created `backend/openssl/aead/Ciphers.h` to aggregate all the different files that define each `Properties<cipher>`

Reviewed By: mingtaoy

Differential Revision: D55898058

fbshipit-source-id: a1c23a1167fc4b0cc7d954b2abef60004074f120

fizz/backend/BUCK

@@ -32,8 +32,8 @@ cpp_library(
     exported_deps = [
         "//fizz:config",
         "//fizz/compression:certificate_compressor",
+        "//fizz/crypto:crypto",
         "//fizz/crypto/aead:aead",
-        "//fizz/crypto/aead:ciphers",
         "//fizz/crypto/aead:iobuf",
         "//fizz/crypto/exchange:key_exchange",
         "//fizz/crypto/exchange:x25519",

fizz/backend/openssl/OpenSSL.h

@@ -12,6 +12,7 @@ Include this file to use openssl features.
 #include <fizz/fizz-config.h>
 
 #include <fizz/backend/openssl/OpenSSLFactory.h>
+#include <fizz/backend/openssl/Properties.h>
 #include <fizz/backend/openssl/certificate/CertUtils.h>
 #include <fizz/backend/openssl/certificate/OpenSSLPeerCertImpl.h>
 #include <fizz/backend/openssl/certificate/OpenSSLSelfCertImpl.h>

fizz/backend/openssl/OpenSSLFactory.cpp

@@ -69,13 +69,13 @@ std::unique_ptr<KeyExchange> OpenSSLFactory::makeKeyExchange(
 std::unique_ptr<Aead> OpenSSLFactory::makeAead(CipherSuite cipher) const {
   switch (cipher) {
     case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
-      return OpenSSLEVPCipher::makeCipher<ChaCha20Poly1305>();
+      return OpenSSLEVPCipher::makeCipher<fizz::ChaCha20Poly1305>();
     case CipherSuite::TLS_AES_128_GCM_SHA256:
-      return OpenSSLEVPCipher::makeCipher<AESGCM128>();
+      return OpenSSLEVPCipher::makeCipher<fizz::AESGCM128>();
     case CipherSuite::TLS_AES_256_GCM_SHA384:
-      return OpenSSLEVPCipher::makeCipher<AESGCM256>();
+      return OpenSSLEVPCipher::makeCipher<fizz::AESGCM256>();
     case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
-      return OpenSSLEVPCipher::makeCipher<AESOCB128>();
+      return OpenSSLEVPCipher::makeCipher<fizz::AESOCB128>();
 #if FIZZ_BUILD_AEGIS
     case CipherSuite::TLS_AEGIS_256_SHA512:
       return AEGIS::make256();

fizz/backend/openssl/crypto/aead/AESGCM128.h

@@ -11,21 +11,11 @@
 #include <openssl/evp.h>
 
 #include <fizz/backend/openssl/Properties.h>
-#include <fizz/crypto/aead/AESGCM128.h>
+#include <fizz/crypto/Crypto.h>
 
 namespace fizz {
 namespace openssl {
 
-struct AESGCM128 {
-  static constexpr auto Cipher = EVP_aes_128_gcm;
-
-  static const size_t kKeyLength{16};
-  static const size_t kIVLength{12};
-  static const size_t kTagLength{16};
-  static const bool kOperatesInBlocks{false};
-  static const bool kRequiresPresetTagLen{false};
-};
-
 template <>
 struct Properties<fizz::AESGCM128> {
   static const EVP_CIPHER* Cipher() {

fizz/backend/openssl/crypto/aead/AESGCM256.h

@@ -11,7 +11,7 @@
 #include <openssl/evp.h>
 
 #include <fizz/backend/openssl/Properties.h>
-#include <fizz/crypto/aead/AESGCM256.h>
+#include <fizz/crypto/Crypto.h>
 
 namespace fizz {
 namespace openssl {

fizz/backend/openssl/crypto/aead/AESOCB128.h

@@ -9,31 +9,14 @@
 #pragma once
 
 #include <fizz/backend/openssl/Properties.h>
-#include <fizz/crypto/aead/AESOCB128.h>
+#include <fizz/crypto/Crypto.h>
 #include <folly/portability/OpenSSL.h>
 #include <openssl/evp.h>
 #include <stdexcept>
 
 namespace fizz {
 namespace openssl {
 
-struct AESOCB128 {
-  static const EVP_CIPHER* Cipher() {
-#if !defined(OPENSSL_NO_OCB)
-    return EVP_aes_128_ocb();
-#else
-    throw std::runtime_error(
-        "aes-ocb support requires OpenSSL 1.1.0 with ocb enabled");
-#endif
-  }
-
-  static const size_t kKeyLength{16};
-  static const size_t kIVLength{12};
-  static const size_t kTagLength{16};
-  static const bool kOperatesInBlocks{true};
-  static const bool kRequiresPresetTagLen{true};
-};
-
 template <>
 struct Properties<fizz::AESOCB128> {
   static const EVP_CIPHER* Cipher() {

fizz/backend/openssl/crypto/aead/ChaCha20Poly1305.h

@@ -11,30 +11,13 @@
 #include <stdexcept>
 
 #include <fizz/backend/openssl/Properties.h>
-#include <fizz/crypto/aead/ChaCha20Poly1305.h>
+#include <fizz/crypto/Crypto.h>
 #include <folly/portability/OpenSSL.h>
 #include <openssl/evp.h>
 
 namespace fizz {
 namespace openssl {
 
-struct ChaCha20Poly1305 {
-  static const EVP_CIPHER* Cipher() {
-#if FOLLY_OPENSSL_HAS_CHACHA
-    return EVP_chacha20_poly1305();
-#else
-    throw std::runtime_error(
-        "chacha20-poly1305 support requires OpenSSL 1.1.0");
-#endif // FOLLY_OPENSSL_HAS_CHACHA
-  }
-
-  static const size_t kKeyLength{32};
-  static const size_t kIVLength{12};
-  static const size_t kTagLength{16};
-  static const bool kOperatesInBlocks{false};
-  static const bool kRequiresPresetTagLen{false};
-};
-
 template <>
 struct Properties<fizz::ChaCha20Poly1305> {
   static const EVP_CIPHER* Cipher() {

fizz/crypto/aead/AESGCM128.h → fizz/backend/openssl/crypto/aead/Ciphers.h

@@ -8,14 +8,7 @@
 
 #pragma once
 
-#include <cstdlib>
-
-namespace fizz {
-
-struct AESGCM128 {
-  static const size_t kKeyLength{16};
-  static const size_t kIVLength{12};
-  static const size_t kTagLength{16};
-};
-
-} // namespace fizz
+#include <fizz/backend/openssl/crypto/aead/AESGCM128.h>
+#include <fizz/backend/openssl/crypto/aead/AESGCM256.h>
+#include <fizz/backend/openssl/crypto/aead/AESOCB128.h>
+#include <fizz/backend/openssl/crypto/aead/ChaCha20Poly1305.h>

fizz/backend/openssl/crypto/aead/OpenSSLEVPCipher-inl.h

@@ -9,18 +9,18 @@
 namespace fizz {
 namespace openssl {
 
-template <typename EVPImpl>
+template <typename AeadCipher>
 std::unique_ptr<Aead> OpenSSLEVPCipher::makeCipher() {
-  static_assert(EVPImpl::kIVLength >= sizeof(uint64_t), "iv too small");
-  static_assert(EVPImpl::kIVLength < kMaxIVLength, "iv too large");
-  static_assert(EVPImpl::kTagLength < kMaxTagLength, "tag too large");
+  static_assert(AeadCipher::kIVLength >= sizeof(uint64_t), "iv too small");
+  static_assert(AeadCipher::kIVLength < kMaxIVLength, "iv too large");
+  static_assert(AeadCipher::kTagLength < kMaxTagLength, "tag too large");
   return std::unique_ptr<Aead>(new OpenSSLEVPCipher(
-      EVPImpl::kKeyLength,
-      EVPImpl::kIVLength,
-      EVPImpl::kTagLength,
-      EVPImpl::Cipher(),
-      EVPImpl::kOperatesInBlocks,
-      EVPImpl::kRequiresPresetTagLen));
+      AeadCipher::kKeyLength,
+      AeadCipher::kIVLength,
+      AeadCipher::kTagLength,
+      Properties<AeadCipher>::Cipher(),
+      Properties<AeadCipher>::kOperatesInBlocks,
+      Properties<AeadCipher>::kRequiresPresetTagLen));
 }
 
 } // namespace openssl

fizz/backend/openssl/crypto/aead/OpenSSLEVPCipher.h

@@ -8,7 +8,7 @@
 
 #pragma once
 
-#include <fizz/backend/openssl/crypto/aead/AESGCM128.h>
+#include <fizz/backend/openssl/crypto/aead/Ciphers.h>
 #include <fizz/crypto/aead/Aead.h>
 #include <fizz/crypto/aead/IOBufUtil.h>
 #include <folly/Conv.h>
@@ -44,7 +44,7 @@ class OpenSSLEVPCipher : public Aead {
   static constexpr size_t kMaxIVLength = 20;
   static constexpr size_t kMaxTagLength = 20;
 
-  template <class EVPImpl>
+  template <class AeadCipher>
   static std::unique_ptr<Aead> makeCipher();
 
   OpenSSLEVPCipher(OpenSSLEVPCipher&& other) = default;

fizz/crypto/BUCK

@@ -2,6 +2,17 @@ load("@fbcode_macros//build_defs:cpp_library.bzl", "cpp_library")
 
 oncall("secure_pipes")
 
+cpp_library(
+    name = "crypto",
+    srcs = [
+    ],
+    headers = [
+        "Crypto.h",
+    ],
+    exported_deps = [
+    ],
+)
+
 cpp_library(
     name = "hkdf",
     srcs = [

fizz/crypto/aead/ChaCha20Poly1305.h → fizz/crypto/Crypto.h

@@ -12,6 +12,24 @@
 
 namespace fizz {
 
+struct AESGCM128 {
+  static const size_t kKeyLength{16};
+  static const size_t kIVLength{12};
+  static const size_t kTagLength{16};
+};
+
+struct AESGCM256 {
+  static const size_t kKeyLength{32};
+  static const size_t kIVLength{12};
+  static const size_t kTagLength{16};
+};
+
+struct AESOCB128 {
+  static const size_t kKeyLength{16};
+  static const size_t kIVLength{12};
+  static const size_t kTagLength{16};
+};
+
 struct ChaCha20Poly1305 {
   static const size_t kKeyLength{32};
   static const size_t kIVLength{12};

fizz/crypto/aead/BUCK

@@ -13,16 +13,6 @@ cpp_library(
     ],
 )
 
-cpp_library(
-    name = "ciphers",
-    headers = [
-        "AESGCM128.h",
-        "AESGCM256.h",
-        "AESOCB128.h",
-        "ChaCha20Poly1305.h",
-    ],
-)
-
 cpp_library(
     name = "iobuf",
     srcs = [

fizz/crypto/hpke/Utils.cpp

@@ -180,11 +180,11 @@ size_t nenc(KEMId kemId) {
 std::unique_ptr<Aead> makeCipher(AeadId aeadId) {
   switch (aeadId) {
     case AeadId::TLS_CHACHA20_POLY1305_SHA256:
-      return openssl::OpenSSLEVPCipher::makeCipher<openssl::ChaCha20Poly1305>();
+      return openssl::OpenSSLEVPCipher::makeCipher<ChaCha20Poly1305>();
     case AeadId::TLS_AES_128_GCM_SHA256:
-      return openssl::OpenSSLEVPCipher::makeCipher<openssl::AESGCM128>();
+      return openssl::OpenSSLEVPCipher::makeCipher<AESGCM128>();
     case AeadId::TLS_AES_256_GCM_SHA384:
-      return openssl::OpenSSLEVPCipher::makeCipher<openssl::AESGCM256>();
+      return openssl::OpenSSLEVPCipher::makeCipher<AESGCM256>();
     default:
       throw std::runtime_error("can't make aead: not implemented");
   }

fizz/crypto/hpke/test/ContextTest.cpp

@@ -162,7 +162,7 @@ TEST_P(HpkeContextTest, TestExportSecretThrow) {
         HashFunction::Sha256,
         CipherSuite::TLS_AES_128_GCM_SHA256);
     HpkeContextImpl context(
-        openssl::OpenSSLEVPCipher::makeCipher<openssl::AESGCM128>(),
+        openssl::OpenSSLEVPCipher::makeCipher<fizz::AESGCM128>(),
         toIOBuf(testParam.exporterSecret),
         std::make_unique<fizz::hpke::Hkdf>(
             kPrefix->clone(),

fizz/crypto/test/TestUtil.cpp

@@ -80,17 +80,16 @@ std::unique_ptr<Aead> getCipher(CipherSuite suite) {
   std::unique_ptr<Aead> cipher;
   switch (suite) {
     case CipherSuite::TLS_AES_128_GCM_SHA256:
-      cipher = openssl::OpenSSLEVPCipher::makeCipher<openssl::AESGCM128>();
+      cipher = openssl::OpenSSLEVPCipher::makeCipher<AESGCM128>();
       break;
     case CipherSuite::TLS_AES_256_GCM_SHA384:
-      cipher = openssl::OpenSSLEVPCipher::makeCipher<openssl::AESGCM256>();
+      cipher = openssl::OpenSSLEVPCipher::makeCipher<AESGCM256>();
       break;
     case CipherSuite::TLS_CHACHA20_POLY1305_SHA256:
-      cipher =
-          openssl::OpenSSLEVPCipher::makeCipher<openssl::ChaCha20Poly1305>();
+      cipher = openssl::OpenSSLEVPCipher::makeCipher<ChaCha20Poly1305>();
       break;
     case CipherSuite::TLS_AES_128_OCB_SHA256_EXPERIMENTAL:
-      cipher = openssl::OpenSSLEVPCipher::makeCipher<openssl::AESOCB128>();
+      cipher = openssl::OpenSSLEVPCipher::makeCipher<AESOCB128>();
       break;
 #if FIZZ_BUILD_AEGIS
     case CipherSuite::TLS_AEGIS_128L_SHA256:

fizz/experimental/ktls/KTLS.cpp

@@ -62,14 +62,14 @@ static folly::Optional<KTLSParameterLayout> getKTLSLayout(CipherSuite suite) {
   // TODO: Newer kernels support chacha20
   switch (suite) {
     case CipherSuite::TLS_AES_128_GCM_SHA256:
-      ret.keyLength = openssl::AESGCM128::kKeyLength;
-      ret.ivLength = openssl::AESGCM128::kIVLength;
+      ret.keyLength = fizz::AESGCM128::kKeyLength;
+      ret.ivLength = fizz::AESGCM128::kIVLength;
       ret.ktlsAllocationSize = CRYPTO_INFO_SIZE(TLS_CIPHER_AES_GCM_128);
       ret.ktlsCipherType = TLS_CIPHER_AES_GCM_128;
       break;
     case CipherSuite::TLS_AES_256_GCM_SHA384:
-      ret.keyLength = openssl::AESGCM256::kKeyLength;
-      ret.ivLength = openssl::AESGCM256::kIVLength;
+      ret.keyLength = fizz::AESGCM256::kKeyLength;
+      ret.ivLength = fizz::AESGCM256::kIVLength;
       ret.ktlsAllocationSize = CRYPTO_INFO_SIZE(TLS_CIPHER_AES_GCM_256);
       ret.ktlsCipherType = TLS_CIPHER_AES_GCM_256;
       break;

fizz/experimental/ktls/test/AsyncKTLSRxSocketTest.cpp

@@ -46,8 +46,7 @@ static std::unique_ptr<T> makeEncryptedRecordLayer(
   // parameter
   static unsigned char dummy;
 
-  auto aead =
-      fizz::openssl::OpenSSLEVPCipher::makeCipher<fizz::openssl::AESGCM128>();
+  auto aead = fizz::openssl::OpenSSLEVPCipher::makeCipher<fizz::AESGCM128>();
   aead->setKey(std::move(key));
   auto rl = std::make_unique<T>(fizz::EncryptionLevel::AppTraffic);
   rl->setAead(folly::ByteRange(&dummy, 1), std::move(aead));

fizz/experimental/ktls/test/AsyncKTLSSocketTest.cpp

@@ -46,8 +46,7 @@ static std::unique_ptr<T> makeEncryptedRecordLayer(
   // parameter
   static unsigned char dummy;
 
-  auto aead =
-      fizz::openssl::OpenSSLEVPCipher::makeCipher<fizz::openssl::AESGCM128>();
+  auto aead = fizz::openssl::OpenSSLEVPCipher::makeCipher<fizz::AESGCM128>();
   aead->setKey(std::move(key));
   auto rl = std::make_unique<T>(fizz::EncryptionLevel::AppTraffic);
   rl->setAead(folly::ByteRange(&dummy, 1), std::move(aead));

fizz/experimental/ktls/test/KTLSTest.cpp

@@ -48,8 +48,8 @@ static TrafficKey createKey() {
   return key;
 }
 
-static const TrafficKey kAES128TrafficKey = createKey<openssl::AESGCM128>();
-static const TrafficKey kAES256TrafficKey = createKey<openssl::AESGCM256>();
+static const TrafficKey kAES128TrafficKey = createKey<fizz::AESGCM128>();
+static const TrafficKey kAES256TrafficKey = createKey<fizz::AESGCM256>();
 
 TEST_F(KTLSTest, TestSockoptFormat) {
   // An unsupported ktls cipher suite should not work