Pass TLS read/write secrets by absl::Span instead of a byte vector. PiperOrigin-RevId: 445930737
diff --git a/quiche/quic/core/crypto/crypto_utils.cc b/quiche/quic/core/crypto/crypto_utils.cc index c55689f..9b33b0b 100644 --- a/quiche/quic/core/crypto/crypto_utils.cc +++ b/quiche/quic/core/crypto/crypto_utils.cc
@@ -55,7 +55,7 @@ // Secret, Label, and Length are passed in as |secret|, |label|, and // |out_len|, respectively. The resulting expanded secret is returned. std::vector<uint8_t> HkdfExpandLabel(const EVP_MD* prf, - const std::vector<uint8_t>& secret, + absl::Span<const uint8_t> secret, const std::string& label, size_t out_len) { bssl::ScopedCBB quic_hkdf_label; CBB inner_label; @@ -115,7 +115,7 @@ } void CryptoUtils::SetKeyAndIV(const EVP_MD* prf, - const std::vector<uint8_t>& pp_secret, + absl::Span<const uint8_t> pp_secret, const ParsedQuicVersion& version, QuicCrypter* crypter) { std::vector<uint8_t> key = @@ -130,7 +130,7 @@ } std::vector<uint8_t> CryptoUtils::GenerateHeaderProtectionKey( - const EVP_MD* prf, const std::vector<uint8_t>& pp_secret, + const EVP_MD* prf, absl::Span<const uint8_t> pp_secret, const ParsedQuicVersion& version, size_t out_len) { return HkdfExpandLabel(prf, pp_secret, getLabelForVersion(version, "hp"), out_len);
diff --git a/quiche/quic/core/crypto/crypto_utils.h b/quiche/quic/core/crypto/crypto_utils.h index 718f48d..87bf309 100644 --- a/quiche/quic/core/crypto/crypto_utils.h +++ b/quiche/quic/core/crypto/crypto_utils.h
@@ -91,13 +91,13 @@ // protection key. GenerateHeaderProtectionKey/SetHeaderProtectionKey must be // called before using |crypter|. static void SetKeyAndIV(const EVP_MD* prf, - const std::vector<uint8_t>& pp_secret, + absl::Span<const uint8_t> pp_secret, const ParsedQuicVersion& version, QuicCrypter* crypter); // Derives the header protection key from the packet protection secret. static std::vector<uint8_t> GenerateHeaderProtectionKey( - const EVP_MD* prf, const std::vector<uint8_t>& pp_secret, + const EVP_MD* prf, absl::Span<const uint8_t> pp_secret, const ParsedQuicVersion& version, size_t out_len); // Given a secret for key phase n, return the secret for phase n+1.
diff --git a/quiche/quic/core/crypto/tls_connection.cc b/quiche/quic/core/crypto/tls_connection.cc index 61e4c23..1b54b14 100644 --- a/quiche/quic/core/crypto/tls_connection.cc +++ b/quiche/quic/core/crypto/tls_connection.cc
@@ -158,12 +158,9 @@ const SSL_CIPHER* cipher, const uint8_t* secret, size_t secret_length) { - // TODO(nharper): replace this vector with a span (which unfortunately doesn't - // yet exist in quic/platform/api). - std::vector<uint8_t> secret_vec(secret, secret + secret_length); TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_; if (!delegate->SetReadSecret(QuicEncryptionLevel(level), cipher, - secret_vec)) { + absl::MakeSpan(secret, secret_length))) { return 0; } return 1; @@ -175,11 +172,9 @@ const SSL_CIPHER* cipher, const uint8_t* secret, size_t secret_length) { - // TODO(nharper): replace this vector with a span (which unfortunately doesn't - // yet exist in quic/platform/api). - std::vector<uint8_t> secret_vec(secret, secret + secret_length); TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_; - delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, secret_vec); + delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, + absl::MakeSpan(secret, secret_length)); return 1; }
diff --git a/quiche/quic/core/crypto/tls_connection.h b/quiche/quic/core/crypto/tls_connection.h index a4887e8..5c4e8b8 100644 --- a/quiche/quic/core/crypto/tls_connection.h +++ b/quiche/quic/core/crypto/tls_connection.h
@@ -47,7 +47,7 @@ // traffic secrets and application traffic secrets. The provided write // secret must be used with the provided cipher suite |cipher|. virtual void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) = 0; + absl::Span<const uint8_t> write_secret) = 0; // SetReadSecret is similar to SetWriteSecret, except that it is used for // decrypting messages. SetReadSecret at a particular level is always called @@ -55,7 +55,7 @@ // where the EncryptionLevel for SetWriteSecret is // ENCRYPTION_FORWARD_SECURE. virtual bool SetReadSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& read_secret) = 0; + absl::Span<const uint8_t> read_secret) = 0; // WriteMessage is called when there is |data| from the TLS stack ready for // the QUIC stack to write in a crypto frame. The data must be transmitted
diff --git a/quiche/quic/core/tls_client_handshaker.cc b/quiche/quic/core/tls_client_handshaker.cc index dbe7234..7460263 100644 --- a/quiche/quic/core/tls_client_handshaker.cc +++ b/quiche/quic/core/tls_client_handshaker.cc
@@ -429,7 +429,7 @@ void TlsClientHandshaker::SetWriteSecret( EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) { + absl::Span<const uint8_t> write_secret) { if (is_connection_closed()) { return; }
diff --git a/quiche/quic/core/tls_client_handshaker.h b/quiche/quic/core/tls_client_handshaker.h index d3c6312..21b6033 100644 --- a/quiche/quic/core/tls_client_handshaker.h +++ b/quiche/quic/core/tls_client_handshaker.h
@@ -72,7 +72,7 @@ void OnHandshakeDoneReceived() override; void OnNewTokenReceived(absl::string_view token) override; void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) override; + absl::Span<const uint8_t> write_secret) override; // Override to drop initial keys if trying to write ENCRYPTION_HANDSHAKE data. void WriteMessage(EncryptionLevel level, absl::string_view data) override;
diff --git a/quiche/quic/core/tls_handshaker.cc b/quiche/quic/core/tls_handshaker.cc index 6f4f4ff..15b4d4f 100644 --- a/quiche/quic/core/tls_handshaker.cc +++ b/quiche/quic/core/tls_handshaker.cc
@@ -235,7 +235,7 @@ void TlsHandshaker::SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) { + absl::Span<const uint8_t> write_secret) { QUIC_DVLOG(1) << ENDPOINT << "SetWriteSecret level=" << level; std::unique_ptr<QuicEncrypter> encrypter = QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher)); @@ -252,7 +252,7 @@ header_protection_key.size())); if (level == ENCRYPTION_FORWARD_SECURE) { QUICHE_DCHECK(latest_write_secret_.empty()); - latest_write_secret_ = write_secret; + latest_write_secret_.assign(write_secret.begin(), write_secret.end()); one_rtt_write_header_protection_key_ = header_protection_key; } handshaker_delegate_->OnNewEncryptionKeyAvailable(level, @@ -261,7 +261,7 @@ bool TlsHandshaker::SetReadSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& read_secret) { + absl::Span<const uint8_t> read_secret) { QUIC_DVLOG(1) << ENDPOINT << "SetReadSecret level=" << level; std::unique_ptr<QuicDecrypter> decrypter = QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher)); @@ -278,7 +278,7 @@ header_protection_key.size())); if (level == ENCRYPTION_FORWARD_SECURE) { QUICHE_DCHECK(latest_read_secret_.empty()); - latest_read_secret_ = read_secret; + latest_read_secret_.assign(read_secret.begin(), read_secret.end()); one_rtt_read_header_protection_key_ = header_protection_key; } return handshaker_delegate_->OnNewDecryptionKeyAvailable(
diff --git a/quiche/quic/core/tls_handshaker.h b/quiche/quic/core/tls_handshaker.h index ddd44c6..d2e0ee4 100644 --- a/quiche/quic/core/tls_handshaker.h +++ b/quiche/quic/core/tls_handshaker.h
@@ -138,14 +138,14 @@ // traffic secrets and application traffic secrets. The provided write secret // must be used with the provided cipher suite |cipher|. void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) override; + absl::Span<const uint8_t> write_secret) override; // SetReadSecret is similar to SetWriteSecret, except that it is used for // decrypting messages. SetReadSecret at a particular level is always called // after SetWriteSecret for that level, except for ENCRYPTION_ZERO_RTT, where // the EncryptionLevel for SetWriteSecret is ENCRYPTION_FORWARD_SECURE. bool SetReadSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& read_secret) override; + absl::Span<const uint8_t> read_secret) override; // WriteMessage is called when there is |data| from the TLS stack ready for // the QUIC stack to write in a crypto frame. The data must be transmitted at
diff --git a/quiche/quic/core/tls_server_handshaker.cc b/quiche/quic/core/tls_server_handshaker.cc index 3d9be2a..58ea409 100644 --- a/quiche/quic/core/tls_server_handshaker.cc +++ b/quiche/quic/core/tls_server_handshaker.cc
@@ -556,7 +556,7 @@ void TlsServerHandshaker::SetWriteSecret( EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) { + absl::Span<const uint8_t> write_secret) { if (is_connection_closed()) { return; }
diff --git a/quiche/quic/core/tls_server_handshaker.h b/quiche/quic/core/tls_server_handshaker.h index fde73c6..fa5ca75 100644 --- a/quiche/quic/core/tls_server_handshaker.h +++ b/quiche/quic/core/tls_server_handshaker.h
@@ -89,7 +89,7 @@ override; std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override; void SetWriteSecret(EncryptionLevel level, const SSL_CIPHER* cipher, - const std::vector<uint8_t>& write_secret) override; + absl::Span<const uint8_t> write_secret) override; // Called with normalized SNI hostname as |hostname|. Return value will be // sent in an ACCEPT_CH frame in the TLS ALPS extension, unless empty.