Deprecate quic_heapless_key_derivation.
PiperOrigin-RevId: 788463184
diff --git a/quiche/common/quiche_feature_flags_list.h b/quiche/common/quiche_feature_flags_list.h
index 8c8c60d..17eed4a 100755
--- a/quiche/common/quiche_feature_flags_list.h
+++ b/quiche/common/quiche_feature_flags_list.h
@@ -37,7 +37,6 @@
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_enobufs_blocked, false, false, "If true, ENOBUFS socket errors are reported as socket blocked instead of socket failure.")
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_fin_before_completed_http_headers, false, true, "If true, close the connection with error if FIN is received before finish receiving the whole HTTP headers.")
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_fix_timeouts, true, true, "If true, postpone setting handshake timeout to infinite to handshake complete.")
-QUICHE_FLAG(bool, quiche_reloadable_flag_quic_heapless_key_derivation, true, true, "If true, QUIC key derivation uses heapless crypto utils.")
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_ignore_gquic_probing, true, true, "If true, QUIC server will not respond to gQUIC probing packet(PING + PADDING) but treat it as a regular packet.")
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_least_unacked_plus_1, false, false, "If true, sets peer_least_packet_awaiting_ack to one more than the highest confirmed acknowledgment to fix an off-by-one error.")
QUICHE_FLAG(bool, quiche_reloadable_flag_quic_limit_new_streams_per_loop_2, true, true, "If true, when the peer sends connection options \\\'SLP1\\\', \\\'SLP2\\\' and \\\'SLPF\\\', internet facing GFEs will only allow a limited number of new requests to be processed per event loop, and postpone the rest to the following event loops. Also guard QuicConnection to iterate through all decrypters at each encryption level to get cipher id for a request.")
diff --git a/quiche/quic/core/crypto/crypto_utils.cc b/quiche/quic/core/crypto/crypto_utils.cc
index 8c5aec5..5fb5480 100644
--- a/quiche/quic/core/crypto/crypto_utils.cc
+++ b/quiche/quic/core/crypto/crypto_utils.cc
@@ -10,7 +10,6 @@
#include <memory>
#include <optional>
#include <string>
-#include <vector>
#include "absl/base/macros.h"
#include "absl/strings/str_cat.h"
@@ -40,8 +39,6 @@
#include "quiche/quic/core/quic_utils.h"
#include "quiche/quic/core/quic_versions.h"
#include "quiche/quic/platform/api/quic_bug_tracker.h"
-#include "quiche/quic/platform/api/quic_flag_utils.h"
-#include "quiche/quic/platform/api/quic_flags.h"
#include "quiche/quic/platform/api/quic_logging.h"
#include "quiche/common/quiche_endian.h"
#include "quiche/common/wire_serialization.h"
@@ -93,48 +90,6 @@
}
return true;
}
-// Legacy overloaded version that accepts string and returns vector, which leads
-// to heap allocations.
-// TODO(martinduke): Delete this.
-std::vector<uint8_t> HkdfExpandLabel(const EVP_MD* prf,
- absl::Span<const uint8_t> secret,
- const std::string& label, size_t out_len) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 1, 10);
- }
- bssl::ScopedCBB quic_hkdf_label;
- CBB inner_label;
- const char label_prefix[] = "tls13 ";
- // 20 = size(u16) + size(u8) + len("tls13 ") +
- // max_len("client in", "server in", "quicv2 key", ... ) +
- // size(u8);
- static const size_t max_quic_hkdf_label_length = 20;
- if (!CBB_init(quic_hkdf_label.get(), max_quic_hkdf_label_length) ||
- !CBB_add_u16(quic_hkdf_label.get(), out_len) ||
- !CBB_add_u8_length_prefixed(quic_hkdf_label.get(), &inner_label) ||
- !CBB_add_bytes(&inner_label,
- reinterpret_cast<const uint8_t*>(label_prefix),
- ABSL_ARRAYSIZE(label_prefix) - 1) ||
- !CBB_add_bytes(&inner_label,
- reinterpret_cast<const uint8_t*>(label.data()),
- label.size()) ||
- // Zero length |Context|.
- !CBB_add_u8(quic_hkdf_label.get(), 0) ||
- !CBB_flush(quic_hkdf_label.get())) {
- QUIC_LOG(ERROR) << "Building HKDF label failed";
- return std::vector<uint8_t>();
- }
- std::vector<uint8_t> out;
- out.resize(out_len);
- if (!HKDF_expand(out.data(), out_len, prf, secret.data(), secret.size(),
- CBB_data(quic_hkdf_label.get()),
- CBB_len(quic_hkdf_label.get()))) {
- QUIC_LOG(ERROR) << "Running HKDF-Expand-Label failed";
- return std::vector<uint8_t>();
- }
- return out;
-}
// "quicv2 key" is the longest string for a version label.
constexpr size_t kMaxVersionLabelLength = 10;
@@ -159,29 +114,13 @@
writer.WriteStringPiece(predicate);
return absl::string_view(out.data(), writer.length());
}
-// Legacy overloaded version that returns string, leading to a heap allocation.
-// TODO(martinduke): Delete this.
-std::string getLabelForVersion(const ParsedQuicVersion& version,
- const absl::string_view& predicate) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 2, 10);
- }
- static_assert(SupportedVersions().size() == 4u,
- "Supported versions out of sync with HKDF labels");
- if (version == ParsedQuicVersion::RFCv2()) {
- return absl::StrCat("quicv2 ", predicate);
- } else {
- return absl::StrCat("quic ", predicate);
- }
-}
// static
void CryptoUtils::InitializeCrypterSecrets(const EVP_MD* prf,
absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
QuicCrypter* crypter) {
- SetKeyAndIVHeapless(prf, pp_secret, version, crypter);
+ SetKeyAndIV(prf, pp_secret, version, crypter);
uint8_t header_protection_key[kMaxKeySize];
QUIC_BUG_IF(quic_bug_hp_length_mismatch,
crypter->GetKeySize() > sizeof(header_protection_key))
@@ -192,28 +131,12 @@
crypter->SetHeaderProtectionKey(absl::string_view(
reinterpret_cast<char*>(header_protection_key), crypter->GetKeySize()));
}
-// Version that uses the heap.
-// TODO(martinduke): Delete this.
-void CryptoUtils::InitializeCrypterSecrets(
- const EVP_MD* prf, const std::vector<uint8_t>& pp_secret,
- const ParsedQuicVersion& version, QuicCrypter* crypter) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 3, 10);
- }
- SetKeyAndIV(prf, pp_secret, version, crypter);
- std::vector<uint8_t> header_protection_key = GenerateHeaderProtectionKey(
- prf, pp_secret, version, crypter->GetKeySize());
- crypter->SetHeaderProtectionKey(
- absl::string_view(reinterpret_cast<char*>(header_protection_key.data()),
- header_protection_key.size()));
-}
// static
-void CryptoUtils::SetKeyAndIVHeapless(const EVP_MD* prf,
- absl::Span<const uint8_t> pp_secret,
- const ParsedQuicVersion& version,
- QuicCrypter* crypter) {
+void CryptoUtils::SetKeyAndIV(const EVP_MD* prf,
+ absl::Span<const uint8_t> pp_secret,
+ const ParsedQuicVersion& version,
+ QuicCrypter* crypter) {
uint8_t key[kMaxKeySize];
QUIC_BUG_IF(quic_bug_key_length_mismatch, crypter->GetKeySize() > sizeof(key))
<< "Key length does not match crypter";
@@ -239,25 +162,6 @@
crypter->SetIV(
absl::string_view(reinterpret_cast<char*>(iv), crypter->GetIVSize()));
}
-// TODO(martinduke): Delete this.
-void CryptoUtils::SetKeyAndIV(const EVP_MD* prf,
- absl::Span<const uint8_t> pp_secret,
- const ParsedQuicVersion& version,
- QuicCrypter* crypter) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 4, 10);
- }
- std::vector<uint8_t> key =
- HkdfExpandLabel(prf, pp_secret, getLabelForVersion(version, "key"),
- crypter->GetKeySize());
- std::vector<uint8_t> iv = HkdfExpandLabel(
- prf, pp_secret, getLabelForVersion(version, "iv"), crypter->GetIVSize());
- crypter->SetKey(
- absl::string_view(reinterpret_cast<char*>(key.data()), key.size()));
- crypter->SetIV(
- absl::string_view(reinterpret_cast<char*>(iv.data()), iv.size()));
-}
// static
bool CryptoUtils::GenerateHeaderProtectionKey(
@@ -270,17 +174,6 @@
absl::Span<char>(version_label_raw, kMaxVersionLabelLength));
return HkdfExpandLabel(prf, pp_secret, version_label, out);
}
-// TODO(martinduke): Delete this.
-std::vector<uint8_t> CryptoUtils::GenerateHeaderProtectionKey(
- const EVP_MD* prf, absl::Span<const uint8_t> pp_secret,
- const ParsedQuicVersion& version, size_t out_len) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 5, 10);
- }
- return HkdfExpandLabel(prf, pp_secret, getLabelForVersion(version, "hp"),
- out_len);
-}
// static
bool CryptoUtils::GenerateNextKeyPhaseSecret(
@@ -293,17 +186,6 @@
absl::Span<char>(version_label_raw, kMaxVersionLabelLength));
return HkdfExpandLabel(prf, current_secret, version_label, out);
}
-// TODO(martinduke): Delete this.
-std::vector<uint8_t> CryptoUtils::GenerateNextKeyPhaseSecret(
- const EVP_MD* prf, const ParsedQuicVersion& version,
- const std::vector<uint8_t>& current_secret) {
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- // This value should be zero; the flag should eliminate all paths to here.
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 6, 10);
- }
- return HkdfExpandLabel(prf, current_secret, getLabelForVersion(version, "ku"),
- current_secret.size());
-}
namespace {
diff --git a/quiche/quic/core/crypto/crypto_utils.h b/quiche/quic/core/crypto/crypto_utils.h
index cd1a438..d496fbf 100644
--- a/quiche/quic/core/crypto/crypto_utils.h
+++ b/quiche/quic/core/crypto/crypto_utils.h
@@ -10,7 +10,6 @@
#include <cstddef>
#include <cstdint>
#include <string>
-#include <vector>
#include "absl/strings/string_view.h"
#include "absl/types/span.h"
@@ -84,23 +83,11 @@
absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
QuicCrypter* crypter);
- // Overloaded legacy version that takes a vector.
- // TODO(martinduke): Delete this.
- static void InitializeCrypterSecrets(const EVP_MD* prf,
- const std::vector<uint8_t>& pp_secret,
- const ParsedQuicVersion& version,
- QuicCrypter* crypter);
// Derives the key and IV from the packet protection secret and sets those
// fields on the given QuicCrypter |*crypter|, but does not set the header
// protection key. GenerateHeaderProtectionKey/SetHeaderProtectionKey must be
// called before using |crypter|.
- static void SetKeyAndIVHeapless(const EVP_MD* prf,
- absl::Span<const uint8_t> pp_secret,
- const ParsedQuicVersion& version,
- QuicCrypter* crypter);
- // TODO(martinduke): Delete this legacy version that allocates more from the
- // heap.
static void SetKeyAndIV(const EVP_MD* prf,
absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
@@ -113,20 +100,12 @@
absl::Span<const uint8_t> pp_secret,
const ParsedQuicVersion& version,
absl::Span<uint8_t> out);
- // Overloaded legacy version that allocates the vector.
- static std::vector<uint8_t> GenerateHeaderProtectionKey(
- const EVP_MD* prf, absl::Span<const uint8_t> pp_secret,
- const ParsedQuicVersion& version, size_t out_len);
// Given a secret for key phase n, return the secret for phase n+1 in |out|.
// Returns true if the derivation was successful, false otherwise.
static bool GenerateNextKeyPhaseSecret(
const EVP_MD* prf, const ParsedQuicVersion& version,
absl::Span<const uint8_t> current_secret, absl::Span<uint8_t> out);
- // Overloaded legacy version that allocates the vector.
- static std::vector<uint8_t> GenerateNextKeyPhaseSecret(
- const EVP_MD* prf, const ParsedQuicVersion& version,
- const std::vector<uint8_t>& current_secret);
// Assumes Initial crypters have already been allocated, to create a path
// with heap allocations limited to those inherited from OpenSSL. |encrypter|
diff --git a/quiche/quic/core/tls_handshaker.cc b/quiche/quic/core/tls_handshaker.cc
index 9529230..91f3b59 100644
--- a/quiche/quic/core/tls_handshaker.cc
+++ b/quiche/quic/core/tls_handshaker.cc
@@ -286,23 +286,13 @@
QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
const EVP_MD* prf = Prf(cipher);
std::vector<uint8_t> header_protection_key;
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 7, 10);
- CryptoUtils::SetKeyAndIVHeapless(prf, write_secret,
- handshaker_delegate_->parsed_version(),
- encrypter.get());
- header_protection_key.resize(encrypter->GetKeySize());
- CryptoUtils::GenerateHeaderProtectionKey(
- prf, write_secret, handshaker_delegate_->parsed_version(),
- absl::Span<uint8_t>(header_protection_key));
- } else {
- CryptoUtils::SetKeyAndIV(prf, write_secret,
- handshaker_delegate_->parsed_version(),
- encrypter.get());
- header_protection_key = CryptoUtils::GenerateHeaderProtectionKey(
- prf, write_secret, handshaker_delegate_->parsed_version(),
- encrypter->GetKeySize());
- }
+ CryptoUtils::SetKeyAndIV(prf, write_secret,
+ handshaker_delegate_->parsed_version(),
+ encrypter.get());
+ header_protection_key.resize(encrypter->GetKeySize());
+ CryptoUtils::GenerateHeaderProtectionKey(
+ prf, write_secret, handshaker_delegate_->parsed_version(),
+ absl::Span<uint8_t>(header_protection_key));
encrypter->SetHeaderProtectionKey(
absl::string_view(reinterpret_cast<char*>(header_protection_key.data()),
header_protection_key.size()));
@@ -329,23 +319,13 @@
QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
const EVP_MD* prf = Prf(cipher);
std::vector<uint8_t> header_protection_key;
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 8, 10);
- CryptoUtils::SetKeyAndIVHeapless(prf, read_secret,
- handshaker_delegate_->parsed_version(),
- decrypter.get());
- header_protection_key.resize(decrypter->GetKeySize());
- CryptoUtils::GenerateHeaderProtectionKey(
- prf, read_secret, handshaker_delegate_->parsed_version(),
- absl::Span<uint8_t>(header_protection_key));
- } else {
- CryptoUtils::SetKeyAndIV(prf, read_secret,
- handshaker_delegate_->parsed_version(),
- decrypter.get());
- header_protection_key = CryptoUtils::GenerateHeaderProtectionKey(
- prf, read_secret, handshaker_delegate_->parsed_version(),
- decrypter->GetKeySize());
- }
+ CryptoUtils::SetKeyAndIV(prf, read_secret,
+ handshaker_delegate_->parsed_version(),
+ decrypter.get());
+ header_protection_key.resize(decrypter->GetKeySize());
+ CryptoUtils::GenerateHeaderProtectionKey(
+ prf, read_secret, handshaker_delegate_->parsed_version(),
+ absl::Span<uint8_t>(header_protection_key));
decrypter->SetHeaderProtectionKey(
absl::string_view(reinterpret_cast<char*>(header_protection_key.data()),
header_protection_key.size()));
@@ -372,29 +352,17 @@
}
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
const EVP_MD* prf = Prf(cipher);
- std::unique_ptr<QuicDecrypter> decrypter;
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 9, 10);
- CryptoUtils::GenerateNextKeyPhaseSecret(
- prf, handshaker_delegate_->parsed_version(), latest_read_secret_,
- absl::Span<uint8_t>(latest_read_secret_));
- CryptoUtils::GenerateNextKeyPhaseSecret(
- prf, handshaker_delegate_->parsed_version(), latest_write_secret_,
- absl::Span<uint8_t>(latest_write_secret_));
- decrypter = QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
- CryptoUtils::SetKeyAndIVHeapless(prf, latest_read_secret_,
- handshaker_delegate_->parsed_version(),
- decrypter.get());
- } else {
- latest_read_secret_ = CryptoUtils::GenerateNextKeyPhaseSecret(
- prf, handshaker_delegate_->parsed_version(), latest_read_secret_);
- latest_write_secret_ = CryptoUtils::GenerateNextKeyPhaseSecret(
- prf, handshaker_delegate_->parsed_version(), latest_write_secret_);
- decrypter = QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
- CryptoUtils::SetKeyAndIV(prf, latest_read_secret_,
- handshaker_delegate_->parsed_version(),
- decrypter.get());
- }
+ CryptoUtils::GenerateNextKeyPhaseSecret(
+ prf, handshaker_delegate_->parsed_version(), latest_read_secret_,
+ absl::Span<uint8_t>(latest_read_secret_));
+ CryptoUtils::GenerateNextKeyPhaseSecret(
+ prf, handshaker_delegate_->parsed_version(), latest_write_secret_,
+ absl::Span<uint8_t>(latest_write_secret_));
+ std::unique_ptr<QuicDecrypter> decrypter =
+ QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
+ CryptoUtils::SetKeyAndIV(prf, latest_read_secret_,
+ handshaker_delegate_->parsed_version(),
+ decrypter.get());
decrypter->SetHeaderProtectionKey(absl::string_view(
reinterpret_cast<char*>(one_rtt_read_header_protection_key_.data()),
@@ -414,16 +382,9 @@
const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
std::unique_ptr<QuicEncrypter> encrypter =
QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
- if (GetQuicReloadableFlag(quic_heapless_key_derivation)) {
- QUIC_RELOADABLE_FLAG_COUNT_N(quic_heapless_key_derivation, 10, 10);
- CryptoUtils::SetKeyAndIVHeapless(Prf(cipher), latest_write_secret_,
- handshaker_delegate_->parsed_version(),
- encrypter.get());
- } else {
- CryptoUtils::SetKeyAndIV(Prf(cipher), latest_write_secret_,
- handshaker_delegate_->parsed_version(),
- encrypter.get());
- }
+ CryptoUtils::SetKeyAndIV(Prf(cipher), latest_write_secret_,
+ handshaker_delegate_->parsed_version(),
+ encrypter.get());
encrypter->SetHeaderProtectionKey(absl::string_view(
reinterpret_cast<char*>(one_rtt_write_header_protection_key_.data()),
one_rtt_write_header_protection_key_.size()));
