commit f03456ceb0db4f11696f304325e55fddc9567797
author QUICHE team <quiche-dev@google.com> Thu Mar 21 08:54:47 2019 -0700
committer Copybara-Service <copybara-worker@google.com> Thu Mar 21 08:55:11 2019 -0700
tree 0da910bd7edeedbf3255a41c622485fc42ca12d2
parent b23daa7bf1f6e704b6699703348015bcf76b03e2

Teach QUIC about the concept of "fallback" key exchange

In the Leto world, GFE's QUIC stack will be configured with a bunch of ServerConfigs whose private keys live remotely, on the Leto server.  Each GFE will also generate a ServerConfig with a local keypair, to which it will fall back in a Leto outage.

The QUIC stack will need to be able to distinguish the fallback ServerConfig from the others.  This CL takes a step in that direction, by adding an 'is_fallback' argument to KeyExchangeSource::Create, which instructs it not to create a Leto-aware KeyExchange, but a local one.

For non-Leto-configured GFEs, this argument is simply ignored, since all KeyExchanges will already be local.

This CL also modifies the LetoKeyExchange infrastructure to behave reasonably if the private key passed to KeyExchangeSource::Create is empty (i.e. the private key lives remotely on Leto and is not mirrored on the GFE).

This CL is not flag-protected.  The changes are all no-ops in the GFE for the following reasons:
- The is_fallback argument is currently set to false everywhere in the GFE.
- The private_key argument is always set in the GFE.

Subsequent CLs will change these arguments, and *those* will be flag-protected.

gfe-relnote: Adding codepaths not yet reachable in the GFE.  Not flag-protected.
PiperOrigin-RevId: 239603863
Change-Id: I34fc2311559db2221a26c83d8c6dfa05954b5fd5