Cleanup ObliviousHttpKeyConfigs

This CL is mostly a no-op refactor of ObliviousHttpKeyConfigs. The only changes are the values of various error codes and status strings returned. This brings this code to more modern coding practices in QUICHE, and will facilitate future product work in this file.

PiperOrigin-RevId: 944553749
diff --git a/quiche/oblivious_http/common/oblivious_http_header_key_config.cc b/quiche/oblivious_http/common/oblivious_http_header_key_config.cc
index 6393fd7..3fd170f 100644
--- a/quiche/oblivious_http/common/oblivious_http_header_key_config.cc
+++ b/quiche/oblivious_http/common/oblivious_http_header_key_config.cc
@@ -43,7 +43,8 @@
     case EVP_HPKE_DHKEM_X25519_HKDF_SHA256:
       return EVP_hpke_x25519_hkdf_sha256();
     default:
-      return absl::UnimplementedError("No support for this KEM ID.");
+      return absl::UnimplementedError(
+          absl::StrCat("KEM ID", absl::Hex(kem_id), " not supported"));
   }
 }
 
@@ -52,7 +53,8 @@
     case EVP_HPKE_HKDF_SHA256:
       return EVP_hpke_hkdf_sha256();
     default:
-      return absl::UnimplementedError("No support for this KDF ID.");
+      return absl::UnimplementedError(
+          absl::StrCat("KDF ID ", absl::Hex(kdf_id), " not supported"));
   }
 }
 
@@ -65,7 +67,8 @@
     case EVP_HPKE_CHACHA20_POLY1305:
       return EVP_hpke_chacha20_poly1305();
     default:
-      return absl::UnimplementedError("No support for this AEAD ID.");
+      return absl::UnimplementedError(
+          absl::StrCat("AEAD ID ", absl::Hex(aead_id), " not supported"));
   }
 }
 
@@ -86,38 +89,26 @@
 }
 
 absl::Status ObliviousHttpHeaderKeyConfig::ValidateKeyConfig() const {
-  auto supported_kem = CheckKemId(kem_id_);
-  if (!supported_kem.ok()) {
-    return absl::InvalidArgumentError(
-        absl::StrCat("Unsupported KEM ID:", kem_id_));
-  }
-  auto supported_kdf = CheckKdfId(kdf_id_);
-  if (!supported_kdf.ok()) {
-    return absl::InvalidArgumentError(
-        absl::StrCat("Unsupported KDF ID:", kdf_id_));
-  }
-  auto supported_aead = CheckAeadId(aead_id_);
-  if (!supported_aead.ok()) {
-    return absl::InvalidArgumentError(
-        absl::StrCat("Unsupported AEAD ID:", aead_id_));
-  }
+  QUICHE_RETURN_IF_ERROR(CheckKemId(kem_id_).status());
+  QUICHE_RETURN_IF_ERROR(CheckKdfId(kdf_id_).status());
+  QUICHE_RETURN_IF_ERROR(CheckAeadId(aead_id_).status());
   return absl::OkStatus();
 }
 
 const EVP_HPKE_KEM* ObliviousHttpHeaderKeyConfig::GetHpkeKem() const {
   auto kem = CheckKemId(kem_id_);
   QUICHE_CHECK_OK(kem.status());
-  return kem.value();
+  return *kem;
 }
 const EVP_HPKE_KDF* ObliviousHttpHeaderKeyConfig::GetHpkeKdf() const {
   auto kdf = CheckKdfId(kdf_id_);
   QUICHE_CHECK_OK(kdf.status());
-  return kdf.value();
+  return *kdf;
 }
 const EVP_HPKE_AEAD* ObliviousHttpHeaderKeyConfig::GetHpkeAead() const {
   auto aead = CheckAeadId(aead_id_);
   QUICHE_CHECK_OK(aead.status());
-  return aead.value();
+  return *aead;
 }
 
 std::string ObliviousHttpHeaderKeyConfig::SerializeRecipientContextInfo(
@@ -127,7 +118,7 @@
   std::string info(buf_len, '\0');
   QuicheDataWriter writer(info.size(), info.data());
   QUICHE_CHECK(writer.WriteStringPiece(request_label));
-  QUICHE_CHECK(writer.WriteUInt8(zero_byte));  // Zero byte.
+  QUICHE_CHECK(writer.WriteUInt8(zero_byte));
   QUICHE_CHECK(writer.WriteUInt8(key_id_));
   QUICHE_CHECK(writer.WriteUInt16(kem_id_));
   QUICHE_CHECK(writer.WriteUInt16(kdf_id_));
@@ -139,7 +130,7 @@
 absl::Status ObliviousHttpHeaderKeyConfig::ParseOhttpPayloadHeader(
     absl::string_view payload_bytes) const {
   if (payload_bytes.empty()) {
-    return absl::InvalidArgumentError("Empty request payload.");
+    return absl::InvalidArgumentError("Empty request payload");
   }
   QuicheDataReader reader(payload_bytes);
   return ParseOhttpPayloadHeader(reader);
@@ -149,38 +140,40 @@
     QuicheDataReader& reader) const {
   uint8_t key_id;
   if (!reader.ReadUInt8(&key_id)) {
-    return absl::InvalidArgumentError("Failed to read key_id from header.");
+    return absl::InvalidArgumentError("Failed to read key_id from header");
   }
   if (key_id != key_id_) {
     return absl::InvalidArgumentError(
-        absl::StrCat("KeyID in request:", static_cast<uint16_t>(key_id),
-                     " doesn't match with server's public key "
-                     "configuration KeyID:",
-                     static_cast<uint16_t>(key_id_)));
+        absl::StrCat("KeyID ", static_cast<uint16_t>(key_id),
+                     " in request does not match KeyID ",
+                     static_cast<uint16_t>(key_id_), " from config"));
   }
   uint16_t kem_id;
   if (!reader.ReadUInt16(&kem_id)) {
-    return absl::InvalidArgumentError("Failed to read kem_id from header.");
+    return absl::InvalidArgumentError("Failed to read kem_id from header");
   }
   if (kem_id != kem_id_) {
     return absl::InvalidArgumentError(
-        absl::StrCat("Received Invalid kemID:", kem_id, " Expected:", kem_id_));
+        absl::StrCat("Received invalid kem_id ", absl::Hex(kem_id),
+                     ", expected ", absl::Hex(kem_id_)));
   }
   uint16_t kdf_id;
   if (!reader.ReadUInt16(&kdf_id)) {
-    return absl::InvalidArgumentError("Failed to read kdf_id from header.");
+    return absl::InvalidArgumentError("Failed to read kdf_id from header");
   }
   if (kdf_id != kdf_id_) {
     return absl::InvalidArgumentError(
-        absl::StrCat("Received Invalid kdfID:", kdf_id, " Expected:", kdf_id_));
+        absl::StrCat("Received invalid kdf_id ", absl::Hex(kdf_id),
+                     ", expected ", absl::Hex(kdf_id_)));
   }
   uint16_t aead_id;
   if (!reader.ReadUInt16(&aead_id)) {
-    return absl::InvalidArgumentError("Failed to read aead_id from header.");
+    return absl::InvalidArgumentError("Failed to read aead_id from header");
   }
   if (aead_id != aead_id_) {
-    return absl::InvalidArgumentError(absl::StrCat(
-        "Received Invalid aeadID:", aead_id, " Expected:", aead_id_));
+    return absl::InvalidArgumentError(
+        absl::StrCat("Received invalid aead_id ", absl::Hex(aead_id),
+                     ", expected ", absl::Hex(aead_id_)));
   }
   return absl::OkStatus();
 }
@@ -189,12 +182,12 @@
 ObliviousHttpHeaderKeyConfig::ParseKeyIdFromObliviousHttpRequestPayload(
     absl::string_view payload_bytes) {
   if (payload_bytes.empty()) {
-    return absl::InvalidArgumentError("Empty request payload.");
+    return absl::InvalidArgumentError("Empty request payload");
   }
   QuicheDataReader reader(payload_bytes);
   uint8_t key_id;
   if (!reader.ReadUInt8(&key_id)) {
-    return absl::InvalidArgumentError("Failed to read key_id from payload.");
+    return absl::InvalidArgumentError("Failed to read key_id from payload");
   }
   return key_id;
 }
@@ -205,34 +198,33 @@
   std::string hdr(buf_len, '\0');
   QuicheDataWriter writer(hdr.size(), hdr.data());
   QUICHE_CHECK(writer.WriteUInt8(key_id_));
-  QUICHE_CHECK(writer.WriteUInt16(kem_id_));   // kemID
-  QUICHE_CHECK(writer.WriteUInt16(kdf_id_));   // kdfID
-  QUICHE_CHECK(writer.WriteUInt16(aead_id_));  // aeadID
+  QUICHE_CHECK(writer.WriteUInt16(kem_id_));
+  QUICHE_CHECK(writer.WriteUInt16(kdf_id_));
+  QUICHE_CHECK(writer.WriteUInt16(aead_id_));
   return hdr;
 }
 
 namespace {
 // https://www.rfc-editor.org/rfc/rfc9180#section-7.1
 absl::StatusOr<uint16_t> KeyLength(uint16_t kem_id) {
-  auto supported_kem = CheckKemId(kem_id);
-  if (!supported_kem.ok()) {
-    return absl::InvalidArgumentError(absl::StrCat(
-        "Unsupported KEM ID:", kem_id, ". public key length is unknown."));
-  }
-  return EVP_HPKE_KEM_public_key_len(supported_kem.value());
+  QUICHE_ASSIGN_OR_RETURN(const EVP_HPKE_KEM* supported_kem,
+                          CheckKemId(kem_id));
+  return EVP_HPKE_KEM_public_key_len(supported_kem);
 }
 
 absl::StatusOr<std::string> SerializeOhttpKeyWithPublicKey(
     uint8_t key_id, absl::string_view public_key,
     const std::vector<ObliviousHttpHeaderKeyConfig>& ohttp_configs) {
+  if (ohttp_configs.empty()) {
+    return absl::InvalidArgumentError("Empty ohttp_configs");
+  }
   auto ohttp_config = ohttp_configs[0];
-  // Check if `ohttp_config` match the RFC's encoding guidelines.
   static_assert(sizeof(ohttp_config.GetHpkeKemId()) == kSizeOfHpkeKemId &&
                     sizeof(ohttp_config.GetHpkeKdfId()) ==
                         kSizeOfSymmetricAlgorithmHpkeKdfId &&
                     sizeof(ohttp_config.GetHpkeAeadId()) ==
                         kSizeOfSymmetricAlgorithmHpkeAeadId,
-                "Size of HPKE IDs should match RFC specification.");
+                "Bad algorithm ID sizes");
 
   uint16_t symmetric_algs_length =
       ohttp_configs.size() * (kSizeOfSymmetricAlgorithmHpkeKdfId +
@@ -242,61 +234,28 @@
   std::string ohttp_key_configuration(buf_len, '\0');
   QuicheDataWriter writer(ohttp_key_configuration.size(),
                           ohttp_key_configuration.data());
-  if (!writer.WriteUInt8(key_id)) {
-    return absl::InternalError("Failed to serialize OHTTP key.[key_id]");
-  }
-  if (!writer.WriteUInt16(ohttp_config.GetHpkeKemId())) {
-    return absl::InternalError(
-        "Failed to serialize OHTTP key.[kem_id]");  // kemID.
-  }
-  if (!writer.WriteStringPiece(public_key)) {
-    return absl::InternalError(
-        "Failed to serialize OHTTP key.[public_key]");  // Raw public key.
-  }
-  if (!writer.WriteUInt16(symmetric_algs_length)) {
-    return absl::InternalError(
-        "Failed to serialize OHTTP key.[symmetric_algs_length]");
-  }
+  QUICHE_CHECK(writer.WriteUInt8(key_id));
+  QUICHE_CHECK(writer.WriteUInt16(ohttp_config.GetHpkeKemId()));
+  QUICHE_CHECK(writer.WriteStringPiece(public_key));
+  QUICHE_CHECK(writer.WriteUInt16(symmetric_algs_length));
   for (const auto& item : ohttp_configs) {
     // Check if KEM ID is the same for all the configs stored in `this` for
     // given `key_id`.
     if (item.GetHpkeKemId() != ohttp_config.GetHpkeKemId()) {
-      QUICHE_BUG(ohttp_key_configs_builder_parser)
-          << "ObliviousHttpKeyConfigs object cannot hold ConfigMap of "
-             "different KEM IDs:[ "
-          << item.GetHpkeKemId() << "," << ohttp_config.GetHpkeKemId()
-          << " ]for a given key_id:" << static_cast<uint16_t>(key_id);
-    }
-    if (!writer.WriteUInt16(item.GetHpkeKdfId())) {
       return absl::InternalError(
-          "Failed to serialize OHTTP key.[kdf_id]");  // kdfID.
+          absl::StrCat("ObliviousHttpKeyConfigs object cannot hold ConfigMap "
+                       "of different KEM IDs ",
+                       absl::Hex(item.GetHpkeKemId()), " vs ",
+                       absl::Hex(ohttp_config.GetHpkeKemId()), " for key_id ",
+                       static_cast<uint16_t>(key_id)));
     }
-    if (!writer.WriteUInt16(item.GetHpkeAeadId())) {
-      return absl::InternalError(
-          "Failed to serialize OHTTP key.[aead_id]");  // aeadID.
-    }
+    QUICHE_CHECK(writer.WriteUInt16(item.GetHpkeKdfId()));
+    QUICHE_CHECK(writer.WriteUInt16(item.GetHpkeAeadId()));
   }
-  QUICHE_DCHECK_EQ(writer.remaining(), 0u);
+  QUICHE_CHECK_EQ(writer.remaining(), 0u);
   return ohttp_key_configuration;
 }
 
-std::string GetDebugStringForFailedKeyConfig(
-    const ObliviousHttpKeyConfigs::OhttpKeyConfig& failed_key_config) {
-  std::string debug_string = "[ ";
-  absl::StrAppend(&debug_string,
-                  "key_id:", static_cast<uint16_t>(failed_key_config.key_id),
-                  " , kem_id:", failed_key_config.kem_id,
-                  ". Printing HEX formatted public_key:",
-                  absl::BytesToHexString(failed_key_config.public_key));
-  absl::StrAppend(&debug_string, ", symmetric_algorithms: { ");
-  for (const auto& symmetric_config : failed_key_config.symmetric_algorithms) {
-    absl::StrAppend(&debug_string, "{kdf_id: ", symmetric_config.kdf_id,
-                    ", aead_id:", symmetric_config.aead_id, " }");
-  }
-  absl::StrAppend(&debug_string, " } ]");
-  return debug_string;
-}
-
 // Verifies if the `key_config` contains all valid combinations of [kem_id,
 // kdf_id, aead_id] that comprises Single Key configuration encoding as
 // specified in
@@ -306,27 +265,20 @@
     absl::btree_map<uint8_t, std::vector<ObliviousHttpHeaderKeyConfig>,
                     std::greater<uint8_t>>& configs,
     absl::flat_hash_map<uint8_t, std::string>& keys) {
-  if (!CheckKemId(key_config.kem_id).ok() ||
-      key_config.public_key.size() != KeyLength(key_config.kem_id).value()) {
-    QUICHE_LOG(ERROR) << "Failed to process: "
-                      << GetDebugStringForFailedKeyConfig(key_config);
-    return absl::InvalidArgumentError(
-        absl::StrCat("Invalid key_config! [KEM ID:", key_config.kem_id, "]"));
+  QUICHE_ASSIGN_OR_RETURN(uint16_t key_length, KeyLength(key_config.kem_id));
+  if (key_length != key_config.public_key.size()) {
+    return absl::InvalidArgumentError(absl::StrCat(
+        "Invalid key length ", key_config.public_key.size(), " for KEM ID ",
+        absl::Hex(key_config.kem_id), ", expected ", key_length));
   }
   for (const auto& symmetric_config : key_config.symmetric_algorithms) {
-    if (!CheckKdfId(symmetric_config.kdf_id).ok() ||
-        !CheckAeadId(symmetric_config.aead_id).ok()) {
-      QUICHE_LOG(ERROR) << "Failed to process: "
-                        << GetDebugStringForFailedKeyConfig(key_config);
-      return absl::InvalidArgumentError(
-          absl::StrCat("Invalid key_config! [KDF ID:", symmetric_config.kdf_id,
-                       ", AEAD ID:", symmetric_config.aead_id, "]"));
-    }
+    QUICHE_RETURN_IF_ERROR(CheckKdfId(symmetric_config.kdf_id).status());
+    QUICHE_RETURN_IF_ERROR(CheckAeadId(symmetric_config.aead_id).status());
     auto ohttp_config = ObliviousHttpHeaderKeyConfig::Create(
         key_config.key_id, key_config.kem_id, symmetric_config.kdf_id,
         symmetric_config.aead_id);
     if (ohttp_config.ok()) {
-      configs[key_config.key_id].emplace_back(std::move(ohttp_config.value()));
+      configs[key_config.key_id].emplace_back(std::move(*ohttp_config));
     }
   }
   keys.emplace(key_config.key_id, std::move(key_config.public_key));
@@ -348,37 +300,29 @@
 }
 
 absl::StatusOr<ObliviousHttpKeyConfigs> ObliviousHttpKeyConfigs::Create(
-    absl::flat_hash_set<ObliviousHttpKeyConfigs::OhttpKeyConfig>
-        ohttp_key_configs) {
+    absl::flat_hash_set<OhttpKeyConfig> ohttp_key_configs) {
   if (ohttp_key_configs.empty()) {
-    return absl::InvalidArgumentError("Empty input.");
+    return absl::InvalidArgumentError("Empty input");
   }
   ConfigMap configs_map;
   PublicKeyMap keys_map;
-  for (auto& ohttp_key_config : ohttp_key_configs) {
-    auto result = StoreKeyConfigIfValid(std::move(ohttp_key_config),
-                                        configs_map, keys_map);
-    if (!result.ok()) {
-      return result;
-    }
+  for (OhttpKeyConfig ohttp_key_config : ohttp_key_configs) {
+    QUICHE_RETURN_IF_ERROR(StoreKeyConfigIfValid(std::move(ohttp_key_config),
+                                                 configs_map, keys_map));
   }
-  auto oblivious_configs =
-      ObliviousHttpKeyConfigs(std::move(configs_map), std::move(keys_map));
-  return oblivious_configs;
+  return ObliviousHttpKeyConfigs(std::move(configs_map), std::move(keys_map));
 }
 
 absl::StatusOr<ObliviousHttpKeyConfigs> ObliviousHttpKeyConfigs::Create(
     const ObliviousHttpHeaderKeyConfig& single_key_config,
     absl::string_view public_key) {
-  if (public_key.empty()) {
-    return absl::InvalidArgumentError("Empty input.");
-  }
-
-  if (auto key_length = KeyLength(single_key_config.GetHpkeKemId());
-      public_key.size() != key_length.value()) {
-    return absl::InvalidArgumentError(absl::StrCat(
-        "Invalid key. Key size mismatch. Expected:", key_length.value(),
-        " Actual:", public_key.size()));
+  QUICHE_ASSIGN_OR_RETURN(uint16_t key_length,
+                          KeyLength(single_key_config.GetHpkeKemId()));
+  if (key_length != public_key.size()) {
+    return absl::InvalidArgumentError(
+        absl::StrCat("Invalid key length ", public_key.size(), " for KEM ID ",
+                     absl::Hex(single_key_config.GetHpkeKemId()), ", expected ",
+                     key_length));
   }
 
   ConfigMap configs;
@@ -393,23 +337,19 @@
     const {
   std::string concatenated_keys;
   for (const auto& [key_id, ohttp_configs] : configs_) {
-    auto key = public_keys_.find(key_id);
-    if (key == public_keys_.end()) {
-      return absl::InternalError(
-          "Failed to serialize. No public key found for key_id");
-    }
-    auto serialized =
-        SerializeOhttpKeyWithPublicKey(key_id, key->second, ohttp_configs);
-    if (!serialized.ok()) {
-      return absl::InternalError("Failed to serialize OHTTP key configs.");
-    }
-    absl::StrAppend(&concatenated_keys, serialized.value());
+    QUICHE_ASSIGN_OR_RETURN(absl::string_view public_key,
+                            GetPublicKeyForId(key_id));
+    QUICHE_ASSIGN_OR_RETURN(
+        std::string serialized,
+        SerializeOhttpKeyWithPublicKey(key_id, public_key, ohttp_configs));
+    absl::StrAppend(&concatenated_keys, std::move(serialized));
   }
   return concatenated_keys;
 }
 
 ObliviousHttpHeaderKeyConfig ObliviousHttpKeyConfigs::PreferredConfig() const {
   // configs_ is forced to have at least one object during construction.
+  QUICHE_CHECK(!configs_.empty());
   return configs_.begin()->second.front();
 }
 
@@ -417,7 +357,8 @@
     uint8_t key_id) const {
   auto key = public_keys_.find(key_id);
   if (key == public_keys_.end()) {
-    return absl::NotFoundError("No public key found for key_id");
+    return absl::NotFoundError(
+        absl::StrCat("No public key found for key_id", key_id));
   }
   return key->second;
 }
@@ -425,34 +366,36 @@
 absl::Status ObliviousHttpKeyConfigs::ReadSingleKeyConfig(
     QuicheDataReader& reader, ConfigMap& configs, PublicKeyMap& keys) {
   uint8_t key_id;
-  uint16_t kem_id;
-  // First byte: key_id; next two bytes: kem_id.
-  if (!reader.ReadUInt8(&key_id) || !reader.ReadUInt16(&kem_id)) {
-    return absl::InvalidArgumentError("Invalid key_config!");
+  if (!reader.ReadUInt8(&key_id)) {
+    return absl::InvalidArgumentError("Failed to read key_id");
   }
-
-  // Public key length depends on the kem_id.
+  uint16_t kem_id;
+  if (!reader.ReadUInt16(&kem_id)) {
+    return absl::InvalidArgumentError("Failed to read kem_id");
+  }
   QUICHE_ASSIGN_OR_RETURN(uint16_t key_length, KeyLength(kem_id));
   std::string key_str(key_length, '\0');
-  if (!reader.ReadBytes(key_str.data(), key_length)) {
-    return absl::InvalidArgumentError("Invalid key_config!");
+  if (!reader.ReadBytes(key_str.data(), key_str.size())) {
+    return absl::InvalidArgumentError("Failed to read public key");
   }
   if (!keys.insert({key_id, std::move(key_str)}).second) {
-    return absl::InvalidArgumentError("Duplicate key_id's in key_config!");
+    return absl::InvalidArgumentError(
+        absl::StrCat("Found duplicated key_id ", key_id));
   }
 
-  // Extract the algorithms for this public key.
   absl::string_view alg_bytes;
-  // Read the 16-bit length, then read that many bytes into alg_bytes.
   if (!reader.ReadStringPiece16(&alg_bytes)) {
-    return absl::InvalidArgumentError("Invalid key_config!");
+    return absl::InvalidArgumentError("Failed to read symmetric algorithms");
   }
   QuicheDataReader sub_reader(alg_bytes);
   while (!sub_reader.IsDoneReading()) {
     uint16_t kdf_id;
+    if (!sub_reader.ReadUInt16(&kdf_id)) {
+      return absl::InvalidArgumentError("Failed to read kdf_id");
+    }
     uint16_t aead_id;
-    if (!sub_reader.ReadUInt16(&kdf_id) || !sub_reader.ReadUInt16(&aead_id)) {
-      return absl::InvalidArgumentError("Invalid key_config!");
+    if (!sub_reader.ReadUInt16(&aead_id)) {
+      return absl::InvalidArgumentError("Failed to read aead_id");
     }
 
     // TODO(kmg): Add support to ignore key types in the server response that
@@ -462,6 +405,9 @@
         ObliviousHttpHeaderKeyConfig::Create(key_id, kem_id, kdf_id, aead_id));
     configs[key_id].emplace_back(std::move(cfg));
   }
+  // Intentionally allow extra data at the end of the key config. This will
+  // allow us to use it for extensions. See
+  // draft-schinazi-httpbis-ohttp-ext-key-config.
   return absl::OkStatus();
 }
 
diff --git a/quiche/oblivious_http/common/oblivious_http_header_key_config.h b/quiche/oblivious_http/common/oblivious_http_header_key_config.h
index 9e48336..e20e67e 100644
--- a/quiche/oblivious_http/common/oblivious_http_header_key_config.h
+++ b/quiche/oblivious_http/common/oblivious_http_header_key_config.h
@@ -3,8 +3,10 @@
 
 #include <stdint.h>
 
+#include <functional>
 #include <string>
 #include <utility>
+#include <vector>
 
 #include "absl/container/btree_map.h"
 #include "absl/container/flat_hash_map.h"
diff --git a/quiche/oblivious_http/common/oblivious_http_header_key_config_test.cc b/quiche/oblivious_http/common/oblivious_http_header_key_config_test.cc
index fb3688d..6e831fc 100644
--- a/quiche/oblivious_http/common/oblivious_http_header_key_config_test.cc
+++ b/quiche/oblivious_http/common/oblivious_http_header_key_config_test.cc
@@ -9,22 +9,19 @@
 #include "absl/strings/str_cat.h"
 #include "absl/strings/string_view.h"
 #include "openssl/hpke.h"
-#include "quiche/common/platform/api/quiche_logging.h"
 #include "quiche/common/platform/api/quiche_test.h"
 #include "quiche/common/quiche_data_writer.h"
+#include "quiche/common/test_tools/quiche_test_utils.h"
 
 namespace quiche {
 namespace {
+using ::quiche::test::IsOkAndHolds;
 using ::testing::AllOf;
 using ::testing::HasSubstr;
 using ::testing::Property;
-using ::testing::StrEq;
 using ::testing::UnorderedElementsAre;
 using ::testing::UnorderedElementsAreArray;
 
-/**
- * Build Request header.
- */
 std::string BuildHeader(uint8_t key_id, uint16_t kem_id, uint16_t kdf_id,
                         uint16_t aead_id) {
   int buf_len =
@@ -32,9 +29,9 @@
   std::string hdr(buf_len, '\0');
   QuicheDataWriter writer(hdr.size(), hdr.data());
   EXPECT_TRUE(writer.WriteUInt8(key_id));
-  EXPECT_TRUE(writer.WriteUInt16(kem_id));   // kemID
-  EXPECT_TRUE(writer.WriteUInt16(kdf_id));   // kdfID
-  EXPECT_TRUE(writer.WriteUInt16(aead_id));  // aeadID
+  EXPECT_TRUE(writer.WriteUInt16(kem_id));
+  EXPECT_TRUE(writer.WriteUInt16(kdf_id));
+  EXPECT_TRUE(writer.WriteUInt16(aead_id));
   return hdr;
 }
 
@@ -75,9 +72,8 @@
   expected.insert(expected.end(), ohttp_cfg.begin(), ohttp_cfg.end());
   auto instance =
       ObliviousHttpHeaderKeyConfig::Create(key_id, kem_id, kdf_id, aead_id);
-  ASSERT_TRUE(instance.ok());
-  EXPECT_EQ(instance.value().SerializeRecipientContextInfo(ohttp_req_label),
-            expected);
+  QUICHE_ASSERT_OK(instance);
+  EXPECT_EQ(instance->SerializeRecipientContextInfo(ohttp_req_label), expected);
   EXPECT_THAT(instance->DebugString(), HasSubstr("AES-256-GCM"));
 }
 
@@ -95,44 +91,47 @@
   auto valid_key_config = ObliviousHttpHeaderKeyConfig::Create(
       2, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
-  ASSERT_TRUE(valid_key_config.ok());
+  QUICHE_ASSERT_OK(valid_key_config);
   EXPECT_THAT(valid_key_config->DebugString(), HasSubstr("AES-256-GCM"));
 }
 
 TEST(ObliviousHttpHeaderKeyConfig, TestInvalidKeyConfig) {
-  auto invalid_kem = ObliviousHttpHeaderKeyConfig::Create(
-      3, 0, EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_256_GCM);
-  EXPECT_EQ(invalid_kem.status().code(), absl::StatusCode::kInvalidArgument);
-  auto invalid_kdf = ObliviousHttpHeaderKeyConfig::Create(
-      3, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, 0, EVP_HPKE_AES_256_GCM);
-  EXPECT_EQ(invalid_kdf.status().code(), absl::StatusCode::kInvalidArgument);
-  auto invalid_aead = ObliviousHttpHeaderKeyConfig::Create(
-      3, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256, 0);
-  EXPECT_EQ(invalid_kdf.status().code(), absl::StatusCode::kInvalidArgument);
+  EXPECT_FALSE(ObliviousHttpHeaderKeyConfig::Create(3, 0, EVP_HPKE_HKDF_SHA256,
+                                                    EVP_HPKE_AES_256_GCM)
+                   .ok());
+  EXPECT_FALSE(
+      ObliviousHttpHeaderKeyConfig::Create(3, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
+                                           0, EVP_HPKE_AES_256_GCM)
+          .ok());
+  EXPECT_FALSE(
+      ObliviousHttpHeaderKeyConfig::Create(3, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
+                                           EVP_HPKE_HKDF_SHA256, 0)
+          .ok());
 }
 
 TEST(ObliviousHttpHeaderKeyConfig, TestParsingValidHeader) {
   auto instance = ObliviousHttpHeaderKeyConfig::Create(
       5, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
-  ASSERT_TRUE(instance.ok());
-  std::string good_hdr(BuildHeader(5, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
-                                   EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_256_GCM));
-  ASSERT_TRUE(instance.value().ParseOhttpPayloadHeader(good_hdr).ok());
+  QUICHE_ASSERT_OK(instance);
+  std::string good_hdr =
+      BuildHeader(5, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
+                  EVP_HPKE_AES_256_GCM);
+  QUICHE_ASSERT_OK(instance->ParseOhttpPayloadHeader(good_hdr));
 }
 
 TEST(ObliviousHttpHeaderKeyConfig, TestParsingInvalidHeader) {
   auto instance = ObliviousHttpHeaderKeyConfig::Create(
       8, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
-  ASSERT_TRUE(instance.ok());
-  std::string keyid_mismatch_hdr(
+  QUICHE_ASSERT_OK(instance);
+  std::string keyid_mismatch_hdr =
       BuildHeader(0, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
-                  EVP_HPKE_AES_256_GCM));
-  EXPECT_EQ(instance.value().ParseOhttpPayloadHeader(keyid_mismatch_hdr).code(),
+                  EVP_HPKE_AES_256_GCM);
+  EXPECT_EQ(instance->ParseOhttpPayloadHeader(keyid_mismatch_hdr).code(),
             absl::StatusCode::kInvalidArgument);
-  std::string invalid_hpke_hdr(BuildHeader(8, 0, 0, 0));
-  EXPECT_EQ(instance.value().ParseOhttpPayloadHeader(invalid_hpke_hdr).code(),
+  std::string invalid_hpke_hdr = BuildHeader(8, 0, 0, 0);
+  EXPECT_EQ(instance->ParseOhttpPayloadHeader(invalid_hpke_hdr).code(),
             absl::StatusCode::kInvalidArgument);
 }
 
@@ -143,16 +142,16 @@
   auto parsed_key_id =
       ObliviousHttpHeaderKeyConfig::ParseKeyIdFromObliviousHttpRequestPayload(
           key_id);
-  ASSERT_TRUE(parsed_key_id.ok());
-  EXPECT_EQ(parsed_key_id.value(), 99);
+  QUICHE_ASSERT_OK(parsed_key_id);
+  EXPECT_EQ(*parsed_key_id, 99);
 }
 
 TEST(ObliviousHttpHeaderKeyConfig, TestCopyable) {
   auto obj1 = ObliviousHttpHeaderKeyConfig::Create(
       4, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_256_GCM);
-  ASSERT_TRUE(obj1.ok());
-  auto copy_obj1_to_obj2 = obj1.value();
+  QUICHE_ASSERT_OK(obj1);
+  auto copy_obj1_to_obj2 = *obj1;
   EXPECT_EQ(copy_obj1_to_obj2.kHeaderLength, obj1->kHeaderLength);
   EXPECT_EQ(copy_obj1_to_obj2.SerializeRecipientContextInfo(),
             obj1->SerializeRecipientContextInfo());
@@ -162,7 +161,7 @@
   auto instance = ObliviousHttpHeaderKeyConfig::Create(
       7, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_128_GCM);
-  ASSERT_TRUE(instance.ok());
+  QUICHE_ASSERT_OK(instance);
   EXPECT_EQ(instance->SerializeOhttpPayloadHeader(),
             BuildHeader(7, EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
                         EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_128_GCM));
@@ -188,35 +187,49 @@
 
 TEST(ObliviousHttpKeyConfigs, SingleKeyConfig) {
   std::string key;
-  ASSERT_TRUE(absl::HexStringToBytes(
-      "4b0020f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fa27a049bc746a6e97a1e0244b00"
-      "0400010002",
-      &key));
-  auto configs = ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key).value();
-  EXPECT_THAT(configs, Property(&ObliviousHttpKeyConfigs::NumKeys, 1));
+  ASSERT_TRUE(
+      absl::HexStringToBytes("4b"                                // key_id
+                             "0020"                              // kem_id
+                             "606162636465666768696a6b6c6d6e6f"  // public_key
+                             "707172737475767778797a7b7c7d7e7f"  // public_key
+                             "0004"       // len(symmetric_algorithms)
+                             "00010002",  // HKDF_SHA256, AES_256_GCM
+                             &key));
+  auto configs = ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key);
+  QUICHE_ASSERT_OK(configs);
+  EXPECT_THAT(*configs, Property(&ObliviousHttpKeyConfigs::NumKeys, 1));
   EXPECT_THAT(
-      configs.PreferredConfig(),
+      configs->PreferredConfig(),
       AllOf(HasKeyId(0x4b), HasKemId(EVP_HPKE_DHKEM_X25519_HKDF_SHA256),
             HasKdfId(EVP_HPKE_HKDF_SHA256), HasAeadId(EVP_HPKE_AES_256_GCM)));
   std::string expected_public_key;
   ASSERT_TRUE(absl::HexStringToBytes(
-      "f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fa27a049bc746a6e97a1e0244b",
+      "606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f",
       &expected_public_key));
-  EXPECT_THAT(
-      configs.GetPublicKeyForId(configs.PreferredConfig().GetKeyId()).value(),
-      StrEq(expected_public_key));
+  EXPECT_THAT(configs->GetPublicKeyForId(configs->PreferredConfig().GetKeyId()),
+              IsOkAndHolds(expected_public_key));
 }
 
 TEST(ObliviousHttpKeyConfigs, TwoSimilarKeyConfigs) {
   std::string key;
   ASSERT_TRUE(absl::HexStringToBytes(
-      "4b0020f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fa27a049bc746a6e97a1e0244b00"
-      "0400010002"  // Intentional concatenation
-      "4f0020f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fa27a049bc746a6e97a1e0244b00"
-      "0400010001",
+      // First key config.
+      "4b"                                // key_id
+      "0020"                              // kem_id
+      "606162636465666768696a6b6c6d6e6f"  // public_key
+      "707172737475767778797a7b7c7d7e7f"  // public_key
+      "0004"                              // len(symmetric_algorithms)
+      "00010002"                          // HKDF_SHA256, AES_256_GCM
+      // Second key config.
+      "4f"                                // key_id
+      "0020"                              // kem_id
+      "606162636465666768696a6b6c6d6e6f"  // public_key
+      "707172737475767778797a7b7c7d7e7f"  // public_key
+      "0004"                              // len(symmetric_algorithms)
+      "00010001",                         // HKDF_SHA256, AES_128_GCM
       &key));
-  EXPECT_THAT(ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key).value(),
-              Property(&ObliviousHttpKeyConfigs::NumKeys, 2));
+  EXPECT_THAT(ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key),
+              IsOkAndHolds(Property(&ObliviousHttpKeyConfigs::NumKeys, 2)));
   EXPECT_THAT(
       ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key)->PreferredConfig(),
       AllOf(HasKeyId(0x4f), HasKemId(EVP_HPKE_DHKEM_X25519_HKDF_SHA256),
@@ -229,30 +242,40 @@
       "01002031e1f05a740102115220e9af918f738674aec95f54db6e04eb705aae8e79815500"
       "080001000100010003",
       &key));
-  auto configs = ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key).value();
-  EXPECT_THAT(configs, Property(&ObliviousHttpKeyConfigs::NumKeys, 1));
+  auto configs = ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key);
+  QUICHE_ASSERT_OK(configs);
+  EXPECT_THAT(*configs, Property(&ObliviousHttpKeyConfigs::NumKeys, 1));
   EXPECT_THAT(
-      configs.PreferredConfig(),
+      configs->PreferredConfig(),
       AllOf(HasKeyId(0x01), HasKemId(EVP_HPKE_DHKEM_X25519_HKDF_SHA256),
             HasKdfId(EVP_HPKE_HKDF_SHA256), HasAeadId(EVP_HPKE_AES_128_GCM)));
   std::string expected_public_key;
   ASSERT_TRUE(absl::HexStringToBytes(
       "31e1f05a740102115220e9af918f738674aec95f54db6e04eb705aae8e798155",
       &expected_public_key));
-  EXPECT_THAT(
-      configs.GetPublicKeyForId(configs.PreferredConfig().GetKeyId()).value(),
-      StrEq(expected_public_key));
-  EXPECT_THAT(configs.DebugString(), HasSubstr("AES-128-GCM"));
-  EXPECT_THAT(configs.DebugString(), HasSubstr("31e1f05a7401"));
+  EXPECT_THAT(configs->GetPublicKeyForId(configs->PreferredConfig().GetKeyId()),
+              IsOkAndHolds(expected_public_key));
+  EXPECT_THAT(configs->DebugString(), HasSubstr("AES-128-GCM"));
+  EXPECT_THAT(configs->DebugString(), HasSubstr("31e1f05a7401"));
 }
 
 TEST(ObliviousHttpKeyConfigs, DuplicateKeyId) {
   std::string key;
   ASSERT_TRUE(absl::HexStringToBytes(
-      "4b0020f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fa27a049bc746a6e97a1e0244b00"
-      "0400010002"  // Intentional concatenation
-      "4b0020f83e0a17cbdb18d2684dd2a9b087a43e5f3fa3fb27a049bc746a6e97a1e0244b00"
-      "0400010001",
+      // First key config.
+      "4b"                                // key_id
+      "0020"                              // kem_id
+      "606162636465666768696a6b6c6d6e6f"  // public_key
+      "707172737475767778797a7b7c7d7e7f"  // public_key
+      "0004"                              // len(symmetric_algorithms)
+      "00010002"                          // HKDF_SHA256, AES_256_GCM
+      // Second key config.
+      "4b"                                // key_id
+      "0020"                              // kem_id
+      "606162636465666768696a6b6c6d6e6f"  // public_key
+      "707172737475767778797a7b7c7d7e7f"  // public_key
+      "0004"                              // len(symmetric_algorithms)
+      "00010001",                         // HKDF_SHA256, AES_128_GCM
       &key));
   EXPECT_FALSE(ObliviousHttpKeyConfigs::ParseConcatenatedKeys(key).ok());
 }
@@ -261,22 +284,20 @@
   auto instance = ObliviousHttpHeaderKeyConfig::Create(
       123, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_CHACHA20_POLY1305);
-  ASSERT_TRUE(instance.ok());
+  QUICHE_ASSERT_OK(instance);
   EXPECT_THAT(instance->DebugString(), HasSubstr("CHACHA20-POLY1305"));
   std::string test_public_key(
       EVP_HPKE_KEM_public_key_len(instance->GetHpkeKem()), 'a');
-  auto configs =
-      ObliviousHttpKeyConfigs::Create(instance.value(), test_public_key);
-  EXPECT_TRUE(configs.ok());
+  auto configs = ObliviousHttpKeyConfigs::Create(*instance, test_public_key);
+  QUICHE_ASSERT_OK(configs);
   auto serialized_key = configs->GenerateConcatenatedKeys();
-  EXPECT_TRUE(serialized_key.ok());
+  QUICHE_ASSERT_OK(serialized_key);
   auto ohttp_configs =
-      ObliviousHttpKeyConfigs::ParseConcatenatedKeys(serialized_key.value());
-  EXPECT_TRUE(ohttp_configs.ok());
-  ASSERT_EQ(ohttp_configs->PreferredConfig().GetKeyId(), 123);
+      ObliviousHttpKeyConfigs::ParseConcatenatedKeys(*serialized_key);
+  QUICHE_ASSERT_OK(ohttp_configs);
+  EXPECT_EQ(ohttp_configs->PreferredConfig().GetKeyId(), 123);
   auto parsed_public_key = ohttp_configs->GetPublicKeyForId(123);
-  EXPECT_TRUE(parsed_public_key.ok());
-  EXPECT_EQ(parsed_public_key.value(), test_public_key);
+  EXPECT_THAT(parsed_public_key, IsOkAndHolds(test_public_key));
 }
 
 TEST(ObliviousHttpHeaderKeyConfigs, TestCreateWithWithMultipleKeys) {
@@ -294,47 +315,39 @@
       {{EVP_HPKE_HKDF_SHA256, EVP_HPKE_CHACHA20_POLY1305}}};
   EXPECT_THAT(config2.DebugString(), HasSubstr("CHACHA20-POLY1305"));
   auto configs = ObliviousHttpKeyConfigs::Create({config1, config2});
-  ASSERT_TRUE(configs.ok());
+  QUICHE_ASSERT_OK(configs);
   EXPECT_THAT(configs->DebugString(), HasSubstr("CHACHA20-POLY1305"));
   auto serialized_key = configs->GenerateConcatenatedKeys();
-  EXPECT_TRUE(serialized_key.ok());
-  ASSERT_EQ(serialized_key.value(),
-            absl::StrCat(GetSerializedKeyConfig(config2),
-                         GetSerializedKeyConfig(config1)));
+  ASSERT_THAT(serialized_key,
+              IsOkAndHolds(absl::StrCat(GetSerializedKeyConfig(config2),
+                                        GetSerializedKeyConfig(config1))));
   auto ohttp_configs =
-      ObliviousHttpKeyConfigs::ParseConcatenatedKeys(serialized_key.value());
-  ASSERT_TRUE(ohttp_configs.ok());
+      ObliviousHttpKeyConfigs::ParseConcatenatedKeys(*serialized_key);
+  QUICHE_ASSERT_OK(ohttp_configs);
   EXPECT_THAT(ohttp_configs->DebugString(), HasSubstr("CHACHA20-POLY1305"));
   ASSERT_EQ(ohttp_configs->NumKeys(), 2);
   EXPECT_THAT(configs->PreferredConfig(),
               AllOf(HasKeyId(200), HasKemId(EVP_HPKE_DHKEM_X25519_HKDF_SHA256),
                     HasKdfId(EVP_HPKE_HKDF_SHA256),
                     HasAeadId(EVP_HPKE_CHACHA20_POLY1305)));
-  auto parsed_preferred_public_key = ohttp_configs->GetPublicKeyForId(
-      ohttp_configs->PreferredConfig().GetKeyId());
-  EXPECT_TRUE(parsed_preferred_public_key.ok());
-  EXPECT_EQ(parsed_preferred_public_key.value(), expected_preferred_public_key);
+  EXPECT_THAT(ohttp_configs->GetPublicKeyForId(
+                  ohttp_configs->PreferredConfig().GetKeyId()),
+              IsOkAndHolds(expected_preferred_public_key));
 }
 
 TEST(ObliviousHttpHeaderKeyConfigs, TestCreateWithInvalidConfigs) {
-  ASSERT_EQ(ObliviousHttpKeyConfigs::Create({}).status().code(),
-            absl::StatusCode::kInvalidArgument);
-  ASSERT_EQ(ObliviousHttpKeyConfigs::Create(
-                {{100, 2, std::string(32, 'a'), {{2, 3}, {4, 5}}},
-                 {200, 6, std::string(32, 'b'), {{7, 8}, {9, 10}}}})
-                .status()
-                .code(),
-            absl::StatusCode::kInvalidArgument);
-
-  EXPECT_EQ(
-      ObliviousHttpKeyConfigs::Create(
-          {{123,
-            EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
-            "invalid key length" /*expected length for given kem_id is 32*/,
-            {{EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_128_GCM}}}})
-          .status()
-          .code(),
-      absl::StatusCode::kInvalidArgument);
+  EXPECT_FALSE(ObliviousHttpKeyConfigs::Create({}).ok());
+  EXPECT_FALSE(ObliviousHttpKeyConfigs::Create(
+                   {{100, 2, std::string(32, 'a'), {{2, 3}, {4, 5}}},
+                    {200, 6, std::string(32, 'b'), {{7, 8}, {9, 10}}}})
+                   .ok());
+  EXPECT_FALSE(ObliviousHttpKeyConfigs::Create(
+                   {{123,
+                     EVP_HPKE_DHKEM_X25519_HKDF_SHA256,
+                     // The expected length for this KEM is 32.
+                     "invalid key length",
+                     {{EVP_HPKE_HKDF_SHA256, EVP_HPKE_AES_128_GCM}}}})
+                   .ok());
 }
 
 TEST(ObliviousHttpHeaderKeyConfigs,
@@ -342,19 +355,16 @@
   const auto sample_ohttp_hdr_config = ObliviousHttpHeaderKeyConfig::Create(
       123, EVP_HPKE_DHKEM_X25519_HKDF_SHA256, EVP_HPKE_HKDF_SHA256,
       EVP_HPKE_AES_128_GCM);
-  ASSERT_TRUE(sample_ohttp_hdr_config.ok());
+  QUICHE_ASSERT_OK(sample_ohttp_hdr_config);
   EXPECT_THAT(sample_ohttp_hdr_config->DebugString(), HasSubstr("AES-128-GCM"));
-  ASSERT_EQ(ObliviousHttpKeyConfigs::Create(sample_ohttp_hdr_config.value(),
-                                            "" /*empty public_key*/)
-                .status()
-                .code(),
-            absl::StatusCode::kInvalidArgument);
-  EXPECT_EQ(ObliviousHttpKeyConfigs::Create(
-                sample_ohttp_hdr_config.value(),
-                "invalid key length" /*expected length for given kem_id is 32*/)
-                .status()
-                .code(),
-            absl::StatusCode::kInvalidArgument);
+  EXPECT_FALSE(ObliviousHttpKeyConfigs::Create(*sample_ohttp_hdr_config,
+                                               /*public_key=*/"")
+                   .ok());
+  EXPECT_FALSE(
+      ObliviousHttpKeyConfigs::Create(*sample_ohttp_hdr_config,
+                                      // The expected length for this KEM is 32.
+                                      "invalid key length")
+          .ok());
 }
 
 TEST(ObliviousHttpHeaderKeyConfigs, TestHashImplWithObliviousStruct) {