Split TlsConnection::SetEncryptionSecrets in two

https://boringssl-review.googlesource.com/c/boringssl/+/40127 changes how
encryption secrets are passed from BoringSSL to QUIC. Instead of setting
both the read and write secrets in a single call, they will be set in two
separate calls which will occur at different times.

This is the first CL to prepare for that change. It splits
SetEncryptionSecrets into SetWriteSecret and SetReadSecret. This CL does
not introduce a behavior change: SetWriteSecret and SetReadSecret are
called at the same time SetEncryptionSecrets formerly was called.

gfe-relnote: Split method in two, no behavior change
PiperOrigin-RevId: 297417937
Change-Id: I857505c93111ee0c1d4d2685d085630581feb25d
diff --git a/quic/core/crypto/tls_connection.cc b/quic/core/crypto/tls_connection.cc
index ec6a226..d1931d6 100644
--- a/quic/core/crypto/tls_connection.cc
+++ b/quic/core/crypto/tls_connection.cc
@@ -125,8 +125,11 @@
   std::vector<uint8_t> read_secret(key_length), write_secret(key_length);
   memcpy(read_secret.data(), read_key, key_length);
   memcpy(write_secret.data(), write_key, key_length);
-  if (!ConnectionFromSsl(ssl)->delegate_->SetEncryptionSecret(
-          QuicEncryptionLevel(level), read_secret, write_secret)) {
+  TlsConnection::Delegate* delegate = ConnectionFromSsl(ssl)->delegate_;
+  const SSL_CIPHER* cipher = SSL_get_pending_cipher(ssl);
+  delegate->SetWriteSecret(QuicEncryptionLevel(level), cipher, write_secret);
+  if (!delegate->SetReadSecret(QuicEncryptionLevel(level), cipher,
+                               read_secret)) {
     return 0;
   }
   return 1;
diff --git a/quic/core/crypto/tls_connection.h b/quic/core/crypto/tls_connection.h
index f037743..912a969 100644
--- a/quic/core/crypto/tls_connection.h
+++ b/quic/core/crypto/tls_connection.h
@@ -31,16 +31,23 @@
     virtual ~Delegate() {}
 
    protected:
-    // SetEncryptionSecret provides the encryption secrets to use at a
-    // particular encryption level |level|. The secrets provided here are the
-    // ones from the TLS 1.3 key schedule (RFC 8446 section 7.1), in particular
-    // the handshake traffic secrets and application traffic secrets. For a
-    // given level |level|, |read_secret| is the secret used for reading data,
-    // and |write_secret| is the secret used for writing data.
-    virtual bool SetEncryptionSecret(
-        EncryptionLevel level,
-        const std::vector<uint8_t>& read_secret,
-        const std::vector<uint8_t>& write_secret) = 0;
+    // SetWriteSecret provides the encryption secret used to encrypt messages at
+    // encryption level |level|. The secret provided here is the one from the
+    // TLS 1.3 key schedule (RFC 8446 section 7.1), in particular the handshake
+    // traffic secrets and application traffic secrets. The provided write
+    // secret must be used with the provided cipher suite |cipher|.
+    virtual void SetWriteSecret(EncryptionLevel level,
+                                const SSL_CIPHER* cipher,
+                                const std::vector<uint8_t>& write_secret) = 0;
+
+    // SetReadSecret is similar to SetWriteSecret, except that it is used for
+    // decrypting messages. SetReadSecret at a particular level is always called
+    // after SetWriteSecret for that level, except for ENCRYPTION_ZERO_RTT,
+    // where the EncryptionLevel for SetWriteSecret is
+    // ENCRYPTION_FORWARD_SECURE.
+    virtual bool SetReadSecret(EncryptionLevel level,
+                               const SSL_CIPHER* cipher,
+                               const std::vector<uint8_t>& read_secret) = 0;
 
     // WriteMessage is called when there is |data| from the TLS stack ready for
     // the QUIC stack to write in a crypto frame. The data must be transmitted
diff --git a/quic/core/tls_handshaker.cc b/quic/core/tls_handshaker.cc
index b452f29..d8cf338 100644
--- a/quic/core/tls_handshaker.cc
+++ b/quic/core/tls_handshaker.cc
@@ -61,20 +61,22 @@
       SSL_CIPHER_get_prf_nid(SSL_get_pending_cipher(ssl())));
 }
 
-bool TlsHandshaker::SetEncryptionSecret(
-    EncryptionLevel level,
-    const std::vector<uint8_t>& read_secret,
-    const std::vector<uint8_t>& write_secret) {
+void TlsHandshaker::SetWriteSecret(EncryptionLevel level,
+                                   const SSL_CIPHER* cipher,
+                                   const std::vector<uint8_t>& write_secret) {
   std::unique_ptr<QuicEncrypter> encrypter =
-      QuicEncrypter::CreateFromCipherSuite(
-          SSL_CIPHER_get_id(SSL_get_pending_cipher(ssl())));
+      QuicEncrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
   CryptoUtils::SetKeyAndIV(Prf(), write_secret, encrypter.get());
-  std::unique_ptr<QuicDecrypter> decrypter =
-      QuicDecrypter::CreateFromCipherSuite(
-          SSL_CIPHER_get_id(SSL_get_pending_cipher(ssl())));
-  CryptoUtils::SetKeyAndIV(Prf(), read_secret, decrypter.get());
   handshaker_delegate_->OnNewEncryptionKeyAvailable(level,
                                                     std::move(encrypter));
+}
+
+bool TlsHandshaker::SetReadSecret(EncryptionLevel level,
+                                  const SSL_CIPHER* cipher,
+                                  const std::vector<uint8_t>& read_secret) {
+  std::unique_ptr<QuicDecrypter> decrypter =
+      QuicDecrypter::CreateFromCipherSuite(SSL_CIPHER_get_id(cipher));
+  CryptoUtils::SetKeyAndIV(Prf(), read_secret, decrypter.get());
   return handshaker_delegate_->OnNewDecryptionKeyAvailable(
       level, std::move(decrypter),
       /*set_alternative_decrypter=*/false,
diff --git a/quic/core/tls_handshaker.h b/quic/core/tls_handshaker.h
index 80615a1..ab84e3b 100644
--- a/quic/core/tls_handshaker.h
+++ b/quic/core/tls_handshaker.h
@@ -71,16 +71,22 @@
     return handshaker_delegate_;
   }
 
-  // SetEncryptionSecret provides the encryption secret to use at a particular
-  // encryption level. The secrets provided here are the ones from the TLS 1.3
-  // key schedule (RFC 8446 section 7.1), in particular the handshake traffic
-  // secrets and application traffic secrets. For a given secret |secret|,
-  // |level| indicates which EncryptionLevel it is to be used at, and |is_write|
-  // indicates whether it is used for encryption or decryption.
-  // Returns true if secret is sucessfully set, otherwise, returns false.
-  bool SetEncryptionSecret(EncryptionLevel level,
-                           const std::vector<uint8_t>& read_secret,
-                           const std::vector<uint8_t>& write_secret) override;
+  // SetWriteSecret provides the encryption secret used to encrypt messages at
+  // encryption level |level|. The secret provided here is the one from the TLS
+  // 1.3 key schedule (RFC 8446 section 7.1), in particular the handshake
+  // traffic secrets and application traffic secrets. The provided write secret
+  // must be used with the provided cipher suite |cipher|.
+  void SetWriteSecret(EncryptionLevel level,
+                      const SSL_CIPHER* cipher,
+                      const std::vector<uint8_t>& write_secret) override;
+
+  // SetReadSecret is similar to SetWriteSecret, except that it is used for
+  // decrypting messages. SetReadSecret at a particular level is always called
+  // after SetWriteSecret for that level, except for ENCRYPTION_ZERO_RTT, where
+  // the EncryptionLevel for SetWriteSecret is ENCRYPTION_FORWARD_SECURE.
+  bool SetReadSecret(EncryptionLevel level,
+                     const SSL_CIPHER* cipher,
+                     const std::vector<uint8_t>& read_secret) override;
 
   // WriteMessage is called when there is |data| from the TLS stack ready for
   // the QUIC stack to write in a crypto frame. The data must be transmitted at