commit d58736db7b79ab31e6dc652c0fa2d6b2f0564881
author fayang <fayang@google.com> Wed Nov 27 13:35:31 2019 -0800
committer Copybara-Service <copybara-worker@google.com> Wed Nov 27 13:36:12 2019 -0800
tree 3d266d883b20b4dfc479c93ad2a1aeefc5d4db10
parent 446887ea229c40427cfbd7b2e00ad259099a4c6a

gfe-relnote: Use HandshakerDelegateInterface in QUIC handshakers. Abstract keys installation, keys discarding, default encryption level change and mark handshake complete to HandshakerDelegateInterface. Protected by gfe2_reloadable_flag_quic_use_handshaker_delegate.

The final goal is remove session pointer from handshakers.

PiperOrigin-RevId: 282826263
Change-Id: I9b379ccfcebd174df1850f7df45069d388460173

quic/core/quic_crypto_server_handshaker.cc

diff --git a/quic/core/quic_crypto_server_handshaker.cc b/quic/core/quic_crypto_server_handshaker.cc
index 964c8ac..755e35e 100644
--- a/quic/core/quic_crypto_server_handshaker.cc
+++ b/quic/core/quic_crypto_server_handshaker.cc
@@ -54,6 +54,7 @@
     : QuicCryptoHandshaker(stream, session),
       stream_(stream),
       session_(session),
+      delegate_(session),
       crypto_config_(crypto_config),
       compressed_certs_cache_(compressed_certs_cache),
       signed_config_(new QuicSignedServerConfig),
@@ -197,27 +198,52 @@
   // write key.
   //
   // NOTE: the SHLO will be encrypted with the new server write key.
-  session()->connection()->SetEncrypter(
-      ENCRYPTION_ZERO_RTT,
-      std::move(crypto_negotiated_params_->initial_crypters.encrypter));
-  session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
-  // Set the decrypter immediately so that we no longer accept unencrypted
-  // packets.
-  if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
-    session()->connection()->InstallDecrypter(
+  if (session()->use_handshake_delegate()) {
+    delegate_->OnNewKeysAvailable(
         ENCRYPTION_ZERO_RTT,
-        std::move(crypto_negotiated_params_->initial_crypters.decrypter));
-    session()->connection()->RemoveDecrypter(ENCRYPTION_INITIAL);
+        std::move(crypto_negotiated_params_->initial_crypters.decrypter),
+        /*set_alternative_decrypter=*/false,
+        /*latch_once_used=*/false,
+        std::move(crypto_negotiated_params_->initial_crypters.encrypter));
+    delegate_->SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
+    delegate_->DiscardOldDecryptionKey(ENCRYPTION_INITIAL);
   } else {
-    session()->connection()->SetDecrypter(
+    session()->connection()->SetEncrypter(
         ENCRYPTION_ZERO_RTT,
-        std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+        std::move(crypto_negotiated_params_->initial_crypters.encrypter));
+    session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_ZERO_RTT);
+    // Set the decrypter immediately so that we no longer accept unencrypted
+    // packets.
+    if (session()->connection()->version().KnowsWhichDecrypterToUse()) {
+      session()->connection()->InstallDecrypter(
+          ENCRYPTION_ZERO_RTT,
+          std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+      session()->connection()->RemoveDecrypter(ENCRYPTION_INITIAL);
+    } else {
+      session()->connection()->SetDecrypter(
+          ENCRYPTION_ZERO_RTT,
+          std::move(crypto_negotiated_params_->initial_crypters.decrypter));
+    }
   }
   session()->connection()->SetDiversificationNonce(*diversification_nonce);
 
   session()->connection()->set_fully_pad_crypto_handshake_packets(
       crypto_config_->pad_shlo());
   SendHandshakeMessage(*reply);
+  if (session()->use_handshake_delegate()) {
+    delegate_->OnNewKeysAvailable(
+        ENCRYPTION_FORWARD_SECURE,
+        std::move(crypto_negotiated_params_->forward_secure_crypters.decrypter),
+        /*set_alternative_decrypter=*/true,
+        /*latch_once_used=*/false,
+        std::move(
+            crypto_negotiated_params_->forward_secure_crypters.encrypter));
+    encryption_established_ = true;
+    handshake_confirmed_ = true;
+    delegate_->SetDefaultEncryptionLevel(ENCRYPTION_FORWARD_SECURE);
+    delegate_->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
+    return;
+  }
 
   session()->connection()->SetEncrypter(
       ENCRYPTION_FORWARD_SECURE,
@@ -336,6 +362,12 @@
       new CachedNetworkParameters(cached_network_params));
 }
 
+void QuicCryptoServerHandshaker::OnPacketDecrypted(EncryptionLevel level) {
+  if (level == ENCRYPTION_FORWARD_SECURE) {
+    delegate_->NeuterHandshakeData();
+  }
+}
+
 bool QuicCryptoServerHandshaker::ShouldSendExpectCTHeader() const {
   return signed_config_->proof.send_expect_ct_header;
 }