Split KeyExchange into synchronous and asynchronous variants
As part of the implementation of go/leto-II-design, an asynchronous interface was added to the KeyExchange class, to allow an implementation which would make an RPC to a service holding the private key. This fit awkwardly into the existing code, and we intended it as a short-term patch until we could come up with a better separation of concerns.
This CL improves matters by splitting the KeyExchange class into two. The AsyncKeyExchange interface has only an asynchronous interface. SyncKeyExchange has both synchronous and asynchronous interfaces, with the latter implemented in terms of the former. The existing "local" key-exchange classes inherit from SyncKeyExchange. Handshaking code which may or may not need to talk to Leto uses the AsyncKeyExchange uniformly, but depending on whether Leto is enabled or not, the concrete objects being used might be local or remote.
This CL also removes the "Factory" pattern previously used for creating KeyExchange objects. It required a bunch of boilerplate and provided little benefit.
gfe-relnote: no-op refactoring in the area of QUIC handshakes. No functional change intended, not flag-protected.
PiperOrigin-RevId: 238508479
Change-Id: Ib5ca6ae5afbdcb712c7d2f86a4d272ef168b90f3
diff --git a/quic/core/crypto/crypto_handshake.h b/quic/core/crypto/crypto_handshake.h
index 7846708..4608889 100644
--- a/quic/core/crypto/crypto_handshake.h
+++ b/quic/core/crypto/crypto_handshake.h
@@ -15,7 +15,7 @@
namespace quic {
class CommonCertSets;
-class KeyExchange;
+class SynchronousKeyExchange;
class QuicDecrypter;
class QuicEncrypter;
@@ -127,7 +127,7 @@
std::vector<std::string> cached_certs;
// client_key_exchange is used by clients to store the ephemeral KeyExchange
// for the connection.
- std::unique_ptr<KeyExchange> client_key_exchange;
+ std::unique_ptr<SynchronousKeyExchange> client_key_exchange;
// channel_id is set by servers to a ChannelID key when the client correctly
// proves possession of the corresponding private key. It consists of 32
// bytes of x coordinate, followed by 32 bytes of y coordinate. Both values
diff --git a/quic/core/crypto/curve25519_key_exchange.cc b/quic/core/crypto/curve25519_key_exchange.cc
index 1400d0c..044693d 100644
--- a/quic/core/crypto/curve25519_key_exchange.cc
+++ b/quic/core/crypto/curve25519_key_exchange.cc
@@ -9,26 +9,10 @@
#include "third_party/boringssl/src/include/openssl/curve25519.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_random.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
namespace quic {
-namespace {
-
-class Curve25519KeyExchangeFactory : public KeyExchange::Factory {
- public:
- Curve25519KeyExchangeFactory() = default;
- ~Curve25519KeyExchangeFactory() override = default;
-
- std::unique_ptr<KeyExchange> Create(QuicRandom* rand) const override {
- const std::string private_value =
- Curve25519KeyExchange::NewPrivateKey(rand);
- return Curve25519KeyExchange::New(private_value);
- }
-
- QuicTag tag() const override { return kC255; }
-};
-
-} // namespace
Curve25519KeyExchange::Curve25519KeyExchange() {}
@@ -36,6 +20,15 @@
// static
std::unique_ptr<Curve25519KeyExchange> Curve25519KeyExchange::New(
+ QuicRandom* rand) {
+ std::unique_ptr<Curve25519KeyExchange> result =
+ New(Curve25519KeyExchange::NewPrivateKey(rand));
+ QUIC_BUG_IF(result == nullptr);
+ return result;
+}
+
+// static
+std::unique_ptr<Curve25519KeyExchange> Curve25519KeyExchange::New(
QuicStringPiece private_key) {
// We don't want to #include the BoringSSL headers in the public header file,
// so we use literals for the sizes of private_key_ and public_key_. Here we
@@ -65,15 +58,9 @@
return std::string(reinterpret_cast<char*>(private_key), sizeof(private_key));
}
-const Curve25519KeyExchange::Factory& Curve25519KeyExchange::GetFactory()
- const {
- static const Factory* factory = new Curve25519KeyExchangeFactory;
- return *factory;
-}
-
-bool Curve25519KeyExchange::CalculateSharedKey(
+bool Curve25519KeyExchange::CalculateSharedKeySync(
QuicStringPiece peer_public_value,
- std::string* out_result) const {
+ std::string* shared_key) const {
if (peer_public_value.size() != X25519_PUBLIC_VALUE_LEN) {
return false;
}
@@ -84,17 +71,10 @@
return false;
}
- out_result->assign(reinterpret_cast<char*>(result), sizeof(result));
+ shared_key->assign(reinterpret_cast<char*>(result), sizeof(result));
return true;
}
-void Curve25519KeyExchange::CalculateSharedKey(
- QuicStringPiece peer_public_value,
- std::string* shared_key,
- std::unique_ptr<Callback> callback) const {
- callback->Run(CalculateSharedKey(peer_public_value, shared_key));
-}
-
QuicStringPiece Curve25519KeyExchange::public_value() const {
return QuicStringPiece(reinterpret_cast<const char*>(public_key_),
sizeof(public_key_));
diff --git a/quic/core/crypto/curve25519_key_exchange.h b/quic/core/crypto/curve25519_key_exchange.h
index 5cefa55..31c6c0e 100644
--- a/quic/core/crypto/curve25519_key_exchange.h
+++ b/quic/core/crypto/curve25519_key_exchange.h
@@ -16,14 +16,18 @@
class QuicRandom;
-// Curve25519KeyExchange implements a KeyExchange using elliptic-curve
-// Diffie-Hellman on curve25519. See http://cr.yp.to/ecdh.html
-class QUIC_EXPORT_PRIVATE Curve25519KeyExchange : public KeyExchange {
+// Curve25519KeyExchange implements a SynchronousKeyExchange using
+// elliptic-curve Diffie-Hellman on curve25519. See http://cr.yp.to/ecdh.html
+class QUIC_EXPORT_PRIVATE Curve25519KeyExchange
+ : public SynchronousKeyExchange {
public:
~Curve25519KeyExchange() override;
- // New creates a new object from a private key. If the private key is
- // invalid, nullptr is returned.
+ // New generates a private key and then creates new key-exchange object.
+ static std::unique_ptr<Curve25519KeyExchange> New(QuicRandom* rand);
+
+ // New creates a new key-exchange object from a private key. If |private_key|
+ // is invalid, nullptr is returned.
static std::unique_ptr<Curve25519KeyExchange> New(
QuicStringPiece private_key);
@@ -31,14 +35,11 @@
// passing to |New|.
static std::string NewPrivateKey(QuicRandom* rand);
- // KeyExchange interface.
- const Factory& GetFactory() const override;
- bool CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key) const override;
- void CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key,
- std::unique_ptr<Callback> callback) const override;
+ // SynchronousKeyExchange interface.
+ bool CalculateSharedKeySync(QuicStringPiece peer_public_value,
+ std::string* shared_key) const override;
QuicStringPiece public_value() const override;
+ QuicTag type() const override { return kC255; }
private:
Curve25519KeyExchange();
diff --git a/quic/core/crypto/curve25519_key_exchange_test.cc b/quic/core/crypto/curve25519_key_exchange_test.cc
index f5ccd80..93aa298 100644
--- a/quic/core/crypto/curve25519_key_exchange_test.cc
+++ b/quic/core/crypto/curve25519_key_exchange_test.cc
@@ -28,7 +28,7 @@
// Key exchange callback which sets the result into the specified
// TestCallbackResult.
- class TestCallback : public KeyExchange::Callback {
+ class TestCallback : public AsynchronousKeyExchange::Callback {
public:
TestCallback(TestCallbackResult* result) : result_(result) {}
virtual ~TestCallback() = default;
@@ -58,13 +58,13 @@
const QuicStringPiece bob_public(bob->public_value());
std::string alice_shared, bob_shared;
- ASSERT_TRUE(alice->CalculateSharedKey(bob_public, &alice_shared));
- ASSERT_TRUE(bob->CalculateSharedKey(alice_public, &bob_shared));
+ ASSERT_TRUE(alice->CalculateSharedKeySync(bob_public, &alice_shared));
+ ASSERT_TRUE(bob->CalculateSharedKeySync(alice_public, &bob_shared));
ASSERT_EQ(alice_shared, bob_shared);
}
}
-// SharedKeyAsync just tests that the basic asynchronouse key exchange identity
+// SharedKeyAsync just tests that the basic asynchronous key exchange identity
// holds: that both parties end up with the same key.
TEST_F(Curve25519KeyExchangeTest, SharedKeyAsync) {
QuicRandom* const rand = QuicRandom::GetInstance();
@@ -84,13 +84,13 @@
std::string alice_shared, bob_shared;
TestCallbackResult alice_result;
ASSERT_FALSE(alice_result.ok());
- alice->CalculateSharedKey(bob_public, &alice_shared,
- QuicMakeUnique<TestCallback>(&alice_result));
+ alice->CalculateSharedKeyAsync(bob_public, &alice_shared,
+ QuicMakeUnique<TestCallback>(&alice_result));
ASSERT_TRUE(alice_result.ok());
TestCallbackResult bob_result;
ASSERT_FALSE(bob_result.ok());
- bob->CalculateSharedKey(alice_public, &bob_shared,
- QuicMakeUnique<TestCallback>(&bob_result));
+ bob->CalculateSharedKeyAsync(alice_public, &bob_shared,
+ QuicMakeUnique<TestCallback>(&bob_result));
ASSERT_TRUE(bob_result.ok());
ASSERT_EQ(alice_shared, bob_shared);
ASSERT_NE(0u, alice_shared.length());
diff --git a/quic/core/crypto/key_exchange.cc b/quic/core/crypto/key_exchange.cc
new file mode 100644
index 0000000..1969e75
--- /dev/null
+++ b/quic/core/crypto/key_exchange.cc
@@ -0,0 +1,42 @@
+// Copyright (c) 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/third_party/quiche/src/quic/core/crypto/key_exchange.h"
+#include "net/third_party/quiche/src/quic/core/crypto/curve25519_key_exchange.h"
+#include "net/third_party/quiche/src/quic/core/crypto/p256_key_exchange.h"
+#include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h"
+
+namespace quic {
+
+std::unique_ptr<SynchronousKeyExchange> CreateLocalSynchronousKeyExchange(
+ QuicTag type,
+ QuicStringPiece private_key) {
+ switch (type) {
+ case kC255:
+ return Curve25519KeyExchange::New(private_key);
+ case kP256:
+ return P256KeyExchange::New(private_key);
+ default:
+ QUIC_BUG << "Unknown key exchange method: " << QuicTagToString(type);
+ return nullptr;
+ }
+}
+
+std::unique_ptr<SynchronousKeyExchange> CreateLocalSynchronousKeyExchange(
+ QuicTag type,
+ QuicRandom* rand) {
+ switch (type) {
+ case kC255:
+ return Curve25519KeyExchange::New(rand);
+ break;
+ case kP256:
+ return P256KeyExchange::New();
+ break;
+ default:
+ QUIC_BUG << "Unknown key exchange method: " << QuicTagToString(type);
+ return nullptr;
+ }
+}
+
+} // namespace quic
diff --git a/quic/core/crypto/key_exchange.h b/quic/core/crypto/key_exchange.h
index 7d4f76d..c695523 100644
--- a/quic/core/crypto/key_exchange.h
+++ b/quic/core/crypto/key_exchange.h
@@ -16,28 +16,12 @@
class QuicRandom;
-// KeyExchange is an abstract class that provides an interface to a
-// key-exchange primitive.
-class QUIC_EXPORT_PRIVATE KeyExchange {
+// Interface for a Diffie-Hellman key exchange with an asynchronous interface.
+// This allows for implementations which hold the private key locally, as well
+// as ones which make an RPC to an external key-exchange service.
+class QUIC_EXPORT_PRIVATE AsynchronousKeyExchange {
public:
- virtual ~KeyExchange() {}
-
- class Factory {
- public:
- virtual ~Factory() = default;
- Factory(const Factory&) = delete;
- Factory& operator=(const Factory&) = delete;
-
- // Generates a new public, private key pair. (This is intended for
- // servers that need to generate forward-secure keys.)
- virtual std::unique_ptr<KeyExchange> Create(QuicRandom* rand) const = 0;
-
- // Returns the tag value that identifies this key exchange function.
- virtual QuicTag tag() const = 0;
-
- protected:
- Factory() = default;
- };
+ virtual ~AsynchronousKeyExchange() = default;
// Callback base class for receiving the results of an async call to
// CalculateSharedKeys.
@@ -46,11 +30,11 @@
Callback() = default;
virtual ~Callback() = default;
- // Invoked upon completion of CalculateSharedKeys.
+ // Invoked upon completion of CalculateSharedKeysAsync.
//
// |ok| indicates whether the operation completed successfully. If false,
- // then the value of |shared_key| passed in to CalculateSharedKey is
- // undefined.
+ // then the value pointed to by |shared_key| passed in to
+ // CalculateSharedKeyAsync is undefined.
virtual void Run(bool ok) = 0;
private:
@@ -58,30 +42,64 @@
Callback& operator=(const Callback&) = delete;
};
- // Get a reference to the singleton Factory object for this KeyExchange type.
- virtual const Factory& GetFactory() const = 0;
+ // CalculateSharedKey computes the shared key between a private key which is
+ // conceptually owned by this object (though it may not be physically located
+ // in this process) and a public value from the peer. Callers should expect
+ // that |callback| might be invoked synchronously. Results will be written
+ // into |*shared_key|.
+ virtual void CalculateSharedKeyAsync(
+ QuicStringPiece peer_public_value,
+ std::string* shared_key,
+ std::unique_ptr<Callback> callback) const = 0;
- // CalculateSharedKey computes the shared key between the local private key
- // (which is implicitly known by a KeyExchange object) and a public value
- // from the peer.
- virtual bool CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key) const = 0;
+ // Tag indicating the key-exchange algorithm this object will use.
+ virtual QuicTag type() const = 0;
+};
- // CalculateSharedKey computes the shared key between the local private key
- // (which is may not be locally known to a KeyExchange object) and a public
- // value from the peer.
- // Callers should expect that |callback| might be invoked synchronously.
- virtual void CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key,
- std::unique_ptr<Callback> callback) const = 0;
+// Interface for a Diffie-Hellman key exchange with both synchronous and
+// asynchronous interfaces. Only implementations which hold the private key
+// locally should implement this interface.
+class QUIC_EXPORT_PRIVATE SynchronousKeyExchange
+ : public AsynchronousKeyExchange {
+ public:
+ virtual ~SynchronousKeyExchange() = default;
+
+ // AyncKeyExchange API. Note that this method is marked 'final.' Subclasses
+ // should implement CalculateSharedKeySync only.
+ void CalculateSharedKeyAsync(QuicStringPiece peer_public_value,
+ std::string* shared_key,
+ std::unique_ptr<Callback> callback) const final {
+ const bool ok = CalculateSharedKeySync(peer_public_value, shared_key);
+ callback->Run(ok);
+ }
+
+ // CalculateSharedKey computes the shared key between a local private key and
+ // a public value from the peer. Results will be written into |*shared_key|.
+ virtual bool CalculateSharedKeySync(QuicStringPiece peer_public_value,
+ std::string* shared_key) const = 0;
// public_value returns the local public key which can be sent to a peer in
// order to complete a key exchange. The returned QuicStringPiece is a
- // reference to a member of the KeyExchange and is only valid for as long as
- // the KeyExchange exists.
+ // reference to a member of this object and is only valid for as long as it
+ // exists.
virtual QuicStringPiece public_value() const = 0;
};
+// Create a SynchronousKeyExchange object which will use a keypair generated
+// from |private_key|, and a key-exchange algorithm specified by |type|, which
+// must be one of {kC255, kC256}. Returns nullptr if |private_key| or |type| is
+// invalid.
+std::unique_ptr<SynchronousKeyExchange> CreateLocalSynchronousKeyExchange(
+ QuicTag type,
+ QuicStringPiece private_key);
+
+// Create a SynchronousKeyExchange object which will use a keypair generated
+// from |rand|, and a key-exchange algorithm specified by |type|, which must be
+// one of {kC255, kC256}. Returns nullptr if |type| is invalid.
+std::unique_ptr<SynchronousKeyExchange> CreateLocalSynchronousKeyExchange(
+ QuicTag type,
+ QuicRandom* rand);
+
} // namespace quic
#endif // QUICHE_QUIC_CORE_CRYPTO_KEY_EXCHANGE_H_
diff --git a/quic/core/crypto/p256_key_exchange.cc b/quic/core/crypto/p256_key_exchange.cc
index f56a0aa..1cabc64 100644
--- a/quic/core/crypto/p256_key_exchange.cc
+++ b/quic/core/crypto/p256_key_exchange.cc
@@ -17,23 +17,6 @@
#include "net/third_party/quiche/src/quic/platform/api/quic_ptr_util.h"
namespace quic {
-namespace {
-
-class P256KeyExchangeFactory : public KeyExchange::Factory {
- public:
- P256KeyExchangeFactory() = default;
- ~P256KeyExchangeFactory() override = default;
-
- std::unique_ptr<KeyExchange> Create(QuicRandom* /* rand */) const override {
- // TODO(agl): avoid the serialisation/deserialisation in this function.
- const std::string private_value = P256KeyExchange::NewPrivateKey();
- return P256KeyExchange::New(private_value);
- }
-
- QuicTag tag() const override { return kP256; }
-};
-
-} // namespace
P256KeyExchange::P256KeyExchange(bssl::UniquePtr<EC_KEY> private_key,
const uint8_t* public_key)
@@ -44,6 +27,11 @@
P256KeyExchange::~P256KeyExchange() {}
// static
+std::unique_ptr<P256KeyExchange> P256KeyExchange::New() {
+ return New(P256KeyExchange::NewPrivateKey());
+}
+
+// static
std::unique_ptr<P256KeyExchange> P256KeyExchange::New(QuicStringPiece key) {
if (key.empty()) {
QUIC_DLOG(INFO) << "Private key is empty";
@@ -93,13 +81,8 @@
return std::string(reinterpret_cast<char*>(private_key.get()), key_len);
}
-const KeyExchange::Factory& P256KeyExchange::GetFactory() const {
- static const Factory* factory = new P256KeyExchangeFactory;
- return *factory;
-}
-
-bool P256KeyExchange::CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* out_result) const {
+bool P256KeyExchange::CalculateSharedKeySync(QuicStringPiece peer_public_value,
+ std::string* shared_key) const {
if (peer_public_value.size() != kUncompressedP256PointBytes) {
QUIC_DLOG(INFO) << "Peer public value is invalid";
return false;
@@ -124,17 +107,10 @@
return false;
}
- out_result->assign(reinterpret_cast<char*>(result), sizeof(result));
+ shared_key->assign(reinterpret_cast<char*>(result), sizeof(result));
return true;
}
-void P256KeyExchange::CalculateSharedKey(
- QuicStringPiece peer_public_value,
- std::string* shared_key,
- std::unique_ptr<Callback> callback) const {
- callback->Run(CalculateSharedKey(peer_public_value, shared_key));
-}
-
QuicStringPiece P256KeyExchange::public_value() const {
return QuicStringPiece(reinterpret_cast<const char*>(public_key_),
sizeof(public_key_));
diff --git a/quic/core/crypto/p256_key_exchange.h b/quic/core/crypto/p256_key_exchange.h
index dcd81f7..a4e5709 100644
--- a/quic/core/crypto/p256_key_exchange.h
+++ b/quic/core/crypto/p256_key_exchange.h
@@ -15,29 +15,29 @@
namespace quic {
-// P256KeyExchange implements a KeyExchange using elliptic-curve
+// P256KeyExchange implements a SynchronousKeyExchange using elliptic-curve
// Diffie-Hellman on NIST P-256.
-class QUIC_EXPORT_PRIVATE P256KeyExchange : public KeyExchange {
+class QUIC_EXPORT_PRIVATE P256KeyExchange : public SynchronousKeyExchange {
public:
~P256KeyExchange() override;
- // New creates a new key exchange object from a private key. If
- // |private_key| is invalid, nullptr is returned.
+ // New generates a private key and then creates new key-exchange object.
+ static std::unique_ptr<P256KeyExchange> New();
+
+ // New creates a new key-exchange object from a private key. If |private_key|
+ // is invalid, nullptr is returned.
static std::unique_ptr<P256KeyExchange> New(QuicStringPiece private_key);
- // |NewPrivateKey| returns a private key, suitable for passing to |New|.
+ // NewPrivateKey returns a private key, suitable for passing to |New|.
// If |NewPrivateKey| can't generate a private key, it returns an empty
// string.
static std::string NewPrivateKey();
- // KeyExchange interface.
- const Factory& GetFactory() const override;
- bool CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key) const override;
- void CalculateSharedKey(QuicStringPiece peer_public_value,
- std::string* shared_key,
- std::unique_ptr<Callback> callback) const override;
+ // SynchronousKeyExchange interface.
+ bool CalculateSharedKeySync(QuicStringPiece peer_public_value,
+ std::string* shared_key) const override;
QuicStringPiece public_value() const override;
+ QuicTag type() const override { return kP256; }
private:
enum {
diff --git a/quic/core/crypto/p256_key_exchange_test.cc b/quic/core/crypto/p256_key_exchange_test.cc
index 11d7bd8..34a4993 100644
--- a/quic/core/crypto/p256_key_exchange_test.cc
+++ b/quic/core/crypto/p256_key_exchange_test.cc
@@ -27,7 +27,7 @@
// Key exchange callback which sets the result into the specified
// TestCallbackResult.
- class TestCallback : public KeyExchange::Callback {
+ class TestCallback : public AsynchronousKeyExchange::Callback {
public:
TestCallback(TestCallbackResult* result) : result_(result) {}
virtual ~TestCallback() = default;
@@ -39,7 +39,7 @@
};
};
-// SharedKeyAsync just tests that the basic asynchronouse key exchange identity
+// SharedKeyAsync just tests that the basic asynchronous key exchange identity
// holds: that both parties end up with the same key.
TEST_F(P256KeyExchangeTest, SharedKey) {
for (int i = 0; i < 5; i++) {
@@ -60,8 +60,8 @@
const QuicStringPiece bob_public(bob->public_value());
std::string alice_shared, bob_shared;
- ASSERT_TRUE(alice->CalculateSharedKey(bob_public, &alice_shared));
- ASSERT_TRUE(bob->CalculateSharedKey(alice_public, &bob_shared));
+ ASSERT_TRUE(alice->CalculateSharedKeySync(bob_public, &alice_shared));
+ ASSERT_TRUE(bob->CalculateSharedKeySync(alice_public, &bob_shared));
ASSERT_EQ(alice_shared, bob_shared);
}
}
@@ -89,13 +89,13 @@
std::string alice_shared, bob_shared;
TestCallbackResult alice_result;
ASSERT_FALSE(alice_result.ok());
- alice->CalculateSharedKey(bob_public, &alice_shared,
- QuicMakeUnique<TestCallback>(&alice_result));
+ alice->CalculateSharedKeyAsync(bob_public, &alice_shared,
+ QuicMakeUnique<TestCallback>(&alice_result));
ASSERT_TRUE(alice_result.ok());
TestCallbackResult bob_result;
ASSERT_FALSE(bob_result.ok());
- bob->CalculateSharedKey(alice_public, &bob_shared,
- QuicMakeUnique<TestCallback>(&bob_result));
+ bob->CalculateSharedKeyAsync(alice_public, &bob_shared,
+ QuicMakeUnique<TestCallback>(&bob_result));
ASSERT_TRUE(bob_result.ok());
ASSERT_EQ(alice_shared, bob_shared);
ASSERT_NE(0u, alice_shared.length());
diff --git a/quic/core/crypto/quic_crypto_client_config.cc b/quic/core/crypto/quic_crypto_client_config.cc
index 3da127a..3983836 100644
--- a/quic/core/crypto/quic_crypto_client_config.cc
+++ b/quic/core/crypto/quic_crypto_client_config.cc
@@ -629,7 +629,7 @@
return QUIC_CRYPTO_INTERNAL_ERROR;
}
- if (!out_params->client_key_exchange->CalculateSharedKey(
+ if (!out_params->client_key_exchange->CalculateSharedKeySync(
public_value, &out_params->initial_premaster_secret)) {
*error_details = "Key exchange failure";
return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
@@ -903,7 +903,7 @@
return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
}
- if (!out_params->client_key_exchange->CalculateSharedKey(
+ if (!out_params->client_key_exchange->CalculateSharedKeySync(
public_value, &out_params->forward_secure_premaster_secret)) {
*error_details = "Key exchange failure";
return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
diff --git a/quic/core/crypto/quic_crypto_server_config.cc b/quic/core/crypto/quic_crypto_server_config.cc
index 54af8cf..ff4cd13 100644
--- a/quic/core/crypto/quic_crypto_server_config.cc
+++ b/quic/core/crypto/quic_crypto_server_config.cc
@@ -74,40 +74,22 @@
DefaultKeyExchangeSource() = default;
~DefaultKeyExchangeSource() override = default;
- std::unique_ptr<KeyExchange> Create(std::string /*server_config_id*/,
- QuicTag type,
- QuicStringPiece private_key) override {
+ std::unique_ptr<AsynchronousKeyExchange> Create(
+ std::string server_config_id,
+ QuicTag type,
+ QuicStringPiece private_key) override {
if (private_key.empty()) {
QUIC_LOG(WARNING) << "Server config contains key exchange method without "
- "corresponding private key: "
- << type;
+ "corresponding private key of type "
+ << QuicTagToString(type);
return nullptr;
}
- std::unique_ptr<KeyExchange> ka;
- switch (type) {
- case kC255:
- ka = Curve25519KeyExchange::New(private_key);
- if (!ka) {
- QUIC_LOG(WARNING) << "Server config contained an invalid curve25519"
- " private key.";
- return nullptr;
- }
- break;
- case kP256:
- ka = P256KeyExchange::New(private_key);
- if (!ka) {
- QUIC_LOG(WARNING) << "Server config contained an invalid P-256"
- " private key.";
- return nullptr;
- }
- break;
- default:
- QUIC_LOG(WARNING)
- << "Server config message contains unknown key exchange "
- "method: "
- << type;
- return nullptr;
+ std::unique_ptr<SynchronousKeyExchange> ka =
+ CreateLocalSynchronousKeyExchange(type, private_key);
+ if (!ka) {
+ QUIC_LOG(WARNING) << "Failed to create key exchange method of type "
+ << QuicTagToString(type);
}
return ka;
}
@@ -250,8 +232,8 @@
const std::string curve25519_private_key =
Curve25519KeyExchange::NewPrivateKey(rand);
- std::unique_ptr<Curve25519KeyExchange> curve25519(
- Curve25519KeyExchange::New(curve25519_private_key));
+ std::unique_ptr<Curve25519KeyExchange> curve25519 =
+ Curve25519KeyExchange::New(curve25519_private_key);
QuicStringPiece curve25519_public_value = curve25519->public_value();
std::string encoded_public_values;
@@ -666,12 +648,12 @@
};
class QuicCryptoServerConfig::ProcessClientHelloAfterGetProofCallback
- : public KeyExchange::Callback {
+ : public AsynchronousKeyExchange::Callback {
public:
ProcessClientHelloAfterGetProofCallback(
const QuicCryptoServerConfig* config,
std::unique_ptr<ProofSource::Details> proof_source_details,
- const KeyExchange::Factory& key_exchange_factory,
+ QuicTag key_exchange_type,
std::unique_ptr<CryptoHandshakeMessage> out,
QuicStringPiece public_value,
QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result>
@@ -689,7 +671,7 @@
std::unique_ptr<ProcessClientHelloResultCallback> done_cb)
: config_(config),
proof_source_details_(std::move(proof_source_details)),
- key_exchange_factory_(key_exchange_factory),
+ key_exchange_type_(key_exchange_type),
out_(std::move(out)),
public_value_(public_value),
validate_chlo_result_(std::move(validate_chlo_result)),
@@ -707,7 +689,7 @@
void Run(bool ok) override {
config_->ProcessClientHelloAfterCalculateSharedKeys(
- !ok, std::move(proof_source_details_), key_exchange_factory_,
+ !ok, std::move(proof_source_details_), key_exchange_type_,
std::move(out_), public_value_, *validate_chlo_result_, connection_id_,
client_address_, version_, supported_versions_, clock_, rand_, params_,
signed_config_, requested_config_, primary_config_,
@@ -717,7 +699,7 @@
private:
const QuicCryptoServerConfig* config_;
std::unique_ptr<ProofSource::Details> proof_source_details_;
- const KeyExchange::Factory& key_exchange_factory_;
+ QuicTag key_exchange_type_;
std::unique_ptr<CryptoHandshakeMessage> out_;
std::string public_value_;
QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result>
@@ -955,24 +937,24 @@
return;
}
- const KeyExchange* key_exchange =
+ const AsynchronousKeyExchange* key_exchange =
requested_config->key_exchanges[key_exchange_index].get();
// TODO(rch): Would it be better to implement a move operator and just
// std::move(helper) instead of done_cb?
helper.DetachCallback();
auto cb = QuicMakeUnique<ProcessClientHelloAfterGetProofCallback>(
- this, std::move(proof_source_details), key_exchange->GetFactory(),
+ this, std::move(proof_source_details), key_exchange->type(),
std::move(out), public_value, validate_chlo_result, connection_id,
client_address, version, supported_versions, clock, rand, params,
signed_config, requested_config, primary_config, std::move(done_cb));
- key_exchange->CalculateSharedKey(
+ key_exchange->CalculateSharedKeyAsync(
public_value, ¶ms->initial_premaster_secret, std::move(cb));
}
void QuicCryptoServerConfig::ProcessClientHelloAfterCalculateSharedKeys(
bool found_error,
std::unique_ptr<ProofSource::Details> proof_source_details,
- const KeyExchange::Factory& key_exchange_factory,
+ QuicTag key_exchange_type,
std::unique_ptr<CryptoHandshakeMessage> out,
QuicStringPiece public_value,
const ValidateClientHelloResultCallback::Result& validate_chlo_result,
@@ -996,7 +978,8 @@
ProcessClientHelloHelper helper(&done_cb);
if (found_error) {
- helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "Invalid public value");
+ helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
+ "Failed to calculate shared key");
return;
}
@@ -1104,11 +1087,18 @@
}
std::string forward_secure_public_value;
- std::unique_ptr<KeyExchange> forward_secure_key_exchange =
- key_exchange_factory.Create(rand);
+ std::unique_ptr<SynchronousKeyExchange> forward_secure_key_exchange =
+ CreateLocalSynchronousKeyExchange(key_exchange_type, rand);
+ if (!forward_secure_key_exchange) {
+ QUIC_DLOG(WARNING) << "Failed to create keypair";
+ helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER,
+ "Failed to create keypair");
+ return;
+ }
+
forward_secure_public_value =
std::string(forward_secure_key_exchange->public_value());
- if (!forward_secure_key_exchange->CalculateSharedKey(
+ if (!forward_secure_key_exchange->CalculateSharedKeySync(
public_value, ¶ms->forward_secure_premaster_secret)) {
helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, "Invalid public value");
return;
@@ -1716,8 +1706,8 @@
QuicReferenceCountedPointer<QuicCryptoServerConfig::Config>
QuicCryptoServerConfig::ParseConfigProtobuf(
const std::unique_ptr<QuicServerConfigProtobuf>& protobuf) {
- std::unique_ptr<CryptoHandshakeMessage> msg(
- CryptoFramer::ParseMessage(protobuf->config()));
+ std::unique_ptr<CryptoHandshakeMessage> msg =
+ CryptoFramer::ParseMessage(protobuf->config());
if (msg->tag() != kSCFG) {
QUIC_LOG(WARNING) << "Server config message has tag " << msg->tag()
@@ -1808,13 +1798,13 @@
}
}
- std::unique_ptr<KeyExchange> ka =
+ std::unique_ptr<AsynchronousKeyExchange> ka =
key_exchange_source_->Create(config->id, tag, private_key);
if (!ka) {
return nullptr;
}
for (const auto& key_exchange : config->key_exchanges) {
- if (key_exchange->GetFactory().tag() == tag) {
+ if (key_exchange->type() == tag) {
QUIC_LOG(WARNING) << "Duplicate key exchange in config: " << tag;
return nullptr;
}
diff --git a/quic/core/crypto/quic_crypto_server_config.h b/quic/core/crypto/quic_crypto_server_config.h
index 29a1488..daaa702 100644
--- a/quic/core/crypto/quic_crypto_server_config.h
+++ b/quic/core/crypto/quic_crypto_server_config.h
@@ -162,9 +162,10 @@
// Create a new KeyExchange of the specified type using the specified
// private key.
- virtual std::unique_ptr<KeyExchange> Create(std::string /*server_config_id*/,
- QuicTag type,
- QuicStringPiece private_key) = 0;
+ virtual std::unique_ptr<AsynchronousKeyExchange> Create(
+ std::string server_config_id,
+ QuicTag type,
+ QuicStringPiece private_key) = 0;
};
// QuicCryptoServerConfig contains the crypto configuration of a QUIC server.
@@ -461,10 +462,9 @@
// used to identify clusters of server frontends.
unsigned char orbit[kOrbitSize];
- // key_exchanges contains key exchange objects with the private keys
- // already loaded. The values correspond, one-to-one, with the tags in
- // |kexs| from the parent class.
- std::vector<std::unique_ptr<KeyExchange>> key_exchanges;
+ // key_exchanges contains key exchange objects. The values correspond,
+ // one-to-one, with the tags in |kexs| from the parent class.
+ std::vector<std::unique_ptr<AsynchronousKeyExchange>> key_exchanges;
// tag_value_map contains the raw key/value pairs for the config.
QuicTagValueMap tag_value_map;
@@ -596,7 +596,7 @@
void ProcessClientHelloAfterCalculateSharedKeys(
bool found_error,
std::unique_ptr<ProofSource::Details> proof_source_details,
- const KeyExchange::Factory& key_exchange_factory,
+ QuicTag key_exchange_type,
std::unique_ptr<CryptoHandshakeMessage> out,
QuicStringPiece public_value,
const ValidateClientHelloResultCallback::Result& validate_chlo_result,
