addHandshakeData impl

Summary: - straight forward implementation of `::addHandshakeData()` & `::setEncryptionSecrets` - upon receiving new handshake bytes from mbedtls layer to send to peer, dispatches that data to the corresponding crypto stream via `ClientHandshake::writeDataToStream` - upon mbedtls deriving new keying material, installs the keys in mvfst via `ClientHandshake::computeCiphers` Reviewed By: sharmafb Differential Revision: D51173190 fbshipit-source-id: e1a9454b762063308039bf2815aa7aefe574ff6b
facebook · Nov 20, 2023 · 64a6a5d · 64a6a5d
1 parent d5d9615
commit 64a6a5d
Show file tree

Hide file tree

Showing 2 changed files with 60 additions and 9 deletions.
diff --git a/quic/mbed/MbedClientHandshake.cpp b/quic/mbed/MbedClientHandshake.cpp
@@ -155,4 +155,56 @@ MbedClientHandshake::buildCiphers(CipherKind kind, folly::ByteRange secret) {
   return {std::move(aead), std::move(packetnum_cipher)};
 }
 
+// cb invoked when secrets are derived by the tls layer for a given enc level
+int MbedClientHandshake::setEncryptionSecrets(
+    EncryptionLevel level,
+    const uint8_t* readKey,
+    const uint8_t* writeKey,
+    size_t length) {
+  // at least one of the keys should be available
+  CHECK(readKey != nullptr || writeKey != nullptr);
+
+  if (readKey != nullptr) {
+    folly::ByteRange key_bytes(readKey, length);
+    switch (level) {
+      case EncryptionLevel::Handshake:
+        computeCiphers(CipherKind::HandshakeRead, key_bytes);
+        break;
+      case EncryptionLevel::AppData:
+        computeCiphers(CipherKind::OneRttRead, key_bytes);
+        break;
+      default:
+        /**
+         * - Initial read/write keys are obtained via
+         *   MbedCryptoFactory::makeInitialAead()
+         *
+         * - 0-rtt not yet supported
+         */
+        break;
+    }
+  }
+
+  if (writeKey != nullptr) {
+    folly::ByteRange key_bytes(writeKey, length);
+    switch (level) {
+      case EncryptionLevel::Handshake:
+        computeCiphers(CipherKind::HandshakeWrite, key_bytes);
+        break;
+      case EncryptionLevel::AppData:
+        computeCiphers(CipherKind::OneRttWrite, key_bytes);
+        break;
+      default:
+        /**
+         * - Initial read/write keys are obtained via
+         *   MbedCryptoFactory::makeInitialAead()
+         *
+         * - 0-rtt not yet supported
+         */
+        break;
+    }
+  }
+
+  return 0;
+}
+
 } // namespace quic
diff --git a/quic/mbed/MbedClientHandshake.h b/quic/mbed/MbedClientHandshake.h
@@ -68,18 +68,17 @@ class MbedClientHandshake : public ClientHandshake {
 
   // cb invoked when secrets are derived by the tls layer for a given enc level
   int setEncryptionSecrets(
-      EncryptionLevel /*level*/,
-      const uint8_t* /*readKey*/,
-      const uint8_t* /*writeKey*/,
-      size_t /*length*/) {
-    return 0;
-  }
+      EncryptionLevel level,
+      const uint8_t* readKey,
+      const uint8_t* writeKey,
+      size_t length);
 
   // cb invoked when new handshake data is available to send to peer
   int addHandshakeData(
-      EncryptionLevel /*level*/,
-      const uint8_t* /*data*/,
-      size_t /*length*/) {
+      EncryptionLevel level,
+      const uint8_t* data,
+      size_t length) {
+    writeDataToStream(level, folly::IOBuf::copyBuffer(data, length));
     return 0;
   }