Skip to content

Commit

Permalink
Replace OHttpCryptoReceiver.Builder.setServerKeys(...) with OHttpCryp…
Browse files Browse the repository at this point in the history 
…toReceiver.Builder.setSenderPrivateKey(...) (#35)

Motivation:

OHttpCryptoReceiver.Builder doesnt need to know anything about OHttpServerKeys. Let's just pass in the private key directly

Modifications:

Replace OHttpCryptoReceiver.Builder.setServerKeys(...) with OHttpCryptoReceiver.Builder.setSenderPrivateKey(...)

Result:

API cleanup
  • Loading branch information
@normanmaurer
normanmaurer authored Dec 27, 2023
1 parent a4175f0 commit 195f6ad
Show file tree
Hide file tree
Showing 5 changed files with 12 additions and 18 deletions.
7 changes: 3 additions & 4 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -87,13 +87,12 @@ void encode(ByteBuf out) {
/*
* See https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#section-4.3
*/
byte[] createInfo(OHttpCryptoConfiguration configuration) {
byte[] exportContext = configuration.requestExportContext();
byte[] ret = new byte[exportContext.length + 8];
byte[] createInfo(byte[] requestExportContext) {
byte[] ret = new byte[requestExportContext.length + 1 + ENCODED_LENGTH];
ByteBuf buf = Unpooled.wrappedBuffer(ret);
try {
buf.writerIndex(0)
.writeBytes(exportContext)
.writeBytes(requestExportContext)
.writeByte(0);
encode(buf);
return ret;
Expand Down
15 changes: 5 additions & 10 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import io.netty.incubator.codec.hpke.CryptoDecryptContext;
import io.netty.incubator.codec.hpke.CryptoEncryptContext;
import io.netty.buffer.ByteBuf;
import io.netty.handler.codec.DecoderException;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.OHttpCryptoProvider;
Expand All @@ -38,7 +37,7 @@ public final class OHttpCryptoReceiver extends OHttpCrypto {
public final static class Builder {
private OHttpCryptoProvider provider;
private OHttpCryptoConfiguration configuration;
private OHttpServerKeys serverKeys;
private AsymmetricCipherKeyPair privateKey;
private OHttpCiphersuite ciphersuite;
private byte[] encapsulatedKey;
private byte[] forcedResponseNonce; // for testing only!
Expand All @@ -53,8 +52,8 @@ public Builder setConfiguration(OHttpCryptoConfiguration configuration) {
return this;
}

public Builder setServerKeys(OHttpServerKeys value) {
this.serverKeys = value;
public Builder setSenderPrivateKey(AsymmetricCipherKeyPair privateKey) {
this.privateKey = privateKey;
return this;
}

Expand Down Expand Up @@ -93,21 +92,17 @@ public static Builder newBuilder() {

private OHttpCryptoReceiver(Builder builder) {
this.configuration = requireNonNull(builder.configuration, "configuration");
OHttpServerKeys serverKeys = requireNonNull(builder.serverKeys, "serverKeys");
OHttpCiphersuite ciphersuite = requireNonNull(builder.ciphersuite, "ciphersuite");
byte[] encapsulatedKey = requireNonNull(builder.encapsulatedKey, "encapsulatedKey");
OHttpCryptoProvider provider = requireNonNull(builder.provider, "provider");
AsymmetricCipherKeyPair keyPair = serverKeys.getKeyPair(ciphersuite);
if (keyPair == null) {
throw new DecoderException("ciphersuite not supported");
}
AsymmetricCipherKeyPair keyPair = requireNonNull(builder.privateKey, "privateKey");
if (builder.forcedResponseNonce == null) {
this.responseNonce = ciphersuite.createResponseNonce();
} else {
this.responseNonce = builder.forcedResponseNonce;
}
this.context = provider.setupHPKEBaseR(HPKEMode.Base, ciphersuite.kem(), ciphersuite.kdf(),
ciphersuite.aead(), encapsulatedKey, keyPair, ciphersuite.createInfo(configuration));
ciphersuite.aead(), encapsulatedKey, keyPair, ciphersuite.createInfo(configuration.requestExportContext()));
try {
this.aead = ciphersuite.createResponseAEAD(provider, context, encapsulatedKey,
this.responseNonce, configuration.responseExportContext());
Expand Down
2 changes: 1 addition & 1 deletion codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ private OHttpCryptoSender(Builder builder) {
AsymmetricKeyParameter pkR = requireNonNull(builder.receiverPublicKey, "receiverPublicKey");
AsymmetricCipherKeyPair forcedEphemeralKeyPair = builder.forcedEphemeralKeyPair;
this.context = this.provider.setupHPKEBaseS(HPKEMode.Base, ciphersuite.kem(),
ciphersuite.kdf(), ciphersuite.aead(), pkR, ciphersuite.createInfo(configuration),
ciphersuite.kdf(), ciphersuite.aead(), pkR, ciphersuite.createInfo(configuration.requestExportContext()),
forcedEphemeralKeyPair);
}

Expand Down
2 changes: 1 addition & 1 deletion codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpServerCodec.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ public boolean decodePrefix(ByteBuf in) {
receiver = OHttpCryptoReceiver.newBuilder()
.setOHttpCryptoProvider(provider)
.setConfiguration(version())
.setServerKeys(keys)
.setSenderPrivateKey(keys.getKeyPair(ciphersuite))
.setCiphersuite(ciphersuite)
.setEncapsulatedKey(encapsulatedKey)
.build();
Expand Down
4 changes: 2 additions & 2 deletions codec-ohttp/src/test/java/io/netty/incubator/codec/ohttp/OHttpCryptoTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public void testCryptoVectors(OHttpCryptoProvider senderProvider, OHttpCryptoPro
AEAD.AES_GCM128);

assertEquals("6d6573736167652f626874747020726571756573740001002000010001",
ByteBufUtil.hexDump(ciphersuite.createInfo(OHttpVersionDraft.INSTANCE)));
ByteBufUtil.hexDump(ciphersuite.createInfo(OHttpVersionDraft.INSTANCE.requestExportContext())));

AsymmetricKeyParameter receiverPublicKey
= senderProvider.deserializePublicKey(KEM.X25519_SHA256, kpR.publicParameters().encoded());
Expand Down Expand Up @@ -157,7 +157,7 @@ public void testCryptoVectors(OHttpCryptoProvider senderProvider, OHttpCryptoPro
try (OHttpCryptoReceiver receiver = OHttpCryptoReceiver.newBuilder()
.setOHttpCryptoProvider(receiverProvider)
.setConfiguration(OHttpVersionDraft.INSTANCE)
.setServerKeys(serverKeys)
.setSenderPrivateKey(serverKeys.getKeyPair(ciphersuite))
.setCiphersuite(receiverCiphersuite)
.setEncapsulatedKey(receiverEncapsulatedKey)
.setForcedResponseNonce(ByteBufUtil.decodeHexDump("c789e7151fcba46158ca84b04464910d"))
Expand Down

0 comments on commit 195f6ad

Please sign in to comment.