Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace OHttpCryptoReceiver.Builder.setServerKeys(...) with OHttpCryp… #35

Merged
merged 1 commit into from
Dec 27, 2023
Merged

Replace OHttpCryptoReceiver.Builder.setServerKeys(...) with OHttpCryp… #35

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
7 changes: 3 additions & 4 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCiphersuite.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -87,13 +87,12 @@ void encode(ByteBuf out) {
/*
* See https://ietf-wg-ohai.github.io/oblivious-http/draft-ietf-ohai-ohttp.html#section-4.3
*/
byte[] createInfo(OHttpCryptoConfiguration configuration) {
byte[] exportContext = configuration.requestExportContext();
byte[] ret = new byte[exportContext.length + 8];
byte[] createInfo(byte[] requestExportContext) {
byte[] ret = new byte[requestExportContext.length + 1 + ENCODED_LENGTH];
ByteBuf buf = Unpooled.wrappedBuffer(ret);
try {
buf.writerIndex(0)
.writeBytes(exportContext)
.writeBytes(requestExportContext)
.writeByte(0);
encode(buf);
return ret;
Expand Down
15 changes: 5 additions & 10 deletions codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoReceiver.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,6 @@
import io.netty.incubator.codec.hpke.CryptoDecryptContext;
import io.netty.incubator.codec.hpke.CryptoEncryptContext;
import io.netty.buffer.ByteBuf;
import io.netty.handler.codec.DecoderException;
import io.netty.incubator.codec.hpke.HPKEMode;
import io.netty.incubator.codec.hpke.HPKERecipientContext;
import io.netty.incubator.codec.hpke.OHttpCryptoProvider;
Expand All @@ -38,7 +37,7 @@ public final class OHttpCryptoReceiver extends OHttpCrypto {
public final static class Builder {
private OHttpCryptoProvider provider;
private OHttpCryptoConfiguration configuration;
private OHttpServerKeys serverKeys;
private AsymmetricCipherKeyPair privateKey;
private OHttpCiphersuite ciphersuite;
private byte[] encapsulatedKey;
private byte[] forcedResponseNonce; // for testing only!
Expand All @@ -53,8 +52,8 @@ public Builder setConfiguration(OHttpCryptoConfiguration configuration) {
return this;
}

public Builder setServerKeys(OHttpServerKeys value) {
this.serverKeys = value;
public Builder setSenderPrivateKey(AsymmetricCipherKeyPair privateKey) {
this.privateKey = privateKey;
return this;
}

Expand Down Expand Up @@ -93,21 +92,17 @@ public static Builder newBuilder() {

private OHttpCryptoReceiver(Builder builder) {
this.configuration = requireNonNull(builder.configuration, "configuration");
OHttpServerKeys serverKeys = requireNonNull(builder.serverKeys, "serverKeys");
OHttpCiphersuite ciphersuite = requireNonNull(builder.ciphersuite, "ciphersuite");
byte[] encapsulatedKey = requireNonNull(builder.encapsulatedKey, "encapsulatedKey");
OHttpCryptoProvider provider = requireNonNull(builder.provider, "provider");
AsymmetricCipherKeyPair keyPair = serverKeys.getKeyPair(ciphersuite);
if (keyPair == null) {
throw new DecoderException("ciphersuite not supported");
}
AsymmetricCipherKeyPair keyPair = requireNonNull(builder.privateKey, "privateKey");
if (builder.forcedResponseNonce == null) {
this.responseNonce = ciphersuite.createResponseNonce();
} else {
this.responseNonce = builder.forcedResponseNonce;
}
this.context = provider.setupHPKEBaseR(HPKEMode.Base, ciphersuite.kem(), ciphersuite.kdf(),
ciphersuite.aead(), encapsulatedKey, keyPair, ciphersuite.createInfo(configuration));
ciphersuite.aead(), encapsulatedKey, keyPair, ciphersuite.createInfo(configuration.requestExportContext()));
try {
this.aead = ciphersuite.createResponseAEAD(provider, context, encapsulatedKey,
this.responseNonce, configuration.responseExportContext());
Expand Down
2 changes: 1 addition & 1 deletion codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpCryptoSender.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -94,7 +94,7 @@ private OHttpCryptoSender(Builder builder) {
AsymmetricKeyParameter pkR = requireNonNull(builder.receiverPublicKey, "receiverPublicKey");
AsymmetricCipherKeyPair forcedEphemeralKeyPair = builder.forcedEphemeralKeyPair;
this.context = this.provider.setupHPKEBaseS(HPKEMode.Base, ciphersuite.kem(),
ciphersuite.kdf(), ciphersuite.aead(), pkR, ciphersuite.createInfo(configuration),
ciphersuite.kdf(), ciphersuite.aead(), pkR, ciphersuite.createInfo(configuration.requestExportContext()),
forcedEphemeralKeyPair);
}

Expand Down
2 changes: 1 addition & 1 deletion codec-ohttp/src/main/java/io/netty/incubator/codec/ohttp/OHttpServerCodec.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -283,7 +283,7 @@ public boolean decodePrefix(ByteBuf in) {
receiver = OHttpCryptoReceiver.newBuilder()
.setOHttpCryptoProvider(provider)
.setConfiguration(version())
.setServerKeys(keys)
.setSenderPrivateKey(keys.getKeyPair(ciphersuite))
.setCiphersuite(ciphersuite)
.setEncapsulatedKey(encapsulatedKey)
.build();
Expand Down
4 changes: 2 additions & 2 deletions codec-ohttp/src/test/java/io/netty/incubator/codec/ohttp/OHttpCryptoTest.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -117,7 +117,7 @@ public void testCryptoVectors(OHttpCryptoProvider senderProvider, OHttpCryptoPro
AEAD.AES_GCM128);

assertEquals("6d6573736167652f626874747020726571756573740001002000010001",
ByteBufUtil.hexDump(ciphersuite.createInfo(OHttpVersionDraft.INSTANCE)));
ByteBufUtil.hexDump(ciphersuite.createInfo(OHttpVersionDraft.INSTANCE.requestExportContext())));

AsymmetricKeyParameter receiverPublicKey
= senderProvider.deserializePublicKey(KEM.X25519_SHA256, kpR.publicParameters().encoded());
Expand Down Expand Up @@ -157,7 +157,7 @@ public void testCryptoVectors(OHttpCryptoProvider senderProvider, OHttpCryptoPro
try (OHttpCryptoReceiver receiver = OHttpCryptoReceiver.newBuilder()
.setOHttpCryptoProvider(receiverProvider)
.setConfiguration(OHttpVersionDraft.INSTANCE)
.setServerKeys(serverKeys)
.setSenderPrivateKey(serverKeys.getKeyPair(ciphersuite))
.setCiphersuite(receiverCiphersuite)
.setEncapsulatedKey(receiverEncapsulatedKey)
.setForcedResponseNonce(ByteBufUtil.decodeHexDump("c789e7151fcba46158ca84b04464910d"))
Expand Down
Loading