From 5986d37294eeac59b83f56debc5aa66ab226e342 Mon Sep 17 00:00:00 2001
From: Kyle Nekritz <knekritz@meta.com>
Date: Thu, 25 Apr 2024 08:24:54 -0700
Subject: [PATCH] Add getExportedKeyingMaterial to QuicSocket API.

Summary: This allows for applications to derive exported key material.

Reviewed By: hanidamlaj

Differential Revision: D55643408

fbshipit-source-id: 00a2bb7d050dc37ea5917d4b1f70bf9e0975de0c
---
 quic/api/QuicSocket.h                   |  9 +++++++++
 quic/api/test/MockQuicSocket.h          |  5 +++++
 quic/api/test/QuicTransportBaseTest.cpp |  7 +++++++
 quic/api/test/TestQuicTransport.h       |  7 +++++++
 quic/client/QuicClientTransport.h       |  4 ++--
 quic/server/QuicServerTransport.h       | 14 ++++++++++++++
 6 files changed, 44 insertions(+), 2 deletions(-)

diff --git a/quic/api/QuicSocket.h b/quic/api/QuicSocket.h
index ec89fa52f..7e27f37a6 100644
--- a/quic/api/QuicSocket.h
+++ b/quic/api/QuicSocket.h
@@ -401,6 +401,15 @@ class QuicSocket {
     return nullptr;
   }
 
+  /**
+   * Derive exported key material (RFC5705) from the transport's TLS layer, if
+   * the transport is capable.
+   */
+  virtual folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string& label,
+      const folly::Optional<folly::ByteRange>& context,
+      uint16_t keyLength) const = 0;
+
   /**
    * Determine if transport is open and ready to read or write.
    *
diff --git a/quic/api/test/MockQuicSocket.h b/quic/api/test/MockQuicSocket.h
index ac0dee771..d83065ac6 100644
--- a/quic/api/test/MockQuicSocket.h
+++ b/quic/api/test/MockQuicSocket.h
@@ -56,6 +56,11 @@ class MockQuicSocket : public QuicSocket {
       getPeerTransportParams,
       (),
       (const));
+  MOCK_METHOD(
+      (folly::Optional<std::vector<uint8_t>>),
+      getExportedKeyingMaterial,
+      (const std::string&, const folly::Optional<folly::ByteRange>&, uint16_t),
+      (const));
   MOCK_METHOD(std::shared_ptr<QuicEventBase>, getEventBase, (), (const));
   MOCK_METHOD(
       (folly::Expected<size_t, LocalErrorCode>),
diff --git a/quic/api/test/QuicTransportBaseTest.cpp b/quic/api/test/QuicTransportBaseTest.cpp
index 3c03f9729..757337e3f 100644
--- a/quic/api/test/QuicTransportBaseTest.cpp
+++ b/quic/api/test/QuicTransportBaseTest.cpp
@@ -554,6 +554,13 @@ class TestQuicTransport
     return observerContainer_.get();
   }
 
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string&,
+      const folly::Optional<folly::ByteRange>&,
+      uint16_t) const override {
+    return folly::none;
+  }
+
   QuicServerConnectionState* transportConn;
   std::unique_ptr<Aead> aead;
   std::unique_ptr<PacketNumberCipher> headerCipher;
diff --git a/quic/api/test/TestQuicTransport.h b/quic/api/test/TestQuicTransport.h
index 1506e7278..bb8f09813 100644
--- a/quic/api/test/TestQuicTransport.h
+++ b/quic/api/test/TestQuicTransport.h
@@ -179,6 +179,13 @@ class TestQuicTransport
     return observerContainer_.get();
   }
 
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string&,
+      const folly::Optional<folly::ByteRange>&,
+      uint16_t) const override {
+    return folly::none;
+  }
+
   std::unique_ptr<Aead> aead;
   std::unique_ptr<PacketNumberCipher> headerCipher;
   bool closed{false};
diff --git a/quic/client/QuicClientTransport.h b/quic/client/QuicClientTransport.h
index 97d020e06..c944c36fd 100644
--- a/quic/client/QuicClientTransport.h
+++ b/quic/client/QuicClientTransport.h
@@ -111,10 +111,10 @@ class QuicClientTransport
    * context is the context value argument for the TLS exporter.
    * keyLength is the length of the exported key.
    */
-  virtual folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
       const std::string& label,
       const folly::Optional<folly::ByteRange>& context,
-      uint16_t keyLength) {
+      uint16_t keyLength) const override {
     return clientConn_->clientHandshakeLayer->getExportedKeyingMaterial(
         label, context, keyLength);
   }
diff --git a/quic/server/QuicServerTransport.h b/quic/server/QuicServerTransport.h
index e25de0aae..51e6f640d 100644
--- a/quic/server/QuicServerTransport.h
+++ b/quic/server/QuicServerTransport.h
@@ -163,6 +163,20 @@ class QuicServerTransport
 
   virtual CipherInfo getOneRttCipherInfo() const;
 
+  /*
+   * Export the underlying TLS key material.
+   * label is the label argument for the TLS exporter.
+   * context is the context value argument for the TLS exporter.
+   * keyLength is the length of the exported key.
+   */
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string& label,
+      const folly::Optional<folly::ByteRange>& context,
+      uint16_t keyLength) const override {
+    return serverConn_->serverHandshakeLayer->getExportedKeyingMaterial(
+        label, context, keyLength);
+  }
+
   /* Log a collection of statistics that are meant to be sampled consistently
    * over time, rather than driven by transport events.
    */