Add getExportedKeyingMaterial to QuicSocket API.

Summary: This allows for applications to derive exported key material.

Reviewed By: hanidamlaj

Differential Revision: D55643408

fbshipit-source-id: 00a2bb7d050dc37ea5917d4b1f70bf9e0975de0c

quic/api/QuicSocket.h

@@ -401,6 +401,15 @@ class QuicSocket {
     return nullptr;
   }
 
+  /**
+   * Derive exported key material (RFC5705) from the transport's TLS layer, if
+   * the transport is capable.
+   */
+  virtual folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string& label,
+      const folly::Optional<folly::ByteRange>& context,
+      uint16_t keyLength) const = 0;
+
   /**
    * Determine if transport is open and ready to read or write.
    *

quic/api/test/MockQuicSocket.h

@@ -56,6 +56,11 @@ class MockQuicSocket : public QuicSocket {
       getPeerTransportParams,
       (),
       (const));
+  MOCK_METHOD(
+      (folly::Optional<std::vector<uint8_t>>),
+      getExportedKeyingMaterial,
+      (const std::string&, const folly::Optional<folly::ByteRange>&, uint16_t),
+      (const));
   MOCK_METHOD(std::shared_ptr<QuicEventBase>, getEventBase, (), (const));
   MOCK_METHOD(
       (folly::Expected<size_t, LocalErrorCode>),

quic/api/test/QuicTransportBaseTest.cpp

@@ -554,6 +554,13 @@ class TestQuicTransport
     return observerContainer_.get();
   }
 
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string&,
+      const folly::Optional<folly::ByteRange>&,
+      uint16_t) const override {
+    return folly::none;
+  }
+
   QuicServerConnectionState* transportConn;
   std::unique_ptr<Aead> aead;
   std::unique_ptr<PacketNumberCipher> headerCipher;

quic/api/test/TestQuicTransport.h

@@ -179,6 +179,13 @@ class TestQuicTransport
     return observerContainer_.get();
   }
 
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string&,
+      const folly::Optional<folly::ByteRange>&,
+      uint16_t) const override {
+    return folly::none;
+  }
+
   std::unique_ptr<Aead> aead;
   std::unique_ptr<PacketNumberCipher> headerCipher;
   bool closed{false};

quic/client/QuicClientTransport.h

@@ -111,10 +111,10 @@ class QuicClientTransport
    * context is the context value argument for the TLS exporter.
    * keyLength is the length of the exported key.
    */
-  virtual folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
       const std::string& label,
       const folly::Optional<folly::ByteRange>& context,
-      uint16_t keyLength) {
+      uint16_t keyLength) const override {
     return clientConn_->clientHandshakeLayer->getExportedKeyingMaterial(
         label, context, keyLength);
   }

quic/server/QuicServerTransport.h

@@ -163,6 +163,20 @@ class QuicServerTransport
 
   virtual CipherInfo getOneRttCipherInfo() const;
 
+  /*
+   * Export the underlying TLS key material.
+   * label is the label argument for the TLS exporter.
+   * context is the context value argument for the TLS exporter.
+   * keyLength is the length of the exported key.
+   */
+  folly::Optional<std::vector<uint8_t>> getExportedKeyingMaterial(
+      const std::string& label,
+      const folly::Optional<folly::ByteRange>& context,
+      uint16_t keyLength) const override {
+    return serverConn_->serverHandshakeLayer->getExportedKeyingMaterial(
+        label, context, keyLength);
+  }
+
   /* Log a collection of statistics that are meant to be sampled consistently
    * over time, rather than driven by transport events.
    */