Rename RecipientContextGenerator into EncryptionKeyHandle in C++ (#4673)

Ref #4490
project-oak · Jan 19, 2024 · e476759 · e476759
1 parent 61ab55e
commit e476759
Show file tree

Hide file tree

Showing 10 changed files with 40 additions and 41 deletions.
diff --git a/cc/client/BUILD b/cc/client/BUILD
@@ -46,7 +46,7 @@ cc_test(
     srcs = ["client_test.cc"],
     deps = [
         ":client",
-        "//cc/crypto:encryption_key_provider",
+        "//cc/crypto:encryption_key",
         "//cc/crypto:server_encryptor",
         "//cc/crypto/hpke:recipient_context",
         "//cc/remote_attestation:insecure_attestation_verifier",

diff --git a/cc/client/client_test.cc b/cc/client/client_test.cc
@@ -23,7 +23,7 @@
 
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
-#include "cc/crypto/encryption_key_provider.h"
+#include "cc/crypto/encryption_key.h"
 #include "cc/crypto/hpke/recipient_context.h"
 #include "cc/crypto/server_encryptor.h"
 #include "cc/remote_attestation/insecure_attestation_verifier.h"
@@ -55,25 +55,24 @@ constexpr uint8_t kTestSessionSize = 8;
 class TestTransport : public TransportWrapper {
  public:
   static absl::StatusOr<std::unique_ptr<TestTransport>> Create() {
-    auto encryption_key_provider = EncryptionKeyProvider::Create();
-    if (!encryption_key_provider.ok()) {
-      return encryption_key_provider.status();
+    auto encryption_key = EncryptionKeyProvider::Create();
+    if (!encryption_key.ok()) {
+      return encryption_key.status();
     }
-    return std::make_unique<TestTransport>(*encryption_key_provider);
+    return std::make_unique<TestTransport>(*encryption_key);
   }
 
-  explicit TestTransport(EncryptionKeyProvider encryption_key_provider)
-      : encryption_key_provider_(encryption_key_provider) {}
+  explicit TestTransport(EncryptionKeyProvider encryption_key) : encryption_key_(encryption_key) {}
 
   absl::StatusOr<AttestationBundle> GetEvidence() override {
     AttestationBundle endorsed_evidence;
     endorsed_evidence.mutable_attestation_evidence()->set_encryption_public_key(
-        encryption_key_provider_.GetSerializedPublicKey());
+        encryption_key_.GetSerializedPublicKey());
     return endorsed_evidence;
   }
 
   absl::StatusOr<EncryptedResponse> Invoke(const EncryptedRequest& encrypted_request) override {
-    ServerEncryptor server_encryptor = ServerEncryptor(encryption_key_provider_);
+    ServerEncryptor server_encryptor = ServerEncryptor(encryption_key_);
     auto decrypted_request = server_encryptor.Decrypt(encrypted_request);
     if (!decrypted_request.ok()) {
       return decrypted_request.status();
@@ -89,7 +88,7 @@ class TestTransport : public TransportWrapper {
   }
 
  private:
-  EncryptionKeyProvider encryption_key_provider_;
+  EncryptionKeyProvider encryption_key_;
 };
 
 // Client can process attestation evidence and invoke the backend.

diff --git a/cc/containers/hello_world_trusted_app/BUILD b/cc/containers/hello_world_trusted_app/BUILD
@@ -41,7 +41,7 @@ cc_library(
     srcs = ["orchestrator_client.cc"],
     hdrs = ["orchestrator_client.h"],
     deps = [
-        "//cc/crypto:encryption_key_provider",
+        "//cc/crypto:encryption_key",
         "//cc/crypto/hpke:recipient_context",
         "//oak_containers/proto:interfaces_cc_grpc",
         "//oak_containers/proto:interfaces_cc_proto",

diff --git a/cc/containers/hello_world_trusted_app/orchestrator_client.h b/cc/containers/hello_world_trusted_app/orchestrator_client.h
@@ -22,7 +22,7 @@
 #include "absl/status/status.h"
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
-#include "cc/crypto/encryption_key_provider.h"
+#include "cc/crypto/encryption_key.h"
 #include "cc/crypto/hpke/recipient_context.h"
 #include "grpcpp/channel.h"
 #include "oak_containers/proto/interfaces.grpc.pb.h"
@@ -31,7 +31,7 @@
 
 namespace oak::oak_containers_hello_world_trusted_app {
 
-class OrchestratorClient : public crypto::RecipientContextGenerator {
+class OrchestratorClient : public crypto::EncryptionKeyHandle {
  public:
   OrchestratorClient();
 

diff --git a/cc/crypto/BUILD b/cc/crypto/BUILD
@@ -39,7 +39,7 @@ cc_library(
     hdrs = ["server_encryptor.h"],
     deps = [
         ":common",
-        ":encryption_key_provider",
+        ":encryption_key",
         "//cc/crypto/hpke:recipient_context",
         "//cc/crypto/hpke:utils",
         "//oak_crypto/proto/v1:crypto_cc_proto",
@@ -50,9 +50,9 @@ cc_library(
 )
 
 cc_library(
-    name = "encryption_key_provider",
-    srcs = ["encryption_key_provider.cc"],
-    hdrs = ["encryption_key_provider.h"],
+    name = "encryption_key",
+    srcs = ["encryption_key.cc"],
+    hdrs = ["encryption_key.h"],
     deps = [
         ":common",
         "//cc/crypto/hpke:recipient_context",
@@ -77,7 +77,7 @@ cc_test(
     deps = [
         ":client_encryptor",
         ":common",
-        ":encryption_key_provider",
+        ":encryption_key",
         ":server_encryptor",
         "//cc/crypto/hpke:recipient_context",
         "@com_google_absl//absl/strings",

diff --git a/cc/crypto/encryption_key_provider.cc → cc/crypto/encryption_key.cc b/cc/crypto/encryption_key_provider.cc → cc/crypto/encryption_key.cc
@@ -14,7 +14,7 @@
  * limitations under the License.
  */
 
-#include "cc/crypto/encryption_key_provider.h"
+#include "cc/crypto/encryption_key.h"
 
 #include <memory>
 

diff --git a/cc/crypto/encryption_key_provider.h → cc/crypto/encryption_key.h b/cc/crypto/encryption_key_provider.h → cc/crypto/encryption_key.h
@@ -14,8 +14,8 @@
  * limitations under the License.
  */
 
-#ifndef CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_
-#define CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_
+#ifndef CC_CRYPTO_ENCRYPTION_KEY_H_
+#define CC_CRYPTO_ENCRYPTION_KEY_H_
 
 #include <memory>
 #include <string>
@@ -27,15 +27,15 @@
 
 namespace oak::crypto {
 
-class RecipientContextGenerator {
+class EncryptionKeyHandle {
  public:
   virtual absl::StatusOr<std::unique_ptr<RecipientContext>> GenerateRecipientContext(
       absl::string_view serialized_encapsulated_public_key) = 0;
 
-  virtual ~RecipientContextGenerator() = default;
+  virtual ~EncryptionKeyHandle() = default;
 };
 
-class EncryptionKeyProvider : public RecipientContextGenerator {
+class EncryptionKeyProvider : public EncryptionKeyHandle {
  public:
   static absl::StatusOr<EncryptionKeyProvider> Create();
 
@@ -52,4 +52,4 @@ class EncryptionKeyProvider : public RecipientContextGenerator {
 
 }  // namespace oak::crypto
 
-#endif  // CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_
+#endif  // CC_CRYPTO_ENCRYPTION_KEY_H_
diff --git a/cc/crypto/encryptor_test.cc b/cc/crypto/encryptor_test.cc
@@ -18,7 +18,7 @@
 
 #include "absl/strings/string_view.h"
 #include "cc/crypto/client_encryptor.h"
-#include "cc/crypto/encryption_key_provider.h"
+#include "cc/crypto/encryption_key.h"
 #include "cc/crypto/hpke/recipient_context.h"
 #include "cc/crypto/server_encryptor.h"
 #include "gmock/gmock.h"
@@ -33,12 +33,12 @@ constexpr absl::string_view kOakHPKEInfoTest = "Oak Hybrid Public Key Encryption
 // Client Encryptor and Server Encryptor can communicate.
 TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateSuccess) {
   // Set up client and server encryptors.
-  auto encryption_key_provider = EncryptionKeyProvider::Create();
-  ASSERT_TRUE(encryption_key_provider.ok());
-  std::string public_key = encryption_key_provider->GetSerializedPublicKey();
+  auto encryption_key = EncryptionKeyProvider::Create();
+  ASSERT_TRUE(encryption_key.ok());
+  std::string public_key = encryption_key->GetSerializedPublicKey();
   auto client_encryptor = ClientEncryptor::Create(public_key);
   ASSERT_TRUE(client_encryptor.ok());
-  ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key_provider);
+  ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key);
 
   // Here we have the client send 2 encrypted messages to the server to ensure that nonce's align
   // for multi-message communication.
@@ -85,14 +85,14 @@ TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateSuccess) {
 
 TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateMismatchPublicKeysFailure) {
   // Set up client and server encryptors.
-  auto encryption_key_provider = EncryptionKeyProvider::Create();
-  ASSERT_TRUE(encryption_key_provider.ok());
-  std::string wrong_public_key = encryption_key_provider->GetSerializedPublicKey();
+  auto encryption_key = EncryptionKeyProvider::Create();
+  ASSERT_TRUE(encryption_key.ok());
+  std::string wrong_public_key = encryption_key->GetSerializedPublicKey();
   // Edit the public key that the client uses to make it incorrect.
   wrong_public_key[0] = (wrong_public_key[0] + 1) % 128;
   auto client_encryptor = ClientEncryptor::Create(wrong_public_key);
   ASSERT_TRUE(client_encryptor.ok());
-  ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key_provider);
+  ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key);
 
   std::string client_plaintext_message = "Hello server";
 

diff --git a/cc/crypto/server_encryptor.cc b/cc/crypto/server_encryptor.cc
@@ -97,7 +97,7 @@ absl::Status ServerEncryptor::InitializeRecipientContexts(const EncryptedRequest
 
   // Create recipient contexts.
   absl::StatusOr<std::unique_ptr<RecipientContext>> recipient_context =
-      recipient_context_generator_.GenerateRecipientContext(serialized_encapsulated_public_key);
+      encryption_key_handle_.GenerateRecipientContext(serialized_encapsulated_public_key);
   if (!recipient_context.ok()) {
     return recipient_context.status();
   }

diff --git a/cc/crypto/server_encryptor.h b/cc/crypto/server_encryptor.h
@@ -25,7 +25,7 @@
 #include "absl/status/statusor.h"
 #include "absl/strings/string_view.h"
 #include "cc/crypto/common.h"
-#include "cc/crypto/encryption_key_provider.h"
+#include "cc/crypto/encryption_key.h"
 #include "cc/crypto/hpke/recipient_context.h"
 #include "oak_crypto/proto/v1/crypto.pb.h"
 
@@ -40,10 +40,10 @@ namespace oak::crypto {
 class ServerEncryptor {
  public:
   // Constructor for `ServerEncryptor`.
-  // `RecipientContextGenerator` argument is a long-term object containing the private key and
+  // `EncryptionKeyHandle` argument is a long-term object containing the private key and
   // should outlive the per-session `ServerEncryptor` object.
-  ServerEncryptor(RecipientContextGenerator& recipient_context_generator)
-      : recipient_context_generator_(recipient_context_generator), recipient_context_(nullptr){};
+  ServerEncryptor(EncryptionKeyHandle& encryption_key_handle)
+      : encryption_key_handle_(encryption_key_handle), recipient_context_(nullptr){};
 
   // Decrypts a [`EncryptedRequest`] proto message using AEAD.
   // <https://datatracker.ietf.org/doc/html/rfc5116>
@@ -60,7 +60,7 @@ class ServerEncryptor {
                                                                absl::string_view associated_data);
 
  private:
-  RecipientContextGenerator& recipient_context_generator_;
+  EncryptionKeyHandle& encryption_key_handle_;
   std::unique_ptr<RecipientContext> recipient_context_;
 
   absl::Status InitializeRecipientContexts(const oak::crypto::v1::EncryptedRequest& request);