From e476759fc4f7408b0a9c1a958cb69e939b9a3b25 Mon Sep 17 00:00:00 2001 From: Ivan Petrov Date: Fri, 19 Jan 2024 15:18:15 +0000 Subject: [PATCH] Rename RecipientContextGenerator into EncryptionKeyHandle in C++ (#4673) Ref https://github.com/project-oak/oak/issues/4490 --- cc/client/BUILD | 2 +- cc/client/client_test.cc | 19 +++++++++---------- cc/containers/hello_world_trusted_app/BUILD | 2 +- .../orchestrator_client.h | 4 ++-- cc/crypto/BUILD | 10 +++++----- ...tion_key_provider.cc => encryption_key.cc} | 2 +- ...yption_key_provider.h => encryption_key.h} | 12 ++++++------ cc/crypto/encryptor_test.cc | 18 +++++++++--------- cc/crypto/server_encryptor.cc | 2 +- cc/crypto/server_encryptor.h | 10 +++++----- 10 files changed, 40 insertions(+), 41 deletions(-) rename cc/crypto/{encryption_key_provider.cc => encryption_key.cc} (96%) rename cc/crypto/{encryption_key_provider.h => encryption_key.h} (83%) diff --git a/cc/client/BUILD b/cc/client/BUILD index dda906bbf8c..99f919867a8 100644 --- a/cc/client/BUILD +++ b/cc/client/BUILD @@ -46,7 +46,7 @@ cc_test( srcs = ["client_test.cc"], deps = [ ":client", - "//cc/crypto:encryption_key_provider", + "//cc/crypto:encryption_key", "//cc/crypto:server_encryptor", "//cc/crypto/hpke:recipient_context", "//cc/remote_attestation:insecure_attestation_verifier", diff --git a/cc/client/client_test.cc b/cc/client/client_test.cc index 2694e2cc095..a3c963ba84b 100644 --- a/cc/client/client_test.cc +++ b/cc/client/client_test.cc @@ -23,7 +23,7 @@ #include "absl/status/statusor.h" #include "absl/strings/string_view.h" -#include "cc/crypto/encryption_key_provider.h" +#include "cc/crypto/encryption_key.h" #include "cc/crypto/hpke/recipient_context.h" #include "cc/crypto/server_encryptor.h" #include "cc/remote_attestation/insecure_attestation_verifier.h" @@ -55,25 +55,24 @@ constexpr uint8_t kTestSessionSize = 8; class TestTransport : public TransportWrapper { public: static absl::StatusOr> Create() { - auto encryption_key_provider = EncryptionKeyProvider::Create(); - if (!encryption_key_provider.ok()) { - return encryption_key_provider.status(); + auto encryption_key = EncryptionKeyProvider::Create(); + if (!encryption_key.ok()) { + return encryption_key.status(); } - return std::make_unique(*encryption_key_provider); + return std::make_unique(*encryption_key); } - explicit TestTransport(EncryptionKeyProvider encryption_key_provider) - : encryption_key_provider_(encryption_key_provider) {} + explicit TestTransport(EncryptionKeyProvider encryption_key) : encryption_key_(encryption_key) {} absl::StatusOr GetEvidence() override { AttestationBundle endorsed_evidence; endorsed_evidence.mutable_attestation_evidence()->set_encryption_public_key( - encryption_key_provider_.GetSerializedPublicKey()); + encryption_key_.GetSerializedPublicKey()); return endorsed_evidence; } absl::StatusOr Invoke(const EncryptedRequest& encrypted_request) override { - ServerEncryptor server_encryptor = ServerEncryptor(encryption_key_provider_); + ServerEncryptor server_encryptor = ServerEncryptor(encryption_key_); auto decrypted_request = server_encryptor.Decrypt(encrypted_request); if (!decrypted_request.ok()) { return decrypted_request.status(); @@ -89,7 +88,7 @@ class TestTransport : public TransportWrapper { } private: - EncryptionKeyProvider encryption_key_provider_; + EncryptionKeyProvider encryption_key_; }; // Client can process attestation evidence and invoke the backend. diff --git a/cc/containers/hello_world_trusted_app/BUILD b/cc/containers/hello_world_trusted_app/BUILD index 3f3489c12d5..5b15f2d88e0 100644 --- a/cc/containers/hello_world_trusted_app/BUILD +++ b/cc/containers/hello_world_trusted_app/BUILD @@ -41,7 +41,7 @@ cc_library( srcs = ["orchestrator_client.cc"], hdrs = ["orchestrator_client.h"], deps = [ - "//cc/crypto:encryption_key_provider", + "//cc/crypto:encryption_key", "//cc/crypto/hpke:recipient_context", "//oak_containers/proto:interfaces_cc_grpc", "//oak_containers/proto:interfaces_cc_proto", diff --git a/cc/containers/hello_world_trusted_app/orchestrator_client.h b/cc/containers/hello_world_trusted_app/orchestrator_client.h index fcb748d820b..745fc89fc8a 100644 --- a/cc/containers/hello_world_trusted_app/orchestrator_client.h +++ b/cc/containers/hello_world_trusted_app/orchestrator_client.h @@ -22,7 +22,7 @@ #include "absl/status/status.h" #include "absl/status/statusor.h" #include "absl/strings/string_view.h" -#include "cc/crypto/encryption_key_provider.h" +#include "cc/crypto/encryption_key.h" #include "cc/crypto/hpke/recipient_context.h" #include "grpcpp/channel.h" #include "oak_containers/proto/interfaces.grpc.pb.h" @@ -31,7 +31,7 @@ namespace oak::oak_containers_hello_world_trusted_app { -class OrchestratorClient : public crypto::RecipientContextGenerator { +class OrchestratorClient : public crypto::EncryptionKeyHandle { public: OrchestratorClient(); diff --git a/cc/crypto/BUILD b/cc/crypto/BUILD index 1737ecc1517..05a1820ef33 100644 --- a/cc/crypto/BUILD +++ b/cc/crypto/BUILD @@ -39,7 +39,7 @@ cc_library( hdrs = ["server_encryptor.h"], deps = [ ":common", - ":encryption_key_provider", + ":encryption_key", "//cc/crypto/hpke:recipient_context", "//cc/crypto/hpke:utils", "//oak_crypto/proto/v1:crypto_cc_proto", @@ -50,9 +50,9 @@ cc_library( ) cc_library( - name = "encryption_key_provider", - srcs = ["encryption_key_provider.cc"], - hdrs = ["encryption_key_provider.h"], + name = "encryption_key", + srcs = ["encryption_key.cc"], + hdrs = ["encryption_key.h"], deps = [ ":common", "//cc/crypto/hpke:recipient_context", @@ -77,7 +77,7 @@ cc_test( deps = [ ":client_encryptor", ":common", - ":encryption_key_provider", + ":encryption_key", ":server_encryptor", "//cc/crypto/hpke:recipient_context", "@com_google_absl//absl/strings", diff --git a/cc/crypto/encryption_key_provider.cc b/cc/crypto/encryption_key.cc similarity index 96% rename from cc/crypto/encryption_key_provider.cc rename to cc/crypto/encryption_key.cc index 8375d29ee2f..3b3f78805c9 100644 --- a/cc/crypto/encryption_key_provider.cc +++ b/cc/crypto/encryption_key.cc @@ -14,7 +14,7 @@ * limitations under the License. */ -#include "cc/crypto/encryption_key_provider.h" +#include "cc/crypto/encryption_key.h" #include diff --git a/cc/crypto/encryption_key_provider.h b/cc/crypto/encryption_key.h similarity index 83% rename from cc/crypto/encryption_key_provider.h rename to cc/crypto/encryption_key.h index bdc06e8878c..04516f6f7a8 100644 --- a/cc/crypto/encryption_key_provider.h +++ b/cc/crypto/encryption_key.h @@ -14,8 +14,8 @@ * limitations under the License. */ -#ifndef CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_ -#define CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_ +#ifndef CC_CRYPTO_ENCRYPTION_KEY_H_ +#define CC_CRYPTO_ENCRYPTION_KEY_H_ #include #include @@ -27,15 +27,15 @@ namespace oak::crypto { -class RecipientContextGenerator { +class EncryptionKeyHandle { public: virtual absl::StatusOr> GenerateRecipientContext( absl::string_view serialized_encapsulated_public_key) = 0; - virtual ~RecipientContextGenerator() = default; + virtual ~EncryptionKeyHandle() = default; }; -class EncryptionKeyProvider : public RecipientContextGenerator { +class EncryptionKeyProvider : public EncryptionKeyHandle { public: static absl::StatusOr Create(); @@ -52,4 +52,4 @@ class EncryptionKeyProvider : public RecipientContextGenerator { } // namespace oak::crypto -#endif // CC_CRYPTO_ENCRYPTION_KEY_PROVIDER_H_ +#endif // CC_CRYPTO_ENCRYPTION_KEY_H_ diff --git a/cc/crypto/encryptor_test.cc b/cc/crypto/encryptor_test.cc index cac6bd77b82..4e1b4eac87d 100644 --- a/cc/crypto/encryptor_test.cc +++ b/cc/crypto/encryptor_test.cc @@ -18,7 +18,7 @@ #include "absl/strings/string_view.h" #include "cc/crypto/client_encryptor.h" -#include "cc/crypto/encryption_key_provider.h" +#include "cc/crypto/encryption_key.h" #include "cc/crypto/hpke/recipient_context.h" #include "cc/crypto/server_encryptor.h" #include "gmock/gmock.h" @@ -33,12 +33,12 @@ constexpr absl::string_view kOakHPKEInfoTest = "Oak Hybrid Public Key Encryption // Client Encryptor and Server Encryptor can communicate. TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateSuccess) { // Set up client and server encryptors. - auto encryption_key_provider = EncryptionKeyProvider::Create(); - ASSERT_TRUE(encryption_key_provider.ok()); - std::string public_key = encryption_key_provider->GetSerializedPublicKey(); + auto encryption_key = EncryptionKeyProvider::Create(); + ASSERT_TRUE(encryption_key.ok()); + std::string public_key = encryption_key->GetSerializedPublicKey(); auto client_encryptor = ClientEncryptor::Create(public_key); ASSERT_TRUE(client_encryptor.ok()); - ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key_provider); + ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key); // Here we have the client send 2 encrypted messages to the server to ensure that nonce's align // for multi-message communication. @@ -85,14 +85,14 @@ TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateSuccess) { TEST(EncryptorTest, ClientEncryptorAndServerEncryptorCommunicateMismatchPublicKeysFailure) { // Set up client and server encryptors. - auto encryption_key_provider = EncryptionKeyProvider::Create(); - ASSERT_TRUE(encryption_key_provider.ok()); - std::string wrong_public_key = encryption_key_provider->GetSerializedPublicKey(); + auto encryption_key = EncryptionKeyProvider::Create(); + ASSERT_TRUE(encryption_key.ok()); + std::string wrong_public_key = encryption_key->GetSerializedPublicKey(); // Edit the public key that the client uses to make it incorrect. wrong_public_key[0] = (wrong_public_key[0] + 1) % 128; auto client_encryptor = ClientEncryptor::Create(wrong_public_key); ASSERT_TRUE(client_encryptor.ok()); - ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key_provider); + ServerEncryptor server_encryptor = ServerEncryptor(*encryption_key); std::string client_plaintext_message = "Hello server"; diff --git a/cc/crypto/server_encryptor.cc b/cc/crypto/server_encryptor.cc index 70511025574..ffe24affc59 100644 --- a/cc/crypto/server_encryptor.cc +++ b/cc/crypto/server_encryptor.cc @@ -97,7 +97,7 @@ absl::Status ServerEncryptor::InitializeRecipientContexts(const EncryptedRequest // Create recipient contexts. absl::StatusOr> recipient_context = - recipient_context_generator_.GenerateRecipientContext(serialized_encapsulated_public_key); + encryption_key_handle_.GenerateRecipientContext(serialized_encapsulated_public_key); if (!recipient_context.ok()) { return recipient_context.status(); } diff --git a/cc/crypto/server_encryptor.h b/cc/crypto/server_encryptor.h index 438e83c781c..bbf635e444b 100644 --- a/cc/crypto/server_encryptor.h +++ b/cc/crypto/server_encryptor.h @@ -25,7 +25,7 @@ #include "absl/status/statusor.h" #include "absl/strings/string_view.h" #include "cc/crypto/common.h" -#include "cc/crypto/encryption_key_provider.h" +#include "cc/crypto/encryption_key.h" #include "cc/crypto/hpke/recipient_context.h" #include "oak_crypto/proto/v1/crypto.pb.h" @@ -40,10 +40,10 @@ namespace oak::crypto { class ServerEncryptor { public: // Constructor for `ServerEncryptor`. - // `RecipientContextGenerator` argument is a long-term object containing the private key and + // `EncryptionKeyHandle` argument is a long-term object containing the private key and // should outlive the per-session `ServerEncryptor` object. - ServerEncryptor(RecipientContextGenerator& recipient_context_generator) - : recipient_context_generator_(recipient_context_generator), recipient_context_(nullptr){}; + ServerEncryptor(EncryptionKeyHandle& encryption_key_handle) + : encryption_key_handle_(encryption_key_handle), recipient_context_(nullptr){}; // Decrypts a [`EncryptedRequest`] proto message using AEAD. // @@ -60,7 +60,7 @@ class ServerEncryptor { absl::string_view associated_data); private: - RecipientContextGenerator& recipient_context_generator_; + EncryptionKeyHandle& encryption_key_handle_; std::unique_ptr recipient_context_; absl::Status InitializeRecipientContexts(const oak::crypto::v1::EncryptedRequest& request);