Revert D44545968: Move secretToNSSLabel from KeyLogWriter to KeyLogTypes

Differential Revision: D44545968 Original commit changeset: 9ba5647cfcfb Original Phabricator Diff: D44545968 fbshipit-source-id: 692ecfd688571fa29ba521b928f172224089374b
facebookincubator · May 4, 2023 · f1823d5 · f1823d5
1 parent fb27bdd
commit f1823d5
Show file tree

Hide file tree

Showing 12 changed files with 106 additions and 118 deletions.
diff --git a/fizz/CMakeLists.txt b/fizz/CMakeLists.txt
@@ -223,7 +223,6 @@ set(FIZZ_SOURCES
   tool/FizzCommandCommon.cpp
   util/FizzUtil.cpp
   util/Tracing.cpp
-  util/KeyLogTypes.cpp
 )
 
 add_library(fizz

diff --git a/fizz/client/AsyncFizzClient-inl.h b/fizz/client/AsyncFizzClient-inl.h
@@ -630,8 +630,8 @@ void AsyncFizzClientT<SM>::ActionMoveVisitor::operator()(
   fizz_probe_secret_available(
       secret.secret.secret.size(),
       secret.secret.secret.data(),
-      secretToNSSLabel(secret.secret.type)
-          .value_or(std::numeric_limits<NSSLabel>::max()),
+      KeyLogWriter::secretToNSSLabel(secret.secret.type)
+          .value_or(std::numeric_limits<KeyLogWriter::Label>::max()),
       client_.getClientRandom()->data());
 
   client_.secretAvailable(secret.secret);

diff --git a/fizz/server/AsyncFizzServer-inl.h b/fizz/server/AsyncFizzServer-inl.h
@@ -371,8 +371,8 @@ void AsyncFizzServerT<SM>::ActionMoveVisitor::operator()(
   fizz_probe_secret_available(
       secret.secret.secret.size(),
       secret.secret.secret.data(),
-      secretToNSSLabel(secret.secret.type)
-          .value_or(std::numeric_limits<NSSLabel>::max()),
+      KeyLogWriter::secretToNSSLabel(secret.secret.type)
+          .value_or(std::numeric_limits<KeyLogWriter::Label>::max()),
       server_.getClientRandom()->data());
 
   server_.secretAvailable(secret.secret);

diff --git a/fizz/server/AsyncFizzServer.h b/fizz/server/AsyncFizzServer.h
@@ -13,7 +13,6 @@
 #include <fizz/server/FizzServer.h>
 #include <fizz/server/FizzServerContext.h>
 #include <fizz/server/ServerProtocol.h>
-#include <fizz/util/KeyLogTypes.h>
 #include <fizz/util/Tracing.h>
 
 namespace fizz {

diff --git a/fizz/tool/FizzClientCommand.cpp b/fizz/tool/FizzClientCommand.cpp
@@ -366,37 +366,37 @@ class Connection : public AsyncSocket::ConnectCallback,
       if (clientEarlyTrafficSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::CLIENT_EARLY_TRAFFIC_SECRET,
+            KeyLogWriter::Label::CLIENT_EARLY_TRAFFIC_SECRET,
             folly::range(*clientEarlyTrafficSecret_));
       }
       if (clientHandshakeTrafficSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+            KeyLogWriter::Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
             folly::range(*clientHandshakeTrafficSecret_));
       }
       if (serverHandshakeTrafficSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::SERVER_HANDSHAKE_TRAFFIC_SECRET,
+            KeyLogWriter::Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
             folly::range(*serverHandshakeTrafficSecret_));
       }
       if (exporterMasterSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::EXPORTER_SECRET,
+            KeyLogWriter::Label::EXPORTER_SECRET,
             folly::range(*exporterMasterSecret_));
       }
       if (clientAppTrafficSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::CLIENT_TRAFFIC_SECRET_0,
+            KeyLogWriter::Label::CLIENT_TRAFFIC_SECRET_0,
             folly::range(*clientAppTrafficSecret_));
       }
       if (serverAppTrafficSecret_) {
         keyLogger_->write(
             *transport_->getClientRandom(),
-            NSSLabel::SERVER_TRAFFIC_SECRET_0,
+            KeyLogWriter::Label::SERVER_TRAFFIC_SECRET_0,
             folly::range(*serverAppTrafficSecret_));
       }
     }

diff --git a/fizz/tool/FizzServerCommand.cpp b/fizz/tool/FizzServerCommand.cpp
@@ -131,7 +131,7 @@ class FizzServerAcceptor : AsyncServerSocket::AcceptCallback {
   }
   void writeKeyLog(
       const fizz::Random& clientRandom,
-      NSSLabel label,
+      KeyLogWriter::Label label,
       const folly::ByteRange& secret) {
     if (keyLogger_) {
       keyLogger_->write(clientRandom, label, secret);
@@ -255,37 +255,37 @@ class FizzExampleServer : public AsyncFizzServer::HandshakeCallback,
     if (clientEarlyTrafficSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::CLIENT_EARLY_TRAFFIC_SECRET,
+          KeyLogWriter::Label::CLIENT_EARLY_TRAFFIC_SECRET,
           folly::range(*clientEarlyTrafficSecret_));
     }
     if (clientHandshakeTrafficSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
+          KeyLogWriter::Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET,
           folly::range(*clientHandshakeTrafficSecret_));
     }
     if (serverHandshakeTrafficSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::SERVER_HANDSHAKE_TRAFFIC_SECRET,
+          KeyLogWriter::Label::SERVER_HANDSHAKE_TRAFFIC_SECRET,
           folly::range(*serverHandshakeTrafficSecret_));
     }
     if (exporterMasterSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::EXPORTER_SECRET,
+          KeyLogWriter::Label::EXPORTER_SECRET,
           folly::range(*exporterMasterSecret_));
     }
     if (clientAppTrafficSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::CLIENT_TRAFFIC_SECRET_0,
+          KeyLogWriter::Label::CLIENT_TRAFFIC_SECRET_0,
           folly::range(*clientAppTrafficSecret_));
     }
     if (serverAppTrafficSecret_) {
       acceptor_->writeKeyLog(
           *state.clientRandom(),
-          NSSLabel::SERVER_TRAFFIC_SECRET_0,
+          KeyLogWriter::Label::SERVER_TRAFFIC_SECRET_0,
           folly::range(*serverAppTrafficSecret_));
     }
 

diff --git a/fizz/util/KeyLogTypes.cpp b/fizz/util/KeyLogTypes.cpp
diff --git a/fizz/util/KeyLogTypes.h b/fizz/util/KeyLogTypes.h
diff --git a/fizz/util/KeyLogWriter.h b/fizz/util/KeyLogWriter.h
@@ -7,13 +7,14 @@
  */
 
 #pragma once
+#include <fizz/protocol/KeyScheduler.h>
 #include <fizz/protocol/Types.h>
-#include <fizz/util/KeyLogTypes.h>
 #include <fmt/format.h>
 #include <folly/Range.h>
 #include <fstream>
 
 namespace fizz {
+
 /**
  * Dump NSS Key Log File.
  * More details can be found here:
@@ -22,6 +23,28 @@ namespace fizz {
  */
 class KeyLogWriter {
  public:
+  enum class Label {
+    RSA, // 48 bytes for the premaster secret, encoded as 96 hexadecimal
+         // characters
+    CLIENT_RANDOM, // 48 bytes for the master secret, encoded as 96 hexadecimal
+                   // characters (for SSL 3.0, TLS 1.0, 1.1 and 1.2)
+    CLIENT_EARLY_TRAFFIC_SECRET, // the hex-encoded early traffic secret for the
+                                 // client side (for TLS 1.3)
+    CLIENT_HANDSHAKE_TRAFFIC_SECRET, // the hex-encoded handshake traffic secret
+                                     // for the client side (for TLS 1.3)
+    SERVER_HANDSHAKE_TRAFFIC_SECRET, // the hex-encoded handshake traffic secret
+                                     // for the server side (for TLS 1.3)
+    CLIENT_TRAFFIC_SECRET_0, // the first hex-encoded application traffic secret
+                             // for the client side (for TLS 1.3)
+    SERVER_TRAFFIC_SECRET_0, // the first hex-encoded application traffic secret
+                             // for the server side (for TLS 1.3)
+    EARLY_EXPORTER_SECRET, // the hex-encoded early exporter secret (for
+                           // TLS 1.3, used for 0-RTT keys in older QUIC
+                           // drafts).
+    EXPORTER_SECRET // the hex-encoded exporter secret (for TLS 1.3, used for
+                    // 1-RTT keys in older QUIC drafts)
+  };
+
   /**
    * Instantiate a KeyLogWriter.
    * @param fileName, input, name of the file to keep key logs.
@@ -33,6 +56,55 @@ class KeyLogWriter {
     }
   }
 
+  /**
+   * Convert SecretType to NSS Keylog label equivalent.
+   * @param secretType The secretType to convert to keylog label.
+   * @return the keylog label for secretType
+   */
+  static folly::Optional<Label> secretToNSSLabel(SecretType secretType) {
+    switch (secretType.type()) {
+      case SecretType::Type::EarlySecrets_E:
+        switch (secretType.tryAsEarlySecrets()) {
+          case EarlySecrets::ExternalPskBinder:
+            return folly::none;
+          case EarlySecrets::ResumptionPskBinder:
+            return folly::none;
+          case EarlySecrets::ClientEarlyTraffic:
+            return Label::CLIENT_EARLY_TRAFFIC_SECRET;
+          case EarlySecrets::EarlyExporter:
+            return Label::EARLY_EXPORTER_SECRET;
+          case EarlySecrets::ECHAcceptConfirmation:
+            return folly::none;
+          case EarlySecrets::HRRECHAcceptConfirmation:
+            return folly::none;
+        }
+      case SecretType::Type::HandshakeSecrets_E:
+        switch (secretType.tryAsHandshakeSecrets()) {
+          case HandshakeSecrets::ClientHandshakeTraffic:
+            return Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET;
+          case HandshakeSecrets::ServerHandshakeTraffic:
+            return Label::SERVER_HANDSHAKE_TRAFFIC_SECRET;
+          case HandshakeSecrets::ECHAcceptConfirmation:
+            return folly::none;
+        }
+      case SecretType::Type::MasterSecrets_E:
+        switch (secretType.tryAsMasterSecrets()) {
+          case MasterSecrets::ExporterMaster:
+            return Label::EXPORTER_SECRET;
+          case MasterSecrets::ResumptionMaster:
+            return folly::none;
+        }
+      case SecretType::Type::AppTrafficSecrets_E:
+        switch (secretType.tryAsAppTrafficSecrets()) {
+          case AppTrafficSecrets::ClientAppTraffic:
+            return Label::CLIENT_TRAFFIC_SECRET_0;
+          case AppTrafficSecrets::ServerAppTraffic:
+            return Label::SERVER_TRAFFIC_SECRET_0;
+        }
+    }
+    return folly::none;
+  }
+
   /**
    * Append a new log line to the key log file.
    * @param clientRandom, input, 32 bytes random value from the Client Hello
@@ -43,7 +115,7 @@ class KeyLogWriter {
    */
   void write(
       const fizz::Random& clientRandom,
-      NSSLabel label,
+      KeyLogWriter::Label label,
       const folly::ByteRange& secret) {
     outputFile_ << generateLogLine(clientRandom, label, secret);
   }
@@ -59,7 +131,7 @@ class KeyLogWriter {
    */
   static std::string generateLogLine(
       const fizz::Random& clientRandom,
-      NSSLabel label,
+      KeyLogWriter::Label label,
       const folly::ByteRange& secret) {
     return fmt::format(
         "{0} {1} {2}\n",
@@ -72,25 +144,25 @@ class KeyLogWriter {
   /**
    * Convert the Label enumerate to string.
    */
-  static std::string labelToString(NSSLabel label) {
+  static std::string labelToString(KeyLogWriter::Label label) {
     switch (label) {
-      case NSSLabel::RSA:
+      case Label::RSA:
         return "RSA";
-      case NSSLabel::CLIENT_RANDOM:
+      case Label::CLIENT_RANDOM:
         return "CLIENT_RANDOM";
-      case NSSLabel::CLIENT_EARLY_TRAFFIC_SECRET:
+      case Label::CLIENT_EARLY_TRAFFIC_SECRET:
         return "CLIENT_EARLY_TRAFFIC_SECRET";
-      case NSSLabel::CLIENT_HANDSHAKE_TRAFFIC_SECRET:
+      case Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET:
         return "CLIENT_HANDSHAKE_TRAFFIC_SECRET";
-      case NSSLabel::SERVER_HANDSHAKE_TRAFFIC_SECRET:
+      case Label::SERVER_HANDSHAKE_TRAFFIC_SECRET:
         return "SERVER_HANDSHAKE_TRAFFIC_SECRET";
-      case NSSLabel::CLIENT_TRAFFIC_SECRET_0:
+      case Label::CLIENT_TRAFFIC_SECRET_0:
         return "CLIENT_TRAFFIC_SECRET_0";
-      case NSSLabel::SERVER_TRAFFIC_SECRET_0:
+      case Label::SERVER_TRAFFIC_SECRET_0:
         return "SERVER_TRAFFIC_SECRET_0";
-      case NSSLabel::EARLY_EXPORTER_SECRET:
+      case Label::EARLY_EXPORTER_SECRET:
         return "EARLY_EXPORTER_SECRET";
-      case NSSLabel::EXPORTER_SECRET:
+      case Label::EXPORTER_SECRET:
         return "EXPORTER_SECRET";
       default:
         break;

diff --git a/fizz/util/Tracing.cpp b/fizz/util/Tracing.cpp
@@ -14,7 +14,7 @@ extern "C" {
 void fizz_probe_secret_available(
     long unsigned int secretSize,
     unsigned char* secretData,
-    fizz::NSSLabel nssLabel,
+    fizz::KeyLogWriter::Label nssLabel,
     unsigned char* clientRandom) {
   FOLLY_SDT(
       fizz,

diff --git a/fizz/util/Tracing.h b/fizz/util/Tracing.h
@@ -7,15 +7,15 @@
  */
 
 #pragma once
-#include <fizz/util/KeyLogTypes.h>
+#include <fizz/util/KeyLogWriter.h>
 
 namespace fizz {
 
 extern "C" {
 void fizz_probe_secret_available(
     long unsigned int secretSize,
     unsigned char* secretData,
-    fizz::NSSLabel nssLabel,
+    fizz::KeyLogWriter::Label nssLabel,
     unsigned char* clientRandom);
 }