Commit c17c984d authored by Ajanthan Asogamoorthy's avatar Ajanthan Asogamoorthy Committed by Facebook GitHub Bot

Add getEkm

Summary: To generically get the exported keying material from our transports. As the code comments say this is intended to be used to bind data to the stream/connection itself.

Reviewed By: yfeldblum, knekritz

Differential Revision: D33828649

fbshipit-source-id: c046eccfad5fc34188a310409ceb6c84d42e9f79
parent d3535fc2
...@@ -807,6 +807,20 @@ class AsyncTransport : public DelayedDestruction, ...@@ -807,6 +807,20 @@ class AsyncTransport : public DelayedDestruction,
*/ */
virtual std::string getSecurityProtocol() const { return ""; } virtual std::string getSecurityProtocol() const { return ""; }
/*
* A transport may be able to produce exported keying material (ekm, per
* rfc5705), that can be used to bind some arbitrary data to it. This can be
* useful in contexts where you may want a token to only be used on the
* transport it was created for. If the transport is incapable of producing
* the ekm, this should return nullptr.
*/
virtual std::unique_ptr<IOBuf> getExportedKeyingMaterial(
folly::StringPiece /* label */,
std::unique_ptr<IOBuf> /* context */,
uint16_t /* length */) const {
return nullptr;
}
/** /**
* @return True iff end of record tracking is enabled * @return True iff end of record tracking is enabled
*/ */
......
...@@ -154,6 +154,14 @@ class DecoratedAsyncTransportWrapper : public folly::AsyncTransport { ...@@ -154,6 +154,14 @@ class DecoratedAsyncTransportWrapper : public folly::AsyncTransport {
return transport_->getSecurityProtocol(); return transport_->getSecurityProtocol();
} }
std::unique_ptr<IOBuf> getExportedKeyingMaterial(
folly::StringPiece label,
std::unique_ptr<IOBuf> context,
uint16_t length) const override {
return transport_->getExportedKeyingMaterial(
label, std::move(context), length);
}
bool isReplaySafe() const override { return transport_->isReplaySafe(); } bool isReplaySafe() const override { return transport_->isReplaySafe(); }
void setReplaySafetyCallback( void setReplaySafetyCallback(
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment