Add connectWithECH to FizzWrapper

Summary: Adds wrapper for connecting with ECH. Reviewed By: mingtaoy Differential Revision: D45656864 fbshipit-source-id: 65bc008f6847d7744126e89f0fcf30d0be447282
paulbiss · May 17, 2023 · e3b67da · e3b67da
1 parent 8696781
commit e3b67da
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 0 deletions.
diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h b/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h
@@ -38,5 +38,6 @@ class Hkdf {
   std::unique_ptr<folly::IOBuf> prefix_;
   std::unique_ptr<fizz::Hkdf> hkdf_;
 };
+
 } // namespace hpke
 } // namespace fizz
diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp b/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp
@@ -157,5 +157,27 @@ std::unique_ptr<HpkeContext> setupWithDecap(
   return keySchedule(std::move(keyScheduleParams));
 }
 
+std::unique_ptr<folly::IOBuf> deserializePublicKey(
+    fizz::hpke::KEMId kemId,
+    const std::string& publicKey) {
+  switch (kemId) {
+    case fizz::hpke::KEMId::x25519:
+    case fizz::hpke::KEMId::x448: {
+      return folly::IOBuf::copyBuffer(folly::unhexlify(publicKey));
+    }
+    case fizz::hpke::KEMId::secp256r1:
+    case fizz::hpke::KEMId::secp384r1:
+    case fizz::hpke::KEMId::secp521r1: {
+      folly::ssl::BioUniquePtr bio(BIO_new(BIO_s_mem()));
+      BIO_write(bio.get(), publicKey.data(), publicKey.size());
+      folly::ssl::EvpPkeyUniquePtr pkey(
+          PEM_read_bio_PUBKEY(bio.get(), nullptr, nullptr, nullptr));
+      return fizz::detail::encodeECPublicKey(pkey);
+    }
+    default:
+      throw std::runtime_error("Unsupported KEM ID");
+  }
+}
+
 } // namespace hpke
 } // namespace fizz
diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hpke.h b/third-party/fizz/src/fizz/crypto/hpke/Hpke.h
@@ -92,5 +92,17 @@ std::unique_ptr<HpkeContext> setupWithDecap(
     folly::Optional<PskInputs> pskInputs,
     SetupParam param);
 
+/**
+ * Deserialize a public key from a hex or DER encoded string.
+ * Note, Curve25519 based KEMs only support hex endoded strings.
+ * EC curves support DER encoded strings.
+ * @param kemId kem ID to deserialize
+ * @param publicKey hex or DER encoded string
+ * @return deserialized public key
+ **/
+std::unique_ptr<folly::IOBuf> deserializePublicKey(
+    fizz::hpke::KEMId kemId,
+    const std::string& publicKey);
+
 } // namespace hpke
 } // namespace fizz