From e3b67da2e3380da5ab0ebdac7525ec42ceb7b85d Mon Sep 17 00:00:00 2001
From: Nick Richardson <richardsonnick@meta.com>
Date: Wed, 17 May 2023 12:17:22 -0700
Subject: [PATCH] Add connectWithECH to FizzWrapper

Summary: Adds wrapper for connecting with ECH.

Reviewed By: mingtaoy

Differential Revision: D45656864

fbshipit-source-id: 65bc008f6847d7744126e89f0fcf30d0be447282
---
 third-party/fizz/src/fizz/crypto/hpke/Hkdf.h  |  1 +
 .../fizz/src/fizz/crypto/hpke/Hpke.cpp        | 22 +++++++++++++++++++
 third-party/fizz/src/fizz/crypto/hpke/Hpke.h  | 12 ++++++++++
 3 files changed, 35 insertions(+)

diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h b/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h
index 341d870f124a5..3f101db5b029e 100644
--- a/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h
+++ b/third-party/fizz/src/fizz/crypto/hpke/Hkdf.h
@@ -38,5 +38,6 @@ class Hkdf {
   std::unique_ptr<folly::IOBuf> prefix_;
   std::unique_ptr<fizz::Hkdf> hkdf_;
 };
+
 } // namespace hpke
 } // namespace fizz
diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp b/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp
index ae69f593c829c..3f7b2a0f36f1b 100644
--- a/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp
+++ b/third-party/fizz/src/fizz/crypto/hpke/Hpke.cpp
@@ -157,5 +157,27 @@ std::unique_ptr<HpkeContext> setupWithDecap(
   return keySchedule(std::move(keyScheduleParams));
 }
 
+std::unique_ptr<folly::IOBuf> deserializePublicKey(
+    fizz::hpke::KEMId kemId,
+    const std::string& publicKey) {
+  switch (kemId) {
+    case fizz::hpke::KEMId::x25519:
+    case fizz::hpke::KEMId::x448: {
+      return folly::IOBuf::copyBuffer(folly::unhexlify(publicKey));
+    }
+    case fizz::hpke::KEMId::secp256r1:
+    case fizz::hpke::KEMId::secp384r1:
+    case fizz::hpke::KEMId::secp521r1: {
+      folly::ssl::BioUniquePtr bio(BIO_new(BIO_s_mem()));
+      BIO_write(bio.get(), publicKey.data(), publicKey.size());
+      folly::ssl::EvpPkeyUniquePtr pkey(
+          PEM_read_bio_PUBKEY(bio.get(), nullptr, nullptr, nullptr));
+      return fizz::detail::encodeECPublicKey(pkey);
+    }
+    default:
+      throw std::runtime_error("Unsupported KEM ID");
+  }
+}
+
 } // namespace hpke
 } // namespace fizz
diff --git a/third-party/fizz/src/fizz/crypto/hpke/Hpke.h b/third-party/fizz/src/fizz/crypto/hpke/Hpke.h
index 75b66ab077076..fe3527c6d0b77 100644
--- a/third-party/fizz/src/fizz/crypto/hpke/Hpke.h
+++ b/third-party/fizz/src/fizz/crypto/hpke/Hpke.h
@@ -92,5 +92,17 @@ std::unique_ptr<HpkeContext> setupWithDecap(
     folly::Optional<PskInputs> pskInputs,
     SetupParam param);
 
+/**
+ * Deserialize a public key from a hex or DER encoded string.
+ * Note, Curve25519 based KEMs only support hex endoded strings.
+ * EC curves support DER encoded strings.
+ * @param kemId kem ID to deserialize
+ * @param publicKey hex or DER encoded string
+ * @return deserialized public key
+ **/
+std::unique_ptr<folly::IOBuf> deserializePublicKey(
+    fizz::hpke::KEMId kemId,
+    const std::string& publicKey);
+
 } // namespace hpke
 } // namespace fizz