Functions | Variables
encrypted_client_hello.cc File Reference
#include <openssl/ssl.h>
#include <assert.h>
#include <string.h>
#include <algorithm>
#include <utility>
#include <openssl/aead.h>
#include <openssl/bytestring.h>
#include <openssl/curve25519.h>
#include <openssl/err.h>
#include <openssl/hkdf.h>
#include <openssl/hpke.h>
#include <openssl/rand.h>
#include "internal.h"
Include dependency graph for encrypted_client_hello.cc:

Go to the source code of this file.

Functions

static size_t aead_overhead (const EVP_HPKE_AEAD *aead)
 
static const EVP_HPKE_AEADget_ech_aead (uint16_t aead_id)
 
static bool is_decimal_component (Span< const uint8_t > in)
 
static bool is_hex_component (Span< const uint8_t > in)
 
static bool is_valid_client_hello_inner (SSL *ssl, uint8_t *out_alert, Span< const uint8_t > body)
 
static bool parse_ech_config (CBS *cbs, ECHConfig *out, bool *out_supported, bool all_extensions_mandatory)
 
static size_t random_size (size_t min, size_t max)
 
static bool select_ech_cipher_suite (const EVP_HPKE_KDF **out_kdf, const EVP_HPKE_AEAD **out_aead, Span< const uint8_t > cipher_suites)
 
static bool setup_ech_grease (SSL_HANDSHAKE *hs)
 
bool ssl_client_hello_decrypt (EVP_HPKE_CTX *hpke_ctx, Array< uint8_t > *out, bool *out_is_decrypt_error, const SSL_CLIENT_HELLO *client_hello_outer, Span< const uint8_t > payload)
 
static bool ssl_client_hello_write_without_extensions (const SSL_CLIENT_HELLO *client_hello, CBB *out)
 
int SSL_CTX_set1_ech_keys (SSL_CTX *ctx, SSL_ECH_KEYS *keys)
 
bool ssl_decode_client_hello_inner (SSL *ssl, uint8_t *out_alert, Array< uint8_t > *out_client_hello_inner, Span< const uint8_t > encoded_client_hello_inner, const SSL_CLIENT_HELLO *client_hello_outer)
 
int SSL_ech_accepted (const SSL *ssl)
 
int SSL_ECH_KEYS_add (SSL_ECH_KEYS *configs, int is_retry_config, const uint8_t *ech_config, size_t ech_config_len, const EVP_HPKE_KEY *key)
 
void SSL_ECH_KEYS_free (SSL_ECH_KEYS *keys)
 
int SSL_ECH_KEYS_has_duplicate_config_id (const SSL_ECH_KEYS *keys)
 
int SSL_ECH_KEYS_marshal_retry_configs (const SSL_ECH_KEYS *keys, uint8_t **out, size_t *out_len)
 
SSL_ECH_KEYSSSL_ECH_KEYS_new ()
 
void SSL_ECH_KEYS_up_ref (SSL_ECH_KEYS *keys)
 
bool ssl_encrypt_client_hello (SSL_HANDSHAKE *hs, Span< const uint8_t > enc)
 
void SSL_get0_ech_name_override (const SSL *ssl, const char **out_name, size_t *out_name_len)
 
void SSL_get0_ech_retry_configs (const SSL *ssl, const uint8_t **out_retry_configs, size_t *out_retry_configs_len)
 
bool ssl_is_valid_ech_config_list (Span< const uint8_t > ech_config_list)
 
bool ssl_is_valid_ech_public_name (Span< const uint8_t > public_name)
 
int SSL_marshal_ech_config (uint8_t **out, size_t *out_len, uint8_t config_id, const EVP_HPKE_KEY *key, const char *public_name, size_t max_name_len)
 
bool ssl_select_ech_config (SSL_HANDSHAKE *hs, Span< uint8_t > out_enc, size_t *out_enc_len)
 
int SSL_set1_ech_config_list (SSL *ssl, const uint8_t *ech_config_list, size_t ech_config_list_len)
 
void SSL_set_enable_ech_grease (SSL *ssl, int enable)
 

Variables

static constexpr BSSL_NAMESPACE_BEGIN uint16_t kECHConfigVersion
 
static const decltype(&EVP_hpke_aes_128_gcmkSupportedAEADs []
 

Function Documentation

◆ aead_overhead()

static size_t aead_overhead ( const EVP_HPKE_AEAD aead)
static

Definition at line 676 of file encrypted_client_hello.cc.

◆ get_ech_aead()

static const EVP_HPKE_AEAD* get_ech_aead ( uint16_t  aead_id)
static

Definition at line 46 of file encrypted_client_hello.cc.

◆ is_decimal_component()

static bool is_decimal_component ( Span< const uint8_t in)
static

Definition at line 326 of file encrypted_client_hello.cc.

◆ is_hex_component()

static bool is_hex_component ( Span< const uint8_t in)
static

Definition at line 313 of file encrypted_client_hello.cc.

◆ is_valid_client_hello_inner()

static bool is_valid_client_hello_inner ( SSL ssl,
uint8_t out_alert,
Span< const uint8_t body 
)
static

Definition at line 81 of file encrypted_client_hello.cc.

◆ parse_ech_config()

static bool parse_ech_config ( CBS cbs,
ECHConfig out,
bool out_supported,
bool  all_extensions_mandatory 
)
static

Definition at line 389 of file encrypted_client_hello.cc.

◆ random_size()

static size_t random_size ( size_t  min,
size_t  max 
)
static

Definition at line 688 of file encrypted_client_hello.cc.

◆ select_ech_cipher_suite()

static bool select_ech_cipher_suite ( const EVP_HPKE_KDF **  out_kdf,
const EVP_HPKE_AEAD **  out_aead,
Span< const uint8_t cipher_suites 
)
static

Definition at line 586 of file encrypted_client_hello.cc.

◆ setup_ech_grease()

static bool setup_ech_grease ( SSL_HANDSHAKE hs)
static

Definition at line 695 of file encrypted_client_hello.cc.

◆ ssl_client_hello_decrypt()

bool ssl_client_hello_decrypt ( EVP_HPKE_CTX hpke_ctx,
Array< uint8_t > *  out,
bool out_is_decrypt_error,
const SSL_CLIENT_HELLO client_hello_outer,
Span< const uint8_t payload 
)

Definition at line 255 of file encrypted_client_hello.cc.

◆ ssl_client_hello_write_without_extensions()

static bool ssl_client_hello_write_without_extensions ( const SSL_CLIENT_HELLO client_hello,
CBB out 
)
static

Definition at line 61 of file encrypted_client_hello.cc.

◆ SSL_CTX_set1_ech_keys()

int SSL_CTX_set1_ech_keys ( SSL_CTX ctx,
SSL_ECH_KEYS keys 
)

Definition at line 1057 of file encrypted_client_hello.cc.

◆ ssl_decode_client_hello_inner()

bool ssl_decode_client_hello_inner ( SSL ssl,
uint8_t out_alert,
Array< uint8_t > *  out_client_hello_inner,
Span< const uint8_t encoded_client_hello_inner,
const SSL_CLIENT_HELLO client_hello_outer 
)

Definition at line 125 of file encrypted_client_hello.cc.

◆ SSL_ech_accepted()

int SSL_ech_accepted ( const SSL ssl)

Definition at line 1075 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_add()

int SSL_ECH_KEYS_add ( SSL_ECH_KEYS configs,
int  is_retry_config,
const uint8_t ech_config,
size_t  ech_config_len,
const EVP_HPKE_KEY key 
)

Definition at line 1007 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_free()

void SSL_ECH_KEYS_free ( SSL_ECH_KEYS keys)

Definition at line 997 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_has_duplicate_config_id()

int SSL_ECH_KEYS_has_duplicate_config_id ( const SSL_ECH_KEYS keys)

Definition at line 1026 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_marshal_retry_configs()

int SSL_ECH_KEYS_marshal_retry_configs ( const SSL_ECH_KEYS keys,
uint8_t **  out,
size_t *  out_len 
)

Definition at line 1037 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_new()

SSL_ECH_KEYS* SSL_ECH_KEYS_new ( )

Definition at line 991 of file encrypted_client_hello.cc.

◆ SSL_ECH_KEYS_up_ref()

void SSL_ECH_KEYS_up_ref ( SSL_ECH_KEYS keys)

Definition at line 993 of file encrypted_client_hello.cc.

◆ ssl_encrypt_client_hello()

bool ssl_encrypt_client_hello ( SSL_HANDSHAKE hs,
Span< const uint8_t enc 
)

Definition at line 748 of file encrypted_client_hello.cc.

◆ SSL_get0_ech_name_override()

void SSL_get0_ech_name_override ( const SSL ssl,
const char **  out_name,
size_t *  out_name_len 
)

Definition at line 900 of file encrypted_client_hello.cc.

◆ SSL_get0_ech_retry_configs()

void SSL_get0_ech_retry_configs ( const SSL ssl,
const uint8_t **  out_retry_configs,
size_t *  out_retry_configs_len 
)

Definition at line 919 of file encrypted_client_hello.cc.

◆ ssl_is_valid_ech_config_list()

bool ssl_is_valid_ech_config_list ( Span< const uint8_t ech_config_list)

Definition at line 568 of file encrypted_client_hello.cc.

◆ ssl_is_valid_ech_public_name()

bool ssl_is_valid_ech_public_name ( Span< const uint8_t public_name)

Definition at line 338 of file encrypted_client_hello.cc.

◆ SSL_marshal_ech_config()

int SSL_marshal_ech_config ( uint8_t **  out,
size_t *  out_len,
uint8_t  config_id,
const EVP_HPKE_KEY key,
const char *  public_name,
size_t  max_name_len 
)

Definition at line 941 of file encrypted_client_hello.cc.

◆ ssl_select_ech_config()

bool ssl_select_ech_config ( SSL_HANDSHAKE hs,
Span< uint8_t out_enc,
size_t *  out_enc_len 
)

Definition at line 618 of file encrypted_client_hello.cc.

◆ SSL_set1_ech_config_list()

int SSL_set1_ech_config_list ( SSL ssl,
const uint8_t ech_config_list,
size_t  ech_config_list_len 
)

Definition at line 886 of file encrypted_client_hello.cc.

◆ SSL_set_enable_ech_grease()

void SSL_set_enable_ech_grease ( SSL ssl,
int  enable 
)

Definition at line 879 of file encrypted_client_hello.cc.

Variable Documentation

◆ kECHConfigVersion

constexpr BSSL_NAMESPACE_BEGIN uint16_t kECHConfigVersion
staticconstexpr
Initial value:
=
TLSEXT_TYPE_encrypted_client_hello

Definition at line 37 of file encrypted_client_hello.cc.

◆ kSupportedAEADs

const decltype(&EVP_hpke_aes_128_gcm) kSupportedAEADs[]
static
Initial value:
= {
&EVP_hpke_aes_128_gcm,
&EVP_hpke_aes_256_gcm,
&EVP_hpke_chacha20_poly1305,
}

Definition at line 40 of file encrypted_client_hello.cc.

EVP_hpke_chacha20_poly1305
#define EVP_hpke_chacha20_poly1305
Definition: boringssl_prefix_symbols.h:1732
EVP_hpke_aes_128_gcm
#define EVP_hpke_aes_128_gcm
Definition: boringssl_prefix_symbols.h:1730
EVP_hpke_aes_256_gcm
#define EVP_hpke_aes_256_gcm
Definition: boringssl_prefix_symbols.h:1731
TLSEXT_TYPE_encrypted_client_hello
#define TLSEXT_TYPE_encrypted_client_hello
Definition: tls1.h:251

grpc
Author(s):
autogenerated on Fri May 16 2025 03:01:11