generate_ech.cc
Go to the documentation of this file.
1 /* Copyright (c) 2021, Google Inc.
2  *
3  * Permission to use, copy, modify, and/or distribute this software for any
4  * purpose with or without fee is hereby granted, provided that the above
5  * copyright notice and this permission notice appear in all copies.
6  *
7  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
8  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
9  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY
10  * SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
11  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION
12  * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN
13  * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */
14 
15 #include <stdio.h>
16 
17 #include <limits>
18 #include <vector>
19 
20 #include <openssl/bytestring.h>
21 #include <openssl/hpke.h>
22 #include <openssl/span.h>
23 #include <openssl/ssl.h>
24 
25 #include "internal.h"
26 
27 
28 static const struct argument kArguments[] = {
29  {
30  "-out-ech-config-list",
31  kRequiredArgument,
32  "The path where the ECHConfigList should be written.",
33  },
34  {
35  "-out-ech-config",
36  kRequiredArgument,
37  "The path where the ECHConfig should be written.",
38  },
39  {
40  "-out-private-key",
41  kRequiredArgument,
42  "The path where the private key should be written.",
43  },
44  {
45  "-public-name",
46  kRequiredArgument,
47  "The public name for the new ECHConfig.",
48  },
49  {
50  "-config-id",
51  kRequiredArgument,
52  "The config ID for the new ECHConfig, from 0 to 255. Config IDs may be "
53  "reused, but should be unique among active configs on a server for "
54  "performance.",
55  },
56  {
57  "-max-name-length",
58  kOptionalArgument,
59  "The length of the longest name in the anonymity set, to guide client "
60  "padding.",
61  },
62  {
63  "",
64  kOptionalArgument,
65  "",
66  },
67 };
68 
69 bool GenerateECH(const std::vector<std::string> &args) {
70  std::map<std::string, std::string> args_map;
71  if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
72  PrintUsage(kArguments);
73  return false;
74  }
75 
76  unsigned config_id;
77  if (!GetUnsigned(&config_id, "-config-id", 0, args_map) ||
78  config_id > std::numeric_limits<uint8_t>::max()) {
79  fprintf(stderr, "Error parsing -config-id argument\n");
80  return false;
81  }
82 
83  unsigned max_name_len = 0;
84  if (args_map.count("-max-name-length") != 0 &&
85  !GetUnsigned(&max_name_len, "-max-name-length", 0, args_map)) {
86  fprintf(stderr, "Error parsing -max-name-length argument\n");
87  return false;
88  }
89 
90  bssl::ScopedEVP_HPKE_KEY key;
91  uint8_t public_key[EVP_HPKE_MAX_PUBLIC_KEY_LENGTH];
92  uint8_t private_key[EVP_HPKE_MAX_PRIVATE_KEY_LENGTH];
93  size_t public_key_len, private_key_len;
94  if (!EVP_HPKE_KEY_generate(key.get(), EVP_hpke_x25519_hkdf_sha256()) ||
95  !EVP_HPKE_KEY_public_key(key.get(), public_key, &public_key_len,
96  sizeof(public_key)) ||
97  !EVP_HPKE_KEY_private_key(key.get(), private_key, &private_key_len,
98  sizeof(private_key))) {
99  fprintf(stderr, "Failed to generate the HPKE keypair\n");
100  return false;
101  }
102 
103  uint8_t *ech_config;
104  size_t ech_config_len;
105  if (!SSL_marshal_ech_config(
106  &ech_config, &ech_config_len, static_cast<uint8_t>(config_id),
107  key.get(), args_map["-public-name"].c_str(), size_t{max_name_len})) {
108  fprintf(stderr, "Failed to serialize the ECHConfigList\n");
109  return false;
110  }
111  bssl::UniquePtr<uint8_t> free_ech_config(ech_config);
112 
113  bssl::ScopedCBB cbb;
114  CBB body;
115  if (!CBB_init(cbb.get(), ech_config_len + sizeof(uint16_t)) ||
116  !CBB_add_u16_length_prefixed(cbb.get(), &body) ||
117  !CBB_add_bytes(&body, ech_config, ech_config_len) ||
118  !CBB_flush(cbb.get())) {
119  fprintf(stderr, "Failed to serialize the ECHConfigList\n");
120  return false;
121  }
122  if (!WriteToFile(
123  args_map["-out-ech-config-list"],
124  bssl::MakeConstSpan(CBB_data(cbb.get()), CBB_len(cbb.get()))) ||
125  !WriteToFile(args_map["-out-ech-config"],
126  bssl::MakeConstSpan(ech_config, ech_config_len)) ||
127  !WriteToFile(args_map["-out-private-key"],
128  bssl::MakeConstSpan(private_key, private_key_len))) {
129  fprintf(stderr, "Failed to write ECHConfig or private key to file\n");
130  return false;
131  }
132  return true;
133 }
ParseKeyValueArguments
bool ParseKeyValueArguments(std::map< std::string, std::string > *out_args, const std::vector< std::string > &args, const struct argument *templates)
Definition: args.cc:27
CBB_flush
#define CBB_flush
Definition: boringssl_prefix_symbols.h:1045
CBB_data
#define CBB_data
Definition: boringssl_prefix_symbols.h:1040
public_key
Definition: hrss.c:1881
CBB_init
#define CBB_init
Definition: boringssl_prefix_symbols.h:1047
internal.h
uint16_t
unsigned short uint16_t
Definition: stdint-msvc2008.h:79
EVP_HPKE_KEY_private_key
#define EVP_HPKE_KEY_private_key
Definition: boringssl_prefix_symbols.h:1557
kRequiredArgument
@ kRequiredArgument
Definition: third_party/boringssl-with-bazel/src/tool/internal.h:103
WriteToFile
bool WriteToFile(const std::string &path, bssl::Span< const uint8_t > in)
Definition: boringssl-with-bazel/src/tool/file.cc:56
CBB_add_u16_length_prefixed
#define CBB_add_u16_length_prefixed
Definition: boringssl_prefix_symbols.h:1028
hpke.h
uint8_t
unsigned char uint8_t
Definition: stdint-msvc2008.h:78
EVP_HPKE_KEY_public_key
#define EVP_HPKE_KEY_public_key
Definition: boringssl_prefix_symbols.h:1558
python_utils.port_server.stderr
stderr
Definition: port_server.py:51
bytestring.h
asyncio_get_stats.args
args
Definition: asyncio_get_stats.py:40
max
int max
Definition: bloaty/third_party/zlib/examples/enough.c:170
EVP_HPKE_MAX_PRIVATE_KEY_LENGTH
#define EVP_HPKE_MAX_PRIVATE_KEY_LENGTH
Definition: hpke.h:145
SSL_marshal_ech_config
#define SSL_marshal_ech_config
Definition: boringssl_prefix_symbols.h:411
argument
Definition: third_party/boringssl-with-bazel/src/tool/internal.h:108
kArguments
static const struct argument kArguments[]
Definition: generate_ech.cc:28
ssl.h
PrintUsage
void PrintUsage(const struct argument *templates)
Definition: args.cc:75
GetUnsigned
bool GetUnsigned(unsigned *out, const std::string &arg_name, unsigned default_value, const std::map< std::string, std::string > &args)
Definition: args.cc:82
CBB_add_bytes
#define CBB_add_bytes
Definition: boringssl_prefix_symbols.h:1025
GenerateECH
bool GenerateECH(const std::vector< std::string > &args)
Definition: generate_ech.cc:69
key
const char * key
Definition: hpack_parser_table.cc:164
EVP_hpke_x25519_hkdf_sha256
#define EVP_hpke_x25519_hkdf_sha256
Definition: boringssl_prefix_symbols.h:1734
EVP_HPKE_KEY_generate
#define EVP_HPKE_KEY_generate
Definition: boringssl_prefix_symbols.h:1553
private_key
Definition: hrss.c:1885
ScopedEVP_HPKE_KEY
internal::StackAllocated< EVP_HPKE_KEY, void, EVP_HPKE_KEY_zero, EVP_HPKE_KEY_cleanup > ScopedEVP_HPKE_KEY
Definition: hpke.h:340
kOptionalArgument
@ kOptionalArgument
Definition: third_party/boringssl-with-bazel/src/tool/internal.h:104
CBB_len
#define CBB_len
Definition: boringssl_prefix_symbols.h:1049
span.h
EVP_HPKE_MAX_PUBLIC_KEY_LENGTH
#define EVP_HPKE_MAX_PUBLIC_KEY_LENGTH
Definition: hpke.h:132
absl::MakeConstSpan
constexpr Span< const T > MakeConstSpan(T *ptr, size_t size) noexcept
Definition: abseil-cpp/absl/types/span.h:707
cbb_st
Definition: bytestring.h:375

grpc
Author(s):
autogenerated on Thu Mar 13 2025 02:59:23