1 // Copyright 2021 The BoringSSL Authors
2 //
3 // Licensed under the Apache License, Version 2.0 (the "License");
4 // you may not use this file except in compliance with the License.
5 // You may obtain a copy of the License at
6 //
7 //     https://www.apache.org/licenses/LICENSE-2.0
8 //
9 // Unless required by applicable law or agreed to in writing, software
10 // distributed under the License is distributed on an "AS IS" BASIS,
11 // WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
12 // See the License for the specific language governing permissions and
13 // limitations under the License.
14 
15 #include <stdio.h>
16 
17 #include <limits>
18 #include <vector>
19 
20 #include <openssl/bytestring.h>
21 #include <openssl/hpke.h>
22 #include <openssl/span.h>
23 #include <openssl/ssl.h>
24 
25 #include "internal.h"
26 
27 
28 static const struct argument kArguments[] = {
29     {
30         "-out-ech-config-list",
31         kRequiredArgument,
32         "The path where the ECHConfigList should be written.",
33     },
34     {
35         "-out-ech-config",
36         kRequiredArgument,
37         "The path where the ECHConfig should be written.",
38     },
39     {
40         "-out-private-key",
41         kRequiredArgument,
42         "The path where the private key should be written.",
43     },
44     {
45         "-public-name",
46         kRequiredArgument,
47         "The public name for the new ECHConfig.",
48     },
49     {
50         "-config-id",
51         kRequiredArgument,
52         "The config ID for the new ECHConfig, from 0 to 255. Config IDs may be "
53         "reused, but should be unique among active configs on a server for "
54         "performance.",
55     },
56     {
57         "-max-name-length",
58         kOptionalArgument,
59         "The length of the longest name in the anonymity set, to guide client "
60         "padding.",
61     },
62     {
63         "",
64         kOptionalArgument,
65         "",
66     },
67 };
68 
GenerateECH(const std::vector<std::string> & args)69 bool GenerateECH(const std::vector<std::string> &args) {
70   std::map<std::string, std::string> args_map;
71   if (!ParseKeyValueArguments(&args_map, args, kArguments)) {
72     PrintUsage(kArguments);
73     return false;
74   }
75 
76   unsigned config_id;
77   if (!GetUnsigned(&config_id, "-config-id", 0, args_map) ||
78       config_id > std::numeric_limits<uint8_t>::max()) {
79     fprintf(stderr, "Error parsing -config-id argument\n");
80     return false;
81   }
82 
83   unsigned max_name_len = 0;
84   if (args_map.count("-max-name-length") != 0 &&
85       !GetUnsigned(&max_name_len, "-max-name-length", 0, args_map)) {
86     fprintf(stderr, "Error parsing -max-name-length argument\n");
87     return false;
88   }
89 
90   bssl::ScopedEVP_HPKE_KEY key;
91   uint8_t public_key[EVP_HPKE_MAX_PUBLIC_KEY_LENGTH];
92   uint8_t private_key[EVP_HPKE_MAX_PRIVATE_KEY_LENGTH];
93   size_t public_key_len, private_key_len;
94   if (!EVP_HPKE_KEY_generate(key.get(), EVP_hpke_x25519_hkdf_sha256()) ||
95       !EVP_HPKE_KEY_public_key(key.get(), public_key, &public_key_len,
96                                sizeof(public_key)) ||
97       !EVP_HPKE_KEY_private_key(key.get(), private_key, &private_key_len,
98                                 sizeof(private_key))) {
99     fprintf(stderr, "Failed to generate the HPKE keypair\n");
100     return false;
101   }
102 
103   uint8_t *ech_config;
104   size_t ech_config_len;
105   if (!SSL_marshal_ech_config(
106           &ech_config, &ech_config_len, static_cast<uint8_t>(config_id),
107           key.get(), args_map["-public-name"].c_str(), size_t{max_name_len})) {
108     fprintf(stderr, "Failed to serialize the ECHConfigList\n");
109     return false;
110   }
111   bssl::UniquePtr<uint8_t> free_ech_config(ech_config);
112 
113   bssl::ScopedCBB cbb;
114   CBB body;
115   if (!CBB_init(cbb.get(), ech_config_len + sizeof(uint16_t)) ||
116       !CBB_add_u16_length_prefixed(cbb.get(), &body) ||
117       !CBB_add_bytes(&body, ech_config, ech_config_len) ||
118       !CBB_flush(cbb.get())) {
119     fprintf(stderr, "Failed to serialize the ECHConfigList\n");
120     return false;
121   }
122   if (!WriteToFile(args_map["-out-ech-config-list"],
123                    bssl::Span(CBB_data(cbb.get()), CBB_len(cbb.get()))) ||
124       !WriteToFile(args_map["-out-ech-config"],
125                    bssl::Span(ech_config, ech_config_len)) ||
126       !WriteToFile(args_map["-out-private-key"],
127                    bssl::Span(private_key, private_key_len))) {
128     fprintf(stderr, "Failed to write ECHConfig or private key to file\n");
129     return false;
130   }
131   return true;
132 }
133