#include "quiche/oblivious_http/buffers/oblivious_http_response.h" #include <stddef.h> #include <stdint.h> #include <algorithm> #include <memory> #include <string> #include <utility> #include "absl/status/status.h" #include "absl/status/statusor.h" #include "absl/strings/str_cat.h" #include "absl/strings/string_view.h" #include "openssl/aead.h" #include "openssl/hkdf.h" #include "openssl/hpke.h" #include "quiche/common/platform/api/quiche_bug_tracker.h" #include "quiche/common/quiche_crypto_logging.h" #include "quiche/common/quiche_random.h" #include "quiche/oblivious_http/common/oblivious_http_header_key_config.h" namespace quiche { namespace { // Generate a random string. void random(QuicheRandom* quiche_random, char* dest, size_t len) { … } } // namespace // Ctor. ObliviousHttpResponse::ObliviousHttpResponse(std::string encrypted_data, std::string resp_plaintext) : … { … } // Response Decapsulation. // 1. Extract resp_nonce // 2. Build prk (pseudorandom key) using HKDF_Extract // 3. Derive aead_key using HKDF_Labeled_Expand // 4. Derive aead_nonce using HKDF_Labeled_Expand // 5. Setup AEAD context and Decrypt. // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#section-4.2-4 absl::StatusOr<ObliviousHttpResponse> ObliviousHttpResponse::CreateClientObliviousResponse( std::string encrypted_data, ObliviousHttpRequest::Context& oblivious_http_request_context, absl::string_view resp_label) { … } // Response Encapsulation. // Follows the Ohttp spec section-4.2 (Encapsulation of Responses) Ref // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#section-4.2 // Use HPKE context from BoringSSL to export a secret and use it to Seal (AKA // encrypt) the response back to the Sender(client) absl::StatusOr<ObliviousHttpResponse> ObliviousHttpResponse::CreateServerObliviousResponse( std::string plaintext_payload, ObliviousHttpRequest::Context& oblivious_http_request_context, absl::string_view response_label, QuicheRandom* quiche_random) { … } // Serialize. // enc_response = concat(response_nonce, ct) // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#section-4.2-4 const std::string& ObliviousHttpResponse::EncapsulateAndSerialize() const { … } // Decrypted blob. const std::string& ObliviousHttpResponse::GetPlaintextData() const { … } // This section mainly deals with common operations performed by both // Sender(client) and Receiver(gateway) on ObliviousHttpResponse. absl::StatusOr<ObliviousHttpResponse::CommonAeadParamsResult> ObliviousHttpResponse::GetCommonAeadParams( ObliviousHttpRequest::Context& oblivious_http_request_context) { … } // Common Steps of AEAD key and AEAD nonce derivation common to both // client(decapsulation) & Gateway(encapsulation) in handling // Oblivious-Response. Ref Steps (1, 3-to-5, and setting up AEAD context in // preparation for 6th step's Seal/Open) in spec. // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#section-4.2-4 absl::StatusOr<ObliviousHttpResponse::CommonOperationsResult> ObliviousHttpResponse::CommonOperationsToEncapDecap( absl::string_view response_nonce, ObliviousHttpRequest::Context& oblivious_http_request_context, absl::string_view resp_label, const size_t aead_key_len, const size_t aead_nonce_len, const size_t secret_len) { … } } // namespace quiche
Codebase Browser
chromium