From 070a6c3e023195d26f2b28738b424926d0d26edc Mon Sep 17 00:00:00 2001 From: David Benjamin Date: Wed, 5 May 2021 15:39:27 -0400 Subject: [PATCH] Export the HPKE implementation. Bug: 410 Change-Id: I633eab7f2d148c9158a5bb29d73e07f1f18b7105 Reviewed-on: https://boringssl-review.googlesource.com/c/boringssl/+/47331 Commit-Queue: David Benjamin Reviewed-by: Adam Langley --- crypto/hpke/hpke.c | 3 ++- crypto/hpke/hpke_test.cc | 3 ++- include/openssl/base.h | 5 +++++ crypto/hpke/internal.h => include/openssl/hpke.h | 15 +++++---------- ssl/encrypted_client_hello.cc | 2 +- ssl/handshake_server.cc | 1 - ssl/internal.h | 2 +- ssl/t1_lib.cc | 2 +- ssl/tls13_server.cc | 2 +- util/doc.config | 3 ++- 10 files changed, 20 insertions(+), 18 deletions(-) rename crypto/hpke/internal.h => include/openssl/hpke.h (97%) diff --git a/crypto/hpke/hpke.c b/crypto/hpke/hpke.c index 765611937..6840e8340 100644 --- a/crypto/hpke/hpke.c +++ b/crypto/hpke/hpke.c @@ -12,6 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + #include #include @@ -26,7 +28,6 @@ #include #include "../internal.h" -#include "internal.h" // This file implements draft-irtf-cfrg-hpke-08. diff --git a/crypto/hpke/hpke_test.cc b/crypto/hpke/hpke_test.cc index a22e84403..1b4ccdd21 100644 --- a/crypto/hpke/hpke_test.cc +++ b/crypto/hpke/hpke_test.cc @@ -12,6 +12,8 @@ * OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN * CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. */ +#include + #include #include #include @@ -30,7 +32,6 @@ #include "../test/file_test.h" #include "../test/test_util.h" -#include "internal.h" namespace bssl { diff --git a/include/openssl/base.h b/include/openssl/base.h index 598f4ddcb..29087d08d 100644 --- a/include/openssl/base.h +++ b/include/openssl/base.h @@ -405,6 +405,11 @@ typedef struct evp_aead_st EVP_AEAD; typedef struct evp_cipher_ctx_st EVP_CIPHER_CTX; typedef struct evp_cipher_st EVP_CIPHER; typedef struct evp_encode_ctx_st EVP_ENCODE_CTX; +typedef struct evp_hpke_aead_st EVP_HPKE_AEAD; +typedef struct evp_hpke_ctx_st EVP_HPKE_CTX; +typedef struct evp_hpke_kdf_st EVP_HPKE_KDF; +typedef struct evp_hpke_kem_st EVP_HPKE_KEM; +typedef struct evp_hpke_key_st EVP_HPKE_KEY; typedef struct evp_pkey_asn1_method_st EVP_PKEY_ASN1_METHOD; typedef struct evp_pkey_ctx_st EVP_PKEY_CTX; typedef struct evp_pkey_method_st EVP_PKEY_METHOD; diff --git a/crypto/hpke/internal.h b/include/openssl/hpke.h similarity index 97% rename from crypto/hpke/internal.h rename to include/openssl/hpke.h index 6ce2a4fd5..358ca2306 100644 --- a/crypto/hpke/internal.h +++ b/include/openssl/hpke.h @@ -35,11 +35,9 @@ extern "C" { // Parameters. // -// An HPKE context is parameterized by KEM, KDF, and AEAD algorithms. - -typedef struct evp_hpke_kem_st EVP_HPKE_KEM; -typedef struct evp_hpke_kdf_st EVP_HPKE_KDF; -typedef struct evp_hpke_aead_st EVP_HPKE_AEAD; +// An HPKE context is parameterized by KEM, KDF, and AEAD algorithms, +// represented by |EVP_HPKE_KEM|, |EVP_HPKE_KDF|, and |EVP_HPKE_AEAD| types, +// respectively. // The following constants are KEM identifiers. #define EVP_HPKE_DHKEM_X25519_HKDF_SHA256 0x0020 @@ -81,8 +79,6 @@ OPENSSL_EXPORT uint16_t EVP_HPKE_AEAD_id(const EVP_HPKE_AEAD *aead); // An HPKE recipient maintains a long-term KEM key. This library represents keys // with the |EVP_HPKE_KEY| type. -typedef struct evp_hpke_key_st EVP_HPKE_KEY; - // EVP_HPKE_KEY_zero sets an uninitialized |EVP_HPKE_KEY| to the zero state. The // caller should then use |EVP_HPKE_KEY_init| to finish initializing |key|. // @@ -117,9 +113,8 @@ OPENSSL_EXPORT int EVP_HPKE_KEY_public_key(const EVP_HPKE_KEY *key, // Encryption contexts. - -// An |EVP_HPKE_CTX| is an HPKE encryption context. -typedef struct evp_hpke_ctx_st EVP_HPKE_CTX; +// +// An HPKE encryption context is represented by the |EVP_HPKE_CTX| type. // EVP_HPKE_CTX_zero sets an uninitialized |EVP_HPKE_CTX| to the zero state. The // caller should then use one of the |EVP_HPKE_CTX_setup_*| functions to finish diff --git a/ssl/encrypted_client_hello.cc b/ssl/encrypted_client_hello.cc index a0a88a35b..94179767f 100644 --- a/ssl/encrypted_client_hello.cc +++ b/ssl/encrypted_client_hello.cc @@ -20,9 +20,9 @@ #include #include #include +#include #include "internal.h" -#include "../crypto/hpke/internal.h" #if defined(OPENSSL_MSAN) diff --git a/ssl/handshake_server.cc b/ssl/handshake_server.cc index 10897e03d..02603a1cd 100644 --- a/ssl/handshake_server.cc +++ b/ssl/handshake_server.cc @@ -169,7 +169,6 @@ #include "internal.h" #include "../crypto/internal.h" -#include "../crypto/hpke/internal.h" BSSL_NAMESPACE_BEGIN diff --git a/ssl/internal.h b/ssl/internal.h index fde8f886d..7a960a17c 100644 --- a/ssl/internal.h +++ b/ssl/internal.h @@ -154,6 +154,7 @@ #include #include #include +#include #include #include #include @@ -162,7 +163,6 @@ #include "../crypto/err/internal.h" #include "../crypto/internal.h" -#include "../crypto/hpke/internal.h" #if defined(OPENSSL_WINDOWS) diff --git a/ssl/t1_lib.cc b/ssl/t1_lib.cc index 45495b68d..689d75b0b 100644 --- a/ssl/t1_lib.cc +++ b/ssl/t1_lib.cc @@ -124,11 +124,11 @@ #include #include #include +#include #include #include #include -#include "../crypto/hpke/internal.h" #include "../crypto/internal.h" #include "internal.h" diff --git a/ssl/tls13_server.cc b/ssl/tls13_server.cc index dc4e65dce..8a24d6fc7 100644 --- a/ssl/tls13_server.cc +++ b/ssl/tls13_server.cc @@ -23,12 +23,12 @@ #include #include #include +#include #include #include #include #include "../crypto/internal.h" -#include "../crypto/hpke/internal.h" #include "internal.h" diff --git a/util/doc.config b/util/doc.config index d96e0fad7..aacedea3d 100644 --- a/util/doc.config +++ b/util/doc.config @@ -48,7 +48,8 @@ "include/openssl/digest.h", "include/openssl/cipher.h", "include/openssl/aead.h", - "include/openssl/evp.h" + "include/openssl/evp.h", + "include/openssl/hpke.h" ] },{ "Name": "SSL implementation",