Bug 1631890 - Add support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05). r=mt

This patch adds support for Hybrid Public Key Encryption (draft-irtf-cfrg-hpke-05).

Because the draft number (and the eventual RFC number) is an input to the key schedule, future updates will *not* be backwards compatible in terms of key material or encryption/decryption. For this reason, a default compilation will produce stubs that simply return an "Invalid Algorithm" error. To opt into using the HPKE functionality , compile with `NSS_ENABLE_DRAFT_HPKE` defined. Once finalized, this flag will not be required to access the functions.

Lastly, the `DeriveKeyPair` API is not implemented as it adds complextiy around PKCS #11 and is unnecessary for ECH.

Differential Revision: https://phabricator.services.mozilla.com/D73947

1 files changed, 12 insertions, 1 deletions

diff --git a/lib/nss/nss.def b/lib/nss/nss.def
index 06c0d8d42..3e888f0a0 100644
--- a/lib/nss/nss.def
+++ b/lib/nss/nss.def
@@ -522,7 +522,7 @@ VFY_EndWithSignature;
 ;+NSS_3.3.1 { 	# NSS 3.3.1 release
 ;+    global:
 ;+#
-;+# The following symbols are exported only to make libsmime3.so work. 
+;+# The following symbols are exported only to make libsmime3.so work.
 ;+# These are still private!!!
 ;+#
 PK11_CreatePBEParams;
@@ -1189,6 +1189,17 @@ PK11_FindEncodedCertInSlot;
 ;+};
 ;+NSS_3.58 { 	# NSS 3.58 release
 ;+    global:
+PK11_HPKE_DestroyContext;
+PK11_HPKE_Deserialize;
+PK11_HPKE_ExportSecret;
+PK11_HPKE_GetEncapPubKey;
+PK11_HPKE_NewContext;
+PK11_HPKE_Open;
+PK11_HPKE_Seal;
+PK11_HPKE_Serialize;
+PK11_HPKE_SetupS;
+PK11_HPKE_SetupR;
+PK11_HPKE_ValidateParameters;
 PK11_ImportDataKey;
 ;+    local:
 ;+       *;