From 53861aa080279334f4f30ef149622a06917466de Mon Sep 17 00:00:00 2001
From: Martin Thomson <mt@lowentropy.net>
Date: Wed, 17 Mar 2021 15:03:04 +1100
Subject: Bug 1698419 - ECH -10 updates, r=bbeurdouche

The main changes here are:

* an update to HPKE -08
* a move to the single-byte configuration ID
* reordering of ECHConfig

The addition of the explicit configuration ID means that the API for
constructing ECHConfig(List) needs to change.  That means a name change,
unfortunately.  I took the opportunity to make further changes to the arguments.

Differential Revision: https://phabricator.services.mozilla.com/D108392
---
 cmd/selfserv/selfserv.c | 22 +++++++++++++++-------
 1 file changed, 15 insertions(+), 7 deletions(-)

(limited to 'cmd')

diff --git a/cmd/selfserv/selfserv.c b/cmd/selfserv/selfserv.c
index 6b6f53a35..00de3a6b7 100644
--- a/cmd/selfserv/selfserv.c
+++ b/cmd/selfserv/selfserv.c
@@ -1894,16 +1894,23 @@ configureEchWithPublicName(PRFileDesc *model_sock, const char *public_name)
     SECKEYPrivateKey *privKey = NULL;
     SECOidData *oidData;
     char *echConfigBase64 = NULL;
+    PRUint8 configId = 0;
     PRUint8 configBuf[1000];
     unsigned int len = 0;
-    unsigned int echCipherSuite = ((unsigned int)HpkeKdfHkdfSha256 << 16) |
-                                  HpkeAeadChaCha20Poly1305;
+    HpkeSymmetricSuite echCipherSuite = { HpkeKdfHkdfSha256,
+                                          HpkeAeadChaCha20Poly1305 };
+
     PK11SlotInfo *slot = PK11_GetInternalKeySlot();
     if (!slot) {
         errWarn("PK11_GetInternalKeySlot failed");
         return SECFailure;
     }
 
+    if (PK11_GenerateRandom(&configId, sizeof(configId)) != SECSuccess) {
+        errWarn("Failed to generate random configId");
+        goto loser;
+    }
+
     oidData = SECOID_FindOIDByTag(SEC_OID_CURVE25519);
     if (oidData && (2 + oidData->oid.len) < sizeof(paramBuf)) {
         ecParams.data[0] = SEC_ASN1_OBJECT_ID;
@@ -1916,16 +1923,17 @@ configureEchWithPublicName(PRFileDesc *model_sock, const char *public_name)
     }
     privKey = PK11_GenerateKeyPair(slot, CKM_EC_KEY_PAIR_GEN, &ecParams,
                                    &pubKey, PR_FALSE, PR_FALSE, NULL);
-
     if (!privKey || !pubKey) {
         errWarn("Failed to generate ECH keypair");
         goto loser;
     }
-    rv = SSL_EncodeEchConfig(echParamsStr, &echCipherSuite, 1,
-                             HpkeDhKemX25519Sha256, pubKey, 50,
-                             configBuf, &len, sizeof(configBuf));
+
+    rv = SSL_EncodeEchConfigId(configId, echParamsStr, 100,
+                               HpkeDhKemX25519Sha256, pubKey,
+                               &echCipherSuite, 1,
+                               configBuf, &len, sizeof(configBuf));
     if (rv != SECSuccess) {
-        errWarn("SSL_EncodeEchConfig failed");
+        errWarn("SSL_EncodeEchConfigId failed");
         goto loser;
     }
 
-- 
cgit v1.2.1