blob: cd028415a12bf5f9a340740ccfec16d5fef1eeb7 [file] [log] [blame] [edit]
#ifndef QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_
#define QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_
#include <memory>
#include <string>
#include "absl/status/statusor.h"
#include "absl/strings/string_view.h"
#include "openssl/base.h"
#include "openssl/hpke.h"
#include "quiche/common/platform/api/quiche_export.h"
#include "quiche/common/quiche_random.h"
#include "quiche/oblivious_http/buffers/oblivious_http_request.h"
#include "quiche/oblivious_http/buffers/oblivious_http_response.h"
#include "quiche/oblivious_http/common/oblivious_http_header_key_config.h"
namespace quiche {
// 1. Handles server side decryption of the payload received in HTTP POST body
// from Relay.
// 2. Handles server side encryption of response (that's in the form of Binary
// HTTP) that will be sent back to Relay in HTTP POST body.
// 3. Handles BSSL initialization and HPKE context bookkeeping.
// This class is immutable (except moves) and thus trivially thread-safe,
// assuming the `QuicheRandom* quiche_random` passed in with `Create` is
// thread-safe. Note that default `QuicheRandom::GetInstance()` is thread-safe.
class QUICHE_EXPORT ObliviousHttpGateway {
public:
// @params: If callers would like to pass in their own `QuicheRandom`
// instance, they can make use of the param `quiche_random`. Otherwise, the
// default `QuicheRandom::GetInstance()` will be used.
static absl::StatusOr<ObliviousHttpGateway> Create(
absl::string_view hpke_private_key,
const ObliviousHttpHeaderKeyConfig& ohttp_key_config,
QuicheRandom* quiche_random = nullptr);
// only Movable (due to `UniquePtr server_hpke_key_`).
ObliviousHttpGateway(ObliviousHttpGateway&& other) = default;
ObliviousHttpGateway& operator=(ObliviousHttpGateway&& other) = default;
~ObliviousHttpGateway() = default;
// After successful `Create`, callers will use the returned object to
// repeatedly call into this method in order to create Oblivious HTTP request
// with the initialized HPKE private key. Call sequence: Create ->
// DecryptObliviousHttpRequest -> CreateObliviousHttpResponse.
// Eg.,
// auto ohttp_server_object = ObliviousHttpGateway::Create( <HPKE
// private key>, <OHTTP key configuration described in
// `oblivious_http_header_key_config.h`>);
// auto decrypted_request1 =
// ohttp_server_object.DecryptObliviousHttpRequest(<encrypted binary http
// 1>);
// auto decrypted_request2 =
// ohttp_server_object.DecryptObliviousHttpRequest(<encrypted binary http
// 2>);
absl::StatusOr<ObliviousHttpRequest> DecryptObliviousHttpRequest(
absl::string_view encrypted_data,
absl::string_view request_label =
ObliviousHttpHeaderKeyConfig::kOhttpRequestLabel) const;
// After `DecryptObliviousHttpRequest` operation, callers on server-side will
// extract `oblivious_http_request_context` from the returned object
// `ObliviousHttpRequest` and pass in to this method in order to handle the
// response flow back to the client.
absl::StatusOr<ObliviousHttpResponse> CreateObliviousHttpResponse(
std::string plaintext_data,
ObliviousHttpRequest::Context& oblivious_http_request_context,
absl::string_view response_label =
ObliviousHttpHeaderKeyConfig::kOhttpResponseLabel) const;
private:
explicit ObliviousHttpGateway(
bssl::UniquePtr<EVP_HPKE_KEY> recipient_key,
const ObliviousHttpHeaderKeyConfig& ohttp_key_config,
QuicheRandom* quiche_random);
bssl::UniquePtr<EVP_HPKE_KEY> server_hpke_key_;
// Holds server's keyID and HPKE related IDs that's published under HPKE
// public Key configuration.
// https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#name-key-configuration
ObliviousHttpHeaderKeyConfig ohttp_key_config_;
QuicheRandom* quiche_random_;
};
} // namespace quiche
#endif // QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_