1 #ifndef QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_CLIENT_H_ 2 #define QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_CLIENT_H_ 3 4 #include <string> 5 6 #include "absl/status/statusor.h" 7 #include "absl/strings/string_view.h" 8 #include "openssl/base.h" 9 #include "openssl/hpke.h" 10 #include "quiche/common/platform/api/quiche_export.h" 11 #include "quiche/oblivious_http/buffers/oblivious_http_request.h" 12 #include "quiche/oblivious_http/buffers/oblivious_http_response.h" 13 #include "quiche/oblivious_http/common/oblivious_http_header_key_config.h" 14 15 namespace quiche { 16 // 1. Facilitates client side to intiate OHttp request flow by initializing the 17 // HPKE public key obtained from server, and subsequently uses it to encrypt the 18 // Binary HTTP request payload. 19 // 2. After initializing this class with server's HPKE public key, users can 20 // call `CreateObliviousHttpRequest` which constructs OHTTP request of the input 21 // payload(Binary HTTP request). 22 // 3. Handles decryption of response (that's in the form of encrypted Binary 23 // HTTP response) that will be sent back from Server-to-Relay and 24 // Relay-to-client in HTTP POST body. 25 // 4. Handles BoringSSL HPKE context setup and bookkeeping. 26 27 // This class is immutable (except moves) and thus trivially thread-safe. 28 class QUICHE_EXPORT ObliviousHttpClient { 29 public: 30 static absl::StatusOr<ObliviousHttpClient> Create( 31 absl::string_view hpke_public_key, 32 const ObliviousHttpHeaderKeyConfig& ohttp_key_config); 33 34 // Copyable. 35 ObliviousHttpClient(const ObliviousHttpClient& other) = default; 36 ObliviousHttpClient& operator=(const ObliviousHttpClient& other) = default; 37 38 // Movable. 39 ObliviousHttpClient(ObliviousHttpClient&& other) = default; 40 ObliviousHttpClient& operator=(ObliviousHttpClient&& other) = default; 41 42 ~ObliviousHttpClient() = default; 43 44 // After successful `Create`, callers will use the returned object to 45 // repeatedly call into this method in order to create Oblivious HTTP request 46 // with the initialized HPKE public key. Call sequence: Create -> 47 // CreateObliviousHttpRequest -> DecryptObliviousHttpResponse. 48 // Eg., 49 // auto ohttp_client_object = ObliviousHttpClient::Create( <HPKE 50 // public key>, <OHTTP key configuration described in 51 // `oblivious_http_header_key_config.h`>); 52 // auto encrypted_request1 = 53 // ohttp_client_object.CreateObliviousHttpRequest("binary http string 1"); 54 // auto encrypted_request2 = 55 // ohttp_client_object.CreateObliviousHttpRequest("binary http string 2"); 56 absl::StatusOr<ObliviousHttpRequest> CreateObliviousHttpRequest( 57 std::string plaintext_data) const; 58 59 // After `CreateObliviousHttpRequest` operation, callers on client-side will 60 // extract `oblivious_http_request_context` from the returned object 61 // `ObliviousHttpRequest` and pass in to this method in order to decrypt the 62 // response that's received from Gateway for the given request at hand. 63 absl::StatusOr<ObliviousHttpResponse> DecryptObliviousHttpResponse( 64 std::string encrypted_data, 65 ObliviousHttpRequest::Context& oblivious_http_request_context) const; 66 67 private: 68 explicit ObliviousHttpClient( 69 std::string client_public_key, 70 const ObliviousHttpHeaderKeyConfig& ohttp_key_config); 71 std::string hpke_public_key_; 72 // Holds server's keyID and HPKE related IDs that's published under HPKE 73 // public Key configuration. 74 // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#name-key-configuration 75 ObliviousHttpHeaderKeyConfig ohttp_key_config_; 76 }; 77 78 } // namespace quiche 79 80 #endif // QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_CLIENT_H_ 81