1 #ifndef QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_ 2 #define QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_ 3 4 #include <memory> 5 #include <string> 6 7 #include "absl/status/statusor.h" 8 #include "absl/strings/string_view.h" 9 #include "openssl/base.h" 10 #include "openssl/hpke.h" 11 #include "quiche/common/platform/api/quiche_export.h" 12 #include "quiche/common/quiche_random.h" 13 #include "quiche/oblivious_http/buffers/oblivious_http_request.h" 14 #include "quiche/oblivious_http/buffers/oblivious_http_response.h" 15 #include "quiche/oblivious_http/common/oblivious_http_header_key_config.h" 16 17 namespace quiche { 18 // 1. Handles server side decryption of the payload received in HTTP POST body 19 // from Relay. 20 // 2. Handles server side encryption of response (that's in the form of Binary 21 // HTTP) that will be sent back to Relay in HTTP POST body. 22 // 3. Handles BSSL initialization and HPKE context bookkeeping. 23 24 // This class is immutable (except moves) and thus trivially thread-safe, 25 // assuming the `QuicheRandom* quiche_random` passed in with `Create` is 26 // thread-safe. Note that default `QuicheRandom::GetInstance()` is thread-safe. 27 class QUICHE_EXPORT ObliviousHttpGateway { 28 public: 29 // @params: If callers would like to pass in their own `QuicheRandom` 30 // instance, they can make use of the param `quiche_random`. Otherwise, the 31 // default `QuicheRandom::GetInstance()` will be used. 32 static absl::StatusOr<ObliviousHttpGateway> Create( 33 absl::string_view hpke_private_key, 34 const ObliviousHttpHeaderKeyConfig& ohttp_key_config, 35 QuicheRandom* quiche_random = nullptr); 36 37 // only Movable (due to `UniquePtr server_hpke_key_`). 38 ObliviousHttpGateway(ObliviousHttpGateway&& other) = default; 39 ObliviousHttpGateway& operator=(ObliviousHttpGateway&& other) = default; 40 41 ~ObliviousHttpGateway() = default; 42 43 // After successful `Create`, callers will use the returned object to 44 // repeatedly call into this method in order to create Oblivious HTTP request 45 // with the initialized HPKE private key. Call sequence: Create -> 46 // DecryptObliviousHttpRequest -> CreateObliviousHttpResponse. 47 // Eg., 48 // auto ohttp_server_object = ObliviousHttpGateway::Create( <HPKE 49 // private key>, <OHTTP key configuration described in 50 // `oblivious_http_header_key_config.h`>); 51 // auto decrypted_request1 = 52 // ohttp_server_object.DecryptObliviousHttpRequest(<encrypted binary http 53 // 1>); 54 // auto decrypted_request2 = 55 // ohttp_server_object.DecryptObliviousHttpRequest(<encrypted binary http 56 // 2>); 57 absl::StatusOr<ObliviousHttpRequest> DecryptObliviousHttpRequest( 58 absl::string_view encrypted_data, 59 absl::string_view request_label = 60 ObliviousHttpHeaderKeyConfig::kOhttpRequestLabel) const; 61 62 // After `DecryptObliviousHttpRequest` operation, callers on server-side will 63 // extract `oblivious_http_request_context` from the returned object 64 // `ObliviousHttpRequest` and pass in to this method in order to handle the 65 // response flow back to the client. 66 absl::StatusOr<ObliviousHttpResponse> CreateObliviousHttpResponse( 67 std::string plaintext_data, 68 ObliviousHttpRequest::Context& oblivious_http_request_context, 69 absl::string_view response_label = 70 ObliviousHttpHeaderKeyConfig::kOhttpResponseLabel) const; 71 72 private: 73 explicit ObliviousHttpGateway( 74 bssl::UniquePtr<EVP_HPKE_KEY> recipient_key, 75 const ObliviousHttpHeaderKeyConfig& ohttp_key_config, 76 QuicheRandom* quiche_random); 77 bssl::UniquePtr<EVP_HPKE_KEY> server_hpke_key_; 78 // Holds server's keyID and HPKE related IDs that's published under HPKE 79 // public Key configuration. 80 // https://www.ietf.org/archive/id/draft-ietf-ohai-ohttp-03.html#name-key-configuration 81 ObliviousHttpHeaderKeyConfig ohttp_key_config_; 82 QuicheRandom* quiche_random_; 83 }; 84 85 } // namespace quiche 86 87 #endif // QUICHE_OBLIVIOUS_HTTP_OBLIVIOUS_HTTP_GATEWAY_H_ 88