Add flag for b64 encoded ECH Config List in fizz client command tool

Summary: Adds flag to accept base64 ECHConfigList in fizz client tool. Flag accepts a base64 encoded string. For example, `buck run //fizz/tool:fizz -- client -echbase64 AEj+DQBEAQAgACAX5SnnUbopIr5I/MqIqLWuSAZckHI2sR+aIr0slN2uGAAEAAEAAWQVZWNoLXB1YmxpYy5hdG1ldGEuY29tAAA=` Reviewed By: mingtaoy Differential Revision: D47404107 fbshipit-source-id: 76ef04a794801569939b7e9792e795aef68ea9bc
facebookincubator · Jul 18, 2023 · 235358c · 235358c
1 parent 6efc106
commit 235358c
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 11 deletions.
diff --git a/fizz/tool/FizzClientCommand.cpp b/fizz/tool/FizzClientCommand.cpp
@@ -83,6 +83,8 @@ void printUsage() {
     << "                          (JSON format: {echconfigs: [${your ECH config here with all the fields..}]})\n"
     << "                          (See FizzCommandCommonTest for an example.)\n"
     << "                          (Note: Setting ech configs implicitly enables ECH.)\n"
+    << " -echbase64 echConfigList (base64 encoded string of echconfigs.)"
+    << "                          (The echconfigs file argument must match the ECH Config List format specified in the ECH RFC.)\n"
 #ifdef FIZZ_TOOL_ENABLE_OQS
     << " -hybridkex               (Use experimental hybrid key exchange. Currently the only supported named groups under\n"
     << "                          this mode are secp384r1_bikel3 and secp521r1_x25519)\n"
@@ -540,6 +542,7 @@ int fizzClientCommand(const std::vector<std::string>& args) {
   bool delegatedCredentials = false;
   bool ech = false;
   std::string echConfigsFile;
+  std::string echConfigsBase64;
   bool uring = false;
   bool uringAsync = false;
   bool uringRegisterFds = false;
@@ -613,6 +616,9 @@ int fizzClientCommand(const std::vector<std::string>& args) {
     }}},
     {"-echconfigs", {true, [&echConfigsFile](const std::string& arg) {
         echConfigsFile = arg;
+    }}},
+    {"-echbase64", {true, [&echConfigsBase64](const std::string& arg) {
+        echConfigsBase64 = arg;
     }}}
 #ifdef FIZZ_TOOL_ENABLE_OQS
     ,{"-hybridkex", {false, [&useHybridKexFactory](const std::string&) {
@@ -788,30 +794,38 @@ int fizzClientCommand(const std::vector<std::string>& args) {
             clientContext->getSupportedSigSchemes());
   }
 
-  folly::Optional<std::vector<ech::ECHConfig>> echConfigs = folly::none;
+  folly::Optional<ech::ECHConfigList> echConfigList = folly::none;
 
   if (ech) {
     // Use default ECH config values.
-    echConfigs = getDefaultECHConfigs();
-  }
-
-  if (!echConfigsFile.empty()) {
-    // Parse user set ECH configs.
+    auto echConfigContents = getDefaultECHConfigs();
+    echConfigList->configs = std::move(echConfigContents);
+  } else if (!echConfigsBase64.empty()) {
+    echConfigList = parseECHConfigsBase64(echConfigsBase64);
+    if (!echConfigList.has_value()) {
+      LOG(ERROR) << "Unable to parse ECHConfigList base64.";
+      return 1;
+    }
+  } else if (!echConfigsFile.empty()) {
     auto echConfigsJson = readECHConfigsJson(echConfigsFile);
     if (!echConfigsJson.has_value()) {
       LOG(ERROR) << "Unable to load ECH configs from json file";
       return 1;
     }
-    auto gotECHConfigs = parseECHConfigs(echConfigsJson.value());
-    if (!gotECHConfigs.has_value()) {
+    echConfigList = parseECHConfigs(echConfigsJson.value());
+    if (!echConfigList.has_value()) {
       LOG(ERROR)
           << "Unable to parse JSON file and make ECH config."
           << "Ensure the format matches what is expected."
           << "Rough example of format: {echconfigs: [${your ECH config here with all the fields..}]}"
           << "See FizzCommandCommonTest for a more concrete example.";
       return 1;
     }
-    echConfigs = std::move(gotECHConfigs.value().configs);
+  }
+
+  std::vector<ech::ECHConfig> echConfigs;
+  if (echConfigList.has_value()) {
+    echConfigs = std::move(echConfigList->configs);
   }
 
   try {

diff --git a/fizz/tool/FizzServerCommand.cpp b/fizz/tool/FizzServerCommand.cpp
@@ -596,8 +596,8 @@ std::shared_ptr<ech::Decrypter> setupDecrypterFromInputs(
 
   std::string privKeyStrHex;
   folly::readFile(echPrivateKeyFile.c_str(), privKeyStrHex);
-  auto privKeyStr = folly::unhexlify(privKeyStrHex);
-  folly::ByteRange privKeyBuf((folly::StringPiece(privKeyStr)));
+
+  folly::ByteRange privKeyBuf(folly::trimWhitespace(privKeyStrHex));
 
   // Create a key exchange and set the private key
   auto kexWithPrivateKey =