Add hybrid groups to OpenSSLFactory gated behind FIZZ_HAVE_OQS macro

Summary:
Add hybrid groups in `HybridKeyExFactory` to OpenSSLFactory, behind a new FIZZ_HAVE_OQS macro.
`HybridKeyExFactory` will be removed later.

Reviewed By: mingtaoy

Differential Revision: D55656400

fbshipit-source-id: 78edb42d8c78d23d18840731a86d1af85d2764c8

fizz/protocol/OpenSSLFactory.cpp

@@ -8,6 +8,10 @@
 
 #include <fizz/protocol/CertUtils.h>
 #include <fizz/protocol/OpenSSLFactory.h>
+#if FIZZ_HAVE_OQS
+#include <fizz/crypto/exchange/HybridKeyExchange.h>
+#include <fizz/experimental/crypto/exchange/OQSKeyExchange.h>
+#endif
 
 namespace fizz {
 
@@ -24,6 +28,31 @@ std::unique_ptr<KeyExchange> OpenSSLFactory::makeKeyExchange(
       return std::make_unique<OpenSSLECKeyExchange<P521>>();
     case NamedGroup::x25519:
       return std::make_unique<X25519KeyExchange>();
+#if FIZZ_HAVE_OQS
+    case NamedGroup::x25519_kyber512:
+      return std::make_unique<HybridKeyExchange>(
+          std::make_unique<X25519KeyExchange>(),
+          OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512));
+    case NamedGroup::secp256r1_kyber512:
+      return std::make_unique<HybridKeyExchange>(
+          std::make_unique<OpenSSLECKeyExchange<P256>>(),
+          OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512));
+    case NamedGroup::kyber512:
+      return OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_512);
+    case NamedGroup::x25519_kyber768_draft00:
+    case NamedGroup::x25519_kyber768_experimental:
+      return std::make_unique<HybridKeyExchange>(
+          std::make_unique<X25519KeyExchange>(),
+          OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
+    case NamedGroup::secp256r1_kyber768_draft00:
+      return std::make_unique<HybridKeyExchange>(
+          std::make_unique<OpenSSLECKeyExchange<P256>>(),
+          OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
+    case NamedGroup::secp384r1_kyber768:
+      return std::make_unique<HybridKeyExchange>(
+          std::make_unique<OpenSSLECKeyExchange<P384>>(),
+          OQSKeyExchange::createOQSKeyExchange(mode, OQS_KEM_alg_kyber_768));
+#endif
     default:
       throw std::runtime_error("ke: not implemented");
   }

fizz/protocol/test/OpenSSLFactoryTest.cpp

@@ -0,0 +1,57 @@
+/*
+ *  Copyright (c) 2018-present, Facebook, Inc.
+ *  All rights reserved.
+ *
+ *  This source code is licensed under the BSD-style license found in the
+ *  LICENSE file in the root directory of this source tree.
+ */
+
+#include <fizz/protocol/OpenSSLFactory.h>
+#include <fizz/test/HandshakeTest.h>
+
+namespace fizz {
+namespace test {
+
+class OpenSSLFactoryHandshakeTest : public HandshakeTest,
+                                    public WithParamInterface<NamedGroup> {};
+
+TEST_P(OpenSSLFactoryHandshakeTest, openssl_factory_handshake_test) {
+  auto namedGroup = GetParam();
+  auto factory = std::make_shared<OpenSSLFactory>();
+  clientContext_->setFactory(factory);
+  serverContext_->setFactory(factory);
+  clientContext_->setSupportedGroups({namedGroup});
+  clientContext_->setDefaultShares({namedGroup});
+  serverContext_->setSupportedGroups({namedGroup});
+  expected_.group = namedGroup;
+
+  expectSuccess();
+  doHandshake();
+  verifyParameters();
+  sendAppData();
+}
+
+INSTANTIATE_TEST_SUITE_P(
+    OpenSSLFactoryHandshakeTests,
+    OpenSSLFactoryHandshakeTest,
+    Values(
+        NamedGroup::secp256r1,
+        NamedGroup::secp384r1,
+        NamedGroup::secp521r1,
+        NamedGroup::x25519
+#if FIZZ_HAVE_OQS
+        ,
+        NamedGroup::x25519_kyber512,
+        NamedGroup::secp256r1_kyber512,
+        NamedGroup::kyber512,
+        NamedGroup::x25519_kyber768_draft00,
+        NamedGroup::x25519_kyber768_experimental,
+        NamedGroup::secp256r1_kyber768_draft00,
+        NamedGroup::secp384r1_kyber768
+#endif
+        ),
+    [](const testing::TestParamInfo<OpenSSLFactoryHandshakeTest::ParamType>&
+           info) { return toString(info.param); });
+
+} // namespace test
+} // namespace fizz