├── .buckconfig ├── .buckconfig.d ├── common.buckconfig └── external_cells │ └── facebook │ ├── buck2-shims-meta │ └── external_cell.buckconfig │ └── folly │ └── external_cell.buckconfig ├── .buckroot ├── .github ├── libaegis.pc └── workflows │ ├── TagIt.yml │ ├── getdeps_linux.yml │ ├── getdeps_mac.yml │ ├── getdeps_windows.yml │ └── oss-build-and-test.yml ├── .gitignore ├── .gitmodules ├── BUCK ├── CODE_OF_CONDUCT.md ├── CONTRIBUTING.md ├── LICENSE ├── PACKAGE ├── README.md ├── bad_targets ├── buck2 ├── build ├── buck2 │ ├── README.md │ └── install_deps │ │ ├── BUCK │ │ ├── install_deps.sh │ │ └── repos │ │ ├── fedora │ │ ├── homebrew │ │ └── ubuntu ├── deps │ └── github_hashes │ │ └── facebook │ │ └── folly-rev.txt └── fbcode_builder │ ├── .gitignore │ ├── CMake │ ├── FBBuildOptions.cmake │ ├── FBCMakeParseArgs.cmake │ ├── FBCompilerSettings.cmake │ ├── FBCompilerSettingsMSVC.cmake │ ├── FBCompilerSettingsUnix.cmake │ ├── FBPythonBinary.cmake │ ├── FBPythonTestAddTests.cmake │ ├── FBThriftCppLibrary.cmake │ ├── FBThriftLibrary.cmake │ ├── FBThriftPyLibrary.cmake │ ├── FindDoubleConversion.cmake │ ├── FindGMock.cmake │ ├── FindGflags.cmake │ ├── FindGlog.cmake │ ├── FindLMDB.cmake │ ├── FindLibEvent.cmake │ ├── FindLibUnwind.cmake │ ├── FindPCRE.cmake │ ├── FindPCRE2.cmake │ ├── FindRe2.cmake │ ├── FindSodium.cmake │ ├── FindXxhash.cmake │ ├── FindZstd.cmake │ ├── RustStaticLibrary.cmake │ ├── fb_py_test_main.py │ ├── fb_py_win_main.c │ └── make_fbpy_archive.py │ ├── LICENSE │ ├── README.md │ ├── getdeps.py │ ├── getdeps │ ├── __init__.py │ ├── builder.py │ ├── buildopts.py │ ├── cache.py │ ├── cargo.py │ ├── copytree.py │ ├── dyndeps.py │ ├── envfuncs.py │ ├── errors.py │ ├── expr.py │ ├── fetcher.py │ ├── load.py │ ├── manifest.py │ ├── platform.py │ ├── py_wheel_builder.py │ ├── runcmd.py │ ├── subcmd.py │ └── test │ │ ├── expr_test.py │ │ ├── fixtures │ │ └── duplicate │ │ │ ├── foo │ │ │ └── subdir │ │ │ └── foo │ │ ├── manifest_test.py │ │ ├── platform_test.py │ │ ├── retry_test.py │ │ └── scratch_test.py │ ├── manifests │ ├── CLI11 │ ├── autoconf │ ├── automake │ ├── benchmark │ ├── blake3 │ ├── boost │ ├── bz2 │ ├── cabal │ ├── cachelib │ ├── clang │ ├── cmake │ ├── cpptoml │ ├── double-conversion │ ├── eden │ ├── edencommon │ ├── exprtk │ ├── fast_float │ ├── fatal │ ├── fb303 │ ├── fboss │ ├── fbthrift │ ├── fizz │ ├── fmt │ ├── folly │ ├── gflags │ ├── ghc │ ├── git-lfs │ ├── glean │ ├── glog │ ├── googletest │ ├── gperf │ ├── hexdump │ ├── hsthrift │ ├── iproute2 │ ├── jom │ ├── jq │ ├── katran │ ├── libaio │ ├── libbpf │ ├── libcurl │ ├── libdwarf │ ├── libelf │ ├── libevent │ ├── libffi │ ├── libgit2 │ ├── libgpiod │ ├── libiberty │ ├── libmnl │ ├── libnl │ ├── liboqs │ ├── libsai │ ├── libsodium │ ├── libtool │ ├── libunwind │ ├── libusb │ ├── libyaml │ ├── llvm │ ├── lmdb │ ├── lz4 │ ├── mcrouter │ ├── mononoke │ ├── mononoke_integration │ ├── mvfst │ ├── ncurses │ ├── nghttp2 │ ├── ninja │ ├── nlohmann-json │ ├── nmap │ ├── numa │ ├── openr │ ├── openssl │ ├── osxfuse │ ├── patchelf │ ├── pcre2 │ ├── perl │ ├── pexpect │ ├── proxygen │ ├── python │ ├── python-click │ ├── python-filelock │ ├── python-ptyprocess │ ├── python-setuptools │ ├── python-six │ ├── python-toml │ ├── ragel │ ├── range-v3 │ ├── re2 │ ├── ripgrep │ ├── rocksdb │ ├── rust-shed │ ├── sapling │ ├── snappy │ ├── sparsemap │ ├── sqlite3 │ ├── systemd │ ├── tree │ ├── wangle │ ├── watchman │ ├── xxhash │ ├── xz │ ├── yaml-cpp │ ├── zlib │ └── zstd │ └── patches │ ├── boost_comparator_operator_fix.patch │ ├── iproute2_oss.patch │ ├── libiberty_install_pic_lib.patch │ └── zlib_dont_build_more_than_needed.patch ├── fizz ├── BUCK ├── BUILD_MODE.bzl ├── CMakeLists.txt ├── CMakeListsForBuck2.txt ├── backend │ ├── BUCK │ ├── libaegis │ │ ├── AEGISCipher.cpp │ │ └── LibAEGIS.h │ ├── liboqs │ │ ├── LibOQS.h │ │ ├── OQSKeyExchange.cpp │ │ ├── OQSKeyExchange.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── OQSKeyExchangeTest.cpp │ ├── libsodium │ │ ├── LibSodium.h │ │ └── crypto │ │ │ └── exchange │ │ │ ├── X25519.cpp │ │ │ └── X25519.h │ └── openssl │ │ ├── Hasher.h │ │ ├── OpenSSL.h │ │ ├── Properties.h │ │ ├── certificate │ │ ├── CertUtils-inl.h │ │ ├── CertUtils.cpp │ │ ├── CertUtils.h │ │ ├── OpenSSLPeerCertImpl-inl.h │ │ ├── OpenSSLPeerCertImpl.h │ │ ├── OpenSSLSelfCertImpl-inl.h │ │ ├── OpenSSLSelfCertImpl.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── CertUtilsTest.cpp │ │ └── crypto │ │ ├── ECCurve.h │ │ ├── OpenSSL.h │ │ ├── OpenSSLKeyUtils.cpp │ │ ├── OpenSSLKeyUtils.h │ │ ├── Sha.cpp │ │ ├── Sha.h │ │ ├── aead │ │ ├── OpenSSLEVPCipher-inl.h │ │ ├── OpenSSLEVPCipher.cpp │ │ ├── OpenSSLEVPCipher.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── EVPCipherTest.cpp │ │ ├── exchange │ │ ├── OpenSSLKeyExchange.cpp │ │ ├── OpenSSLKeyExchange.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── ECKeyExchangeTest.cpp │ │ ├── signature │ │ ├── Signature-inl.h │ │ ├── Signature.cpp │ │ ├── Signature.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── ECSignatureTest.cpp │ │ │ ├── EdSignatureTest.cpp │ │ │ ├── EdSignatureTest.h │ │ │ ├── PeerCertVerify.cpp │ │ │ └── RSAPSSSignatureTest.cpp │ │ └── test │ │ ├── BUCK │ │ ├── Hmac.cpp │ │ └── OpenSSLKeyUtilsTest.cpp ├── client │ ├── Actions.h │ ├── AsyncFizzClient-inl.h │ ├── AsyncFizzClient.h │ ├── BUCK │ ├── CertManager.cpp │ ├── CertManager.h │ ├── ClientExtensions.h │ ├── ClientProtocol.cpp │ ├── ClientProtocol.h │ ├── ECHPolicy.h │ ├── EarlyDataRejectionPolicy.cpp │ ├── EarlyDataRejectionPolicy.h │ ├── FizzClient-inl.h │ ├── FizzClient.h │ ├── FizzClientContext.cpp │ ├── FizzClientContext.h │ ├── MultiClientExtensions.cpp │ ├── MultiClientExtensions.h │ ├── PskCache.h │ ├── PskSerializationUtils.cpp │ ├── PskSerializationUtils.h │ ├── State.cpp │ ├── State.h │ ├── SynchronizedLruPskCache.cpp │ ├── SynchronizedLruPskCache.h │ └── test │ │ ├── AsyncFizzClientTest.cpp │ │ ├── BUCK │ │ ├── CertManagerTest.cpp │ │ ├── ClientProtocolTest.cpp │ │ ├── FizzClientContextTest.cpp │ │ ├── FizzClientTest.cpp │ │ ├── Mocks.h │ │ ├── MultiClientExtensionsTest.cpp │ │ ├── PskSerializationTest.cpp │ │ ├── SynchronizedLruPskCacheTest.cpp │ │ └── Utilities.h ├── cmake │ ├── CheckAtomic.cmake │ ├── FindGMock.cmake │ ├── FindLibevent.cmake │ ├── FindLibrt.cmake │ ├── FizzOptions.cmake │ ├── FizzSources.cmake │ └── fizz-config.cmake.in ├── compression │ ├── BUCK │ ├── BrotliCertificateCompressor.cpp │ ├── BrotliCertificateCompressor.h │ ├── BrotliCertificateDecompressor.cpp │ ├── BrotliCertificateDecompressor.h │ ├── CertDecompressionManager.cpp │ ├── CertDecompressionManager.h │ ├── CertificateCompressor.h │ ├── ZlibCertificateCompressor.cpp │ ├── ZlibCertificateCompressor.h │ ├── ZlibCertificateDecompressor.cpp │ ├── ZlibCertificateDecompressor.h │ ├── ZstdCertificateCompressor.cpp │ ├── ZstdCertificateCompressor.h │ ├── ZstdCertificateDecompressor.cpp │ ├── ZstdCertificateDecompressor.h │ └── test │ │ ├── BUCK │ │ ├── BrotliCertificateCompressorTest.cpp │ │ ├── CertDecompressionManagerTest.cpp │ │ ├── Mocks.h │ │ ├── ZlibCertificateCompressorTest.cpp │ │ └── ZstdCertificateCompressorTest.cpp ├── config │ └── BUCK ├── constraints │ └── BUCK ├── contrib │ └── hpke-test-vector-parser.js ├── crypto │ ├── BUCK │ ├── Crypto.cpp │ ├── Crypto.h │ ├── Hasher.cpp │ ├── Hasher.h │ ├── Hkdf.cpp │ ├── Hkdf.h │ ├── Hmac.cpp │ ├── Hmac.h │ ├── KeyDerivation.cpp │ ├── KeyDerivation.h │ ├── RandomGenerator.h │ ├── Utils.cpp │ ├── Utils.h │ ├── aead │ │ ├── Aead.h │ │ ├── BUCK │ │ ├── CryptoUtil.h │ │ ├── IOBufUtil.cpp │ │ ├── IOBufUtil.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── Data.h │ │ │ ├── IOBufUtilTest.cpp │ │ │ ├── Mocks.h │ │ │ ├── TestUtil.cpp │ │ │ └── TestUtil.h │ ├── exchange │ │ ├── AsyncKeyExchange.h │ │ ├── BUCK │ │ ├── HybridKeyExchange.cpp │ │ ├── HybridKeyExchange.h │ │ ├── KeyExchange.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── HybridKeyExchangeTest.cpp │ │ │ ├── Mocks.h │ │ │ └── X25519KeyExchangeTest.cpp │ ├── hpke │ │ ├── BUCK │ │ ├── Context.cpp │ │ ├── Context.h │ │ ├── DHKEM.cpp │ │ ├── DHKEM.h │ │ ├── Hkdf.cpp │ │ ├── Hkdf.h │ │ ├── Hpke.cpp │ │ ├── Hpke.h │ │ ├── Types.h │ │ ├── Utils.cpp │ │ ├── Utils.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── ContextTest.cpp │ │ │ ├── DHKEMTest.cpp │ │ │ ├── HpkeTest.cpp │ │ │ └── Mocks.h │ └── test │ │ ├── BUCK │ │ ├── HashTest.cpp │ │ ├── HashTest.h │ │ ├── HkdfTest.cpp │ │ ├── HmacTest.cpp │ │ ├── HmacTest.h │ │ ├── KeyDerivationTest.cpp │ │ ├── Mocks.h │ │ ├── RandomGeneratorTest.cpp │ │ ├── Signature.cpp │ │ ├── Signature.h │ │ ├── SignatureTestData.cpp │ │ ├── SignatureTestData.h │ │ ├── TestKeys.cpp │ │ ├── TestKeys.h │ │ ├── TestUtil.cpp │ │ ├── TestUtil.h │ │ └── UtilsTest.cpp ├── defs.bzl ├── experimental │ ├── batcher │ │ ├── BUCK │ │ ├── Batcher.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── BatcherTest.cpp │ ├── client │ │ ├── BUCK │ │ ├── BatchSignaturePeerCert.cpp │ │ ├── BatchSignaturePeerCert.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── BatchSignaturePeerCertTest.cpp │ ├── crypto │ │ ├── BUCK │ │ ├── BatchSignature.h │ │ ├── MerkleTree.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── BatchSignatureTest.cpp │ │ │ └── MerkleTreeTest.cpp │ ├── ktls │ │ ├── AsyncFizzBaseKTLS.cpp │ │ ├── AsyncFizzBaseKTLS.h │ │ ├── AsyncKTLSSocket.cpp │ │ ├── AsyncKTLSSocket.h │ │ ├── BUCK │ │ ├── FizzKTLSCallback.cpp │ │ ├── FizzKTLSCallback.h │ │ ├── KTLS.cpp │ │ ├── KTLS.h │ │ ├── LinuxKTLS.h │ │ └── test │ │ │ ├── AsyncFizzBaseKTLSTest.cpp │ │ │ ├── AsyncKTLSRxSocketTest.cpp │ │ │ ├── AsyncKTLSSocketTest.cpp │ │ │ ├── BUCK │ │ │ └── KTLSTest.cpp │ ├── protocol │ │ ├── BUCK │ │ ├── BatchSignatureFactory.h │ │ ├── BatchSignatureTypes.cpp │ │ ├── BatchSignatureTypes.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── BatchSignatureTypesTest.cpp │ ├── server │ │ ├── BUCK │ │ ├── BatchSignatureAsyncSelfCert.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── BatchSignatureAsyncSelfCertTest.cpp │ └── util │ │ ├── BUCK │ │ └── CertExtraction.h ├── extensions │ ├── clientpadding │ │ ├── BUCK │ │ ├── PaddingClientExtension.cpp │ │ ├── PaddingClientExtension.h │ │ ├── Types.cpp │ │ ├── Types.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── PaddingClientExtensionTest.cpp │ ├── delegatedcred │ │ ├── BUCK │ │ ├── DelegatedCredentialCertManager.cpp │ │ ├── DelegatedCredentialCertManager.h │ │ ├── DelegatedCredentialClientCertManager.cpp │ │ ├── DelegatedCredentialClientCertManager.h │ │ ├── DelegatedCredentialClientExtension.cpp │ │ ├── DelegatedCredentialClientExtension.h │ │ ├── DelegatedCredentialFactory.cpp │ │ ├── DelegatedCredentialFactory.h │ │ ├── DelegatedCredentialUtils.cpp │ │ ├── DelegatedCredentialUtils.h │ │ ├── PeerDelegatedCredential-inl.h │ │ ├── PeerDelegatedCredential.h │ │ ├── SelfDelegatedCredential-inl.h │ │ ├── SelfDelegatedCredential.h │ │ ├── Serialization.cpp │ │ ├── Serialization.h │ │ ├── Types.cpp │ │ ├── Types.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── DelegatedCredTypesTest.cpp │ │ │ ├── DelegatedCredentialCertManagerTest.cpp │ │ │ ├── DelegatedCredentialClientCertManagerTest.cpp │ │ │ ├── DelegatedCredentialFactoryTest.cpp │ │ │ ├── DelegatedCredentialUtilsTest.cpp │ │ │ ├── Mocks.h │ │ │ ├── PeerDelegatedCredentialTest.cpp │ │ │ ├── SelfDelegatedCredentialTest.cpp │ │ │ └── SerializationTest.cpp │ ├── exportedauth │ │ ├── BUCK │ │ ├── ExportedAuthenticator.cpp │ │ ├── ExportedAuthenticator.h │ │ ├── Util.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── ExportedAuthenticatorTest.cpp │ ├── javacrypto │ │ ├── BUCK │ │ ├── JavaCryptoCertificateVerifier.cpp │ │ ├── JavaCryptoCertificateVerifier.h │ │ ├── JavaCryptoFactory.h │ │ ├── JavaCryptoPeerCert.cpp │ │ ├── JavaCryptoPeerCert.h │ │ ├── JniUtils.cpp │ │ ├── JniUtils.h │ │ └── OnLoad.cpp │ └── tokenbinding │ │ ├── BUCK │ │ ├── TokenBindingClientExtension.cpp │ │ ├── TokenBindingClientExtension.h │ │ ├── TokenBindingConstructor.cpp │ │ ├── TokenBindingConstructor.h │ │ ├── TokenBindingContext.h │ │ ├── TokenBindingServerExtension.h │ │ ├── Types.cpp │ │ ├── Types.h │ │ ├── Utils.h │ │ ├── Validator.cpp │ │ ├── Validator.h │ │ └── test │ │ ├── BUCK │ │ ├── TokenBindingClientExtensionTest.cpp │ │ ├── TokenBindingConstructorTest.cpp │ │ ├── TokenBindingServerExtensionTest.cpp │ │ ├── TokenBindingTest.cpp │ │ └── ValidatorTest.cpp ├── fizz-config.h.in ├── fizzy_defs.bzl ├── platform │ └── BUCK ├── protocol │ ├── Actions.h │ ├── AsyncFizzBase.cpp │ ├── AsyncFizzBase.h │ ├── BUCK │ ├── CertManagerBase.h │ ├── Certificate.cpp │ ├── Certificate.h │ ├── CertificateVerifier.h │ ├── DefaultCertificateVerifier.cpp │ ├── DefaultCertificateVerifier.h │ ├── DefaultFactory.h │ ├── Events.cpp │ ├── Events.h │ ├── Exporter.cpp │ ├── Exporter.h │ ├── Factory.cpp │ ├── Factory.h │ ├── FizzBase-inl.h │ ├── FizzBase.h │ ├── HandshakeContext.cpp │ ├── HandshakeContext.h │ ├── KeyScheduler.cpp │ ├── KeyScheduler.h │ ├── MultiBackendFactory.cpp │ ├── MultiBackendFactory.h │ ├── Params.cpp │ ├── Params.h │ ├── Protocol.h │ ├── StateMachine-inl.h │ ├── StateMachine.h │ ├── Types.cpp │ ├── Types.h │ ├── clock │ │ ├── BUCK │ │ ├── Clock.h │ │ ├── SystemClock.cpp │ │ ├── SystemClock.h │ │ └── test │ │ │ ├── BUCK │ │ │ └── Mocks.h │ ├── ech │ │ ├── BUCK │ │ ├── Decrypter.cpp │ │ ├── Decrypter.h │ │ ├── ECHExtensions-inl.h │ │ ├── ECHExtensions.h │ │ ├── Encryption.cpp │ │ ├── Encryption.h │ │ ├── GreaseECH.cpp │ │ ├── GreaseECH.h │ │ ├── GreaseECHSetting.h │ │ ├── Types-inl.h │ │ ├── Types.h │ │ └── test │ │ │ ├── BUCK │ │ │ ├── DecrypterTest.cpp │ │ │ ├── ECHTest.cpp │ │ │ ├── EncryptionTest.cpp │ │ │ ├── GreaseECHTest.cpp │ │ │ ├── TestUtil.cpp │ │ │ └── TestUtil.h │ └── test │ │ ├── BUCK │ │ ├── CertTest.cpp │ │ ├── CertTestTypes.h │ │ ├── CertUtil.h │ │ ├── DefaultCertificateVerifierTest.cpp │ │ ├── ExporterTest.cpp │ │ ├── FizzBaseTest.cpp │ │ ├── HandshakeContextTest.cpp │ │ ├── KeySchedulerTest.cpp │ │ ├── Matchers.h │ │ ├── Mocks.h │ │ ├── MultiBackendFactoryTest.cpp │ │ ├── ProtocolTest.h │ │ └── TestUtil.h ├── record │ ├── BUCK │ ├── BufAndPaddingPolicy.cpp │ ├── BufAndPaddingPolicy.h │ ├── EncryptedRecordLayer.cpp │ ├── EncryptedRecordLayer.h │ ├── Extensions-inl.h │ ├── Extensions.h │ ├── PlaintextRecordLayer.cpp │ ├── PlaintextRecordLayer.h │ ├── RecordLayer.cpp │ ├── RecordLayer.h │ ├── RecordLayerUtils-inl.h │ ├── RecordLayerUtils.h │ ├── Types-inl.h │ ├── Types.cpp │ ├── Types.h │ └── test │ │ ├── BUCK │ │ ├── BufAndPaddingPolicyTest.cpp │ │ ├── EncryptedRecordBench.cpp │ │ ├── EncryptedRecordTest.cpp │ │ ├── ExtensionTestsBase.h │ │ ├── ExtensionsTest.cpp │ │ ├── HandshakeTypesTest.cpp │ │ ├── Mocks.h │ │ ├── PlaintextRecordTest.cpp │ │ ├── RecordLayerUtilsTest.cpp │ │ ├── RecordTest.cpp │ │ └── TypesTest.cpp ├── server │ ├── Actions.h │ ├── AeadCookieCipher.cpp │ ├── AeadCookieCipher.h │ ├── AeadTicketCipher.h │ ├── AeadTokenCipher.cpp │ ├── AeadTokenCipher.h │ ├── AsyncFizzServer-inl.h │ ├── AsyncFizzServer.h │ ├── AsyncSelfCert.h │ ├── BUCK │ ├── CertManager.cpp │ ├── CertManager.h │ ├── CookieCipher.cpp │ ├── CookieCipher.h │ ├── CookieTypes.h │ ├── DualTicketCipher.h │ ├── FizzServer-inl.h │ ├── FizzServer.cpp │ ├── FizzServer.h │ ├── FizzServerContext.cpp │ ├── FizzServerContext.h │ ├── HandshakeLogging.cpp │ ├── HandshakeLogging.h │ ├── MultiServerExtensions.cpp │ ├── MultiServerExtensions.h │ ├── Negotiator.h │ ├── ReplayCache.cpp │ ├── ReplayCache.h │ ├── ResumptionState.h │ ├── ServerExtensions.h │ ├── ServerProtocol.cpp │ ├── ServerProtocol.h │ ├── SlidingBloomReplayCache.cpp │ ├── SlidingBloomReplayCache.h │ ├── State.cpp │ ├── State.h │ ├── TicketCipher.h │ ├── TicketCodec-inl.h │ ├── TicketCodec.cpp │ ├── TicketCodec.h │ ├── TicketPolicy.h │ ├── TicketTypes.h │ ├── TokenCipher.h │ └── test │ │ ├── AeadCookieCipherTest.cpp │ │ ├── AeadTicketCipherTest.cpp │ │ ├── AeadTokenCipherTest.cpp │ │ ├── AsyncFizzServerTest.cpp │ │ ├── BUCK │ │ ├── CertManagerTest.cpp │ │ ├── CookieCipherTest.cpp │ │ ├── DualTicketCipherTest.cpp │ │ ├── FizzServerTest.cpp │ │ ├── Mocks.h │ │ ├── MultiServerExtensionsTest.cpp │ │ ├── NegotiatorTest.cpp │ │ ├── ServerProtocolTest.cpp │ │ ├── SlidingBloomReplayCacheTest.cpp │ │ ├── TicketCodecTest.cpp │ │ ├── TicketPolicyTest.cpp │ │ └── Utils.h ├── test │ ├── AsyncFizzBaseTest.cpp │ ├── BUCK │ ├── BogoShim.cpp │ ├── CMakeTestMain.cpp │ ├── HandshakeTest.cpp │ ├── HandshakeTest.h │ └── LocalTransport.h ├── tool │ ├── BUCK │ ├── CertificateVerifiers.h │ ├── Commands.h │ ├── FizzClientCommand.cpp │ ├── FizzClientLoadGenCommand.cpp │ ├── FizzCommandCommon.cpp │ ├── FizzCommandCommon.h │ ├── FizzGenerateDelegatedCredentialCommand.cpp │ ├── FizzServerBenchmarkCommand.cpp │ ├── FizzServerCommand.cpp │ ├── Main.cpp │ └── test │ │ ├── BUCK │ │ └── FizzCommandCommonTest.cpp └── util │ ├── BUCK │ ├── FizzUtil.cpp │ ├── FizzUtil.h │ ├── KeyLogWriter.h │ ├── Parse-inl.h │ ├── Parse.h │ ├── Tracing.cpp │ ├── Tracing.h │ ├── Variant.h │ ├── Workarounds.h │ └── test │ ├── BUCK │ ├── FizzUtilTest.cpp │ ├── FizzVariantTest.cpp │ └── KeyLogWriterTest.cpp ├── logo2x.png └── oss_buck_build_and_test.sh /.buckconfig: -------------------------------------------------------------------------------- 1 | [cells] 2 | gh_facebookincubator_fizz = . 3 | 4 | [cell_aliases] 5 | root = gh_facebookincubator_fizz 6 | 7 | [oss] 8 | internal_cell = fbcode 9 | project_dirs = fizz 10 | prefix_mappings = fbcode//folly->gh_facebook_folly//folly 11 | -------------------------------------------------------------------------------- /.buckconfig.d/common.buckconfig: -------------------------------------------------------------------------------- 1 | [cells] 2 | prelude = prelude 3 | none = none 4 | 5 | [cell_aliases] 6 | config = prelude 7 | ovr_config = prelude 8 | bazel_skylib = gh_facebook_buck2_shims_meta 9 | buck = gh_facebook_buck2_shims_meta 10 | fbcode = gh_facebook_buck2_shims_meta 11 | fbcode_macros = gh_facebook_buck2_shims_meta 12 | fbsource = gh_facebook_buck2_shims_meta 13 | shim = gh_facebook_buck2_shims_meta 14 | toolchains = gh_facebook_buck2_shims_meta 15 | 16 | [external_cells] 17 | prelude = bundled 18 | 19 | [parser] 20 | target_platform_detector_spec = target:root//...->prelude//platforms:default target:shim//...->prelude//platforms:default 21 | -------------------------------------------------------------------------------- /.buckconfig.d/external_cells/facebook/buck2-shims-meta/external_cell.buckconfig: -------------------------------------------------------------------------------- 1 | [cells] 2 | gh_facebook_buck2_shims_meta = gh_facebook_buck2_shims_meta 3 | 4 | [external_cells] 5 | gh_facebook_buck2_shims_meta = git 6 | 7 | [external_cell_gh_facebook_buck2_shims_meta] 8 | git_origin = https://github.com/facebook/buck2-shims-meta.git 9 | commit_hash = 60098ace5d53b58e3920710489b886f9e083164c 10 | -------------------------------------------------------------------------------- /.buckconfig.d/external_cells/facebook/folly/external_cell.buckconfig: -------------------------------------------------------------------------------- 1 | [cells] 2 | gh_facebook_folly = gh_facebook_folly 3 | 4 | [external_cells] 5 | gh_facebook_folly = git 6 | 7 | [external_cell_gh_facebook_folly] 8 | git_origin = https://github.com/facebook/folly.git 9 | commit_hash = bc98f52b4df1fa44f13e4a1ccdeb779cd71ecbde 10 | -------------------------------------------------------------------------------- /.buckroot: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/facebookincubator/fizz/0ddfc9c0d8a90391f4a33ee3273c155391fb08c4/.buckroot -------------------------------------------------------------------------------- /.github/libaegis.pc: -------------------------------------------------------------------------------- 1 | prefix="$GITHUB_WORKSPACE"/tools/libaegis/zig-out 2 | exec_prefix=${prefix} 3 | libdir=${exec_prefix}/lib 4 | includedir=${prefix}/include 5 | Name: libaegis 6 | Description: Aegis library 7 | Version: 1.0.0 8 | Libs: -L${libdir} -laegis 9 | Cflags: -I${includedir} 10 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | out/ 2 | # Ignore all files generated by Buck2 3 | buck-out/ 4 | -------------------------------------------------------------------------------- /.gitmodules: -------------------------------------------------------------------------------- 1 | [submodule "folly"] 2 | path = folly 3 | url = https://github.com/facebook/folly 4 | -------------------------------------------------------------------------------- /BUCK: -------------------------------------------------------------------------------- 1 | load("@fbcode_macros//build_defs:native_rules.bzl", "buck_genrule") 2 | 3 | oncall("secure_pipes") 4 | 5 | buck_genrule( 6 | name = "fizz-config.h", 7 | srcs = {file: file for file in glob([ 8 | "fizz/cmake/*", 9 | "build/fbcode_builder/CMake/*", 10 | ])} | 11 | { 12 | "CMakeLists.txt": "//fizz:CMakeListsForBuck2.txt", 13 | "fizz/cmake/CheckAtomic.cmake": "//fizz:cmake/CheckAtomic.cmake", 14 | "fizz/cmake/FizzOptions.cmake": "//fizz:cmake/FizzOptions.cmake", 15 | "fizz/fizz-config.h.in": "//fizz:fizz-config.h.in", 16 | }, 17 | out = "fizz-config.h", 18 | cmd = "cmake . && mv fizz/fizz-config.h $OUT", 19 | default_target_platform = "prelude//platforms:default", 20 | labels = ["third-party:homebrew:cmake"], 21 | remote = False, 22 | ) 23 | -------------------------------------------------------------------------------- /PACKAGE: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | # 3 | # This source code is licensed under the BSD license found in the 4 | # LICENSE file in the root directory of this source tree. 5 | 6 | load("@shim//:cfg.bzl", "SHIM_ALIASES", "set_cfg_constructor", "get_shim_modifiers") 7 | load("@prelude//cfg/modifier:set_cfg_modifiers.bzl", "set_cfg_modifiers") 8 | 9 | # Activate cfg modifiers from CLI / PACKAGE / targets 10 | set_cfg_constructor(SHIM_ALIASES) 11 | 12 | modifiers = get_shim_modifiers() 13 | set_cfg_modifiers(modifiers) 14 | -------------------------------------------------------------------------------- /bad_targets: -------------------------------------------------------------------------------- 1 | # This is a list of bad targets that do not build in OSS. Ideally this list goes away 2 | # with time. 3 | root//fizz/experimental/crypto/exchange:oqs_key_exchange 4 | root//fizz/extensions/javacrypto:java_crypto 5 | root//fizz/tool:fizz 6 | root//fizz/backend:openssl 7 | -------------------------------------------------------------------------------- /build/buck2/README.md: -------------------------------------------------------------------------------- 1 | # Easy buck2 builds for Facebook projects 2 | 3 | This directory contains buck2 targets designed to simplify buck2 builds of 4 | Meta open source projects. 5 | 6 | The most notable target is `//build/buck2/install_deps`, which will attempt to 7 | discover and install necessary third party packages from apt / dnf / etc. 8 | See the "repos" directory for the currently supported platforms. 9 | 10 | ## Deployment 11 | 12 | This directory is copied literally into a number of different Facebook open 13 | source repositories. Any change made to code in this directory will be 14 | automatically be replicated by our open source tooling into all GitHub hosted 15 | repositories that use `buck2`. Typically this directory is copied 16 | into the open source repositories as `build/buck2/`. 17 | -------------------------------------------------------------------------------- /build/buck2/install_deps/BUCK: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | # 3 | # This source code is licensed under the LICENSE file found in the root 4 | # directory of this source tree. 5 | load("@fbcode_macros//build_defs:native_rules.bzl", "buck_sh_binary") 6 | 7 | oncall("open_source") 8 | 9 | buck_sh_binary( 10 | name = "install_deps", 11 | main = "install_deps.sh", 12 | resources = glob(["repos/*"]), 13 | ) 14 | -------------------------------------------------------------------------------- /build/buck2/install_deps/repos/fedora: -------------------------------------------------------------------------------- 1 | INSTALL_COMMAND="sudo -E dnf install -y" 2 | -------------------------------------------------------------------------------- /build/buck2/install_deps/repos/homebrew: -------------------------------------------------------------------------------- 1 | INSTALL_COMMAND="brew install" 2 | -------------------------------------------------------------------------------- /build/buck2/install_deps/repos/ubuntu: -------------------------------------------------------------------------------- 1 | INSTALL_COMMAND="sudo -E apt-get install -y" 2 | -------------------------------------------------------------------------------- /build/deps/github_hashes/facebook/folly-rev.txt: -------------------------------------------------------------------------------- 1 | Subproject commit bc98f52b4df1fa44f13e4a1ccdeb779cd71ecbde 2 | -------------------------------------------------------------------------------- /build/fbcode_builder/.gitignore: -------------------------------------------------------------------------------- 1 | # Facebook-internal CI builds don't have write permission outside of the 2 | # source tree, so we install all projects into this directory. 3 | /facebook_ci 4 | __pycache__/ 5 | *.pyc 6 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FBBuildOptions.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | 3 | function (fb_activate_static_library_option) 4 | option(USE_STATIC_DEPS_ON_UNIX 5 | "If enabled, use static dependencies on unix systems. This is generally discouraged." 6 | OFF 7 | ) 8 | # Mark USE_STATIC_DEPS_ON_UNIX as an "advanced" option, since enabling it 9 | # is generally discouraged. 10 | mark_as_advanced(USE_STATIC_DEPS_ON_UNIX) 11 | 12 | if(UNIX AND USE_STATIC_DEPS_ON_UNIX) 13 | SET(CMAKE_FIND_LIBRARY_SUFFIXES ".a" PARENT_SCOPE) 14 | endif() 15 | endfunction() 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FBCompilerSettings.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | 3 | # This file applies common compiler settings that are shared across 4 | # a number of Facebook opensource projects. 5 | # Please use caution and your best judgement before making changes 6 | # to these shared compiler settings in order to avoid accidentally 7 | # breaking a build in another project! 8 | 9 | if (WIN32) 10 | include(FBCompilerSettingsMSVC) 11 | else() 12 | include(FBCompilerSettingsUnix) 13 | endif() 14 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FBCompilerSettingsMSVC.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | 3 | # This file applies common compiler settings that are shared across 4 | # a number of Facebook opensource projects. 5 | # Please use caution and your best judgement before making changes 6 | # to these shared compiler settings in order to avoid accidentally 7 | # breaking a build in another project! 8 | 9 | add_compile_options( 10 | /wd4250 # 'class1' : inherits 'class2::member' via dominance 11 | ) 12 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FBCompilerSettingsUnix.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | 3 | # This file applies common compiler settings that are shared across 4 | # a number of Facebook opensource projects. 5 | # Please use caution and your best judgement before making changes 6 | # to these shared compiler settings in order to avoid accidentally 7 | # breaking a build in another project! 8 | 9 | set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -g -Wall -Wextra -Wno-deprecated -Wno-deprecated-declarations") 10 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindDoubleConversion.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | 3 | # Finds libdouble-conversion. 4 | # 5 | # This module defines: 6 | # DOUBLE_CONVERSION_INCLUDE_DIR 7 | # DOUBLE_CONVERSION_LIBRARY 8 | # 9 | 10 | find_path(DOUBLE_CONVERSION_INCLUDE_DIR double-conversion/double-conversion.h) 11 | find_library(DOUBLE_CONVERSION_LIBRARY NAMES double-conversion) 12 | 13 | include(FindPackageHandleStandardArgs) 14 | find_package_handle_standard_args( 15 | DoubleConversion 16 | DEFAULT_MSG 17 | DOUBLE_CONVERSION_LIBRARY DOUBLE_CONVERSION_INCLUDE_DIR) 18 | 19 | mark_as_advanced(DOUBLE_CONVERSION_INCLUDE_DIR DOUBLE_CONVERSION_LIBRARY) 20 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindLMDB.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | # 3 | # This software may be used and distributed according to the terms of the 4 | # GNU General Public License version 2. 5 | 6 | find_library(LMDB_LIBRARIES NAMES lmdb liblmdb) 7 | mark_as_advanced(LMDB_LIBRARIES) 8 | 9 | find_path(LMDB_INCLUDE_DIR NAMES lmdb.h) 10 | mark_as_advanced(LMDB_INCLUDE_DIR) 11 | 12 | find_package_handle_standard_args( 13 | LMDB 14 | REQUIRED_VARS LMDB_LIBRARIES LMDB_INCLUDE_DIR) 15 | 16 | if(LMDB_FOUND) 17 | set(LMDB_LIBRARIES ${LMDB_LIBRARIES}) 18 | set(LMDB_INCLUDE_DIR, ${LMDB_INCLUDE_DIR}) 19 | endif() 20 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindLibUnwind.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | find_path(LIBUNWIND_INCLUDE_DIR NAMES libunwind.h) 16 | mark_as_advanced(LIBUNWIND_INCLUDE_DIR) 17 | 18 | find_library(LIBUNWIND_LIBRARY NAMES unwind) 19 | mark_as_advanced(LIBUNWIND_LIBRARY) 20 | 21 | include(FindPackageHandleStandardArgs) 22 | FIND_PACKAGE_HANDLE_STANDARD_ARGS( 23 | LIBUNWIND 24 | REQUIRED_VARS LIBUNWIND_LIBRARY LIBUNWIND_INCLUDE_DIR) 25 | 26 | if(LIBUNWIND_FOUND) 27 | set(LIBUNWIND_LIBRARIES ${LIBUNWIND_LIBRARY}) 28 | set(LIBUNWIND_INCLUDE_DIRS ${LIBUNWIND_INCLUDE_DIR}) 29 | endif() 30 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindPCRE.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | include(FindPackageHandleStandardArgs) 3 | find_path(PCRE_INCLUDE_DIR NAMES pcre.h) 4 | find_library(PCRE_LIBRARY NAMES pcre) 5 | find_package_handle_standard_args( 6 | PCRE 7 | DEFAULT_MSG 8 | PCRE_LIBRARY 9 | PCRE_INCLUDE_DIR 10 | ) 11 | mark_as_advanced(PCRE_INCLUDE_DIR PCRE_LIBRARY) 12 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindPCRE2.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | include(FindPackageHandleStandardArgs) 3 | find_path(PCRE2_INCLUDE_DIR NAMES pcre2.h) 4 | find_library(PCRE2_LIBRARY NAMES pcre2-8) 5 | find_package_handle_standard_args( 6 | PCRE2 7 | DEFAULT_MSG 8 | PCRE2_LIBRARY 9 | PCRE2_INCLUDE_DIR 10 | ) 11 | set(PCRE2_DEFINES "PCRE2_CODE_UNIT_WIDTH=8") 12 | mark_as_advanced(PCRE2_INCLUDE_DIR PCRE2_LIBRARY PCRE2_DEFINES) 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindRe2.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | # 3 | # This software may be used and distributed according to the terms of the 4 | # GNU General Public License version 2. 5 | 6 | find_library(RE2_LIBRARY re2) 7 | mark_as_advanced(RE2_LIBRARY) 8 | 9 | find_path(RE2_INCLUDE_DIR NAMES re2/re2.h) 10 | mark_as_advanced(RE2_INCLUDE_DIR) 11 | 12 | include(FindPackageHandleStandardArgs) 13 | FIND_PACKAGE_HANDLE_STANDARD_ARGS( 14 | RE2 15 | REQUIRED_VARS RE2_LIBRARY RE2_INCLUDE_DIR) 16 | 17 | if(RE2_FOUND) 18 | set(RE2_LIBRARY ${RE2_LIBRARY}) 19 | set(RE2_INCLUDE_DIR, ${RE2_INCLUDE_DIR}) 20 | endif() 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindXxhash.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # 16 | # - Try to find Facebook xxhash library 17 | # This will define 18 | # Xxhash_FOUND 19 | # Xxhash_INCLUDE_DIR 20 | # Xxhash_LIBRARY 21 | # 22 | 23 | find_path(Xxhash_INCLUDE_DIR NAMES xxhash.h) 24 | 25 | find_library(Xxhash_LIBRARY_RELEASE NAMES xxhash) 26 | 27 | include(SelectLibraryConfigurations) 28 | SELECT_LIBRARY_CONFIGURATIONS(Xxhash) 29 | 30 | include(FindPackageHandleStandardArgs) 31 | FIND_PACKAGE_HANDLE_STANDARD_ARGS( 32 | Xxhash DEFAULT_MSG 33 | Xxhash_LIBRARY Xxhash_INCLUDE_DIR 34 | ) 35 | 36 | if (Xxhash_FOUND) 37 | message(STATUS "Found xxhash: ${Xxhash_LIBRARY}") 38 | endif() 39 | 40 | mark_as_advanced(Xxhash_INCLUDE_DIR Xxhash_LIBRARY) 41 | -------------------------------------------------------------------------------- /build/fbcode_builder/CMake/FindZstd.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) Facebook, Inc. and its affiliates. 2 | # 3 | # Licensed under the Apache License, Version 2.0 (the "License"); 4 | # you may not use this file except in compliance with the License. 5 | # You may obtain a copy of the License at 6 | # 7 | # http://www.apache.org/licenses/LICENSE-2.0 8 | # 9 | # Unless required by applicable law or agreed to in writing, software 10 | # distributed under the License is distributed on an "AS IS" BASIS, 11 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 | # See the License for the specific language governing permissions and 13 | # limitations under the License. 14 | 15 | # 16 | # - Try to find Facebook zstd library 17 | # This will define 18 | # ZSTD_FOUND 19 | # ZSTD_INCLUDE_DIR 20 | # ZSTD_LIBRARY 21 | # 22 | 23 | find_path(ZSTD_INCLUDE_DIR NAMES zstd.h) 24 | 25 | find_library(ZSTD_LIBRARY_DEBUG NAMES zstdd zstd_staticd) 26 | find_library(ZSTD_LIBRARY_RELEASE NAMES zstd zstd_static) 27 | 28 | include(SelectLibraryConfigurations) 29 | SELECT_LIBRARY_CONFIGURATIONS(ZSTD) 30 | 31 | include(FindPackageHandleStandardArgs) 32 | FIND_PACKAGE_HANDLE_STANDARD_ARGS( 33 | Zstd DEFAULT_MSG 34 | ZSTD_LIBRARY ZSTD_INCLUDE_DIR 35 | ) 36 | 37 | if (ZSTD_FOUND) 38 | message(STATUS "Found Zstd: ${ZSTD_LIBRARY}") 39 | endif() 40 | 41 | mark_as_advanced(ZSTD_INCLUDE_DIR ZSTD_LIBRARY) 42 | -------------------------------------------------------------------------------- /build/fbcode_builder/LICENSE: -------------------------------------------------------------------------------- 1 | MIT License 2 | 3 | Copyright (c) Facebook, Inc. and its affiliates. 4 | 5 | Permission is hereby granted, free of charge, to any person obtaining a copy 6 | of this software and associated documentation files (the "Software"), to deal 7 | in the Software without restriction, including without limitation the rights 8 | to use, copy, modify, merge, publish, distribute, sublicense, and/or sell 9 | copies of the Software, and to permit persons to whom the Software is 10 | furnished to do so, subject to the following conditions: 11 | 12 | The above copyright notice and this permission notice shall be included in all 13 | copies or substantial portions of the Software. 14 | 15 | THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 16 | IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 17 | FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE 18 | AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER 19 | LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, 20 | OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE 21 | SOFTWARE. 22 | -------------------------------------------------------------------------------- /build/fbcode_builder/getdeps/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/facebookincubator/fizz/0ddfc9c0d8a90391f4a33ee3273c155391fb08c4/build/fbcode_builder/getdeps/__init__.py -------------------------------------------------------------------------------- /build/fbcode_builder/getdeps/errors.py: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | # 3 | # This source code is licensed under the MIT license found in the 4 | # LICENSE file in the root directory of this source tree. 5 | 6 | # pyre-unsafe 7 | 8 | 9 | class TransientFailure(Exception): 10 | """Raising this error causes getdeps to return with an error code 11 | that Sandcastle will consider to be a retryable transient 12 | infrastructure error""" 13 | 14 | pass 15 | 16 | 17 | class ManifestNotFound(Exception): 18 | def __init__(self, manifest_name) -> None: 19 | super(Exception, self).__init__("Unable to find manifest '%s'" % manifest_name) 20 | -------------------------------------------------------------------------------- /build/fbcode_builder/getdeps/test/fixtures/duplicate/foo: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = foo 3 | -------------------------------------------------------------------------------- /build/fbcode_builder/getdeps/test/fixtures/duplicate/subdir/foo: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = foo 3 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/CLI11: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = CLI11 3 | 4 | [download] 5 | url = https://github.com/CLIUtils/CLI11/archive/v2.0.0.tar.gz 6 | sha256 = 2c672f17bf56e8e6223a3bfb74055a946fa7b1ff376510371902adb9cb0ab6a3 7 | 8 | [build] 9 | builder = cmake 10 | subdir = CLI11-2.0.0 11 | 12 | [cmake.defines] 13 | CLI11_BUILD_TESTS = OFF 14 | CLI11_BUILD_EXAMPLES = OFF 15 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/autoconf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = autoconf 3 | 4 | [debs] 5 | autoconf 6 | 7 | [homebrew] 8 | autoconf 9 | 10 | [rpms] 11 | autoconf 12 | 13 | [pps] 14 | autoconf 15 | 16 | [download] 17 | url = http://ftp.gnu.org/gnu/autoconf/autoconf-2.69.tar.gz 18 | sha256 = 954bd69b391edc12d6a4a51a2dd1476543da5c6bbf05a95b59dc0dd6fd4c2969 19 | 20 | [build] 21 | builder = autoconf 22 | subdir = autoconf-2.69 23 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/automake: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = automake 3 | 4 | [homebrew] 5 | automake 6 | 7 | [debs] 8 | automake 9 | 10 | [rpms] 11 | automake 12 | 13 | [pps] 14 | automake 15 | 16 | [download] 17 | url = http://ftp.gnu.org/gnu/automake/automake-1.16.1.tar.gz 18 | sha256 = 608a97523f97db32f1f5d5615c98ca69326ced2054c9f82e65bade7fc4c9dea8 19 | 20 | [build] 21 | builder = autoconf 22 | subdir = automake-1.16.1 23 | 24 | [dependencies] 25 | autoconf 26 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/benchmark: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = benchmark 3 | 4 | [download] 5 | url = https://github.com/google/benchmark/archive/refs/tags/v1.8.0.tar.gz 6 | sha256 = ea2e94c24ddf6594d15c711c06ccd4486434d9cf3eca954e2af8a20c88f9f172 7 | 8 | [build] 9 | builder = cmake 10 | subdir = benchmark-1.8.0/ 11 | 12 | [cmake.defines] 13 | BENCHMARK_ENABLE_TESTING=OFF 14 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/blake3: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = blake3 3 | 4 | [download] 5 | url = https://github.com/BLAKE3-team/BLAKE3/archive/refs/tags/1.5.1.tar.gz 6 | sha256 = 822cd37f70152e5985433d2c50c8f6b2ec83aaf11aa31be9fe71486a91744f37 7 | 8 | [build] 9 | builder = cmake 10 | subdir = BLAKE3-1.5.1/c 11 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/bz2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = bz2 3 | 4 | [debs] 5 | libbz2-dev 6 | bzip2 7 | 8 | [homebrew] 9 | bzip2 10 | 11 | [rpms] 12 | bzip2-devel 13 | bzip2 14 | 15 | [download] 16 | url = https://sourceware.org/pub/bzip2/bzip2-1.0.8.tar.gz 17 | sha256 = ab5a03176ee106d3f0fa90e381da478ddae405918153cca248e682cd0c4a2269 18 | 19 | [build.not(os=windows)] 20 | builder = make 21 | subdir = bzip2-1.0.8 22 | 23 | [make.build_args.os=linux] 24 | # python bz2 support on linux needs dynamic library 25 | -f 26 | Makefile-libbz2_so 27 | 28 | [make.install_args] 29 | install 30 | 31 | [build.os=windows] 32 | builder = nop 33 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/cabal: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = cabal 3 | 4 | [download.os=linux] 5 | url = https://downloads.haskell.org/~cabal/cabal-install-3.6.2.0/cabal-install-3.6.2.0-x86_64-linux-deb10.tar.xz 6 | sha256 = 4759b56e9257e02f29fa374a6b25d6cb2f9d80c7e3a55d4f678a8e570925641c 7 | 8 | [build] 9 | builder = nop 10 | 11 | [install.files] 12 | cabal = bin/cabal 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/cachelib: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = cachelib 3 | fbsource_path = fbcode/cachelib 4 | shipit_project = cachelib 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/cachelib.git 9 | 10 | [build] 11 | builder = cmake 12 | subdir = cachelib 13 | job_weight_mib = 2048 14 | 15 | [dependencies] 16 | zlib 17 | fizz 18 | fmt 19 | folly 20 | fbthrift 21 | googletest 22 | sparsemap 23 | wangle 24 | zstd 25 | mvfst 26 | numa 27 | libaio 28 | # cachelib also depends on openssl but since the latter requires a platform- 29 | # specific configuration we rely on the folly manifest to provide this 30 | # dependency to avoid duplication. 31 | 32 | [shipit.pathmap] 33 | fbcode/cachelib = cachelib 34 | fbcode/cachelib/public_tld = . 35 | 36 | [shipit.strip] 37 | ^fbcode/cachelib/examples(/|$) 38 | ^fbcode/cachelib/facebook(/|$) 39 | ^fbcode/cachelib/public_tld/website/docs/facebook(/|$) 40 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/clang: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = clang 3 | 4 | [rpms] 5 | clang15-devel 6 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/cmake: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = cmake 3 | 4 | [homebrew] 5 | cmake 6 | 7 | # 18.04 cmake is too old 8 | [debs.not(all(distro=ubuntu,distro_vers="18.04"))] 9 | cmake 10 | 11 | [rpms] 12 | cmake 13 | 14 | [pps] 15 | cmake 16 | 17 | [dependencies] 18 | ninja 19 | 20 | [download.os=windows] 21 | url = https://github.com/Kitware/CMake/releases/download/v3.20.2/cmake-3.20.2-windows-x86_64.zip 22 | sha256 = 15a49e2ab81c1822d75b1b1a92f7863f58e31f6d6aac1c4103eef2b071be3112 23 | 24 | [download.os=darwin] 25 | url = https://github.com/Kitware/CMake/releases/download/v3.20.2/cmake-3.20.2-macos-universal.tar.gz 26 | sha256 = 0100663380a3bd977b001183cd487412db7aad9de6859927bde97e1e6e44e645 27 | 28 | [download.any(os=linux,os=freebsd)] 29 | url = https://github.com/Kitware/CMake/releases/download/v3.20.2/cmake-3.20.2.tar.gz 30 | sha256 = aecf6ecb975179eb3bb6a4a50cae192d41e92b9372b02300f9e8f1d5f559544e 31 | 32 | [build.os=windows] 33 | builder = nop 34 | subdir = cmake-3.20.2-windows-x86_64 35 | 36 | [build.os=darwin] 37 | builder = nop 38 | subdir = cmake-3.20.2-macos-universal 39 | 40 | [install.files.os=darwin] 41 | CMake.app/Contents/bin = bin 42 | CMake.app/Contents/share = share 43 | 44 | [build.any(os=linux,os=freebsd)] 45 | builder = cmakebootstrap 46 | subdir = cmake-3.20.2 47 | 48 | [make.install_args.any(os=linux,os=freebsd)] 49 | install 50 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/cpptoml: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = cpptoml 3 | 4 | [homebrew] 5 | cpptoml 6 | 7 | [download] 8 | url = https://github.com/chadaustin/cpptoml/archive/refs/tags/v0.1.2.tar.gz 9 | sha256 = beda37e94f9746874436c8090c045fd80ae6f8a51f7c668c932a2b110a4fc277 10 | 11 | [build] 12 | builder = cmake 13 | subdir = cpptoml-0.1.2 14 | 15 | [cmake.defines.os=freebsd] 16 | ENABLE_LIBCXX=NO 17 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/double-conversion: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = double-conversion 3 | 4 | [download] 5 | url = https://github.com/google/double-conversion/archive/v3.1.4.tar.gz 6 | sha256 = 95004b65e43fefc6100f337a25da27bb99b9ef8d4071a36a33b5e83eb1f82021 7 | 8 | [homebrew] 9 | double-conversion 10 | 11 | [debs] 12 | libdouble-conversion-dev 13 | 14 | [rpms] 15 | double-conversion 16 | double-conversion-devel 17 | 18 | [pps] 19 | double-conversion 20 | 21 | [build] 22 | builder = cmake 23 | subdir = double-conversion-3.1.4 24 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/edencommon: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = edencommon 3 | fbsource_path = fbcode/eden/common 4 | shipit_project = edencommon 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebookexperimental/edencommon.git 9 | 10 | [build] 11 | builder = cmake 12 | 13 | [dependencies] 14 | fbthrift 15 | fb303 16 | fmt 17 | folly 18 | gflags 19 | glog 20 | 21 | [cmake.defines.test=on] 22 | BUILD_TESTS=ON 23 | 24 | [cmake.defines.test=off] 25 | BUILD_TESTS=OFF 26 | 27 | [shipit.pathmap] 28 | fbcode/eden/common = eden/common 29 | fbcode/eden/common/oss = . 30 | 31 | [shipit.strip] 32 | @README.facebook@ 33 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/exprtk: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = exprtk 3 | 4 | [download] 5 | url = https://github.com/ArashPartow/exprtk/archive/refs/tags/0.0.1.tar.gz 6 | sha256 = fb72791c88ae3b3426e14fdad630027715682584daf56b973569718c56e33f28 7 | 8 | [build.not(os=windows)] 9 | builder = nop 10 | subdir = exprtk-0.0.1 11 | 12 | [install.files] 13 | exprtk.hpp = exprtk.hpp 14 | 15 | [dependencies] 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fast_float: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fast_float 3 | 4 | [download] 5 | url = https://github.com/fastfloat/fast_float/archive/refs/tags/v8.0.0.tar.gz 6 | sha256 = f312f2dc34c61e665f4b132c0307d6f70ad9420185fa831911bc24408acf625d 7 | 8 | [build] 9 | builder = cmake 10 | subdir = fast_float-8.0.0 11 | 12 | [cmake.defines] 13 | FASTFLOAT_TEST = OFF 14 | FASTFLOAT_SANITIZE = OFF 15 | 16 | [debs.not(all(distro=ubuntu,any(distro_vers="18.04",distro_vers="20.04",distro_vers="22.04",distro_vers="24.04")))] 17 | libfast-float-dev 18 | 19 | [rpms.distro=fedora] 20 | fast_float-devel 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fatal: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fatal 3 | fbsource_path = fbcode/fatal 4 | shipit_project = fatal 5 | 6 | [git] 7 | repo_url = https://github.com/facebook/fatal.git 8 | 9 | [shipit.pathmap] 10 | fbcode/fatal = fatal 11 | fbcode/fatal/public_tld = . 12 | 13 | [build] 14 | builder = nop 15 | subdir = . 16 | 17 | [install.files] 18 | fatal/portability.h = fatal/portability.h 19 | fatal/preprocessor.h = fatal/preprocessor.h 20 | fatal/container = fatal/container 21 | fatal/functional = fatal/functional 22 | fatal/math = fatal/math 23 | fatal/string = fatal/string 24 | fatal/type = fatal/type 25 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fb303: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fb303 3 | fbsource_path = fbcode/fb303 4 | shipit_project = fb303 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/fb303.git 9 | 10 | [cargo] 11 | cargo_config_file = source/fb303/thrift/.cargo/config.toml 12 | 13 | [crate.pathmap] 14 | fb303_core = fb303/thrift 15 | 16 | [build] 17 | builder = cmake 18 | 19 | [dependencies] 20 | folly 21 | gflags 22 | glog 23 | fbthrift 24 | 25 | [cmake.defines.test=on] 26 | BUILD_TESTS=ON 27 | 28 | [cmake.defines.test=off] 29 | BUILD_TESTS=OFF 30 | 31 | [shipit.pathmap] 32 | fbcode/fb303/github = . 33 | fbcode/fb303/public_autocargo = fb303 34 | fbcode/fb303 = fb303 35 | 36 | [shipit.strip] 37 | ^fbcode/fb303/(?!public_autocargo).+/Cargo\.toml$ 38 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fboss: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fboss 3 | fbsource_path = fbcode/fboss 4 | shipit_project = fboss 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/fboss.git 9 | 10 | [build.os=linux] 11 | builder = cmake 12 | # fboss files take a lot of RAM to compile. 13 | job_weight_mib = 3072 14 | 15 | [build.not(os=linux)] 16 | builder = nop 17 | 18 | [dependencies] 19 | folly 20 | fb303 21 | wangle 22 | fizz 23 | fmt 24 | libsodium 25 | googletest 26 | zstd 27 | fatal 28 | fbthrift 29 | iproute2 30 | libusb 31 | libcurl 32 | libnl 33 | libsai 34 | re2 35 | python 36 | yaml-cpp 37 | libyaml 38 | CLI11 39 | exprtk 40 | nlohmann-json 41 | libgpiod 42 | systemd 43 | range-v3 44 | 45 | [shipit.pathmap] 46 | fbcode/fboss/github = . 47 | fbcode/fboss/common = common 48 | fbcode/fboss = fboss 49 | 50 | [sandcastle] 51 | run_tests = off 52 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fbthrift: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fbthrift 3 | fbsource_path = xplat/thrift 4 | shipit_project = fbthrift 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/fbthrift.git 9 | 10 | [cargo] 11 | cargo_config_file = source/thrift/lib/rust/.cargo/config.toml 12 | 13 | [crate.pathmap] 14 | fbthrift = thrift/lib/rust 15 | 16 | [build] 17 | builder = cmake 18 | job_weight_mib = 2048 19 | 20 | [dependencies] 21 | fizz 22 | fmt 23 | folly 24 | googletest 25 | libsodium 26 | wangle 27 | zstd 28 | mvfst 29 | xxhash 30 | # Thrift also depends on openssl but since the latter requires a platform- 31 | # specific configuration we rely on the folly manifest to provide this 32 | # dependency to avoid duplication. 33 | 34 | [shipit.pathmap] 35 | xplat/thrift/public_tld = . 36 | xplat/thrift = thrift 37 | 38 | [shipit.strip] 39 | ^xplat/thrift/thrift-config\.h$ 40 | ^xplat/thrift/perf/canary.py$ 41 | ^xplat/thrift/perf/loadtest.py$ 42 | ^xplat/thrift/.castle/.* 43 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fizz: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fizz 3 | fbsource_path = fbcode/fizz 4 | shipit_project = fizz 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebookincubator/fizz.git 9 | 10 | [build] 11 | builder = cmake 12 | subdir = fizz 13 | 14 | [cmake.defines] 15 | BUILD_EXAMPLES = OFF 16 | 17 | [cmake.defines.test=on] 18 | BUILD_TESTS = ON 19 | 20 | [cmake.defines.all(os=windows, test=on)] 21 | BUILD_TESTS = OFF 22 | 23 | [cmake.defines.test=off] 24 | BUILD_TESTS = OFF 25 | 26 | [dependencies] 27 | folly 28 | liboqs 29 | libsodium 30 | zlib 31 | zstd 32 | 33 | [dependencies.all(test=on, not(os=windows))] 34 | googletest 35 | 36 | [shipit.pathmap] 37 | fbcode/fizz/public_tld = . 38 | fbcode/fizz = fizz 39 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/fmt: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = fmt 3 | 4 | [download] 5 | url = https://github.com/fmtlib/fmt/archive/refs/tags/11.0.2.tar.gz 6 | sha256 = 6cb1e6d37bdcb756dbbe59be438790db409cdb4868c66e888d5df9f13f7c027f 7 | 8 | [build] 9 | builder = cmake 10 | subdir = fmt-11.0.2 11 | 12 | [cmake.defines] 13 | FMT_TEST = OFF 14 | FMT_DOC = OFF 15 | 16 | [homebrew] 17 | fmt 18 | 19 | [rpms.distro=fedora] 20 | fmt-devel 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/gflags: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = gflags 3 | 4 | [download] 5 | url = https://github.com/gflags/gflags/archive/v2.2.2.tar.gz 6 | sha256 = 34af2f15cf7367513b352bdcd2493ab14ce43692d2dcd9dfc499492966c64dcf 7 | 8 | [build] 9 | builder = cmake 10 | subdir = gflags-2.2.2 11 | 12 | [cmake.defines] 13 | BUILD_SHARED_LIBS = ON 14 | BUILD_STATIC_LIBS = ON 15 | #BUILD_gflags_nothreads_LIB = OFF 16 | BUILD_gflags_LIB = ON 17 | 18 | [homebrew] 19 | gflags 20 | 21 | [debs] 22 | libgflags-dev 23 | 24 | [rpms.distro=fedora] 25 | gflags-devel 26 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/ghc: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = ghc 3 | 4 | [download.os=linux] 5 | url = https://downloads.haskell.org/~ghc/9.2.8/ghc-9.2.8-x86_64-fedora27-linux.tar.xz 6 | sha256 = 845f63cd365317bb764d81025554a2527dbe315d6fa268c9859e21b911bf2d3c 7 | 8 | [build] 9 | builder = autoconf 10 | subdir = ghc-9.2.8 11 | build_in_src_dir = true 12 | only_install = true 13 | 14 | [make.install_args] 15 | install 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/git-lfs: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = git-lfs 3 | 4 | [rpms] 5 | git-lfs 6 | 7 | [debs] 8 | git-lfs 9 | 10 | [homebrew] 11 | git-lfs 12 | 13 | # only used from system packages currently 14 | [build] 15 | builder = nop 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/glean: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = glean 3 | fbsource_path = fbcode/glean 4 | shipit_project = facebookincubator/Glean 5 | use_shipit = true 6 | 7 | [shipit.pathmap] 8 | # These are only used by target determinator to trigger builds, the 9 | # real path mappings are in the ShipIt config. 10 | fbcode/glean = glean 11 | fbcode/common/hs = hsthrift 12 | 13 | [subprojects] 14 | hsthrift = hsthrift 15 | 16 | [dependencies] 17 | cabal 18 | ghc 19 | gflags 20 | glog 21 | folly 22 | rocksdb 23 | xxhash 24 | llvm 25 | clang 26 | re2 27 | 28 | [build] 29 | builder = make 30 | 31 | [make.build_args] 32 | cabal-update 33 | all 34 | glean-hie 35 | glass 36 | glean-clang 37 | EXTRA_GHC_OPTS=-j4 +RTS -A32m -n4m -RTS 38 | CABAL_CONFIG_FLAGS=-f-hack-tests -f-typescript-tests -f-python-tests -f-dotnet-tests -f-go-tests -f-rust-tests -f-java-lsif-tests -f-flow-tests 39 | 40 | [make.install_args] 41 | install 42 | 43 | [make.test_args] 44 | test 45 | EXTRA_GHC_OPTS=-j4 +RTS -A32m -n4m -RTS 46 | CABAL_CONFIG_FLAGS=-f-hack-tests -f-typescript-tests -f-python-tests -f-dotnet-tests -f-go-tests -f-rust-tests -f-java-lsif-tests -f-flow-tests 47 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/glog: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = glog 3 | 4 | [download] 5 | url = https://github.com/google/glog/archive/v0.5.0.tar.gz 6 | sha256 = eede71f28371bf39aa69b45de23b329d37214016e2055269b3b5e7cfd40b59f5 7 | 8 | [build] 9 | builder = cmake 10 | subdir = glog-0.5.0 11 | 12 | [dependencies] 13 | gflags 14 | 15 | [cmake.defines] 16 | BUILD_SHARED_LIBS=ON 17 | BUILD_TESTING=NO 18 | WITH_PKGCONFIG=ON 19 | 20 | [cmake.defines.os=freebsd] 21 | HAVE_TR1_UNORDERED_MAP=OFF 22 | HAVE_TR1_UNORDERED_SET=OFF 23 | 24 | [homebrew] 25 | glog 26 | 27 | # on ubuntu glog brings in liblzma-dev, which in turn breaks watchman tests 28 | [debs.not(distro=ubuntu)] 29 | libgoogle-glog-dev 30 | 31 | [rpms.distro=fedora] 32 | glog-devel 33 | 34 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/googletest: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = googletest 3 | 4 | [download] 5 | url = https://github.com/google/googletest/archive/refs/tags/release-1.12.1.tar.gz 6 | sha256 = 81964fe578e9bd7c94dfdb09c8e4d6e6759e19967e397dbea48d1c10e45d0df2 7 | 8 | [build] 9 | builder = cmake 10 | subdir = googletest-release-1.12.1 11 | 12 | [cmake.defines] 13 | # Everything else defaults to the shared runtime, so tell gtest that 14 | # it should not use its choice of the static runtime 15 | gtest_force_shared_crt=ON 16 | 17 | [cmake.defines.os=windows] 18 | BUILD_SHARED_LIBS=ON 19 | 20 | [homebrew] 21 | googletest 22 | 23 | # packaged googletest is too old 24 | [debs.not(all(distro=ubuntu,any(distro_vers="18.04",distro_vers="20.04",distro_vers="22.04")))] 25 | libgtest-dev 26 | libgmock-dev 27 | 28 | [rpms.distro=fedora] 29 | gmock-devel 30 | gtest-devel 31 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/gperf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = gperf 3 | 4 | [download] 5 | url = http://ftp.gnu.org/pub/gnu/gperf/gperf-3.1.tar.gz 6 | sha256 = 588546b945bba4b70b6a3a616e80b4ab466e3f33024a352fc2198112cdbb3ae2 7 | 8 | [build.not(os=windows)] 9 | builder = autoconf 10 | subdir = gperf-3.1 11 | 12 | [build.os=windows] 13 | builder = nop 14 | 15 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/hexdump: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = hexdump 3 | 4 | [rpms] 5 | util-linux 6 | 7 | [debs] 8 | bsdmainutils 9 | 10 | # only used from system packages currently 11 | [build] 12 | builder = nop 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/hsthrift: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = hsthrift 3 | fbsource_path = fbcode/common/hs 4 | shipit_project = facebookincubator/hsthrift 5 | use_shipit = true 6 | 7 | [shipit.pathmap] 8 | # These are only used by target determinator to trigger builds, the 9 | # real path mappings are in the ShipIt config. 10 | fbcode/common/hs = . 11 | 12 | [dependencies] 13 | cabal 14 | ghc 15 | gflags 16 | glog 17 | folly 18 | fbthrift 19 | wangle 20 | fizz 21 | boost 22 | 23 | [build] 24 | builder = make 25 | 26 | [make.build_args] 27 | cabal-update 28 | all 29 | 30 | [make.install_args] 31 | install 32 | 33 | [make.test_args] 34 | test 35 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/iproute2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = iproute2 3 | 4 | [download] 5 | url = https://mirrors.edge.kernel.org/pub/linux/utils/net/iproute2/iproute2-4.12.0.tar.gz 6 | sha256 = 46612a1e2d01bb31932557bccdb1b8618cae9a439dfffc08ef35ed8e197f14ce 7 | 8 | [build.os=linux] 9 | builder = iproute2 10 | subdir = iproute2-4.12.0 11 | patchfile = iproute2_oss.patch 12 | 13 | [build.not(os=linux)] 14 | builder = nop 15 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/jom: -------------------------------------------------------------------------------- 1 | # jom is compatible with MSVC nmake, but adds the /j argment which 2 | # speeds up openssl build a lot 3 | [manifest] 4 | name = jom 5 | 6 | # see https://download.qt.io/official_releases/jom/changelog.txt for latest version 7 | [download.os=windows] 8 | url = https://download.qt.io/official_releases/jom/jom_1_1_4.zip 9 | sha256 = d533c1ef49214229681e90196ed2094691e8c4a0a0bef0b2c901debcb562682b 10 | 11 | [build.os=windows] 12 | builder = nop 13 | 14 | [install.files.os=windows] 15 | . = bin 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/jq: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = jq 3 | 4 | [rpms.distro=fedora] 5 | jq 6 | 7 | [homebrew] 8 | jq 9 | 10 | [download.not(os=windows)] 11 | # we use jq-1.7+ to get fix for number truncation https://github.com/jqlang/jq/pull/1752 12 | url = https://github.com/jqlang/jq/releases/download/jq-1.7.1/jq-1.7.1.tar.gz 13 | sha256 = 478c9ca129fd2e3443fe27314b455e211e0d8c60bc8ff7df703873deeee580c2 14 | 15 | [build.not(os=windows)] 16 | builder = autoconf 17 | subdir = jq-1.7.1 18 | 19 | [build.os=windows] 20 | builder = nop 21 | 22 | [autoconf.args] 23 | # This argument turns off some developers tool and it is recommended in jq's 24 | # README 25 | --disable-maintainer-mode 26 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/katran: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = katran 3 | fbsource_path = fbcode/katran 4 | shipit_project = katran 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebookincubator/katran.git 9 | 10 | [build.not(os=linux)] 11 | builder = nop 12 | 13 | [build.os=linux] 14 | builder = cmake 15 | subdir = . 16 | 17 | [cmake.defines.test=on] 18 | BUILD_TESTS=ON 19 | 20 | [cmake.defines.test=off] 21 | BUILD_TESTS=OFF 22 | 23 | [dependencies] 24 | folly 25 | fizz 26 | libbpf 27 | libmnl 28 | zlib 29 | googletest 30 | fmt 31 | 32 | [debs] 33 | libssl-dev 34 | 35 | [shipit.pathmap] 36 | fbcode/katran/public_root = . 37 | fbcode/katran = katran 38 | 39 | [shipit.strip] 40 | ^fbcode/katran/facebook 41 | ^fbcode/katran/OSS_SYNC 42 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libaio: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libaio 3 | 4 | [debs] 5 | libaio-dev 6 | 7 | [rpms.distro=centos_stream] 8 | libaio-devel 9 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libbpf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libbpf 3 | 4 | [download] 5 | url = https://github.com/libbpf/libbpf/archive/refs/tags/v0.7.0.tar.gz 6 | sha256 = 5083588ce5a3a620e395ee1e596af77b4ec5771ffc71cff2af49dfee38c06361 7 | 8 | # BPF only builds on linux, so make it a NOP on other platforms 9 | [build.not(os=linux)] 10 | builder = nop 11 | 12 | [build.os=linux] 13 | builder = make 14 | subdir = libbpf-0.7.0/src 15 | 16 | [make.build_args] 17 | BUILD_STATIC_ONLY=y 18 | 19 | # libbpf-0.3 requires uapi headers >= 5.8 20 | [make.install_args] 21 | install 22 | install_uapi_headers 23 | BUILD_STATIC_ONLY=y 24 | 25 | [dependencies] 26 | libelf 27 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libcurl: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libcurl 3 | 4 | [rpms] 5 | libcurl-devel 6 | libcurl-minimal 7 | 8 | [debs] 9 | libcurl4-openssl-dev 10 | 11 | [pps] 12 | libcurl-gnutls 13 | 14 | [download] 15 | url = https://curl.haxx.se/download/curl-7.65.1.tar.gz 16 | sha256 = 821aeb78421375f70e55381c9ad2474bf279fc454b791b7e95fc83562951c690 17 | 18 | [dependencies] 19 | nghttp2 20 | 21 | # We use system OpenSSL on Linux (see folly's manifest for details) 22 | [dependencies.not(os=linux)] 23 | openssl 24 | 25 | [build.not(os=windows)] 26 | builder = autoconf 27 | subdir = curl-7.65.1 28 | 29 | [autoconf.args] 30 | # fboss (which added the libcurl dep) doesn't need ldap so it is disabled here. 31 | # if someone in the future wants to add ldap for something else, it won't hurt 32 | # fboss. However, that would require adding an ldap manifest. 33 | # 34 | # For the same reason, we disable libssh2 and libidn2 which aren't really used 35 | # but would require adding manifests if we don't disable them. 36 | --disable-ldap 37 | --without-libssh2 38 | --without-libidn2 39 | 40 | [build.os=windows] 41 | builder = cmake 42 | subdir = curl-7.65.1 43 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libdwarf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libdwarf 3 | 4 | [rpms] 5 | libdwarf-devel 6 | libdwarf 7 | 8 | [debs] 9 | libdwarf-dev 10 | 11 | [homebrew] 12 | dwarfutils 13 | 14 | [download] 15 | url = https://www.prevanders.net/libdwarf-0.9.2.tar.xz 16 | sha256 = 22b66d06831a76f6a062126cdcad3fcc58540b89a1acb23c99f8861f50999ec3 17 | 18 | [build] 19 | builder = cmake 20 | subdir = libdwarf-0.9.2 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libelf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libelf 3 | 4 | [rpms] 5 | elfutils-libelf-devel-static 6 | 7 | [debs] 8 | libelf-dev 9 | 10 | [pps] 11 | libelf 12 | 13 | [download] 14 | url = https://ftp.osuosl.org/pub/blfs/conglomeration/libelf/libelf-0.8.13.tar.gz 15 | sha256 = 591a9b4ec81c1f2042a97aa60564e0cb79d041c52faa7416acb38bc95bd2c76d 16 | 17 | # libelf only makes sense on linux, so make it a NOP on other platforms 18 | [build.not(os=linux)] 19 | builder = nop 20 | 21 | [build.os=linux] 22 | builder = autoconf 23 | subdir = libelf-0.8.13 24 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libevent: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libevent 3 | 4 | [debs] 5 | libevent-dev 6 | 7 | [homebrew] 8 | libevent 9 | 10 | [rpms] 11 | libevent-devel 12 | 13 | [pps] 14 | libevent 15 | 16 | # Note that the CMakeLists.txt file is present only in 17 | # git repo and not in the release tarball, so take care 18 | # to use the github generated source tarball rather than 19 | # the explicitly uploaded source tarball 20 | [download] 21 | url = https://github.com/libevent/libevent/releases/download/release-2.1.12-stable/libevent-2.1.12-stable.tar.gz 22 | sha256 = 92e6de1be9ec176428fd2367677e61ceffc2ee1cb119035037a27d346b0403bb 23 | 24 | [build] 25 | builder = cmake 26 | subdir = libevent-2.1.12-stable 27 | 28 | [cmake.defines] 29 | EVENT__DISABLE_TESTS = ON 30 | EVENT__DISABLE_BENCHMARK = ON 31 | EVENT__DISABLE_SAMPLES = ON 32 | EVENT__DISABLE_REGRESS = ON 33 | 34 | [cmake.defines.shared_libs=on] 35 | EVENT__BUILD_SHARED_LIBRARIES = ON 36 | 37 | [cmake.defines.os=windows] 38 | EVENT__LIBRARY_TYPE = STATIC 39 | 40 | [dependencies.not(any(os=linux, os=freebsd))] 41 | openssl 42 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libffi: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libffi 3 | 4 | [debs] 5 | libffi-dev 6 | 7 | [homebrew] 8 | libffi 9 | 10 | [rpms] 11 | libffi-devel 12 | libffi 13 | 14 | [pps] 15 | libffi 16 | 17 | [download] 18 | url = https://github.com/libffi/libffi/releases/download/v3.4.2/libffi-3.4.2.tar.gz 19 | sha256 = 540fb721619a6aba3bdeef7d940d8e9e0e6d2c193595bc243241b77ff9e93620 20 | 21 | [build] 22 | builder = autoconf 23 | subdir = libffi-3.4.2 24 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libgit2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libgit2 3 | 4 | [homebrew] 5 | libgit2 6 | 7 | [rpms] 8 | libgit2-devel 9 | 10 | [pps] 11 | libgit2 12 | 13 | # Ubuntu 18.04 libgit2 has clash with libcurl4-openssl-dev as it depends on 14 | # libcurl4-gnutls-dev. Should be ok from 20.04 again 15 | # There is a description at https://github.com/r-hub/sysreqsdb/issues/77 16 | [debs.not(all(distro=ubuntu,distro_vers="18.04"))] 17 | libgit2-dev 18 | 19 | [download] 20 | url = https://github.com/libgit2/libgit2/archive/v0.28.1.tar.gz 21 | sha256 = 0ca11048795b0d6338f2e57717370208c2c97ad66c6d5eac0c97a8827d13936b 22 | 23 | [build] 24 | builder = cmake 25 | subdir = libgit2-0.28.1 26 | 27 | [cmake.defines] 28 | # Could turn this on if we also wanted to add a manifest for libssh2 29 | USE_SSH = OFF 30 | BUILD_CLAR = OFF 31 | # Have to build shared to work around annoying problems with cmake 32 | # mis-parsing the frameworks required to link this on macos :-/ 33 | BUILD_SHARED_LIBS = ON 34 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libgpiod: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libgpiod 3 | 4 | [download] 5 | url = https://cdn.kernel.org/pub/software/libs/libgpiod/libgpiod-1.6.tar.xz 6 | sha256 = 62908023d59e8cbb9137ddd14deec50ced862d8f9b8749f288d3dbe7967151ef 7 | 8 | [build] 9 | builder = autoconf 10 | subdir = libgpiod-1.6 11 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libiberty: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libiberty 3 | 4 | [rpms] 5 | binutils-devel 6 | binutils 7 | 8 | [debs] 9 | binutils-dev 10 | 11 | [download] 12 | url = https://ftp.gnu.org/gnu/binutils/binutils-2.43.tar.xz 13 | sha256 = b53606f443ac8f01d1d5fc9c39497f2af322d99e14cea5c0b4b124d630379365 14 | 15 | [dependencies] 16 | zlib 17 | 18 | [build] 19 | builder = autoconf 20 | subdir = binutils-2.43/libiberty 21 | patchfile = libiberty_install_pic_lib.patch 22 | 23 | # only build the parts needed for demangling 24 | # as we still want to use system linker and assembler etc 25 | [autoconf.args] 26 | --enable-install-libiberty 27 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libmnl: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libmnl 3 | 4 | [rpms] 5 | libmnl-devel 6 | 7 | # all centos 8 distros are missing this, 8 | # but its in fedora so may be back in a later version 9 | [rpms.not(all(any(distro=centos_stream,distro=centos),distro_vers=8))] 10 | libmnl-static 11 | 12 | [debs] 13 | libmnl-dev 14 | 15 | [pps] 16 | libmnl 17 | 18 | [download] 19 | url = http://www.netfilter.org/pub/libmnl/libmnl-1.0.4.tar.bz2 20 | sha256 = 171f89699f286a5854b72b91d06e8f8e3683064c5901fb09d954a9ab6f551f81 21 | 22 | [build.os=linux] 23 | builder = autoconf 24 | subdir = libmnl-1.0.4 25 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libnl: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libnl 3 | 4 | [rpms] 5 | libnl3-devel 6 | libnl3 7 | 8 | [debs] 9 | libnl-3-dev 10 | libnl-route-3-dev 11 | 12 | [pps] 13 | libnl 14 | 15 | [download] 16 | url = https://github.com/thom311/libnl/releases/download/libnl3_2_25/libnl-3.2.25.tar.gz 17 | sha256 = 8beb7590674957b931de6b7f81c530b85dc7c1ad8fbda015398bc1e8d1ce8ec5 18 | 19 | [build.os=linux] 20 | builder = autoconf 21 | subdir = libnl-3.2.25 22 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/liboqs: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = liboqs 3 | 4 | [download] 5 | url = https://github.com/open-quantum-safe/liboqs/archive/refs/tags/0.12.0.tar.gz 6 | sha256 = df999915204eb1eba311d89e83d1edd3a514d5a07374745d6a9e5b2dd0d59c08 7 | 8 | [build] 9 | builder = cmake 10 | subdir = liboqs-0.12.0 11 | 12 | [cmake.defines] 13 | OQS_MINIMAL_BUILD = KEM_kyber_512;KEM_kyber_768;KEM_kyber_1024;KEM_ml_kem_512;KEM_ml_kem_768;KEM_ml_kem_1024 14 | 15 | [dependencies] 16 | openssl 17 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libsai: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libsai 3 | 4 | [download] 5 | url = https://github.com/opencomputeproject/SAI/archive/v1.14.0.tar.gz 6 | sha256 = 4e3a1d010bda0c589db46e077725a2cd9624a5cc255c89d1caa79deb408d1fa7 7 | 8 | [build] 9 | builder = nop 10 | subdir = SAI-1.14.0 11 | 12 | [install.files] 13 | inc = include 14 | experimental = experimental 15 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libsodium: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libsodium 3 | 4 | [debs] 5 | libsodium-dev 6 | 7 | [homebrew] 8 | libsodium 9 | 10 | [rpms] 11 | libsodium-devel 12 | libsodium-static 13 | 14 | [pps] 15 | libsodium 16 | 17 | [download.not(os=windows)] 18 | url = https://github.com/jedisct1/libsodium/releases/download/1.0.20-RELEASE/libsodium-1.0.20.tar.gz 19 | sha256 = ebb65ef6ca439333c2bb41a0c1990587288da07f6c7fd07cb3a18cc18d30ce19 20 | 21 | [build.not(os=windows)] 22 | builder = autoconf 23 | subdir = libsodium-1.0.20 24 | 25 | [download.os=windows] 26 | url = https://github.com/jedisct1/libsodium/releases/download/1.0.20-RELEASE/libsodium-1.0.20-msvc.zip 27 | sha256 = 2ff97f9e3f5b341bdc808e698057bea1ae454f99e29ff6f9b62e14d0eb1b1baa 28 | 29 | [build.os=windows] 30 | builder = nop 31 | 32 | [install.files.os=windows] 33 | libsodium/x64/Release/v143/dynamic/libsodium.dll = bin/libsodium.dll 34 | libsodium/x64/Release/v143/dynamic/libsodium.lib = lib/libsodium.lib 35 | libsodium/x64/Release/v143/dynamic/libsodium.exp = lib/libsodium.exp 36 | libsodium/x64/Release/v143/dynamic/libsodium.pdb = lib/libsodium.pdb 37 | libsodium/include = include 38 | 39 | [autoconf.args] 40 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libtool: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libtool 3 | 4 | [homebrew] 5 | libtool 6 | 7 | [rpms] 8 | libtool 9 | 10 | [debs] 11 | libtool 12 | 13 | [pps] 14 | libtool 15 | 16 | [download] 17 | url = http://ftp.gnu.org/gnu/libtool/libtool-2.4.6.tar.gz 18 | sha256 = e3bd4d5d3d025a36c21dd6af7ea818a2afcd4dfc1ea5a17b39d7854bcd0c06e3 19 | 20 | [build] 21 | builder = autoconf 22 | subdir = libtool-2.4.6 23 | 24 | [dependencies] 25 | automake 26 | 27 | [autoconf.args] 28 | --enable-ltdl-install 29 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libunwind: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libunwind 3 | 4 | [rpms] 5 | libunwind-devel 6 | libunwind 7 | 8 | # on ubuntu this brings in liblzma-dev, which in turn breaks watchman tests 9 | [debs.not(distro=ubuntu)] 10 | libunwind-dev 11 | 12 | # The current libunwind v1.8.1 release has compiler issues with aarch64 (https://github.com/libunwind/libunwind/issues/702). 13 | # This more recent libunwind version (based on the latest commit, not a release version) got it fixed. 14 | [download] 15 | url = https://github.com/libunwind/libunwind/archive/f081cf42917bdd5c428b77850b473f31f81767cf.tar.gz 16 | sha256 = 4ff5c335c02d225491d6c885db827fb5fa505fee4e68b4d7e866efc0087e7264 17 | 18 | [build] 19 | builder = autoconf 20 | subdir = libunwind-f081cf42917bdd5c428b77850b473f31f81767cf 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libusb: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libusb 3 | 4 | [debs] 5 | libusb-1.0-0-dev 6 | 7 | [homebrew] 8 | libusb 9 | 10 | [rpms] 11 | libusb-devel 12 | libusb 13 | 14 | [pps] 15 | libusb 16 | 17 | [download] 18 | url = https://github.com/libusb/libusb/releases/download/v1.0.22/libusb-1.0.22.tar.bz2 19 | sha256 = 75aeb9d59a4fdb800d329a545c2e6799f732362193b465ea198f2aa275518157 20 | 21 | [build.os=linux] 22 | builder = autoconf 23 | subdir = libusb-1.0.22 24 | 25 | [autoconf.args] 26 | # fboss (which added the libusb dep) doesn't need udev so it is disabled here. 27 | # if someone in the future wants to add udev for something else, it won't hurt 28 | # fboss. 29 | --disable-udev 30 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/libyaml: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = libyaml 3 | 4 | [download] 5 | url = http://pyyaml.org/download/libyaml/yaml-0.1.7.tar.gz 6 | sha256 = 8088e457264a98ba451a90b8661fcb4f9d6f478f7265d48322a196cec2480729 7 | 8 | [build.os=linux] 9 | builder = autoconf 10 | subdir = yaml-0.1.7 11 | 12 | [build.not(os=linux)] 13 | builder = nop 14 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/llvm: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = llvm 3 | 4 | [rpms] 5 | llvm15-devel 6 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/lmdb: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = lmdb 3 | 4 | [build] 5 | builder = make 6 | subdir = lmdb-LMDB_0.9.31/libraries/liblmdb 7 | 8 | [download] 9 | url = https://github.com/LMDB/lmdb/archive/refs/tags/LMDB_0.9.31.tar.gz 10 | sha256 = dd70a8c67807b3b8532b3e987b0a4e998962ecc28643e1af5ec77696b081c9b0 11 | 12 | [make.build_args] 13 | BUILD_STATIC_ONLY=y 14 | 15 | [make.install_args] 16 | install 17 | BUILD_STATIC_ONLY=y 18 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/lz4: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = lz4 3 | 4 | [homebrew] 5 | lz4 6 | 7 | [rpms] 8 | lz4-devel 9 | # centos 8 and centos_stream 9 are missing this rpm 10 | [rpms.not(any(all(distro=centos,distro_vers=8),all(distro=centos_stream,distro_vers=9)))] 11 | lz4-static 12 | 13 | [debs] 14 | liblz4-dev 15 | 16 | [pps] 17 | lz4 18 | 19 | [download] 20 | url = https://github.com/lz4/lz4/archive/v1.8.3.tar.gz 21 | sha256 = 33af5936ac06536805f9745e0b6d61da606a1f8b4cc5c04dd3cbaca3b9b4fc43 22 | 23 | [build] 24 | builder = cmake 25 | subdir = lz4-1.8.3/contrib/cmake_unofficial 26 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/mcrouter: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = mcrouter 3 | 4 | [git] 5 | repo_url = https://github.com/facebook/mcrouter.git 6 | 7 | [dependencies] 8 | folly 9 | wangle 10 | fizz 11 | fbthrift 12 | mvfst 13 | ragel 14 | 15 | [build] 16 | builder = cmake 17 | subdir = . 18 | 19 | [cmake.defines.test=on] 20 | BUILD_TESTS=ON 21 | 22 | [cmake.defines.test=off] 23 | BUILD_TESTS=OFF 24 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/mononoke_integration: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = mononoke_integration 3 | fbsource_path = fbcode/eden 4 | shipit_project = eden 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/sapling.git 9 | 10 | [build.not(os=windows)] 11 | builder = make 12 | subdir = eden/mononoke/tests/integration 13 | 14 | [build.os=windows] 15 | # building Mononoke on windows is not supported 16 | builder = nop 17 | 18 | [make.build_args] 19 | build-getdeps 20 | 21 | [make.install_args] 22 | install-getdeps 23 | 24 | [make.test_args] 25 | test-getdeps 26 | 27 | [shipit.pathmap] 28 | fbcode/eden/mononoke/tests/integration = eden/mononoke/tests/integration 29 | 30 | [shipit.strip] 31 | ^.*/facebook/.*$ 32 | ^.*/fb/.*$ 33 | 34 | [dependencies] 35 | git-lfs 36 | jq 37 | mononoke 38 | nmap 39 | python 40 | python-click 41 | ripgrep 42 | sapling 43 | tree 44 | zstd 45 | 46 | [dependencies.os=linux] 47 | sqlite3 48 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/mvfst: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = mvfst 3 | fbsource_path = fbcode/quic 4 | shipit_project = mvfst 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/mvfst.git 9 | 10 | [build] 11 | builder = cmake 12 | subdir = . 13 | 14 | [cmake.defines.test=on] 15 | BUILD_TESTS = ON 16 | 17 | [cmake.defines.all(os=windows, test=on)] 18 | BUILD_TESTS = OFF 19 | 20 | [cmake.defines.test=off] 21 | BUILD_TESTS = OFF 22 | 23 | [dependencies] 24 | folly 25 | fizz 26 | 27 | [dependencies.all(test=on, not(os=windows))] 28 | googletest 29 | 30 | [shipit.pathmap] 31 | fbcode/quic/public_root = . 32 | fbcode/quic = quic 33 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/ncurses: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = ncurses 3 | 4 | [debs] 5 | libncurses-dev 6 | 7 | [homebrew] 8 | ncurses 9 | 10 | [rpms] 11 | ncurses-devel 12 | 13 | [download] 14 | url = https://ftp.gnu.org/pub/gnu/ncurses/ncurses-6.3.tar.gz 15 | sha256 = 97fc51ac2b085d4cde31ef4d2c3122c21abc217e9090a43a30fc5ec21684e059 16 | 17 | [build.not(os=windows)] 18 | builder = autoconf 19 | subdir = ncurses-6.3 20 | 21 | [autoconf.args] 22 | --without-cxx-binding 23 | --without-ada 24 | 25 | [autoconf.args.os=linux] 26 | --enable-shared 27 | --with-shared 28 | 29 | [build.os=windows] 30 | builder = nop 31 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/nghttp2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = nghttp2 3 | 4 | [rpms] 5 | libnghttp2-devel 6 | libnghttp2 7 | 8 | [debs] 9 | libnghttp2-dev 10 | 11 | [pps] 12 | libnghttp2 13 | 14 | [download] 15 | url = https://github.com/nghttp2/nghttp2/releases/download/v1.47.0/nghttp2-1.47.0.tar.gz 16 | sha256 = 62f50f0e9fc479e48b34e1526df8dd2e94136de4c426b7680048181606832b7c 17 | 18 | [build] 19 | builder = autoconf 20 | subdir = nghttp2-1.47.0 21 | 22 | [autoconf.args] 23 | --enable-lib-only 24 | --disable-dependency-tracking 25 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/ninja: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = ninja 3 | 4 | [debs] 5 | ninja-build 6 | 7 | [homebrew] 8 | ninja 9 | 10 | [rpms] 11 | ninja-build 12 | 13 | [pps] 14 | ninja 15 | 16 | [download.os=windows] 17 | url = https://github.com/ninja-build/ninja/releases/download/v1.10.2/ninja-win.zip 18 | sha256 = bbde850d247d2737c5764c927d1071cbb1f1957dcabda4a130fa8547c12c695f 19 | 20 | [build.os=windows] 21 | builder = nop 22 | 23 | [install.files.os=windows] 24 | ninja.exe = bin/ninja.exe 25 | 26 | [download.not(os=windows)] 27 | url = https://github.com/ninja-build/ninja/archive/v1.10.2.tar.gz 28 | sha256 = ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed 29 | 30 | [build.not(os=windows)] 31 | builder = ninja_bootstrap 32 | subdir = ninja-1.10.2 33 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/nlohmann-json: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = nlohmann-json 3 | 4 | [download] 5 | url = https://github.com/nlohmann/json/archive/refs/tags/v3.10.5.tar.gz 6 | sha256 = 5daca6ca216495edf89d167f808d1d03c4a4d929cef7da5e10f135ae1540c7e4 7 | 8 | [dependencies] 9 | 10 | [build] 11 | builder = cmake 12 | subdir = json-3.10.5 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/nmap: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = nmap 3 | 4 | [rpms] 5 | nmap 6 | nmap-ncat 7 | 8 | [debs] 9 | nmap 10 | 11 | # 18.04 combines ncat into the nmap package, newer need the separate one 12 | [debs.not(all(distro=ubuntu,distro_vers="18.04"))] 13 | ncat 14 | 15 | [download.not(os=windows)] 16 | url = https://api.github.com/repos/nmap/nmap/tarball/ef8213a36c2e89233c806753a57b5cd473605408 17 | sha256 = eda39e5a8ef4964fac7db16abf91cc11ff568eac0fa2d680b0bfa33b0ed71f4a 18 | 19 | [build.not(os=windows)] 20 | builder = autoconf 21 | subdir = nmap-nmap-ef8213a 22 | build_in_src_dir = true 23 | 24 | [build.os=windows] 25 | builder = nop 26 | 27 | [autoconf.args] 28 | # Without this option the build was filing to find some third party libraries 29 | # that we don't need 30 | enable_rdma=no 31 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/numa: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = numa 3 | 4 | [download] 5 | url = https://github.com/numactl/numactl/releases/download/v2.0.19/numactl-2.0.19.tar.gz 6 | sha256 = f2672a0381cb59196e9c246bf8bcc43d5568bc457700a697f1a1df762b9af884 7 | 8 | [build] 9 | builder = autoconf 10 | subdir = numactl-2.0.19 11 | 12 | [rpms.distro=centos_stream] 13 | numactl-devel 14 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/openr: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = openr 3 | fbsource_path = facebook/openr 4 | shipit_project = openr 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/openr.git 9 | 10 | [build.os=linux] 11 | builder = cmake 12 | # openr files take a lot of RAM to compile. 13 | job_weight_mib = 3072 14 | 15 | [build.not(os=linux)] 16 | # boost.fiber is required and that is not available on macos. 17 | builder = nop 18 | 19 | [dependencies] 20 | boost 21 | fb303 22 | fbthrift 23 | folly 24 | googletest 25 | re2 26 | range-v3 27 | 28 | [cmake.defines.test=on] 29 | BUILD_TESTS=ON 30 | ADD_ROOT_TESTS=OFF 31 | 32 | [cmake.defines.test=off] 33 | BUILD_TESTS=OFF 34 | 35 | 36 | [shipit.pathmap] 37 | fbcode/openr = openr 38 | fbcode/openr/public_tld = . 39 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/openssl: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = openssl 3 | 4 | [debs] 5 | libssl-dev 6 | 7 | [homebrew] 8 | openssl 9 | # on homebrew need the matching curl and ca- 10 | 11 | [rpms] 12 | openssl 13 | openssl-devel 14 | openssl-libs 15 | 16 | [pps] 17 | openssl 18 | 19 | # no need to download on the systems where we always use the system libs 20 | [download.not(any(os=linux, os=freebsd))] 21 | # match the openssl version packages in ubuntu LTS folly current supports 22 | url = https://www.openssl.org/source/openssl-3.0.15.tar.gz 23 | sha256 = 23c666d0edf20f14249b3d8f0368acaee9ab585b09e1de82107c66e1f3ec9533 24 | 25 | # We use the system openssl on these platforms even without --allow-system-packages 26 | [build.any(os=linux, os=freebsd)] 27 | builder = nop 28 | 29 | [build.not(any(os=linux, os=freebsd))] 30 | builder = openssl 31 | subdir = openssl-3.0.15 32 | 33 | [dependencies.os=windows] 34 | jom 35 | perl 36 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/osxfuse: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = osxfuse 3 | 4 | [download] 5 | url = https://github.com/osxfuse/osxfuse/archive/osxfuse-3.8.3.tar.gz 6 | sha256 = 93bab6731bdfe8dc1ef069483437270ce7fe5a370f933d40d8d0ef09ba846c0c 7 | 8 | [build] 9 | builder = nop 10 | 11 | [install.files] 12 | osxfuse-osxfuse-3.8.3/common = include 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/patchelf: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = patchelf 3 | 4 | [rpms] 5 | patchelf 6 | 7 | [debs] 8 | patchelf 9 | 10 | [pps] 11 | patchelf 12 | 13 | [download] 14 | url = https://github.com/NixOS/patchelf/archive/0.10.tar.gz 15 | sha256 = b3cb6bdedcef5607ce34a350cf0b182eb979f8f7bc31eae55a93a70a3f020d13 16 | 17 | [build] 18 | builder = autoconf 19 | subdir = patchelf-0.10 20 | 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/pcre2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = pcre2 3 | 4 | [homebrew] 5 | pcre2 6 | 7 | [rpms] 8 | pcre2-devel 9 | pcre-static 10 | 11 | [debs] 12 | libpcre2-dev 13 | 14 | [download] 15 | url = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-10.40/pcre2-10.40.tar.bz2 16 | sha256 = 14e4b83c4783933dc17e964318e6324f7cae1bc75d8f3c79bc6969f00c159d68 17 | 18 | [build] 19 | builder = cmake 20 | subdir = pcre2-10.40 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/perl: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = perl 3 | 4 | [download.os=windows] 5 | url = http://strawberryperl.com/download/5.28.1.1/strawberry-perl-5.28.1.1-64bit-portable.zip 6 | sha256 = 935c95ba096fa11c4e1b5188732e3832d330a2a79e9882ab7ba8460ddbca810d 7 | 8 | [build.os=windows] 9 | builder = nop 10 | subdir = perl 11 | 12 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/pexpect: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = pexpect 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/0e/3e/377007e3f36ec42f1b84ec322ee12141a9e10d808312e5738f52f80a232c/pexpect-4.7.0-py2.py3-none-any.whl 6 | sha256 = 2094eefdfcf37a1fdbfb9aa090862c1a4878e5c7e0e7e7088bdb511c558e5cd1 7 | 8 | [build] 9 | builder = python-wheel 10 | 11 | [dependencies] 12 | python-ptyprocess 13 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/proxygen: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = proxygen 3 | fbsource_path = fbcode/proxygen 4 | shipit_project = proxygen 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/proxygen.git 9 | 10 | [build.os=windows] 11 | builder = nop 12 | 13 | [build] 14 | builder = cmake 15 | subdir = . 16 | job_weight_mib = 3072 17 | 18 | [cmake.defines.test=on] 19 | BUILD_TESTS = ON 20 | 21 | [cmake.defines.test=off] 22 | BUILD_TESTS = OFF 23 | 24 | [dependencies] 25 | zlib 26 | gperf 27 | folly 28 | fizz 29 | wangle 30 | mvfst 31 | 32 | [dependencies.test=on] 33 | googletest 34 | 35 | [shipit.pathmap] 36 | fbcode/proxygen/public_tld = . 37 | fbcode/proxygen = proxygen 38 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python 3 | 4 | [homebrew] 5 | python@3.8 6 | 7 | [rpms] 8 | python3 9 | python3-devel 10 | 11 | # sapling needs dataclasses which arrive in 3.7, and the bionic python is 3.6 12 | [debs.all(distro=ubuntu,distro_vers="18.04")] 13 | python3.8-dev 14 | 15 | [debs.not(all(distro=ubuntu,distro_vers="18.04"))] 16 | python3-all-dev 17 | 18 | [pps] 19 | python3 20 | 21 | [download] 22 | url = https://www.python.org/ftp/python/3.8.13/Python-3.8.13.tgz 23 | sha256 = 903b92d76354366b1d9c4434d0c81643345cef87c1600adfa36095d7b00eede4 24 | 25 | [build] 26 | builder = autoconf 27 | subdir = Python-3.8.13 28 | 29 | [autoconf.args] 30 | --enable-shared 31 | --with-ensurepip=install 32 | 33 | # python's pkg-config libffi detection is broken 34 | # See https://bugs.python.org/issue34823 for clearest description 35 | # and pending PR https://github.com/python/cpython/pull/20451 36 | # The documented workaround requires an environment variable derived from 37 | # pkg-config to be passed into its configure step 38 | [autoconf.envcmd.LDFLAGS] 39 | pkg-config 40 | --libs-only-L 41 | libffi 42 | 43 | [dependencies] 44 | libffi 45 | # eden tests expect the python bz2 support 46 | bz2 47 | # eden tests expect the python curses support 48 | ncurses 49 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-click: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-click 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/d2/3d/fa76db83bf75c4f8d338c2fd15c8d33fdd7ad23a9b5e57eb6c5de26b430e/click-7.1.2-py2.py3-none-any.whl 6 | sha256 = dacca89f4bfadd5de3d7489b7c8a566eee0d3676333fbb50030263894c38c0dc 7 | 8 | [build] 9 | builder = python-wheel 10 | 11 | [rpms] 12 | python3-click 13 | 14 | [debs] 15 | python3-click 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-filelock: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-filelock 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/31/24/ee722b92f23b9ebd87783e893a75352c048bbbc1f67dce0d63b58b46cb48/filelock-3.3.2-py3-none-any.whl 6 | sha256 = bb2a1c717df74c48a2d00ed625e5a66f8572a3a30baacb7657add1d7bac4097b 7 | 8 | [build] 9 | builder = python-wheel 10 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-ptyprocess: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-ptyprocess 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/d1/29/605c2cc68a9992d18dada28206eeada56ea4bd07a239669da41674648b6f/ptyprocess-0.6.0-py2.py3-none-any.whl 6 | sha256 = d7cc528d76e76342423ca640335bd3633420dc1366f258cb31d05e865ef5ca1f 7 | 8 | [build] 9 | builder = python-wheel 10 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-setuptools: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-setuptools 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/c0/7a/3da654f49c95d0cc6e9549a855b5818e66a917e852ec608e77550c8dc08b/setuptools-69.1.1-py3-none-any.whl 6 | sha256 = 02fa291a0471b3a18b2b2481ed902af520c69e8ae0919c13da936542754b4c56 7 | 8 | [build] 9 | builder = python-wheel 10 | 11 | [rpms] 12 | python3-setuptools 13 | 14 | [homebrew] 15 | python-setuptools 16 | 17 | [debs] 18 | python3-setuptools 19 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-six: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-six 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/73/fb/00a976f728d0d1fecfe898238ce23f502a721c0ac0ecfedb80e0d88c64e9/six-1.12.0-py2.py3-none-any.whl 6 | sha256 = 3350809f0555b11f552448330d0b52d5f24c91a322ea4a15ef22629740f3761c 7 | 8 | [build] 9 | builder = python-wheel 10 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/python-toml: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = python-toml 3 | 4 | [download] 5 | url = https://files.pythonhosted.org/packages/a2/12/ced7105d2de62fa7c8fb5fce92cc4ce66b57c95fb875e9318dba7f8c5db0/toml-0.10.0-py2.py3-none-any.whl 6 | sha256 = 235682dd292d5899d361a811df37e04a8828a5b1da3115886b73cf81ebc9100e 7 | 8 | [build] 9 | builder = python-wheel 10 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/ragel: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = ragel 3 | 4 | [debs] 5 | ragel 6 | 7 | [homebrew] 8 | ragel 9 | 10 | [rpms] 11 | ragel 12 | 13 | [download] 14 | url = https://www.colm.net/files/ragel/ragel-6.10.tar.gz 15 | sha256 = 5f156edb65d20b856d638dd9ee2dfb43285914d9aa2b6ec779dac0270cd56c3f 16 | 17 | [build] 18 | builder = autoconf 19 | subdir = ragel-6.10 20 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/range-v3: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = range-v3 3 | 4 | [download] 5 | url = https://github.com/ericniebler/range-v3/archive/refs/tags/0.11.0.tar.gz 6 | sha256 = 376376615dbba43d3bef75aa590931431ecb49eb36d07bb726a19f680c75e20c 7 | 8 | 9 | [build] 10 | builder = cmake 11 | subdir = range-v3-0.11.0 12 | 13 | [cmake.defines] 14 | RANGE_V3_EXAMPLES=OFF 15 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/re2: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = re2 3 | 4 | [homebrew] 5 | re2 6 | 7 | [debs] 8 | libre2-dev 9 | 10 | [rpms] 11 | re2 12 | re2-devel 13 | 14 | [pps] 15 | re2 16 | 17 | [download] 18 | url = https://github.com/google/re2/archive/2020-11-01.tar.gz 19 | sha256 = 8903cc66c9d34c72e2bc91722288ebc7e3ec37787ecfef44d204b2d6281954d7 20 | 21 | [build] 22 | builder = cmake 23 | subdir = re2-2020-11-01 24 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/ripgrep: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = ripgrep 3 | 4 | [rpms] 5 | ripgrep 6 | 7 | [debs] 8 | ripgrep 9 | 10 | [homebrew] 11 | ripgrep 12 | 13 | # only used from system packages currently 14 | [build] 15 | builder = nop 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/rocksdb: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = rocksdb 3 | 4 | [download] 5 | url = https://github.com/facebook/rocksdb/archive/refs/tags/v8.7.3.zip 6 | sha256 = 36c06b61dc167f2455990d60dd88d734b73aa8c4dfc095243efd0243834c6cd3 7 | 8 | [dependencies] 9 | lz4 10 | snappy 11 | 12 | [build] 13 | builder = cmake 14 | subdir = rocksdb-8.7.3 15 | 16 | [cmake.defines] 17 | WITH_SNAPPY=ON 18 | WITH_LZ4=ON 19 | WITH_TESTS=OFF 20 | WITH_BENCHMARK_TOOLS=OFF 21 | # We get relocation errors with the static gflags lib, 22 | # and there's no clear way to make it pick the shared gflags 23 | # so just turn it off. 24 | WITH_GFLAGS=OFF 25 | # Disable the use of -Werror 26 | FAIL_ON_WARNINGS = OFF 27 | 28 | [cmake.defines.os=windows] 29 | ROCKSDB_INSTALL_ON_WINDOWS=ON 30 | # RocksDB hard codes the paths to the snappy libs to something 31 | # that doesn't exist; ignoring the usual cmake rules. As a result, 32 | # we can't build it with snappy without either patching rocksdb or 33 | # without introducing more complex logic to the build system to 34 | # connect the snappy build outputs to rocksdb's custom logic here. 35 | # Let's just turn it off on windows. 36 | WITH_SNAPPY=OFF 37 | WITH_LZ4=ON 38 | ROCKSDB_SKIP_THIRDPARTY=ON 39 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/rust-shed: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = rust-shed 3 | fbsource_path = fbcode/common/rust/shed 4 | shipit_project = rust-shed 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebookexperimental/rust-shed.git 9 | 10 | [build] 11 | builder = cargo 12 | 13 | [cargo] 14 | build_doc = true 15 | workspace_dir = 16 | 17 | [shipit.pathmap] 18 | fbcode/common/rust/shed = shed 19 | fbcode/common/rust/shed/public_autocargo = shed 20 | fbcode/common/rust/shed/public_tld = . 21 | tools/rust/ossconfigs = . 22 | 23 | [shipit.strip] 24 | ^fbcode/common/rust/shed/(?!public_autocargo|public_tld).+/Cargo\.toml$ 25 | 26 | [dependencies] 27 | fbthrift 28 | fb303 29 | 30 | # We use the system openssl on linux 31 | [dependencies.not(os=linux)] 32 | openssl 33 | 34 | [dependencies.fbsource=on] 35 | rust 36 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/snappy: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = snappy 3 | 4 | [homebrew] 5 | snappy 6 | 7 | [debs] 8 | libsnappy-dev 9 | 10 | [rpms] 11 | snappy-devel 12 | 13 | [pps] 14 | snappy 15 | 16 | [download] 17 | url = https://github.com/google/snappy/archive/1.1.7.tar.gz 18 | sha256 = 3dfa02e873ff51a11ee02b9ca391807f0c8ea0529a4924afa645fbf97163f9d4 19 | 20 | [build] 21 | builder = cmake 22 | subdir = snappy-1.1.7 23 | 24 | [cmake.defines] 25 | SNAPPY_BUILD_TESTS = OFF 26 | 27 | # Avoid problems like `relocation R_X86_64_PC32 against symbol` on ELF systems 28 | # when linking rocksdb, which builds PIC even when building a static lib 29 | [cmake.defines.os=linux] 30 | BUILD_SHARED_LIBS = ON 31 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/sparsemap: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = sparsemap 3 | 4 | [download] 5 | url = https://github.com/Tessil/sparse-map/archive/refs/tags/v0.6.2.tar.gz 6 | sha256 = 7020c21e8752e59d72e37456cd80000e18671c803890a3e55ae36b295eba99f6 7 | 8 | [build] 9 | builder = cmake 10 | subdir = sparse-map-0.6.2/ 11 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/sqlite3: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = sqlite3 3 | 4 | [debs] 5 | libsqlite3-dev 6 | sqlite3 7 | 8 | [homebrew] 9 | sqlite 10 | 11 | [rpms] 12 | sqlite-devel 13 | sqlite-libs 14 | sqlite 15 | 16 | [pps] 17 | sqlite3 18 | 19 | [download] 20 | url = https://sqlite.org/2019/sqlite-amalgamation-3280000.zip 21 | sha256 = d02fc4e95cfef672b45052e221617a050b7f2e20103661cda88387349a9b1327 22 | 23 | [dependencies] 24 | cmake 25 | ninja 26 | 27 | [build] 28 | builder = sqlite 29 | subdir = sqlite-amalgamation-3280000 30 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/systemd: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = systemd 3 | 4 | [rpms] 5 | systemd 6 | systemd-devel 7 | 8 | [download] 9 | url = https://github.com/systemd/systemd/archive/refs/tags/v256.7.tar.gz 10 | sha256 = 896d76ff65c88f5fd9e42f90d152b0579049158a163431dd77cdc57748b1d7b0 11 | 12 | 13 | [build] 14 | builder = systemd 15 | subdir = systemd-256.7 16 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/tree: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = tree 3 | 4 | [debs] 5 | tree 6 | 7 | [homebrew] 8 | tree 9 | 10 | [rpms] 11 | tree 12 | 13 | [download.os=linux] 14 | url = https://salsa.debian.org/debian/tree-packaging/-/archive/debian/1.8.0-1/tree-packaging-debian-1.8.0-1.tar.gz 15 | sha256 = a841eee1d52bfd64a48f54caab9937b9bd92935055c48885c4ab1ae4dab7fae5 16 | 17 | [download.os=darwin] 18 | # The official package of tree source requires users of non-Linux platform to 19 | # comment/uncomment certain lines in the Makefile to build for their platform. 20 | # Besauce getdeps.py doesn't have that functionality we just use this custom 21 | # fork of tree which has proper lines uncommented for a OSX build 22 | url = https://github.com/lukaspiatkowski/tree-command/archive/debian/1.8.0-1-macos.tar.gz 23 | sha256 = 9cbe889553d95cf5a2791dd0743795d46a3c092c5bba691769c0e5c52e11229e 24 | 25 | [build.os=linux] 26 | builder = make 27 | subdir = tree-packaging-debian-1.8.0-1 28 | 29 | [build.os=darwin] 30 | builder = make 31 | subdir = tree-command-debian-1.8.0-1-macos 32 | 33 | [build.os=windows] 34 | builder = nop 35 | 36 | [make.install_args] 37 | install 38 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/wangle: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = wangle 3 | fbsource_path = fbcode/wangle 4 | shipit_project = wangle 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/wangle.git 9 | 10 | [build] 11 | builder = cmake 12 | subdir = wangle 13 | 14 | [cmake.defines.test=on] 15 | BUILD_TESTS=ON 16 | 17 | [cmake.defines.test=off] 18 | BUILD_TESTS=OFF 19 | 20 | [dependencies] 21 | folly 22 | googletest 23 | fizz 24 | 25 | [shipit.pathmap] 26 | fbcode/wangle/public_tld = . 27 | fbcode/wangle = wangle 28 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/watchman: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = watchman 3 | fbsource_path = fbcode/watchman 4 | shipit_project = watchman 5 | shipit_fbcode_builder = true 6 | 7 | [git] 8 | repo_url = https://github.com/facebook/watchman.git 9 | 10 | [build] 11 | builder = cmake 12 | 13 | [dependencies] 14 | boost 15 | cpptoml 16 | edencommon 17 | fb303 18 | fbthrift 19 | folly 20 | pcre2 21 | googletest 22 | python-setuptools 23 | 24 | [dependencies.fbsource=on] 25 | rust 26 | 27 | [shipit.pathmap] 28 | fbcode/watchman = watchman 29 | fbcode/watchman/oss = . 30 | fbcode/eden/fs = eden/fs 31 | 32 | [shipit.strip] 33 | ^fbcode/eden/fs/(?!.*\.thrift|service/shipit_test_file\.txt) 34 | 35 | [cmake.defines.fb=on] 36 | ENABLE_EDEN_SUPPORT=ON 37 | IS_FB_BUILD=ON 38 | 39 | # FB macos specific settings 40 | [cmake.defines.all(fb=on,os=darwin)] 41 | # this path is coupled with the FB internal watchman-osx.spec 42 | WATCHMAN_STATE_DIR=/opt/facebook/watchman/var/run/watchman 43 | # tell cmake not to try to create /opt/facebook/... 44 | INSTALL_WATCHMAN_STATE_DIR=OFF 45 | USE_SYS_PYTHON=OFF 46 | 47 | [depends.environment] 48 | WATCHMAN_VERSION_OVERRIDE 49 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/xxhash: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = xxhash 3 | 4 | [download] 5 | url = https://github.com/Cyan4973/xxHash/archive/refs/tags/v0.8.2.tar.gz 6 | sha256 = baee0c6afd4f03165de7a4e67988d16f0f2b257b51d0e3cb91909302a26a79c4 7 | 8 | [rpms] 9 | xxhash-devel 10 | 11 | [debs] 12 | libxxhash-dev 13 | xxhash 14 | 15 | [homebrew] 16 | xxhash 17 | 18 | [build.not(os=windows)] 19 | builder = make 20 | subdir = xxHash-0.8.2 21 | 22 | [make.build_args] 23 | all 24 | 25 | [make.install_args] 26 | install 27 | 28 | [build.os=windows] 29 | builder = cmake 30 | subdir = xxHash-0.8.2/cmake_unofficial 31 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/xz: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = xz 3 | 4 | # ubuntu's package causes watchman's tests to hang 5 | [debs.not(distro=ubuntu)] 6 | liblzma-dev 7 | 8 | [homebrew] 9 | xz 10 | 11 | [rpms] 12 | xz-devel 13 | 14 | [download] 15 | url = https://tukaani.org/xz/xz-5.2.5.tar.gz 16 | sha256 = f6f4910fd033078738bd82bfba4f49219d03b17eb0794eb91efbae419f4aba10 17 | 18 | [build] 19 | builder = autoconf 20 | subdir = xz-5.2.5 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/yaml-cpp: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = yaml-cpp 3 | 4 | [download] 5 | url = https://github.com/jbeder/yaml-cpp/archive/yaml-cpp-0.6.2.tar.gz 6 | sha256 = e4d8560e163c3d875fd5d9e5542b5fd5bec810febdcba61481fe5fc4e6b1fd05 7 | 8 | [build.os=linux] 9 | builder = cmake 10 | subdir = yaml-cpp-yaml-cpp-0.6.2 11 | 12 | [build.not(os=linux)] 13 | builder = nop 14 | 15 | [dependencies] 16 | boost 17 | googletest 18 | 19 | [cmake.defines] 20 | YAML_CPP_BUILD_TESTS=OFF 21 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/zlib: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = zlib 3 | 4 | [debs] 5 | zlib1g-dev 6 | 7 | [homebrew] 8 | zlib 9 | 10 | [rpms.not(distro=fedora)] 11 | zlib-devel 12 | zlib-static 13 | 14 | [rpms.distro=fedora] 15 | zlib-ng-compat-devel 16 | zlib-ng-compat-static 17 | 18 | [pps] 19 | zlib 20 | 21 | [download] 22 | url = https://zlib.net/zlib-1.3.1.tar.gz 23 | sha256 = 9a93b2b7dfdac77ceba5a558a580e74667dd6fede4585b91eefb60f03b72df23 24 | 25 | [build] 26 | builder = cmake 27 | subdir = zlib-1.3.1 28 | patchfile = zlib_dont_build_more_than_needed.patch 29 | -------------------------------------------------------------------------------- /build/fbcode_builder/manifests/zstd: -------------------------------------------------------------------------------- 1 | [manifest] 2 | name = zstd 3 | 4 | [homebrew] 5 | zstd 6 | 7 | # 18.04 zstd is too old 8 | [debs.not(all(distro=ubuntu,distro_vers="18.04"))] 9 | libzstd-dev 10 | zstd 11 | 12 | [rpms] 13 | libzstd-devel 14 | libzstd 15 | 16 | [pps] 17 | zstd 18 | 19 | [download] 20 | url = https://github.com/facebook/zstd/releases/download/v1.5.5/zstd-1.5.5.tar.gz 21 | sha256 = 9c4396cc829cfae319a6e2615202e82aad41372073482fce286fac78646d3ee4 22 | 23 | [build] 24 | builder = cmake 25 | subdir = zstd-1.5.5/build/cmake 26 | 27 | # The zstd cmake build explicitly sets the install name 28 | # for the shared library in such a way that cmake discards 29 | # the path to the library from the install_name, rendering 30 | # the library non-resolvable during the build. The short 31 | # term solution for this is just to link static on macos. 32 | # 33 | # And while we're at it, let's just always link statically. 34 | [cmake.defines] 35 | ZSTD_BUILD_SHARED = OFF 36 | -------------------------------------------------------------------------------- /build/fbcode_builder/patches/boost_comparator_operator_fix.patch: -------------------------------------------------------------------------------- 1 | diff --git a/boost/serialization/strong_typedef.hpp b/boost/serialization/strong_typedef.hpp 2 | --- a/boost/serialization/strong_typedef.hpp 3 | +++ b/boost/serialization/strong_typedef.hpp 4 | @@ -44,6 +44,7 @@ 5 | operator const T&() const {return t;} \ 6 | operator T&() {return t;} \ 7 | bool operator==(const D& rhs) const {return t == rhs.t;} \ 8 | + bool operator==(const T& lhs) const {return t == lhs;} \ 9 | bool operator<(const D& rhs) const {return t < rhs.t;} \ 10 | }; 11 | 12 | -------------------------------------------------------------------------------- /build/fbcode_builder/patches/iproute2_oss.patch: -------------------------------------------------------------------------------- 1 | diff --git a/bridge/fdb.c b/bridge/fdb.c 2 | --- a/bridge/fdb.c 3 | +++ b/bridge/fdb.c 4 | @@ -31,7 +31,7 @@ 5 | 6 | static unsigned int filter_index, filter_vlan, filter_state; 7 | 8 | -json_writer_t *jw_global; 9 | +static json_writer_t *jw_global; 10 | 11 | static void usage(void) 12 | { 13 | diff --git a/ip/ipmroute.c b/ip/ipmroute.c 14 | --- a/ip/ipmroute.c 15 | +++ b/ip/ipmroute.c 16 | @@ -44,7 +44,7 @@ 17 | exit(-1); 18 | } 19 | 20 | -struct rtfilter { 21 | +static struct rtfilter { 22 | int tb; 23 | int af; 24 | int iif; 25 | diff --git a/ip/xfrm_monitor.c b/ip/xfrm_monitor.c 26 | --- a/ip/xfrm_monitor.c 27 | +++ b/ip/xfrm_monitor.c 28 | @@ -34,7 +34,7 @@ 29 | #include "ip_common.h" 30 | 31 | static void usage(void) __attribute__((noreturn)); 32 | -int listen_all_nsid; 33 | +static int listen_all_nsid; 34 | 35 | static void usage(void) 36 | { 37 | -------------------------------------------------------------------------------- /build/fbcode_builder/patches/libiberty_install_pic_lib.patch: -------------------------------------------------------------------------------- 1 | diff --git a/Makefile.in b/Makefile.in 2 | index b77a41c..cbe71fe 100644 3 | --- a/Makefile.in 4 | +++ b/Makefile.in 5 | @@ -389,7 +389,7 @@ MULTIOSDIR = `$(CC) $(CFLAGS) -print-multi-os-directory` 6 | install_to_libdir: all 7 | if test -n "${target_header_dir}"; then \ 8 | ${mkinstalldirs} $(DESTDIR)$(libdir)/$(MULTIOSDIR); \ 9 | - $(INSTALL_DATA) $(TARGETLIB) $(DESTDIR)$(libdir)/$(MULTIOSDIR)/$(TARGETLIB)n; \ 10 | + $(INSTALL_DATA) pic/$(TARGETLIB) $(DESTDIR)$(libdir)/$(MULTIOSDIR)/$(TARGETLIB)n; \ 11 | ( cd $(DESTDIR)$(libdir)/$(MULTIOSDIR) ; chmod 644 $(TARGETLIB)n ;$(RANLIB) $(TARGETLIB)n ); \ 12 | mv -f $(DESTDIR)$(libdir)/$(MULTIOSDIR)/$(TARGETLIB)n $(DESTDIR)$(libdir)/$(MULTIOSDIR)/$(TARGETLIB); \ 13 | case "${target_header_dir}" in \ 14 | -------------------------------------------------------------------------------- /fizz/BUILD_MODE.bzl: -------------------------------------------------------------------------------- 1 | # Copyright (c) Meta Platforms, Inc. and affiliates. 2 | # All rights reserved. 3 | # 4 | # This source code is licensed under the BSD-style license found in the 5 | # LICENSE file in the root directory of this source tree. 6 | 7 | """ build mode definitions for fizz """ 8 | 9 | load("@fbcode//:BUILD_MODE.bzl", get_parent_modes = "get_empty_modes") 10 | load("@fbcode//fizz:defs.bzl", "FIZZ_CXX_WARNINGS") 11 | load("@fbcode_macros//build_defs:create_build_mode.bzl", "extend_build_modes") 12 | 13 | _extra_cflags = [ 14 | ] 15 | 16 | _common_flags = FIZZ_CXX_WARNINGS 17 | 18 | _extra_clang_flags = _common_flags + [ 19 | # Default value for clang (3.4) is 256, change it to GCC's default value 20 | # (https://fburl.com/23278774). 21 | "-ftemplate-depth=900", 22 | ] 23 | 24 | _extra_gcc_flags = _common_flags + [ 25 | "-Wall", 26 | ] 27 | 28 | _tags = [ 29 | ] 30 | 31 | _modes = extend_build_modes( 32 | get_parent_modes(), 33 | c_flags = _extra_cflags, 34 | clang_flags = _extra_clang_flags, 35 | gcc_flags = _extra_gcc_flags, 36 | tags = _tags, 37 | ) 38 | 39 | def get_modes(): 40 | """ Return modes for this file """ 41 | return _modes 42 | -------------------------------------------------------------------------------- /fizz/backend/libaegis/LibAEGIS.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | #if FIZZ_HAVE_LIBAEGIS 16 | namespace fizz::libaegis { 17 | 18 | template 19 | std::unique_ptr makeCipher(); 20 | 21 | template <> 22 | std::unique_ptr makeCipher(); 23 | template <> 24 | std::unique_ptr makeCipher(); 25 | } // namespace fizz::libaegis 26 | #endif 27 | -------------------------------------------------------------------------------- /fizz/backend/liboqs/LibOQS.h: -------------------------------------------------------------------------------- 1 | // Copyright 2004-present Facebook. All Rights Reserved. 2 | #pragma once 3 | 4 | #include 5 | 6 | #if FIZZ_HAVE_OQS 7 | 8 | #include 9 | #include 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz::liboqs { 15 | 16 | template 17 | struct Properties; 18 | 19 | template <> 20 | struct Properties { 21 | static constexpr const char* id = OQS_KEM_alg_kyber_512; 22 | }; 23 | 24 | template <> 25 | struct Properties { 26 | static constexpr const char* id = OQS_KEM_alg_kyber_768; 27 | }; 28 | 29 | template <> 30 | struct Properties { 31 | static constexpr const char* id = OQS_KEM_alg_ml_kem_512; 32 | }; 33 | 34 | template <> 35 | struct Properties { 36 | static constexpr const char* id = OQS_KEM_alg_ml_kem_768; 37 | }; 38 | 39 | template 40 | std::unique_ptr makeKeyExchange(KeyExchangeRole role) { 41 | return OQSKeyExchange::createOQSKeyExchange(role, Properties::id); 42 | } 43 | 44 | } // namespace fizz::liboqs 45 | 46 | #endif 47 | -------------------------------------------------------------------------------- /fizz/backend/liboqs/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "oqs_key_exchange_test", 7 | srcs = [ 8 | "OQSKeyExchangeTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:liboqs", 12 | "//folly/portability:gtest", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /fizz/backend/libsodium/LibSodium.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | #include 14 | #include 15 | 16 | #include 17 | 18 | namespace fizz::libsodium { 19 | 20 | template 21 | std::unique_ptr makeKeyExchange(); 22 | 23 | template <> 24 | inline std::unique_ptr makeKeyExchange() { 25 | return std::make_unique(); 26 | } 27 | 28 | inline void random(unsigned char* out, size_t len) { 29 | return randombytes_buf(out, len); 30 | } 31 | 32 | } // namespace fizz::libsodium 33 | -------------------------------------------------------------------------------- /fizz/backend/openssl/Hasher.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz::openssl { 16 | 17 | template 18 | std::unique_ptr<::fizz::Hasher> makeHasher() { 19 | return std::make_unique<::fizz::openssl::Sha>(Properties::HashEngine()); 20 | } 21 | 22 | template 23 | inline constexpr auto hasherImpl = 24 | HasherFactoryWithMetadata::bind(makeHasher); 25 | 26 | template 27 | const HasherFactoryWithMetadata* hasherFactory() { 28 | return &hasherImpl; 29 | } 30 | 31 | } // namespace fizz::openssl 32 | -------------------------------------------------------------------------------- /fizz/backend/openssl/certificate/OpenSSLPeerCertImpl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | class PeerCert; 17 | enum class CertificateVerifyContext; 18 | 19 | namespace openssl { 20 | 21 | template 22 | class OpenSSLPeerCertImpl : public fizz::PeerCert { 23 | public: 24 | explicit OpenSSLPeerCertImpl(folly::ssl::X509UniquePtr cert); 25 | 26 | ~OpenSSLPeerCertImpl() override = default; 27 | 28 | [[nodiscard]] std::string getIdentity() const override; 29 | 30 | void verify( 31 | SignatureScheme scheme, 32 | CertificateVerifyContext context, 33 | folly::ByteRange toBeSigned, 34 | folly::ByteRange signature) const override; 35 | 36 | [[nodiscard]] folly::ssl::X509UniquePtr getX509() const override; 37 | 38 | protected: 39 | OpenSSLSignature signature_; 40 | folly::ssl::X509UniquePtr cert_; 41 | }; 42 | 43 | } // namespace openssl 44 | } // namespace fizz 45 | 46 | #include 47 | -------------------------------------------------------------------------------- /fizz/backend/openssl/certificate/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "cert_utils_test", 7 | srcs = ["CertUtilsTest.cpp"], 8 | deps = [ 9 | "//fizz/backend:openssl", 10 | "//fizz/protocol/test:cert_test_types", 11 | "//folly/portability:gtest", 12 | ], 13 | ) 14 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/ECCurve.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace openssl { 17 | 18 | template <> 19 | struct Properties { 20 | static constexpr int curveNid{NID_X9_62_prime256v1}; 21 | }; 22 | 23 | template <> 24 | struct Properties { 25 | static constexpr int curveNid{NID_secp384r1}; 26 | }; 27 | 28 | template <> 29 | struct Properties { 30 | static constexpr int curveNid{NID_secp521r1}; 31 | }; 32 | 33 | } // namespace openssl 34 | } // namespace fizz 35 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/OpenSSL.h: -------------------------------------------------------------------------------- 1 | // Copyright 2004-present Facebook. All Rights Reserved. 2 | 3 | #pragma once 4 | 5 | #include 6 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/Sha.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | namespace openssl { 13 | 14 | Sha::Sha(const EVP_MD* md) { 15 | digest_.hash_init(md); 16 | } 17 | void Sha::hash_update(folly::ByteRange data) { 18 | digest_.hash_update(data); 19 | } 20 | void Sha::hash_final(folly::MutableByteRange out) { 21 | digest_.hash_final(out); 22 | } 23 | std::unique_ptr Sha::clone() const { 24 | return std::make_unique(*this); 25 | } 26 | 27 | size_t Sha::getHashLen() const { 28 | return digest_.hash_size(); 29 | } 30 | 31 | size_t Sha::getBlockSize() const { 32 | return digest_.block_size(); 33 | } 34 | 35 | } // namespace openssl 36 | } // namespace fizz 37 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/Sha.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | namespace openssl { 18 | 19 | /** 20 | * Hash implementation using OpenSSL. 21 | */ 22 | class Sha : public fizz::Hasher { 23 | public: 24 | explicit Sha(const EVP_MD* md); 25 | 26 | using fizz::Hasher::hash_update; 27 | void hash_update(folly::ByteRange data) override; 28 | void hash_final(folly::MutableByteRange out) override; 29 | std::unique_ptr clone() const override; 30 | 31 | size_t getHashLen() const override; 32 | size_t getBlockSize() const override; 33 | 34 | private: 35 | folly::ssl::OpenSSLHash::Digest digest_; 36 | }; 37 | } // namespace openssl 38 | } // namespace fizz 39 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/aead/OpenSSLEVPCipher-inl.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | namespace fizz { 10 | namespace openssl { 11 | 12 | template 13 | std::unique_ptr OpenSSLEVPCipher::makeCipher() { 14 | static_assert(AeadCipher::kIVLength >= sizeof(uint64_t), "iv too small"); 15 | static_assert(AeadCipher::kIVLength < kMaxIVLength, "iv too large"); 16 | static_assert(AeadCipher::kTagLength < kMaxTagLength, "tag too large"); 17 | return std::unique_ptr(new OpenSSLEVPCipher( 18 | AeadCipher::kKeyLength, 19 | AeadCipher::kIVLength, 20 | AeadCipher::kTagLength, 21 | Properties::Cipher(), 22 | Properties::kOperatesInBlocks, 23 | Properties::kRequiresPresetTagLen)); 24 | } 25 | 26 | } // namespace openssl 27 | } // namespace fizz 28 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/aead/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "evpciphers", 7 | srcs = [ 8 | "EVPCipherTest.cpp", 9 | ], 10 | supports_static_listing = False, 11 | deps = [ 12 | "//fizz:config", 13 | "//fizz/crypto/aead:iobuf", 14 | "//fizz/crypto/aead/test:data", 15 | "//fizz/crypto/aead/test:test_util", 16 | "//fizz/crypto/test:TestUtil", 17 | "//fizz/record:record", 18 | "//folly:exception_wrapper", 19 | "//folly:string", 20 | "//folly/portability:gtest", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/exchange/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "ECKey", 7 | srcs = [ 8 | "ECKeyExchangeTest.cpp", 9 | ], 10 | supports_static_listing = False, 11 | deps = [ 12 | "//fizz/backend:openssl", 13 | "//fizz/crypto/test:TestKeys", 14 | "//fizz/crypto/test:TestUtil", 15 | "//folly:string", 16 | "//folly/portability:gtest", 17 | "//folly/ssl:openssl_ptr_types", 18 | ], 19 | external_deps = [ 20 | ("openssl", None, "crypto"), 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/signature/test/PeerCertVerify.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | using namespace testing; 16 | 17 | namespace fizz { 18 | namespace openssl { 19 | namespace test { 20 | 21 | class VerifyTest : public Test, 22 | public WithParamInterface {}; 23 | 24 | TEST_P(VerifyTest, PeerCertVerify) { 25 | fizz::test::testCertVerify(GetParam(), openssl::CertUtils::makePeerCert); 26 | } 27 | 28 | INSTANTIATE_TEST_SUITE_P( 29 | SignatureTestVectors, 30 | VerifyTest, 31 | ValuesIn(fizz::test::kSignatureTestVectors)); 32 | 33 | } // namespace test 34 | } // namespace openssl 35 | } // namespace fizz 36 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "hmac_test", 7 | srcs = [ 8 | "Hmac.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:HmacTest", 13 | "//folly/portability:gtest", 14 | ], 15 | ) 16 | 17 | fizz_cpp_unittest( 18 | name = "key_utils", 19 | srcs = [ 20 | "OpenSSLKeyUtilsTest.cpp", 21 | ], 22 | deps = [ 23 | "//fizz/backend:openssl", 24 | "//fizz/crypto/test:TestUtil", 25 | "//folly/portability:gtest", 26 | ], 27 | ) 28 | -------------------------------------------------------------------------------- /fizz/backend/openssl/crypto/test/Hmac.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | namespace fizz::openssl::test { 14 | 15 | class OpenSSLHmacTest : public ::testing::Test {}; 16 | 17 | TEST(OpenSSLHmacTest, TestSha256) { 18 | fizz::test::runHmacTest(fizz::openssl::hasherFactory()); 19 | } 20 | 21 | TEST(OpenSSLHmacTest, TestSha384) { 22 | fizz::test::runHmacTest(fizz::openssl::hasherFactory()); 23 | } 24 | 25 | TEST(OpenSSLHmacTest, TestSha512) { 26 | fizz::test::runHmacTest(fizz::openssl::hasherFactory()); 27 | } 28 | 29 | } // namespace fizz::openssl::test 30 | -------------------------------------------------------------------------------- /fizz/client/ClientExtensions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | /* 16 | * This class allows for Extensions to be added to Client Hello, and then 17 | * checked against EncryptedExtensions negotiated by the server. 18 | */ 19 | class ClientExtensions { 20 | public: 21 | virtual ~ClientExtensions() = default; 22 | 23 | /** 24 | * Returns a list of extensions to be added to the ClientHello. Note that this 25 | * can be called multiple times on a single connection (if a HelloRetryRequest 26 | * is received). 27 | */ 28 | virtual std::vector getClientHelloExtensions() const = 0; 29 | 30 | /** 31 | * Called with the extensions present in EncryptedExtensions. 32 | */ 33 | virtual void onEncryptedExtensions( 34 | const std::vector& extensions) = 0; 35 | }; 36 | } // namespace fizz 37 | -------------------------------------------------------------------------------- /fizz/client/ECHPolicy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz::client { 15 | 16 | class ECHPolicy { 17 | public: 18 | virtual ~ECHPolicy() = default; 19 | 20 | /** 21 | * Finds corresponding ech config from policies for the corresponding SNI. 22 | * @returns folly::none if config is not found, the ECH config for SNI 23 | * otherwise. 24 | */ 25 | virtual folly::Optional> getConfig( 26 | const std::string& hostname) const = 0; 27 | }; 28 | 29 | } // namespace fizz::client 30 | -------------------------------------------------------------------------------- /fizz/client/EarlyDataRejectionPolicy.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace client { 15 | 16 | enum class EarlyDataRejectionPolicy { 17 | /** 18 | * Treat early data rejection as a fatal error. An EARLY_DATA_REJECTED 19 | * AsyncSocketException will be delivered to the read callback. 20 | */ 21 | FatalConnectionError, 22 | 23 | /** 24 | * Automatically resend early data as normal data. Will only be done if the 25 | * following connection parameters match what was used for early data: 26 | * - Application Protocol 27 | * - TLS Protocol Version 28 | * - TLS Cipher Suite 29 | * - Client Identity 30 | * - Server Identity 31 | */ 32 | AutomaticResend, 33 | }; 34 | 35 | bool earlyParametersMatch(const State&); 36 | 37 | } // namespace client 38 | } // namespace fizz 39 | -------------------------------------------------------------------------------- /fizz/client/FizzClientContext.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include "fizz/client/FizzClientContext.h" 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace client { 15 | 16 | FizzClientContext::FizzClientContext() 17 | : factory_(std::make_shared()), 18 | clock_(std::make_shared()) {} 19 | 20 | void FizzClientContext::validate() const { 21 | // TODO: check supported sig schemes 22 | for (auto& c : supportedCiphers_) { 23 | if (!FIZZ_CONTEXT_VALIDATION_SHOULD_CHECK_CIPHER(c)) { 24 | continue; 25 | } 26 | // will throw if factory doesn't support this cipher 27 | factory_->makeAead(c); 28 | } 29 | 30 | for (auto& g : supportedGroups_) { 31 | // will throw if factory doesn't support this named group 32 | factory_->makeKeyExchange(g, KeyExchangeRole::Client); 33 | } 34 | 35 | for (auto& share : defaultShares_) { 36 | if (std::find(supportedGroups_.begin(), supportedGroups_.end(), share) == 37 | supportedGroups_.end()) { 38 | throw std::runtime_error("unsupported named group in default shares"); 39 | } 40 | } 41 | } 42 | 43 | } // namespace client 44 | } // namespace fizz 45 | -------------------------------------------------------------------------------- /fizz/client/MultiClientExtensions.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | namespace client { 13 | 14 | MultiClientExtensions::MultiClientExtensions( 15 | std::vector> extensions) 16 | : extensions_(std::move(extensions)) {} 17 | 18 | /** 19 | * For each extension in the provided list, get the associated Extensions 20 | * and combine into one vector. 21 | */ 22 | std::vector MultiClientExtensions::getClientHelloExtensions() const { 23 | std::vector result; 24 | for (const auto& ext : extensions_) { 25 | auto next = ext->getClientHelloExtensions(); 26 | result.insert( 27 | result.end(), 28 | std::make_move_iterator(next.begin()), 29 | std::make_move_iterator(next.end())); 30 | } 31 | return result; 32 | } 33 | 34 | void MultiClientExtensions::onEncryptedExtensions( 35 | const std::vector& extensions) { 36 | for (auto& ext : extensions_) { 37 | ext->onEncryptedExtensions(extensions); 38 | } 39 | } 40 | 41 | } // namespace client 42 | } // namespace fizz 43 | -------------------------------------------------------------------------------- /fizz/client/MultiClientExtensions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace client { 15 | 16 | /** 17 | * This class defines an interface which allows for multiple ClientExtensions 18 | * to be used at the same time.. 19 | */ 20 | class MultiClientExtensions : public ClientExtensions { 21 | public: 22 | explicit MultiClientExtensions( 23 | std::vector> extensions); 24 | 25 | /** 26 | * For each extension in the provided list, get the associated Extensions 27 | * and combine into one vector. 28 | */ 29 | std::vector getClientHelloExtensions() const override; 30 | 31 | /** 32 | * Call each extension's implementation of onEncryptedExtensions. 33 | */ 34 | void onEncryptedExtensions(const std::vector& extensions) override; 35 | 36 | private: 37 | std::vector> extensions_; 38 | }; 39 | 40 | } // namespace client 41 | } // namespace fizz 42 | -------------------------------------------------------------------------------- /fizz/client/PskSerializationUtils.h: -------------------------------------------------------------------------------- 1 | // Copyright 2004-present Facebook. All Rights Reserved. 2 | 3 | #pragma once 4 | 5 | #include 6 | #include 7 | 8 | namespace fizz { 9 | namespace client { 10 | std::string serializePsk( 11 | const CertificateSerialization& serializer, 12 | const fizz::client::CachedPsk& psk); 13 | fizz::client::CachedPsk deserializePsk( 14 | const CertificateSerialization& serializer, 15 | folly::ByteRange psk); 16 | } // namespace client 17 | } // namespace fizz 18 | -------------------------------------------------------------------------------- /fizz/client/SynchronizedLruPskCache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace client { 17 | 18 | /** 19 | * PSK cache that provides synchronization and caps the number of PSKs stored 20 | * internally. When the limit is reached, the least recently used PSK is 21 | * evicted. 22 | */ 23 | class SynchronizedLruPskCache : public PskCache { 24 | public: 25 | using EvictingPskMap = folly::EvictingCacheMap; 26 | ~SynchronizedLruPskCache() override = default; 27 | explicit SynchronizedLruPskCache(uint64_t mapMax); 28 | 29 | folly::Optional getPsk(const std::string& identity) override; 30 | 31 | void putPsk(const std::string& identity, CachedPsk psk) override; 32 | 33 | void removePsk(const std::string& identity) override; 34 | 35 | private: 36 | folly::Synchronized cache_; 37 | }; 38 | 39 | } // namespace client 40 | } // namespace fizz 41 | -------------------------------------------------------------------------------- /fizz/cmake/FindLibevent.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find Libevent 2 | # Once done, this will define 3 | # 4 | # LIBEVENT_FOUND - system has Libevent 5 | # LIBEVENT_INCLUDE_DIRS - the Libevent include directories 6 | # LIBEVENT_LIBRARIES - link these to use Libevent 7 | 8 | include(FindPackageHandleStandardArgs) 9 | 10 | find_library(LIBEVENT_LIBRARY event 11 | PATHS ${LIBEVENT_LIBRARYDIR}) 12 | 13 | find_path(LIBEVENT_INCLUDE_DIR event.h 14 | PATHS ${LIBEVENT_INCLUDEDIR}) 15 | 16 | find_package_handle_standard_args(libevent DEFAULT_MSG 17 | LIBEVENT_LIBRARY 18 | LIBEVENT_INCLUDE_DIR) 19 | 20 | mark_as_advanced( 21 | LIBEVENT_LIBRARY 22 | LIBEVENT_INCLUDE_DIR) 23 | 24 | set(LIBEVENT_LIBRARIES ${LIBEVENT_LIBRARY}) 25 | set(LIBEVENT_INCLUDE_DIRS ${LIBEVENT_INCLUDE_DIR}) 26 | -------------------------------------------------------------------------------- /fizz/cmake/FindLibrt.cmake: -------------------------------------------------------------------------------- 1 | # - Try to find librt 2 | # Once done, this will define 3 | # 4 | # LIBRT_FOUND - system has librt 5 | # LIBRT_LIBRARIES - link these to use librt 6 | 7 | include(FindPackageHandleStandardArgs) 8 | 9 | find_library(LIBRT_LIBRARY rt 10 | PATHS ${LIBRT_LIBRARYDIR}) 11 | 12 | find_package_handle_standard_args(librt DEFAULT_MSG LIBRT_LIBRARY) 13 | 14 | mark_as_advanced(LIBRT_LIBRARY) 15 | 16 | set(LIBRT_LIBRARIES ${LIBRT_LIBRARY}) 17 | -------------------------------------------------------------------------------- /fizz/cmake/FizzOptions.cmake: -------------------------------------------------------------------------------- 1 | # Copyright (c) 2018, Facebook, Inc. 2 | # All rights reserved. 3 | 4 | option(FIZZ_CERTIFICATE_USE_OPENSSL_CERT "Compiles Fizz Certificate with OpenSSL dependency" ON) 5 | -------------------------------------------------------------------------------- /fizz/compression/BrotliCertificateCompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | class BrotliCertificateCompressor : public CertificateCompressor { 15 | public: 16 | BrotliCertificateCompressor(); 17 | explicit BrotliCertificateCompressor(int compressLevel, int windowSize); 18 | ~BrotliCertificateCompressor() override = default; 19 | 20 | CertificateCompressionAlgorithm getAlgorithm() const override; 21 | 22 | CompressedCertificate compress(const CertificateMsg&) override; 23 | 24 | static constexpr int kDefaultCompressionLevel = 5; 25 | static constexpr int kDefaultWindowSize = 22; 26 | 27 | private: 28 | const int level_; 29 | const int windowSize_; 30 | }; 31 | } // namespace fizz 32 | -------------------------------------------------------------------------------- /fizz/compression/BrotliCertificateDecompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | class BrotliCertificateDecompressor : public CertificateDecompressor { 15 | public: 16 | ~BrotliCertificateDecompressor() override = default; 17 | 18 | CertificateCompressionAlgorithm getAlgorithm() const override; 19 | 20 | CertificateMsg decompress(const CompressedCertificate&) override; 21 | }; 22 | } // namespace fizz 23 | -------------------------------------------------------------------------------- /fizz/compression/CertificateCompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | class CertificateCompressor { 15 | public: 16 | virtual ~CertificateCompressor() = default; 17 | /* 18 | * Return what algorithm this class encodes/decodes. 19 | */ 20 | virtual CertificateCompressionAlgorithm getAlgorithm() const = 0; 21 | 22 | /* 23 | * Compress a given certificate message. Throws an exception if the 24 | * compression fails. 25 | */ 26 | virtual CompressedCertificate compress(const CertificateMsg&) = 0; 27 | }; 28 | 29 | class CertificateDecompressor { 30 | public: 31 | virtual ~CertificateDecompressor() = default; 32 | /* 33 | * Return what algorithm this class encodes/decodes. 34 | */ 35 | virtual CertificateCompressionAlgorithm getAlgorithm() const = 0; 36 | 37 | /* 38 | * Decompress a given compressed certificate message. Throws an exception 39 | * if decompression fails or if it fails parse the CertificateMessage. 40 | */ 41 | virtual CertificateMsg decompress(const CompressedCertificate&) = 0; 42 | }; 43 | } // namespace fizz 44 | -------------------------------------------------------------------------------- /fizz/compression/ZlibCertificateCompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | class ZlibCertificateCompressor : public CertificateCompressor { 16 | public: 17 | explicit ZlibCertificateCompressor(int compressLevel); 18 | ~ZlibCertificateCompressor() override = default; 19 | 20 | CertificateCompressionAlgorithm getAlgorithm() const override; 21 | 22 | CompressedCertificate compress(const CertificateMsg&) override; 23 | 24 | private: 25 | const int level_; 26 | }; 27 | } // namespace fizz 28 | -------------------------------------------------------------------------------- /fizz/compression/ZlibCertificateDecompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | class ZlibCertificateDecompressor : public CertificateDecompressor { 16 | public: 17 | ~ZlibCertificateDecompressor() override = default; 18 | 19 | CertificateCompressionAlgorithm getAlgorithm() const override; 20 | 21 | CertificateMsg decompress(const CompressedCertificate&) override; 22 | }; 23 | } // namespace fizz 24 | -------------------------------------------------------------------------------- /fizz/compression/ZstdCertificateCompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | class ZstdCertificateCompressor : public CertificateCompressor { 15 | public: 16 | explicit ZstdCertificateCompressor(int compressLevel); 17 | ~ZstdCertificateCompressor() override = default; 18 | 19 | CertificateCompressionAlgorithm getAlgorithm() const override; 20 | 21 | CompressedCertificate compress(const CertificateMsg&) override; 22 | 23 | private: 24 | const int level_; 25 | }; 26 | } // namespace fizz 27 | -------------------------------------------------------------------------------- /fizz/compression/ZstdCertificateDecompressor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | class ZstdCertificateDecompressor : public CertificateDecompressor { 15 | public: 16 | ~ZstdCertificateDecompressor() override = default; 17 | 18 | CertificateCompressionAlgorithm getAlgorithm() const override; 19 | 20 | CertificateMsg decompress(const CompressedCertificate&) override; 21 | }; 22 | } // namespace fizz 23 | -------------------------------------------------------------------------------- /fizz/compression/test/Mocks.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace test { 16 | 17 | using namespace testing; 18 | 19 | class MockCertificateCompressor : public CertificateCompressor { 20 | public: 21 | MOCK_METHOD(CertificateCompressionAlgorithm, getAlgorithm, (), (const)); 22 | MOCK_METHOD(CompressedCertificate, compress, (const CertificateMsg&)); 23 | void setDefaults() { 24 | ON_CALL(*this, getAlgorithm()).WillByDefault(InvokeWithoutArgs([]() { 25 | return CertificateCompressionAlgorithm::zlib; 26 | })); 27 | } 28 | }; 29 | 30 | class MockCertificateDecompressor : public CertificateDecompressor { 31 | public: 32 | MOCK_METHOD(CertificateCompressionAlgorithm, getAlgorithm, (), (const)); 33 | MOCK_METHOD(CertificateMsg, decompress, (const CompressedCertificate&)); 34 | void setDefaults() { 35 | ON_CALL(*this, getAlgorithm()).WillByDefault(InvokeWithoutArgs([]() { 36 | return CertificateCompressionAlgorithm::zlib; 37 | })); 38 | } 39 | }; 40 | } // namespace test 41 | } // namespace fizz 42 | -------------------------------------------------------------------------------- /fizz/config/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//tools/build_defs:fb_native_wrapper.bzl", "fb_native") 2 | 3 | oncall("mobile_networking_core") 4 | 5 | # Only applies when manually opted into with platforms:fizz-mobile 6 | fb_native.config_setting( 7 | name = "mobile", 8 | constraint_values = [ 9 | "fbsource//xplat/fizz/constraints:mobile", 10 | ], 11 | visibility = ["PUBLIC"], 12 | ) 13 | 14 | fb_native.config_setting( 15 | name = "xplat", 16 | constraint_values = [ 17 | "fbsource//xplat/fizz/constraints:xplat", 18 | ], 19 | visibility = ["PUBLIC"], 20 | ) 21 | 22 | fb_native.config_setting( 23 | name = "oqs-disabled", 24 | constraint_values = [ 25 | "fbsource//xplat/fizz/constraints:oqs-disabled", 26 | ], 27 | visibility = ["PUBLIC"], 28 | ) 29 | 30 | # Joint config for buck1 compatibility 31 | fb_native.config_setting( 32 | name = "mobile-oqs-disabled", 33 | constraint_values = [ 34 | "fbsource//xplat/fizz/constraints:mobile", 35 | "fbsource//xplat/fizz/constraints:oqs-disabled", 36 | ], 37 | visibility = ["PUBLIC"], 38 | ) 39 | -------------------------------------------------------------------------------- /fizz/constraints/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//tools/build_defs:fb_native_wrapper.bzl", "fb_native") 2 | 3 | oncall("mobile_networking_core") 4 | 5 | fb_native.constraint_setting( 6 | name = "profile", 7 | visibility = ["PUBLIC"], 8 | ) 9 | 10 | # Only applies when manually opted into with platforms:fizz-mobile 11 | fb_native.constraint_value( 12 | name = "mobile", 13 | constraint_setting = ":profile", 14 | visibility = ["PUBLIC"], 15 | ) 16 | 17 | fb_native.constraint_value( 18 | name = "xplat", 19 | constraint_setting = ":profile", 20 | visibility = ["PUBLIC"], 21 | ) 22 | 23 | fb_native.constraint_setting( 24 | name = "oqs", 25 | visibility = ["PUBLIC"], 26 | ) 27 | 28 | # Constrain a platform to not use liboqs-related components in Fizz 29 | fb_native.constraint_value( 30 | name = "oqs-disabled", 31 | constraint_setting = ":oqs", 32 | visibility = ["PUBLIC"], 33 | ) 34 | -------------------------------------------------------------------------------- /fizz/crypto/Crypto.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #if __cplusplus < 201703L 12 | constexpr folly::StringPiece fizz::Sha256::BlankHash; 13 | constexpr folly::StringPiece fizz::Sha384::BlankHash; 14 | constexpr folly::StringPiece fizz::Sha512::BlankHash; 15 | #endif 16 | -------------------------------------------------------------------------------- /fizz/crypto/Hasher.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | 13 | void hash( 14 | const HasherFactoryWithMetadata* makeHasher, 15 | const folly::IOBuf& in, 16 | folly::MutableByteRange out) { 17 | auto hasher = makeHasher->make(); 18 | 19 | CHECK_GE(out.size(), hasher->getHashLen()); 20 | 21 | hasher->hash_update(in); 22 | hasher->hash_final(out); 23 | } 24 | 25 | } // namespace fizz 26 | -------------------------------------------------------------------------------- /fizz/crypto/Hmac.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | /** 15 | * Puts `HMAC(key, in)` into `out` 16 | * `out` must be at least of size HashLen. 17 | */ 18 | void hmac( 19 | const HasherFactoryWithMetadata* makeHasher, 20 | folly::ByteRange key, 21 | const folly::IOBuf& in, 22 | folly::MutableByteRange out); 23 | } // namespace fizz 24 | -------------------------------------------------------------------------------- /fizz/crypto/Utils.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | 13 | namespace { 14 | 15 | class InitFizz { 16 | public: 17 | InitFizz() { 18 | if (sodium_init() == -1) { 19 | throw std::runtime_error("Couldn't init libsodium"); 20 | } 21 | } 22 | }; 23 | } // namespace 24 | 25 | namespace fizz { 26 | 27 | bool CryptoUtils::equal(folly::ByteRange a, folly::ByteRange b) { 28 | if (a.size() != b.size()) { 29 | return false; 30 | } 31 | return sodium_memcmp(a.data(), b.data(), a.size()) == 0; 32 | } 33 | 34 | void CryptoUtils::clean(folly::MutableByteRange range) { 35 | sodium_memzero(range.data(), range.size()); 36 | } 37 | 38 | void CryptoUtils::init() { 39 | static InitFizz initFizz; 40 | } 41 | } // namespace fizz 42 | -------------------------------------------------------------------------------- /fizz/crypto/Utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | struct CryptoUtils { 16 | /** 17 | * Returns true if a and b are identical. 18 | * 19 | * Constant time in terms of the contents of a and b (but not in terms of 20 | * length). 21 | */ 22 | static bool equal(folly::ByteRange a, folly::ByteRange b); 23 | 24 | /** 25 | * Overwrites the memory in range. 26 | */ 27 | static void clean(folly::MutableByteRange range); 28 | 29 | /** 30 | * Initialize all required crypto libraries. 31 | */ 32 | static void init(); 33 | }; 34 | } // namespace fizz 35 | -------------------------------------------------------------------------------- /fizz/crypto/aead/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "aead", 7 | headers = [ 8 | "Aead.h", 9 | ], 10 | exported_deps = [ 11 | "//folly:optional", 12 | "//folly/io:iobuf", 13 | ], 14 | ) 15 | 16 | fizz_cpp_library( 17 | name = "iobuf", 18 | srcs = [ 19 | "IOBufUtil.cpp", 20 | ], 21 | headers = [ 22 | "IOBufUtil.h", 23 | ], 24 | exported_deps = [ 25 | "//folly:range", 26 | "//folly/io:iobuf", 27 | ], 28 | ) 29 | 30 | fizz_cpp_library( 31 | name = "cryptoutil", 32 | headers = [ 33 | "CryptoUtil.h", 34 | ], 35 | exported_deps = [ 36 | ":aead", 37 | ":iobuf", 38 | "//folly:conv", 39 | "//folly:memory", 40 | "//folly:range", 41 | ], 42 | ) 43 | -------------------------------------------------------------------------------- /fizz/crypto/aead/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "mocks", 7 | headers = [ 8 | "Mocks.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/crypto/aead:aead", 12 | "//folly/portability:gmock", 13 | ], 14 | ) 15 | 16 | fizz_cpp_library( 17 | name = "data", 18 | headers = [ 19 | "Data.h", 20 | ], 21 | exported_deps = [ 22 | "//fizz/record:record", 23 | ], 24 | ) 25 | 26 | fizz_cpp_library( 27 | name = "test_util", 28 | srcs = [ 29 | "TestUtil.cpp", 30 | ], 31 | headers = [ 32 | "TestUtil.h", 33 | ], 34 | deps = [ 35 | "//fizz/crypto/aead:iobuf", 36 | ], 37 | exported_deps = [ 38 | "//folly:memory", 39 | "//folly:string", 40 | "//folly/io:iobuf", 41 | ], 42 | ) 43 | 44 | fizz_cpp_unittest( 45 | name = "util_test", 46 | srcs = [ 47 | "IOBufUtilTest.cpp", 48 | ], 49 | deps = [ 50 | "//fizz/crypto/aead:iobuf", 51 | "//folly/io:iobuf", 52 | "//folly/portability:gtest", 53 | ], 54 | ) 55 | -------------------------------------------------------------------------------- /fizz/crypto/aead/test/TestUtil.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | namespace test { 18 | 19 | using BufCreator = 20 | std::function(size_t len, size_t bufNum)>; 21 | 22 | // Creates an IOBuf using an exact size (rather than the built in size 23 | // heuristic) Useful for specifying exact sizes for tests. 24 | std::unique_ptr createBufExact(size_t len); 25 | 26 | // Converts the hex encoded string to an IOBuf. 27 | std::unique_ptr 28 | toIOBuf(std::string hexData, size_t headroom = 0, size_t tailroom = 0); 29 | 30 | std::unique_ptr chunkIOBuf( 31 | std::unique_ptr input, 32 | size_t chunks, 33 | BufCreator creator = nullptr); 34 | } // namespace test 35 | } // namespace fizz 36 | -------------------------------------------------------------------------------- /fizz/crypto/exchange/AsyncKeyExchange.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | /** 16 | * For computationally expensive key exchange algorithms, this interface makes 17 | * it possible to offload the work to be processed asynchronously. 18 | * Note: Current design is only for server. We need make each individual API 19 | * async if we want to adapt it to client. 20 | */ 21 | class AsyncKeyExchange : public KeyExchange { 22 | public: 23 | struct DoKexResult { 24 | public: 25 | std::unique_ptr sharedSecret; 26 | std::unique_ptr ourKeyShare; 27 | }; 28 | ~AsyncKeyExchange() override = default; 29 | /** 30 | * @param peerKeyShare : the public key sent by the peer 31 | * @return shared secret and key share to send to the peer 32 | */ 33 | virtual folly::SemiFuture doAsyncKexFuture( 34 | std::unique_ptr peerKeyShare) = 0; 35 | }; 36 | } // namespace fizz 37 | -------------------------------------------------------------------------------- /fizz/crypto/exchange/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "key_exchange", 7 | headers = [ 8 | "KeyExchange.h", 9 | ], 10 | exported_deps = [ 11 | "//folly:range", 12 | "//folly/io:iobuf", 13 | ], 14 | ) 15 | 16 | fizz_cpp_library( 17 | name = "async_key_exchange", 18 | headers = [ 19 | "AsyncKeyExchange.h", 20 | ], 21 | exported_deps = [ 22 | ":key_exchange", 23 | "//folly/futures:core", 24 | ], 25 | ) 26 | 27 | fizz_cpp_library( 28 | name = "hybrid_key_exchange", 29 | srcs = [ 30 | "HybridKeyExchange.cpp", 31 | ], 32 | headers = [ 33 | "HybridKeyExchange.h", 34 | ], 35 | exported_deps = [ 36 | ":key_exchange", 37 | ], 38 | ) 39 | -------------------------------------------------------------------------------- /fizz/crypto/exchange/HybridKeyExchange.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | /** 15 | * Hybrid key exchange. It calls the selected key exchange algorithm X and Y and 16 | * concatenates the results together. Note the order of X and Y matters: Y's 17 | * stuff is concatenated to X's stuff. This class is written in compliance with 18 | * draft-ietf-tls-hybrid-design-04. 19 | */ 20 | class HybridKeyExchange : public KeyExchange { 21 | public: 22 | HybridKeyExchange( 23 | std::unique_ptr first, 24 | std::unique_ptr second); 25 | 26 | ~HybridKeyExchange() override = default; 27 | 28 | void generateKeyPair() override; 29 | 30 | std::unique_ptr getKeyShare() const override; 31 | 32 | std::unique_ptr generateSharedSecret( 33 | folly::ByteRange keyShare) const override; 34 | 35 | std::unique_ptr clone() const override; 36 | 37 | std::size_t getExpectedKeyShareSize() const override; 38 | 39 | private: 40 | std::unique_ptr firstKex_; 41 | std::unique_ptr secondKex_; 42 | }; 43 | } // namespace fizz 44 | -------------------------------------------------------------------------------- /fizz/crypto/exchange/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "mocks", 7 | headers = [ 8 | "Mocks.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/crypto/exchange:async_key_exchange", 12 | "//fizz/crypto/exchange:key_exchange", 13 | "//folly/portability:gmock", 14 | ], 15 | ) 16 | 17 | fizz_cpp_unittest( 18 | name = "x25519", 19 | srcs = [ 20 | "X25519KeyExchangeTest.cpp", 21 | ], 22 | deps = [ 23 | "//fizz/backend:libsodium", 24 | "//folly:range", 25 | "//folly:string", 26 | "//folly/portability:gtest", 27 | ], 28 | ) 29 | 30 | fizz_cpp_unittest( 31 | name = "HybridExchange", 32 | srcs = [ 33 | "HybridKeyExchangeTest.cpp", 34 | ], 35 | deps = [ 36 | ":mocks", 37 | "//fizz/crypto/exchange:hybrid_key_exchange", 38 | "//folly/portability:gtest", 39 | ], 40 | ) 41 | -------------------------------------------------------------------------------- /fizz/crypto/hpke/Types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace hpke { 15 | 16 | using HpkeSuiteId = std::unique_ptr; 17 | 18 | enum class KEMId : uint16_t { 19 | secp256r1 = 0x0010, 20 | secp384r1 = 0x0011, 21 | secp521r1 = 0x0012, 22 | x25519 = 0x0020, 23 | x448 = 0x0021, 24 | }; 25 | 26 | enum class KDFId : uint16_t { 27 | Sha256 = 0x0001, 28 | Sha384 = 0x0002, 29 | Sha512 = 0x0003, 30 | }; 31 | 32 | enum class AeadId : uint16_t { 33 | TLS_AES_128_GCM_SHA256 = 0x0001, 34 | TLS_AES_256_GCM_SHA384 = 0x0002, 35 | TLS_CHACHA20_POLY1305_SHA256 = 0x0003, 36 | }; 37 | 38 | enum class Mode : uint8_t { 39 | Base = 0x00, 40 | Psk = 0x01, 41 | Auth = 0x02, 42 | AuthPsk = 0x03, 43 | }; 44 | 45 | } // namespace hpke 46 | } // namespace fizz 47 | -------------------------------------------------------------------------------- /fizz/crypto/test/HashTest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | #include 11 | #include 12 | #include 13 | 14 | namespace fizz::test { 15 | 16 | struct HashTestVector { 17 | std::string message; 18 | std::map digest; 19 | }; 20 | 21 | extern const std::vector kHashTestVectors; 22 | 23 | void runHashTestWithFizzHasher( 24 | const fizz::HasherFactoryWithMetadata* makeHasher); 25 | void runHashTestWithCloning(const fizz::HasherFactoryWithMetadata* makeHasher); 26 | } // namespace fizz::test 27 | -------------------------------------------------------------------------------- /fizz/crypto/test/HmacTest.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | #include 11 | #include 12 | #include 13 | 14 | namespace fizz::test { 15 | 16 | struct HmacTestVector { 17 | std::string key; 18 | std::string data; 19 | std::map hmac; 20 | std::optional truncatedOutSize; 21 | }; 22 | 23 | extern const std::vector kHmacTestVectors; 24 | 25 | void runHmacTest(const fizz::HasherFactoryWithMetadata* makeHasher); 26 | } // namespace fizz::test 27 | -------------------------------------------------------------------------------- /fizz/crypto/test/RandomGeneratorTest.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | 13 | #include 14 | 15 | namespace fizz { 16 | namespace test { 17 | 18 | TEST(RandomGeneratorTest, TestRandom) { 19 | useMockRandom(); 20 | 21 | auto random = RandomGenerator<32>().generateRandom(); 22 | std::array expected; 23 | expected.fill(0x44); 24 | EXPECT_EQ(random, expected); 25 | } 26 | 27 | TEST(RandomGeneratorTest, TestRandomUInt32) { 28 | useMockRandom(); 29 | 30 | auto random = RandomNumGenerator().generateRandom(); 31 | EXPECT_EQ(random, 0x44444444); 32 | } 33 | 34 | TEST(RandomGeneratorTest, TestRandomBuf) { 35 | useMockRandom(); 36 | auto random = RandomBufGenerator(32).generateRandom(); 37 | auto expected = folly::IOBuf::create(32); 38 | memset(expected->writableData(), 0x44, 32); 39 | expected->append(32); 40 | EXPECT_TRUE(folly::IOBufEqualTo()(random, expected)); 41 | } 42 | } // namespace test 43 | } // namespace fizz 44 | -------------------------------------------------------------------------------- /fizz/crypto/test/Signature.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace test { 16 | 17 | void testCertVerify( 18 | SignatureTestData testCase, 19 | std::unique_ptr (*makePeerCert)(Buf)); 20 | } // namespace test 21 | } // namespace fizz 22 | -------------------------------------------------------------------------------- /fizz/crypto/test/SignatureTestData.h: -------------------------------------------------------------------------------- 1 | /** 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | #pragma once 9 | 10 | #include 11 | 12 | namespace fizz::test { 13 | 14 | struct SignatureTestData { 15 | fizz::SignatureScheme sigScheme; 16 | std::string sig; 17 | bool validSig; 18 | std::string certDer; 19 | bool validCert; 20 | std::string msg; 21 | std::string msgHash; 22 | }; 23 | 24 | // test data created using openssl cli 25 | extern const std::vector kSignatureTestVectors; 26 | } // namespace fizz::test 27 | -------------------------------------------------------------------------------- /fizz/crypto/test/TestUtil.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | #include 17 | 18 | // @lint-ignore-every PRIVATEKEY 19 | 20 | namespace fizz { 21 | namespace test { 22 | 23 | std::unique_ptr toIOBuf(folly::StringPiece hexData); 24 | 25 | folly::ssl::EvpPkeyUniquePtr getPrivateKey(folly::StringPiece key); 26 | 27 | folly::ssl::EvpPkeyUniquePtr getPublicKey(folly::StringPiece key); 28 | 29 | folly::ssl::X509UniquePtr getCert(folly::StringPiece cert); 30 | 31 | std::unique_ptr getCertData(folly::StringPiece cert); 32 | 33 | void useMockRandom(); 34 | 35 | std::unique_ptr getCipher(CipherSuite cipher); 36 | 37 | } // namespace test 38 | } // namespace fizz 39 | -------------------------------------------------------------------------------- /fizz/crypto/test/UtilsTest.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | 13 | using namespace folly; 14 | 15 | namespace fizz { 16 | namespace test { 17 | 18 | TEST(UtilsTest, TestEqualWrongSize) { 19 | StringPiece a{"hi"}; 20 | StringPiece b{"hello"}; 21 | EXPECT_FALSE(CryptoUtils::equal(a, b)); 22 | EXPECT_FALSE(CryptoUtils::equal(b, a)); 23 | } 24 | 25 | TEST(UtilsTest, TestEqual) { 26 | StringPiece a{"hello!!"}; 27 | StringPiece b{"hello!!"}; 28 | StringPiece c{"goodbye"}; 29 | EXPECT_TRUE(CryptoUtils::equal(a, b)); 30 | EXPECT_FALSE(CryptoUtils::equal(a, c)); 31 | } 32 | 33 | TEST(UtilsTest, TestClean) { 34 | std::array a{'p', 'a', 's', 's', 'w', 'o', 'r', 'd'}; 35 | CryptoUtils::clean(range(a)); 36 | for (auto byte : a) { 37 | EXPECT_EQ(byte, 0); 38 | } 39 | } 40 | } // namespace test 41 | } // namespace fizz 42 | -------------------------------------------------------------------------------- /fizz/experimental/batcher/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "batcher", 7 | headers = [ 8 | "Batcher.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/experimental/crypto:batch_signature", 12 | "//fizz/experimental/protocol:batch_signature_types", 13 | "//fizz/server:async_self_cert", 14 | "//folly/futures:shared_promise", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /fizz/experimental/batcher/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "batcher_test", 7 | srcs = [ 8 | "BatcherTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:TestUtil", 13 | "//fizz/experimental/batcher:batcher", 14 | "//fizz/experimental/client:batch_signature_peer_cert", 15 | "//fizz/experimental/server:batch_signature_async_self_cert", 16 | "//fizz/server/test:mocks", 17 | "//folly/portability:gtest", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /fizz/experimental/client/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "batch_signature_peer_cert", 7 | srcs = [ 8 | "BatchSignaturePeerCert.cpp", 9 | ], 10 | headers = [ 11 | "BatchSignaturePeerCert.h", 12 | ], 13 | exported_deps = [ 14 | "//fizz/experimental/crypto:batch_signature", 15 | "//fizz/experimental/protocol:batch_signature_types", 16 | "//fizz/protocol:certificate", 17 | ], 18 | ) 19 | -------------------------------------------------------------------------------- /fizz/experimental/client/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "batch_signature_peer_cert_test", 7 | srcs = [ 8 | "BatchSignaturePeerCertTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:TestUtil", 13 | "//fizz/experimental/batcher:batcher", 14 | "//fizz/experimental/client:batch_signature_peer_cert", 15 | "//fizz/experimental/server:batch_signature_async_self_cert", 16 | "//fizz/protocol/test:mocks", 17 | "//folly/executors:manual_executor", 18 | "//folly/portability:gtest", 19 | ], 20 | ) 21 | -------------------------------------------------------------------------------- /fizz/experimental/crypto/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "merkle_tree", 7 | headers = [ 8 | "MerkleTree.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto:random", 13 | "//fizz/record:record", 14 | "//folly/container:f14_hash", 15 | ], 16 | ) 17 | 18 | fizz_cpp_library( 19 | name = "batch_signature", 20 | headers = [ 21 | "BatchSignature.h", 22 | ], 23 | exported_deps = [ 24 | ":merkle_tree", 25 | "//fizz/record:record", 26 | ], 27 | ) 28 | -------------------------------------------------------------------------------- /fizz/experimental/crypto/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "merkle_tree_test", 7 | srcs = [ 8 | "MerkleTreeTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:TestUtil", 13 | "//fizz/experimental/crypto:merkle_tree", 14 | "//folly/portability:gtest", 15 | ], 16 | ) 17 | 18 | fizz_cpp_unittest( 19 | name = "batch_signature_test", 20 | srcs = [ 21 | "BatchSignatureTest.cpp", 22 | ], 23 | deps = [ 24 | "//fizz/crypto/test:TestUtil", 25 | "//fizz/experimental/crypto:batch_signature", 26 | "//folly/io:iobuf", 27 | "//folly/portability:gtest", 28 | ], 29 | ) 30 | -------------------------------------------------------------------------------- /fizz/experimental/ktls/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "ktls", 7 | srcs = [ 8 | "AsyncFizzBaseKTLS.cpp", 9 | "AsyncKTLSSocket.cpp", 10 | "FizzKTLSCallback.cpp", 11 | "KTLS.cpp", 12 | ], 13 | headers = [ 14 | "AsyncFizzBaseKTLS.h", 15 | "AsyncKTLSSocket.h", 16 | "FizzKTLSCallback.h", 17 | "KTLS.h", 18 | "LinuxKTLS.h", 19 | ], 20 | deps = [ 21 | "//fizz/backend:openssl", 22 | "//fizz/client:state", 23 | "//folly:file", 24 | "//folly/portability:sockets", 25 | ], 26 | exported_deps = [ 27 | "//fizz/crypto/aead:aead", 28 | "//fizz/experimental/util:cert_extraction", 29 | "//fizz/protocol:async_fizz_base", 30 | "//fizz/protocol:key_scheduler", 31 | "//fizz/record:record", 32 | "//fizz/record:record_layer", 33 | "//folly:c_portability", 34 | "//folly:exception_wrapper", 35 | "//folly:expected", 36 | "//folly:function", 37 | "//folly/io/async:async_socket", 38 | "//folly/net:network_socket", 39 | ], 40 | exported_external_deps = [ 41 | "glog", 42 | ], 43 | ) 44 | -------------------------------------------------------------------------------- /fizz/experimental/ktls/FizzKTLSCallback.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Facebook, Inc. and its affiliates. 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | */ 16 | 17 | #include 18 | 19 | namespace fizz { 20 | 21 | void KTLSCallbackImpl::receivedNewSessionTicket( 22 | AsyncKTLSSocket*, 23 | fizz::NewSessionTicket nst) { 24 | if (!ticketHandler_ || !keyScheduler_) { 25 | return; 26 | } 27 | ticketHandler_(*keyScheduler_, std::move(nst)); 28 | } 29 | } // namespace fizz 30 | -------------------------------------------------------------------------------- /fizz/experimental/protocol/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "batch_signature_factory", 7 | headers = [ 8 | "BatchSignatureFactory.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/experimental/client:batch_signature_peer_cert", 12 | "//fizz/protocol:factory", 13 | ], 14 | ) 15 | 16 | fizz_cpp_library( 17 | name = "batch_signature_types", 18 | srcs = [ 19 | "BatchSignatureTypes.cpp", 20 | ], 21 | headers = [ 22 | "BatchSignatureTypes.h", 23 | ], 24 | exported_deps = [ 25 | "//fizz/backend:openssl", 26 | "//fizz/record:record", 27 | ], 28 | ) 29 | -------------------------------------------------------------------------------- /fizz/experimental/protocol/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "batch_signature_types_test", 7 | srcs = [ 8 | "BatchSignatureTypesTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/experimental/protocol:batch_signature_types", 12 | "//folly/portability:gmock", 13 | "//folly/portability:gtest", 14 | ], 15 | ) 16 | -------------------------------------------------------------------------------- /fizz/experimental/server/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "batch_signature_async_self_cert", 7 | headers = [ 8 | "BatchSignatureAsyncSelfCert.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/experimental/batcher:batcher", 12 | "//fizz/experimental/crypto:batch_signature", 13 | "//fizz/experimental/protocol:batch_signature_types", 14 | "//fizz/server:async_self_cert", 15 | "//fizz/server:protocol", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /fizz/experimental/server/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "batch_signature_async_self_cert_test", 7 | srcs = [ 8 | "BatchSignatureAsyncSelfCertTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:TestUtil", 13 | "//fizz/experimental/batcher:batcher", 14 | "//fizz/experimental/server:batch_signature_async_self_cert", 15 | "//fizz/protocol/test:mocks", 16 | "//fizz/server/test:mocks", 17 | "//folly/portability:gtest", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /fizz/experimental/util/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "cert_extraction", 7 | srcs = [], 8 | headers = [ 9 | "CertExtraction.h", 10 | ], 11 | deps = [ 12 | ], 13 | exported_deps = [ 14 | "//fizz/client:async_fizz_client", 15 | "//fizz/server:async_fizz_server", 16 | ], 17 | ) 18 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "types", 7 | srcs = [ 8 | "Types.cpp", 9 | ], 10 | headers = [ 11 | "Types.h", 12 | ], 13 | exported_deps = [ 14 | "//fizz/record:record", 15 | ], 16 | ) 17 | 18 | fizz_cpp_library( 19 | name = "padding_client_extension", 20 | srcs = [ 21 | "PaddingClientExtension.cpp", 22 | ], 23 | headers = [ 24 | "PaddingClientExtension.h", 25 | ], 26 | exported_deps = [ 27 | ":types", 28 | "//fizz/client:client_extensions", 29 | ], 30 | ) 31 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/PaddingClientExtension.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | namespace fizz { 13 | namespace extensions { 14 | 15 | PaddingClientExtension::PaddingClientExtension(uint16_t paddingTotalBytes) 16 | : paddingTotalBytes_(paddingTotalBytes) {} 17 | 18 | std::vector PaddingClientExtension::getClientHelloExtensions() 19 | const { 20 | extensions::Padding padding{paddingTotalBytes_}; 21 | 22 | std::vector extensions; 23 | extensions.push_back(encodeExtension(padding)); 24 | return extensions; 25 | } 26 | 27 | } // namespace extensions 28 | } // namespace fizz 29 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/PaddingClientExtension.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace extensions { 15 | 16 | /** 17 | * Implement RFC7685 padding extension as client extension 18 | */ 19 | class PaddingClientExtension : public ClientExtensions { 20 | public: 21 | explicit PaddingClientExtension(uint16_t paddingTotalBytes); 22 | 23 | std::vector getClientHelloExtensions() const override; 24 | 25 | void onEncryptedExtensions( 26 | const std::vector& /*extensions*/) override {} 27 | 28 | private: 29 | uint16_t paddingTotalBytes_; 30 | }; 31 | 32 | } // namespace extensions 33 | } // namespace fizz 34 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/Types.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | template <> 13 | Extension encodeExtension(const extensions::Padding& padding) { 14 | constexpr size_t kMinPaddingBytes = 15 | sizeof(ExtensionType) + sizeof(padding.total_bytes); 16 | 17 | Extension ext; 18 | ext.extension_type = ExtensionType::padding; 19 | size_t paddingBufLen = padding.total_bytes < kMinPaddingBytes 20 | ? 0 21 | : padding.total_bytes - kMinPaddingBytes; 22 | ext.extension_data = folly::IOBuf::create(paddingBufLen); 23 | std::memset(ext.extension_data->writableData(), 0, paddingBufLen); 24 | ext.extension_data->append(paddingBufLen); 25 | return ext; 26 | } 27 | 28 | } // namespace fizz 29 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/Types.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace extensions { 16 | struct Padding { 17 | uint16_t total_bytes; 18 | static constexpr ExtensionType extension_type = ExtensionType::padding; 19 | }; 20 | } // namespace extensions 21 | } // namespace fizz 22 | -------------------------------------------------------------------------------- /fizz/extensions/clientpadding/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "padding_client_extension_test", 7 | srcs = [ 8 | "PaddingClientExtensionTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/extensions/clientpadding:padding_client_extension", 12 | "//fizz/record/test:extension_tests_base", 13 | "//folly/portability:gmock", 14 | "//folly/portability:gtest", 15 | ], 16 | ) 17 | -------------------------------------------------------------------------------- /fizz/extensions/delegatedcred/DelegatedCredentialClientExtension.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | #include 9 | 10 | namespace fizz { 11 | namespace extensions { 12 | 13 | std::vector 14 | DelegatedCredentialClientExtension::getClientHelloExtensions() const { 15 | std::vector clientExtensions; 16 | DelegatedCredentialSupport supp; 17 | supp.supported_signature_algorithms = supportedSchemes_; 18 | clientExtensions.push_back(encodeExtension(std::move(supp))); 19 | return clientExtensions; 20 | } 21 | 22 | void DelegatedCredentialClientExtension::onEncryptedExtensions( 23 | const std::vector& extensions) {} 24 | } // namespace extensions 25 | } // namespace fizz 26 | -------------------------------------------------------------------------------- /fizz/extensions/delegatedcred/DelegatedCredentialClientExtension.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | #pragma once 9 | 10 | #include 11 | #include 12 | 13 | namespace fizz { 14 | namespace extensions { 15 | 16 | class DelegatedCredentialClientExtension : public ClientExtensions { 17 | public: 18 | explicit DelegatedCredentialClientExtension( 19 | std::vector schemes) 20 | : supportedSchemes_(std::move(schemes)) {} 21 | 22 | std::vector getClientHelloExtensions() const override; 23 | 24 | void onEncryptedExtensions(const std::vector& extensions) override; 25 | std::vector supportedSchemes_; 26 | }; 27 | } // namespace extensions 28 | } // namespace fizz 29 | -------------------------------------------------------------------------------- /fizz/extensions/delegatedcred/DelegatedCredentialFactory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace extensions { 16 | 17 | /** 18 | * This class allows delegated credentials to be parsed when sent by the server. 19 | */ 20 | class DelegatedCredentialFactory : public ::fizz::DefaultFactory { 21 | public: 22 | ~DelegatedCredentialFactory() override = default; 23 | 24 | std::unique_ptr makePeerCert(CertificateEntry entry, bool leaf) 25 | const override; 26 | 27 | static std::unique_ptr makePeerCertStatic( 28 | CertificateEntry entry, 29 | bool leaf); 30 | }; 31 | } // namespace extensions 32 | } // namespace fizz 33 | -------------------------------------------------------------------------------- /fizz/extensions/exportedauth/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "exported_authenticator", 7 | srcs = [ 8 | "ExportedAuthenticator.cpp", 9 | ], 10 | headers = [ 11 | "ExportedAuthenticator.h", 12 | "Util.h", 13 | ], 14 | deps = [ 15 | "//fizz/backend:openssl", 16 | "//fizz/protocol:default_factory", 17 | ], 18 | exported_deps = [ 19 | "//fizz/crypto:hasher", 20 | "//fizz/protocol:async_fizz_base", 21 | "//fizz/protocol:certificate", 22 | "//fizz/protocol:exporter", 23 | "//fizz/protocol:protocol", 24 | "//fizz/record:record", 25 | "//fizz/record:record_layer", 26 | ], 27 | ) 28 | -------------------------------------------------------------------------------- /fizz/extensions/exportedauth/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "exported_authenticator_test", 7 | srcs = [ 8 | "ExportedAuthenticatorTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/backend:openssl", 12 | "//fizz/crypto/test:TestUtil", 13 | "//fizz/extensions/exportedauth:exported_authenticator", 14 | "//fizz/protocol:default_factory", 15 | "//fizz/protocol/test:mocks", 16 | "//fizz/protocol/test:test_util", 17 | "//fizz/record:record", 18 | "//folly:string", 19 | "//folly/portability:gmock", 20 | "//folly/portability:gtest", 21 | ], 22 | ) 23 | -------------------------------------------------------------------------------- /fizz/extensions/javacrypto/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//tools/build_defs:platform_defs.bzl", "ANDROID") 2 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 3 | 4 | oncall("secure_pipes") 5 | 6 | fizz_cpp_library( 7 | name = "java_crypto", 8 | srcs = [ 9 | "JavaCryptoCertificateVerifier.cpp", 10 | "JavaCryptoPeerCert.cpp", 11 | "JniUtils.cpp", 12 | "OnLoad.cpp", 13 | ], 14 | headers = [ 15 | "JavaCryptoCertificateVerifier.h", 16 | "JavaCryptoFactory.h", 17 | "JavaCryptoPeerCert.h", 18 | "JniUtils.h", 19 | ], 20 | # This library uses proxygen, which hasn't been modularized yet, so keep 21 | # using textual inclusion for now. 22 | modular_headers = False, 23 | platforms = (ANDROID,), 24 | deps = [ 25 | "//folly/ssl:openssl_cert_utils", 26 | ], 27 | exported_deps = [ 28 | "//fizz/backend:openssl", 29 | "//fizz/protocol:certificate", 30 | "//fizz/protocol:certificate_verifier", 31 | "//fizz/protocol:default_factory", 32 | "//fizz/record:record", 33 | "//folly:range", 34 | ] + select({ 35 | "DEFAULT": [], 36 | "ovr_config//runtime/constraints:fbcode": [ 37 | "fbsource//third-party/jvm:jvm", 38 | ], 39 | }), 40 | external_deps = [ 41 | "glog", 42 | ], 43 | ) 44 | -------------------------------------------------------------------------------- /fizz/extensions/javacrypto/JavaCryptoFactory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | 16 | /** 17 | * This class instantiates objects using Java Crypto API instead of OpenSSL. 18 | */ 19 | class JavaCryptoFactory : public ::fizz::DefaultFactory { 20 | public: 21 | ~JavaCryptoFactory() override = default; 22 | 23 | std::unique_ptr makePeerCert( 24 | CertificateEntry certEntry, 25 | bool /*leaf*/) const override { 26 | if (certEntry.cert_data->empty()) { 27 | throw std::runtime_error("empty peer cert"); 28 | } 29 | 30 | return std::make_unique(std::move(certEntry.cert_data)); 31 | } 32 | }; 33 | } // namespace fizz 34 | -------------------------------------------------------------------------------- /fizz/extensions/javacrypto/JavaCryptoPeerCert.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | 18 | class JavaCryptoPeerCert : public PeerCert { 19 | public: 20 | static void onLoad(JNIEnv* env); 21 | 22 | explicit JavaCryptoPeerCert(Buf certData); 23 | 24 | ~JavaCryptoPeerCert() override = default; 25 | 26 | // Returns the full Distinguished Name of the certificate 27 | std::string getIdentity() const override; 28 | 29 | void verify( 30 | SignatureScheme scheme, 31 | CertificateVerifyContext context, 32 | folly::ByteRange toBeSigned, 33 | folly::ByteRange signature) const override; 34 | 35 | folly::ssl::X509UniquePtr getX509() const override; 36 | 37 | private: 38 | jobject jobject_; 39 | }; 40 | 41 | } // namespace fizz 42 | -------------------------------------------------------------------------------- /fizz/extensions/javacrypto/JniUtils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace jni { 17 | 18 | void setVM(JavaVM* vm); 19 | 20 | JNIEnv* getEnv(bool* shouldDetach); 21 | void releaseEnv(bool shouldDetach); 22 | 23 | jclass getClass(JNIEnv* env, const std::string& name); 24 | 25 | jmethodID getMethodID( 26 | JNIEnv* env, 27 | jclass clazz, 28 | const std::string& name, 29 | const std::string& signature); 30 | 31 | void maybeThrowException(JNIEnv* env, bool shouldDetach); 32 | 33 | jbyteArray createByteArray(JNIEnv* env, folly::ByteRange byteRange); 34 | jbyteArray createByteArray(JNIEnv* env, Buf buf); 35 | 36 | } // namespace jni 37 | } // namespace fizz 38 | -------------------------------------------------------------------------------- /fizz/extensions/javacrypto/OnLoad.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | using namespace fizz; 13 | 14 | JNIEXPORT jint JNI_OnLoad(JavaVM* vm, void* /*reserved*/) { 15 | JNIEnv* env; 16 | if (vm->GetEnv(reinterpret_cast(&env), JNI_VERSION_1_6) != JNI_OK) { 17 | return -1; 18 | } 19 | 20 | jni::setVM(vm); 21 | JavaCryptoPeerCert::onLoad(env); 22 | 23 | return JNI_VERSION_1_6; 24 | } 25 | -------------------------------------------------------------------------------- /fizz/extensions/tokenbinding/TokenBindingClientExtension.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | namespace extensions { 18 | 19 | class TokenBindingClientExtension : public ClientExtensions { 20 | public: 21 | explicit TokenBindingClientExtension( 22 | const std::shared_ptr& context) 23 | : context_(context) {} 24 | 25 | std::vector getClientHelloExtensions() const override; 26 | 27 | void onEncryptedExtensions(const std::vector& extensions) override; 28 | 29 | const auto& getVersion() { 30 | return negotiatedVersion_; 31 | } 32 | 33 | const auto& getNegotiatedKeyParam() { 34 | return negotiatedKeyParam_; 35 | } 36 | 37 | private: 38 | folly::Optional negotiatedVersion_; 39 | folly::Optional negotiatedKeyParam_; 40 | std::shared_ptr context_; 41 | }; 42 | } // namespace extensions 43 | } // namespace fizz 44 | -------------------------------------------------------------------------------- /fizz/extensions/tokenbinding/TokenBindingConstructor.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace extensions { 16 | 17 | class TokenBindingConstructor { 18 | public: 19 | static TokenBinding createTokenBinding( 20 | EVP_PKEY& keyPair, 21 | const Buf& ekm, 22 | TokenBindingKeyParameters negotiatedParameters, 23 | TokenBindingType type); 24 | 25 | private: 26 | static Buf encodeEcKey(const folly::ssl::EcKeyUniquePtr& ecKey); 27 | 28 | static Buf encodeEcdsaSignature( 29 | const folly::ssl::EcdsaSigUniquePtr& signature); 30 | 31 | static Buf signWithEcKey( 32 | const folly::ssl::EcKeyUniquePtr& key, 33 | const Buf& message); 34 | 35 | static void addBignumToSignature(const Buf& signature, BIGNUM* bigNum); 36 | }; 37 | } // namespace extensions 38 | } // namespace fizz 39 | -------------------------------------------------------------------------------- /fizz/extensions/tokenbinding/Utils.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace extensions { 15 | 16 | class TokenBindingUtils { 17 | public: 18 | static constexpr uint8_t kP256EcKeySize = 64; 19 | static constexpr uint8_t kEd25519KeySize = 32; 20 | 21 | static Buf constructMessage( 22 | const TokenBindingType& type, 23 | const TokenBindingKeyParameters& keyParams, 24 | const Buf& ekm) { 25 | Buf concatenatedBuf = folly::IOBuf::create( 26 | kTokenBindingEkmSize + sizeof(TokenBindingKeyParameters) + 27 | sizeof(TokenBindingType)); 28 | folly::io::Appender appender(concatenatedBuf.get(), 20); 29 | 30 | detail::write(type, appender); 31 | detail::write(keyParams, appender); 32 | appender.push(ekm->coalesce()); 33 | return concatenatedBuf; 34 | } 35 | }; 36 | } // namespace extensions 37 | } // namespace fizz 38 | -------------------------------------------------------------------------------- /fizz/fizz-config.h.in: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | /** 10 | * holds compile time configuration options for Fizz. 11 | */ 12 | #pragma once 13 | 14 | #cmakedefine01 FIZZ_HAVE_LIBAEGIS 15 | #cmakedefine01 FIZZ_CERTIFICATE_USE_OPENSSL_CERT 16 | #cmakedefine01 FIZZ_HAVE_OQS 17 | 18 | #if !defined(FIZZ_ENABLE_CONTEXT_COMPATIBILITY_CHECKS) 19 | #if defined(NDEBUG) 20 | #define FIZZ_ENABLE_CONTEXT_COMPATIBILITY_CHECKS 0 21 | #else 22 | #define FIZZ_ENABLE_CONTEXT_COMPATIBILITY_CHECKS 1 23 | #endif 24 | #endif 25 | 26 | #define FIZZ_CONTEXT_VALIDATION_SHOULD_CHECK_CIPHER(x) (true) 27 | 28 | #define FIZZ_DEFAULT_FACTORY_HEADER 29 | #define FIZZ_DEFAULT_FACTORY ::fizz::MultiBackendFactory 30 | 31 | -------------------------------------------------------------------------------- /fizz/platform/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//tools/build_defs:default_platform_defs.bzl", "get_host_target_platform") 2 | load("@fbsource//tools/build_defs:fb_native_wrapper.bzl", "fb_native") 3 | 4 | oncall("mobile_networking_core") 5 | 6 | deps = [x for x in [get_host_target_platform()] if x != None] 7 | 8 | fb_native.platform( 9 | name = "fizz-mobile", 10 | constraint_values = [ 11 | "fbsource//xplat/fizz/constraints:mobile", 12 | ], 13 | visibility = ["PUBLIC"], 14 | deps = deps, 15 | ) 16 | -------------------------------------------------------------------------------- /fizz/protocol/CertManagerBase.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | #include 14 | 15 | namespace fizz { 16 | class CertManagerBase { 17 | public: 18 | enum class MatchType { Direct, Default }; 19 | struct CertMatchStruct { 20 | std::shared_ptr cert; 21 | SignatureScheme scheme; 22 | MatchType type; 23 | }; 24 | using CertMatch = folly::Optional; 25 | 26 | virtual ~CertManagerBase() = default; 27 | 28 | /** 29 | * Select a cert given a client supplied SNI value, server 30 | * supportedSigSchemes, client peerSigSchemes, and client peerExtensions 31 | * 32 | * Will ignore peerSigSchemes if no matching certificate is found. 33 | */ 34 | virtual CertMatch getCert( 35 | const folly::Optional& sni, 36 | const std::vector& supportedSigSchemes, 37 | const std::vector& peerSigSchemes, 38 | const std::vector& peerExtensions) const = 0; 39 | 40 | protected: 41 | using SigSchemeMap = std::map>; 42 | }; 43 | } // namespace fizz 44 | -------------------------------------------------------------------------------- /fizz/protocol/DefaultFactory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | #include FIZZ_DEFAULT_FACTORY_HEADER 14 | 15 | namespace fizz { 16 | /** 17 | * DefaultFactory is a type alias that points to a concrete, non-abstract 18 | * Factory instance that can be used by various internal components of Fizz 19 | * to get the "default compile time configured" Factory. 20 | */ 21 | using DefaultFactory = FIZZ_DEFAULT_FACTORY; 22 | 23 | } // namespace fizz 24 | -------------------------------------------------------------------------------- /fizz/protocol/Events.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | enum class Event { 16 | ClientHello, 17 | ServerHello, 18 | EndOfEarlyData, 19 | HelloRetryRequest, 20 | EncryptedExtensions, 21 | CertificateRequest, 22 | Certificate, 23 | CompressedCertificate, 24 | CertificateVerify, 25 | Finished, 26 | NewSessionTicket, 27 | KeyUpdate, 28 | Alert, 29 | Accept, 30 | Connect, 31 | AppData, 32 | EarlyAppWrite, 33 | AppWrite, 34 | AppClose, 35 | WriteNewSessionTicket, 36 | CloseNotify, 37 | KeyUpdateInitiation, 38 | NUM_EVENTS 39 | }; 40 | 41 | template 42 | struct EventType { 43 | static constexpr Event event = e; 44 | }; 45 | 46 | folly::StringPiece toString(Event event); 47 | } // namespace fizz 48 | -------------------------------------------------------------------------------- /fizz/protocol/Exporter.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | namespace fizz { 13 | 14 | Buf Exporter::getExportedKeyingMaterial( 15 | const Factory& factory, 16 | CipherSuite cipher, 17 | folly::ByteRange exporterMaster, 18 | folly::StringPiece label, 19 | Buf context, 20 | uint16_t length) { 21 | if (!context) { 22 | context = folly::IOBuf::create(0); 23 | } 24 | 25 | auto deriver = factory.makeKeyDeriver(cipher); 26 | 27 | std::vector base(deriver->hashLength()); 28 | folly::MutableByteRange hashedContext(base.data(), base.size()); 29 | fizz::hash( 30 | factory.makeHasherFactory(getHashFunction(cipher)), 31 | *context, 32 | hashedContext); 33 | 34 | auto secret = deriver->deriveSecret( 35 | exporterMaster, label, deriver->blankHash(), deriver->hashLength()); 36 | return deriver->expandLabel( 37 | folly::range(secret), 38 | "exporter", 39 | folly::IOBuf::wrapBuffer(hashedContext), 40 | length); 41 | } 42 | } // namespace fizz 43 | -------------------------------------------------------------------------------- /fizz/protocol/Exporter.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | 16 | class Exporter { 17 | public: 18 | static Buf getExportedKeyingMaterial( 19 | const Factory& factory, 20 | CipherSuite cipher, 21 | folly::ByteRange exporterMaster, 22 | folly::StringPiece label, 23 | Buf context, 24 | uint16_t length); 25 | }; 26 | } // namespace fizz 27 | -------------------------------------------------------------------------------- /fizz/protocol/MultiBackendFactory.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | /** 15 | * A fizz::Factory implementation composed of primitives from 16 | * multiple backends. 17 | */ 18 | class MultiBackendFactory : public Factory { 19 | public: 20 | [[nodiscard]] std::unique_ptr makeKeyExchange( 21 | NamedGroup group, 22 | KeyExchangeRole role) const override; 23 | 24 | [[nodiscard]] std::unique_ptr makeAead( 25 | CipherSuite cipher) const override; 26 | 27 | const HasherFactoryWithMetadata* makeHasherFactory( 28 | HashFunction digest) const override; 29 | 30 | [[nodiscard]] std::unique_ptr makePeerCert( 31 | CertificateEntry certEntry, 32 | bool /*leaf*/) const override; 33 | 34 | void makeRandomBytes(unsigned char* out, size_t count) const override; 35 | }; 36 | } // namespace fizz 37 | -------------------------------------------------------------------------------- /fizz/protocol/StateMachine.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace sm { 17 | 18 | template 19 | class StateMachine { 20 | public: 21 | using EventHandlerFun = 22 | typename SM::Actions (*)(const typename SM::State&, typename SM::Param&); 23 | 24 | /** 25 | * Returns the appropriate event handler for event in state. 26 | */ 27 | static EventHandlerFun getHandler( 28 | typename SM::StateEnum state, 29 | typename SM::Event event); 30 | 31 | private: 32 | template 33 | static constexpr EventHandlerFun getEventHandler(); 34 | 35 | template 36 | static constexpr std::array 37 | getEventHandlers(std::index_sequence) { 38 | return {{getEventHandler()...}}; 39 | } 40 | }; 41 | } // namespace sm 42 | } // namespace fizz 43 | 44 | #include 45 | -------------------------------------------------------------------------------- /fizz/protocol/clock/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "clock", 7 | headers = [ 8 | "Clock.h", 9 | ], 10 | ) 11 | 12 | fizz_cpp_library( 13 | name = "system_clock", 14 | srcs = [ 15 | "SystemClock.cpp", 16 | ], 17 | headers = [ 18 | "SystemClock.h", 19 | ], 20 | exported_deps = [ 21 | ":clock", 22 | ], 23 | ) 24 | -------------------------------------------------------------------------------- /fizz/protocol/clock/Clock.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | // Simple clock abstraction to facilitate testing. 16 | class Clock { 17 | public: 18 | virtual ~Clock() = default; 19 | virtual std::chrono::system_clock::time_point getCurrentTime() const = 0; 20 | }; 21 | 22 | } // namespace fizz 23 | -------------------------------------------------------------------------------- /fizz/protocol/clock/SystemClock.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | 13 | std::chrono::system_clock::time_point SystemClock::getCurrentTime() const { 14 | return std::chrono::system_clock::now(); 15 | } 16 | 17 | } // namespace fizz 18 | -------------------------------------------------------------------------------- /fizz/protocol/clock/SystemClock.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | class SystemClock : public Clock { 16 | std::chrono::system_clock::time_point getCurrentTime() const override; 17 | }; 18 | 19 | } // namespace fizz 20 | -------------------------------------------------------------------------------- /fizz/protocol/clock/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_library") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_library( 6 | name = "mock_clock", 7 | headers = [ 8 | "Mocks.h", 9 | ], 10 | exported_deps = [ 11 | "//fizz/protocol/clock:clock", 12 | "//folly/portability:gmock", 13 | ], 14 | ) 15 | -------------------------------------------------------------------------------- /fizz/protocol/clock/test/Mocks.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace test { 16 | 17 | class MockClock : public Clock { 18 | public: 19 | MOCK_METHOD( 20 | std::chrono::system_clock::time_point, 21 | getCurrentTime, 22 | (), 23 | (const)); 24 | }; 25 | 26 | } // namespace test 27 | } // namespace fizz 28 | -------------------------------------------------------------------------------- /fizz/protocol/ech/GreaseECH.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) Meta Platforms, Inc. and affiliates. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace ech { 17 | OuterECHClientHello generateGreaseECH( 18 | const GreaseECHSetting& setting, 19 | const Factory& factory, 20 | size_t encodedChloSize); 21 | } // namespace ech 22 | } // namespace fizz 23 | -------------------------------------------------------------------------------- /fizz/protocol/ech/test/TestUtil.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace ech { 17 | namespace test { 18 | 19 | ECHConfigContentDraft getECHConfigContent(); 20 | ECHConfig getECHConfig(); 21 | ClientHello getClientHelloOuter(); 22 | 23 | } // namespace test 24 | } // namespace ech 25 | } // namespace fizz 26 | -------------------------------------------------------------------------------- /fizz/protocol/test/ExporterTest.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | #include 12 | #include 13 | 14 | using namespace folly; 15 | 16 | namespace fizz { 17 | namespace test { 18 | 19 | StringPiece exporter_master = {"12345678901234567890123456789012"}; 20 | StringPiece label = {"EXPORTER-Token-Binding"}; 21 | StringPiece basic_expected_ekm = { 22 | "55549d2d280d8507823a80c2ee69530e5dcc6a04e86f1bae1ef23a86337341a8"}; 23 | 24 | TEST(ExporterTest, TestExporterBasic) { 25 | fizz::DefaultFactory factory; 26 | auto ekm = Exporter::getExportedKeyingMaterial( 27 | factory, 28 | CipherSuite::TLS_AES_128_GCM_SHA256, 29 | folly::Range(exporter_master), 30 | label, 31 | nullptr, 32 | 32); 33 | 34 | EXPECT_EQ(StringPiece(ekm->coalesce()), unhexlify(basic_expected_ekm)); 35 | } 36 | } // namespace test 37 | } // namespace fizz 38 | -------------------------------------------------------------------------------- /fizz/protocol/test/Matchers.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace test { 17 | 18 | MATCHER_P(CertEntryBufMatches, expected, "") { 19 | return folly::IOBufEqualTo()( 20 | folly::IOBuf::copyBuffer(expected), arg.cert_data); 21 | } 22 | 23 | MATCHER_P(BufMatches, expected, "") { 24 | return folly::IOBufEqualTo()(folly::IOBuf::copyBuffer(expected), arg); 25 | } 26 | 27 | MATCHER_P(RangeMatches, expected, "") { 28 | folly::StringPiece exp(expected); 29 | return exp.size() == arg.size() && 30 | (exp.size() == 0 || memcmp(exp.data(), arg.data(), exp.size()) == 0); 31 | } 32 | } // namespace test 33 | } // namespace fizz 34 | -------------------------------------------------------------------------------- /fizz/server/AsyncSelfCert.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace server { 16 | class State; 17 | } 18 | 19 | /** 20 | * SelfCert with an asynchronous sign method. This is useful when the private 21 | * key for a certificate is not locally available. 22 | */ 23 | class AsyncSelfCert : public SelfCert { 24 | public: 25 | virtual folly::SemiFuture> signFuture( 26 | SignatureScheme scheme, 27 | CertificateVerifyContext context, 28 | std::unique_ptr toBeSigned) const = 0; 29 | }; 30 | } // namespace fizz 31 | -------------------------------------------------------------------------------- /fizz/server/CookieTypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | #include 12 | #include 13 | 14 | namespace fizz { 15 | namespace server { 16 | using AES128CookieCipher = AeadCookieCipher; 17 | } 18 | } // namespace fizz 19 | -------------------------------------------------------------------------------- /fizz/server/FizzServer.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | namespace fizz { 12 | namespace server { 13 | 14 | bool looksLikeV2ClientHello(const folly::IOBufQueue& queue) { 15 | if (queue.empty()) { 16 | return false; 17 | } 18 | folly::io::Cursor cursor(queue.front()); 19 | if (!cursor.canAdvance(3)) { 20 | return false; 21 | } 22 | uint8_t byte1 = cursor.read(); 23 | cursor.skip(1); 24 | uint8_t byte3 = cursor.read(); 25 | if (byte1 & 0x80 && byte3 == 0x01) { 26 | return true; 27 | } 28 | return false; 29 | } 30 | } // namespace server 31 | } // namespace fizz 32 | -------------------------------------------------------------------------------- /fizz/server/FizzServerContext.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include "fizz/server/FizzServerContext.h" 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace server { 15 | 16 | FizzServerContext::FizzServerContext() 17 | : factory_(std::make_shared()) {} 18 | 19 | } // namespace server 20 | } // namespace fizz 21 | -------------------------------------------------------------------------------- /fizz/server/MultiServerExtensions.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | using fizz::server::MultiServerExtensions; 12 | 13 | MultiServerExtensions::MultiServerExtensions( 14 | std::vector> extensions) 15 | : extensions_(std::move(extensions)) {} 16 | 17 | /** 18 | * For each extension in the provided list, get the associated Extensions 19 | * and combine into one vector. 20 | */ 21 | std::vector MultiServerExtensions::getExtensions( 22 | const ClientHello& chlo) { 23 | std::vector result; 24 | for (auto& ext : extensions_) { 25 | auto next = ext->getExtensions(chlo); 26 | result.insert( 27 | result.end(), 28 | std::make_move_iterator(next.begin()), 29 | std::make_move_iterator(next.end())); 30 | } 31 | return result; 32 | } 33 | -------------------------------------------------------------------------------- /fizz/server/MultiServerExtensions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | namespace server { 15 | 16 | /** 17 | * This class defines an interface which allows for multiple ServerExtensions 18 | * to be used at the same time.. 19 | */ 20 | class MultiServerExtensions : public ServerExtensions { 21 | public: 22 | explicit MultiServerExtensions( 23 | std::vector> extensions); 24 | 25 | /** 26 | * For each extension in the provided list, get the associated Extensions 27 | * and combine into one vector. 28 | */ 29 | std::vector getExtensions(const ClientHello& chlo) override; 30 | 31 | private: 32 | std::vector> extensions_; 33 | }; 34 | 35 | } // namespace server 36 | } // namespace fizz 37 | -------------------------------------------------------------------------------- /fizz/server/ReplayCache.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | 11 | using fizz::server::ReplayCacheResult; 12 | 13 | namespace fizz { 14 | 15 | folly::StringPiece toString(ReplayCacheResult result) { 16 | switch (result) { 17 | case ReplayCacheResult::NotChecked: 18 | return "NotChecked"; 19 | case ReplayCacheResult::NotReplay: 20 | return "NotReplay"; 21 | case ReplayCacheResult::MaybeReplay: 22 | return "MaybeReplay"; 23 | case ReplayCacheResult::DefinitelyReplay: 24 | return "DefinitelyReplay"; 25 | } 26 | return "Invalid ReplayCacheResult"; 27 | } 28 | } // namespace fizz 29 | -------------------------------------------------------------------------------- /fizz/server/ReplayCache.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace server { 17 | 18 | enum ReplayCacheResult { 19 | NotChecked, 20 | NotReplay, 21 | MaybeReplay, 22 | DefinitelyReplay, 23 | }; 24 | } 25 | 26 | folly::StringPiece toString(server::ReplayCacheResult); 27 | 28 | namespace server { 29 | 30 | /** 31 | * Anti-replay cache that checks if a unique identifier has been received 32 | * before. 33 | */ 34 | class ReplayCache { 35 | public: 36 | virtual ~ReplayCache() = default; 37 | 38 | virtual folly::SemiFuture check( 39 | std::unique_ptr identifier) = 0; 40 | }; 41 | 42 | /** 43 | * Replay cache implementation that allows replays. 44 | */ 45 | class AllowAllReplayReplayCache : public ReplayCache { 46 | public: 47 | ~AllowAllReplayReplayCache() override = default; 48 | 49 | folly::SemiFuture check( 50 | std::unique_ptr) override { 51 | return ReplayCacheResult::NotReplay; 52 | } 53 | }; 54 | } // namespace server 55 | } // namespace fizz 56 | -------------------------------------------------------------------------------- /fizz/server/ResumptionState.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | namespace server { 18 | 19 | struct ResumptionState { 20 | ProtocolVersion version; 21 | CipherSuite cipher; 22 | Buf resumptionSecret; 23 | std::shared_ptr serverCert; 24 | std::shared_ptr clientCert; 25 | 26 | folly::Optional alpn; 27 | uint32_t ticketAgeAdd; 28 | std::chrono::system_clock::time_point ticketIssueTime; 29 | Buf appToken; 30 | std::chrono::system_clock::time_point handshakeTime; 31 | }; 32 | } // namespace server 33 | } // namespace fizz 34 | -------------------------------------------------------------------------------- /fizz/server/ServerExtensions.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | 13 | namespace fizz { 14 | 15 | /** 16 | * This class defines an interface which allows for Extensions to be extracted 17 | * from ClientHello without the ServerProtocol needing to know what extensions 18 | * exactly are being negotiated. 19 | */ 20 | class ServerExtensions { 21 | public: 22 | virtual ~ServerExtensions() = default; 23 | 24 | /** 25 | * Returns a list of extensions to be added to EncryptedExtensions, given a 26 | * ClientHello. 27 | */ 28 | virtual std::vector getExtensions(const ClientHello& chlo) = 0; 29 | }; 30 | } // namespace fizz 31 | -------------------------------------------------------------------------------- /fizz/server/TicketCipher.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | 16 | namespace fizz { 17 | namespace server { 18 | 19 | /** 20 | * Interface for turning PSKs into ResumptionState, and vice versa. 21 | */ 22 | class TicketCipher { 23 | public: 24 | virtual ~TicketCipher() = default; 25 | 26 | /** 27 | * Returns an opaque PSK for ResumptionState, and its validity time. 28 | */ 29 | virtual folly::SemiFuture< 30 | folly::Optional>> 31 | encrypt(ResumptionState resState) const = 0; 32 | 33 | /** 34 | * Returns the ResumptionState for an opaque PSK, and the type of PSK 35 | * (resumption or external). 36 | * 37 | * Returns Rejected if the PSK is not recognized or not valid. 38 | */ 39 | virtual folly::SemiFuture< 40 | std::pair>> 41 | decrypt(std::unique_ptr encryptedTicket) const = 0; 42 | }; 43 | } // namespace server 44 | } // namespace fizz 45 | -------------------------------------------------------------------------------- /fizz/server/TicketTypes.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | #include 15 | #include 16 | 17 | namespace fizz { 18 | namespace server { 19 | using AES128TicketCipher = 20 | Aead128GCMTicketCipher>; 21 | using AES128TicketIdentityOnlyCipher = 22 | Aead128GCMTicketCipher>; 23 | using AES128TokenCipher = Aead128GCMTokenCipher; 24 | } // namespace server 25 | } // namespace fizz 26 | -------------------------------------------------------------------------------- /fizz/server/TokenCipher.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | 11 | #include 12 | #include 13 | #include 14 | 15 | namespace fizz { 16 | namespace server { 17 | 18 | /** 19 | * Interface for encrypting and decrypting various tokens, e.g., PSKs. 20 | */ 21 | class TokenCipher { 22 | public: 23 | virtual ~TokenCipher() = default; 24 | 25 | /** 26 | * Set secrets to use for token encryption/decryption. 27 | */ 28 | virtual bool setSecrets( 29 | const std::vector& tokenSecrets) = 0; 30 | 31 | virtual folly::Optional> encrypt( 32 | std::unique_ptr, 33 | folly::IOBuf* associatedData = nullptr) const = 0; 34 | 35 | virtual folly::Optional> decrypt( 36 | std::unique_ptr, 37 | folly::IOBuf* associatedData = nullptr) const = 0; 38 | }; 39 | } // namespace server 40 | } // namespace fizz 41 | -------------------------------------------------------------------------------- /fizz/test/CMakeTestMain.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | /* 13 | * This is the recommended main function for all tests. 14 | * The Makefile links it into all of the test programs so that tests do not need 15 | * to - and indeed should typically not - define their own main() functions 16 | */ 17 | #ifndef _MSC_VER 18 | int main(int argc, char** argv) __attribute__((__weak__)); 19 | #endif 20 | 21 | int main(int argc, char** argv) { 22 | ::testing::InitGoogleTest(&argc, argv); 23 | folly::Init follyInit(&argc, &argv); 24 | return RUN_ALL_TESTS(); 25 | } 26 | -------------------------------------------------------------------------------- /fizz/tool/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbcode_macros//build_defs:build_file_migration.bzl", "fbcode_target") 2 | load("@fbcode_macros//build_defs:cpp_unittest.bzl", "cpp_unittest") 3 | 4 | oncall("secure_pipes") 5 | 6 | fbcode_target( 7 | _kind = cpp_unittest, 8 | name = "fizz_command_common", 9 | srcs = [ 10 | "FizzCommandCommonTest.cpp", 11 | ], 12 | deps = [ 13 | "//fizz/protocol/ech:encrypted_client_hello", 14 | "//fizz/tool:tool_lib", 15 | "//folly/container:array", 16 | "//folly/portability:gmock", 17 | "//folly/portability:gtest", 18 | ], 19 | ) 20 | -------------------------------------------------------------------------------- /fizz/util/Parse.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | #include 11 | 12 | namespace fizz { 13 | 14 | template 15 | T parse(folly::StringPiece s); 16 | 17 | } // namespace fizz 18 | 19 | #include 20 | -------------------------------------------------------------------------------- /fizz/util/Tracing.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | 12 | namespace fizz { 13 | extern "C" { 14 | void fizz_probe_secret_available( 15 | unsigned char* secretData, 16 | unsigned char secretSize, 17 | fizz::KeyLogWriter::Label nssLabel, 18 | unsigned char* clientRandom) { 19 | FOLLY_SDT( 20 | fizz, 21 | fizz_secret_available, 22 | secretData, 23 | secretSize, 24 | nssLabel, 25 | clientRandom); 26 | } 27 | } 28 | 29 | } // namespace fizz 30 | -------------------------------------------------------------------------------- /fizz/util/Tracing.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2023-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #pragma once 10 | #include 11 | 12 | namespace fizz { 13 | 14 | extern "C" { 15 | void fizz_probe_secret_available( 16 | unsigned char* secretData, 17 | unsigned char secretSize, 18 | fizz::KeyLogWriter::Label nssLabel, 19 | unsigned char* clientRandom); 20 | } 21 | 22 | } // namespace fizz 23 | -------------------------------------------------------------------------------- /fizz/util/Workarounds.h: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2019-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | #pragma once 9 | 10 | namespace fizz { 11 | 12 | namespace detail { 13 | // A hack to workaround Boost 1.70 apply_visitor regression: 14 | // https://github.com/boostorg/variant/issues/69 15 | template 16 | decltype(auto) result_type() { 17 | struct Inner { 18 | private: 19 | struct Uninstantiable {}; 20 | 21 | public: 22 | using result_type = R; 23 | result_type operator()(Uninstantiable); 24 | }; 25 | 26 | return Inner{}; 27 | } 28 | } // namespace detail 29 | } // namespace fizz 30 | -------------------------------------------------------------------------------- /fizz/util/test/BUCK: -------------------------------------------------------------------------------- 1 | load("@fbsource//xplat/fizz:defs.bzl", "fizz_cpp_unittest") 2 | 3 | oncall("secure_pipes") 4 | 5 | fizz_cpp_unittest( 6 | name = "fizz_util_test", 7 | srcs = [ 8 | "FizzUtilTest.cpp", 9 | ], 10 | deps = [ 11 | "//fizz/crypto/test:TestUtil", 12 | "//fizz/protocol/clock/test:mock_clock", 13 | "//fizz/protocol/test:mocks", 14 | "//fizz/server:ticket_types", 15 | "//fizz/util:fizz_util", 16 | "//folly:file_util", 17 | "//folly/portability:gtest", 18 | "//folly/testing:test_util", 19 | ], 20 | ) 21 | 22 | fizz_cpp_unittest( 23 | name = "variant_test", 24 | srcs = [ 25 | "FizzVariantTest.cpp", 26 | ], 27 | deps = [ 28 | "//fizz/util:variant", 29 | "//folly/portability:gtest", 30 | ], 31 | ) 32 | 33 | fizz_cpp_unittest( 34 | name = "key_log_writer_test", 35 | srcs = [ 36 | "KeyLogWriterTest.cpp", 37 | ], 38 | deps = [ 39 | "//fizz/crypto:random", 40 | "//fizz/util:key_log_writer", 41 | "//folly/portability:gtest", 42 | ], 43 | ) 44 | -------------------------------------------------------------------------------- /fizz/util/test/KeyLogWriterTest.cpp: -------------------------------------------------------------------------------- 1 | /* 2 | * Copyright (c) 2018-present, Facebook, Inc. 3 | * All rights reserved. 4 | * 5 | * This source code is licensed under the BSD-style license found in the 6 | * LICENSE file in the root directory of this source tree. 7 | */ 8 | 9 | #include 10 | #include 11 | #include 12 | 13 | namespace fizz { 14 | namespace test { 15 | 16 | TEST(KeyLogWriterTest, WriteLog) { 17 | auto random = RandomGenerator<32>().generateRandom(); 18 | auto secret = RandomGenerator<32>().generateRandom(); 19 | std::string logLine = KeyLogWriter::generateLogLine( 20 | random, KeyLogWriter::Label::CLIENT_HANDSHAKE_TRAFFIC_SECRET, secret); 21 | 22 | std::vector fields; 23 | folly::split(' ', logLine, fields); 24 | EXPECT_EQ(fields.size(), 3); 25 | EXPECT_EQ(fields[0], "CLIENT_HANDSHAKE_TRAFFIC_SECRET"); 26 | EXPECT_EQ(fields[1], folly::hexlify(random)); 27 | EXPECT_EQ(fields[2], folly::hexlify(secret) + "\n"); 28 | } 29 | 30 | } // namespace test 31 | } // namespace fizz 32 | -------------------------------------------------------------------------------- /logo2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/facebookincubator/fizz/0ddfc9c0d8a90391f4a33ee3273c155391fb08c4/logo2x.png -------------------------------------------------------------------------------- /oss_buck_build_and_test.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # Copyright (c) Meta Platforms, Inc. and affiliates. 3 | # All rights reserved. 4 | # 5 | # This source code is licensed under the BSD-style license found in the 6 | # LICENSE file in the root directory of this source tree. 7 | 8 | 9 | if [ "$GITHUB_ACTIONS" == "true" ]; then 10 | TARGETS_FILE=$(mktemp) 11 | ./buck2 targets //fizz/... | grep -F -v -f ./bad_targets | grep -v test>"$TARGETS_FILE" 12 | ./buck2 build @"$TARGETS_FILE" 13 | else 14 | dotslash-oss "$BUCK2" build //... && dotslash-oss "$BUCK2" test //... 15 | fi 16 | --------------------------------------------------------------------------------