From f58ae30b509835140a667ce5a7513fef4e8a40d2 Mon Sep 17 00:00:00 2001
From: Andras Fekete <andras@wolfssl.com>
Date: Thu, 22 Jun 2023 10:51:07 -0400
Subject: [PATCH] Add in CMake flags 'HPKE', 'HKDF', 'ECH'

---
 CMakeLists.txt        | 38 ++++++++++++++++++++++++++++++++++++++
 cmake/functions.cmake |  7 +++++++
 2 files changed, 45 insertions(+)

diff --git a/CMakeLists.txt b/CMakeLists.txt
index f00fc47cc..b17a93bd0 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -1774,11 +1774,49 @@ if(WOLFSSL_AESKEYWRAP)
         )
 endif()
 
+# Hybrid Key Derivation Function
+add_option("WOLFSSL_HKDF"
+        "Enable wolfSSL HKDF (HMAC-KDF) support (default: disabled)"
+        "no" "yes;no")
+
+
+# Hybrid Public Key Encryption (RFC9180)
+add_option("WOLFSSL_HPKE"
+        "Enable wolfSSL hybrid public key encryption (default: disabled)"
+        "no" "yes;no")
+
+# Encrypted Client Hello (ECH)
+add_option("WOLFSSL_ECH"
+        "Enable wolfSSL encrypted client hello (default: disabled)"
+        "no" "yes;no")
+
 # Keying Material Exporter / TLS Exporter
 add_option("WOLFSSL_KEYING_MATERIAL"
         "Enable wolfSSL keying material export (default: disabled)"
         "no" "yes;no")
 
+if(WOLFSSL_HPKE)
+    if(NOT WOLFSSL_ECC)
+        message(FATAL_ERROR "HPKE supported only with ECC (WOLFSSL_ECC)")
+    endif()
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HPKE")
+    override_cache(WOLFSSL_HKDF "yes")
+endif()
+
+if(WOLFSSL_HKDF)
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_HKDF")
+endif()
+
+if(WOLFSSL_ECH)
+    if(NOT WOLFSSL_HPKE)
+        message(FATAL_ERROR "ECH supported only with HPKE (WOLFSSL_HPKE)")
+    endif()
+    if(NOT WOLFSSL_SNI)
+        message(FATAL_ERROR "ECH supported only with SNI (WOLFSSL_SNI)")
+    endif()
+    list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_ECH")
+endif()
+
 if(WOLFSSL_KEYING_MATERIAL)
     list(APPEND WOLFSSL_DEFINITIONS "-DHAVE_KEYING_MATERIAL")
 endif()
diff --git a/cmake/functions.cmake b/cmake/functions.cmake
index 87839d1bc..e77991ea1 100644
--- a/cmake/functions.cmake
+++ b/cmake/functions.cmake
@@ -304,6 +304,9 @@ function(generate_build_flags)
     if(WOLFSSL_CAAM)
         set(BUILD_CAAM "yes" PARENT_SCOPE)
     endif()
+    if(WOLFSSL_HPKE OR WOLFSSL_USER_SETTINGS)
+        set(BUILD_HPKE "yes" PARENT_SCOPE)
+    endif()
 
     set(BUILD_FLAGS_GENERATED "yes" PARENT_SCOPE)
 endfunction()
@@ -910,6 +913,10 @@ function(generate_lib_src_list LIB_SOURCES)
             wolfcrypt/src/port/caam/wolfcaam_hmac.c)
     endif()
 
+    if(BUILD_HPKE)
+         list(APPEND LIB_SOURCES wolfcrypt/src/hpke.c)
+    endif()
+
     set(LIB_SOURCES ${LIB_SOURCES} PARENT_SCOPE)
 endfunction()