Landing Recent QUIC changes until 2015-11-09 20:32 UTC

net/quic/crypto/quic_crypto_client_config.cc

 // Copyright 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/crypto/quic_crypto_client_config.h"
 
 #include "base/metrics/histogram_macros.h"
 #include "base/metrics/sparse_histogram.h"
 #include "base/stl_util.h"
 #include "base/strings/string_util.h"
@@ skipping 170 matching lines @@
 
 void QuicCryptoClientConfig::CachedState::InvalidateServerConfig() {
   server_config_.clear();
   scfg_.reset();
   SetProofInvalid();
   queue<QuicConnectionId> empty_queue;
   swap(server_designated_connection_ids_, empty_queue);
 }
 
 void QuicCryptoClientConfig::CachedState::SetProof(const vector<string>& certs,
+                                                   StringPiece cert_sct,
                                                    StringPiece signature) {
   bool has_changed =
       signature != server_config_sig_ || certs_.size() != certs.size();
 
   if (!has_changed) {
     for (size_t i = 0; i < certs_.size(); i++) {
       if (certs_[i] != certs[i]) {
         has_changed = true;
         break;
       }
     }
   }
 
   if (!has_changed) {
     return;
   }
 
   // If the proof has changed then it needs to be revalidated.
   SetProofInvalid();
   certs_ = certs;
+  cert_sct_ = cert_sct.as_string();
   server_config_sig_ = signature.as_string();
 }
 
 void QuicCryptoClientConfig::CachedState::Clear() {
   server_config_.clear();
   source_address_token_.clear();
   certs_.clear();
+  cert_sct_.clear();
   server_config_sig_.clear();
   server_config_valid_ = false;
   proof_verify_details_.reset();
   scfg_.reset();
   ++generation_counter_;
   queue<QuicConnectionId> empty_queue;
   swap(server_designated_connection_ids_, empty_queue);
 }
 
 void QuicCryptoClientConfig::CachedState::ClearProof() {
   SetProofInvalid();
   certs_.clear();
+  cert_sct_.clear();
   server_config_sig_.clear();
 }
 
 void QuicCryptoClientConfig::CachedState::SetProofValid() {
   server_config_valid_ = true;
 }
 
 void QuicCryptoClientConfig::CachedState::SetProofInvalid() {
   server_config_valid_ = false;
   ++generation_counter_;
 }
 
 bool QuicCryptoClientConfig::CachedState::Initialize(
     StringPiece server_config,
     StringPiece source_address_token,
     const vector<string>& certs,
+    const string& cert_sct,
     StringPiece signature,
     QuicWallTime now) {
   DCHECK(server_config_.empty());
 
   if (server_config.empty()) {
     RecordDiskCacheServerConfigState(SERVER_CONFIG_EMPTY);
     return false;
   }
 
   string error_details;
   ServerConfigState state = SetServerConfig(server_config, now,
                                             &error_details);
   RecordDiskCacheServerConfigState(state);
   if (state != SERVER_CONFIG_VALID) {
     DVLOG(1) << "SetServerConfig failed with " << error_details;
     return false;
   }
 
   signature.CopyToString(&server_config_sig_);
   source_address_token.CopyToString(&source_address_token_);
   certs_ = certs;
+  cert_sct_ = cert_sct;
   return true;
 }
 
 const string& QuicCryptoClientConfig::CachedState::server_config() const {
   return server_config_;
 }
 
 const string&
 QuicCryptoClientConfig::CachedState::source_address_token() const {
   return source_address_token_;
 }
 
 const vector<string>& QuicCryptoClientConfig::CachedState::certs() const {
   return certs_;
 }
 
+const string& QuicCryptoClientConfig::CachedState::cert_sct() const {
+  return cert_sct_;
+}
+
 const string& QuicCryptoClientConfig::CachedState::signature() const {
   return server_config_sig_;
 }
 
 bool QuicCryptoClientConfig::CachedState::proof_valid() const {
   return server_config_valid_;
 }
 
 uint64 QuicCryptoClientConfig::CachedState::generation_counter() const {
   return generation_counter_;
 }
 
 const ProofVerifyDetails*
 QuicCryptoClientConfig::CachedState::proof_verify_details() const {
   return proof_verify_details_.get();
 }
 
 void QuicCryptoClientConfig::CachedState::set_source_address_token(
     StringPiece token) {
   source_address_token_ = token.as_string();
 }
 
+void QuicCryptoClientConfig::CachedState::set_cert_sct(StringPiece cert_sct) {
+  cert_sct_ = cert_sct.as_string();
+}
+
 void QuicCryptoClientConfig::CachedState::SetProofVerifyDetails(
     ProofVerifyDetails* details) {
   proof_verify_details_.reset(details);
 }
 
 void QuicCryptoClientConfig::CachedState::InitializeFrom(
     const QuicCryptoClientConfig::CachedState& other) {
   DCHECK(server_config_.empty());
   DCHECK(!server_config_valid_);
   server_config_ = other.server_config_;
   source_address_token_ = other.source_address_token_;
   certs_ = other.certs_;
+  cert_sct_ = other.cert_sct_;
   server_config_sig_ = other.server_config_sig_;
   server_config_valid_ = other.server_config_valid_;
   server_designated_connection_ids_ = other.server_designated_connection_ids_;
   if (other.proof_verify_details_.get() != nullptr) {
     proof_verify_details_.reset(other.proof_verify_details_->Clone());
   }
   ++generation_counter_;
 }
 
 QuicConnectionId
@@ skipping 85 matching lines @@
   if (disable_ecdsa_) {
     out->SetTaglist(kPDMD, kX59R, 0);
   } else {
     out->SetTaglist(kPDMD, kX509, 0);
   }
 
   if (common_cert_sets) {
     out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes());
   }
 
+  if (preferred_version > QUIC_VERSION_29) {
+    out->SetStringPiece(kCertificateSCTTag, "");
+  }
+
   const vector<string>& certs = cached->certs();
   // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the
   // client config is being used for multiple connections, another connection
   // doesn't update the cached certificates and cause us to be unable to
   // process the server's compressed certificate chain.
   out_params->cached_certs = certs;
   if (!certs.empty()) {
     vector<uint64> hashes;
     hashes.reserve(certs.size());
     for (vector<string>::const_iterator i = certs.begin();
@@ skipping 28 matching lines @@
     return QUIC_CRYPTO_INTERNAL_ERROR;
   }
 
   StringPiece scid;
   if (!scfg->GetStringPiece(kSCID, &scid)) {
     *error_details = "SCFG missing SCID";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
   out->SetStringPiece(kSCID, scid);
 
+  if (preferred_version > QUIC_VERSION_29) {
+    out->SetStringPiece(kCertificateSCTTag, "");
+  }
+
   const QuicTag* their_aeads;
   const QuicTag* their_key_exchanges;
   size_t num_their_aeads, num_their_key_exchanges;
   if (scfg->GetTaglist(kAEAD, &their_aeads,
                        &num_their_aeads) != QUIC_NO_ERROR ||
       scfg->GetTaglist(kKEXS, &their_key_exchanges,
                        &num_their_key_exchanges) != QUIC_NO_ERROR) {
     *error_details = "Missing AEAD or KEXS";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
@@ skipping 10 matching lines @@
       !QuicUtils::FindMutualTag(
           kexs, their_key_exchanges, num_their_key_exchanges,
           QuicUtils::LOCAL_PRIORITY, &out_params->key_exchange,
           &key_exchange_index)) {
     *error_details = "Unsupported AEAD or KEXS";
     return QUIC_CRYPTO_NO_SUPPORT;
   }
   out->SetTaglist(kAEAD, out_params->aead, 0);
   out->SetTaglist(kKEXS, out_params->key_exchange, 0);
 
+  if (!tb_key_params.empty()) {
+    const QuicTag* their_tbkps;
+    size_t num_their_tbkps;
+    switch (scfg->GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) {
+      case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND:
+        break;
+      case QUIC_NO_ERROR:
+        if (QuicUtils::FindMutualTag(tb_key_params, their_tbkps,
+                                     num_their_tbkps, QuicUtils::LOCAL_PRIORITY,
+                                     &out_params->token_binding_key_param,
+                                     nullptr)) {
+          out->SetTaglist(kTBKP, out_params->token_binding_key_param, 0);
+        }
+        break;
+      default:
+        *error_details = "Invalid TBKP";
+        return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
+    }
+  }
+
   StringPiece public_value;
   if (scfg->GetNthValue24(kPUBS, key_exchange_index, &public_value) !=
           QUIC_NO_ERROR) {
     *error_details = "Missing public value";
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   StringPiece orbit;
   if (!scfg->GetStringPiece(kORBT, &orbit) || orbit.size() != kOrbitSize) {
     *error_details = "SCFG missing OBIT";
@@ skipping 128 matching lines @@
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   return QUIC_NO_ERROR;
 }
 
 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig(
     const CryptoHandshakeMessage& message,
     QuicWallTime now,
+    const QuicVersion version,
     const vector<string>& cached_certs,
     CachedState* cached,
     string* error_details) {
   DCHECK(error_details != nullptr);
 
   StringPiece scfg;
   if (!message.GetStringPiece(kSCFG, &scfg)) {
     *error_details = "Missing SCFG";
     return QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND;
   }
 
   CachedState::ServerConfigState state = cached->SetServerConfig(
       scfg, now, error_details);
   if (state == CachedState::SERVER_CONFIG_EXPIRED) {
     return QUIC_CRYPTO_SERVER_CONFIG_EXPIRED;
   }
   // TODO(rtenneti): Return more specific error code than returning
   // QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER.
   if (state != CachedState::SERVER_CONFIG_VALID) {
     return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
   }
 
   StringPiece token;
   if (message.GetStringPiece(kSourceAddressTokenTag, &token)) {
     cached->set_source_address_token(token);
   }
 
-  StringPiece proof, cert_bytes;
+  StringPiece proof, cert_bytes, cert_sct;
   bool has_proof = message.GetStringPiece(kPROF, &proof);
   bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes);
   if (has_proof && has_cert) {
     vector<string> certs;
     if (!CertCompressor::DecompressChain(cert_bytes, cached_certs,
                                          common_cert_sets, &certs)) {
       *error_details = "Certificate data invalid";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
     }
 
-    cached->SetProof(certs, proof);
+    if (version > QUIC_VERSION_29) {
+      message.GetStringPiece(kCertificateSCTTag, &cert_sct);
+    }
+    cached->SetProof(certs, cert_sct, proof);
   } else {
     // Secure QUIC: clear existing proof as we have been sent a new SCFG
     // without matching proof/certs.
     cached->ClearProof();
 
     if (has_proof && !has_cert) {
       *error_details = "Certificate missing";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
     }
 
     if (!has_proof && has_cert) {
       *error_details = "Proof missing";
       return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
     }
   }
 
   return QUIC_NO_ERROR;
 }
 
 QuicErrorCode QuicCryptoClientConfig::ProcessRejection(
     const CryptoHandshakeMessage& rej,
     QuicWallTime now,
+    const QuicVersion version,
     CachedState* cached,
     QuicCryptoNegotiatedParameters* out_params,
     string* error_details) {
   DCHECK(error_details != nullptr);
 
   if ((rej.tag() != kREJ) && (rej.tag() != kSREJ)) {
     *error_details = "Message is not REJ or SREJ";
     return QUIC_CRYPTO_INTERNAL_ERROR;
   }
 
-  QuicErrorCode error = CacheNewServerConfig(rej, now, out_params->cached_certs,
-                                             cached, error_details);
+  QuicErrorCode error = CacheNewServerConfig(
+      rej, now, version, out_params->cached_certs, cached, error_details);
   if (error != QUIC_NO_ERROR) {
     return error;
   }
 
   StringPiece nonce;
   if (rej.GetStringPiece(kServerNonceTag, &nonce)) {
     out_params->server_nonce = nonce.as_string();
   }
 
   const uint32* reject_reasons;
@@ skipping 91 matching lines @@
     *error_details = "Symmetric key setup failed";
     return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED;
   }
 
   return QUIC_NO_ERROR;
 }
 
 QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate(
     const CryptoHandshakeMessage& server_config_update,
     QuicWallTime now,
+    const QuicVersion version,
     CachedState* cached,
     QuicCryptoNegotiatedParameters* out_params,
     string* error_details) {
   DCHECK(error_details != nullptr);
 
   if (server_config_update.tag() != kSCUP) {
     *error_details = "ServerConfigUpdate must have kSCUP tag.";
     return QUIC_INVALID_CRYPTO_MESSAGE_TYPE;
   }
-
-  return CacheNewServerConfig(server_config_update, now,
+  return CacheNewServerConfig(server_config_update, now, version,
                               out_params->cached_certs, cached, error_details);
 }
 
 ProofVerifier* QuicCryptoClientConfig::proof_verifier() const {
   return proof_verifier_.get();
 }
 
 ChannelIDSource* QuicCryptoClientConfig::channel_id_source() const {
   return channel_id_source_.get();
 }
@@ skipping 67 matching lines @@
   }
 
   // Update canonical version to point at the "most recent" entry.
   canonical_server_map_[suffix_server_id] = server_id;
 
   server_state->InitializeFrom(*canonical_state);
   return true;
 }
 
 }  // namespace net