| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include <memory> | 7 #include <memory> |
| 8 | 8 |
| 9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 456 if (disable_ecdsa_) { | 456 if (disable_ecdsa_) { |
| 457 out->SetVector(kPDMD, QuicTagVector{kX59R}); | 457 out->SetVector(kPDMD, QuicTagVector{kX59R}); |
| 458 } else { | 458 } else { |
| 459 out->SetVector(kPDMD, QuicTagVector{kX509}); | 459 out->SetVector(kPDMD, QuicTagVector{kX509}); |
| 460 } | 460 } |
| 461 | 461 |
| 462 if (common_cert_sets) { | 462 if (common_cert_sets) { |
| 463 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); | 463 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); |
| 464 } | 464 } |
| 465 | 465 |
| 466 if (preferred_version > QUIC_VERSION_29) { | 466 out->SetStringPiece(kCertificateSCTTag, ""); |
| 467 out->SetStringPiece(kCertificateSCTTag, ""); | |
| 468 } | |
| 469 | 467 |
| 470 const vector<string>& certs = cached->certs(); | 468 const vector<string>& certs = cached->certs(); |
| 471 // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the | 469 // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the |
| 472 // client config is being used for multiple connections, another connection | 470 // client config is being used for multiple connections, another connection |
| 473 // doesn't update the cached certificates and cause us to be unable to | 471 // doesn't update the cached certificates and cause us to be unable to |
| 474 // process the server's compressed certificate chain. | 472 // process the server's compressed certificate chain. |
| 475 out_params->cached_certs = certs; | 473 out_params->cached_certs = certs; |
| 476 if (!certs.empty()) { | 474 if (!certs.empty()) { |
| 477 vector<uint64_t> hashes; | 475 vector<uint64_t> hashes; |
| 478 hashes.reserve(certs.size()); | 476 hashes.reserve(certs.size()); |
| (...skipping 30 matching lines...) Expand all Loading... |
| 509 return QUIC_CRYPTO_INTERNAL_ERROR; | 507 return QUIC_CRYPTO_INTERNAL_ERROR; |
| 510 } | 508 } |
| 511 | 509 |
| 512 StringPiece scid; | 510 StringPiece scid; |
| 513 if (!scfg->GetStringPiece(kSCID, &scid)) { | 511 if (!scfg->GetStringPiece(kSCID, &scid)) { |
| 514 *error_details = "SCFG missing SCID"; | 512 *error_details = "SCFG missing SCID"; |
| 515 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 513 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 516 } | 514 } |
| 517 out->SetStringPiece(kSCID, scid); | 515 out->SetStringPiece(kSCID, scid); |
| 518 | 516 |
| 519 if (preferred_version > QUIC_VERSION_29) { | 517 out->SetStringPiece(kCertificateSCTTag, ""); |
| 520 out->SetStringPiece(kCertificateSCTTag, ""); | |
| 521 } | |
| 522 | 518 |
| 523 const QuicTag* their_aeads; | 519 const QuicTag* their_aeads; |
| 524 const QuicTag* their_key_exchanges; | 520 const QuicTag* their_key_exchanges; |
| 525 size_t num_their_aeads, num_their_key_exchanges; | 521 size_t num_their_aeads, num_their_key_exchanges; |
| 526 if (scfg->GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != | 522 if (scfg->GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != |
| 527 QUIC_NO_ERROR || | 523 QUIC_NO_ERROR || |
| 528 scfg->GetTaglist(kKEXS, &their_key_exchanges, &num_their_key_exchanges) != | 524 scfg->GetTaglist(kKEXS, &their_key_exchanges, &num_their_key_exchanges) != |
| 529 QUIC_NO_ERROR) { | 525 QUIC_NO_ERROR) { |
| 530 *error_details = "Missing AEAD or KEXS"; | 526 *error_details = "Missing AEAD or KEXS"; |
| 531 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 527 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| (...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 606 } | 602 } |
| 607 | 603 |
| 608 if (!out_params->client_key_exchange->CalculateSharedKey( | 604 if (!out_params->client_key_exchange->CalculateSharedKey( |
| 609 public_value, &out_params->initial_premaster_secret)) { | 605 public_value, &out_params->initial_premaster_secret)) { |
| 610 *error_details = "Key exchange failure"; | 606 *error_details = "Key exchange failure"; |
| 611 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 607 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 612 } | 608 } |
| 613 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); | 609 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); |
| 614 | 610 |
| 615 const vector<string>& certs = cached->certs(); | 611 const vector<string>& certs = cached->certs(); |
| 616 if (preferred_version > QUIC_VERSION_25) { | 612 if (certs.empty()) { |
| 617 if (certs.empty()) { | 613 *error_details = "No certs to calculate XLCT"; |
| 618 *error_details = "No certs to calculate XLCT"; | 614 return QUIC_CRYPTO_INTERNAL_ERROR; |
| 619 return QUIC_CRYPTO_INTERNAL_ERROR; | |
| 620 } | |
| 621 out->SetValue(kXLCT, CryptoUtils::ComputeLeafCertHash(certs[0])); | |
| 622 } | 615 } |
| 616 out->SetValue(kXLCT, CryptoUtils::ComputeLeafCertHash(certs[0])); |
| 623 | 617 |
| 624 if (channel_id_key) { | 618 if (channel_id_key) { |
| 625 // In order to calculate the encryption key for the CETV block we need to | 619 // In order to calculate the encryption key for the CETV block we need to |
| 626 // serialise the client hello as it currently is (i.e. without the CETV | 620 // serialise the client hello as it currently is (i.e. without the CETV |
| 627 // block). For this, the client hello is serialized without padding. | 621 // block). For this, the client hello is serialized without padding. |
| 628 const size_t orig_min_size = out->minimum_size(); | 622 const size_t orig_min_size = out->minimum_size(); |
| 629 out->set_minimum_size(0); | 623 out->set_minimum_size(0); |
| 630 | 624 |
| 631 CryptoHandshakeMessage cetv; | 625 CryptoHandshakeMessage cetv; |
| 632 cetv.set_tag(kCETV); | 626 cetv.set_tag(kCETV); |
| (...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 684 // Set the following members of out_params: | 678 // Set the following members of out_params: |
| 685 // out_params->hkdf_input_suffix | 679 // out_params->hkdf_input_suffix |
| 686 // out_params->initial_crypters | 680 // out_params->initial_crypters |
| 687 out_params->hkdf_input_suffix.clear(); | 681 out_params->hkdf_input_suffix.clear(); |
| 688 out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id), | 682 out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id), |
| 689 sizeof(connection_id)); | 683 sizeof(connection_id)); |
| 690 const QuicData& client_hello_serialized = out->GetSerialized(); | 684 const QuicData& client_hello_serialized = out->GetSerialized(); |
| 691 out_params->hkdf_input_suffix.append(client_hello_serialized.data(), | 685 out_params->hkdf_input_suffix.append(client_hello_serialized.data(), |
| 692 client_hello_serialized.length()); | 686 client_hello_serialized.length()); |
| 693 out_params->hkdf_input_suffix.append(cached->server_config()); | 687 out_params->hkdf_input_suffix.append(cached->server_config()); |
| 694 if (preferred_version > QUIC_VERSION_25) { | 688 if (certs.empty()) { |
| 695 if (certs.empty()) { | 689 *error_details = "No certs found to include in KDF"; |
| 696 *error_details = "No certs found to include in KDF"; | 690 return QUIC_CRYPTO_INTERNAL_ERROR; |
| 697 return QUIC_CRYPTO_INTERNAL_ERROR; | |
| 698 } | |
| 699 out_params->hkdf_input_suffix.append(certs[0]); | |
| 700 } | 691 } |
| 692 out_params->hkdf_input_suffix.append(certs[0]); |
| 701 | 693 |
| 702 string hkdf_input; | 694 string hkdf_input; |
| 703 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 695 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
| 704 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); | 696 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); |
| 705 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 697 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
| 706 hkdf_input.append(out_params->hkdf_input_suffix); | 698 hkdf_input.append(out_params->hkdf_input_suffix); |
| 707 | 699 |
| 708 string* subkey_secret = &out_params->initial_subkey_secret; | 700 string* subkey_secret = &out_params->initial_subkey_secret; |
| 709 | 701 |
| 710 // Only perform key diversification for QUIC versions 33 and later. | 702 // Only perform key diversification for QUIC versions 33 and later. |
| (...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 761 bool has_proof = message.GetStringPiece(kPROF, &proof); | 753 bool has_proof = message.GetStringPiece(kPROF, &proof); |
| 762 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); | 754 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); |
| 763 if (has_proof && has_cert) { | 755 if (has_proof && has_cert) { |
| 764 vector<string> certs; | 756 vector<string> certs; |
| 765 if (!CertCompressor::DecompressChain(cert_bytes, cached_certs, | 757 if (!CertCompressor::DecompressChain(cert_bytes, cached_certs, |
| 766 common_cert_sets, &certs)) { | 758 common_cert_sets, &certs)) { |
| 767 *error_details = "Certificate data invalid"; | 759 *error_details = "Certificate data invalid"; |
| 768 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 760 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 769 } | 761 } |
| 770 | 762 |
| 771 if (version > QUIC_VERSION_29) { | 763 message.GetStringPiece(kCertificateSCTTag, &cert_sct); |
| 772 message.GetStringPiece(kCertificateSCTTag, &cert_sct); | |
| 773 } | |
| 774 cached->SetProof(certs, cert_sct, chlo_hash, proof); | 764 cached->SetProof(certs, cert_sct, chlo_hash, proof); |
| 775 } else { | 765 } else { |
| 776 // Secure QUIC: clear existing proof as we have been sent a new SCFG | 766 // Secure QUIC: clear existing proof as we have been sent a new SCFG |
| 777 // without matching proof/certs. | 767 // without matching proof/certs. |
| 778 cached->ClearProof(); | 768 cached->ClearProof(); |
| 779 | 769 |
| 780 if (has_proof && !has_cert) { | 770 if (has_proof && !has_cert) { |
| 781 *error_details = "Certificate missing"; | 771 *error_details = "Certificate missing"; |
| 782 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 772 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 783 } | 773 } |
| (...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 850 return valid; | 840 return valid; |
| 851 } | 841 } |
| 852 | 842 |
| 853 // Learn about updated source address tokens. | 843 // Learn about updated source address tokens. |
| 854 StringPiece token; | 844 StringPiece token; |
| 855 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { | 845 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { |
| 856 cached->set_source_address_token(token); | 846 cached->set_source_address_token(token); |
| 857 } | 847 } |
| 858 | 848 |
| 859 StringPiece shlo_nonce; | 849 StringPiece shlo_nonce; |
| 860 if (version > QUIC_VERSION_26 && | 850 if (!server_hello.GetStringPiece(kServerNonceTag, &shlo_nonce)) { |
| 861 !server_hello.GetStringPiece(kServerNonceTag, &shlo_nonce)) { | |
| 862 *error_details = "server hello missing server nonce"; | 851 *error_details = "server hello missing server nonce"; |
| 863 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 852 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 864 } | 853 } |
| 865 | 854 |
| 866 // TODO(agl): | 855 // TODO(agl): |
| 867 // learn about updated SCFGs. | 856 // learn about updated SCFGs. |
| 868 | 857 |
| 869 StringPiece public_value; | 858 StringPiece public_value; |
| 870 if (!server_hello.GetStringPiece(kPUBS, &public_value)) { | 859 if (!server_hello.GetStringPiece(kPUBS, &public_value)) { |
| 871 *error_details = "server hello missing forward secure public value"; | 860 *error_details = "server hello missing forward secure public value"; |
| (...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 993 } | 982 } |
| 994 | 983 |
| 995 // Update canonical version to point at the "most recent" entry. | 984 // Update canonical version to point at the "most recent" entry. |
| 996 canonical_server_map_[suffix_server_id] = server_id; | 985 canonical_server_map_[suffix_server_id] = server_id; |
| 997 | 986 |
| 998 server_state->InitializeFrom(*canonical_state); | 987 server_state->InitializeFrom(*canonical_state); |
| 999 return true; | 988 return true; |
| 1000 } | 989 } |
| 1001 | 990 |
| 1002 } // namespace net | 991 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2176323002:
Deprecate FLAGS_quic_disable_pre_30. Remove QUIC versions [25-29]. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@127879468