OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
6 | 6 |
7 #include <memory> | 7 #include <memory> |
8 | 8 |
9 #include "base/metrics/histogram_macros.h" | 9 #include "base/metrics/histogram_macros.h" |
10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
(...skipping 445 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
456 if (disable_ecdsa_) { | 456 if (disable_ecdsa_) { |
457 out->SetVector(kPDMD, QuicTagVector{kX59R}); | 457 out->SetVector(kPDMD, QuicTagVector{kX59R}); |
458 } else { | 458 } else { |
459 out->SetVector(kPDMD, QuicTagVector{kX509}); | 459 out->SetVector(kPDMD, QuicTagVector{kX509}); |
460 } | 460 } |
461 | 461 |
462 if (common_cert_sets) { | 462 if (common_cert_sets) { |
463 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); | 463 out->SetStringPiece(kCCS, common_cert_sets->GetCommonHashes()); |
464 } | 464 } |
465 | 465 |
466 if (preferred_version > QUIC_VERSION_29) { | 466 out->SetStringPiece(kCertificateSCTTag, ""); |
467 out->SetStringPiece(kCertificateSCTTag, ""); | |
468 } | |
469 | 467 |
470 const vector<string>& certs = cached->certs(); | 468 const vector<string>& certs = cached->certs(); |
471 // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the | 469 // We save |certs| in the QuicCryptoNegotiatedParameters so that, if the |
472 // client config is being used for multiple connections, another connection | 470 // client config is being used for multiple connections, another connection |
473 // doesn't update the cached certificates and cause us to be unable to | 471 // doesn't update the cached certificates and cause us to be unable to |
474 // process the server's compressed certificate chain. | 472 // process the server's compressed certificate chain. |
475 out_params->cached_certs = certs; | 473 out_params->cached_certs = certs; |
476 if (!certs.empty()) { | 474 if (!certs.empty()) { |
477 vector<uint64_t> hashes; | 475 vector<uint64_t> hashes; |
478 hashes.reserve(certs.size()); | 476 hashes.reserve(certs.size()); |
(...skipping 30 matching lines...) Expand all Loading... |
509 return QUIC_CRYPTO_INTERNAL_ERROR; | 507 return QUIC_CRYPTO_INTERNAL_ERROR; |
510 } | 508 } |
511 | 509 |
512 StringPiece scid; | 510 StringPiece scid; |
513 if (!scfg->GetStringPiece(kSCID, &scid)) { | 511 if (!scfg->GetStringPiece(kSCID, &scid)) { |
514 *error_details = "SCFG missing SCID"; | 512 *error_details = "SCFG missing SCID"; |
515 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 513 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
516 } | 514 } |
517 out->SetStringPiece(kSCID, scid); | 515 out->SetStringPiece(kSCID, scid); |
518 | 516 |
519 if (preferred_version > QUIC_VERSION_29) { | 517 out->SetStringPiece(kCertificateSCTTag, ""); |
520 out->SetStringPiece(kCertificateSCTTag, ""); | |
521 } | |
522 | 518 |
523 const QuicTag* their_aeads; | 519 const QuicTag* their_aeads; |
524 const QuicTag* their_key_exchanges; | 520 const QuicTag* their_key_exchanges; |
525 size_t num_their_aeads, num_their_key_exchanges; | 521 size_t num_their_aeads, num_their_key_exchanges; |
526 if (scfg->GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != | 522 if (scfg->GetTaglist(kAEAD, &their_aeads, &num_their_aeads) != |
527 QUIC_NO_ERROR || | 523 QUIC_NO_ERROR || |
528 scfg->GetTaglist(kKEXS, &their_key_exchanges, &num_their_key_exchanges) != | 524 scfg->GetTaglist(kKEXS, &their_key_exchanges, &num_their_key_exchanges) != |
529 QUIC_NO_ERROR) { | 525 QUIC_NO_ERROR) { |
530 *error_details = "Missing AEAD or KEXS"; | 526 *error_details = "Missing AEAD or KEXS"; |
531 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 527 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
606 } | 602 } |
607 | 603 |
608 if (!out_params->client_key_exchange->CalculateSharedKey( | 604 if (!out_params->client_key_exchange->CalculateSharedKey( |
609 public_value, &out_params->initial_premaster_secret)) { | 605 public_value, &out_params->initial_premaster_secret)) { |
610 *error_details = "Key exchange failure"; | 606 *error_details = "Key exchange failure"; |
611 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 607 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
612 } | 608 } |
613 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); | 609 out->SetStringPiece(kPUBS, out_params->client_key_exchange->public_value()); |
614 | 610 |
615 const vector<string>& certs = cached->certs(); | 611 const vector<string>& certs = cached->certs(); |
616 if (preferred_version > QUIC_VERSION_25) { | 612 if (certs.empty()) { |
617 if (certs.empty()) { | 613 *error_details = "No certs to calculate XLCT"; |
618 *error_details = "No certs to calculate XLCT"; | 614 return QUIC_CRYPTO_INTERNAL_ERROR; |
619 return QUIC_CRYPTO_INTERNAL_ERROR; | |
620 } | |
621 out->SetValue(kXLCT, CryptoUtils::ComputeLeafCertHash(certs[0])); | |
622 } | 615 } |
| 616 out->SetValue(kXLCT, CryptoUtils::ComputeLeafCertHash(certs[0])); |
623 | 617 |
624 if (channel_id_key) { | 618 if (channel_id_key) { |
625 // In order to calculate the encryption key for the CETV block we need to | 619 // In order to calculate the encryption key for the CETV block we need to |
626 // serialise the client hello as it currently is (i.e. without the CETV | 620 // serialise the client hello as it currently is (i.e. without the CETV |
627 // block). For this, the client hello is serialized without padding. | 621 // block). For this, the client hello is serialized without padding. |
628 const size_t orig_min_size = out->minimum_size(); | 622 const size_t orig_min_size = out->minimum_size(); |
629 out->set_minimum_size(0); | 623 out->set_minimum_size(0); |
630 | 624 |
631 CryptoHandshakeMessage cetv; | 625 CryptoHandshakeMessage cetv; |
632 cetv.set_tag(kCETV); | 626 cetv.set_tag(kCETV); |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
684 // Set the following members of out_params: | 678 // Set the following members of out_params: |
685 // out_params->hkdf_input_suffix | 679 // out_params->hkdf_input_suffix |
686 // out_params->initial_crypters | 680 // out_params->initial_crypters |
687 out_params->hkdf_input_suffix.clear(); | 681 out_params->hkdf_input_suffix.clear(); |
688 out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id), | 682 out_params->hkdf_input_suffix.append(reinterpret_cast<char*>(&connection_id), |
689 sizeof(connection_id)); | 683 sizeof(connection_id)); |
690 const QuicData& client_hello_serialized = out->GetSerialized(); | 684 const QuicData& client_hello_serialized = out->GetSerialized(); |
691 out_params->hkdf_input_suffix.append(client_hello_serialized.data(), | 685 out_params->hkdf_input_suffix.append(client_hello_serialized.data(), |
692 client_hello_serialized.length()); | 686 client_hello_serialized.length()); |
693 out_params->hkdf_input_suffix.append(cached->server_config()); | 687 out_params->hkdf_input_suffix.append(cached->server_config()); |
694 if (preferred_version > QUIC_VERSION_25) { | 688 if (certs.empty()) { |
695 if (certs.empty()) { | 689 *error_details = "No certs found to include in KDF"; |
696 *error_details = "No certs found to include in KDF"; | 690 return QUIC_CRYPTO_INTERNAL_ERROR; |
697 return QUIC_CRYPTO_INTERNAL_ERROR; | |
698 } | |
699 out_params->hkdf_input_suffix.append(certs[0]); | |
700 } | 691 } |
| 692 out_params->hkdf_input_suffix.append(certs[0]); |
701 | 693 |
702 string hkdf_input; | 694 string hkdf_input; |
703 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 695 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
704 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); | 696 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); |
705 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 697 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
706 hkdf_input.append(out_params->hkdf_input_suffix); | 698 hkdf_input.append(out_params->hkdf_input_suffix); |
707 | 699 |
708 string* subkey_secret = &out_params->initial_subkey_secret; | 700 string* subkey_secret = &out_params->initial_subkey_secret; |
709 | 701 |
710 // Only perform key diversification for QUIC versions 33 and later. | 702 // Only perform key diversification for QUIC versions 33 and later. |
(...skipping 50 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
761 bool has_proof = message.GetStringPiece(kPROF, &proof); | 753 bool has_proof = message.GetStringPiece(kPROF, &proof); |
762 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); | 754 bool has_cert = message.GetStringPiece(kCertificateTag, &cert_bytes); |
763 if (has_proof && has_cert) { | 755 if (has_proof && has_cert) { |
764 vector<string> certs; | 756 vector<string> certs; |
765 if (!CertCompressor::DecompressChain(cert_bytes, cached_certs, | 757 if (!CertCompressor::DecompressChain(cert_bytes, cached_certs, |
766 common_cert_sets, &certs)) { | 758 common_cert_sets, &certs)) { |
767 *error_details = "Certificate data invalid"; | 759 *error_details = "Certificate data invalid"; |
768 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 760 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
769 } | 761 } |
770 | 762 |
771 if (version > QUIC_VERSION_29) { | 763 message.GetStringPiece(kCertificateSCTTag, &cert_sct); |
772 message.GetStringPiece(kCertificateSCTTag, &cert_sct); | |
773 } | |
774 cached->SetProof(certs, cert_sct, chlo_hash, proof); | 764 cached->SetProof(certs, cert_sct, chlo_hash, proof); |
775 } else { | 765 } else { |
776 // Secure QUIC: clear existing proof as we have been sent a new SCFG | 766 // Secure QUIC: clear existing proof as we have been sent a new SCFG |
777 // without matching proof/certs. | 767 // without matching proof/certs. |
778 cached->ClearProof(); | 768 cached->ClearProof(); |
779 | 769 |
780 if (has_proof && !has_cert) { | 770 if (has_proof && !has_cert) { |
781 *error_details = "Certificate missing"; | 771 *error_details = "Certificate missing"; |
782 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 772 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
783 } | 773 } |
(...skipping 66 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
850 return valid; | 840 return valid; |
851 } | 841 } |
852 | 842 |
853 // Learn about updated source address tokens. | 843 // Learn about updated source address tokens. |
854 StringPiece token; | 844 StringPiece token; |
855 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { | 845 if (server_hello.GetStringPiece(kSourceAddressTokenTag, &token)) { |
856 cached->set_source_address_token(token); | 846 cached->set_source_address_token(token); |
857 } | 847 } |
858 | 848 |
859 StringPiece shlo_nonce; | 849 StringPiece shlo_nonce; |
860 if (version > QUIC_VERSION_26 && | 850 if (!server_hello.GetStringPiece(kServerNonceTag, &shlo_nonce)) { |
861 !server_hello.GetStringPiece(kServerNonceTag, &shlo_nonce)) { | |
862 *error_details = "server hello missing server nonce"; | 851 *error_details = "server hello missing server nonce"; |
863 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 852 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
864 } | 853 } |
865 | 854 |
866 // TODO(agl): | 855 // TODO(agl): |
867 // learn about updated SCFGs. | 856 // learn about updated SCFGs. |
868 | 857 |
869 StringPiece public_value; | 858 StringPiece public_value; |
870 if (!server_hello.GetStringPiece(kPUBS, &public_value)) { | 859 if (!server_hello.GetStringPiece(kPUBS, &public_value)) { |
871 *error_details = "server hello missing forward secure public value"; | 860 *error_details = "server hello missing forward secure public value"; |
(...skipping 121 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
993 } | 982 } |
994 | 983 |
995 // Update canonical version to point at the "most recent" entry. | 984 // Update canonical version to point at the "most recent" entry. |
996 canonical_server_map_[suffix_server_id] = server_id; | 985 canonical_server_map_[suffix_server_id] = server_id; |
997 | 986 |
998 server_state->InitializeFrom(*canonical_state); | 987 server_state->InitializeFrom(*canonical_state); |
999 return true; | 988 return true; |
1000 } | 989 } |
1001 | 990 |
1002 } // namespace net | 991 } // namespace net |
OLD | NEW |