| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 // | |
| 5 // Some helpers for quic crypto | |
| 6 | |
| 7 #ifndef NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ | |
| 8 #define NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ | |
| 9 | |
| 10 #include <stddef.h> | |
| 11 #include <stdint.h> | |
| 12 | |
| 13 #include <string> | |
| 14 | |
| 15 #include "base/macros.h" | |
| 16 #include "base/strings/string_piece.h" | |
| 17 #include "net/base/net_export.h" | |
| 18 #include "net/quic/crypto/crypto_handshake.h" | |
| 19 #include "net/quic/crypto/crypto_handshake_message.h" | |
| 20 #include "net/quic/crypto/crypto_protocol.h" | |
| 21 #include "net/quic/quic_protocol.h" | |
| 22 #include "net/quic/quic_time.h" | |
| 23 | |
| 24 namespace net { | |
| 25 | |
| 26 class QuicTime; | |
| 27 class QuicRandom; | |
| 28 struct QuicCryptoNegotiatedParameters; | |
| 29 | |
| 30 class NET_EXPORT_PRIVATE CryptoUtils { | |
| 31 public: | |
| 32 // Diversification is a utility class that's used to act like a union type. | |
| 33 // Values can be created by calling the functions like |NoDiversification|, | |
| 34 // below. | |
| 35 class Diversification { | |
| 36 public: | |
| 37 enum Mode { | |
| 38 NEVER, // Key diversification will never be used. Forward secure | |
| 39 // crypters will always use this mode. | |
| 40 | |
| 41 PENDING, // Key diversification will happen when a nonce is later | |
| 42 // received. This should only be used by clients initial | |
| 43 // decrypters which are waiting on the divesification nonce | |
| 44 // from the server. | |
| 45 | |
| 46 NOW, // Key diversification will happen immediate based on the nonce. | |
| 47 // This should only be used by servers initial encrypters. | |
| 48 }; | |
| 49 | |
| 50 Diversification(const Diversification& diversification) = default; | |
| 51 | |
| 52 static Diversification Never() { return Diversification(NEVER, nullptr); } | |
| 53 static Diversification Pending() { | |
| 54 return Diversification(PENDING, nullptr); | |
| 55 } | |
| 56 static Diversification Now(DiversificationNonce* nonce) { | |
| 57 return Diversification(NOW, nonce); | |
| 58 } | |
| 59 | |
| 60 Mode mode() const { return mode_; } | |
| 61 DiversificationNonce* nonce() const { | |
| 62 DCHECK_EQ(mode_, NOW); | |
| 63 return nonce_; | |
| 64 } | |
| 65 | |
| 66 private: | |
| 67 Diversification(Mode mode, DiversificationNonce* nonce) | |
| 68 : mode_(mode), nonce_(nonce) {} | |
| 69 | |
| 70 Mode mode_; | |
| 71 DiversificationNonce* nonce_; | |
| 72 }; | |
| 73 | |
| 74 // Generates the connection nonce. The nonce is formed as: | |
| 75 // <4 bytes> current time | |
| 76 // <8 bytes> |orbit| (or random if |orbit| is empty) | |
| 77 // <20 bytes> random | |
| 78 static void GenerateNonce(QuicWallTime now, | |
| 79 QuicRandom* random_generator, | |
| 80 base::StringPiece orbit, | |
| 81 std::string* nonce); | |
| 82 | |
| 83 // Returns true if the sni is valid, false otherwise. | |
| 84 // (1) disallow IP addresses; | |
| 85 // (2) check that the hostname contains valid characters only; and | |
| 86 // (3) contains at least one dot. | |
| 87 static bool IsValidSNI(base::StringPiece sni); | |
| 88 | |
| 89 // Convert hostname to lowercase and remove the trailing '.'. | |
| 90 // Returns |hostname|. NormalizeHostname() doesn't support IP address | |
| 91 // literals. IsValidSNI() should be called before calling NormalizeHostname(). | |
| 92 static std::string NormalizeHostname(const char* hostname); | |
| 93 | |
| 94 // DeriveKeys populates |crypters->encrypter|, |crypters->decrypter|, and | |
| 95 // |subkey_secret| (optional -- may be null) given the contents of | |
| 96 // |premaster_secret|, |client_nonce|, |server_nonce| and |hkdf_input|. |aead| | |
| 97 // determines which cipher will be used. |perspective| controls whether the | |
| 98 // server's keys are assigned to |encrypter| or |decrypter|. |server_nonce| is | |
| 99 // optional and, if non-empty, is mixed into the key derivation. | |
| 100 // |subkey_secret| will have the same length as |premaster_secret|. | |
| 101 // | |
| 102 // If the mode of |diversification| is NEVER, the the crypters will be | |
| 103 // configured to never perform key diversification. If the mode is | |
| 104 // NOW (which is only for servers, then the encrypter will be keyed via a | |
| 105 // two-step process that uses the nonce from |diversification|. | |
| 106 // If the mode is PENDING (which is only for servres), then the | |
| 107 // decrypter will only be keyed to a preliminary state: a call to | |
| 108 // |SetDiversificationNonce| with a diversification nonce will be needed to | |
| 109 // complete keying. | |
| 110 static bool DeriveKeys(base::StringPiece premaster_secret, | |
| 111 QuicTag aead, | |
| 112 base::StringPiece client_nonce, | |
| 113 base::StringPiece server_nonce, | |
| 114 const std::string& hkdf_input, | |
| 115 Perspective perspective, | |
| 116 Diversification diversification, | |
| 117 CrypterPair* crypters, | |
| 118 std::string* subkey_secret); | |
| 119 | |
| 120 // Performs key extraction to derive a new secret of |result_len| bytes | |
| 121 // dependent on |subkey_secret|, |label|, and |context|. Returns false if the | |
| 122 // parameters are invalid (e.g. |label| contains null bytes); returns true on | |
| 123 // success. | |
| 124 static bool ExportKeyingMaterial(base::StringPiece subkey_secret, | |
| 125 base::StringPiece label, | |
| 126 base::StringPiece context, | |
| 127 size_t result_len, | |
| 128 std::string* result); | |
| 129 | |
| 130 // Computes the FNV-1a hash of the provided DER-encoded cert for use in the | |
| 131 // XLCT tag. | |
| 132 static uint64_t ComputeLeafCertHash(const std::string& cert); | |
| 133 | |
| 134 // Validates that |server_hello| is actually an SHLO message and that it is | |
| 135 // not part of a downgrade attack. | |
| 136 // | |
| 137 // Returns QUIC_NO_ERROR if this is the case or returns the appropriate error | |
| 138 // code and sets |error_details|. | |
| 139 static QuicErrorCode ValidateServerHello( | |
| 140 const CryptoHandshakeMessage& server_hello, | |
| 141 const QuicVersionVector& negotiated_versions, | |
| 142 std::string* error_details); | |
| 143 | |
| 144 // Validates that |client_hello| is actually a CHLO and that this is not part | |
| 145 // of a downgrade attack. | |
| 146 // This includes verifiying versions and detecting downgrade attacks. | |
| 147 // | |
| 148 // Returns QUIC_NO_ERROR if this is the case or returns the appropriate error | |
| 149 // code and sets |error_details|. | |
| 150 static QuicErrorCode ValidateClientHello( | |
| 151 const CryptoHandshakeMessage& client_hello, | |
| 152 QuicVersion version, | |
| 153 const QuicVersionVector& supported_versions, | |
| 154 std::string* error_details); | |
| 155 | |
| 156 // Returns the name of the HandshakeFailureReason as a char* | |
| 157 static const char* HandshakeFailureReasonToString( | |
| 158 HandshakeFailureReason reason); | |
| 159 | |
| 160 // Writes a hash of the serialized |message| into |output|. | |
| 161 static void HashHandshakeMessage(const CryptoHandshakeMessage& message, | |
| 162 std::string* output); | |
| 163 | |
| 164 private: | |
| 165 DISALLOW_COPY_AND_ASSIGN(CryptoUtils); | |
| 166 }; | |
| 167 | |
| 168 } // namespace net | |
| 169 | |
| 170 #endif // NET_QUIC_CRYPTO_CRYPTO_UTILS_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2193073003:
Move shared files in net/quic/ into net/quic/core/ (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master