OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/core/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/core/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
8 | 8 |
9 #include <algorithm> | 9 #include <algorithm> |
10 #include <memory> | 10 #include <memory> |
11 | 11 |
12 #include "base/macros.h" | 12 #include "base/macros.h" |
13 #include "base/memory/ref_counted.h" | 13 #include "base/memory/ref_counted.h" |
14 #include "crypto/hkdf.h" | 14 #include "crypto/hkdf.h" |
15 #include "crypto/secure_hash.h" | 15 #include "crypto/secure_hash.h" |
16 #include "net/base/ip_address.h" | 16 #include "net/base/ip_address.h" |
17 #include "net/quic/core/crypto/aes_128_gcm_12_decrypter.h" | 17 #include "net/quic/core/crypto/aes_128_gcm_12_decrypter.h" |
18 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h" | 18 #include "net/quic/core/crypto/aes_128_gcm_12_encrypter.h" |
19 #include "net/quic/core/crypto/cert_compressor.h" | 19 #include "net/quic/core/crypto/cert_compressor.h" |
20 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" | 20 #include "net/quic/core/crypto/chacha20_poly1305_encrypter.h" |
21 #include "net/quic/core/crypto/channel_id.h" | 21 #include "net/quic/core/crypto/channel_id.h" |
22 #include "net/quic/core/crypto/crypto_framer.h" | 22 #include "net/quic/core/crypto/crypto_framer.h" |
23 #include "net/quic/core/crypto/crypto_handshake_message.h" | 23 #include "net/quic/core/crypto/crypto_handshake_message.h" |
24 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" | 24 #include "net/quic/core/crypto/crypto_server_config_protobuf.h" |
25 #include "net/quic/core/crypto/crypto_utils.h" | 25 #include "net/quic/core/crypto/crypto_utils.h" |
26 #include "net/quic/core/crypto/curve25519_key_exchange.h" | 26 #include "net/quic/core/crypto/curve25519_key_exchange.h" |
27 #include "net/quic/core/crypto/ephemeral_key_source.h" | 27 #include "net/quic/core/crypto/ephemeral_key_source.h" |
28 #include "net/quic/core/crypto/key_exchange.h" | 28 #include "net/quic/core/crypto/key_exchange.h" |
29 #include "net/quic/core/crypto/local_strike_register_client.h" | |
30 #include "net/quic/core/crypto/p256_key_exchange.h" | 29 #include "net/quic/core/crypto/p256_key_exchange.h" |
31 #include "net/quic/core/crypto/proof_source.h" | 30 #include "net/quic/core/crypto/proof_source.h" |
32 #include "net/quic/core/crypto/quic_decrypter.h" | 31 #include "net/quic/core/crypto/quic_decrypter.h" |
33 #include "net/quic/core/crypto/quic_encrypter.h" | 32 #include "net/quic/core/crypto/quic_encrypter.h" |
34 #include "net/quic/core/crypto/quic_random.h" | 33 #include "net/quic/core/crypto/quic_random.h" |
35 #include "net/quic/core/crypto/strike_register.h" | |
36 #include "net/quic/core/crypto/strike_register_client.h" | |
37 #include "net/quic/core/proto/source_address_token.pb.h" | 34 #include "net/quic/core/proto/source_address_token.pb.h" |
38 #include "net/quic/core/quic_bug_tracker.h" | 35 #include "net/quic/core/quic_bug_tracker.h" |
39 #include "net/quic/core/quic_clock.h" | 36 #include "net/quic/core/quic_clock.h" |
40 #include "net/quic/core/quic_flags.h" | 37 #include "net/quic/core/quic_flags.h" |
41 #include "net/quic/core/quic_protocol.h" | 38 #include "net/quic/core/quic_protocol.h" |
42 #include "net/quic/core/quic_socket_address_coder.h" | 39 #include "net/quic/core/quic_socket_address_coder.h" |
43 #include "net/quic/core/quic_utils.h" | 40 #include "net/quic/core/quic_utils.h" |
44 | 41 |
45 using base::StringPiece; | 42 using base::StringPiece; |
46 using crypto::SecureHash; | 43 using crypto::SecureHash; |
(...skipping 60 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
107 done_cb_ = nullptr; | 104 done_cb_ = nullptr; |
108 } | 105 } |
109 | 106 |
110 private: | 107 private: |
111 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; | 108 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; |
112 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; | 109 std::unique_ptr<ValidateClientHelloResultCallback>* done_cb_; |
113 | 110 |
114 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); | 111 DISALLOW_COPY_AND_ASSIGN(ValidateClientHelloHelper); |
115 }; | 112 }; |
116 | 113 |
117 class VerifyNonceIsValidAndUniqueCallback | |
118 : public StrikeRegisterClient::ResultCallback { | |
119 public: | |
120 VerifyNonceIsValidAndUniqueCallback( | |
121 scoped_refptr<ValidateClientHelloResultCallback::Result> result, | |
122 std::unique_ptr<ProofSource::Details> proof_source_details, | |
123 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | |
124 : result_(std::move(result)), | |
125 proof_source_details_(std::move(proof_source_details)), | |
126 done_cb_(std::move(done_cb)) {} | |
127 | |
128 protected: | |
129 void RunImpl(bool nonce_is_valid_and_unique, | |
130 InsertStatus nonce_error) override { | |
131 DVLOG(1) << "Using client nonce, unique: " << nonce_is_valid_and_unique | |
132 << " nonce_error: " << nonce_error; | |
133 if (!nonce_is_valid_and_unique) { | |
134 HandshakeFailureReason client_nonce_error; | |
135 switch (nonce_error) { | |
136 case NONCE_INVALID_FAILURE: | |
137 client_nonce_error = CLIENT_NONCE_INVALID_FAILURE; | |
138 break; | |
139 case NONCE_NOT_UNIQUE_FAILURE: | |
140 client_nonce_error = CLIENT_NONCE_NOT_UNIQUE_FAILURE; | |
141 break; | |
142 case NONCE_INVALID_ORBIT_FAILURE: | |
143 client_nonce_error = CLIENT_NONCE_INVALID_ORBIT_FAILURE; | |
144 break; | |
145 case NONCE_INVALID_TIME_FAILURE: | |
146 client_nonce_error = CLIENT_NONCE_INVALID_TIME_FAILURE; | |
147 break; | |
148 case STRIKE_REGISTER_TIMEOUT: | |
149 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT; | |
150 break; | |
151 case STRIKE_REGISTER_FAILURE: | |
152 client_nonce_error = CLIENT_NONCE_STRIKE_REGISTER_FAILURE; | |
153 break; | |
154 case NONCE_UNKNOWN_FAILURE: | |
155 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | |
156 break; | |
157 case NONCE_OK: | |
158 default: | |
159 QUIC_BUG << "Unexpected client nonce error: " << nonce_error; | |
160 client_nonce_error = CLIENT_NONCE_UNKNOWN_FAILURE; | |
161 break; | |
162 } | |
163 result_->info.reject_reasons.push_back(client_nonce_error); | |
164 } | |
165 done_cb_->Run(result_, std::move(proof_source_details_)); | |
166 } | |
167 | |
168 private: | |
169 scoped_refptr<ValidateClientHelloResultCallback::Result> result_; | |
170 std::unique_ptr<ProofSource::Details> proof_source_details_; | |
171 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | |
172 | |
173 DISALLOW_COPY_AND_ASSIGN(VerifyNonceIsValidAndUniqueCallback); | |
174 }; | |
175 | |
176 // static | 114 // static |
177 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; | 115 const char QuicCryptoServerConfig::TESTING[] = "secret string for testing"; |
178 | 116 |
179 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, | 117 ClientHelloInfo::ClientHelloInfo(const IPAddress& in_client_ip, |
180 QuicWallTime in_now) | 118 QuicWallTime in_now) |
181 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {} | 119 : client_ip(in_client_ip), now(in_now), valid_source_address_token(false) {} |
182 | 120 |
183 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default; | 121 ClientHelloInfo::ClientHelloInfo(const ClientHelloInfo& other) = default; |
184 | 122 |
185 ClientHelloInfo::~ClientHelloInfo() {} | 123 ClientHelloInfo::~ClientHelloInfo() {} |
(...skipping 32 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
218 | 156 |
219 QuicCryptoServerConfig::QuicCryptoServerConfig( | 157 QuicCryptoServerConfig::QuicCryptoServerConfig( |
220 StringPiece source_address_token_secret, | 158 StringPiece source_address_token_secret, |
221 QuicRandom* server_nonce_entropy, | 159 QuicRandom* server_nonce_entropy, |
222 std::unique_ptr<ProofSource> proof_source) | 160 std::unique_ptr<ProofSource> proof_source) |
223 : replay_protection_(true), | 161 : replay_protection_(true), |
224 chlo_multiplier_(kMultiplier), | 162 chlo_multiplier_(kMultiplier), |
225 configs_lock_(), | 163 configs_lock_(), |
226 primary_config_(nullptr), | 164 primary_config_(nullptr), |
227 next_config_promotion_time_(QuicWallTime::Zero()), | 165 next_config_promotion_time_(QuicWallTime::Zero()), |
228 server_nonce_strike_register_lock_(), | |
229 proof_source_(std::move(proof_source)), | 166 proof_source_(std::move(proof_source)), |
230 strike_register_no_startup_period_(false), | |
231 strike_register_max_entries_(1 << 10), | |
232 strike_register_window_secs_(600), | |
233 source_address_token_future_secs_(3600), | 167 source_address_token_future_secs_(3600), |
234 source_address_token_lifetime_secs_(86400), | 168 source_address_token_lifetime_secs_(86400), |
235 server_nonce_strike_register_max_entries_(1 << 10), | |
236 server_nonce_strike_register_window_secs_(120), | |
237 enable_serving_sct_(false), | 169 enable_serving_sct_(false), |
238 rejection_observer_(nullptr) { | 170 rejection_observer_(nullptr) { |
239 DCHECK(proof_source_.get()); | 171 DCHECK(proof_source_.get()); |
240 source_address_token_boxer_.SetKeys( | 172 source_address_token_boxer_.SetKeys( |
241 {DeriveSourceAddressTokenKey(source_address_token_secret)}); | 173 {DeriveSourceAddressTokenKey(source_address_token_secret)}); |
242 | 174 |
243 // Generate a random key and orbit for server nonces. | 175 // Generate a random key and orbit for server nonces. |
244 server_nonce_entropy->RandBytes(server_nonce_orbit_, | 176 server_nonce_entropy->RandBytes(server_nonce_orbit_, |
245 sizeof(server_nonce_orbit_)); | 177 sizeof(server_nonce_orbit_)); |
246 const size_t key_size = server_nonce_boxer_.GetKeySize(); | 178 const size_t key_size = server_nonce_boxer_.GetKeySize(); |
(...skipping 160 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
407 } | 339 } |
408 | 340 |
409 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig( | 341 CryptoHandshakeMessage* QuicCryptoServerConfig::AddDefaultConfig( |
410 QuicRandom* rand, | 342 QuicRandom* rand, |
411 const QuicClock* clock, | 343 const QuicClock* clock, |
412 const ConfigOptions& options) { | 344 const ConfigOptions& options) { |
413 return AddConfig(GenerateConfig(rand, clock, options), clock->WallNow()); | 345 return AddConfig(GenerateConfig(rand, clock, options), clock->WallNow()); |
414 } | 346 } |
415 | 347 |
416 bool QuicCryptoServerConfig::SetConfigs( | 348 bool QuicCryptoServerConfig::SetConfigs( |
417 const vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs, | 349 const std::vector<std::unique_ptr<QuicServerConfigProtobuf>>& protobufs, |
418 const QuicWallTime now) { | 350 const QuicWallTime now) { |
419 vector<scoped_refptr<Config>> parsed_configs; | 351 std::vector<scoped_refptr<Config>> parsed_configs; |
420 bool ok = true; | 352 bool ok = true; |
421 | 353 |
422 for (auto& protobuf : protobufs) { | 354 for (auto& protobuf : protobufs) { |
423 scoped_refptr<Config> config(ParseConfigProtobuf(protobuf)); | 355 scoped_refptr<Config> config(ParseConfigProtobuf(protobuf)); |
424 if (!config.get()) { | 356 if (!config.get()) { |
425 ok = false; | 357 ok = false; |
426 break; | 358 break; |
427 } | 359 } |
428 | 360 |
429 parsed_configs.push_back(config); | 361 parsed_configs.push_back(config); |
430 } | 362 } |
431 | 363 |
432 if (parsed_configs.empty()) { | 364 if (parsed_configs.empty()) { |
433 LOG(WARNING) << "New config list is empty."; | 365 LOG(WARNING) << "New config list is empty."; |
434 ok = false; | 366 ok = false; |
435 } | 367 } |
436 | 368 |
437 if (!ok) { | 369 if (!ok) { |
438 LOG(WARNING) << "Rejecting QUIC configs because of above errors"; | 370 LOG(WARNING) << "Rejecting QUIC configs because of above errors"; |
439 } else { | 371 } else { |
440 VLOG(1) << "Updating configs:"; | 372 VLOG(1) << "Updating configs:"; |
441 | 373 |
442 base::AutoLock locked(configs_lock_); | 374 base::AutoLock locked(configs_lock_); |
443 ConfigMap new_configs; | 375 ConfigMap new_configs; |
444 | 376 |
445 for (vector<scoped_refptr<Config>>::const_iterator i = | 377 for (std::vector<scoped_refptr<Config>>::const_iterator i = |
446 parsed_configs.begin(); | 378 parsed_configs.begin(); |
447 i != parsed_configs.end(); ++i) { | 379 i != parsed_configs.end(); ++i) { |
448 scoped_refptr<Config> config = *i; | 380 scoped_refptr<Config> config = *i; |
449 | 381 |
450 ConfigMap::iterator it = configs_.find(config->id); | 382 ConfigMap::iterator it = configs_.find(config->id); |
451 if (it != configs_.end()) { | 383 if (it != configs_.end()) { |
452 VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id) | 384 VLOG(1) << "Keeping scid: " << QuicUtils::HexEncode(config->id) |
453 << " orbit: " | 385 << " orbit: " |
454 << QuicUtils::HexEncode( | 386 << QuicUtils::HexEncode( |
455 reinterpret_cast<const char*>(config->orbit), kOrbitSize) | 387 reinterpret_cast<const char*>(config->orbit), kOrbitSize) |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
493 scids->push_back(it->first); | 425 scids->push_back(it->first); |
494 } | 426 } |
495 } | 427 } |
496 | 428 |
497 void QuicCryptoServerConfig::ValidateClientHello( | 429 void QuicCryptoServerConfig::ValidateClientHello( |
498 const CryptoHandshakeMessage& client_hello, | 430 const CryptoHandshakeMessage& client_hello, |
499 const IPAddress& client_ip, | 431 const IPAddress& client_ip, |
500 const IPAddress& server_ip, | 432 const IPAddress& server_ip, |
501 QuicVersion version, | 433 QuicVersion version, |
502 const QuicClock* clock, | 434 const QuicClock* clock, |
503 scoped_refptr<QuicCryptoProof> crypto_proof, | 435 scoped_refptr<QuicSignedServerConfig> signed_config, |
504 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 436 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
505 const QuicWallTime now(clock->WallNow()); | 437 const QuicWallTime now(clock->WallNow()); |
506 | 438 |
507 scoped_refptr<ValidateClientHelloResultCallback::Result> result( | 439 scoped_refptr<ValidateClientHelloResultCallback::Result> result( |
508 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 440 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
509 now)); | 441 now)); |
510 | 442 |
511 StringPiece requested_scid; | 443 StringPiece requested_scid; |
512 client_hello.GetStringPiece(kSCID, &requested_scid); | 444 client_hello.GetStringPiece(kSCID, &requested_scid); |
513 | 445 |
514 scoped_refptr<Config> requested_config; | 446 scoped_refptr<Config> requested_config; |
515 scoped_refptr<Config> primary_config; | 447 scoped_refptr<Config> primary_config; |
516 { | 448 { |
517 base::AutoLock locked(configs_lock_); | 449 base::AutoLock locked(configs_lock_); |
518 | 450 |
519 if (!primary_config_.get()) { | 451 if (!primary_config_.get()) { |
520 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; | 452 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; |
521 result->error_details = "No configurations loaded"; | 453 result->error_details = "No configurations loaded"; |
522 } else { | 454 } else { |
523 if (!next_config_promotion_time_.IsZero() && | 455 if (!next_config_promotion_time_.IsZero() && |
524 next_config_promotion_time_.IsAfter(now)) { | 456 next_config_promotion_time_.IsAfter(now)) { |
525 SelectNewPrimaryConfig(now); | 457 SelectNewPrimaryConfig(now); |
526 DCHECK(primary_config_.get()); | 458 DCHECK(primary_config_.get()); |
527 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 459 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
528 } | 460 } |
529 } | 461 } |
530 | 462 |
531 requested_config = GetConfigWithScid(requested_scid); | 463 requested_config = GetConfigWithScid(requested_scid); |
532 primary_config = primary_config_; | 464 primary_config = primary_config_; |
533 crypto_proof->config = primary_config_; | 465 signed_config->config = primary_config_; |
534 } | 466 } |
535 | 467 |
536 if (result->error_code == QUIC_NO_ERROR) { | 468 if (result->error_code == QUIC_NO_ERROR) { |
537 // QUIC requires a new proof for each CHLO so clear any existing proof. | 469 // QUIC requires a new proof for each CHLO so clear any existing proof. |
538 crypto_proof->chain = nullptr; | 470 signed_config->chain = nullptr; |
539 crypto_proof->signature = ""; | 471 signed_config->signature = ""; |
540 crypto_proof->cert_sct = ""; | 472 signed_config->cert_sct = ""; |
541 EvaluateClientHello(server_ip, version, requested_config, primary_config, | 473 EvaluateClientHello(server_ip, version, requested_config, primary_config, |
542 crypto_proof, result, std::move(done_cb)); | 474 signed_config, result, std::move(done_cb)); |
543 } else { | 475 } else { |
544 done_cb->Run(result, /* details = */ nullptr); | 476 done_cb->Run(result, /* details = */ nullptr); |
545 } | 477 } |
546 } | 478 } |
547 | 479 |
548 class ProcessClientHelloHelper { | 480 class ProcessClientHelloHelper { |
549 public: | 481 public: |
550 explicit ProcessClientHelloHelper( | 482 explicit ProcessClientHelloHelper( |
551 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) | 483 std::unique_ptr<ProcessClientHelloResultCallback>* done_cb) |
552 : done_cb_(done_cb) {} | 484 : done_cb_(done_cb) {} |
(...skipping 37 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
590 QuicConnectionId connection_id, | 522 QuicConnectionId connection_id, |
591 const IPEndPoint& client_address, | 523 const IPEndPoint& client_address, |
592 QuicVersion version, | 524 QuicVersion version, |
593 const QuicVersionVector& supported_versions, | 525 const QuicVersionVector& supported_versions, |
594 bool use_stateless_rejects, | 526 bool use_stateless_rejects, |
595 QuicConnectionId server_designated_connection_id, | 527 QuicConnectionId server_designated_connection_id, |
596 const QuicClock* clock, | 528 const QuicClock* clock, |
597 QuicRandom* rand, | 529 QuicRandom* rand, |
598 QuicCompressedCertsCache* compressed_certs_cache, | 530 QuicCompressedCertsCache* compressed_certs_cache, |
599 scoped_refptr<QuicCryptoNegotiatedParameters> params, | 531 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
600 scoped_refptr<QuicCryptoProof> crypto_proof, | 532 scoped_refptr<QuicSignedServerConfig> signed_config, |
601 QuicByteCount total_framing_overhead, | 533 QuicByteCount total_framing_overhead, |
602 QuicByteCount chlo_packet_size, | 534 QuicByteCount chlo_packet_size, |
603 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, | 535 const scoped_refptr<QuicCryptoServerConfig::Config>& requested_config, |
604 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, | 536 const scoped_refptr<QuicCryptoServerConfig::Config>& primary_config, |
605 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) | 537 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) |
606 : config_(config), | 538 : config_(config), |
607 validate_chlo_result_(std::move(validate_chlo_result)), | 539 validate_chlo_result_(std::move(validate_chlo_result)), |
608 reject_only_(reject_only), | 540 reject_only_(reject_only), |
609 connection_id_(connection_id), | 541 connection_id_(connection_id), |
610 client_address_(client_address), | 542 client_address_(client_address), |
611 version_(version), | 543 version_(version), |
612 supported_versions_(supported_versions), | 544 supported_versions_(supported_versions), |
613 use_stateless_rejects_(use_stateless_rejects), | 545 use_stateless_rejects_(use_stateless_rejects), |
614 server_designated_connection_id_(server_designated_connection_id), | 546 server_designated_connection_id_(server_designated_connection_id), |
615 clock_(clock), | 547 clock_(clock), |
616 rand_(rand), | 548 rand_(rand), |
617 compressed_certs_cache_(compressed_certs_cache), | 549 compressed_certs_cache_(compressed_certs_cache), |
618 params_(params), | 550 params_(params), |
619 crypto_proof_(crypto_proof), | 551 signed_config_(signed_config), |
620 total_framing_overhead_(total_framing_overhead), | 552 total_framing_overhead_(total_framing_overhead), |
621 chlo_packet_size_(chlo_packet_size), | 553 chlo_packet_size_(chlo_packet_size), |
622 requested_config_(requested_config), | 554 requested_config_(requested_config), |
623 primary_config_(primary_config), | 555 primary_config_(primary_config), |
624 done_cb_(std::move(done_cb)) {} | 556 done_cb_(std::move(done_cb)) {} |
625 | 557 |
626 void Run(bool ok, | 558 void Run(bool ok, |
627 const scoped_refptr<ProofSource::Chain>& chain, | 559 const scoped_refptr<ProofSource::Chain>& chain, |
628 const string& signature, | 560 const QuicCryptoProof& proof, |
629 const string& leaf_cert_sct, | |
630 std::unique_ptr<ProofSource::Details> details) override { | 561 std::unique_ptr<ProofSource::Details> details) override { |
631 if (ok) { | 562 if (ok) { |
632 crypto_proof_->chain = chain; | 563 signed_config_->chain = chain; |
633 crypto_proof_->signature = signature; | 564 signed_config_->signature = proof.signature; |
634 crypto_proof_->cert_sct = leaf_cert_sct; | 565 signed_config_->cert_sct = proof.leaf_cert_scts; |
| 566 signed_config_->send_expect_ct_header = proof.send_expect_ct_header; |
635 } | 567 } |
636 config_->ProcessClientHelloAfterGetProof( | 568 config_->ProcessClientHelloAfterGetProof( |
637 !ok, std::move(details), *validate_chlo_result_, reject_only_, | 569 !ok, std::move(details), *validate_chlo_result_, reject_only_, |
638 connection_id_, client_address_, version_, supported_versions_, | 570 connection_id_, client_address_, version_, supported_versions_, |
639 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_, | 571 use_stateless_rejects_, server_designated_connection_id_, clock_, rand_, |
640 compressed_certs_cache_, params_, crypto_proof_, | 572 compressed_certs_cache_, params_, signed_config_, |
641 total_framing_overhead_, chlo_packet_size_, requested_config_, | 573 total_framing_overhead_, chlo_packet_size_, requested_config_, |
642 primary_config_, std::move(done_cb_)); | 574 primary_config_, std::move(done_cb_)); |
643 } | 575 } |
644 | 576 |
645 private: | 577 private: |
646 const QuicCryptoServerConfig* config_; | 578 const QuicCryptoServerConfig* config_; |
647 const scoped_refptr<ValidateClientHelloResultCallback::Result> | 579 const scoped_refptr<ValidateClientHelloResultCallback::Result> |
648 validate_chlo_result_; | 580 validate_chlo_result_; |
649 const bool reject_only_; | 581 const bool reject_only_; |
650 const QuicConnectionId connection_id_; | 582 const QuicConnectionId connection_id_; |
651 const IPEndPoint client_address_; | 583 const IPEndPoint client_address_; |
652 const QuicVersion version_; | 584 const QuicVersion version_; |
653 const QuicVersionVector supported_versions_; | 585 const QuicVersionVector supported_versions_; |
654 const bool use_stateless_rejects_; | 586 const bool use_stateless_rejects_; |
655 const QuicConnectionId server_designated_connection_id_; | 587 const QuicConnectionId server_designated_connection_id_; |
656 const QuicClock* const clock_; | 588 const QuicClock* const clock_; |
657 QuicRandom* const rand_; | 589 QuicRandom* const rand_; |
658 QuicCompressedCertsCache* compressed_certs_cache_; | 590 QuicCompressedCertsCache* compressed_certs_cache_; |
659 scoped_refptr<QuicCryptoNegotiatedParameters> params_; | 591 scoped_refptr<QuicCryptoNegotiatedParameters> params_; |
660 scoped_refptr<QuicCryptoProof> crypto_proof_; | 592 scoped_refptr<QuicSignedServerConfig> signed_config_; |
661 const QuicByteCount total_framing_overhead_; | 593 const QuicByteCount total_framing_overhead_; |
662 const QuicByteCount chlo_packet_size_; | 594 const QuicByteCount chlo_packet_size_; |
663 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 595 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
664 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 596 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
665 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; | 597 std::unique_ptr<ProcessClientHelloResultCallback> done_cb_; |
666 }; | 598 }; |
667 | 599 |
668 void QuicCryptoServerConfig::ProcessClientHello( | 600 void QuicCryptoServerConfig::ProcessClientHello( |
669 scoped_refptr<ValidateClientHelloResultCallback::Result> | 601 scoped_refptr<ValidateClientHelloResultCallback::Result> |
670 validate_chlo_result, | 602 validate_chlo_result, |
671 bool reject_only, | 603 bool reject_only, |
672 QuicConnectionId connection_id, | 604 QuicConnectionId connection_id, |
673 const IPAddress& server_ip, | 605 const IPAddress& server_ip, |
674 const IPEndPoint& client_address, | 606 const IPEndPoint& client_address, |
675 QuicVersion version, | 607 QuicVersion version, |
676 const QuicVersionVector& supported_versions, | 608 const QuicVersionVector& supported_versions, |
677 bool use_stateless_rejects, | 609 bool use_stateless_rejects, |
678 QuicConnectionId server_designated_connection_id, | 610 QuicConnectionId server_designated_connection_id, |
679 const QuicClock* clock, | 611 const QuicClock* clock, |
680 QuicRandom* rand, | 612 QuicRandom* rand, |
681 QuicCompressedCertsCache* compressed_certs_cache, | 613 QuicCompressedCertsCache* compressed_certs_cache, |
682 scoped_refptr<QuicCryptoNegotiatedParameters> params, | 614 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
683 scoped_refptr<QuicCryptoProof> crypto_proof, | 615 scoped_refptr<QuicSignedServerConfig> signed_config, |
684 QuicByteCount total_framing_overhead, | 616 QuicByteCount total_framing_overhead, |
685 QuicByteCount chlo_packet_size, | 617 QuicByteCount chlo_packet_size, |
686 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { | 618 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { |
687 DCHECK(done_cb); | 619 DCHECK(done_cb); |
688 | 620 |
689 ProcessClientHelloHelper helper(&done_cb); | 621 ProcessClientHelloHelper helper(&done_cb); |
690 | 622 |
691 const CryptoHandshakeMessage& client_hello = | 623 const CryptoHandshakeMessage& client_hello = |
692 validate_chlo_result->client_hello; | 624 validate_chlo_result->client_hello; |
693 const ClientHelloInfo& info = validate_chlo_result->info; | 625 const ClientHelloInfo& info = validate_chlo_result->info; |
(...skipping 21 matching lines...) Expand all Loading... |
715 } else { | 647 } else { |
716 if (!next_config_promotion_time_.IsZero() && | 648 if (!next_config_promotion_time_.IsZero() && |
717 next_config_promotion_time_.IsAfter(now)) { | 649 next_config_promotion_time_.IsAfter(now)) { |
718 SelectNewPrimaryConfig(now); | 650 SelectNewPrimaryConfig(now); |
719 DCHECK(primary_config_.get()); | 651 DCHECK(primary_config_.get()); |
720 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 652 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
721 } | 653 } |
722 | 654 |
723 // Use the config that the client requested in order to do key-agreement. | 655 // Use the config that the client requested in order to do key-agreement. |
724 // Otherwise give it a copy of |primary_config_| to use. | 656 // Otherwise give it a copy of |primary_config_| to use. |
725 primary_config = crypto_proof->config; | 657 primary_config = signed_config->config; |
726 requested_config = GetConfigWithScid(requested_scid); | 658 requested_config = GetConfigWithScid(requested_scid); |
727 } | 659 } |
728 } | 660 } |
729 if (no_primary_config) { | 661 if (no_primary_config) { |
730 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "No configurations loaded"); | 662 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "No configurations loaded"); |
731 return; | 663 return; |
732 } | 664 } |
733 | 665 |
734 if (validate_chlo_result->error_code != QUIC_NO_ERROR) { | 666 if (validate_chlo_result->error_code != QUIC_NO_ERROR) { |
735 helper.Fail(validate_chlo_result->error_code, | 667 helper.Fail(validate_chlo_result->error_code, |
736 validate_chlo_result->error_details); | 668 validate_chlo_result->error_details); |
737 return; | 669 return; |
738 } | 670 } |
739 | 671 |
740 if (!ClientDemandsX509Proof(client_hello)) { | 672 if (!ClientDemandsX509Proof(client_hello)) { |
741 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); | 673 helper.Fail(QUIC_UNSUPPORTED_PROOF_DEMAND, "Missing or invalid PDMD"); |
742 return; | 674 return; |
743 } | 675 } |
744 DCHECK(proof_source_.get()); | 676 DCHECK(proof_source_.get()); |
745 string chlo_hash; | 677 string chlo_hash; |
746 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 678 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
747 | 679 |
748 // No need to get a new proof if one was already generated. | 680 // No need to get a new proof if one was already generated. |
749 if (!crypto_proof->chain) { | 681 if (!signed_config->chain) { |
750 const QuicTag* tag_ptr; | 682 const QuicTag* tag_ptr; |
751 size_t num_tags; | 683 size_t num_tags; |
752 QuicTagVector connection_options; | 684 QuicTagVector connection_options; |
753 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { | 685 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
754 connection_options.assign(tag_ptr, tag_ptr + num_tags); | 686 connection_options.assign(tag_ptr, tag_ptr + num_tags); |
755 } | 687 } |
756 if (FLAGS_enable_async_get_proof) { | 688 if (FLAGS_enable_async_get_proof) { |
757 std::unique_ptr<ProcessClientHelloCallback> cb( | 689 std::unique_ptr<ProcessClientHelloCallback> cb( |
758 new ProcessClientHelloCallback( | 690 new ProcessClientHelloCallback( |
759 this, validate_chlo_result, reject_only, connection_id, | 691 this, validate_chlo_result, reject_only, connection_id, |
760 client_address, version, supported_versions, | 692 client_address, version, supported_versions, |
761 use_stateless_rejects, server_designated_connection_id, clock, | 693 use_stateless_rejects, server_designated_connection_id, clock, |
762 rand, compressed_certs_cache, params, crypto_proof, | 694 rand, compressed_certs_cache, params, signed_config, |
763 total_framing_overhead, chlo_packet_size, requested_config, | 695 total_framing_overhead, chlo_packet_size, requested_config, |
764 primary_config, std::move(done_cb))); | 696 primary_config, std::move(done_cb))); |
765 proof_source_->GetProof(server_ip, info.sni.as_string(), | 697 proof_source_->GetProof(server_ip, info.sni.as_string(), |
766 primary_config->serialized, version, chlo_hash, | 698 primary_config->serialized, version, chlo_hash, |
767 connection_options, std::move(cb)); | 699 connection_options, std::move(cb)); |
768 helper.DetachCallback(); | 700 helper.DetachCallback(); |
769 return; | 701 return; |
770 } | 702 } |
771 | 703 |
772 if (!proof_source_->GetProof( | 704 QuicCryptoProof proof; |
773 server_ip, info.sni.as_string(), primary_config->serialized, | 705 if (!proof_source_->GetProof(server_ip, info.sni.as_string(), |
774 version, chlo_hash, connection_options, &crypto_proof->chain, | 706 primary_config->serialized, version, chlo_hash, |
775 &crypto_proof->signature, &crypto_proof->cert_sct)) { | 707 connection_options, &signed_config->chain, |
| 708 &proof)) { |
776 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); | 709 helper.Fail(QUIC_HANDSHAKE_FAILED, "Missing or invalid crypto proof."); |
777 return; | 710 return; |
778 } | 711 } |
| 712 signed_config->signature = proof.signature; |
| 713 signed_config->cert_sct = proof.leaf_cert_scts; |
779 } | 714 } |
780 | 715 |
781 helper.DetachCallback(); | 716 helper.DetachCallback(); |
782 ProcessClientHelloAfterGetProof( | 717 ProcessClientHelloAfterGetProof( |
783 /* found_error = */ false, /* proof_source_details = */ nullptr, | 718 /* found_error = */ false, /* proof_source_details = */ nullptr, |
784 *validate_chlo_result, reject_only, connection_id, client_address, | 719 *validate_chlo_result, reject_only, connection_id, client_address, |
785 version, supported_versions, use_stateless_rejects, | 720 version, supported_versions, use_stateless_rejects, |
786 server_designated_connection_id, clock, rand, compressed_certs_cache, | 721 server_designated_connection_id, clock, rand, compressed_certs_cache, |
787 params, crypto_proof, total_framing_overhead, chlo_packet_size, | 722 params, signed_config, total_framing_overhead, chlo_packet_size, |
788 requested_config, primary_config, std::move(done_cb)); | 723 requested_config, primary_config, std::move(done_cb)); |
789 } | 724 } |
790 | 725 |
791 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( | 726 void QuicCryptoServerConfig::ProcessClientHelloAfterGetProof( |
792 bool found_error, | 727 bool found_error, |
793 std::unique_ptr<ProofSource::Details> proof_source_details, | 728 std::unique_ptr<ProofSource::Details> proof_source_details, |
794 const ValidateClientHelloResultCallback::Result& validate_chlo_result, | 729 const ValidateClientHelloResultCallback::Result& validate_chlo_result, |
795 bool reject_only, | 730 bool reject_only, |
796 QuicConnectionId connection_id, | 731 QuicConnectionId connection_id, |
797 const IPEndPoint& client_address, | 732 const IPEndPoint& client_address, |
798 QuicVersion version, | 733 QuicVersion version, |
799 const QuicVersionVector& supported_versions, | 734 const QuicVersionVector& supported_versions, |
800 bool use_stateless_rejects, | 735 bool use_stateless_rejects, |
801 QuicConnectionId server_designated_connection_id, | 736 QuicConnectionId server_designated_connection_id, |
802 const QuicClock* clock, | 737 const QuicClock* clock, |
803 QuicRandom* rand, | 738 QuicRandom* rand, |
804 QuicCompressedCertsCache* compressed_certs_cache, | 739 QuicCompressedCertsCache* compressed_certs_cache, |
805 scoped_refptr<QuicCryptoNegotiatedParameters> params, | 740 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
806 scoped_refptr<QuicCryptoProof> crypto_proof, | 741 scoped_refptr<QuicSignedServerConfig> signed_config, |
807 QuicByteCount total_framing_overhead, | 742 QuicByteCount total_framing_overhead, |
808 QuicByteCount chlo_packet_size, | 743 QuicByteCount chlo_packet_size, |
809 const scoped_refptr<Config>& requested_config, | 744 const scoped_refptr<Config>& requested_config, |
810 const scoped_refptr<Config>& primary_config, | 745 const scoped_refptr<Config>& primary_config, |
811 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { | 746 std::unique_ptr<ProcessClientHelloResultCallback> done_cb) const { |
812 ProcessClientHelloHelper helper(&done_cb); | 747 ProcessClientHelloHelper helper(&done_cb); |
813 | 748 |
814 if (found_error) { | 749 if (found_error) { |
815 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); | 750 helper.Fail(QUIC_HANDSHAKE_FAILED, "Failed to get proof"); |
816 return; | 751 return; |
817 } | 752 } |
818 | 753 |
819 const CryptoHandshakeMessage& client_hello = | 754 const CryptoHandshakeMessage& client_hello = |
820 validate_chlo_result.client_hello; | 755 validate_chlo_result.client_hello; |
821 const ClientHelloInfo& info = validate_chlo_result.info; | 756 const ClientHelloInfo& info = validate_chlo_result.info; |
822 std::unique_ptr<DiversificationNonce> out_diversification_nonce( | 757 std::unique_ptr<DiversificationNonce> out_diversification_nonce( |
823 new DiversificationNonce); | 758 new DiversificationNonce); |
824 | 759 |
825 StringPiece cert_sct; | 760 StringPiece cert_sct; |
826 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && | 761 if (client_hello.GetStringPiece(kCertificateSCTTag, &cert_sct) && |
827 cert_sct.empty()) { | 762 cert_sct.empty()) { |
828 params->sct_supported_by_client = true; | 763 params->sct_supported_by_client = true; |
829 } | 764 } |
830 | 765 |
831 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage); | 766 std::unique_ptr<CryptoHandshakeMessage> out(new CryptoHandshakeMessage); |
832 if (!info.reject_reasons.empty() || !requested_config.get()) { | 767 if (!info.reject_reasons.empty() || !requested_config.get()) { |
833 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, | 768 BuildRejection(version, clock->WallNow(), *primary_config, client_hello, |
834 info, validate_chlo_result.cached_network_params, | 769 info, validate_chlo_result.cached_network_params, |
835 use_stateless_rejects, server_designated_connection_id, rand, | 770 use_stateless_rejects, server_designated_connection_id, rand, |
836 compressed_certs_cache, params, *crypto_proof, | 771 compressed_certs_cache, params, *signed_config, |
837 total_framing_overhead, chlo_packet_size, out.get()); | 772 total_framing_overhead, chlo_packet_size, out.get()); |
838 if (FLAGS_quic_export_rej_for_all_rejects && | 773 if (FLAGS_quic_export_rej_for_all_rejects && |
839 rejection_observer_ != nullptr) { | 774 rejection_observer_ != nullptr) { |
840 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); | 775 rejection_observer_->OnRejectionBuilt(info.reject_reasons, out.get()); |
841 } | 776 } |
842 helper.Succeed(std::move(out), std::move(out_diversification_nonce), | 777 helper.Succeed(std::move(out), std::move(out_diversification_nonce), |
843 std::move(proof_source_details)); | 778 std::move(proof_source_details)); |
844 return; | 779 return; |
845 } | 780 } |
846 | 781 |
(...skipping 10 matching lines...) Expand all Loading... |
857 QUIC_NO_ERROR || | 792 QUIC_NO_ERROR || |
858 client_hello.GetTaglist(kKEXS, &their_key_exchanges, | 793 client_hello.GetTaglist(kKEXS, &their_key_exchanges, |
859 &num_their_key_exchanges) != QUIC_NO_ERROR || | 794 &num_their_key_exchanges) != QUIC_NO_ERROR || |
860 num_their_aeads != 1 || num_their_key_exchanges != 1) { | 795 num_their_aeads != 1 || num_their_key_exchanges != 1) { |
861 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, | 796 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, |
862 "Missing or invalid AEAD or KEXS"); | 797 "Missing or invalid AEAD or KEXS"); |
863 return; | 798 return; |
864 } | 799 } |
865 | 800 |
866 size_t key_exchange_index; | 801 size_t key_exchange_index; |
867 if (!QuicUtils::FindMutualTag(requested_config->aead, their_aeads, | 802 if (!FindMutualQuicTag(requested_config->aead, their_aeads, num_their_aeads, |
868 num_their_aeads, QuicUtils::LOCAL_PRIORITY, | 803 ¶ms->aead, nullptr) || |
869 ¶ms->aead, nullptr) || | 804 !FindMutualQuicTag(requested_config->kexs, their_key_exchanges, |
870 !QuicUtils::FindMutualTag(requested_config->kexs, their_key_exchanges, | 805 num_their_key_exchanges, ¶ms->key_exchange, |
871 num_their_key_exchanges, | 806 &key_exchange_index)) { |
872 QuicUtils::LOCAL_PRIORITY, | |
873 ¶ms->key_exchange, &key_exchange_index)) { | |
874 helper.Fail(QUIC_CRYPTO_NO_SUPPORT, "Unsupported AEAD or KEXS"); | 807 helper.Fail(QUIC_CRYPTO_NO_SUPPORT, "Unsupported AEAD or KEXS"); |
875 return; | 808 return; |
876 } | 809 } |
877 | 810 |
878 if (!requested_config->tb_key_params.empty()) { | 811 if (!requested_config->tb_key_params.empty()) { |
879 const QuicTag* their_tbkps; | 812 const QuicTag* their_tbkps; |
880 size_t num_their_tbkps; | 813 size_t num_their_tbkps; |
881 switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) { | 814 switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) { |
882 case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: | 815 case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND: |
883 break; | 816 break; |
884 case QUIC_NO_ERROR: | 817 case QUIC_NO_ERROR: |
885 if (QuicUtils::FindMutualTag( | 818 if (FindMutualQuicTag(requested_config->tb_key_params, their_tbkps, |
886 requested_config->tb_key_params, their_tbkps, num_their_tbkps, | 819 num_their_tbkps, ¶ms->token_binding_key_param, |
887 QuicUtils::LOCAL_PRIORITY, ¶ms->token_binding_key_param, | 820 nullptr)) { |
888 nullptr)) { | |
889 break; | 821 break; |
890 } | 822 } |
891 default: | 823 default: |
892 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, | 824 helper.Fail(QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER, |
893 "Invalid Token Binding key parameter"); | 825 "Invalid Token Binding key parameter"); |
894 return; | 826 return; |
895 } | 827 } |
896 } | 828 } |
897 | 829 |
898 StringPiece public_value; | 830 StringPiece public_value; |
(...skipping 20 matching lines...) Expand all Loading... |
919 string hkdf_suffix; | 851 string hkdf_suffix; |
920 const QuicData& client_hello_serialized = client_hello.GetSerialized(); | 852 const QuicData& client_hello_serialized = client_hello.GetSerialized(); |
921 hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() + | 853 hkdf_suffix.reserve(sizeof(connection_id) + client_hello_serialized.length() + |
922 requested_config->serialized.size()); | 854 requested_config->serialized.size()); |
923 hkdf_suffix.append(reinterpret_cast<char*>(&connection_id), | 855 hkdf_suffix.append(reinterpret_cast<char*>(&connection_id), |
924 sizeof(connection_id)); | 856 sizeof(connection_id)); |
925 hkdf_suffix.append(client_hello_serialized.data(), | 857 hkdf_suffix.append(client_hello_serialized.data(), |
926 client_hello_serialized.length()); | 858 client_hello_serialized.length()); |
927 hkdf_suffix.append(requested_config->serialized); | 859 hkdf_suffix.append(requested_config->serialized); |
928 DCHECK(proof_source_.get()); | 860 DCHECK(proof_source_.get()); |
929 if (crypto_proof->chain->certs.empty()) { | 861 if (signed_config->chain->certs.empty()) { |
930 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs"); | 862 helper.Fail(QUIC_CRYPTO_INTERNAL_ERROR, "Failed to get certs"); |
931 return; | 863 return; |
932 } | 864 } |
933 hkdf_suffix.append(crypto_proof->chain->certs.at(0)); | 865 hkdf_suffix.append(signed_config->chain->certs.at(0)); |
934 | 866 |
935 StringPiece cetv_ciphertext; | 867 StringPiece cetv_ciphertext; |
936 if (requested_config->channel_id_enabled && | 868 if (requested_config->channel_id_enabled && |
937 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { | 869 client_hello.GetStringPiece(kCETV, &cetv_ciphertext)) { |
938 CryptoHandshakeMessage client_hello_copy(client_hello); | 870 CryptoHandshakeMessage client_hello_copy(client_hello); |
939 client_hello_copy.Erase(kCETV); | 871 client_hello_copy.Erase(kCETV); |
940 client_hello_copy.Erase(kPAD); | 872 client_hello_copy.Erase(kPAD); |
941 | 873 |
942 const QuicData& client_hello_copy_serialized = | 874 const QuicData& client_hello_copy_serialized = |
943 client_hello_copy.GetSerialized(); | 875 client_hello_copy.GetSerialized(); |
(...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
991 params->channel_id = key.as_string(); | 923 params->channel_id = key.as_string(); |
992 } | 924 } |
993 } | 925 } |
994 | 926 |
995 string hkdf_input; | 927 string hkdf_input; |
996 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 928 size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
997 hkdf_input.reserve(label_len + hkdf_suffix.size()); | 929 hkdf_input.reserve(label_len + hkdf_suffix.size()); |
998 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 930 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
999 hkdf_input.append(hkdf_suffix); | 931 hkdf_input.append(hkdf_suffix); |
1000 | 932 |
| 933 rand->RandBytes(out_diversification_nonce->data(), |
| 934 out_diversification_nonce->size()); |
1001 CryptoUtils::Diversification diversification = | 935 CryptoUtils::Diversification diversification = |
1002 CryptoUtils::Diversification::Never(); | 936 CryptoUtils::Diversification::Now(out_diversification_nonce.get()); |
1003 if (version > QUIC_VERSION_32) { | |
1004 rand->RandBytes(out_diversification_nonce->data(), | |
1005 out_diversification_nonce->size()); | |
1006 diversification = | |
1007 CryptoUtils::Diversification::Now(out_diversification_nonce.get()); | |
1008 } | |
1009 | |
1010 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, | 937 if (!CryptoUtils::DeriveKeys(params->initial_premaster_secret, params->aead, |
1011 info.client_nonce, info.server_nonce, hkdf_input, | 938 info.client_nonce, info.server_nonce, hkdf_input, |
1012 Perspective::IS_SERVER, diversification, | 939 Perspective::IS_SERVER, diversification, |
1013 ¶ms->initial_crypters, | 940 ¶ms->initial_crypters, |
1014 ¶ms->initial_subkey_secret)) { | 941 ¶ms->initial_subkey_secret)) { |
1015 helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED, | 942 helper.Fail(QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED, |
1016 "Symmetric key setup failed"); | 943 "Symmetric key setup failed"); |
1017 return; | 944 return; |
1018 } | 945 } |
1019 | 946 |
(...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1110 // Primary times are equal, sort backwards by priority. | 1037 // Primary times are equal, sort backwards by priority. |
1111 return a->priority < b->priority; | 1038 return a->priority < b->priority; |
1112 } else { | 1039 } else { |
1113 // Primary times and priorities are equal, sort by config id. | 1040 // Primary times and priorities are equal, sort by config id. |
1114 return a->id < b->id; | 1041 return a->id < b->id; |
1115 } | 1042 } |
1116 } | 1043 } |
1117 | 1044 |
1118 void QuicCryptoServerConfig::SelectNewPrimaryConfig( | 1045 void QuicCryptoServerConfig::SelectNewPrimaryConfig( |
1119 const QuicWallTime now) const { | 1046 const QuicWallTime now) const { |
1120 vector<scoped_refptr<Config>> configs; | 1047 std::vector<scoped_refptr<Config>> configs; |
1121 configs.reserve(configs_.size()); | 1048 configs.reserve(configs_.size()); |
1122 | 1049 |
1123 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end(); | 1050 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end(); |
1124 ++it) { | 1051 ++it) { |
1125 // TODO(avd) Exclude expired configs? | 1052 // TODO(avd) Exclude expired configs? |
1126 configs.push_back(it->second); | 1053 configs.push_back(it->second); |
1127 } | 1054 } |
1128 | 1055 |
1129 if (configs.empty()) { | 1056 if (configs.empty()) { |
1130 if (primary_config_.get()) { | 1057 if (primary_config_.get()) { |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1201 class QuicCryptoServerConfig::EvaluateClientHelloCallback | 1128 class QuicCryptoServerConfig::EvaluateClientHelloCallback |
1202 : public ProofSource::Callback { | 1129 : public ProofSource::Callback { |
1203 public: | 1130 public: |
1204 EvaluateClientHelloCallback( | 1131 EvaluateClientHelloCallback( |
1205 const QuicCryptoServerConfig& config, | 1132 const QuicCryptoServerConfig& config, |
1206 bool found_error, | 1133 bool found_error, |
1207 const IPAddress& server_ip, | 1134 const IPAddress& server_ip, |
1208 QuicVersion version, | 1135 QuicVersion version, |
1209 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, | 1136 scoped_refptr<QuicCryptoServerConfig::Config> requested_config, |
1210 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, | 1137 scoped_refptr<QuicCryptoServerConfig::Config> primary_config, |
1211 scoped_refptr<QuicCryptoProof> crypto_proof, | 1138 scoped_refptr<QuicSignedServerConfig> signed_config, |
1212 scoped_refptr<ValidateClientHelloResultCallback::Result> | 1139 scoped_refptr<ValidateClientHelloResultCallback::Result> |
1213 client_hello_state, | 1140 client_hello_state, |
1214 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) | 1141 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) |
1215 : config_(config), | 1142 : config_(config), |
1216 found_error_(found_error), | 1143 found_error_(found_error), |
1217 server_ip_(server_ip), | 1144 server_ip_(server_ip), |
1218 version_(version), | 1145 version_(version), |
1219 requested_config_(std::move(requested_config)), | 1146 requested_config_(std::move(requested_config)), |
1220 primary_config_(std::move(primary_config)), | 1147 primary_config_(std::move(primary_config)), |
1221 crypto_proof_(crypto_proof), | 1148 signed_config_(signed_config), |
1222 client_hello_state_(std::move(client_hello_state)), | 1149 client_hello_state_(std::move(client_hello_state)), |
1223 done_cb_(std::move(done_cb)) {} | 1150 done_cb_(std::move(done_cb)) {} |
1224 | 1151 |
1225 void Run(bool ok, | 1152 void Run(bool ok, |
1226 const scoped_refptr<ProofSource::Chain>& chain, | 1153 const scoped_refptr<ProofSource::Chain>& chain, |
1227 const string& signature, | 1154 const QuicCryptoProof& proof, |
1228 const string& leaf_cert_sct, | |
1229 std::unique_ptr<ProofSource::Details> details) override { | 1155 std::unique_ptr<ProofSource::Details> details) override { |
1230 if (ok) { | 1156 if (ok) { |
1231 crypto_proof_->chain = chain; | 1157 signed_config_->chain = chain; |
1232 crypto_proof_->signature = signature; | 1158 signed_config_->signature = proof.signature; |
1233 crypto_proof_->cert_sct = leaf_cert_sct; | 1159 signed_config_->cert_sct = proof.leaf_cert_scts; |
| 1160 signed_config_->send_expect_ct_header = proof.send_expect_ct_header; |
1234 } | 1161 } |
1235 config_.EvaluateClientHelloAfterGetProof( | 1162 config_.EvaluateClientHelloAfterGetProof( |
1236 found_error_, server_ip_, version_, requested_config_, primary_config_, | 1163 found_error_, server_ip_, version_, requested_config_, primary_config_, |
1237 crypto_proof_, std::move(details), !ok, client_hello_state_, | 1164 signed_config_, std::move(details), !ok, client_hello_state_, |
1238 std::move(done_cb_)); | 1165 std::move(done_cb_)); |
1239 } | 1166 } |
1240 | 1167 |
1241 private: | 1168 private: |
1242 const QuicCryptoServerConfig& config_; | 1169 const QuicCryptoServerConfig& config_; |
1243 const bool found_error_; | 1170 const bool found_error_; |
1244 const IPAddress& server_ip_; | 1171 const IPAddress& server_ip_; |
1245 const QuicVersion version_; | 1172 const QuicVersion version_; |
1246 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; | 1173 const scoped_refptr<QuicCryptoServerConfig::Config> requested_config_; |
1247 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; | 1174 const scoped_refptr<QuicCryptoServerConfig::Config> primary_config_; |
1248 scoped_refptr<QuicCryptoProof> crypto_proof_; | 1175 scoped_refptr<QuicSignedServerConfig> signed_config_; |
1249 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; | 1176 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state_; |
1250 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; | 1177 std::unique_ptr<ValidateClientHelloResultCallback> done_cb_; |
1251 }; | 1178 }; |
1252 | 1179 |
1253 void QuicCryptoServerConfig::EvaluateClientHello( | 1180 void QuicCryptoServerConfig::EvaluateClientHello( |
1254 const IPAddress& server_ip, | 1181 const IPAddress& server_ip, |
1255 QuicVersion version, | 1182 QuicVersion version, |
1256 scoped_refptr<Config> requested_config, | 1183 scoped_refptr<Config> requested_config, |
1257 scoped_refptr<Config> primary_config, | 1184 scoped_refptr<Config> primary_config, |
1258 scoped_refptr<QuicCryptoProof> crypto_proof, | 1185 scoped_refptr<QuicSignedServerConfig> signed_config, |
1259 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1186 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
1260 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1187 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
1261 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1188 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
1262 | 1189 |
1263 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1190 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
1264 ClientHelloInfo* info = &(client_hello_state->info); | 1191 ClientHelloInfo* info = &(client_hello_state->info); |
1265 | 1192 |
1266 if (client_hello.size() < kClientHelloMinimumSize) { | 1193 if (client_hello.size() < kClientHelloMinimumSize) { |
1267 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, | 1194 helper.ValidationComplete(QUIC_CRYPTO_INVALID_VALUE_LENGTH, |
1268 "Client hello too small", nullptr); | 1195 "Client hello too small", nullptr); |
(...skipping 51 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1320 info->reject_reasons.push_back(source_address_token_error); | 1247 info->reject_reasons.push_back(source_address_token_error); |
1321 // No valid source address token. | 1248 // No valid source address token. |
1322 found_error = true; | 1249 found_error = true; |
1323 } | 1250 } |
1324 | 1251 |
1325 bool get_proof_failed = false; | 1252 bool get_proof_failed = false; |
1326 string serialized_config = primary_config->serialized; | 1253 string serialized_config = primary_config->serialized; |
1327 string chlo_hash; | 1254 string chlo_hash; |
1328 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); | 1255 CryptoUtils::HashHandshakeMessage(client_hello, &chlo_hash); |
1329 bool need_proof = true; | 1256 bool need_proof = true; |
1330 need_proof = !crypto_proof->chain; | 1257 need_proof = !signed_config->chain; |
1331 const QuicTag* tag_ptr; | 1258 const QuicTag* tag_ptr; |
1332 size_t num_tags; | 1259 size_t num_tags; |
1333 QuicTagVector connection_options; | 1260 QuicTagVector connection_options; |
1334 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { | 1261 if (client_hello.GetTaglist(kCOPT, &tag_ptr, &num_tags) == QUIC_NO_ERROR) { |
1335 connection_options.assign(tag_ptr, tag_ptr + num_tags); | 1262 connection_options.assign(tag_ptr, tag_ptr + num_tags); |
1336 } | 1263 } |
1337 if (FLAGS_enable_async_get_proof) { | 1264 if (FLAGS_enable_async_get_proof) { |
1338 if (need_proof) { | 1265 if (need_proof) { |
1339 // Make an async call to GetProof and setup the callback to trampoline | 1266 // Make an async call to GetProof and setup the callback to trampoline |
1340 // back into EvaluateClientHelloAfterGetProof | 1267 // back into EvaluateClientHelloAfterGetProof |
1341 std::unique_ptr<EvaluateClientHelloCallback> cb( | 1268 std::unique_ptr<EvaluateClientHelloCallback> cb( |
1342 new EvaluateClientHelloCallback( | 1269 new EvaluateClientHelloCallback( |
1343 *this, found_error, server_ip, version, requested_config, | 1270 *this, found_error, server_ip, version, requested_config, |
1344 primary_config, crypto_proof, client_hello_state, | 1271 primary_config, signed_config, client_hello_state, |
1345 std::move(done_cb))); | 1272 std::move(done_cb))); |
1346 proof_source_->GetProof(server_ip, info->sni.as_string(), | 1273 proof_source_->GetProof(server_ip, info->sni.as_string(), |
1347 serialized_config, version, chlo_hash, | 1274 serialized_config, version, chlo_hash, |
1348 connection_options, std::move(cb)); | 1275 connection_options, std::move(cb)); |
1349 helper.DetachCallback(); | 1276 helper.DetachCallback(); |
1350 return; | 1277 return; |
1351 } | 1278 } |
1352 } | 1279 } |
1353 | 1280 |
1354 // No need to get a new proof if one was already generated. | 1281 // No need to get a new proof if one was already generated. |
1355 if (need_proof && | 1282 if (need_proof) { |
1356 !proof_source_->GetProof( | 1283 QuicCryptoProof proof; |
1357 server_ip, info->sni.as_string(), serialized_config, version, | 1284 |
1358 chlo_hash, connection_options, &crypto_proof->chain, | 1285 if (proof_source_->GetProof( |
1359 &crypto_proof->signature, &crypto_proof->cert_sct)) { | 1286 server_ip, info->sni.as_string(), serialized_config, version, |
1360 get_proof_failed = true; | 1287 chlo_hash, connection_options, &signed_config->chain, &proof)) { |
| 1288 signed_config->signature = proof.signature; |
| 1289 signed_config->cert_sct = proof.leaf_cert_scts; |
| 1290 } else { |
| 1291 get_proof_failed = true; |
| 1292 } |
1361 } | 1293 } |
1362 | 1294 |
1363 // Details are null because the synchronous version of GetProof does not | 1295 // Details are null because the synchronous version of GetProof does not |
1364 // return any stats. Eventually the synchronous codepath will be eliminated. | 1296 // return any stats. Eventually the synchronous codepath will be eliminated. |
1365 EvaluateClientHelloAfterGetProof( | 1297 EvaluateClientHelloAfterGetProof( |
1366 found_error, server_ip, version, requested_config, primary_config, | 1298 found_error, server_ip, version, requested_config, primary_config, |
1367 crypto_proof, nullptr /* proof_source_details */, get_proof_failed, | 1299 signed_config, nullptr /* proof_source_details */, get_proof_failed, |
1368 client_hello_state, std::move(done_cb)); | 1300 client_hello_state, std::move(done_cb)); |
1369 helper.DetachCallback(); | 1301 helper.DetachCallback(); |
1370 } | 1302 } |
1371 | 1303 |
1372 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( | 1304 void QuicCryptoServerConfig::EvaluateClientHelloAfterGetProof( |
1373 bool found_error, | 1305 bool found_error, |
1374 const IPAddress& server_ip, | 1306 const IPAddress& server_ip, |
1375 QuicVersion version, | 1307 QuicVersion version, |
1376 scoped_refptr<Config> requested_config, | 1308 scoped_refptr<Config> requested_config, |
1377 scoped_refptr<Config> primary_config, | 1309 scoped_refptr<Config> primary_config, |
1378 scoped_refptr<QuicCryptoProof> crypto_proof, | 1310 scoped_refptr<QuicSignedServerConfig> signed_config, |
1379 std::unique_ptr<ProofSource::Details> proof_source_details, | 1311 std::unique_ptr<ProofSource::Details> proof_source_details, |
1380 bool get_proof_failed, | 1312 bool get_proof_failed, |
1381 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, | 1313 scoped_refptr<ValidateClientHelloResultCallback::Result> client_hello_state, |
1382 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { | 1314 std::unique_ptr<ValidateClientHelloResultCallback> done_cb) const { |
1383 ValidateClientHelloHelper helper(client_hello_state, &done_cb); | 1315 ValidateClientHelloHelper helper(client_hello_state, &done_cb); |
1384 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 1316 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
1385 ClientHelloInfo* info = &(client_hello_state->info); | 1317 ClientHelloInfo* info = &(client_hello_state->info); |
1386 | 1318 |
1387 if (get_proof_failed) { | 1319 if (get_proof_failed) { |
1388 found_error = true; | |
1389 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); | 1320 info->reject_reasons.push_back(SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE); |
1390 } | 1321 } |
1391 | 1322 |
1392 if (!ValidateExpectedLeafCertificate(client_hello, *crypto_proof)) { | 1323 if (!ValidateExpectedLeafCertificate(client_hello, *signed_config)) { |
1393 found_error = true; | |
1394 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); | 1324 info->reject_reasons.push_back(INVALID_EXPECTED_LEAF_CERTIFICATE); |
1395 } | 1325 } |
1396 | 1326 |
1397 if (info->client_nonce.size() != kNonceSize) { | 1327 if (info->client_nonce.size() != kNonceSize) { |
1398 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); | 1328 info->reject_reasons.push_back(CLIENT_NONCE_INVALID_FAILURE); |
1399 // Invalid client nonce. | 1329 // Invalid client nonce. |
1400 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); | 1330 LOG(ERROR) << "Invalid client nonce: " << client_hello.DebugString(); |
1401 DVLOG(1) << "Invalid client nonce."; | 1331 DVLOG(1) << "Invalid client nonce."; |
1402 found_error = true; | |
1403 } | 1332 } |
1404 | 1333 |
1405 // Server nonce is optional, and used for key derivation if present. | 1334 // Server nonce is optional, and used for key derivation if present. |
1406 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce); | 1335 client_hello.GetStringPiece(kServerNonceTag, &info->server_nonce); |
1407 | 1336 |
1408 if (version > QUIC_VERSION_32) { | 1337 DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher."; |
1409 DVLOG(1) << "No 0-RTT replay protection in QUIC_VERSION_33 and higher."; | 1338 // If the server nonce is empty and we're requiring handshake confirmation |
1410 // If the server nonce is empty and we're requiring handshake confirmation | 1339 // for DoS reasons then we must reject the CHLO. |
1411 // for DoS reasons then we must reject the CHLO. | 1340 if (FLAGS_quic_require_handshake_confirmation && info->server_nonce.empty()) { |
1412 if (FLAGS_quic_require_handshake_confirmation && | 1341 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); |
1413 info->server_nonce.empty()) { | |
1414 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); | |
1415 } | |
1416 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1417 std::move(proof_source_details)); | |
1418 return; | |
1419 } | 1342 } |
1420 | 1343 helper.ValidationComplete(QUIC_NO_ERROR, "", std::move(proof_source_details)); |
1421 if (!replay_protection_) { | |
1422 DVLOG(1) << "No replay protection."; | |
1423 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1424 std::move(proof_source_details)); | |
1425 return; | |
1426 } | |
1427 | |
1428 if (!info->server_nonce.empty()) { | |
1429 // If the server nonce is present, use it to establish uniqueness. | |
1430 HandshakeFailureReason server_nonce_error = | |
1431 ValidateServerNonce(info->server_nonce, info->now); | |
1432 bool is_unique = server_nonce_error == HANDSHAKE_OK; | |
1433 if (!is_unique) { | |
1434 info->reject_reasons.push_back(server_nonce_error); | |
1435 } | |
1436 DVLOG(1) << "Using server nonce, unique: " << is_unique; | |
1437 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1438 std::move(proof_source_details)); | |
1439 return; | |
1440 } | |
1441 // If we hit this block, the server nonce was empty. If we're requiring | |
1442 // handshake confirmation for DoS reasons and there's no server nonce present, | |
1443 // reject the CHLO. | |
1444 if (FLAGS_quic_require_handshake_confirmation || | |
1445 FLAGS_quic_require_handshake_confirmation_pre33) { | |
1446 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); | |
1447 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1448 std::move(proof_source_details)); | |
1449 return; | |
1450 } | |
1451 | |
1452 // We want to contact strike register only if there are no errors because it | |
1453 // is a RPC call and is expensive. | |
1454 if (found_error) { | |
1455 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1456 std::move(proof_source_details)); | |
1457 return; | |
1458 } | |
1459 | |
1460 // Use the client nonce to establish uniqueness. | |
1461 StrikeRegisterClient* strike_register_client; | |
1462 { | |
1463 base::AutoLock locked(strike_register_client_lock_); | |
1464 strike_register_client = strike_register_client_.get(); | |
1465 } | |
1466 | |
1467 if (!strike_register_client) { | |
1468 // Either a valid server nonces or a strike register is required. | |
1469 // Since neither are present, reject the handshake which will send a | |
1470 // server nonce to the client. | |
1471 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE); | |
1472 helper.ValidationComplete(QUIC_NO_ERROR, "", | |
1473 std::move(proof_source_details)); | |
1474 return; | |
1475 } | |
1476 | |
1477 strike_register_client->VerifyNonceIsValidAndUnique( | |
1478 info->client_nonce, info->now, | |
1479 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, | |
1480 std::move(proof_source_details), | |
1481 std::move(done_cb))); | |
1482 helper.DetachCallback(); | |
1483 } | 1344 } |
1484 | 1345 |
1485 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1346 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
1486 QuicVersion version, | 1347 QuicVersion version, |
1487 StringPiece chlo_hash, | 1348 StringPiece chlo_hash, |
1488 const SourceAddressTokens& previous_source_address_tokens, | 1349 const SourceAddressTokens& previous_source_address_tokens, |
1489 const IPAddress& server_ip, | 1350 const IPAddress& server_ip, |
1490 const IPAddress& client_ip, | 1351 const IPAddress& client_ip, |
1491 const QuicClock* clock, | 1352 const QuicClock* clock, |
1492 QuicRandom* rand, | 1353 QuicRandom* rand, |
(...skipping 16 matching lines...) Expand all Loading... |
1509 clock->WallNow(), cached_network_params); | 1370 clock->WallNow(), cached_network_params); |
1510 } | 1371 } |
1511 | 1372 |
1512 out->set_tag(kSCUP); | 1373 out->set_tag(kSCUP); |
1513 out->SetStringPiece(kSCFG, serialized); | 1374 out->SetStringPiece(kSCFG, serialized); |
1514 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); | 1375 out->SetStringPiece(kSourceAddressTokenTag, source_address_token); |
1515 out->SetValue(kSTTL, | 1376 out->SetValue(kSTTL, |
1516 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); | 1377 expiry_time.AbsoluteDifference(clock->WallNow()).ToSeconds()); |
1517 | 1378 |
1518 scoped_refptr<ProofSource::Chain> chain; | 1379 scoped_refptr<ProofSource::Chain> chain; |
1519 string signature; | 1380 QuicCryptoProof proof; |
1520 string cert_sct; | |
1521 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, | 1381 if (!proof_source_->GetProof(server_ip, params.sni, serialized, version, |
1522 chlo_hash, connection_options, &chain, | 1382 chlo_hash, connection_options, &chain, &proof)) { |
1523 &signature, &cert_sct)) { | |
1524 DVLOG(1) << "Server: failed to get proof."; | 1383 DVLOG(1) << "Server: failed to get proof."; |
1525 return false; | 1384 return false; |
1526 } | 1385 } |
1527 | 1386 |
1528 const string compressed = CompressChain( | 1387 const string compressed = CompressChain( |
1529 compressed_certs_cache, chain, params.client_common_set_hashes, | 1388 compressed_certs_cache, chain, params.client_common_set_hashes, |
1530 params.client_cached_cert_hashes, common_cert_sets); | 1389 params.client_cached_cert_hashes, common_cert_sets); |
1531 | 1390 |
1532 out->SetStringPiece(kCertificateTag, compressed); | 1391 out->SetStringPiece(kCertificateTag, compressed); |
1533 out->SetStringPiece(kPROF, signature); | 1392 out->SetStringPiece(kPROF, proof.signature); |
1534 if (params.sct_supported_by_client && enable_serving_sct_) { | 1393 if (params.sct_supported_by_client && enable_serving_sct_) { |
1535 if (cert_sct.empty()) { | 1394 if (proof.leaf_cert_scts.empty()) { |
1536 DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni | 1395 DLOG(WARNING) << "SCT is expected but it is empty. sni: " << params.sni |
1537 << " server_ip: " << server_ip.ToString(); | 1396 << " server_ip: " << server_ip.ToString(); |
1538 } else { | 1397 } else { |
1539 out->SetStringPiece(kCertificateSCTTag, cert_sct); | 1398 out->SetStringPiece(kCertificateSCTTag, proof.leaf_cert_scts); |
1540 } | 1399 } |
1541 } | 1400 } |
1542 return true; | 1401 return true; |
1543 } | 1402 } |
1544 | 1403 |
1545 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( | 1404 void QuicCryptoServerConfig::BuildServerConfigUpdateMessage( |
1546 QuicVersion version, | 1405 QuicVersion version, |
1547 StringPiece chlo_hash, | 1406 StringPiece chlo_hash, |
1548 const SourceAddressTokens& previous_source_address_tokens, | 1407 const SourceAddressTokens& previous_source_address_tokens, |
1549 const IPAddress& server_ip, | 1408 const IPAddress& server_ip, |
(...skipping 55 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1605 common_cert_sets_(common_cert_sets), | 1464 common_cert_sets_(common_cert_sets), |
1606 client_common_set_hashes_(params.client_common_set_hashes), | 1465 client_common_set_hashes_(params.client_common_set_hashes), |
1607 client_cached_cert_hashes_(params.client_cached_cert_hashes), | 1466 client_cached_cert_hashes_(params.client_cached_cert_hashes), |
1608 sct_supported_by_client_(params.sct_supported_by_client), | 1467 sct_supported_by_client_(params.sct_supported_by_client), |
1609 message_(std::move(message)), | 1468 message_(std::move(message)), |
1610 cb_(std::move(cb)) {} | 1469 cb_(std::move(cb)) {} |
1611 | 1470 |
1612 void QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: | 1471 void QuicCryptoServerConfig::BuildServerConfigUpdateMessageProofSourceCallback:: |
1613 Run(bool ok, | 1472 Run(bool ok, |
1614 const scoped_refptr<ProofSource::Chain>& chain, | 1473 const scoped_refptr<ProofSource::Chain>& chain, |
1615 const string& signature, | 1474 const QuicCryptoProof& proof, |
1616 const string& leaf_cert_sct, | |
1617 std::unique_ptr<ProofSource::Details> details) { | 1475 std::unique_ptr<ProofSource::Details> details) { |
1618 config_->FinishBuildServerConfigUpdateMessage( | 1476 config_->FinishBuildServerConfigUpdateMessage( |
1619 version_, compressed_certs_cache_, common_cert_sets_, | 1477 version_, compressed_certs_cache_, common_cert_sets_, |
1620 client_common_set_hashes_, client_cached_cert_hashes_, | 1478 client_common_set_hashes_, client_cached_cert_hashes_, |
1621 sct_supported_by_client_, ok, chain, signature, leaf_cert_sct, | 1479 sct_supported_by_client_, ok, chain, proof.signature, |
1622 std::move(details), std::move(message_), std::move(cb_)); | 1480 proof.leaf_cert_scts, std::move(details), std::move(message_), |
| 1481 std::move(cb_)); |
1623 } | 1482 } |
1624 | 1483 |
1625 void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage( | 1484 void QuicCryptoServerConfig::FinishBuildServerConfigUpdateMessage( |
1626 QuicVersion version, | 1485 QuicVersion version, |
1627 QuicCompressedCertsCache* compressed_certs_cache, | 1486 QuicCompressedCertsCache* compressed_certs_cache, |
1628 const CommonCertSets* common_cert_sets, | 1487 const CommonCertSets* common_cert_sets, |
1629 const string& client_common_set_hashes, | 1488 const string& client_common_set_hashes, |
1630 const string& client_cached_cert_hashes, | 1489 const string& client_cached_cert_hashes, |
1631 bool sct_supported_by_client, | 1490 bool sct_supported_by_client, |
1632 bool ok, | 1491 bool ok, |
(...skipping 30 matching lines...) Expand all Loading... |
1663 QuicWallTime now, | 1522 QuicWallTime now, |
1664 const Config& config, | 1523 const Config& config, |
1665 const CryptoHandshakeMessage& client_hello, | 1524 const CryptoHandshakeMessage& client_hello, |
1666 const ClientHelloInfo& info, | 1525 const ClientHelloInfo& info, |
1667 const CachedNetworkParameters& cached_network_params, | 1526 const CachedNetworkParameters& cached_network_params, |
1668 bool use_stateless_rejects, | 1527 bool use_stateless_rejects, |
1669 QuicConnectionId server_designated_connection_id, | 1528 QuicConnectionId server_designated_connection_id, |
1670 QuicRandom* rand, | 1529 QuicRandom* rand, |
1671 QuicCompressedCertsCache* compressed_certs_cache, | 1530 QuicCompressedCertsCache* compressed_certs_cache, |
1672 scoped_refptr<QuicCryptoNegotiatedParameters> params, | 1531 scoped_refptr<QuicCryptoNegotiatedParameters> params, |
1673 const QuicCryptoProof& crypto_proof, | 1532 const QuicSignedServerConfig& signed_config, |
1674 QuicByteCount total_framing_overhead, | 1533 QuicByteCount total_framing_overhead, |
1675 QuicByteCount chlo_packet_size, | 1534 QuicByteCount chlo_packet_size, |
1676 CryptoHandshakeMessage* out) const { | 1535 CryptoHandshakeMessage* out) const { |
1677 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) { | 1536 if (FLAGS_enable_quic_stateless_reject_support && use_stateless_rejects) { |
1678 DVLOG(1) << "QUIC Crypto server config returning stateless reject " | 1537 DVLOG(1) << "QUIC Crypto server config returning stateless reject " |
1679 << "with server-designated connection ID " | 1538 << "with server-designated connection ID " |
1680 << server_designated_connection_id; | 1539 << server_designated_connection_id; |
1681 out->set_tag(kSREJ); | 1540 out->set_tag(kSREJ); |
1682 out->SetValue(kRCID, server_designated_connection_id); | 1541 out->SetValue(kRCID, server_designated_connection_id); |
1683 } else { | 1542 } else { |
(...skipping 23 matching lines...) Expand all Loading... |
1707 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { | 1566 if (client_hello.GetStringPiece(kCCS, &client_common_set_hashes)) { |
1708 params->client_common_set_hashes = client_common_set_hashes.as_string(); | 1567 params->client_common_set_hashes = client_common_set_hashes.as_string(); |
1709 } | 1568 } |
1710 | 1569 |
1711 StringPiece client_cached_cert_hashes; | 1570 StringPiece client_cached_cert_hashes; |
1712 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { | 1571 if (client_hello.GetStringPiece(kCCRT, &client_cached_cert_hashes)) { |
1713 params->client_cached_cert_hashes = client_cached_cert_hashes.as_string(); | 1572 params->client_cached_cert_hashes = client_cached_cert_hashes.as_string(); |
1714 } | 1573 } |
1715 | 1574 |
1716 const string compressed = | 1575 const string compressed = |
1717 CompressChain(compressed_certs_cache, crypto_proof.chain, | 1576 CompressChain(compressed_certs_cache, signed_config.chain, |
1718 params->client_common_set_hashes, | 1577 params->client_common_set_hashes, |
1719 params->client_cached_cert_hashes, config.common_cert_sets); | 1578 params->client_cached_cert_hashes, config.common_cert_sets); |
1720 | 1579 |
1721 DCHECK_GT(chlo_packet_size, client_hello.size()); | 1580 DCHECK_GT(chlo_packet_size, client_hello.size()); |
1722 // kREJOverheadBytes is a very rough estimate of how much of a REJ | 1581 // kREJOverheadBytes is a very rough estimate of how much of a REJ |
1723 // message is taken up by things other than the certificates. | 1582 // message is taken up by things other than the certificates. |
1724 // STK: 56 bytes | 1583 // STK: 56 bytes |
1725 // SNO: 56 bytes | 1584 // SNO: 56 bytes |
1726 // SCFG | 1585 // SCFG |
1727 // SCID: 16 bytes | 1586 // SCID: 16 bytes |
1728 // PUBS: 38 bytes | 1587 // PUBS: 38 bytes |
1729 const size_t kREJOverheadBytes = 166; | 1588 const size_t kREJOverheadBytes = 166; |
1730 // max_unverified_size is the number of bytes that the certificate chain, | 1589 // max_unverified_size is the number of bytes that the certificate chain, |
1731 // signature, and (optionally) signed certificate timestamp can consume before | 1590 // signature, and (optionally) signed certificate timestamp can consume before |
1732 // we will demand a valid source-address token. | 1591 // we will demand a valid source-address token. |
1733 const size_t max_unverified_size = | 1592 const size_t max_unverified_size = |
1734 chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) - | 1593 chlo_multiplier_ * (chlo_packet_size - total_framing_overhead) - |
1735 kREJOverheadBytes; | 1594 kREJOverheadBytes; |
1736 static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes, | 1595 static_assert(kClientHelloMinimumSize * kMultiplier >= kREJOverheadBytes, |
1737 "overhead calculation may underflow"); | 1596 "overhead calculation may underflow"); |
1738 bool should_return_sct = | 1597 bool should_return_sct = |
1739 params->sct_supported_by_client && enable_serving_sct_; | 1598 params->sct_supported_by_client && enable_serving_sct_; |
1740 const size_t sct_size = should_return_sct ? crypto_proof.cert_sct.size() : 0; | 1599 const size_t sct_size = should_return_sct ? signed_config.cert_sct.size() : 0; |
1741 const size_t total_size = | 1600 const size_t total_size = |
1742 crypto_proof.signature.size() + compressed.size() + sct_size; | 1601 signed_config.signature.size() + compressed.size() + sct_size; |
1743 if (info.valid_source_address_token || total_size < max_unverified_size) { | 1602 if (info.valid_source_address_token || total_size < max_unverified_size) { |
1744 out->SetStringPiece(kCertificateTag, compressed); | 1603 out->SetStringPiece(kCertificateTag, compressed); |
1745 out->SetStringPiece(kPROF, crypto_proof.signature); | 1604 out->SetStringPiece(kPROF, signed_config.signature); |
1746 if (should_return_sct) { | 1605 if (should_return_sct) { |
1747 if (crypto_proof.cert_sct.empty()) { | 1606 if (signed_config.cert_sct.empty()) { |
1748 DLOG(WARNING) << "SCT is expected but it is empty."; | 1607 DLOG(WARNING) << "SCT is expected but it is empty."; |
1749 } else { | 1608 } else { |
1750 out->SetStringPiece(kCertificateSCTTag, crypto_proof.cert_sct); | 1609 out->SetStringPiece(kCertificateSCTTag, signed_config.cert_sct); |
1751 } | 1610 } |
1752 } | 1611 } |
1753 } else { | 1612 } else { |
1754 DLOG(WARNING) << "Sending inchoate REJ for hostname: " << info.sni | 1613 DLOG(WARNING) << "Sending inchoate REJ for hostname: " << info.sni |
1755 << " signature: " << crypto_proof.signature.size() | 1614 << " signature: " << signed_config.signature.size() |
1756 << " cert: " << compressed.size() << " sct:" << sct_size | 1615 << " cert: " << compressed.size() << " sct:" << sct_size |
1757 << " total: " << total_size | 1616 << " total: " << total_size |
1758 << " max: " << max_unverified_size; | 1617 << " max: " << max_unverified_size; |
1759 } | 1618 } |
1760 } | 1619 } |
1761 | 1620 |
1762 string QuicCryptoServerConfig::CompressChain( | 1621 string QuicCryptoServerConfig::CompressChain( |
1763 QuicCompressedCertsCache* compressed_certs_cache, | 1622 QuicCompressedCertsCache* compressed_certs_cache, |
1764 const scoped_refptr<ProofSource::Chain>& chain, | 1623 const scoped_refptr<ProofSource::Chain>& chain, |
1765 const string& client_common_set_hashes, | 1624 const string& client_common_set_hashes, |
(...skipping 46 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1812 return nullptr; | 1671 return nullptr; |
1813 } | 1672 } |
1814 config->id = scid.as_string(); | 1673 config->id = scid.as_string(); |
1815 | 1674 |
1816 const QuicTag* aead_tags; | 1675 const QuicTag* aead_tags; |
1817 size_t aead_len; | 1676 size_t aead_len; |
1818 if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) { | 1677 if (msg->GetTaglist(kAEAD, &aead_tags, &aead_len) != QUIC_NO_ERROR) { |
1819 LOG(WARNING) << "Server config message is missing AEAD"; | 1678 LOG(WARNING) << "Server config message is missing AEAD"; |
1820 return nullptr; | 1679 return nullptr; |
1821 } | 1680 } |
1822 config->aead = vector<QuicTag>(aead_tags, aead_tags + aead_len); | 1681 config->aead = std::vector<QuicTag>(aead_tags, aead_tags + aead_len); |
1823 | 1682 |
1824 const QuicTag* kexs_tags; | 1683 const QuicTag* kexs_tags; |
1825 size_t kexs_len; | 1684 size_t kexs_len; |
1826 if (msg->GetTaglist(kKEXS, &kexs_tags, &kexs_len) != QUIC_NO_ERROR) { | 1685 if (msg->GetTaglist(kKEXS, &kexs_tags, &kexs_len) != QUIC_NO_ERROR) { |
1827 LOG(WARNING) << "Server config message is missing KEXS"; | 1686 LOG(WARNING) << "Server config message is missing KEXS"; |
1828 return nullptr; | 1687 return nullptr; |
1829 } | 1688 } |
1830 | 1689 |
1831 const QuicTag* tbkp_tags; | 1690 const QuicTag* tbkp_tags; |
1832 size_t tbkp_len; | 1691 size_t tbkp_len; |
1833 QuicErrorCode err; | 1692 QuicErrorCode err; |
1834 if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) != | 1693 if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) != |
1835 QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND && | 1694 QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND && |
1836 err != QUIC_NO_ERROR) { | 1695 err != QUIC_NO_ERROR) { |
1837 LOG(WARNING) << "Server config message is missing or has invalid TBKP"; | 1696 LOG(WARNING) << "Server config message is missing or has invalid TBKP"; |
1838 return nullptr; | 1697 return nullptr; |
1839 } | 1698 } |
1840 config->tb_key_params = vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len); | 1699 config->tb_key_params = std::vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len); |
1841 | 1700 |
1842 StringPiece orbit; | 1701 StringPiece orbit; |
1843 if (!msg->GetStringPiece(kORBT, &orbit)) { | 1702 if (!msg->GetStringPiece(kORBT, &orbit)) { |
1844 LOG(WARNING) << "Server config message is missing ORBT"; | 1703 LOG(WARNING) << "Server config message is missing ORBT"; |
1845 return nullptr; | 1704 return nullptr; |
1846 } | 1705 } |
1847 | 1706 |
1848 if (orbit.size() != kOrbitSize) { | 1707 if (orbit.size() != kOrbitSize) { |
1849 LOG(WARNING) << "Orbit value in server config is the wrong length." | 1708 LOG(WARNING) << "Orbit value in server config is the wrong length." |
1850 " Got " | 1709 " Got " |
1851 << orbit.size() << " want " << kOrbitSize; | 1710 << orbit.size() << " want " << kOrbitSize; |
1852 return nullptr; | 1711 return nullptr; |
1853 } | 1712 } |
1854 static_assert(sizeof(config->orbit) == kOrbitSize, | 1713 static_assert(sizeof(config->orbit) == kOrbitSize, |
1855 "orbit has incorrect size"); | 1714 "orbit has incorrect size"); |
1856 memcpy(config->orbit, orbit.data(), sizeof(config->orbit)); | 1715 memcpy(config->orbit, orbit.data(), sizeof(config->orbit)); |
1857 | 1716 |
1858 { | |
1859 StrikeRegisterClient* strike_register_client; | |
1860 { | |
1861 base::AutoLock locked(strike_register_client_lock_); | |
1862 strike_register_client = strike_register_client_.get(); | |
1863 } | |
1864 | |
1865 if (strike_register_client != nullptr && | |
1866 !strike_register_client->IsKnownOrbit(orbit)) { | |
1867 LOG(WARNING) | |
1868 << "Rejecting server config with orbit that the strike register " | |
1869 "client doesn't know about."; | |
1870 return nullptr; | |
1871 } | |
1872 } | |
1873 | |
1874 if (kexs_len != protobuf->key_size()) { | 1717 if (kexs_len != protobuf->key_size()) { |
1875 LOG(WARNING) << "Server config has " << kexs_len | 1718 LOG(WARNING) << "Server config has " << kexs_len |
1876 << " key exchange methods configured, but " | 1719 << " key exchange methods configured, but " |
1877 << protobuf->key_size() << " private keys"; | 1720 << protobuf->key_size() << " private keys"; |
1878 return nullptr; | 1721 return nullptr; |
1879 } | 1722 } |
1880 | 1723 |
1881 const QuicTag* proof_demand_tags; | 1724 const QuicTag* proof_demand_tags; |
1882 size_t num_proof_demand_tags; | 1725 size_t num_proof_demand_tags; |
1883 if (msg->GetTaglist(kPDMD, &proof_demand_tags, &num_proof_demand_tags) == | 1726 if (msg->GetTaglist(kPDMD, &proof_demand_tags, &num_proof_demand_tags) == |
(...skipping 70 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1954 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds); | 1797 config->expiry_time = QuicWallTime::FromUNIXSeconds(expiry_seconds); |
1955 | 1798 |
1956 return config; | 1799 return config; |
1957 } | 1800 } |
1958 | 1801 |
1959 void QuicCryptoServerConfig::SetEphemeralKeySource( | 1802 void QuicCryptoServerConfig::SetEphemeralKeySource( |
1960 EphemeralKeySource* ephemeral_key_source) { | 1803 EphemeralKeySource* ephemeral_key_source) { |
1961 ephemeral_key_source_.reset(ephemeral_key_source); | 1804 ephemeral_key_source_.reset(ephemeral_key_source); |
1962 } | 1805 } |
1963 | 1806 |
1964 void QuicCryptoServerConfig::SetStrikeRegisterClient( | |
1965 StrikeRegisterClient* strike_register_client) { | |
1966 base::AutoLock locker(strike_register_client_lock_); | |
1967 DCHECK(!strike_register_client_.get()); | |
1968 strike_register_client_.reset(strike_register_client); | |
1969 } | |
1970 | |
1971 void QuicCryptoServerConfig::set_replay_protection(bool on) { | 1807 void QuicCryptoServerConfig::set_replay_protection(bool on) { |
1972 replay_protection_ = on; | 1808 replay_protection_ = on; |
1973 } | 1809 } |
1974 | 1810 |
1975 void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) { | 1811 void QuicCryptoServerConfig::set_chlo_multiplier(size_t multiplier) { |
1976 chlo_multiplier_ = multiplier; | 1812 chlo_multiplier_ = multiplier; |
1977 } | 1813 } |
1978 | 1814 |
1979 void QuicCryptoServerConfig::set_strike_register_no_startup_period() { | |
1980 base::AutoLock locker(strike_register_client_lock_); | |
1981 DCHECK(!strike_register_client_.get()); | |
1982 strike_register_no_startup_period_ = true; | |
1983 } | |
1984 | |
1985 void QuicCryptoServerConfig::set_strike_register_max_entries( | |
1986 uint32_t max_entries) { | |
1987 base::AutoLock locker(strike_register_client_lock_); | |
1988 DCHECK(!strike_register_client_.get()); | |
1989 strike_register_max_entries_ = max_entries; | |
1990 } | |
1991 | |
1992 void QuicCryptoServerConfig::set_strike_register_window_secs( | |
1993 uint32_t window_secs) { | |
1994 base::AutoLock locker(strike_register_client_lock_); | |
1995 DCHECK(!strike_register_client_.get()); | |
1996 strike_register_window_secs_ = window_secs; | |
1997 } | |
1998 | |
1999 void QuicCryptoServerConfig::set_source_address_token_future_secs( | 1815 void QuicCryptoServerConfig::set_source_address_token_future_secs( |
2000 uint32_t future_secs) { | 1816 uint32_t future_secs) { |
2001 source_address_token_future_secs_ = future_secs; | 1817 source_address_token_future_secs_ = future_secs; |
2002 } | 1818 } |
2003 | 1819 |
2004 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( | 1820 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( |
2005 uint32_t lifetime_secs) { | 1821 uint32_t lifetime_secs) { |
2006 source_address_token_lifetime_secs_ = lifetime_secs; | 1822 source_address_token_lifetime_secs_ = lifetime_secs; |
2007 } | 1823 } |
2008 | 1824 |
2009 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries( | |
2010 uint32_t max_entries) { | |
2011 DCHECK(!server_nonce_strike_register_.get()); | |
2012 server_nonce_strike_register_max_entries_ = max_entries; | |
2013 } | |
2014 | |
2015 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs( | |
2016 uint32_t window_secs) { | |
2017 DCHECK(!server_nonce_strike_register_.get()); | |
2018 server_nonce_strike_register_window_secs_ = window_secs; | |
2019 } | |
2020 | |
2021 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { | 1825 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { |
2022 enable_serving_sct_ = enable_serving_sct; | 1826 enable_serving_sct_ = enable_serving_sct; |
2023 } | 1827 } |
2024 | 1828 |
2025 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( | 1829 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( |
2026 std::unique_ptr<PrimaryConfigChangedCallback> cb) { | 1830 std::unique_ptr<PrimaryConfigChangedCallback> cb) { |
2027 base::AutoLock locked(configs_lock_); | 1831 base::AutoLock locked(configs_lock_); |
2028 primary_config_changed_cb_ = std::move(cb); | 1832 primary_config_changed_cb_ = std::move(cb); |
2029 } | 1833 } |
2030 | 1834 |
(...skipping 134 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
2165 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8); | 1969 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8); |
2166 server_nonce[3] = static_cast<uint8_t>(timestamp); | 1970 server_nonce[3] = static_cast<uint8_t>(timestamp); |
2167 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1971 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
2168 sizeof(server_nonce) - sizeof(timestamp)); | 1972 sizeof(server_nonce) - sizeof(timestamp)); |
2169 | 1973 |
2170 return server_nonce_boxer_.Box( | 1974 return server_nonce_boxer_.Box( |
2171 rand, | 1975 rand, |
2172 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1976 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
2173 } | 1977 } |
2174 | 1978 |
2175 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce( | |
2176 StringPiece token, | |
2177 QuicWallTime now) const { | |
2178 string storage; | |
2179 StringPiece plaintext; | |
2180 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) { | |
2181 return SERVER_NONCE_DECRYPTION_FAILURE; | |
2182 } | |
2183 | |
2184 // plaintext contains: | |
2185 // uint32_t timestamp | |
2186 // uint8_t[20] random bytes | |
2187 | |
2188 if (plaintext.size() != kServerNoncePlaintextSize) { | |
2189 // This should never happen because the value decrypted correctly. | |
2190 QUIC_BUG << "Seemingly valid server nonce had incorrect length."; | |
2191 return SERVER_NONCE_INVALID_FAILURE; | |
2192 } | |
2193 | |
2194 uint8_t server_nonce[32]; | |
2195 memcpy(server_nonce, plaintext.data(), 4); | |
2196 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); | |
2197 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, | |
2198 20); | |
2199 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), | |
2200 "bad nonce buffer length"); | |
2201 | |
2202 InsertStatus nonce_error; | |
2203 { | |
2204 base::AutoLock auto_lock(server_nonce_strike_register_lock_); | |
2205 if (server_nonce_strike_register_.get() == nullptr) { | |
2206 server_nonce_strike_register_.reset(new StrikeRegister( | |
2207 server_nonce_strike_register_max_entries_, | |
2208 static_cast<uint32_t>(now.ToUNIXSeconds()), | |
2209 server_nonce_strike_register_window_secs_, server_nonce_orbit_, | |
2210 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); | |
2211 } | |
2212 nonce_error = server_nonce_strike_register_->Insert( | |
2213 server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds())); | |
2214 } | |
2215 | |
2216 switch (nonce_error) { | |
2217 case NONCE_OK: | |
2218 return HANDSHAKE_OK; | |
2219 case NONCE_INVALID_FAILURE: | |
2220 case NONCE_INVALID_ORBIT_FAILURE: | |
2221 return SERVER_NONCE_INVALID_FAILURE; | |
2222 case NONCE_NOT_UNIQUE_FAILURE: | |
2223 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | |
2224 case NONCE_INVALID_TIME_FAILURE: | |
2225 return SERVER_NONCE_INVALID_TIME_FAILURE; | |
2226 case NONCE_UNKNOWN_FAILURE: | |
2227 case STRIKE_REGISTER_TIMEOUT: | |
2228 case STRIKE_REGISTER_FAILURE: | |
2229 default: | |
2230 QUIC_BUG << "Unexpected server nonce error: " << nonce_error; | |
2231 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | |
2232 } | |
2233 } | |
2234 | |
2235 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1979 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
2236 const CryptoHandshakeMessage& client_hello, | 1980 const CryptoHandshakeMessage& client_hello, |
2237 const QuicCryptoProof& crypto_proof) const { | 1981 const QuicSignedServerConfig& signed_config) const { |
2238 if (crypto_proof.chain->certs.empty()) { | 1982 if (signed_config.chain->certs.empty()) { |
2239 return false; | 1983 return false; |
2240 } | 1984 } |
2241 | 1985 |
2242 uint64_t hash_from_client; | 1986 uint64_t hash_from_client; |
2243 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1987 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
2244 return false; | 1988 return false; |
2245 } | 1989 } |
2246 return CryptoUtils::ComputeLeafCertHash(crypto_proof.chain->certs.at(0)) == | 1990 return CryptoUtils::ComputeLeafCertHash(signed_config.chain->certs.at(0)) == |
2247 hash_from_client; | 1991 hash_from_client; |
2248 } | 1992 } |
2249 | 1993 |
2250 bool QuicCryptoServerConfig::ClientDemandsX509Proof( | 1994 bool QuicCryptoServerConfig::ClientDemandsX509Proof( |
2251 const CryptoHandshakeMessage& client_hello) const { | 1995 const CryptoHandshakeMessage& client_hello) const { |
2252 const QuicTag* their_proof_demands; | 1996 const QuicTag* their_proof_demands; |
2253 size_t num_their_proof_demands; | 1997 size_t num_their_proof_demands; |
2254 | 1998 |
2255 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, | 1999 if (client_hello.GetTaglist(kPDMD, &their_proof_demands, |
2256 &num_their_proof_demands) != QUIC_NO_ERROR) { | 2000 &num_their_proof_demands) != QUIC_NO_ERROR) { |
(...skipping 13 matching lines...) Expand all Loading... |
2270 : channel_id_enabled(false), | 2014 : channel_id_enabled(false), |
2271 is_primary(false), | 2015 is_primary(false), |
2272 primary_time(QuicWallTime::Zero()), | 2016 primary_time(QuicWallTime::Zero()), |
2273 expiry_time(QuicWallTime::Zero()), | 2017 expiry_time(QuicWallTime::Zero()), |
2274 priority(0), | 2018 priority(0), |
2275 source_address_token_boxer(nullptr) {} | 2019 source_address_token_boxer(nullptr) {} |
2276 | 2020 |
2277 QuicCryptoServerConfig::Config::~Config() { | 2021 QuicCryptoServerConfig::Config::~Config() { |
2278 } | 2022 } |
2279 | 2023 |
2280 QuicCryptoProof::QuicCryptoProof() {} | 2024 QuicSignedServerConfig::QuicSignedServerConfig() |
2281 QuicCryptoProof::~QuicCryptoProof() {} | 2025 : send_expect_ct_header(false) {} |
| 2026 QuicSignedServerConfig::~QuicSignedServerConfig() {} |
2282 | 2027 |
2283 } // namespace net | 2028 } // namespace net |
OLD | NEW |