| OLD | NEW |
|---|
| (Empty) |
| 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | |
| 2 // Use of this source code is governed by a BSD-style license that can be | |
| 3 // found in the LICENSE file. | |
| 4 | |
| 5 #ifndef NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_ | |
| 6 #define NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_ | |
| 7 | |
| 8 #include <string> | |
| 9 | |
| 10 #include "net/base/net_export.h" | |
| 11 #include "net/quic/quic_protocol.h" | |
| 12 | |
| 13 // Version and Crypto tags are written to the wire with a big-endian | |
| 14 // representation of the name of the tag. For example | |
| 15 // the client hello tag (CHLO) will be written as the | |
| 16 // following 4 bytes: 'C' 'H' 'L' 'O'. Since it is | |
| 17 // stored in memory as a little endian uint32, we need | |
| 18 // to reverse the order of the bytes. | |
| 19 // | |
| 20 // We use a macro to ensure that no static initialisers are created. Use the | |
| 21 // MakeQuicTag function in normal code. | |
| 22 #define TAG(a, b, c, d) \ | |
| 23 static_cast<QuicTag>((d << 24) + (c << 16) + (b << 8) + a) | |
| 24 | |
| 25 namespace net { | |
| 26 | |
| 27 typedef std::string ServerConfigID; | |
| 28 | |
| 29 const QuicTag kCHLO = TAG('C', 'H', 'L', 'O'); // Client hello | |
| 30 const QuicTag kSHLO = TAG('S', 'H', 'L', 'O'); // Server hello | |
| 31 const QuicTag kSCFG = TAG('S', 'C', 'F', 'G'); // Server config | |
| 32 const QuicTag kREJ = TAG('R', 'E', 'J', '\0'); // Reject | |
| 33 const QuicTag kCETV = TAG('C', 'E', 'T', 'V'); // Client encrypted tag-value | |
| 34 // pairs | |
| 35 const QuicTag kPRST = TAG('P', 'R', 'S', 'T'); // Public reset | |
| 36 const QuicTag kSCUP = TAG('S', 'C', 'U', 'P'); // Server config update. | |
| 37 | |
| 38 // Key exchange methods | |
| 39 const QuicTag kP256 = TAG('P', '2', '5', '6'); // ECDH, Curve P-256 | |
| 40 const QuicTag kC255 = TAG('C', '2', '5', '5'); // ECDH, Curve25519 | |
| 41 | |
| 42 // AEAD algorithms | |
| 43 const QuicTag kNULL = TAG('N', 'U', 'L', 'N'); // null algorithm | |
| 44 const QuicTag kAESG = TAG('A', 'E', 'S', 'G'); // AES128 + GCM-12 | |
| 45 const QuicTag kCC12 = TAG('C', 'C', '1', '2'); // ChaCha20 + Poly1305 | |
| 46 | |
| 47 // Socket receive buffer | |
| 48 const QuicTag kSRBF = TAG('S', 'R', 'B', 'F'); // Socket receive buffer | |
| 49 | |
| 50 // Congestion control feedback types | |
| 51 const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C'); // TCP cubic | |
| 52 | |
| 53 // Connection options (COPT) values | |
| 54 const QuicTag kTBBR = TAG('T', 'B', 'B', 'R'); // Reduced Buffer Bloat TCP | |
| 55 const QuicTag kRENO = TAG('R', 'E', 'N', 'O'); // Reno Congestion Control | |
| 56 const QuicTag kIW10 = TAG('I', 'W', '1', '0'); // Force ICWND to 10 | |
| 57 const QuicTag kPACE = TAG('P', 'A', 'C', 'E'); // Paced TCP cubic | |
| 58 const QuicTag k1CON = TAG('1', 'C', 'O', 'N'); // Emulate a single connection | |
| 59 const QuicTag kNTLP = TAG('N', 'T', 'L', 'P'); // No tail loss probe | |
| 60 const QuicTag kNCON = TAG('N', 'C', 'O', 'N'); // N Connection Congestion Ctrl | |
| 61 const QuicTag kNRTO = TAG('N', 'R', 'T', 'O'); // CWND reduction on loss | |
| 62 | |
| 63 // Loss detection algorithm types | |
| 64 const QuicTag kNACK = TAG('N', 'A', 'C', 'K'); // TCP style nack counting | |
| 65 const QuicTag kTIME = TAG('T', 'I', 'M', 'E'); // Time based | |
| 66 | |
| 67 // Optional support of truncated Connection IDs. If sent by a peer, the value | |
| 68 // is the minimum number of bytes allowed for the connection ID sent to the | |
| 69 // peer. | |
| 70 const QuicTag kTCID = TAG('T', 'C', 'I', 'D'); // Connection ID truncation. | |
| 71 | |
| 72 // FEC options | |
| 73 const QuicTag kFHDR = TAG('F', 'H', 'D', 'R'); // FEC protect headers | |
| 74 | |
| 75 // Enable bandwidth resumption experiment. | |
| 76 const QuicTag kBWRE = TAG('B', 'W', 'R', 'E'); // Bandwidth resumption. | |
| 77 | |
| 78 // Proof types (i.e. certificate types) | |
| 79 // NOTE: although it would be silly to do so, specifying both kX509 and kX59R | |
| 80 // is allowed and is equivalent to specifying only kX509. | |
| 81 const QuicTag kX509 = TAG('X', '5', '0', '9'); // X.509 certificate, all key | |
| 82 // types | |
| 83 const QuicTag kX59R = TAG('X', '5', '9', 'R'); // X.509 certificate, RSA keys | |
| 84 // only | |
| 85 const QuicTag kCHID = TAG('C', 'H', 'I', 'D'); // Channel ID. | |
| 86 | |
| 87 // Client hello tags | |
| 88 const QuicTag kVER = TAG('V', 'E', 'R', '\0'); // Version (new) | |
| 89 const QuicTag kNONC = TAG('N', 'O', 'N', 'C'); // The client's nonce | |
| 90 const QuicTag kKEXS = TAG('K', 'E', 'X', 'S'); // Key exchange methods | |
| 91 const QuicTag kAEAD = TAG('A', 'E', 'A', 'D'); // Authenticated | |
| 92 // encryption algorithms | |
| 93 const QuicTag kCGST = TAG('C', 'G', 'S', 'T'); // Congestion control | |
| 94 // feedback types | |
| 95 const QuicTag kCOPT = TAG('C', 'O', 'P', 'T'); // Connection options | |
| 96 const QuicTag kICSL = TAG('I', 'C', 'S', 'L'); // Idle connection state | |
| 97 // lifetime | |
| 98 const QuicTag kSCLS = TAG('S', 'C', 'L', 'S'); // Silently close on timeout | |
| 99 const QuicTag kMSPC = TAG('M', 'S', 'P', 'C'); // Max streams per connection. | |
| 100 const QuicTag kIRTT = TAG('I', 'R', 'T', 'T'); // Estimated initial RTT in us. | |
| 101 const QuicTag kSWND = TAG('S', 'W', 'N', 'D'); // Server's Initial congestion | |
| 102 // window. | |
| 103 const QuicTag kSNI = TAG('S', 'N', 'I', '\0'); // Server name | |
| 104 // indication | |
| 105 const QuicTag kPUBS = TAG('P', 'U', 'B', 'S'); // Public key values | |
| 106 const QuicTag kSCID = TAG('S', 'C', 'I', 'D'); // Server config id | |
| 107 const QuicTag kORBT = TAG('O', 'B', 'I', 'T'); // Server orbit. | |
| 108 const QuicTag kPDMD = TAG('P', 'D', 'M', 'D'); // Proof demand. | |
| 109 const QuicTag kPROF = TAG('P', 'R', 'O', 'F'); // Proof (signature). | |
| 110 const QuicTag kCCS = TAG('C', 'C', 'S', 0); // Common certificate set | |
| 111 const QuicTag kCCRT = TAG('C', 'C', 'R', 'T'); // Cached certificate | |
| 112 const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y'); // Expiry | |
| 113 const QuicTag kSFCW = TAG('S', 'F', 'C', 'W'); // Initial stream flow control | |
| 114 // receive window. | |
| 115 const QuicTag kCFCW = TAG('C', 'F', 'C', 'W'); // Initial session/connection | |
| 116 // flow control receive window. | |
| 117 const QuicTag kUAID = TAG('U', 'A', 'I', 'D'); // Client's User Agent ID. | |
| 118 | |
| 119 // Rejection tags | |
| 120 const QuicTag kRREJ = TAG('R', 'R', 'E', 'J'); // Reasons for server sending | |
| 121 // rejection message tag. | |
| 122 | |
| 123 // Server hello tags | |
| 124 const QuicTag kCADR = TAG('C', 'A', 'D', 'R'); // Client IP address and port | |
| 125 | |
| 126 // CETV tags | |
| 127 const QuicTag kCIDK = TAG('C', 'I', 'D', 'K'); // ChannelID key | |
| 128 const QuicTag kCIDS = TAG('C', 'I', 'D', 'S'); // ChannelID signature | |
| 129 | |
| 130 // Public reset tags | |
| 131 const QuicTag kRNON = TAG('R', 'N', 'O', 'N'); // Public reset nonce proof | |
| 132 const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q'); // Rejected sequence number | |
| 133 | |
| 134 // Universal tags | |
| 135 const QuicTag kPAD = TAG('P', 'A', 'D', '\0'); // Padding | |
| 136 | |
| 137 // These tags have a special form so that they appear either at the beginning | |
| 138 // or the end of a handshake message. Since handshake messages are sorted by | |
| 139 // tag value, the tags with 0 at the end will sort first and those with 255 at | |
| 140 // the end will sort last. | |
| 141 // | |
| 142 // The certificate chain should have a tag that will cause it to be sorted at | |
| 143 // the end of any handshake messages because it's likely to be large and the | |
| 144 // client might be able to get everything that it needs from the small values at | |
| 145 // the beginning. | |
| 146 // | |
| 147 // Likewise tags with random values should be towards the beginning of the | |
| 148 // message because the server mightn't hold state for a rejected client hello | |
| 149 // and therefore the client may have issues reassembling the rejection message | |
| 150 // in the event that it sent two client hellos. | |
| 151 const QuicTag kServerNonceTag = | |
| 152 TAG('S', 'N', 'O', 0); // The server's nonce | |
| 153 const QuicTag kSourceAddressTokenTag = | |
| 154 TAG('S', 'T', 'K', 0); // Source-address token | |
| 155 const QuicTag kCertificateTag = | |
| 156 TAG('C', 'R', 'T', 255); // Certificate chain | |
| 157 | |
| 158 #undef TAG | |
| 159 | |
| 160 const size_t kMaxEntries = 128; // Max number of entries in a message. | |
| 161 | |
| 162 const size_t kNonceSize = 32; // Size in bytes of the connection nonce. | |
| 163 | |
| 164 const size_t kOrbitSize = 8; // Number of bytes in an orbit value. | |
| 165 | |
| 166 // kProofSignatureLabel is prepended to server configs before signing to avoid | |
| 167 // any cross-protocol attacks on the signature. | |
| 168 const char kProofSignatureLabel[] = "QUIC server config signature"; | |
| 169 | |
| 170 // kClientHelloMinimumSize is the minimum size of a client hello. Client hellos | |
| 171 // will have PAD tags added in order to ensure this minimum is met and client | |
| 172 // hellos smaller than this will be an error. This minimum size reduces the | |
| 173 // amplification factor of any mirror DoS attack. | |
| 174 // | |
| 175 // A client may pad an inchoate client hello to a size larger than | |
| 176 // kClientHelloMinimumSize to make it more likely to receive a complete | |
| 177 // rejection message. | |
| 178 const size_t kClientHelloMinimumSize = 1024; | |
| 179 | |
| 180 } // namespace net | |
| 181 | |
| 182 #endif // NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_ | |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 992733002:
Remove //net (except for Android test stuff) and sdch (Closed)
Base URL: git@github.com:domokit/mojo.git@master