Google Git
Sign in
quiche / quiche.git / aaaf1a4ecc244d2a8476f226a63447dd7b7fbf9c^! / . / quic / core / tls_server_handshaker.cc
commitaaaf1a4ecc244d2a8476f226a63447dd7b7fbf9c[log] [tgz]
authordschinazi <dschinazi@google.com>Thu Apr 16 11:44:31 2020 -0700
committerCopybara-Service <copybara-worker@google.com>Thu Apr 16 11:45:02 2020 -0700
treef0049c458ea8b962fd06ceaed0c4600b82e3f2b5
parentda42ab69f80814355f3407a723fdc90edaa30664 [diff] [blame]
Make PSK handshake fail with QUIC+TLS

QUIC+TLS currently does not support pre-shared keys (PSK). Before this CL, the code would simply ignore the PSK and continue the handshake. This could lead to traffic not being authenticated. To avoid this class of security issues, this CL ensures that the QUIC+TLS handshake fails if a PSK has been configured. We will implement support for PSK in QUIC+TLS in a subsequent CL.

This CL also refactors the constructor for TlsServerHandshaker to give it access to the QuicCryptoServerConfig.

gfe-relnote: make QUIC+TLS+PSK fail, not used in production, TLS versions protected by gfe2_reloadable_flag_quic_enable_t050_v2, gfe2_reloadable_flag_quic_enable_version_draft_25_v3 and gfe2_reloadable_flag_quic_enable_version_draft_27.
PiperOrigin-RevId: 306890388
Change-Id: Ic254e3f049bcdc5b980916072e516447f198e2f1

diff --git a/quic/core/tls_server_handshaker.cc b/quic/core/tls_server_handshaker.cc
index f4ce22b..75ff75d 100644
--- a/quic/core/tls_server_handshaker.cc
+++ b/quic/core/tls_server_handshaker.cc

@@ -44,14 +44,15 @@
   handshaker_ = nullptr;
 }
 
-TlsServerHandshaker::TlsServerHandshaker(QuicSession* session,
-                                         SSL_CTX* ssl_ctx,
-                                         ProofSource* proof_source)
+TlsServerHandshaker::TlsServerHandshaker(
+    QuicSession* session,
+    const QuicCryptoServerConfig& crypto_config)
     : TlsHandshaker(this, session),
       QuicCryptoServerStreamBase(session),
-      proof_source_(proof_source),
+      proof_source_(crypto_config.proof_source()),
+      pre_shared_key_(crypto_config.pre_shared_key()),
       crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
-      tls_connection_(ssl_ctx, this) {
+      tls_connection_(crypto_config.ssl_ctx(), this) {
   DCHECK_EQ(PROTOCOL_TLS1_3,
             session->connection()->version().handshake_protocol);
 
@@ -390,6 +391,12 @@
     return SSL_TLSEXT_ERR_ALERT_FATAL;
   }
 
+  if (!pre_shared_key_.empty()) {
+    // TODO(b/154162689) add PSK support to QUIC+TLS.
+    QUIC_BUG << "QUIC server pre-shared keys not yet supported with TLS";
+    return SSL_TLSEXT_ERR_ALERT_FATAL;
+  }
+
   std::vector<CRYPTO_BUFFER*> certs;
   certs.resize(chain->certs.size());
   for (size_t i = 0; i < certs.size(); i++) {