Google Git
Sign in
quiche / quiche.git / 37c5f8fa5ffc46c034a791c1c66feb5f9c143618 / . / quic / core / crypto / tls_server_connection.cc
blob: 1809c9eaae3a79af07743c2cb710a7533e6993f1 [file] [log] [blame]
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]1// Copyright (c) 2019 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h"
6
vasilvv778cad32020-10-08 12:43:32 -0700[diff] [blame]7#include "absl/strings/string_view.h"
renjietang4ff9ceb2020-05-07 14:19:13 -0700[diff] [blame]8#include "third_party/boringssl/src/include/openssl/ssl.h"
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]9#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h"
10#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
dmcardle904ef182019-12-13 08:34:33 -0800[diff] [blame]11
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]12namespace quic {
13
14TlsServerConnection::TlsServerConnection(SSL_CTX* ssl_ctx, Delegate* delegate)
15 : TlsConnection(ssl_ctx, delegate->ConnectionDelegate()),
16 delegate_(delegate) {}
17
18// static
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]19bssl::UniquePtr<SSL_CTX> TlsServerConnection::CreateSslCtx(
20 ProofSource* proof_source) {
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]21 bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx();
22 SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(),
23 &SelectCertificateCallback);
24 SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr);
nharper1f8289a2020-04-27 11:57:28 -0700[diff] [blame]25 // We don't actually need the TicketCrypter here, but we need to know
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]26 // whether it's set.
nharper9aaca962020-09-21 16:27:15 -0700[diff] [blame]27 if (proof_source->GetTicketCrypter()) {
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]28 SSL_CTX_set_ticket_aead_method(ssl_ctx.get(),
29 &TlsServerConnection::kSessionTicketMethod);
renjietangeccd8cc2020-07-29 14:31:17 -0700[diff] [blame]30 if (GetQuicRestartFlag(quic_enable_zero_rtt_for_tls_v2)) {
renjietang4ff9ceb2020-05-07 14:19:13 -0700[diff] [blame]31 SSL_CTX_set_early_data_enabled(ssl_ctx.get(), 1);
32 }
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]33 } else {
34 SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_NO_TICKET);
35 }
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]36 return ssl_ctx;
37}
38
39void TlsServerConnection::SetCertChain(
40 const std::vector<CRYPTO_BUFFER*>& cert_chain) {
41 SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), nullptr,
42 &TlsServerConnection::kPrivateKeyMethod);
43}
44
45const SSL_PRIVATE_KEY_METHOD TlsServerConnection::kPrivateKeyMethod{
46 &TlsServerConnection::PrivateKeySign,
47 nullptr, // decrypt
48 &TlsServerConnection::PrivateKeyComplete,
49};
50
51// static
52TlsServerConnection* TlsServerConnection::ConnectionFromSsl(SSL* ssl) {
53 return static_cast<TlsServerConnection*>(
54 TlsConnection::ConnectionFromSsl(ssl));
55}
56
57// static
58int TlsServerConnection::SelectCertificateCallback(SSL* ssl,
59 int* out_alert,
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]60 void* /*arg*/) {
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]61 return ConnectionFromSsl(ssl)->delegate_->SelectCertificate(out_alert);
62}
63
64// static
65int TlsServerConnection::SelectAlpnCallback(SSL* ssl,
66 const uint8_t** out,
67 uint8_t* out_len,
68 const uint8_t* in,
69 unsigned in_len,
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]70 void* /*arg*/) {
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]71 return ConnectionFromSsl(ssl)->delegate_->SelectAlpn(out, out_len, in,
72 in_len);
73}
74
75// static
76ssl_private_key_result_t TlsServerConnection::PrivateKeySign(SSL* ssl,
77 uint8_t* out,
78 size_t* out_len,
79 size_t max_out,
80 uint16_t sig_alg,
81 const uint8_t* in,
82 size_t in_len) {
83 return ConnectionFromSsl(ssl)->delegate_->PrivateKeySign(
84 out, out_len, max_out, sig_alg,
vasilvv778cad32020-10-08 12:43:32 -0700[diff] [blame]85 absl::string_view(reinterpret_cast<const char*>(in), in_len));
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]86}
87
88// static
89ssl_private_key_result_t TlsServerConnection::PrivateKeyComplete(
90 SSL* ssl,
91 uint8_t* out,
92 size_t* out_len,
93 size_t max_out) {
94 return ConnectionFromSsl(ssl)->delegate_->PrivateKeyComplete(out, out_len,
95 max_out);
96}
97
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]98// static
99const SSL_TICKET_AEAD_METHOD TlsServerConnection::kSessionTicketMethod{
100 TlsServerConnection::SessionTicketMaxOverhead,
101 TlsServerConnection::SessionTicketSeal,
102 TlsServerConnection::SessionTicketOpen,
103};
104
105// static
106size_t TlsServerConnection::SessionTicketMaxOverhead(SSL* ssl) {
107 return ConnectionFromSsl(ssl)->delegate_->SessionTicketMaxOverhead();
108}
109
110// static
111int TlsServerConnection::SessionTicketSeal(SSL* ssl,
112 uint8_t* out,
113 size_t* out_len,
114 size_t max_out_len,
115 const uint8_t* in,
116 size_t in_len) {
117 return ConnectionFromSsl(ssl)->delegate_->SessionTicketSeal(
118 out, out_len, max_out_len,
vasilvv778cad32020-10-08 12:43:32 -0700[diff] [blame]119 absl::string_view(reinterpret_cast<const char*>(in), in_len));
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]120}
121
122// static
123enum ssl_ticket_aead_result_t TlsServerConnection::SessionTicketOpen(
124 SSL* ssl,
125 uint8_t* out,
126 size_t* out_len,
127 size_t max_out_len,
128 const uint8_t* in,
129 size_t in_len) {
130 return ConnectionFromSsl(ssl)->delegate_->SessionTicketOpen(
131 out, out_len, max_out_len,
vasilvv778cad32020-10-08 12:43:32 -0700[diff] [blame]132 absl::string_view(reinterpret_cast<const char*>(in), in_len));
nharperfbaacc02020-04-24 17:30:22 -0700[diff] [blame]133}
134
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]135} // namespace quic