blob: 1436aeb41f026082ce01d8b5723643f829f7a5bb [file] [log] [blame] [edit]
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_QUARTC_QUARTC_CRYPTO_HELPERS_H_
#define QUICHE_QUIC_QUARTC_QUARTC_CRYPTO_HELPERS_H_
#include <string>
#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake_message.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_source.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h"
#include "net/third_party/quiche/src/quic/core/quic_connection_id.h"
#include "net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h"
#include "net/third_party/quiche/src/quic/core/quic_versions.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_reference_counted.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_socket_address.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h"
namespace quic {
// Never, ever, change this certificate name. You will break 0-rtt handshake if
// you do.
static constexpr char kDummyCertName[] = "Dummy cert";
struct CryptoServerConfig {
std::unique_ptr<QuicCryptoServerConfig> config;
std::string serialized_crypto_config;
};
// Length of HKDF input keying material, equal to its number of bytes.
// https://tools.ietf.org/html/rfc5869#section-2.2.
// TODO(zhihuang): Verify that input keying material length is correct.
constexpr size_t kInputKeyingMaterialLength = 32;
// Used by QuicCryptoServerConfig to provide dummy proof credentials.
// TODO(zhihuang): Remove when secure P2P QUIC handshake is possible.
class DummyProofSource : public ProofSource {
public:
DummyProofSource() {}
~DummyProofSource() override {}
// ProofSource overrides.
void GetProof(const QuicSocketAddress& server_address,
const std::string& hostname,
const std::string& server_config,
QuicTransportVersion transport_version,
QuicStringPiece chlo_hash,
std::unique_ptr<Callback> callback) override;
QuicReferenceCountedPointer<Chain> GetCertChain(
const QuicSocketAddress& server_address,
const std::string& hostname) override;
void ComputeTlsSignature(
const QuicSocketAddress& server_address,
const std::string& hostname,
uint16_t signature_algorithm,
QuicStringPiece in,
std::unique_ptr<SignatureCallback> callback) override;
};
// Used by QuicCryptoClientConfig to ignore the peer's credentials
// and establish an insecure QUIC connection.
// TODO(zhihuang): Remove when secure P2P QUIC handshake is possible.
class InsecureProofVerifier : public ProofVerifier {
public:
InsecureProofVerifier() {}
~InsecureProofVerifier() override {}
// ProofVerifier overrides.
QuicAsyncStatus VerifyProof(
const std::string& hostname,
const uint16_t port,
const std::string& server_config,
QuicTransportVersion transport_version,
QuicStringPiece chlo_hash,
const std::vector<std::string>& certs,
const std::string& cert_sct,
const std::string& signature,
const ProofVerifyContext* context,
std::string* error_details,
std::unique_ptr<ProofVerifyDetails>* verify_details,
std::unique_ptr<ProofVerifierCallback> callback) override;
QuicAsyncStatus VerifyCertChain(
const std::string& hostname,
const std::vector<std::string>& certs,
const std::string& ocsp_response,
const std::string& cert_sct,
const ProofVerifyContext* context,
std::string* error_details,
std::unique_ptr<ProofVerifyDetails>* details,
std::unique_ptr<ProofVerifierCallback> callback) override;
std::unique_ptr<ProofVerifyContext> CreateDefaultContext() override;
};
// Implementation of the server-side crypto stream helper.
class QuartcCryptoServerStreamHelper : public QuicCryptoServerStream::Helper {
public:
QuicConnectionId GenerateConnectionIdForReject(
QuicTransportVersion version,
QuicConnectionId connection_id) const override;
bool CanAcceptClientHello(const CryptoHandshakeMessage& message,
const QuicSocketAddress& client_address,
const QuicSocketAddress& peer_address,
const QuicSocketAddress& self_address,
std::string* error_details) const override;
};
std::unique_ptr<QuicCryptoClientConfig> CreateCryptoClientConfig(
QuicStringPiece pre_shared_key);
CryptoServerConfig CreateCryptoServerConfig(QuicRandom* random,
const QuicClock* clock,
QuicStringPiece pre_shared_key);
} // namespace quic
#endif // QUICHE_QUIC_QUARTC_QUARTC_CRYPTO_HELPERS_H_