| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 1 | // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "net/third_party/quiche/src/quic/core/tls_handshaker.h" |
| 6 | |
| 7 | #include "third_party/boringssl/src/include/openssl/crypto.h" |
| 8 | #include "third_party/boringssl/src/include/openssl/ssl.h" |
| 9 | #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" |
| 10 | #include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" |
| 11 | #include "net/third_party/quiche/src/quic/platform/api/quic_arraysize.h" |
| 12 | #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" |
| 13 | |
| 14 | namespace quic { |
| 15 | |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 16 | TlsHandshaker::TlsHandshaker(QuicCryptoStream* stream, |
| 17 | QuicSession* session, |
| dschinazi | 17d4242 | 2019-06-18 16:35:07 -0700 | [diff] [blame] | 18 | SSL_CTX* /*ssl_ctx*/) |
| fayang | d58736d | 2019-11-27 13:35:31 -0800 | [diff] [blame] | 19 | : stream_(stream), session_(session), delegate_(session) { |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 20 | } |
| 21 | |
| 22 | TlsHandshaker::~TlsHandshaker() {} |
| 23 | |
| 24 | bool TlsHandshaker::ProcessInput(QuicStringPiece input, EncryptionLevel level) { |
| 25 | if (parser_error_ != QUIC_NO_ERROR) { |
| 26 | return false; |
| 27 | } |
| 28 | // TODO(nharper): Call SSL_quic_read_level(ssl()) and check whether the |
| 29 | // encryption level BoringSSL expects matches the encryption level that we |
| 30 | // just received input at. If they mismatch, should ProcessInput return true |
| 31 | // or false? If data is for a future encryption level, it should be queued for |
| 32 | // later? |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 33 | if (SSL_provide_quic_data(ssl(), TlsConnection::BoringEncryptionLevel(level), |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 34 | reinterpret_cast<const uint8_t*>(input.data()), |
| 35 | input.size()) != 1) { |
| 36 | // SSL_provide_quic_data can fail for 3 reasons: |
| 37 | // - API misuse (calling it before SSL_set_custom_quic_method, which we |
| 38 | // call in the TlsHandshaker c'tor) |
| 39 | // - Memory exhaustion when appending data to its buffer |
| 40 | // - Data provided at the wrong encryption level |
| 41 | // |
| 42 | // Of these, the only sensible error to handle is data provided at the wrong |
| 43 | // encryption level. |
| 44 | // |
| 45 | // Note: the error provided below has a good-sounding enum value, although |
| 46 | // it doesn't match the description as it's a QUIC Crypto specific error. |
| 47 | parser_error_ = QUIC_INVALID_CRYPTO_MESSAGE_TYPE; |
| 48 | parser_error_detail_ = "TLS stack failed to receive data"; |
| 49 | return false; |
| 50 | } |
| 51 | AdvanceHandshake(); |
| 52 | return true; |
| 53 | } |
| 54 | |
| nharper | 486a8a9 | 2019-08-28 16:25:10 -0700 | [diff] [blame] | 55 | size_t TlsHandshaker::BufferSizeLimitForLevel(EncryptionLevel level) const { |
| 56 | return SSL_quic_max_handshake_flight_len( |
| 57 | ssl(), TlsConnection::BoringEncryptionLevel(level)); |
| 58 | } |
| 59 | |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 60 | const EVP_MD* TlsHandshaker::Prf() { |
| 61 | return EVP_get_digestbynid( |
| 62 | SSL_CIPHER_get_prf_nid(SSL_get_pending_cipher(ssl()))); |
| 63 | } |
| 64 | |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 65 | void TlsHandshaker::SetEncryptionSecret( |
| 66 | EncryptionLevel level, |
| 67 | const std::vector<uint8_t>& read_secret, |
| 68 | const std::vector<uint8_t>& write_secret) { |
| fayang | d58736d | 2019-11-27 13:35:31 -0800 | [diff] [blame] | 69 | std::unique_ptr<QuicEncrypter> encrypter = |
| 70 | QuicEncrypter::CreateFromCipherSuite( |
| 71 | SSL_CIPHER_get_id(SSL_get_pending_cipher(ssl()))); |
| 72 | CryptoUtils::SetKeyAndIV(Prf(), write_secret, encrypter.get()); |
| 73 | std::unique_ptr<QuicDecrypter> decrypter = |
| 74 | QuicDecrypter::CreateFromCipherSuite( |
| 75 | SSL_CIPHER_get_id(SSL_get_pending_cipher(ssl()))); |
| 76 | CryptoUtils::SetKeyAndIV(Prf(), read_secret, decrypter.get()); |
| 77 | delegate_->OnNewKeysAvailable(level, std::move(decrypter), |
| 78 | /*set_alternative_decrypter=*/false, |
| 79 | /*latch_once_used=*/false, |
| 80 | std::move(encrypter)); |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 81 | } |
| 82 | |
| 83 | void TlsHandshaker::WriteMessage(EncryptionLevel level, QuicStringPiece data) { |
| 84 | stream_->WriteCryptoData(level, data); |
| 85 | } |
| 86 | |
| 87 | void TlsHandshaker::FlushFlight() {} |
| 88 | |
| dschinazi | 17d4242 | 2019-06-18 16:35:07 -0700 | [diff] [blame] | 89 | void TlsHandshaker::SendAlert(EncryptionLevel /*level*/, uint8_t desc) { |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 90 | // TODO(nharper): Alerts should be sent on the wire as a 16-bit QUIC error |
| 91 | // code computed to be 0x100 | desc (draft-ietf-quic-tls-14, section 4.8). |
| 92 | // This puts it in the range reserved for CRYPTO_ERROR |
| 93 | // (draft-ietf-quic-transport-14, section 11.3). However, according to |
| 94 | // quic_error_codes.h, this QUIC implementation only sends 1-byte error codes |
| 95 | // right now. |
| dschinazi | 35e749e | 2019-04-09 09:36:04 -0700 | [diff] [blame] | 96 | QUIC_DLOG(INFO) << "TLS failing handshake due to alert " |
| 97 | << static_cast<int>(desc); |
| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 98 | CloseConnection(QUIC_HANDSHAKE_FAILED, "TLS handshake failure"); |
| 99 | } |
| 100 | |
| 101 | } // namespace quic |
