| QUICHE team | a6ef0a6 | 2019-03-07 20:34:33 -0500 | [diff] [blame] | 1 | // Copyright (c) 2017 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "net/third_party/quiche/src/quic/quartc/quartc_crypto_helpers.h" |
| 6 | #include "net/third_party/quiche/src/quic/core/quic_utils.h" |
| 7 | #include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h" |
| 8 | #include "net/third_party/quiche/src/quic/core/tls_server_handshaker.h" |
| 9 | |
| 10 | namespace quic { |
| 11 | |
| 12 | void DummyProofSource::GetProof(const QuicSocketAddress& server_address, |
| 13 | const QuicString& hostname, |
| 14 | const QuicString& server_config, |
| 15 | QuicTransportVersion transport_version, |
| 16 | QuicStringPiece chlo_hash, |
| 17 | std::unique_ptr<Callback> callback) { |
| 18 | QuicReferenceCountedPointer<ProofSource::Chain> chain = |
| 19 | GetCertChain(server_address, hostname); |
| 20 | QuicCryptoProof proof; |
| 21 | proof.signature = "Dummy signature"; |
| 22 | proof.leaf_cert_scts = "Dummy timestamp"; |
| 23 | callback->Run(true, chain, proof, nullptr /* details */); |
| 24 | } |
| 25 | |
| 26 | QuicReferenceCountedPointer<DummyProofSource::Chain> |
| 27 | DummyProofSource::GetCertChain(const QuicSocketAddress& server_address, |
| 28 | const QuicString& hostname) { |
| 29 | std::vector<QuicString> certs; |
| 30 | certs.push_back(kDummyCertName); |
| 31 | return QuicReferenceCountedPointer<ProofSource::Chain>( |
| 32 | new ProofSource::Chain(certs)); |
| 33 | } |
| 34 | |
| 35 | void DummyProofSource::ComputeTlsSignature( |
| 36 | const QuicSocketAddress& server_address, |
| 37 | const QuicString& hostname, |
| 38 | uint16_t signature_algorithm, |
| 39 | QuicStringPiece in, |
| 40 | std::unique_ptr<SignatureCallback> callback) { |
| 41 | callback->Run(true, "Dummy signature"); |
| 42 | } |
| 43 | |
| 44 | QuicAsyncStatus InsecureProofVerifier::VerifyProof( |
| 45 | const QuicString& hostname, |
| 46 | const uint16_t port, |
| 47 | const QuicString& server_config, |
| 48 | QuicTransportVersion transport_version, |
| 49 | QuicStringPiece chlo_hash, |
| 50 | const std::vector<QuicString>& certs, |
| 51 | const QuicString& cert_sct, |
| 52 | const QuicString& signature, |
| 53 | const ProofVerifyContext* context, |
| 54 | QuicString* error_details, |
| 55 | std::unique_ptr<ProofVerifyDetails>* verify_details, |
| 56 | std::unique_ptr<ProofVerifierCallback> callback) { |
| 57 | return QUIC_SUCCESS; |
| 58 | } |
| 59 | |
| 60 | QuicAsyncStatus InsecureProofVerifier::VerifyCertChain( |
| 61 | const QuicString& hostname, |
| 62 | const std::vector<QuicString>& certs, |
| 63 | const ProofVerifyContext* context, |
| 64 | QuicString* error_details, |
| 65 | std::unique_ptr<ProofVerifyDetails>* details, |
| 66 | std::unique_ptr<ProofVerifierCallback> callback) { |
| 67 | return QUIC_SUCCESS; |
| 68 | } |
| 69 | |
| 70 | std::unique_ptr<ProofVerifyContext> |
| 71 | InsecureProofVerifier::CreateDefaultContext() { |
| 72 | return nullptr; |
| 73 | } |
| 74 | |
| 75 | QuicConnectionId QuartcCryptoServerStreamHelper::GenerateConnectionIdForReject( |
| 76 | QuicTransportVersion version, |
| 77 | QuicConnectionId connection_id) const { |
| 78 | // TODO(b/124399417): Request a zero-length connection id here when the QUIC |
| 79 | // server perspective supports it. Right now, the stateless rejector requires |
| 80 | // a connection id that is not the same as the client-chosen connection id. |
| 81 | return QuicUtils::CreateRandomConnectionId(); |
| 82 | } |
| 83 | |
| 84 | bool QuartcCryptoServerStreamHelper::CanAcceptClientHello( |
| 85 | const CryptoHandshakeMessage& message, |
| 86 | const QuicSocketAddress& client_address, |
| 87 | const QuicSocketAddress& peer_address, |
| 88 | const QuicSocketAddress& self_address, |
| 89 | QuicString* error_details) const { |
| 90 | return true; |
| 91 | } |
| 92 | |
| 93 | std::unique_ptr<QuicCryptoClientConfig> CreateCryptoClientConfig( |
| 94 | QuicStringPiece pre_shared_key) { |
| 95 | auto config = QuicMakeUnique<QuicCryptoClientConfig>( |
| 96 | QuicMakeUnique<InsecureProofVerifier>(), |
| 97 | TlsClientHandshaker::CreateSslCtx()); |
| 98 | config->set_pad_inchoate_hello(false); |
| 99 | config->set_pad_full_hello(false); |
| 100 | if (!pre_shared_key.empty()) { |
| 101 | config->set_pre_shared_key(pre_shared_key); |
| 102 | } |
| 103 | return config; |
| 104 | } |
| 105 | |
| 106 | CryptoServerConfig CreateCryptoServerConfig(QuicRandom* random, |
| 107 | const QuicClock* clock, |
| 108 | QuicStringPiece pre_shared_key) { |
| 109 | CryptoServerConfig crypto_server_config; |
| 110 | |
| 111 | // Generate a random source address token secret. For long-running servers |
| 112 | // it's better to not regenerate it for each connection to enable zero-RTT |
| 113 | // handshakes, but for transient clients it does not matter. |
| 114 | char source_address_token_secret[kInputKeyingMaterialLength]; |
| 115 | random->RandBytes(source_address_token_secret, kInputKeyingMaterialLength); |
| 116 | auto config = QuicMakeUnique<QuicCryptoServerConfig>( |
| 117 | QuicString(source_address_token_secret, kInputKeyingMaterialLength), |
| 118 | random, QuicMakeUnique<DummyProofSource>(), KeyExchangeSource::Default(), |
| 119 | TlsServerHandshaker::CreateSslCtx()); |
| 120 | |
| 121 | // We run QUIC over ICE, and ICE is verifying remote side with STUN pings. |
| 122 | // We disable source address token validation in order to allow for 0-rtt |
| 123 | // setup (plus source ip addresses are changing even during the connection |
| 124 | // when ICE is used). |
| 125 | config->set_validate_source_address_token(false); |
| 126 | |
| 127 | // Effectively disables the anti-amplification measures (we don't need |
| 128 | // them because we use ICE, and we need to disable them because we disable |
| 129 | // padding of crypto packets). |
| 130 | // This multiplier must be large enough so that the crypto handshake packet |
| 131 | // (approx. 300 bytes) multiplied by this multiplier is larger than a fully |
| 132 | // sized packet (currently 1200 bytes). |
| 133 | // 1500 is a bit extreme: if you can imagine sending a 1 byte packet, and |
| 134 | // your largest MTU would be below 1500 bytes, 1500*1 >= |
| 135 | // any_packet_that_you_can_imagine_sending. |
| 136 | // (again, we hardcode packet size to 1200, so we are not dealing with jumbo |
| 137 | // frames). |
| 138 | config->set_chlo_multiplier(1500); |
| 139 | |
| 140 | // We are sending small client hello, we must not validate its size. |
| 141 | config->set_validate_chlo_size(false); |
| 142 | |
| 143 | // Provide server with serialized config string to prove ownership. |
| 144 | QuicCryptoServerConfig::ConfigOptions options; |
| 145 | // The |message| is used to handle the return value of AddDefaultConfig |
| 146 | // which is raw pointer of the CryptoHandshakeMessage. |
| 147 | std::unique_ptr<CryptoHandshakeMessage> message( |
| 148 | config->AddDefaultConfig(random, clock, options)); |
| 149 | config->set_pad_rej(false); |
| 150 | config->set_pad_shlo(false); |
| 151 | if (!pre_shared_key.empty()) { |
| 152 | config->set_pre_shared_key(pre_shared_key); |
| 153 | } |
| 154 | crypto_server_config.config = std::move(config); |
| 155 | const QuicData& data = message->GetSerialized(); |
| 156 | |
| 157 | crypto_server_config.serialized_crypto_config = |
| 158 | QuicString(data.data(), data.length()); |
| 159 | return crypto_server_config; |
| 160 | } |
| 161 | |
| 162 | } // namespace quic |
