| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 1 | // Copyright (c) 2019 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h" |
| 6 | |
| dmcardle | 904ef18 | 2019-12-13 08:34:33 -0800 | [diff] [blame] | 7 | #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" |
| 8 | |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 9 | namespace quic { |
| 10 | |
| 11 | TlsServerConnection::TlsServerConnection(SSL_CTX* ssl_ctx, Delegate* delegate) |
| 12 | : TlsConnection(ssl_ctx, delegate->ConnectionDelegate()), |
| 13 | delegate_(delegate) {} |
| 14 | |
| 15 | // static |
| 16 | bssl::UniquePtr<SSL_CTX> TlsServerConnection::CreateSslCtx() { |
| 17 | bssl::UniquePtr<SSL_CTX> ssl_ctx = TlsConnection::CreateSslCtx(); |
| 18 | SSL_CTX_set_tlsext_servername_callback(ssl_ctx.get(), |
| 19 | &SelectCertificateCallback); |
| 20 | SSL_CTX_set_alpn_select_cb(ssl_ctx.get(), &SelectAlpnCallback, nullptr); |
| nharper | df7a77b | 2019-11-11 13:12:45 -0800 | [diff] [blame] | 21 | SSL_CTX_set_options(ssl_ctx.get(), SSL_OP_NO_TICKET); |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 22 | return ssl_ctx; |
| 23 | } |
| 24 | |
| 25 | void TlsServerConnection::SetCertChain( |
| 26 | const std::vector<CRYPTO_BUFFER*>& cert_chain) { |
| 27 | SSL_set_chain_and_key(ssl(), cert_chain.data(), cert_chain.size(), nullptr, |
| 28 | &TlsServerConnection::kPrivateKeyMethod); |
| 29 | } |
| 30 | |
| 31 | const SSL_PRIVATE_KEY_METHOD TlsServerConnection::kPrivateKeyMethod{ |
| 32 | &TlsServerConnection::PrivateKeySign, |
| 33 | nullptr, // decrypt |
| 34 | &TlsServerConnection::PrivateKeyComplete, |
| 35 | }; |
| 36 | |
| 37 | // static |
| 38 | TlsServerConnection* TlsServerConnection::ConnectionFromSsl(SSL* ssl) { |
| 39 | return static_cast<TlsServerConnection*>( |
| 40 | TlsConnection::ConnectionFromSsl(ssl)); |
| 41 | } |
| 42 | |
| 43 | // static |
| 44 | int TlsServerConnection::SelectCertificateCallback(SSL* ssl, |
| 45 | int* out_alert, |
| dschinazi | 17d4242 | 2019-06-18 16:35:07 -0700 | [diff] [blame] | 46 | void* /*arg*/) { |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 47 | return ConnectionFromSsl(ssl)->delegate_->SelectCertificate(out_alert); |
| 48 | } |
| 49 | |
| 50 | // static |
| 51 | int TlsServerConnection::SelectAlpnCallback(SSL* ssl, |
| 52 | const uint8_t** out, |
| 53 | uint8_t* out_len, |
| 54 | const uint8_t* in, |
| 55 | unsigned in_len, |
| dschinazi | 17d4242 | 2019-06-18 16:35:07 -0700 | [diff] [blame] | 56 | void* /*arg*/) { |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 57 | return ConnectionFromSsl(ssl)->delegate_->SelectAlpn(out, out_len, in, |
| 58 | in_len); |
| 59 | } |
| 60 | |
| 61 | // static |
| 62 | ssl_private_key_result_t TlsServerConnection::PrivateKeySign(SSL* ssl, |
| 63 | uint8_t* out, |
| 64 | size_t* out_len, |
| 65 | size_t max_out, |
| 66 | uint16_t sig_alg, |
| 67 | const uint8_t* in, |
| 68 | size_t in_len) { |
| 69 | return ConnectionFromSsl(ssl)->delegate_->PrivateKeySign( |
| 70 | out, out_len, max_out, sig_alg, |
| dmcardle | 904ef18 | 2019-12-13 08:34:33 -0800 | [diff] [blame] | 71 | quiche::QuicheStringPiece(reinterpret_cast<const char*>(in), in_len)); |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 72 | } |
| 73 | |
| 74 | // static |
| 75 | ssl_private_key_result_t TlsServerConnection::PrivateKeyComplete( |
| 76 | SSL* ssl, |
| 77 | uint8_t* out, |
| 78 | size_t* out_len, |
| 79 | size_t max_out) { |
| 80 | return ConnectionFromSsl(ssl)->delegate_->PrivateKeyComplete(out, out_len, |
| 81 | max_out); |
| 82 | } |
| 83 | |
| 84 | } // namespace quic |
