1// Copyright (c) 2013 The Chromium Authors. All rights reserved. 2// Use of this source code is governed by a BSD-style license that can be 3// found in the LICENSE file. 4 5#ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ 6#define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ 7 8#include <string> 9#include <vector> 10 11#include "base/memory/scoped_ptr.h" 12#include "net/base/net_export.h" 13#include "net/quic/quic_protocol.h" 14 15namespace net { 16 17class CommonCertSets; 18class KeyExchange; 19class QuicDecrypter; 20class QuicEncrypter; 21 22// HandshakeFailureReason enum values are uploaded to UMA, they cannot be 23// changed. 24enum HandshakeFailureReason { 25 HANDSHAKE_OK = 0, 26 27 // Failure reasons for an invalid client nonce in CHLO. 28 // 29 // The default error value for nonce verification failures from strike 30 // register (covers old strike registers and unknown failures). 31 CLIENT_NONCE_UNKNOWN_FAILURE = 1, 32 // Client nonce had incorrect length. 33 CLIENT_NONCE_INVALID_FAILURE = 2, 34 // Client nonce is not unique. 35 CLIENT_NONCE_NOT_UNIQUE_FAILURE = 3, 36 // Client orbit is invalid or incorrect. 37 CLIENT_NONCE_INVALID_ORBIT_FAILURE = 4, 38 // Client nonce's timestamp is not in the strike register's valid time range. 39 CLIENT_NONCE_INVALID_TIME_FAILURE = 5, 40 // Strike register's RPC call timed out, client nonce couldn't be verified. 41 CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT = 6, 42 // Strike register is down, client nonce couldn't be verified. 43 CLIENT_NONCE_STRIKE_REGISTER_FAILURE = 7, 44 45 // Failure reasons for an invalid server nonce in CHLO. 46 // 47 // Unbox of server nonce failed. 48 SERVER_NONCE_DECRYPTION_FAILURE = 8, 49 // Decrypted server nonce had incorrect length. 50 SERVER_NONCE_INVALID_FAILURE = 9, 51 // Server nonce is not unique. 52 SERVER_NONCE_NOT_UNIQUE_FAILURE = 10, 53 // Server nonce's timestamp is not in the strike register's valid time range. 54 SERVER_NONCE_INVALID_TIME_FAILURE = 11, 55 56 // Failure reasons for an invalid server config in CHLO. 57 // 58 // Missing Server config id (kSCID) tag. 59 SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12, 60 // Couldn't find the Server config id (kSCID). 61 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13, 62 63 // Failure reasons for an invalid source-address token. 64 // 65 // Missing Source-address token (kSourceAddressTokenTag) tag. 66 SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14, 67 // Unbox of Source-address token failed. 68 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15, 69 // Couldn't parse the unbox'ed Source-address token. 70 SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16, 71 // Source-address token is for a different IP address. 72 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17, 73 // The source-address token has a timestamp in the future. 74 SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18, 75 // The source-address token has expired. 76 SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19, 77 78 MAX_FAILURE_REASON, 79}; 80 81// These errors will be packed into an uint32 and we don't want to set the most 82// significant bit, which may be misinterpreted as the sign bit. 83COMPILE_ASSERT(MAX_FAILURE_REASON <= 32, failure_reason_out_of_sync); 84 85// A CrypterPair contains the encrypter and decrypter for an encryption level. 86struct NET_EXPORT_PRIVATE CrypterPair { 87 CrypterPair(); 88 ~CrypterPair(); 89 scoped_ptr<QuicEncrypter> encrypter; 90 scoped_ptr<QuicDecrypter> decrypter; 91}; 92 93// Parameters negotiated by the crypto handshake. 94struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters { 95 // Initializes the members to 0 or empty values. 96 QuicCryptoNegotiatedParameters(); 97 ~QuicCryptoNegotiatedParameters(); 98 99 QuicTag key_exchange; 100 QuicTag aead; 101 std::string initial_premaster_secret; 102 std::string forward_secure_premaster_secret; 103 // subkey_secret is used as the PRK input to the HKDF used for key extraction. 104 std::string subkey_secret; 105 CrypterPair initial_crypters; 106 CrypterPair forward_secure_crypters; 107 // Normalized SNI: converted to lower case and trailing '.' removed. 108 std::string sni; 109 std::string client_nonce; 110 std::string server_nonce; 111 // hkdf_input_suffix contains the HKDF input following the label: the 112 // ConnectionId, client hello and server config. This is only populated in the 113 // client because only the client needs to derive the forward secure keys at a 114 // later time from the initial keys. 115 std::string hkdf_input_suffix; 116 // cached_certs contains the cached certificates that a client used when 117 // sending a client hello. 118 std::vector<std::string> cached_certs; 119 // client_key_exchange is used by clients to store the ephemeral KeyExchange 120 // for the connection. 121 scoped_ptr<KeyExchange> client_key_exchange; 122 // channel_id is set by servers to a ChannelID key when the client correctly 123 // proves possession of the corresponding private key. It consists of 32 124 // bytes of x coordinate, followed by 32 bytes of y coordinate. Both values 125 // are big-endian and the pair is a P-256 public key. 126 std::string channel_id; 127 128 // Used when generating proof signature when sending server config updates. 129 bool x509_ecdsa_supported; 130 131 // Used to generate cert chain when sending server config updates. 132 std::string client_common_set_hashes; 133 std::string client_cached_cert_hashes; 134}; 135 136// QuicCryptoConfig contains common configuration between clients and servers. 137class NET_EXPORT_PRIVATE QuicCryptoConfig { 138 public: 139 // kInitialLabel is a constant that is used when deriving the initial 140 // (non-forward secure) keys for the connection in order to tie the resulting 141 // key to this protocol. 142 static const char kInitialLabel[]; 143 144 // kCETVLabel is a constant that is used when deriving the keys for the 145 // encrypted tag/value block in the client hello. 146 static const char kCETVLabel[]; 147 148 // kForwardSecureLabel is a constant that is used when deriving the forward 149 // secure keys for the connection in order to tie the resulting key to this 150 // protocol. 151 static const char kForwardSecureLabel[]; 152 153 QuicCryptoConfig(); 154 ~QuicCryptoConfig(); 155 156 // Key exchange methods. The following two members' values correspond by 157 // index. 158 QuicTagVector kexs; 159 // Authenticated encryption with associated data (AEAD) algorithms. 160 QuicTagVector aead; 161 162 const CommonCertSets* common_cert_sets; 163 164 private: 165 DISALLOW_COPY_AND_ASSIGN(QuicCryptoConfig); 166}; 167 168} // namespace net 169 170#endif // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_ 171