1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #include "net/quic/crypto/crypto_utils.h" 6 7 #include "crypto/hkdf.h" 8 #include "net/base/net_util.h" 9 #include "net/quic/crypto/crypto_handshake.h" 10 #include "net/quic/crypto/crypto_protocol.h" 11 #include "net/quic/crypto/quic_decrypter.h" 12 #include "net/quic/crypto/quic_encrypter.h" 13 #include "net/quic/crypto/quic_random.h" 14 #include "net/quic/quic_time.h" 15 #include "url/url_canon.h" 16 17 using base::StringPiece; 18 using std::string; 19 20 namespace net { 21 22 // static 23 void CryptoUtils::GenerateNonce(QuicWallTime now, 24 QuicRandom* random_generator, 25 StringPiece orbit, 26 string* nonce) { 27 // a 4-byte timestamp + 28 random bytes. 28 nonce->reserve(kNonceSize); 29 nonce->resize(kNonceSize); 30 uint32 gmt_unix_time = now.ToUNIXSeconds(); 31 // The time in the nonce must be encoded in big-endian because the 32 // strike-register depends on the nonces being ordered by time. 33 (*nonce)[0] = static_cast<char>(gmt_unix_time >> 24); 34 (*nonce)[1] = static_cast<char>(gmt_unix_time >> 16); 35 (*nonce)[2] = static_cast<char>(gmt_unix_time >> 8); 36 (*nonce)[3] = static_cast<char>(gmt_unix_time); 37 38 size_t bytes_written = sizeof(gmt_unix_time); 39 if (orbit.size() == 8) { 40 memcpy(&(*nonce)[bytes_written], orbit.data(), orbit.size()); 41 bytes_written += orbit.size(); 42 } 43 random_generator->RandBytes(&(*nonce)[bytes_written], 44 kNonceSize - bytes_written); 45 } 46 47 // static 48 bool CryptoUtils::IsValidSNI(StringPiece sni) { 49 // TODO(rtenneti): Support RFC2396 hostname. 50 // NOTE: Microsoft does NOT enforce this spec, so if we throw away hostnames 51 // based on the above spec, we may be losing some hostnames that windows 52 // would consider valid. By far the most common hostname character NOT 53 // accepted by the above spec is '_'. 54 url_canon::CanonHostInfo host_info; 55 string canonicalized_host(CanonicalizeHost(sni.as_string(), &host_info)); 56 return !host_info.IsIPAddress() && 57 IsCanonicalizedHostCompliant(canonicalized_host, std::string()) && 58 sni.find_last_of('.') != string::npos; 59 } 60 61 // static 62 string CryptoUtils::NormalizeHostname(const char* hostname) { 63 url_canon::CanonHostInfo host_info; 64 string host(CanonicalizeHost(hostname, &host_info)); 65 66 // Walk backwards over the string, stopping at the first trailing dot. 67 size_t host_end = host.length(); 68 while (host_end != 0 && host[host_end - 1] == '.') { 69 host_end--; 70 } 71 72 // Erase the trailing dots. 73 if (host_end != host.length()) { 74 host.erase(host_end, host.length() - host_end); 75 } 76 return host; 77 } 78 79 // static 80 void CryptoUtils::DeriveKeys(StringPiece premaster_secret, 81 QuicTag aead, 82 StringPiece client_nonce, 83 StringPiece server_nonce, 84 const string& hkdf_input, 85 Perspective perspective, 86 CrypterPair* out) { 87 out->encrypter.reset(QuicEncrypter::Create(aead)); 88 out->decrypter.reset(QuicDecrypter::Create(aead)); 89 size_t key_bytes = out->encrypter->GetKeySize(); 90 size_t nonce_prefix_bytes = out->encrypter->GetNoncePrefixSize(); 91 92 StringPiece nonce = client_nonce; 93 string nonce_storage; 94 if (!server_nonce.empty()) { 95 nonce_storage = client_nonce.as_string() + server_nonce.as_string(); 96 nonce = nonce_storage; 97 } 98 99 crypto::HKDF hkdf(premaster_secret, nonce, hkdf_input, key_bytes, 100 nonce_prefix_bytes); 101 if (perspective == SERVER) { 102 out->encrypter->SetKey(hkdf.server_write_key()); 103 out->encrypter->SetNoncePrefix(hkdf.server_write_iv()); 104 out->decrypter->SetKey(hkdf.client_write_key()); 105 out->decrypter->SetNoncePrefix(hkdf.client_write_iv()); 106 } else { 107 out->encrypter->SetKey(hkdf.client_write_key()); 108 out->encrypter->SetNoncePrefix(hkdf.client_write_iv()); 109 out->decrypter->SetKey(hkdf.server_write_key()); 110 out->decrypter->SetNoncePrefix(hkdf.server_write_iv()); 111 } 112 } 113 114 } // namespace net 115
