summaryrefslogtreecommitdiff
path: root/chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc
diff options
context:
space:
mode:
Diffstat (limited to 'chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc')
-rw-r--r--chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc135
1 files changed, 135 insertions, 0 deletions
diff --git a/chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc b/chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc
new file mode 100644
index 00000000000..58b3b365681
--- /dev/null
+++ b/chromium/third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.cc
@@ -0,0 +1,135 @@
+// Copyright 2019 The Chromium Authors. All rights reserved.
+// Use of this source code is governed by a BSD-style license that can be
+// found in the LICENSE file.
+
+#include "net/third_party/quic/core/crypto/proof_source.h"
+#include "net/third_party/quic/core/crypto/proof_verifier.h"
+
+#include "net/third_party/quic/core/tls_client_handshaker.h"
+#include "net/third_party/quic/core/tls_server_handshaker.h"
+#include "third_party/blink/renderer/modules/peerconnection/adapters/p2p_quic_crypto_config_factory_impl.h"
+
+namespace blink {
+
+namespace {
+
+// Length of HKDF input keying material, equal to its number of bytes.
+// https://tools.ietf.org/html/rfc5869#section-2.2.
+const size_t kInputKeyingMaterialLength = 32;
+
+// TODO(https://crbug.com/874300): Implement a secure QUIC handshake, meaning
+// that both side's certificates are verified. This can be done by creating a
+// P2PProofSource and P2PProofVerifier, and removing these objects once the
+// TLS 1.3 handshake is implemented for QUIC.
+// - The self signed certificate fingerprint matches the remote
+// fingerprint that was signaled.
+// - The peer owns the certificate, by verifying the signature of the hash of
+// the handshake context.
+//
+// Ignores the peer's credentials (taken from quic/quartc).
+class InsecureProofVerifier : public quic::ProofVerifier {
+ public:
+ InsecureProofVerifier() {}
+ ~InsecureProofVerifier() override {}
+
+ // ProofVerifier override.
+ quic::QuicAsyncStatus VerifyProof(
+ const quic::QuicString& hostname,
+ const uint16_t port,
+ const quic::QuicString& server_config,
+ quic::QuicTransportVersion transport_version,
+ quic::QuicStringPiece chlo_hash,
+ const std::vector<quic::QuicString>& certs,
+ const quic::QuicString& cert_sct,
+ const quic::QuicString& signature,
+ const quic::ProofVerifyContext* context,
+ quic::QuicString* error_details,
+ std::unique_ptr<quic::ProofVerifyDetails>* verify_details,
+ std::unique_ptr<quic::ProofVerifierCallback> callback) override {
+ return quic::QUIC_SUCCESS;
+ }
+
+ quic::QuicAsyncStatus VerifyCertChain(
+ const quic::QuicString& hostname,
+ const std::vector<quic::QuicString>& certs,
+ const quic::ProofVerifyContext* context,
+ quic::QuicString* error_details,
+ std::unique_ptr<quic::ProofVerifyDetails>* details,
+ std::unique_ptr<quic::ProofVerifierCallback> callback) override {
+ return quic::QUIC_SUCCESS;
+ }
+
+ std::unique_ptr<quic::ProofVerifyContext> CreateDefaultContext() override {
+ return nullptr;
+ }
+};
+
+} // namespace
+
+// Used by QuicCryptoServerConfig to provide dummy proof credentials
+// (taken from quic/quartc).
+class DummyProofSource : public quic::ProofSource {
+ public:
+ DummyProofSource() {}
+ ~DummyProofSource() override {}
+
+ // ProofSource override.
+ void GetProof(const quic::QuicSocketAddress& server_addr,
+ const quic::QuicString& hostname,
+ const quic::QuicString& server_config,
+ quic::QuicTransportVersion transport_version,
+ quic::QuicStringPiece chlo_hash,
+ std::unique_ptr<Callback> callback) override {
+ quic::QuicCryptoProof proof;
+ proof.signature = "Dummy signature";
+ proof.leaf_cert_scts = "Dummy timestamp";
+ callback->Run(true, GetCertChain(server_addr, hostname), proof,
+ nullptr /* details */);
+ }
+
+ quic::QuicReferenceCountedPointer<Chain> GetCertChain(
+ const quic::QuicSocketAddress& server_address,
+ const quic::QuicString& hostname) override {
+ std::vector<quic::QuicString> certs;
+ certs.push_back("Dummy cert");
+ return quic::QuicReferenceCountedPointer<Chain>(
+ new quic::ProofSource::Chain(certs));
+ }
+ void ComputeTlsSignature(
+ const quic::QuicSocketAddress& server_address,
+ const quic::QuicString& hostname,
+ uint16_t signature_algorithm,
+ quic::QuicStringPiece in,
+ std::unique_ptr<SignatureCallback> callback) override {
+ callback->Run(true, "Dummy signature");
+ }
+};
+
+P2PQuicCryptoConfigFactoryImpl::P2PQuicCryptoConfigFactoryImpl(
+ quic::QuicRandom* const random_generator)
+ : random_generator_(random_generator) {}
+
+std::unique_ptr<quic::QuicCryptoClientConfig>
+P2PQuicCryptoConfigFactoryImpl::CreateClientCryptoConfig() {
+ std::unique_ptr<quic::ProofVerifier> proof_verifier(
+ new InsecureProofVerifier);
+ return std::make_unique<quic::QuicCryptoClientConfig>(
+ std::move(proof_verifier), quic::TlsClientHandshaker::CreateSslCtx());
+}
+
+std::unique_ptr<quic::QuicCryptoServerConfig>
+P2PQuicCryptoConfigFactoryImpl::CreateServerCryptoConfig() {
+ // Generate a random source address token secret every time since this is
+ // a transient client.
+ char source_address_token_secret[kInputKeyingMaterialLength];
+ random_generator_->RandBytes(source_address_token_secret,
+ kInputKeyingMaterialLength);
+ std::unique_ptr<quic::ProofSource> proof_source(new DummyProofSource);
+ return std::make_unique<quic::QuicCryptoServerConfig>(
+ quic::QuicString(source_address_token_secret, kInputKeyingMaterialLength),
+ random_generator_, std::move(proof_source),
+ quic::KeyExchangeSource::Default(),
+ quic::TlsServerHandshaker::CreateSslCtx());
+}
+
+} // namespace blink
View Lorry Controller Status