Add quic server pfx certificate validation

Author: qwu16

quic_transport/sdk/api/owt/quic/quic_transport_factory.h

@@ -19,19 +19,26 @@ class OWT_EXPORT QuicTransportFactory {
  public:
   virtual ~QuicTransportFactory() = default;
 
-  /// Create a WebTransportFactory.
+  /// Create a QuicTransportFactory.
   static QuicTransportFactory* Create();
-  /// Create a WebTransportFactory for testing. It will not initialize
+  /// Create a QuicTransportFactory for testing. It will not initialize
   /// AtExitManager since testing tools will initialize one.
   static QuicTransportFactory* CreateForTesting();
-  // Create a WebTransport over HTTP/3 server with certificate, key and secret
+  // Create a server directly over Quic with certificate, key and secret
   // file. Ownership of returned value is moved to caller. Returns nullptr if
   // creation is failed.
   virtual QuicTransportServerInterface* CreateQuicTransportServer(
       int port,
       const char* cert_file,
-      const char* key_file) = 0;
-  // Create a WebTransport over HTTP/3 client. It will not connect to the given
+      const char* key_file,
+      const char* secret_path) = 0;
+  // Create a server directly over Quic with pkcs12 file. Ownership of
+  // returned value is moved to caller. Returns nullptr if creation is failed.
+  virtual QuicTransportServerInterface* CreateQuicTransportServer(
+      int port,
+      const char* pfx_path,
+      const char* password) = 0;
+  // Create a Quic client. It will not connect to the given
   // `url` immediately after creation.
   virtual QuicTransportClientInterface* CreateQuicTransportClient(
       const char* host,

quic_transport/sdk/api/owt/quic/quic_transport_server_interface.h

@@ -12,7 +12,7 @@
 
 namespace owt {
 namespace quic {
-// A server accepts WebTransport connections.
+// A server accepts direct Quic connections.
 class OWT_EXPORT QuicTransportServerInterface {
  public:
   class Visitor {

quic_transport/sdk/impl/proof_source_owt.cc

@@ -21,51 +21,207 @@
 #include "third_party/boringssl/src/include/openssl/pkcs8.h"
 #include "third_party/boringssl/src/include/openssl/stack.h"
 
+namespace owt {
 namespace quic {
 
 ProofSourceOwt::ProofSourceOwt() {}
 
 ProofSourceOwt::~ProofSourceOwt() {}
 
-ProofSource::TicketCrypter* ProofSourceOwt::GetTicketCrypter() {
-  return nullptr;
+bool ProofSourceOwt::Initialize(const base::FilePath& pfx_path,
+                                const std::string& password) {
+  crypto::EnsureOpenSSLInit();
+  std::string pfx_data;
+  if (!base::ReadFileToString(pfx_path, &pfx_data)) {
+    DLOG(FATAL) << "Unable to read pfx file.";
+    return false;
+  }
+
+  EVP_PKEY* key = nullptr;
+  bssl::UniquePtr<STACK_OF(X509)> certs(sk_X509_new_null());
+  CBS pkcs12;
+  CBS_init(&pkcs12, reinterpret_cast<const uint8_t*>(pfx_data.c_str()),
+           pfx_data.size());
+  if (PKCS12_get_key_and_certs(&key, certs.get(), &pkcs12, password.c_str()) ==
+      0) {
+    return false;
+  }
+  std::vector<std::string> certs_string;
+  for (X509* cert : certs.get()) {
+    int len(0);
+    unsigned char* buffer(nullptr);
+    len = i2d_X509(cert, &buffer);
+    if (len < 0) {
+      LOG(ERROR) << "Failed to get X509 certificate.";
+      return false;
+    }
+    auto cert_list = net::X509Certificate::CreateCertificateListFromBytes(
+        base::as_bytes(base::span<unsigned char>(buffer, len)),
+        net::X509Certificate::FORMAT_AUTO);
+    certs_in_file_.insert(certs_in_file_.end(), cert_list.begin(),
+                          cert_list.end());
+    bssl::UniquePtr<CRYPTO_BUFFER> crypto_buffer =
+        net::x509_util::CreateCryptoBuffer(base::make_span(buffer, len));
+    certs_string.emplace_back(
+        net::x509_util::CryptoBufferAsStringPiece(crypto_buffer.get()));
+  }
+
+  if (certs_in_file_.empty()) {
+    DLOG(FATAL) << "No certificates.";
+    return false;
+  }
+
+  chain_ = new ::quic::ProofSource::Chain(certs_string);
+  private_key_ = std::make_unique<::quic::CertificatePrivateKey>(
+      bssl::UniquePtr<EVP_PKEY>(key));
+  return true;
+}
+
+absl::InlinedVector<uint16_t, 8>
+ProofSourceOwt::SupportedTlsSignatureAlgorithms() const {
+  // Allow all signature algorithms that BoringSSL allows.
+  return {};
+}
+
+::quic::ProofSource::TicketCrypter* ProofSourceOwt::GetTicketCrypter() {
+  return ticket_crypter_.get();
+}
+
+void ProofSourceOwt::SetTicketCrypter(
+    std::unique_ptr<::quic::ProofSource::TicketCrypter> ticket_crypter) {
+  ticket_crypter_ = std::move(ticket_crypter);
 }
 
-void ProofSourceOwt::GetProof(const QuicSocketAddress& server_address,
-                              const QuicSocketAddress& client_address,
+bool ProofSourceOwt::GetProofInner(
+    const ::quic::QuicSocketAddress& server_addr,
+    const std::string& hostname,
+    const std::string& server_config,
+    ::quic::QuicTransportVersion quic_version,
+    absl::string_view chlo_hash,
+    ::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain>* out_chain,
+    ::quic::QuicCryptoProof* proof) {
+  // This function is copied from `ProofSourceChromium`, but `leaf_cert_scts` is
+  // not set.
+  DCHECK(proof);
+  DCHECK(private_key_);
+
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  bssl::ScopedEVP_MD_CTX sign_context;
+  EVP_PKEY_CTX* pkey_ctx;
+
+  uint32_t len_tmp = chlo_hash.length();
+  if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr,
+                          private_key_->private_key()) ||
+      (EVP_PKEY_id(private_key_->private_key()) == EVP_PKEY_RSA &&
+       (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
+        !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1))) ||
+      !EVP_DigestSignUpdate(
+          sign_context.get(),
+          reinterpret_cast<const uint8_t*>(::quic::kProofSignatureLabel),
+          sizeof(::quic::kProofSignatureLabel)) ||
+      !EVP_DigestSignUpdate(sign_context.get(),
+                            reinterpret_cast<const uint8_t*>(&len_tmp),
+                            sizeof(len_tmp)) ||
+      !EVP_DigestSignUpdate(sign_context.get(),
+                            reinterpret_cast<const uint8_t*>(chlo_hash.data()),
+                            len_tmp) ||
+      !EVP_DigestSignUpdate(
+          sign_context.get(),
+          reinterpret_cast<const uint8_t*>(server_config.data()),
+          server_config.size())) {
+    return false;
+  }
+  // Determine the maximum length of the signature.
+  size_t len = 0;
+  if (!EVP_DigestSignFinal(sign_context.get(), nullptr, &len)) {
+    return false;
+  }
+  std::vector<uint8_t> signature(len);
+  // Sign it.
+  if (!EVP_DigestSignFinal(sign_context.get(), signature.data(), &len)) {
+    return false;
+  }
+  signature.resize(len);
+  proof->signature.assign(reinterpret_cast<const char*>(signature.data()),
+                          signature.size());
+  *out_chain = chain_;
+  VLOG(1) << "signature: "
+          << base::HexEncode(proof->signature.data(), proof->signature.size());
+  return true;
+}
+
+void ProofSourceOwt::GetProof(const ::quic::QuicSocketAddress& server_address,
+                              const ::quic::QuicSocketAddress& client_address,
                               const std::string& hostname,
                               const std::string& server_config,
-                              QuicTransportVersion quic_version,
+                              ::quic::QuicTransportVersion quic_version,
                               absl::string_view chlo_hash,
                               std::unique_ptr<Callback> callback) {
-  bool cert_matched_sni;
-  ::quiche::QuicheReferenceCountedPointer<ProofSource::Chain> chain =
-      GetCertChain(server_address, client_address, hostname, &cert_matched_sni);
-  QuicCryptoProof proof;
-  proof.signature = "fake signature";
-  proof.leaf_cert_scts = "fake timestamp";
-  callback->Run(true, chain, proof, nullptr);
+  // As a transitional implementation, just call the synchronous version of
+  // GetProof, then invoke the callback with the results and destroy it.
+  ::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain> chain;
+  std::string signature;
+  std::string leaf_cert_sct;
+  ::quic::QuicCryptoProof out_proof;
+
+  const bool ok = GetProofInner(server_address, hostname, server_config,
+                                quic_version, chlo_hash, &chain, &out_proof);
+  callback->Run(ok, chain, out_proof, nullptr /* details */);
 }
 
-::quiche::QuicheReferenceCountedPointer<ProofSource::Chain>
-ProofSourceOwt::GetCertChain(const QuicSocketAddress& server_address,
-                             const QuicSocketAddress& client_address,
+::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain>
+ProofSourceOwt::GetCertChain(const ::quic::QuicSocketAddress& server_address,
+                             const ::quic::QuicSocketAddress& client_address,
                              const std::string& hostname,
-			     bool* cert_matched_sni) {
-  std::vector<std::string> certs;
-  certs.push_back("fake cert");
-  return ::quiche::QuicheReferenceCountedPointer<ProofSource::Chain>(
-      new ProofSource::Chain(certs));
+                             bool* cert_matched_sni) {
+  *cert_matched_sni = false;
+  if (!hostname.empty()) {
+    for (const scoped_refptr<net::X509Certificate>& cert : certs_in_file_) {
+      if (cert->VerifyNameMatch(hostname)) {
+        *cert_matched_sni = true;
+        break;
+      }
+    }
+  }
+  return chain_;
 }
 
 void ProofSourceOwt::ComputeTlsSignature(
-    const QuicSocketAddress& server_address,
-    const QuicSocketAddress& client_address,
+    const ::quic::QuicSocketAddress& server_address,
+    const ::quic::QuicSocketAddress& client_address,
     const std::string& hostname,
     uint16_t signature_algorithm,
     absl::string_view in,
     std::unique_ptr<SignatureCallback> callback) {
-  callback->Run(true, "fake signature", nullptr);
+  crypto::OpenSSLErrStackTracer err_tracer(FROM_HERE);
+  bssl::ScopedEVP_MD_CTX sign_context;
+  EVP_PKEY_CTX* pkey_ctx;
+
+  size_t siglen;
+  std::string sig;
+  if (!EVP_DigestSignInit(sign_context.get(), &pkey_ctx, EVP_sha256(), nullptr,
+                          private_key_->private_key()) ||
+      (EVP_PKEY_id(private_key_->private_key()) == EVP_PKEY_RSA &&
+       (!EVP_PKEY_CTX_set_rsa_padding(pkey_ctx, RSA_PKCS1_PSS_PADDING) ||
+        !EVP_PKEY_CTX_set_rsa_pss_saltlen(pkey_ctx, -1))) ||
+      !EVP_DigestSignUpdate(sign_context.get(),
+                            reinterpret_cast<const uint8_t*>(in.data()),
+                            in.size()) ||
+      !EVP_DigestSignFinal(sign_context.get(), nullptr, &siglen)) {
+    callback->Run(false, sig, nullptr);
+    return;
+  }
+  sig.resize(siglen);
+  if (!EVP_DigestSignFinal(
+          sign_context.get(),
+          reinterpret_cast<uint8_t*>(const_cast<char*>(sig.data())), &siglen)) {
+    callback->Run(false, sig, nullptr);
+    return;
+  }
+  sig.resize(siglen);
+
+  callback->Run(true, sig, nullptr);
 }
 
 }  // namespace quic
+}  // namespace owt

quic_transport/sdk/impl/proof_source_owt.h

@@ -19,42 +19,67 @@
 #include "net/cert/x509_certificate.h"
 #include "net/third_party/quiche/src/quiche/quic/core/crypto/proof_source.h"
 
+namespace owt {
 namespace quic {
 
 // ProofSourceOwt could be initialized with a PKCS12 file. OWT conference server
 // stores certificate and key in this format.
-class ProofSourceOwt : public ProofSource {
+class ProofSourceOwt : public ::quic::ProofSource {
  public:
   ProofSourceOwt();
   ~ProofSourceOwt() override;
   ProofSourceOwt& operator=(ProofSourceOwt&) = delete;
 
+  // Initializes this object based on a pfx file.
+  bool Initialize(const base::FilePath& pfx_path, const std::string& password);
+
   // Overrides quic::ProofSource.
-  void GetProof(const QuicSocketAddress& server_address,
-                const QuicSocketAddress& client_address,
+  void GetProof(const ::quic::QuicSocketAddress& server_address,
+                const ::quic::QuicSocketAddress& client_address,
                 const std::string& hostname,
                 const std::string& server_config,
-                QuicTransportVersion quic_version,
+                ::quic::QuicTransportVersion quic_version,
                 absl::string_view chlo_hash,
                 std::unique_ptr<Callback> callback) override;
 
-  ::quiche::QuicheReferenceCountedPointer<ProofSource::Chain> GetCertChain(
-      const QuicSocketAddress& server_address,
-      const QuicSocketAddress& client_address,
+  ::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain> GetCertChain(
+      const ::quic::QuicSocketAddress& server_address,
+      const ::quic::QuicSocketAddress& client_address,
       const std::string& hostname,
       bool* cert_matched_sni) override;
 
   void ComputeTlsSignature(
-      const QuicSocketAddress& server_address,
-      const QuicSocketAddress& client_address,
+      const ::quic::QuicSocketAddress& server_address,
+      const ::quic::QuicSocketAddress& client_address,
       const std::string& hostname,
       uint16_t signature_algorithm,
       absl::string_view in,
       std::unique_ptr<SignatureCallback> callback) override;
 
+  absl::InlinedVector<uint16_t, 8> SupportedTlsSignatureAlgorithms()
+      const override;
+
   TicketCrypter* GetTicketCrypter() override;
+  void SetTicketCrypter(std::unique_ptr<TicketCrypter> ticket_crypter);
+
+ private:
+  bool GetProofInner(
+      const ::quic::QuicSocketAddress& server_ip,
+      const std::string& hostname,
+      const std::string& server_config,
+      ::quic::QuicTransportVersion quic_version,
+      absl::string_view chlo_hash,
+      ::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain>*
+          out_chain,
+      ::quic::QuicCryptoProof* proof);
+
+  std::unique_ptr<::quic::CertificatePrivateKey> private_key_;
+  std::vector<scoped_refptr<net::X509Certificate>> certs_in_file_;
+  ::quiche::QuicheReferenceCountedPointer<::quic::ProofSource::Chain> chain_;
+  std::unique_ptr<::quic::ProofSource::TicketCrypter> ticket_crypter_;
 };
 
 }  // namespace quic
+}  // namespace owt
 
 #endif