apply libquic changes (cont.)

Author: hodduc

go_functions.c

@@ -22,8 +22,8 @@ void DeleteGoSession_C(int64_t go_quic_dispatcher, int64_t go_quic_server_sessio
     DeleteGoSession(go_quic_dispatcher, go_quic_server_session);
 }
 
-int GetProof_C(int64_t go_proof_source, void* server_ip, size_t server_ip_sz, char* hostname, size_t hostname_sz, char* server_config, size_t server_config_sz, int ecdsa_ok, char **out_signature, size_t *out_signature_sz) {
-    return GetProof(go_proof_source, server_ip, server_ip_sz, hostname, hostname_sz, server_config, server_config_sz, ecdsa_ok, out_signature, out_signature_sz);
+int GetProof_C(int64_t go_proof_source, char* server_ip, size_t server_ip_sz, char* hostname, size_t hostname_sz, char* server_config, size_t server_config_sz, int quic_version, char* chlo_hash, size_t chlo_hash_len, int ecdsa_ok, char **out_signature, size_t *out_signature_sz) {
+    return GetProof(go_proof_source, server_ip, server_ip_sz, hostname, hostname_sz, server_config, server_config_sz, quic_version, chlo_hash, chlo_hash_len, ecdsa_ok, out_signature, out_signature_sz);
 }
 
 int64_t CreateIncomingDynamicStream_C(int64_t go_quic_server_session, uint32_t id, void* go_quic_simple_server_stream_go_wrapper) {
@@ -80,8 +80,8 @@ void GoQuicSimpleServerStreamOnClose_C(int64_t go_quic_simple_server_stream) {
     GoQuicSimpleServerStreamOnClose(go_quic_simple_server_stream);
 }
 
-int64_t NewProofVerifyJob_C(int64_t go_proof_verifier, const char* hostname, size_t hostname_len, const char* server_config, size_t server_config_len, const char* cert_sct, size_t cert_sct_len, const char* signature, size_t signature_len) {
-    return NewProofVerifyJob(go_proof_verifier, (void *)hostname, hostname_len, (void *)server_config, server_config_len, (void *)cert_sct, cert_sct_len, (void *)signature, signature_len);
+int64_t NewProofVerifyJob_C(int64_t go_proof_verifier, int quic_version, const char* hostname, size_t hostname_len, const char* server_config, size_t server_config_len, const char* chlo_hash, size_t chlo_hash_len, const char* cert_sct, size_t cert_sct_len, const char* signature, size_t signature_len) {
+    return NewProofVerifyJob(go_proof_verifier, quic_version, (void *)hostname, hostname_len, (void *)server_config, server_config_len, (void *)chlo_hash, chlo_hash_len, (void *)cert_sct, cert_sct_len, (void *)signature, signature_len);
 }
 
 void ProofVerifyJobAddCert_C(int64_t job, const char* cert, size_t cert_len) {

go_functions.h

@@ -9,7 +9,7 @@ void WriteToUDP_C(int64_t go_writer, void* peer_ip, size_t peer_ip_sz, uint16_t
 void WriteToUDPClient_C(int64_t go_writer, void* peer_ip, size_t peer_ip_sz, uint16_t peer_port, void* buffer, size_t buf_len);
 int64_t CreateGoSession_C(int64_t go_quic_dispatcher, void* quic_server_session);
 void DeleteGoSession_C(int64_t go_quic_dispatcher, int64_t go_quic_server_session);
-int GetProof_C(int64_t go_proof_source, void* server_ip, size_t server_ip_sz, char* hostname, size_t hostname_sz, char* server_config, size_t server_config_sz, int ecdsa_ok, char **out_signature, size_t *out_signature_sz);
+int GetProof_C(int64_t go_proof_source, char* server_ip, size_t server_ip_sz, char* hostname, size_t hostname_sz, char* server_config, size_t server_config_sz, int quic_version, char* chlo_hash, size_t chlo_hash_len, int ecdsa_ok, char **out_signature, size_t *out_signature_sz);
 int64_t CreateIncomingDynamicStream_C(int64_t go_quic_server_session, uint32_t id, void* go_quic_simple_server_stream_go_wrapper);
 void UnregisterQuicServerStreamFromSession_C(int64_t go_stream);
 void UnregisterQuicClientStreamFromSession_C(int64_t go_stream);
@@ -28,7 +28,7 @@ void GoQuicSimpleServerStreamOnTrailingHeadersComplete_C(int64_t go_quic_spdy_cl
 void GoQuicSimpleServerStreamOnDataAvailable_C(int64_t go_quic_simple_server_stream, const char *data, uint32_t data_len, int is_closed);
 void GoQuicSimpleServerStreamOnClose_C(int64_t go_quic_simple_server_stream);
 
-int64_t NewProofVerifyJob_C(int64_t go_proof_verifier, const char* hostname, size_t hostname_len, const char* server_config, size_t server_config_len, const char* cert_sct, size_t cert_sct_len, const char* signature, size_t signature_len);
+int64_t NewProofVerifyJob_C(int64_t go_proof_verifier, int quic_version, const char* hostname, size_t hostname_len, const char* server_config, size_t server_config_len, const char* chlo_hash, size_t chlo_hash_len, const char* cert_sct, size_t cert_sct_len, const char* signature, size_t signature_len);
 void ProofVerifyJobAddCert_C(int64_t job, const char* cert, size_t cert_len);
 int ProofVerifyJobVerifyProof_C(int64_t job);
 

proof_source.go

@@ -11,27 +11,34 @@ import (
 	"crypto/rsa"
 	"crypto/tls"
 	"crypto/x509"
+	"encoding/binary"
 	"net"
 	"unsafe"
 )
 
-// Generate "proof of authenticity" (See "Quic Crypto" docs for details)
-// Length of the prefix used to calculate the signature: length of label + 0x00 byte
-const kPrefixStr = "QUIC server config signature"
-const kPrefixLen = len(kPrefixStr) + 1
-
 type ProofSource struct {
 	Certificate   tls.Certificate
 	proofSource_c unsafe.Pointer
 }
 
-func (ps *ProofSource) GetProof(addr net.IP, hostname []byte, serverConfig []byte, ecdsaOk bool) (outSignature []byte) {
+func (ps *ProofSource) GetProof(quicVersion int, addr net.IP, hostname []byte, serverConfig []byte, chloHash []byte, ecdsaOk bool) (outSignature []byte) {
 	var err error = nil
-
-	bufferToSign := bytes.NewBuffer(make([]byte, 0, len(serverConfig)+kPrefixLen))
-	bufferToSign.Write([]byte(kPrefixStr))
-	bufferToSign.Write([]byte("\x00"))
-	bufferToSign.Write(serverConfig)
+	var bufferToSign *bytes.Buffer
+
+	if quicVersion > 30 {
+		bufferToSign = bytes.NewBuffer(nil)
+		bufferToSign.Write(ProofSignatureLabel)
+
+		bs := make([]byte, 4)
+		binary.LittleEndian.PutUint32(bs, uint32(len(chloHash)))
+		bufferToSign.Write(bs)
+		bufferToSign.Write(chloHash)
+		bufferToSign.Write(serverConfig)
+	} else {
+		bufferToSign = bytes.NewBuffer(nil)
+		bufferToSign.Write(ProofSignatureLabelOld)
+		bufferToSign.Write(serverConfig)
+	}
 
 	hasher := crypto.SHA256.New()
 	_, err = hasher.Write(bufferToSign.Bytes())
@@ -86,15 +93,23 @@ func NewProofSource(cert tls.Certificate) *ProofSource {
 }
 
 //export GetProof
-func GetProof(proof_source_key int64, server_ip_c unsafe.Pointer, server_ip_sz C.size_t, hostname_c unsafe.Pointer, hostname_sz_c C.size_t, server_config_c unsafe.Pointer, server_config_sz_c C.size_t, ecdsa_ok_c C.int, out_signature_c **C.char, out_signature_sz_c *C.size_t) C.int {
+func GetProof(proof_source_key int64,
+	server_ip_c unsafe.Pointer, server_ip_sz C.size_t,
+	hostname_c unsafe.Pointer, hostname_sz_c C.size_t,
+	server_config_c unsafe.Pointer, server_config_sz_c C.size_t,
+	quicVersion int,
+	chlo_hash_c unsafe.Pointer, chlo_hash_sz C.size_t,
+	ecdsa_ok_c C.int, out_signature_c **C.char, out_signature_sz_c *C.size_t) C.int {
+
 	proofSource := proofSourcePtr.Get(proof_source_key)
 
 	serverIp := net.IP(C.GoBytes(server_ip_c, C.int(server_ip_sz)))
 	hostname := C.GoBytes(hostname_c, C.int(hostname_sz_c))
 	serverConfig := C.GoBytes(server_config_c, C.int(server_config_sz_c))
+	chloHash := C.GoBytes(chlo_hash_c, C.int(chlo_hash_sz))
 	ecdsaOk := int(ecdsa_ok_c) > 0
 
-	sig := proofSource.GetProof(serverIp, hostname, serverConfig, ecdsaOk)
+	sig := proofSource.GetProof(quicVersion, serverIp, hostname, serverConfig, chloHash, ecdsaOk)
 
 	*out_signature_c = C.CString(string(sig)) // Must free C string
 	*out_signature_sz_c = C.size_t(len(sig))

proof_verifier.go

@@ -8,6 +8,7 @@ import (
 	"crypto/rsa"
 	"crypto/sha256"
 	"crypto/x509"
+	"encoding/binary"
 	"errors"
 	"log"
 	"unsafe"
@@ -19,8 +20,11 @@ type ProofVerifier struct {
 }
 
 type ProofVerifyJob struct {
+	quicVersion int
+
 	hostname     []byte
 	serverConfig []byte
+	chloHash     []byte
 	certSct      []byte
 	signature    []byte
 	certs        [][]byte
@@ -32,14 +36,27 @@ func CreateProofVerifier() *ProofVerifier {
 	}
 }
 
-var ProofSignatureLabel = []byte{'Q', 'U', 'I', 'C', ' ', 's', 'e', 'r', 'v', 'e', 'r', ' ', 'c', 'o', 'n', 'f', 'i', 'g', ' ', 's', 'i', 'g', 'n', 'a', 't', 'u', 'r', 'e', 0x00}
+// Generate "proof of authenticity" (See "Quic Crypto" docs for details)
+// Length of the prefix used to calculate the signature: length of label + 0x00 byte
+var ProofSignatureLabelOld = []byte{'Q', 'U', 'I', 'C', ' ', 's', 'e', 'r', 'v', 'e', 'r', ' ', 'c', 'o', 'n', 'f', 'i', 'g', ' ', 's', 'i', 'g', 'n', 'a', 't', 'u', 'r', 'e', 0x00}
+var ProofSignatureLabel = []byte{'Q', 'U', 'I', 'C', ' ', 'C', 'H', 'L', 'O', ' ', 'a', 'n', 'd', ' ', 's', 'e', 'r', 'v', 'e', 'r', ' ', 'c', 'o', 'n', 'f', 'i', 'g', ' ', 's', 'i', 'g', 'n', 'a', 't', 'u', 'r', 'e', 0x00}
 
 func (job *ProofVerifyJob) CheckSignature(cert *x509.Certificate) error {
 	switch pub := cert.PublicKey.(type) {
 	case *rsa.PublicKey:
 		// cert.CheckSignature() uses PKCS1v15, not PSS. So we cannot use that on RSA
 		h := sha256.New()
-		h.Write(ProofSignatureLabel)
+
+		if job.quicVersion > 30 {
+			h.Write(ProofSignatureLabel)
+
+			bs := make([]byte, 4)
+			binary.LittleEndian.PutUint32(bs, uint32(len(job.chloHash)))
+			h.Write(bs)
+			h.Write(job.chloHash)
+		} else {
+			h.Write(ProofSignatureLabelOld)
+		}
 		h.Write(job.serverConfig)
 
 		if err := rsa.VerifyPSS(pub, crypto.SHA256, h.Sum(nil), job.signature, nil); err != nil {
@@ -102,17 +119,20 @@ func (job *ProofVerifyJob) Verify() bool {
 }
 
 //export NewProofVerifyJob
-func NewProofVerifyJob(proof_verifier_key int64,
+func NewProofVerifyJob(proof_verifier_key int64, quicVersion int,
 	hostname_c unsafe.Pointer, hostname_sz C.size_t,
 	server_config_c unsafe.Pointer, server_config_sz C.size_t,
+	chlo_hash_c unsafe.Pointer, chlo_hash_sz C.size_t,
 	cert_sct_c unsafe.Pointer, cert_sct_sz C.size_t,
 	signature_c unsafe.Pointer, signature_sz C.size_t) int64 {
 
 	proofVerifier := proofVerifierPtr.Get(proof_verifier_key)
 
 	job := &ProofVerifyJob{
+		quicVersion:  quicVersion,
 		hostname:     C.GoBytes(hostname_c, C.int(hostname_sz)),
 		serverConfig: C.GoBytes(server_config_c, C.int(server_config_sz)),
+		chloHash:     C.GoBytes(chlo_hash_c, C.int(chlo_hash_sz)),
 		certSct:      C.GoBytes(cert_sct_c, C.int(cert_sct_sz)),
 		signature:    C.GoBytes(signature_c, C.int(signature_sz)),
 		certs:        make([][]byte, 0),

src/adaptor.cc

@@ -145,6 +145,7 @@ QuicCryptoServerConfig* init_crypto_config(
   crypto_config->set_strike_register_no_startup_period();
   net::EphemeralKeySource* keySource = new GoEphemeralKeySource();
   crypto_config->SetEphemeralKeySource(keySource);
+  crypto_config->set_replay_protection(false);  // TODO(hodduc): Create strike-register client and turn on replay protection again
 
   QuicClock* clock = new QuicClock();  // XXX: Not deleted.
 

src/go_proof_verifier.cc

@@ -39,13 +39,16 @@ QuicAsyncStatus GoProofVerifier::VerifyProof(
     return QUIC_FAILURE;
   }
 
+  auto chlo_hash_str = chlo_hash.as_string();
+
   // Convery certs to X509Certificate.
   GoPtr job = NewProofVerifyJob_C(
-      go_proof_verifier_, (char*)(hostname.c_str()),
-      (size_t)(hostname.length()), (char*)(server_config.c_str()),
-      (size_t)(server_config.length()), (char*)(cert_sct.c_str()),
-      (size_t)(cert_sct.length()), (char*)(signature.c_str()),
-      (size_t)(signature.length()));
+      go_proof_verifier_, (int)(quic_version),
+      (char*)(hostname.c_str()), (size_t)(hostname.length()),
+      (char*)(server_config.c_str()), (size_t)(server_config.length()),
+      (char*)(chlo_hash_str.c_str()), (size_t)(chlo_hash_str.length()),
+      (char*)(cert_sct.c_str()), (size_t)(cert_sct.length()),
+      (char*)(signature.c_str()), (size_t)(signature.length()));
 
   for (auto it = certs.begin(); it != certs.end(); it++) {
     ProofVerifyJobAddCert_C(job, (char*)it->c_str(), (size_t)it->length());

src/proof_source_goquic.cc

@@ -35,16 +35,15 @@ bool ProofSourceGoquic::GetProof(const net::IPAddress& server_ip,
   char* c_out_signature;
   size_t c_out_signature_sz;
 
-  if (quic_version > QUIC_VERSION_30) {
-    //TODO(hodduc): QUIC_VERSION_31 support
-    return false;
-  }
-
   auto server_ip_bytes = server_ip.bytes();
+  auto chlo_hash_str = chlo_hash.as_string();
+
   int ret = GetProof_C(go_proof_source_,
                        reinterpret_cast<char*>(server_ip_bytes.data()), server_ip_bytes.size(),
                        (char*)hostname.c_str(), (size_t)hostname.length(),
                        (char*)server_config.c_str(), (size_t)server_config.length(),
+                       (int)quic_version,
+                       (char*)chlo_hash_str.c_str(), (size_t)chlo_hash_str.length(),
                        ecdsa_ok,
                        &c_out_signature, &c_out_signature_sz);