envoyproxy · ggreenway · Aug 7, 2020 · Jul 1, 2020 · Jul 2, 2020 · Jul 3, 2020
diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD
@@ -62,12 +62,16 @@ envoy_cc_library(
 )
 
 envoy_cc_library(
-    name = "envoy_quic_fake_proof_source_lib",
-    hdrs = ["envoy_quic_fake_proof_source.h"],
+    name = "envoy_quic_proof_source_base_lib",
+    srcs = ["envoy_quic_proof_source_base.cc"],
+    hdrs = ["envoy_quic_proof_source_base.h"],
     external_deps = ["quiche_quic_platform"],
     tags = ["nofips"],
     deps = [
+        "@com_googlesource_quiche//:quic_core_crypto_certificate_view_lib",
+        "@com_googlesource_quiche//:quic_core_crypto_crypto_handshake_lib",
         "@com_googlesource_quiche//:quic_core_crypto_proof_source_interface_lib",
+        "@com_googlesource_quiche//:quic_core_data_lib",
         "@com_googlesource_quiche//:quic_core_versions_lib",
     ],
 )
@@ -79,7 +83,7 @@ envoy_cc_library(
     external_deps = ["ssl"],
     tags = ["nofips"],
     deps = [
-        ":envoy_quic_fake_proof_source_lib",
+        ":envoy_quic_proof_source_base_lib",
         ":envoy_quic_utils_lib",
         ":quic_io_handle_wrapper_lib",
         ":quic_transport_socket_factory_lib",
@@ -91,16 +95,30 @@ envoy_cc_library(
 )
 
 envoy_cc_library(
-    name = "envoy_quic_proof_verifier_lib",
-    hdrs = ["envoy_quic_fake_proof_verifier.h"],
+    name = "envoy_quic_proof_verifier_base_lib",
+    srcs = ["envoy_quic_proof_verifier_base.cc"],
+    hdrs = ["envoy_quic_proof_verifier_base.h"],
     external_deps = ["quiche_quic_platform"],
     tags = ["nofips"],
     deps = [
+        "@com_googlesource_quiche//:quic_core_crypto_certificate_view_lib",
         "@com_googlesource_quiche//:quic_core_crypto_crypto_handshake_lib",
         "@com_googlesource_quiche//:quic_core_versions_lib",
     ],
 )
 
+envoy_cc_library(
+    name = "envoy_quic_proof_verifier_lib",
+    srcs = ["envoy_quic_proof_verifier.cc"],
+    hdrs = ["envoy_quic_proof_verifier.h"],
+    external_deps = ["quiche_quic_platform"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_proof_verifier_base_lib",
+        "//source/extensions/transport_sockets/tls:context_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "spdy_server_push_utils_for_envoy_lib",
     srcs = ["spdy_server_push_utils_for_envoy.cc"],

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_fake_proof_verifier.h b/source/extensions/quic_listeners/quiche/envoy_quic_fake_proof_verifier.h
diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.h b/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.h
@@ -2,13 +2,14 @@
 
 #include "server/connection_handler_impl.h"
 
-#include "extensions/quic_listeners/quiche/envoy_quic_fake_proof_source.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_source_base.h"
 #include "extensions/quic_listeners/quiche/quic_transport_socket_factory.h"
 
 namespace Envoy {
 namespace Quic {
 
-class EnvoyQuicProofSource : public EnvoyQuicFakeProofSource,
+// A ProofSource implementation which supplies a proof instance with certs from filter chain.
+class EnvoyQuicProofSource : public EnvoyQuicProofSourceBase,
                              protected Logger::Loggable<Logger::Id::quic> {
 public:
   EnvoyQuicProofSource(Network::Socket& listen_socket,
@@ -19,6 +20,7 @@ class EnvoyQuicProofSource : public EnvoyQuicFakeProofSource,
 
   ~EnvoyQuicProofSource() override = default;
 
+  // quic::ProofSource
   quic::QuicReferenceCountedPointer<quic::ProofSource::Chain>
   GetCertChain(const quic::QuicSocketAddress& server_address,
                const quic::QuicSocketAddress& client_address, const std::string& hostname) override;

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_source_base.cc b/source/extensions/quic_listeners/quiche/envoy_quic_proof_source_base.cc
@@ -0,0 +1,47 @@
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_source_base.h"
+
+#pragma GCC diagnostic push
+
+// QUICHE allows unused parameters.
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#include "quiche/quic/core/quic_data_writer.h"
+
+#pragma GCC diagnostic pop
+
+namespace Envoy {
+namespace Quic {
+
+void EnvoyQuicProofSourceBase::GetProof(const quic::QuicSocketAddress& server_address,
+                                        const quic::QuicSocketAddress& client_address,
+                                        const std::string& hostname,
+                                        const std::string& server_config,
+                                        quic::QuicTransportVersion /*transport_version*/,
+                                        quiche::QuicheStringPiece chlo_hash,
+                                        std::unique_ptr<quic::ProofSource::Callback> callback) {
+  quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain =
+      GetCertChain(server_address, client_address, hostname);
+
+  size_t payload_size = sizeof(quic::kProofSignatureLabel) + sizeof(uint32_t) + chlo_hash.size() +
+                        server_config.size();
+  auto payload = std::make_unique<char[]>(payload_size);
+  quic::QuicDataWriter payload_writer(payload_size, payload.get(),
+                                      quiche::Endianness::HOST_BYTE_ORDER);
+  bool success =
+      payload_writer.WriteBytes(quic::kProofSignatureLabel, sizeof(quic::kProofSignatureLabel)) &&
+      payload_writer.WriteUInt32(chlo_hash.size()) && payload_writer.WriteStringPiece(chlo_hash) &&
+      payload_writer.WriteStringPiece(server_config);
+  if (!success) {
+    quic::QuicCryptoProof proof;
+    callback->Run(/*ok=*/false, nullptr, proof, nullptr);
+    return;
+  }
+
+  // TODO(danzh) Get the signature algorithm from leaf cert.
+  auto signature_callback = std::make_unique<SignatureCallback>(std::move(callback), chain);
+  ComputeTlsSignature(server_address, client_address, hostname, SSL_SIGN_RSA_PSS_RSAE_SHA256,
+                      quiche::QuicheStringPiece(payload.get(), payload_size),
+                      std::move(signature_callback));
+}
+
+} // namespace Quic
+} // namespace Envoy
diff --git a/...ers/quiche/envoy_quic_fake_proof_source.h → ...ers/quiche/envoy_quic_proof_source_base.h b/...ers/quiche/envoy_quic_fake_proof_source.h → ...ers/quiche/envoy_quic_proof_source_base.h
@@ -12,14 +12,15 @@
 #pragma GCC diagnostic ignored "-Wunused-parameter"
 #include "quiche/quic/core/crypto/proof_source.h"
 #include "quiche/quic/core/quic_versions.h"
-
+#include "quiche/quic/core/crypto/crypto_protocol.h"
+#include "quiche/quic/platform/api/quic_reference_counted.h"
+#include "quiche/quic/platform/api/quic_socket_address.h"
+#include "quiche/common/platform/api/quiche_string_piece.h"
 #pragma GCC diagnostic pop
 
 #include "openssl/ssl.h"
 #include "envoy/network/filter.h"
-#include "quiche/quic/platform/api/quic_reference_counted.h"
-#include "quiche/quic/platform/api/quic_socket_address.h"
-#include "quiche/common/platform/api/quiche_string_piece.h"
+#include "server/backtrace.h"
 
 namespace Envoy {
 namespace Quic {
@@ -38,28 +39,19 @@ class EnvoyQuicProofSourceDetails : public quic::ProofSource::Details {
   const Network::FilterChain& filter_chain_;
 };
 
-// A fake implementation of quic::ProofSource which uses RSA cipher suite to sign in GetProof().
-// TODO(danzh) Rename it to EnvoyQuicProofSource once it's fully implemented.
-class EnvoyQuicFakeProofSource : public quic::ProofSource {
+// A partial implementation of quic::ProofSource which uses RSA cipher suite to sign in GetProof().
+class EnvoyQuicProofSourceBase : public quic::ProofSource {
 public:
-  ~EnvoyQuicFakeProofSource() override = default;
+  ~EnvoyQuicProofSourceBase() override = default;
 
   // quic::ProofSource
   // Returns a certs chain and its fake SCT "Fake timestamp" and TLS signature wrapped
   // in QuicCryptoProof.
   void GetProof(const quic::QuicSocketAddress& server_address,
                 const quic::QuicSocketAddress& client_address, const std::string& hostname,
                 const std::string& server_config, quic::QuicTransportVersion /*transport_version*/,
-                quiche::QuicheStringPiece /*chlo_hash*/,
-                std::unique_ptr<quic::ProofSource::Callback> callback) override {
-    quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain =
-        GetCertChain(server_address, client_address, hostname);
-    quic::QuicCryptoProof proof;
-    // TODO(danzh) Get the signature algorithm from leaf cert.
-    auto signature_callback = std::make_unique<SignatureCallback>(std::move(callback), chain);
-    ComputeTlsSignature(server_address, client_address, hostname, SSL_SIGN_RSA_PSS_RSAE_SHA256,
-                        server_config, std::move(signature_callback));
-  }
+                quiche::QuicheStringPiece chlo_hash,
+                std::unique_ptr<quic::ProofSource::Callback> callback) override;
 
   TicketCrypter* GetTicketCrypter() override { return nullptr; }
 

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.cc b/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.cc
@@ -0,0 +1,78 @@
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_verifier.h"
+
+#include "quiche/quic/core/crypto/certificate_view.h"
+
+namespace Envoy {
+namespace Quic {
+
+static X509* parseDERCertificate(const std::string& der_bytes, std::string* error_details) {
+  const uint8_t* data;
+  const uint8_t* orig_data;
+  orig_data = data = reinterpret_cast<const uint8_t*>(der_bytes.data());
+  bssl::UniquePtr<X509> cert(d2i_X509(nullptr, &data, der_bytes.size()));
+  if (!cert.get()) {
+    *error_details = "d2i_X509";
+    return nullptr;
+  }
+  if (data < orig_data || static_cast<size_t>(data - orig_data) != der_bytes.size()) {
+    // Trailing garbage.
+    return nullptr;
+  }
+  return cert.release();
+}
+
+quic::QuicAsyncStatus EnvoyQuicProofVerifier::VerifyCertChain(
+    const std::string& hostname, const uint16_t /*port*/, const std::vector<std::string>& certs,
+    const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
+    const quic::ProofVerifyContext* /*context*/, std::string* error_details,
+    std::unique_ptr<quic::ProofVerifyDetails>* /*details*/,
+    std::unique_ptr<quic::ProofVerifierCallback> /*callback*/) {
+  if (certs.empty()) {
+    return quic::QUIC_FAILURE;
+  }
+  bssl::UniquePtr<STACK_OF(X509)> intermediates(sk_X509_new_null());
+  bssl::UniquePtr<X509> leaf;
+  for (size_t i = 0; i < certs.size(); i++) {
+    X509* cert = parseDERCertificate(certs[i], error_details);
+    if (!cert) {
+      return quic::QUIC_FAILURE;
+    }
+    if (i == 0) {
+      leaf.reset(cert);
+    } else {
+      sk_X509_push(intermediates.get(), cert);
+    }
+  }
+
+  bssl::UniquePtr<X509_STORE_CTX> ctx(X509_STORE_CTX_new());
+  // It doesn't matter which SSL context is used, because they share the same
+  // cert validation config.
+  X509_STORE* store = SSL_CTX_get_cert_store(context_impl_.chooseSslContexts());
+  if (!X509_STORE_CTX_init(ctx.get(), store, leaf.get(), intermediates.get())) {
+    *error_details = "Failed to verify certificate chain: X509_STORE_CTX_init";
+    return quic::QUIC_FAILURE;
+  }
+
+  int res = context_impl_.doVerifyCertChain(ctx.get(), nullptr, std::move(leaf), nullptr);
+  if (res <= 0) {
+    const int n = X509_STORE_CTX_get_error(ctx.get());
+    const int depth = X509_STORE_CTX_get_error_depth(ctx.get());
+    *error_details = absl::StrCat("X509_verify_cert: certificate verification error at depth ",
+                                  depth, ": ", X509_verify_cert_error_string(n));
+    return quic::QUIC_FAILURE;
+  }
+
+  std::unique_ptr<quic::CertificateView> cert_view =
+      quic::CertificateView::ParseSingleCertificate(certs[0]);
+  ASSERT(cert_view != nullptr);
+  for (const absl::string_view config_san : cert_view->subject_alt_name_domains()) {
+    if (config_san == hostname) {
+      return quic::QUIC_SUCCESS;
+    }
+  }
+  *error_details = absl::StrCat("Leaf certificate doesn't match hostname: ", hostname);
+  return quic::QUIC_FAILURE;
+}
+
+} // namespace Quic
+} // namespace Envoy
diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.h b/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.h
@@ -0,0 +1,30 @@
+#pragma once
+
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_verifier_base.h"
+#include "extensions/transport_sockets/tls/context_impl.h"
+
+namespace Envoy {
+namespace Quic {
+
+// A quic::ProofVerifier implementation which verifies cert chain using SSL
+// client context config.
+class EnvoyQuicProofVerifier : public EnvoyQuicProofVerifierBase {
+public:
+  EnvoyQuicProofVerifier(Stats::Scope& scope, const Envoy::Ssl::ClientContextConfig& config,
+                         TimeSource& time_source)
+      : context_impl_(scope, config, time_source) {}
+
+  // EnvoyQuicProofVerifierBase
+  quic::QuicAsyncStatus
+  VerifyCertChain(const std::string& hostname, const uint16_t port,
+                  const std::vector<std::string>& certs, const std::string& ocsp_response,
+                  const std::string& cert_sct, const quic::ProofVerifyContext* context,
+                  std::string* error_details, std::unique_ptr<quic::ProofVerifyDetails>* details,
+                  std::unique_ptr<quic::ProofVerifierCallback> callback) override;
+
+private:
+  Extensions::TransportSockets::Tls::ClientContextImpl context_impl_;
+};
+
+} // namespace Quic
+} // namespace Envoy