envoyproxy · ggreenway · Aug 7, 2020 · Jul 1, 2020 · Jul 2, 2020 · Jul 3, 2020
diff --git a/source/extensions/quic_listeners/quiche/BUILD b/source/extensions/quic_listeners/quiche/BUILD
@@ -62,12 +62,17 @@ envoy_cc_library(
 )
 
 envoy_cc_library(
-    name = "envoy_quic_fake_proof_source_lib",
-    hdrs = ["envoy_quic_fake_proof_source.h"],
+    name = "envoy_quic_proof_source_base_lib",
+    srcs = ["envoy_quic_proof_source_base.cc"],
+    hdrs = ["envoy_quic_proof_source_base.h"],
     external_deps = ["quiche_quic_platform"],
     tags = ["nofips"],
     deps = [
+        ":envoy_quic_utils_lib",
+        "@com_googlesource_quiche//:quic_core_crypto_certificate_view_lib",
+        "@com_googlesource_quiche//:quic_core_crypto_crypto_handshake_lib",
         "@com_googlesource_quiche//:quic_core_crypto_proof_source_interface_lib",
+        "@com_googlesource_quiche//:quic_core_data_lib",
         "@com_googlesource_quiche//:quic_core_versions_lib",
     ],
 )
@@ -79,7 +84,7 @@ envoy_cc_library(
     external_deps = ["ssl"],
     tags = ["nofips"],
     deps = [
-        ":envoy_quic_fake_proof_source_lib",
+        ":envoy_quic_proof_source_base_lib",
         ":envoy_quic_utils_lib",
         ":quic_io_handle_wrapper_lib",
         ":quic_transport_socket_factory_lib",
@@ -91,16 +96,32 @@ envoy_cc_library(
 )
 
 envoy_cc_library(
-    name = "envoy_quic_proof_verifier_lib",
-    hdrs = ["envoy_quic_fake_proof_verifier.h"],
+    name = "envoy_quic_proof_verifier_base_lib",
+    srcs = ["envoy_quic_proof_verifier_base.cc"],
+    hdrs = ["envoy_quic_proof_verifier_base.h"],
     external_deps = ["quiche_quic_platform"],
     tags = ["nofips"],
     deps = [
+        ":envoy_quic_utils_lib",
+        "@com_googlesource_quiche//:quic_core_crypto_certificate_view_lib",
         "@com_googlesource_quiche//:quic_core_crypto_crypto_handshake_lib",
         "@com_googlesource_quiche//:quic_core_versions_lib",
     ],
 )
 
+envoy_cc_library(
+    name = "envoy_quic_proof_verifier_lib",
+    srcs = ["envoy_quic_proof_verifier.cc"],
+    hdrs = ["envoy_quic_proof_verifier.h"],
+    external_deps = ["quiche_quic_platform"],
+    tags = ["nofips"],
+    deps = [
+        ":envoy_quic_proof_verifier_base_lib",
+        ":envoy_quic_utils_lib",
+        "//source/extensions/transport_sockets/tls:context_lib",
+    ],
+)
+
 envoy_cc_library(
     name = "spdy_server_push_utils_for_envoy_lib",
     srcs = ["spdy_server_push_utils_for_envoy.cc"],
@@ -317,7 +338,10 @@ envoy_cc_library(
     name = "envoy_quic_utils_lib",
     srcs = ["envoy_quic_utils.cc"],
     hdrs = ["envoy_quic_utils.h"],
-    external_deps = ["quiche_quic_platform"],
+    external_deps = [
+        "quiche_quic_platform",
+        "ssl",
+    ],
     tags = ["nofips"],
     deps = [
         "//include/envoy/http:codec_interface",

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_fake_proof_verifier.h b/source/extensions/quic_listeners/quiche/envoy_quic_fake_proof_verifier.h
diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.cc b/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.cc
@@ -40,7 +40,7 @@ EnvoyQuicProofSource::GetCertChain(const quic::QuicSocketAddress& server_address
       new quic::ProofSource::Chain(chain));
 }
 
-void EnvoyQuicProofSource::ComputeTlsSignature(
+void EnvoyQuicProofSource::signPayload(
     const quic::QuicSocketAddress& server_address, const quic::QuicSocketAddress& client_address,
     const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in,
     std::unique_ptr<quic::ProofSource::SignatureCallback> callback) {

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.h b/source/extensions/quic_listeners/quiche/envoy_quic_proof_source.h
@@ -2,14 +2,14 @@
 
 #include "server/connection_handler_impl.h"
 
-#include "extensions/quic_listeners/quiche/envoy_quic_fake_proof_source.h"
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_source_base.h"
 #include "extensions/quic_listeners/quiche/quic_transport_socket_factory.h"
 
 namespace Envoy {
 namespace Quic {
 
-class EnvoyQuicProofSource : public EnvoyQuicFakeProofSource,
-                             protected Logger::Loggable<Logger::Id::quic> {
+// A ProofSource implementation which supplies a proof instance with certs from filter chain.
+class EnvoyQuicProofSource : public EnvoyQuicProofSourceBase {
 public:
   EnvoyQuicProofSource(Network::Socket& listen_socket,
                        Network::FilterChainManager& filter_chain_manager,
@@ -19,14 +19,17 @@ class EnvoyQuicProofSource : public EnvoyQuicFakeProofSource,
 
   ~EnvoyQuicProofSource() override = default;
 
+  // quic::ProofSource
   quic::QuicReferenceCountedPointer<quic::ProofSource::Chain>
   GetCertChain(const quic::QuicSocketAddress& server_address,
                const quic::QuicSocketAddress& client_address, const std::string& hostname) override;
-  void ComputeTlsSignature(const quic::QuicSocketAddress& server_address,
-                           const quic::QuicSocketAddress& client_address,
-                           const std::string& hostname, uint16_t signature_algorithm,
-                           quiche::QuicheStringPiece in,
-                           std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
+
+protected:
+  // quic::ProofSource
+  void signPayload(const quic::QuicSocketAddress& server_address,
+                   const quic::QuicSocketAddress& client_address, const std::string& hostname,
+                   uint16_t signature_algorithm, quiche::QuicheStringPiece in,
+                   std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
 
 private:
   struct CertConfigWithFilterChain {

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_source_base.cc b/source/extensions/quic_listeners/quiche/envoy_quic_proof_source_base.cc
@@ -0,0 +1,76 @@
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_source_base.h"
+
+#pragma GCC diagnostic push
+
+// QUICHE allows unused parameters.
+#pragma GCC diagnostic ignored "-Wunused-parameter"
+#include "quiche/quic/core/quic_data_writer.h"
+
+#pragma GCC diagnostic pop
+
+#include "extensions/quic_listeners/quiche/envoy_quic_utils.h"
+
+namespace Envoy {
+namespace Quic {
+
+void EnvoyQuicProofSourceBase::GetProof(const quic::QuicSocketAddress& server_address,
+                                        const quic::QuicSocketAddress& client_address,
+                                        const std::string& hostname,
+                                        const std::string& server_config,
+                                        quic::QuicTransportVersion /*transport_version*/,
+                                        quiche::QuicheStringPiece chlo_hash,
+                                        std::unique_ptr<quic::ProofSource::Callback> callback) {
+  quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain =
+      GetCertChain(server_address, client_address, hostname);
+
+  size_t payload_size = sizeof(quic::kProofSignatureLabel) + sizeof(uint32_t) + chlo_hash.size() +
+                        server_config.size();
+  auto payload = std::make_unique<char[]>(payload_size);
+  quic::QuicDataWriter payload_writer(payload_size, payload.get(),
+                                      quiche::Endianness::HOST_BYTE_ORDER);
+  bool success =
+      payload_writer.WriteBytes(quic::kProofSignatureLabel, sizeof(quic::kProofSignatureLabel)) &&
+      payload_writer.WriteUInt32(chlo_hash.size()) && payload_writer.WriteStringPiece(chlo_hash) &&
+      payload_writer.WriteStringPiece(server_config);
+  if (!success) {
+    quic::QuicCryptoProof proof;
+    callback->Run(/*ok=*/false, nullptr, proof, nullptr);
+    return;
+  }
+
+  std::string error_details;
+  bssl::UniquePtr<X509> cert = parseDERCertificate(chain->certs[0], &error_details);
+  if (cert == nullptr) {
+    ENVOY_LOG(warn, absl::StrCat("Invalid leaf cert: ", error_details));
+    quic::QuicCryptoProof proof;
+    callback->Run(/*ok=*/false, nullptr, proof, nullptr);
+    return;
+  }
+
+  bssl::UniquePtr<EVP_PKEY> pub_key(X509_get_pubkey(cert.get()));
+  int sign_alg = deduceSignatureAlgorithmFromPublicKey(pub_key.get(), &error_details);
+  if (sign_alg == 0) {
+    ENVOY_LOG(warn, absl::StrCat("Failed to deduce signature algorithm from public key: ",
+                                 error_details));
+    quic::QuicCryptoProof proof;
+    callback->Run(/*ok=*/false, nullptr, proof, nullptr);
+    return;
+  }
+
+  auto signature_callback = std::make_unique<SignatureCallback>(std::move(callback), chain);
+
+  signPayload(server_address, client_address, hostname, sign_alg,
+              quiche::QuicheStringPiece(payload.get(), payload_size),
+              std::move(signature_callback));
+}
+
+void EnvoyQuicProofSourceBase::ComputeTlsSignature(
+    const quic::QuicSocketAddress& server_address, const quic::QuicSocketAddress& client_address,
+    const std::string& hostname, uint16_t signature_algorithm, quiche::QuicheStringPiece in,
+    std::unique_ptr<quic::ProofSource::SignatureCallback> callback) {
+  signPayload(server_address, client_address, hostname, signature_algorithm, in,
+              std::move(callback));
+}
+
+} // namespace Quic
+} // namespace Envoy
diff --git a/...ers/quiche/envoy_quic_fake_proof_source.h → ...ers/quiche/envoy_quic_proof_source_base.h b/...ers/quiche/envoy_quic_fake_proof_source.h → ...ers/quiche/envoy_quic_proof_source_base.h
@@ -12,14 +12,16 @@
 #pragma GCC diagnostic ignored "-Wunused-parameter"
 #include "quiche/quic/core/crypto/proof_source.h"
 #include "quiche/quic/core/quic_versions.h"
-
+#include "quiche/quic/core/crypto/crypto_protocol.h"
+#include "quiche/quic/platform/api/quic_reference_counted.h"
+#include "quiche/quic/platform/api/quic_socket_address.h"
+#include "quiche/common/platform/api/quiche_string_piece.h"
 #pragma GCC diagnostic pop
 
 #include "openssl/ssl.h"
 #include "envoy/network/filter.h"
-#include "quiche/quic/platform/api/quic_reference_counted.h"
-#include "quiche/quic/platform/api/quic_socket_address.h"
-#include "quiche/common/platform/api/quiche_string_piece.h"
+#include "server/backtrace.h"
+#include "common/common/logger.h"
 
 namespace Envoy {
 namespace Quic {
@@ -38,31 +40,36 @@ class EnvoyQuicProofSourceDetails : public quic::ProofSource::Details {
   const Network::FilterChain& filter_chain_;
 };
 
-// A fake implementation of quic::ProofSource which uses RSA cipher suite to sign in GetProof().
-// TODO(danzh) Rename it to EnvoyQuicProofSource once it's fully implemented.
-class EnvoyQuicFakeProofSource : public quic::ProofSource {
+// A partial implementation of quic::ProofSource which uses RSA cipher suite to sign in GetProof().
+class EnvoyQuicProofSourceBase : public quic::ProofSource,
+                                 protected Logger::Loggable<Logger::Id::quic> {
 public:
-  ~EnvoyQuicFakeProofSource() override = default;
+  ~EnvoyQuicProofSourceBase() override = default;
 
   // quic::ProofSource
   // Returns a certs chain and its fake SCT "Fake timestamp" and TLS signature wrapped
   // in QuicCryptoProof.
   void GetProof(const quic::QuicSocketAddress& server_address,
                 const quic::QuicSocketAddress& client_address, const std::string& hostname,
                 const std::string& server_config, quic::QuicTransportVersion /*transport_version*/,
-                quiche::QuicheStringPiece /*chlo_hash*/,
-                std::unique_ptr<quic::ProofSource::Callback> callback) override {
-    quic::QuicReferenceCountedPointer<quic::ProofSource::Chain> chain =
-        GetCertChain(server_address, client_address, hostname);
-    quic::QuicCryptoProof proof;
-    // TODO(danzh) Get the signature algorithm from leaf cert.
-    auto signature_callback = std::make_unique<SignatureCallback>(std::move(callback), chain);
-    ComputeTlsSignature(server_address, client_address, hostname, SSL_SIGN_RSA_PSS_RSAE_SHA256,
-                        server_config, std::move(signature_callback));
-  }
+                quiche::QuicheStringPiece chlo_hash,
+                std::unique_ptr<quic::ProofSource::Callback> callback) override;
 
   TicketCrypter* GetTicketCrypter() override { return nullptr; }
 
+  void ComputeTlsSignature(const quic::QuicSocketAddress& server_address,
+                           const quic::QuicSocketAddress& client_address,
+                           const std::string& hostname, uint16_t signature_algorithm,
+                           quiche::QuicheStringPiece in,
+                           std::unique_ptr<quic::ProofSource::SignatureCallback> callback) override;
+
+protected:
+  virtual void signPayload(const quic::QuicSocketAddress& server_address,
+                           const quic::QuicSocketAddress& client_address,
+                           const std::string& hostname, uint16_t signature_algorithm,
+                           quiche::QuicheStringPiece in,
+                           std::unique_ptr<quic::ProofSource::SignatureCallback> callback) = 0;
+
 private:
   // Used by GetProof() to get signature.
   class SignatureCallback : public quic::ProofSource::SignatureCallback {

diff --git a/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.cc b/source/extensions/quic_listeners/quiche/envoy_quic_proof_verifier.cc
@@ -0,0 +1,50 @@
+#include "extensions/quic_listeners/quiche/envoy_quic_proof_verifier.h"
+
+#include "extensions/quic_listeners/quiche/envoy_quic_utils.h"
+
+#include "quiche/quic/core/crypto/certificate_view.h"
+
+namespace Envoy {
+namespace Quic {
+
+quic::QuicAsyncStatus EnvoyQuicProofVerifier::VerifyCertChain(
+    const std::string& hostname, const uint16_t /*port*/, const std::vector<std::string>& certs,
+    const std::string& /*ocsp_response*/, const std::string& /*cert_sct*/,
+    const quic::ProofVerifyContext* /*context*/, std::string* error_details,
+    std::unique_ptr<quic::ProofVerifyDetails>* /*details*/,
+    std::unique_ptr<quic::ProofVerifierCallback> /*callback*/) {
+  if (certs.empty()) {
+    return quic::QUIC_FAILURE;
+  }
+  bssl::UniquePtr<STACK_OF(X509)> intermediates(sk_X509_new_null());
+  bssl::UniquePtr<X509> leaf;
+  for (size_t i = 0; i < certs.size(); i++) {
+    bssl::UniquePtr<X509> cert = parseDERCertificate(certs[i], error_details);
+    if (!cert) {
+      return quic::QUIC_FAILURE;
+    }
+    if (i == 0) {
+      leaf = std::move(cert);
+    } else {
+      sk_X509_push(intermediates.get(), cert.release());
+    }
+  }
+  bool success = context_impl_.verifyCertChain(*leaf, *intermediates, *error_details);
+  if (!success) {
+    return quic::QUIC_FAILURE;
+  }
+
+  std::unique_ptr<quic::CertificateView> cert_view =
+      quic::CertificateView::ParseSingleCertificate(certs[0]);
+  ASSERT(cert_view != nullptr);
+  for (const absl::string_view config_san : cert_view->subject_alt_name_domains()) {
+    if (Extensions::TransportSockets::Tls::ContextImpl::dnsNameMatch(hostname, config_san)) {
+      return quic::QUIC_SUCCESS;
+    }
+  }
+  *error_details = absl::StrCat("Leaf certificate doesn't match hostname: ", hostname);
+  return quic::QUIC_FAILURE;
+}
+
+} // namespace Quic
+} // namespace Envoy