proxygen
Protocol.h
Go to the documentation of this file.
1 /*
2  * Copyright (c) 2018-present, Facebook, Inc.
3  * All rights reserved.
4  *
5  * This source code is licensed under the BSD-style license found in the
6  * LICENSE file in the root directory of this source tree.
7  */
8 
9 #pragma once
10 
11 #include <fizz/protocol/Factory.h>
12 #include <fizz/protocol/KeyScheduler.h>
13 #include <fizz/record/Types.h>
14 
15 namespace fizz {
16 
17 class Protocol {
18  public:
19  template <typename Type>
20  static void setAead(
21  Type& recordLayer,
22  CipherSuite cipher,
23  folly::ByteRange secret,
24  const Factory& factory,
25  const KeyScheduler& scheduler) {
26  auto aead = factory.makeAead(cipher);
27  auto trafficKey =
28  scheduler.getTrafficKey(secret, aead->keyLength(), aead->ivLength());
29  aead->setKey(std::move(trafficKey));
30  recordLayer.setAead(secret, std::move(aead));
31  }
32 
33  static Buf getFinished(
34  folly::ByteRange handshakeWriteSecret,
35  HandshakeContext& handshakeContext) {
36  Finished finished;
37  finished.verify_data =
38  handshakeContext.getFinishedData(handshakeWriteSecret);
39  auto encodedFinished = encodeHandshake(std::move(finished));
40  handshakeContext.appendToTranscript(encodedFinished);
41  return encodedFinished;
42  }
43 
44  static Buf getKeyUpdated(KeyUpdateRequest request_update) {
45  KeyUpdate keyUpdated;
46  keyUpdated.request_update = request_update;
47  return encodeHandshake(std::move(keyUpdated));
48  }
49 
50  static void checkAllowedExtensions(
51  const EncryptedExtensions& ee,
52  const std::vector<ExtensionType>& requestedExtensions) {
53  for (const auto& ext : ee.extensions) {
54  // These extensions are not allowed in EE
55  switch (ext.extension_type) {
56  case ExtensionType::signature_algorithms:
57  case ExtensionType::key_share:
58  case ExtensionType::key_share_old:
59  case ExtensionType::pre_shared_key:
60  case ExtensionType::psk_key_exchange_modes:
61  case ExtensionType::cookie:
62  case ExtensionType::supported_versions:
63  throw FizzException(
64  "unexpected extension in ee: " + toString(ext.extension_type),
65  AlertDescription::illegal_parameter);
66  default:
67  if (std::find(
68  requestedExtensions.begin(),
69  requestedExtensions.end(),
70  ext.extension_type) == requestedExtensions.end()) {
71  throw FizzException(
72  "unexpected extension in ee: " + toString(ext.extension_type),
73  AlertDescription::illegal_parameter);
74  }
75  break;
76  }
77  }
78  checkDuplicateExtensions(ee.extensions);
79  }
80 
81  static void checkAllowedExtensions(
82  const ServerHello& shlo,
83  const std::vector<ExtensionType>& requestedExtensions) {
84  for (const auto& ext : shlo.extensions) {
85  if (std::find(
86  requestedExtensions.begin(),
87  requestedExtensions.end(),
88  ext.extension_type) == requestedExtensions.end() ||
89  (ext.extension_type != ExtensionType::key_share &&
90  ext.extension_type != ExtensionType::key_share_old &&
91  ext.extension_type != ExtensionType::pre_shared_key &&
92  ext.extension_type != ExtensionType::supported_versions)) {
93  throw FizzException(
94  "unexpected extension in shlo: " + toString(ext.extension_type),
95  AlertDescription::illegal_parameter);
96  }
97  }
98  checkDuplicateExtensions(shlo.extensions);
99  }
100 
101  static void checkAllowedExtensions(const HelloRetryRequest& hrr) {
102  // HRR is allowed to send 'cookie' unprompted. Otherwise only other allowed
103  // extensions are key_share and supported_versions, which we always send.
104  for (const auto& ext : hrr.extensions) {
105  if (ext.extension_type != ExtensionType::cookie &&
106  ext.extension_type != ExtensionType::key_share &&
107  ext.extension_type != ExtensionType::key_share_old &&
108  ext.extension_type != ExtensionType::supported_versions) {
109  throw FizzException(
110  "unexpected extension in hrr: " + toString(ext.extension_type),
111  AlertDescription::illegal_parameter);
112  }
113  }
114  checkDuplicateExtensions(hrr.extensions);
115  }
116 
117  static void checkDuplicateExtensions(const std::vector<Extension>& exts) {
118  std::vector<ExtensionType> extensionList;
119  for (const auto& extension : exts) {
120  extensionList.push_back(extension.extension_type);
121  }
122  std::sort(extensionList.begin(), extensionList.end());
123  if (std::unique(extensionList.begin(), extensionList.end()) !=
124  extensionList.end()) {
125  throw FizzException(
126  "duplicate extension", AlertDescription::illegal_parameter);
127  }
128  }
129 };
130 } // namespace fizz
fizz::HelloRetryRequest::extensions
std::vector< Extension > extensions
Definition: Types.h:218
fizz::EncryptedExtensions::extensions
std::vector< Extension > extensions
Definition: Types.h:228
fizz::Protocol::setAead
static void setAead(Type &recordLayer, CipherSuite cipher, folly::ByteRange secret, const Factory &factory, const KeyScheduler &scheduler)
Definition: Protocol.h:20
fizz::encodeHandshake
Buf encodeHandshake(T &&handshakeMsg)
Definition: Types-inl.h:515
fizz::KeyUpdate::request_update
KeyUpdateRequest request_update
Definition: Types.h:299
fizz::toString
folly::StringPiece toString(StateEnum state)
Definition: State.cpp:16
fizz::Protocol::getFinished
static Buf getFinished(folly::ByteRange handshakeWriteSecret, HandshakeContext &handshakeContext)
Definition: Protocol.h:33
fizz::KeyScheduler::getTrafficKey
virtual TrafficKey getTrafficKey(folly::ByteRange trafficSecret, size_t keyLength, size_t ivLength) const
Definition: KeyScheduler.cpp:192
fizz::HandshakeContext::appendToTranscript
virtual void appendToTranscript(const Buf &transcript)=0
fizz::HandshakeContext::getFinishedData
virtual Buf getFinishedData(folly::ByteRange baseKey) const =0
folly::gen::move
constexpr detail::Map< Move > move
Definition: Base-inl.h:2567
fizz::CipherSuite
CipherSuite
Definition: Types.h:153
fizz::Factory::makeAead
virtual std::unique_ptr< Aead > makeAead(CipherSuite cipher) const
Definition: Factory.h:105
scheduler
std::shared_ptr< folly::FunctionScheduler > scheduler
Definition: FilePoller.cpp:50
cipher
CipherSuite cipher
Definition: ClientProtocol.cpp:1006
fizz::Protocol::checkDuplicateExtensions
static void checkDuplicateExtensions(const std::vector< Extension > &exts)
Definition: Protocol.h:117
fizz
Definition: Actions.h:16
fizz::Finished::verify_data
Buf verify_data
Definition: Types.h:278
fizz::Protocol::checkAllowedExtensions
static void checkAllowedExtensions(const EncryptedExtensions &ee, const std::vector< ExtensionType > &requestedExtensions)
Definition: Protocol.h:50
fizz::KeyUpdateRequest
KeyUpdateRequest
Definition: Types.h:292
fizz::ServerHello::extensions
std::vector< Extension > extensions
Definition: Types.h:205
fizz::Buf
std::unique_ptr< folly::IOBuf > Buf
Definition: Types.h:22
fizz::Protocol::checkAllowedExtensions
static void checkAllowedExtensions(const ServerHello &shlo, const std::vector< ExtensionType > &requestedExtensions)
Definition: Protocol.h:81
secret
static constexpr StringPiece secret
Definition: AeadCookieCipherTest.cpp:21
fizz::Protocol::checkAllowedExtensions
static void checkAllowedExtensions(const HelloRetryRequest &hrr)
Definition: Protocol.h:101
fizz::Protocol::getKeyUpdated
static Buf getKeyUpdated(KeyUpdateRequest request_update)
Definition: Protocol.h:44