// Copyright (c) 2012 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #ifndef NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_ #define NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_ #include #include "net/base/net_export.h" #include "net/quic/quic_protocol.h" // Version and Crypto tags are written to the wire with a big-endian // representation of the name of the tag. For example // the client hello tag (CHLO) will be written as the // following 4 bytes: 'C' 'H' 'L' 'O'. Since it is // stored in memory as a little endian uint32, we need // to reverse the order of the bytes. // // We use a macro to ensure that no static initialisers are created. Use the // MakeQuicTag function in normal code. #define TAG(a, b, c, d) \ static_cast((d << 24) + (c << 16) + (b << 8) + a) namespace net { typedef std::string ServerConfigID; // clang-format off const QuicTag kCHLO = TAG('C', 'H', 'L', 'O'); // Client hello const QuicTag kSHLO = TAG('S', 'H', 'L', 'O'); // Server hello const QuicTag kSCFG = TAG('S', 'C', 'F', 'G'); // Server config const QuicTag kREJ = TAG('R', 'E', 'J', '\0'); // Reject const QuicTag kSREJ = TAG('S', 'R', 'E', 'J'); // Stateless reject const QuicTag kCETV = TAG('C', 'E', 'T', 'V'); // Client encrypted tag-value // pairs const QuicTag kPRST = TAG('P', 'R', 'S', 'T'); // Public reset const QuicTag kSCUP = TAG('S', 'C', 'U', 'P'); // Server config update. // Key exchange methods const QuicTag kP256 = TAG('P', '2', '5', '6'); // ECDH, Curve P-256 const QuicTag kC255 = TAG('C', '2', '5', '5'); // ECDH, Curve25519 // AEAD algorithms const QuicTag kNULL = TAG('N', 'U', 'L', 'N'); // null algorithm const QuicTag kAESG = TAG('A', 'E', 'S', 'G'); // AES128 + GCM-12 const QuicTag kCC12 = TAG('C', 'C', '1', '2'); // ChaCha20 + Poly1305 // Socket receive buffer const QuicTag kSRBF = TAG('S', 'R', 'B', 'F'); // Socket receive buffer // Congestion control feedback types const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C'); // TCP cubic // Connection options (COPT) values const QuicTag kAFCW = TAG('A', 'F', 'C', 'W'); // Auto-tune flow control // receive windows. const QuicTag kIFW5 = TAG('I', 'F', 'W', '5'); // Set initial size // of stream flow control // receive window to // 32KB. (2^5 KB). const QuicTag kIFW6 = TAG('I', 'F', 'W', '6'); // Set initial size // of stream flow control // receive window to // 64KB. (2^6 KB). const QuicTag kIFW7 = TAG('I', 'F', 'W', '7'); // Set initial size // of stream flow control // receive window to // 128KB. (2^7 KB). const QuicTag kTBBR = TAG('T', 'B', 'B', 'R'); // Reduced Buffer Bloat TCP const QuicTag kRENO = TAG('R', 'E', 'N', 'O'); // Reno Congestion Control const QuicTag kBYTE = TAG('B', 'Y', 'T', 'E'); // TCP cubic or reno in bytes const QuicTag kIW03 = TAG('I', 'W', '0', '3'); // Force ICWND to 3 const QuicTag kIW10 = TAG('I', 'W', '1', '0'); // Force ICWND to 10 const QuicTag kIW20 = TAG('I', 'W', '2', '0'); // Force ICWND to 20 const QuicTag kIW50 = TAG('I', 'W', '5', '0'); // Force ICWND to 50 const QuicTag k1CON = TAG('1', 'C', 'O', 'N'); // Emulate a single connection const QuicTag kNTLP = TAG('N', 'T', 'L', 'P'); // No tail loss probe const QuicTag kNCON = TAG('N', 'C', 'O', 'N'); // N Connection Congestion Ctrl const QuicTag kNRTO = TAG('N', 'R', 'T', 'O'); // CWND reduction on loss const QuicTag kTIME = TAG('T', 'I', 'M', 'E'); // Time based loss detection const QuicTag kMIN1 = TAG('M', 'I', 'N', '1'); // Min CWND of 1 packet const QuicTag kMIN4 = TAG('M', 'I', 'N', '4'); // Min CWND of 4 packets, // with a min rate of 1 BDP. const QuicTag kTLPR = TAG('T', 'L', 'P', 'R'); // Tail loss probe delay of // 0.5RTT. // Optional support of truncated Connection IDs. If sent by a peer, the value // is the minimum number of bytes allowed for the connection ID sent to the // peer. const QuicTag kTCID = TAG('T', 'C', 'I', 'D'); // Connection ID truncation. // FEC options const QuicTag kFHDR = TAG('F', 'H', 'D', 'R'); // FEC protect headers const QuicTag kFSTR = TAG('F', 'S', 'T', 'R'); // FEC protect all streams // Set FecSendPolicy for sending FEC packet only when FEC alarm goes off. const QuicTag kFSPA = TAG('F', 'S', 'P', 'A'); // Run an experiment that sets FecTimeOut alarm to 0.25RTT. // TODO(rtenneti): Delete it after the experiment. const QuicTag kFRTT = TAG('F', 'R', 'T', 'T'); // Enable bandwidth resumption experiment. const QuicTag kBWRE = TAG('B', 'W', 'R', 'E'); // Bandwidth resumption. const QuicTag kBWMX = TAG('B', 'W', 'M', 'X'); // Max bandwidth resumption. // Enable path MTU discovery experiment. const QuicTag kMTUH = TAG('M', 'T', 'U', 'H'); // High-target MTU discovery. const QuicTag kMTUL = TAG('M', 'T', 'U', 'L'); // Low-target MTU discovery. // Proof types (i.e. certificate types) // NOTE: although it would be silly to do so, specifying both kX509 and kX59R // is allowed and is equivalent to specifying only kX509. const QuicTag kX509 = TAG('X', '5', '0', '9'); // X.509 certificate, all key // types const QuicTag kX59R = TAG('X', '5', '9', 'R'); // X.509 certificate, RSA keys // only const QuicTag kCHID = TAG('C', 'H', 'I', 'D'); // Channel ID. // Client hello tags const QuicTag kVER = TAG('V', 'E', 'R', '\0'); // Version (new) const QuicTag kNONC = TAG('N', 'O', 'N', 'C'); // The client's nonce const QuicTag kKEXS = TAG('K', 'E', 'X', 'S'); // Key exchange methods const QuicTag kAEAD = TAG('A', 'E', 'A', 'D'); // Authenticated // encryption algorithms const QuicTag kCOPT = TAG('C', 'O', 'P', 'T'); // Connection options const QuicTag kICSL = TAG('I', 'C', 'S', 'L'); // Idle connection state // lifetime const QuicTag kSCLS = TAG('S', 'C', 'L', 'S'); // Silently close on timeout const QuicTag kMSPC = TAG('M', 'S', 'P', 'C'); // Max streams per connection. const QuicTag kIRTT = TAG('I', 'R', 'T', 'T'); // Estimated initial RTT in us. const QuicTag kSWND = TAG('S', 'W', 'N', 'D'); // Server's Initial congestion // window. const QuicTag kSNI = TAG('S', 'N', 'I', '\0'); // Server name // indication const QuicTag kPUBS = TAG('P', 'U', 'B', 'S'); // Public key values const QuicTag kSCID = TAG('S', 'C', 'I', 'D'); // Server config id const QuicTag kORBT = TAG('O', 'B', 'I', 'T'); // Server orbit. const QuicTag kPDMD = TAG('P', 'D', 'M', 'D'); // Proof demand. const QuicTag kPROF = TAG('P', 'R', 'O', 'F'); // Proof (signature). const QuicTag kCCS = TAG('C', 'C', 'S', 0); // Common certificate set const QuicTag kCCRT = TAG('C', 'C', 'R', 'T'); // Cached certificate const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y'); // Expiry const QuicTag kSFCW = TAG('S', 'F', 'C', 'W'); // Initial stream flow control // receive window. const QuicTag kCFCW = TAG('C', 'F', 'C', 'W'); // Initial session/connection // flow control receive window. const QuicTag kUAID = TAG('U', 'A', 'I', 'D'); // Client's User Agent ID. // Rejection tags const QuicTag kRREJ = TAG('R', 'R', 'E', 'J'); // Reasons for server sending // Stateless Reject tags const QuicTag kRCID = TAG('R', 'C', 'I', 'D'); // Server-designated // connection ID // Server hello tags const QuicTag kCADR = TAG('C', 'A', 'D', 'R'); // Client IP address and port // CETV tags const QuicTag kCIDK = TAG('C', 'I', 'D', 'K'); // ChannelID key const QuicTag kCIDS = TAG('C', 'I', 'D', 'S'); // ChannelID signature // Public reset tags const QuicTag kRNON = TAG('R', 'N', 'O', 'N'); // Public reset nonce proof const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q'); // Rejected sequence number // Universal tags const QuicTag kPAD = TAG('P', 'A', 'D', '\0'); // Padding // clang-format on // These tags have a special form so that they appear either at the beginning // or the end of a handshake message. Since handshake messages are sorted by // tag value, the tags with 0 at the end will sort first and those with 255 at // the end will sort last. // // The certificate chain should have a tag that will cause it to be sorted at // the end of any handshake messages because it's likely to be large and the // client might be able to get everything that it needs from the small values at // the beginning. // // Likewise tags with random values should be towards the beginning of the // message because the server mightn't hold state for a rejected client hello // and therefore the client may have issues reassembling the rejection message // in the event that it sent two client hellos. const QuicTag kServerNonceTag = TAG('S', 'N', 'O', 0); // The server's nonce const QuicTag kSourceAddressTokenTag = TAG('S', 'T', 'K', 0); // Source-address token const QuicTag kCertificateTag = TAG('C', 'R', 'T', 255); // Certificate chain #undef TAG const size_t kMaxEntries = 128; // Max number of entries in a message. const size_t kNonceSize = 32; // Size in bytes of the connection nonce. const size_t kOrbitSize = 8; // Number of bytes in an orbit value. // kProofSignatureLabel is prepended to server configs before signing to avoid // any cross-protocol attacks on the signature. const char kProofSignatureLabel[] = "QUIC server config signature"; // kClientHelloMinimumSize is the minimum size of a client hello. Client hellos // will have PAD tags added in order to ensure this minimum is met and client // hellos smaller than this will be an error. This minimum size reduces the // amplification factor of any mirror DoS attack. // // A client may pad an inchoate client hello to a size larger than // kClientHelloMinimumSize to make it more likely to receive a complete // rejection message. const size_t kClientHelloMinimumSize = 1024; } // namespace net #endif // NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_