net/quic/crypto/crypto_protocol.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_
   6 #define NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_
   7
   8 #include <string>
   9
  10 #include "net/base/net_export.h"
  11 #include "net/quic/quic_protocol.h"
  12
  13 // Version and Crypto tags are written to the wire with a big-endian
  14 // representation of the name of the tag.  For example
  15 // the client hello tag (CHLO) will be written as the
  16 // following 4 bytes: 'C' 'H' 'L' 'O'.  Since it is
  17 // stored in memory as a little endian uint32, we need
  18 // to reverse the order of the bytes.
  19 //
  20 // We use a macro to ensure that no static initialisers are created. Use the
  21 // MakeQuicTag function in normal code.
  22 #define TAG(a, b, c, d) \
  23     static_cast<QuicTag>((d << 24) + (c << 16) + (b << 8) + a)
  24
  25 namespace net {
  26
  27 typedef std::string ServerConfigID;
  28
  29 // clang-format off
  30 const QuicTag kCHLO = TAG('C', 'H', 'L', 'O');   // Client hello
  31 const QuicTag kSHLO = TAG('S', 'H', 'L', 'O');   // Server hello
  32 const QuicTag kSCFG = TAG('S', 'C', 'F', 'G');   // Server config
  33 const QuicTag kREJ  = TAG('R', 'E', 'J', '\0');  // Reject
  34 const QuicTag kSREJ = TAG('S', 'R', 'E', 'J');   // Stateless reject
  35 const QuicTag kCETV = TAG('C', 'E', 'T', 'V');   // Client encrypted tag-value
  36                                                  // pairs
  37 const QuicTag kPRST = TAG('P', 'R', 'S', 'T');   // Public reset
  38 const QuicTag kSCUP = TAG('S', 'C', 'U', 'P');   // Server config update.
  39
  40 // Key exchange methods
  41 const QuicTag kP256 = TAG('P', '2', '5', '6');   // ECDH, Curve P-256
  42 const QuicTag kC255 = TAG('C', '2', '5', '5');   // ECDH, Curve25519
  43
  44 // AEAD algorithms
  45 const QuicTag kNULL = TAG('N', 'U', 'L', 'N');   // null algorithm
  46 const QuicTag kAESG = TAG('A', 'E', 'S', 'G');   // AES128 + GCM-12
  47 const QuicTag kCC12 = TAG('C', 'C', '1', '2');   // ChaCha20 + Poly1305
  48
  49 // Socket receive buffer
  50 const QuicTag kSRBF = TAG('S', 'R', 'B', 'F');   // Socket receive buffer
  51
  52 // Congestion control feedback types
  53 const QuicTag kQBIC = TAG('Q', 'B', 'I', 'C');   // TCP cubic
  54
  55 // Connection options (COPT) values
  56 const QuicTag kAFCW = TAG('A', 'F', 'C', 'W');   // Auto-tune flow control
  57                                                  // receive windows.
  58 const QuicTag kIFW5 = TAG('I', 'F', 'W', '5');   // Set initial size
  59                                                  // of stream flow control
  60                                                  // receive window to
  61                                                  // 32KB. (2^5 KB).
  62 const QuicTag kIFW6 = TAG('I', 'F', 'W', '6');   // Set initial size
  63                                                  // of stream flow control
  64                                                  // receive window to
  65                                                  // 64KB. (2^6 KB).
  66 const QuicTag kIFW7 = TAG('I', 'F', 'W', '7');   // Set initial size
  67                                                  // of stream flow control
  68                                                  // receive window to
  69                                                  // 128KB. (2^7 KB).
  70 const QuicTag kTBBR = TAG('T', 'B', 'B', 'R');   // Reduced Buffer Bloat TCP
  71 const QuicTag kRENO = TAG('R', 'E', 'N', 'O');   // Reno Congestion Control
  72 const QuicTag kBYTE = TAG('B', 'Y', 'T', 'E');   // TCP cubic or reno in bytes
  73 const QuicTag kIW03 = TAG('I', 'W', '0', '3');   // Force ICWND to 3
  74 const QuicTag kIW10 = TAG('I', 'W', '1', '0');   // Force ICWND to 10
  75 const QuicTag kIW20 = TAG('I', 'W', '2', '0');   // Force ICWND to 20
  76 const QuicTag kIW50 = TAG('I', 'W', '5', '0');   // Force ICWND to 50
  77 const QuicTag k1CON = TAG('1', 'C', 'O', 'N');   // Emulate a single connection
  78 const QuicTag kNTLP = TAG('N', 'T', 'L', 'P');   // No tail loss probe
  79 const QuicTag kNCON = TAG('N', 'C', 'O', 'N');   // N Connection Congestion Ctrl
  80 const QuicTag kNRTO = TAG('N', 'R', 'T', 'O');   // CWND reduction on loss
  81 const QuicTag kTIME = TAG('T', 'I', 'M', 'E');   // Time based loss detection
  82 const QuicTag kMIN1 = TAG('M', 'I', 'N', '1');   // Min CWND of 1 packet
  83 const QuicTag kMIN4 = TAG('M', 'I', 'N', '4');   // Min CWND of 4 packets,
  84                                                  // with a min rate of 1 BDP.
  85 const QuicTag kTLPR = TAG('T', 'L', 'P', 'R');   // Tail loss probe delay of
  86                                                  // 0.5RTT.
  87
  88 // Optional support of truncated Connection IDs.  If sent by a peer, the value
  89 // is the minimum number of bytes allowed for the connection ID sent to the
  90 // peer.
  91 const QuicTag kTCID = TAG('T', 'C', 'I', 'D');   // Connection ID truncation.
  92
  93 // FEC options
  94 const QuicTag kFHDR = TAG('F', 'H', 'D', 'R');   // FEC protect headers
  95 const QuicTag kFSTR = TAG('F', 'S', 'T', 'R');   // FEC protect all streams
  96 // Set FecSendPolicy for sending FEC packet only when FEC alarm goes off.
  97 const QuicTag kFSPA = TAG('F', 'S', 'P', 'A');
  98 // Run an experiment that sets FecTimeOut alarm to 0.25RTT.
  99 // TODO(rtenneti): Delete it after the experiment.
 100 const QuicTag kFRTT = TAG('F', 'R', 'T', 'T');
 101
 102 // Enable bandwidth resumption experiment.
 103 const QuicTag kBWRE = TAG('B', 'W', 'R', 'E');  // Bandwidth resumption.
 104 const QuicTag kBWMX = TAG('B', 'W', 'M', 'X');  // Max bandwidth resumption.
 105
 106 // Enable path MTU discovery experiment.
 107 const QuicTag kMTUH = TAG('M', 'T', 'U', 'H');  // High-target MTU discovery.
 108 const QuicTag kMTUL = TAG('M', 'T', 'U', 'L');  // Low-target MTU discovery.
 109
 110 // Proof types (i.e. certificate types)
 111 // NOTE: although it would be silly to do so, specifying both kX509 and kX59R
 112 // is allowed and is equivalent to specifying only kX509.
 113 const QuicTag kX509 = TAG('X', '5', '0', '9');   // X.509 certificate, all key
 114                                                  // types
 115 const QuicTag kX59R = TAG('X', '5', '9', 'R');   // X.509 certificate, RSA keys
 116                                                  // only
 117 const QuicTag kCHID = TAG('C', 'H', 'I', 'D');   // Channel ID.
 118
 119 // Client hello tags
 120 const QuicTag kVER  = TAG('V', 'E', 'R', '\0');  // Version (new)
 121 const QuicTag kNONC = TAG('N', 'O', 'N', 'C');   // The client's nonce
 122 const QuicTag kKEXS = TAG('K', 'E', 'X', 'S');   // Key exchange methods
 123 const QuicTag kAEAD = TAG('A', 'E', 'A', 'D');   // Authenticated
 124                                                  // encryption algorithms
 125 const QuicTag kCOPT = TAG('C', 'O', 'P', 'T');   // Connection options
 126 const QuicTag kICSL = TAG('I', 'C', 'S', 'L');   // Idle connection state
 127                                                  // lifetime
 128 const QuicTag kSCLS = TAG('S', 'C', 'L', 'S');   // Silently close on timeout
 129 const QuicTag kMSPC = TAG('M', 'S', 'P', 'C');   // Max streams per connection.
 130 const QuicTag kIRTT = TAG('I', 'R', 'T', 'T');   // Estimated initial RTT in us.
 131 const QuicTag kSWND = TAG('S', 'W', 'N', 'D');   // Server's Initial congestion
 132                                                  // window.
 133 const QuicTag kSNI  = TAG('S', 'N', 'I', '\0');  // Server name
 134                                                  // indication
 135 const QuicTag kPUBS = TAG('P', 'U', 'B', 'S');   // Public key values
 136 const QuicTag kSCID = TAG('S', 'C', 'I', 'D');   // Server config id
 137 const QuicTag kORBT = TAG('O', 'B', 'I', 'T');   // Server orbit.
 138 const QuicTag kPDMD = TAG('P', 'D', 'M', 'D');   // Proof demand.
 139 const QuicTag kPROF = TAG('P', 'R', 'O', 'F');   // Proof (signature).
 140 const QuicTag kCCS  = TAG('C', 'C', 'S', 0);     // Common certificate set
 141 const QuicTag kCCRT = TAG('C', 'C', 'R', 'T');   // Cached certificate
 142 const QuicTag kEXPY = TAG('E', 'X', 'P', 'Y');   // Expiry
 143 const QuicTag kSFCW = TAG('S', 'F', 'C', 'W');   // Initial stream flow control
 144                                                  // receive window.
 145 const QuicTag kCFCW = TAG('C', 'F', 'C', 'W');   // Initial session/connection
 146                                                  // flow control receive window.
 147 const QuicTag kUAID = TAG('U', 'A', 'I', 'D');   // Client's User Agent ID.
 148
 149 // Rejection tags
 150 const QuicTag kRREJ = TAG('R', 'R', 'E', 'J');   // Reasons for server sending
 151 // Stateless Reject tags
 152 const QuicTag kRCID = TAG('R', 'C', 'I', 'D');   // Server-designated
 153                                                  // connection ID
 154 // Server hello tags
 155 const QuicTag kCADR = TAG('C', 'A', 'D', 'R');   // Client IP address and port
 156
 157 // CETV tags
 158 const QuicTag kCIDK = TAG('C', 'I', 'D', 'K');   // ChannelID key
 159 const QuicTag kCIDS = TAG('C', 'I', 'D', 'S');   // ChannelID signature
 160
 161 // Public reset tags
 162 const QuicTag kRNON = TAG('R', 'N', 'O', 'N');   // Public reset nonce proof
 163 const QuicTag kRSEQ = TAG('R', 'S', 'E', 'Q');   // Rejected packet number
 164
 165 // Universal tags
 166 const QuicTag kPAD  = TAG('P', 'A', 'D', '\0');  // Padding
 167 // clang-format on
 168
 169 // These tags have a special form so that they appear either at the beginning
 170 // or the end of a handshake message. Since handshake messages are sorted by
 171 // tag value, the tags with 0 at the end will sort first and those with 255 at
 172 // the end will sort last.
 173 //
 174 // The certificate chain should have a tag that will cause it to be sorted at
 175 // the end of any handshake messages because it's likely to be large and the
 176 // client might be able to get everything that it needs from the small values at
 177 // the beginning.
 178 //
 179 // Likewise tags with random values should be towards the beginning of the
 180 // message because the server mightn't hold state for a rejected client hello
 181 // and therefore the client may have issues reassembling the rejection message
 182 // in the event that it sent two client hellos.
 183 const QuicTag kServerNonceTag =
 184     TAG('S', 'N', 'O', 0);  // The server's nonce
 185 const QuicTag kSourceAddressTokenTag =
 186     TAG('S', 'T', 'K', 0);  // Source-address token
 187 const QuicTag kCertificateTag =
 188     TAG('C', 'R', 'T', 255);  // Certificate chain
 189
 190 #undef TAG
 191
 192 const size_t kMaxEntries = 128;  // Max number of entries in a message.
 193
 194 const size_t kNonceSize = 32;  // Size in bytes of the connection nonce.
 195
 196 const size_t kOrbitSize = 8;  // Number of bytes in an orbit value.
 197
 198 // kProofSignatureLabel is prepended to server configs before signing to avoid
 199 // any cross-protocol attacks on the signature.
 200 const char kProofSignatureLabel[] = "QUIC server config signature";
 201
 202 // kClientHelloMinimumSize is the minimum size of a client hello. Client hellos
 203 // will have PAD tags added in order to ensure this minimum is met and client
 204 // hellos smaller than this will be an error. This minimum size reduces the
 205 // amplification factor of any mirror DoS attack.
 206 //
 207 // A client may pad an inchoate client hello to a size larger than
 208 // kClientHelloMinimumSize to make it more likely to receive a complete
 209 // rejection message.
 210 const size_t kClientHelloMinimumSize = 1024;
 211
 212 }  // namespace net
 213
 214 #endif  // NET_QUIC_CRYPTO_CRYPTO_PROTOCOL_H_