forked from envoyproxy/envoy
-
Notifications
You must be signed in to change notification settings - Fork 1
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: He Jie Xu <hejie.xu@intel.com>
- Loading branch information
Showing
18 changed files
with
462 additions
and
39 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,77 @@ | ||
#include "source/common/quic/envoy_quic_certificate_private_key.h" | ||
|
||
#include <cstddef> | ||
|
||
#include "source/common/quic/envoy_quic_proof_source_base.h" | ||
|
||
#include "openssl/ssl.h" | ||
|
||
namespace Envoy { | ||
namespace Quic { | ||
|
||
EnvoyQuicDefaultCertificatePrivateKey::EnvoyQuicDefaultCertificatePrivateKey( | ||
bssl::UniquePtr<EVP_PKEY> private_key) | ||
: private_key_(std::make_unique<quic::CertificatePrivateKey>(std::move(private_key))) {} | ||
|
||
EnvoyQuicDefaultCertificatePrivateKey::EnvoyQuicDefaultCertificatePrivateKey( | ||
std::unique_ptr<quic::CertificatePrivateKey> private_key) | ||
: private_key_(std::move(private_key)) {} | ||
|
||
void EnvoyQuicDefaultCertificatePrivateKey::Sign( | ||
SSL*, Event::Dispatcher*, absl::string_view input, uint16_t signature_algorithm, | ||
std::unique_ptr<EnvoyQuicProofSourceDetails> details, PrivateKeySignCallbacks& cb) { | ||
std::string signature = private_key_->Sign(input, signature_algorithm); | ||
cb.onPrivateKeySignComplete(true, signature, std::move(details)); | ||
} | ||
|
||
EVP_PKEY* EnvoyQuicDefaultCertificatePrivateKey::private_key() const { | ||
return private_key_->private_key(); | ||
} | ||
|
||
EnvoyQuicCertificatePrivateKeyByProvider::EnvoyQuicCertificatePrivateKeyByProvider( | ||
Ssl::PrivateKeyMethodProviderSharedPtr private_key_provider) | ||
: private_key_provider_(private_key_provider) {} | ||
|
||
void EnvoyQuicCertificatePrivateKeyByProvider::Sign( | ||
SSL* ssl, Event::Dispatcher* dispatcher, absl::string_view input, uint16_t signature_algorithm, | ||
std::unique_ptr<EnvoyQuicProofSourceDetails> details, PrivateKeySignCallbacks& cb) { | ||
ssl_ = ssl; | ||
cb_ = cb; | ||
private_key_provider_->registerPrivateKeyMethod(ssl, *this, *dispatcher); | ||
EVP_PKEY* pkey = private_key_provider_->private_key(); | ||
if (pkey == nullptr) { | ||
cb.onPrivateKeySignComplete(false, "", nullptr); | ||
} | ||
max_sig_size_ = EVP_PKEY_size(pkey); | ||
|
||
signature_.resize(max_sig_size_); | ||
size_t sig_size = 0; | ||
|
||
auto ret = private_key_provider_->getBoringSslPrivateKeyMethod()->sign( | ||
ssl, const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(signature_.data())), &sig_size, | ||
max_sig_size_, signature_algorithm, | ||
const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(input.data())), input.size()); | ||
if (ret == ssl_private_key_retry) { | ||
details_ = std::move(details); | ||
return; | ||
} | ||
if (ret == ssl_private_key_failure) { | ||
cb.onPrivateKeySignComplete(false, "", nullptr); | ||
} | ||
cb.onPrivateKeySignComplete(true, signature_, std::move(details)); | ||
} | ||
|
||
void EnvoyQuicCertificatePrivateKeyByProvider::onPrivateKeyMethodComplete() { | ||
size_t sig_len = 0; | ||
private_key_provider_->getBoringSslPrivateKeyMethod()->complete( | ||
ssl_, const_cast<uint8_t*>(reinterpret_cast<const uint8_t*>(signature_.data())), &sig_len, | ||
max_sig_size_); | ||
cb_->onPrivateKeySignComplete(true, signature_, std::move(details_)); | ||
} | ||
|
||
EVP_PKEY* EnvoyQuicCertificatePrivateKeyByProvider::private_key() const { | ||
return private_key_provider_->private_key(); | ||
} | ||
|
||
} // namespace Quic | ||
} // namespace Envoy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,68 @@ | ||
#pragma once | ||
|
||
#include "envoy/ssl/private_key/private_key.h" | ||
|
||
#include "source/common/quic/envoy_quic_proof_source_base.h" | ||
|
||
#include "absl/types/optional.h" | ||
#include "quiche/quic/core/crypto/proof_source.h" | ||
|
||
namespace Envoy { | ||
namespace Quic { | ||
|
||
class PrivateKeySignCallbacks { | ||
public: | ||
virtual ~PrivateKeySignCallbacks() = default; | ||
|
||
virtual void onPrivateKeySignComplete(bool success, const std::string& output, | ||
std::unique_ptr<EnvoyQuicProofSourceDetails> details) PURE; | ||
}; | ||
|
||
class EnvoyQuicCertificatePrivateKey { | ||
public: | ||
virtual ~EnvoyQuicCertificatePrivateKey() = default; | ||
virtual void Sign(SSL* ssl, Event::Dispatcher* dispatcher, absl::string_view input, | ||
uint16_t signature_algorithm, | ||
std::unique_ptr<EnvoyQuicProofSourceDetails> details, | ||
PrivateKeySignCallbacks& cb) PURE; | ||
virtual EVP_PKEY* private_key() const PURE; | ||
}; | ||
|
||
class EnvoyQuicDefaultCertificatePrivateKey : public EnvoyQuicCertificatePrivateKey { | ||
public: | ||
EnvoyQuicDefaultCertificatePrivateKey(bssl::UniquePtr<EVP_PKEY> private_key); | ||
EnvoyQuicDefaultCertificatePrivateKey(std::unique_ptr<quic::CertificatePrivateKey>); | ||
|
||
void Sign(SSL* ssl, Event::Dispatcher* dispatcher, absl::string_view input, | ||
uint16_t signature_algorithm, std::unique_ptr<EnvoyQuicProofSourceDetails> details, | ||
PrivateKeySignCallbacks& cb) override; | ||
EVP_PKEY* private_key() const override; | ||
|
||
private: | ||
std::unique_ptr<quic::CertificatePrivateKey> private_key_; | ||
}; | ||
|
||
class EnvoyQuicCertificatePrivateKeyByProvider : public EnvoyQuicCertificatePrivateKey, | ||
public Ssl::PrivateKeyConnectionCallbacks { | ||
public: | ||
EnvoyQuicCertificatePrivateKeyByProvider( | ||
Ssl::PrivateKeyMethodProviderSharedPtr provider_key_provider); | ||
|
||
void Sign(SSL* ssl, Event::Dispatcher* dispatcher, absl::string_view input, | ||
uint16_t signature_algorithm, std::unique_ptr<EnvoyQuicProofSourceDetails> details, | ||
PrivateKeySignCallbacks& cb) override; | ||
EVP_PKEY* private_key() const override; | ||
|
||
void onPrivateKeyMethodComplete() override; | ||
|
||
private: | ||
Ssl::PrivateKeyMethodProviderSharedPtr private_key_provider_; | ||
SSL* ssl_{nullptr}; | ||
std::string signature_; | ||
size_t max_sig_size_{0}; | ||
OptRef<PrivateKeySignCallbacks> cb_{absl::nullopt}; | ||
std::unique_ptr<EnvoyQuicProofSourceDetails> details_{nullptr}; | ||
}; | ||
|
||
} // namespace Quic | ||
} // namespace Envoy |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.