In QuicCryptoClientConfig, change the preferred encryption algorithm from...

In QuicCryptoClientConfig, change the preferred encryption algorithm from chacha20 to aes-gcm. Client side code, not flag protected in GFE. Merge internal change: 219390992 Change-Id: I812be51b1ebacfd3c8a2fcbdac054da098306c3f Reviewed-on: https://chromium-review.googlesource.com/c/1312093Reviewed-by: Ryan Hamilton <rch@chromium.org> Commit-Queue: Ryan Hamilton <rch@chromium.org> Cr-Commit-Position: refs/heads/master@{#604579}

In QuicCryptoClientConfig, change the preferred encryption algorithm from...
In QuicCryptoClientConfig, change the preferred encryption algorithm from chacha20 to aes-gcm. Client side code, not flag protected in GFE. Merge internal change: 219390992 Change-Id: I812be51b1ebacfd3c8a2fcbdac054da098306c3f Reviewed-on: https://chromium-review.googlesource.com/c/1312093Reviewed-by: Ryan Hamilton <rch@chromium.org> Commit-Queue: Ryan Hamilton <rch@chromium.org> Cr-Commit-Position: refs/heads/master@{#604579}
c31c0cb5 · Bin Wu · Commit Bot · 5fdab1c3 · c31c0cb5 · c31c0cb5
Commit c31c0cb5 authored Nov 01, 2018 by Bin Wu Committed by Commit Bot Nov 01, 2018
4 changed files
--- a/net/quic/quic_stream_factory.cc
+++ b/net/quic/quic_stream_factory.cc
@@ -193,6 +193,11 @@ quic::QuicConfig InitializeQuicConfig(
  return config;
 }

+bssl::UniquePtr<SSL_CTX> QuicStreamFactoryCreateSslCtx() {
+  crypto::EnsureOpenSSLInit();
+  return quic::TlsClientHandshaker::CreateSslCtx();
+}
+
 // An implementation of quic::QuicCryptoClientConfig::ServerIdFilter that wraps
 // an |origin_filter|.
 class ServerIdOriginFilter
@@ -967,7 +972,7 @@ QuicStreamFactory::QuicStreamFactory(
                                                  ct_policy_enforcer,
                                                  transport_security_state,
                                                  cert_transparency_verifier),
-          quic::TlsClientHandshaker::CreateSslCtx()),
+          QuicStreamFactoryCreateSslCtx()),
      mark_quic_broken_when_network_blackholes_(
          mark_quic_broken_when_network_blackholes),
      store_server_configs_in_properties_(store_server_configs_in_properties),
@@ -1015,12 +1020,9 @@ QuicStreamFactory::QuicStreamFactory(
  crypto_config_.AddCanonicalSuffix(".ggpht.com");
  crypto_config_.AddCanonicalSuffix(".googlevideo.com");
  crypto_config_.AddCanonicalSuffix(".googleusercontent.com");
-  crypto::EnsureOpenSSLInit();
-  bool has_aes_hardware_support = !!EVP_has_aes_hardware();
-  UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.PreferAesGcm",
-                        has_aes_hardware_support);
-  if (has_aes_hardware_support)
-    crypto_config_.PreferAesGcm();
+  bool prefer_aes_gcm =
+      !crypto_config_.aead.empty() && (crypto_config_.aead[0] == quic::kAESG);
+  UMA_HISTOGRAM_BOOLEAN("Net.QuicSession.PreferAesGcm", prefer_aes_gcm);

  if (migrate_sessions_early_v2 || retry_on_alternate_network_before_handshake)
    DCHECK(migrate_sessions_on_network_change_v2);

--- a/net/third_party/quic/core/crypto/quic_crypto_client_config.cc
+++ b/net/third_party/quic/core/crypto/quic_crypto_client_config.cc
@@ -394,8 +394,13 @@ void QuicCryptoClientConfig::SetDefaults() {
  // Key exchange methods.
  kexs = {kC255, kP256};

-  // Authenticated encryption algorithms. Prefer RFC 7539 ChaCha20 by default.
+  // Authenticated encryption algorithms. Prefer AES-GCM if hardware-supported
+  // fast implementation is available.
+  if (EVP_has_aes_hardware() == 1) {
+    aead = {kAESG, kCC20};
+  } else {
    aead = {kCC20, kAESG};
+  }
 }

 QuicCryptoClientConfig::CachedState* QuicCryptoClientConfig::LookupOrCreate(
@@ -948,18 +953,6 @@ void QuicCryptoClientConfig::AddCanonicalSuffix(const QuicString& suffix) {
  canonical_suffixes_.push_back(suffix);
 }

-void QuicCryptoClientConfig::PreferAesGcm() {
-  DCHECK(!aead.empty());
-  if (aead.size() <= 1) {
-    return;
-  }
-  auto pos = std::find(aead.begin(), aead.end(), kAESG);
-  if (pos != aead.end()) {
-    aead.erase(pos);
-    aead.insert(aead.begin(), kAESG);
-  }
-}
-
 bool QuicCryptoClientConfig::PopulateFromCanonicalConfig(
    const QuicServerId& server_id,
    CachedState* server_state) {

--- a/net/third_party/quic/core/crypto/quic_crypto_client_config.h
+++ b/net/third_party/quic/core/crypto/quic_crypto_client_config.h
@@ -335,11 +335,6 @@ class QUIC_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
  // suffix will be used to initialize the cached state for this server.
  void AddCanonicalSuffix(const QuicString& suffix);

-  // Prefers AES-GCM (kAESG) over other AEAD algorithms. Call this method if
-  // the CPU has hardware acceleration for AES-GCM. This method can only be
-  // called after SetDefaults().
-  void PreferAesGcm();
-
  // Saves the |user_agent_id| that will be passed in QUIC's CHLO message.
  void set_user_agent_id(const QuicString& user_agent_id) {
    user_agent_id_ = user_agent_id;

--- a/net/third_party/quic/core/crypto/quic_crypto_client_config_test.cc
+++ b/net/third_party/quic/core/crypto/quic_crypto_client_config_test.cc
@@ -201,13 +201,16 @@ TEST_F(QuicCryptoClientConfigTest, InchoateChlo) {
  EXPECT_EQ("hq", alpn);
 }

+// Make sure AES-GCM is the preferred encryption algorithm if it has hardware
+// acceleration.
 TEST_F(QuicCryptoClientConfigTest, PreferAesGcm) {
  QuicCryptoClientConfig config(crypto_test_utils::ProofVerifierForTesting(),
                                TlsClientHandshaker::CreateSslCtx());
-  if (config.aead.size() > 1)
-    EXPECT_NE(kAESG, config.aead[0]);
-  config.PreferAesGcm();
+  if (EVP_has_aes_hardware() == 1) {
    EXPECT_EQ(kAESG, config.aead[0]);
+  } else {
+    EXPECT_EQ(kCC20, config.aead[0]);
+  }
 }

 TEST_F(QuicCryptoClientConfigTest, InchoateChloSecure) {