1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_HANDSHAKER_H_ 6 #define QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_HANDSHAKER_H_ 7 8 #include <string> 9 10 #include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h" 11 #include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h" 12 #include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h" 13 #include "net/third_party/quiche/src/quic/core/quic_server_id.h" 14 #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" 15 #include "net/third_party/quiche/src/common/platform/api/quiche_logging.h" 16 17 namespace quic { 18 19 // An implementation of QuicCryptoClientStream::HandshakerInterface which uses 20 // QUIC crypto as the crypto handshake protocol. 21 class QUIC_EXPORT_PRIVATE QuicCryptoClientHandshaker 22 : public QuicCryptoClientStream::HandshakerInterface, 23 public QuicCryptoHandshaker { 24 public: 25 QuicCryptoClientHandshaker( 26 const QuicServerId& server_id, 27 QuicCryptoClientStream* stream, 28 QuicSession* session, 29 std::unique_ptr<ProofVerifyContext> verify_context, 30 QuicCryptoClientConfig* crypto_config, 31 QuicCryptoClientStream::ProofHandler* proof_handler); 32 QuicCryptoClientHandshaker(const QuicCryptoClientHandshaker&) = delete; 33 QuicCryptoClientHandshaker& operator=(const QuicCryptoClientHandshaker&) = 34 delete; 35 36 ~QuicCryptoClientHandshaker() override; 37 38 // From QuicCryptoClientStream::HandshakerInterface 39 bool CryptoConnect() override; 40 int num_sent_client_hellos() const override; 41 bool IsResumption() const override; 42 bool EarlyDataAccepted() const override; 43 ssl_early_data_reason_t EarlyDataReason() const override; 44 bool ReceivedInchoateReject() const override; 45 int num_scup_messages_received() const override; 46 std::string chlo_hash() const override; 47 bool encryption_established() const override; 48 bool one_rtt_keys_available() const override; 49 const QuicCryptoNegotiatedParameters& crypto_negotiated_params() 50 const override; 51 CryptoMessageParser* crypto_message_parser() override; 52 HandshakeState GetHandshakeState() const override; 53 size_t BufferSizeLimitForLevel(EncryptionLevel level) const override; 54 bool KeyUpdateSupportedLocally() const override; 55 std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter() 56 override; 57 std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override; OnOneRttPacketAcknowledged()58 void OnOneRttPacketAcknowledged() override {} OnHandshakePacketSent()59 void OnHandshakePacketSent() override {} 60 void OnConnectionClosed(QuicErrorCode /*error*/, 61 ConnectionCloseSource /*source*/) override; 62 void OnHandshakeDoneReceived() override; SetServerApplicationStateForResumption(std::unique_ptr<ApplicationState>)63 void SetServerApplicationStateForResumption( 64 std::unique_ptr<ApplicationState> /*application_state*/) override { 65 QUICHE_NOTREACHED(); 66 } 67 68 // From QuicCryptoHandshaker 69 void OnHandshakeMessage(const CryptoHandshakeMessage& message) override; 70 71 protected: 72 // Returns the QuicSession that this stream belongs to. session()73 QuicSession* session() const { return session_; } 74 75 // Send either InchoateClientHello or ClientHello message to the server. 76 void DoSendCHLO(QuicCryptoClientConfig::CachedState* cached); 77 78 private: 79 // ProofVerifierCallbackImpl is passed as the callback method to VerifyProof. 80 // The ProofVerifier calls this class with the result of proof verification 81 // when verification is performed asynchronously. 82 class QUIC_EXPORT_PRIVATE ProofVerifierCallbackImpl 83 : public ProofVerifierCallback { 84 public: 85 explicit ProofVerifierCallbackImpl(QuicCryptoClientHandshaker* parent); 86 ~ProofVerifierCallbackImpl() override; 87 88 // ProofVerifierCallback interface. 89 void Run(bool ok, 90 const std::string& error_details, 91 std::unique_ptr<ProofVerifyDetails>* details) override; 92 93 // Cancel causes any future callbacks to be ignored. It must be called on 94 // the same thread as the callback will be made on. 95 void Cancel(); 96 97 private: 98 QuicCryptoClientHandshaker* parent_; 99 }; 100 101 enum State { 102 STATE_IDLE, 103 STATE_INITIALIZE, 104 STATE_SEND_CHLO, 105 STATE_RECV_REJ, 106 STATE_VERIFY_PROOF, 107 STATE_VERIFY_PROOF_COMPLETE, 108 STATE_RECV_SHLO, 109 STATE_INITIALIZE_SCUP, 110 STATE_NONE, 111 STATE_CONNECTION_CLOSED, 112 }; 113 114 // Handles new server config and optional source-address token provided by the 115 // server during a connection. 116 void HandleServerConfigUpdateMessage( 117 const CryptoHandshakeMessage& server_config_update); 118 119 // DoHandshakeLoop performs a step of the handshake state machine. Note that 120 // |in| may be nullptr if the call did not result from a received message. 121 void DoHandshakeLoop(const CryptoHandshakeMessage* in); 122 123 // Start the handshake process. 124 void DoInitialize(QuicCryptoClientConfig::CachedState* cached); 125 126 // Process REJ message from the server. 127 void DoReceiveREJ(const CryptoHandshakeMessage* in, 128 QuicCryptoClientConfig::CachedState* cached); 129 130 // Start the proof verification process. Returns the QuicAsyncStatus returned 131 // by the ProofVerifier's VerifyProof. 132 QuicAsyncStatus DoVerifyProof(QuicCryptoClientConfig::CachedState* cached); 133 134 // If proof is valid then it sets the proof as valid (which persists the 135 // server config). If not, it closes the connection. 136 void DoVerifyProofComplete(QuicCryptoClientConfig::CachedState* cached); 137 138 // Process SHLO message from the server. 139 void DoReceiveSHLO(const CryptoHandshakeMessage* in, 140 QuicCryptoClientConfig::CachedState* cached); 141 142 // Start the proof verification if |server_id_| is https and |cached| has 143 // signature. 144 void DoInitializeServerConfigUpdate( 145 QuicCryptoClientConfig::CachedState* cached); 146 147 // Called to set the proof of |cached| valid. Also invokes the session's 148 // OnProofValid() method. 149 void SetCachedProofValid(QuicCryptoClientConfig::CachedState* cached); 150 151 QuicCryptoClientStream* stream_; 152 153 QuicSession* session_; 154 HandshakerDelegateInterface* delegate_; 155 156 State next_state_; 157 // num_client_hellos_ contains the number of client hello messages that this 158 // connection has sent. 159 int num_client_hellos_; 160 161 ssl_early_data_reason_t early_data_reason_ = ssl_early_data_unknown; 162 163 QuicCryptoClientConfig* const crypto_config_; 164 165 // SHA-256 hash of the most recently sent CHLO. 166 std::string chlo_hash_; 167 168 // Server's (hostname, port, is_https, privacy_mode) tuple. 169 const QuicServerId server_id_; 170 171 // Generation counter from QuicCryptoClientConfig's CachedState. 172 uint64_t generation_counter_; 173 174 // verify_context_ contains the context object that we pass to asynchronous 175 // proof verifications. 176 std::unique_ptr<ProofVerifyContext> verify_context_; 177 178 // proof_verify_callback_ contains the callback object that we passed to an 179 // asynchronous proof verification. The ProofVerifier owns this object. 180 ProofVerifierCallbackImpl* proof_verify_callback_; 181 // proof_handler_ contains the callback object used by a quic client 182 // for proof verification. It is not owned by this class. 183 QuicCryptoClientStream::ProofHandler* proof_handler_; 184 185 // These members are used to store the result of an asynchronous proof 186 // verification. These members must not be used after 187 // STATE_VERIFY_PROOF_COMPLETE. 188 bool verify_ok_; 189 std::string verify_error_details_; 190 std::unique_ptr<ProofVerifyDetails> verify_details_; 191 192 QuicTime proof_verify_start_time_; 193 194 int num_scup_messages_received_; 195 196 bool encryption_established_; 197 bool one_rtt_keys_available_; 198 QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> 199 crypto_negotiated_params_; 200 }; 201 202 } // namespace quic 203 204 #endif // QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_HANDSHAKER_H_ 205