1 // Copyright (c) 2017 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 #ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_ 6 #define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_ 7 8 #include <string> 9 10 #include "third_party/boringssl/src/include/openssl/ssl.h" 11 #include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h" 12 #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h" 13 #include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h" 14 #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" 15 #include "net/third_party/quiche/src/quic/core/tls_handshaker.h" 16 #include "net/third_party/quiche/src/quic/platform/api/quic_export.h" 17 #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h" 18 19 namespace quic { 20 21 // An implementation of QuicCryptoClientStream::HandshakerInterface which uses 22 // TLS 1.3 for the crypto handshake protocol. 23 class QUIC_EXPORT_PRIVATE TlsClientHandshaker 24 : public TlsHandshaker, 25 public QuicCryptoClientStream::HandshakerInterface, 26 public TlsClientConnection::Delegate { 27 public: 28 TlsClientHandshaker(const QuicServerId& server_id, 29 QuicCryptoStream* stream, 30 QuicSession* session, 31 std::unique_ptr<ProofVerifyContext> verify_context, 32 QuicCryptoClientConfig* crypto_config, 33 QuicCryptoClientStream::ProofHandler* proof_handler); 34 TlsClientHandshaker(const TlsClientHandshaker&) = delete; 35 TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete; 36 37 ~TlsClientHandshaker() override; 38 39 // From QuicCryptoClientStream::HandshakerInterface 40 bool CryptoConnect() override; 41 int num_sent_client_hellos() const override; 42 bool IsResumption() const override; 43 bool EarlyDataAccepted() const override; 44 bool ReceivedInchoateReject() const override; 45 int num_scup_messages_received() const override; 46 std::string chlo_hash() const override; 47 48 // From QuicCryptoClientStream::HandshakerInterface and TlsHandshaker 49 bool encryption_established() const override; 50 bool one_rtt_keys_available() const override; 51 const QuicCryptoNegotiatedParameters& crypto_negotiated_params() 52 const override; 53 CryptoMessageParser* crypto_message_parser() override; 54 HandshakeState GetHandshakeState() const override; 55 size_t BufferSizeLimitForLevel(EncryptionLevel level) const override; 56 void OnOneRttPacketAcknowledged() override; 57 void OnHandshakeDoneReceived() override; 58 void SetWriteSecret(EncryptionLevel level, 59 const SSL_CIPHER* cipher, 60 const std::vector<uint8_t>& write_secret) override; 61 62 // Override to drop initial keys if trying to write ENCRYPTION_HANDSHAKE data. 63 void WriteMessage(EncryptionLevel level, 64 quiche::QuicheStringPiece data) override; 65 AllowEmptyAlpnForTests()66 void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; } 67 68 protected: tls_connection()69 const TlsConnection* tls_connection() const override { 70 return &tls_connection_; 71 } 72 73 void AdvanceHandshake() override; 74 void CloseConnection(QuicErrorCode error, 75 const std::string& reason_phrase) override; 76 77 // TlsClientConnection::Delegate implementation: 78 enum ssl_verify_result_t VerifyCert(uint8_t* out_alert) override; ConnectionDelegate()79 TlsConnection::Delegate* ConnectionDelegate() override { return this; } 80 81 private: 82 // ProofVerifierCallbackImpl handles the result of an asynchronous certificate 83 // verification operation. 84 class QUIC_EXPORT_PRIVATE ProofVerifierCallbackImpl 85 : public ProofVerifierCallback { 86 public: 87 explicit ProofVerifierCallbackImpl(TlsClientHandshaker* parent); 88 ~ProofVerifierCallbackImpl() override; 89 90 // ProofVerifierCallback interface. 91 void Run(bool ok, 92 const std::string& error_details, 93 std::unique_ptr<ProofVerifyDetails>* details) override; 94 95 // If called, Cancel causes the pending callback to be a no-op. 96 void Cancel(); 97 98 private: 99 TlsClientHandshaker* parent_; 100 }; 101 102 enum State { 103 STATE_IDLE, 104 STATE_HANDSHAKE_RUNNING, 105 STATE_CERT_VERIFY_PENDING, 106 STATE_ENCRYPTION_HANDSHAKE_DATA_SENT, 107 STATE_HANDSHAKE_COMPLETE, 108 STATE_CONNECTION_CLOSED, 109 } state_ = STATE_IDLE; 110 111 bool SetAlpn(); 112 bool SetTransportParameters(); 113 bool ProcessTransportParameters(std::string* error_details); 114 void FinishHandshake(); 115 116 // Called when server completes handshake (i.e., either handshake done is 117 // received or 1-RTT packet gets acknowledged). 118 void OnHandshakeConfirmed(); 119 120 void InsertSession(bssl::UniquePtr<SSL_SESSION> session) override; 121 session()122 QuicSession* session() { return session_; } 123 QuicSession* session_; 124 125 QuicServerId server_id_; 126 127 // Objects used for verifying the server's certificate chain. 128 // |proof_verifier_| is owned by the caller of TlsClientHandshaker's 129 // constructor. 130 ProofVerifier* proof_verifier_; 131 std::unique_ptr<ProofVerifyContext> verify_context_; 132 // Unowned pointer to the proof handler which has the 133 // OnProofVerifyDetailsAvailable callback to use for notifying the result of 134 // certificate verification. 135 QuicCryptoClientStream::ProofHandler* proof_handler_; 136 137 // Used for session resumption. |session_cache_| is owned by the 138 // QuicCryptoClientConfig passed into TlsClientHandshaker's constructor. 139 SessionCache* session_cache_; 140 141 std::string user_agent_id_; 142 143 // ProofVerifierCallback used for async certificate verification. This object 144 // is owned by |proof_verifier_|. 145 ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr; 146 std::unique_ptr<ProofVerifyDetails> verify_details_; 147 enum ssl_verify_result_t verify_result_ = ssl_verify_retry; 148 std::string cert_verify_error_details_; 149 150 bool encryption_established_ = false; 151 bool one_rtt_keys_available_ = false; 152 bool handshake_confirmed_ = false; 153 QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters> 154 crypto_negotiated_params_; 155 156 bool allow_empty_alpn_for_tests_ = false; 157 158 TlsClientConnection tls_connection_; 159 }; 160 161 } // namespace quic 162 163 #endif // QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_ 164