1 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
6 #define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
7 
8 #include <string>
9 
10 #include "third_party/boringssl/src/include/openssl/ssl.h"
11 #include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
12 #include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h"
13 #include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h"
14 #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
15 #include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
16 #include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
17 #include "net/third_party/quiche/src/common/platform/api/quiche_string_piece.h"
18 
19 namespace quic {
20 
21 // An implementation of QuicCryptoClientStream::HandshakerInterface which uses
22 // TLS 1.3 for the crypto handshake protocol.
23 class QUIC_EXPORT_PRIVATE TlsClientHandshaker
24     : public TlsHandshaker,
25       public QuicCryptoClientStream::HandshakerInterface,
26       public TlsClientConnection::Delegate {
27  public:
28   TlsClientHandshaker(const QuicServerId& server_id,
29                       QuicCryptoStream* stream,
30                       QuicSession* session,
31                       std::unique_ptr<ProofVerifyContext> verify_context,
32                       QuicCryptoClientConfig* crypto_config,
33                       QuicCryptoClientStream::ProofHandler* proof_handler);
34   TlsClientHandshaker(const TlsClientHandshaker&) = delete;
35   TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete;
36 
37   ~TlsClientHandshaker() override;
38 
39   // From QuicCryptoClientStream::HandshakerInterface
40   bool CryptoConnect() override;
41   int num_sent_client_hellos() const override;
42   bool IsResumption() const override;
43   bool EarlyDataAccepted() const override;
44   bool ReceivedInchoateReject() const override;
45   int num_scup_messages_received() const override;
46   std::string chlo_hash() const override;
47 
48   // From QuicCryptoClientStream::HandshakerInterface and TlsHandshaker
49   bool encryption_established() const override;
50   bool one_rtt_keys_available() const override;
51   const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
52       const override;
53   CryptoMessageParser* crypto_message_parser() override;
54   HandshakeState GetHandshakeState() const override;
55   size_t BufferSizeLimitForLevel(EncryptionLevel level) const override;
56   void OnOneRttPacketAcknowledged() override;
57   void OnHandshakeDoneReceived() override;
58   void SetWriteSecret(EncryptionLevel level,
59                       const SSL_CIPHER* cipher,
60                       const std::vector<uint8_t>& write_secret) override;
61 
62   // Override to drop initial keys if trying to write ENCRYPTION_HANDSHAKE data.
63   void WriteMessage(EncryptionLevel level,
64                     quiche::QuicheStringPiece data) override;
65 
AllowEmptyAlpnForTests()66   void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; }
67 
68  protected:
tls_connection()69   const TlsConnection* tls_connection() const override {
70     return &tls_connection_;
71   }
72 
73   void AdvanceHandshake() override;
74   void CloseConnection(QuicErrorCode error,
75                        const std::string& reason_phrase) override;
76 
77   // TlsClientConnection::Delegate implementation:
78   enum ssl_verify_result_t VerifyCert(uint8_t* out_alert) override;
ConnectionDelegate()79   TlsConnection::Delegate* ConnectionDelegate() override { return this; }
80 
81  private:
82   // ProofVerifierCallbackImpl handles the result of an asynchronous certificate
83   // verification operation.
84   class QUIC_EXPORT_PRIVATE ProofVerifierCallbackImpl
85       : public ProofVerifierCallback {
86    public:
87     explicit ProofVerifierCallbackImpl(TlsClientHandshaker* parent);
88     ~ProofVerifierCallbackImpl() override;
89 
90     // ProofVerifierCallback interface.
91     void Run(bool ok,
92              const std::string& error_details,
93              std::unique_ptr<ProofVerifyDetails>* details) override;
94 
95     // If called, Cancel causes the pending callback to be a no-op.
96     void Cancel();
97 
98    private:
99     TlsClientHandshaker* parent_;
100   };
101 
102   enum State {
103     STATE_IDLE,
104     STATE_HANDSHAKE_RUNNING,
105     STATE_CERT_VERIFY_PENDING,
106     STATE_ENCRYPTION_HANDSHAKE_DATA_SENT,
107     STATE_HANDSHAKE_COMPLETE,
108     STATE_CONNECTION_CLOSED,
109   } state_ = STATE_IDLE;
110 
111   bool SetAlpn();
112   bool SetTransportParameters();
113   bool ProcessTransportParameters(std::string* error_details);
114   void FinishHandshake();
115 
116   // Called when server completes handshake (i.e., either handshake done is
117   // received or 1-RTT packet gets acknowledged).
118   void OnHandshakeConfirmed();
119 
120   void InsertSession(bssl::UniquePtr<SSL_SESSION> session) override;
121 
session()122   QuicSession* session() { return session_; }
123   QuicSession* session_;
124 
125   QuicServerId server_id_;
126 
127   // Objects used for verifying the server's certificate chain.
128   // |proof_verifier_| is owned by the caller of TlsClientHandshaker's
129   // constructor.
130   ProofVerifier* proof_verifier_;
131   std::unique_ptr<ProofVerifyContext> verify_context_;
132   // Unowned pointer to the proof handler which has the
133   // OnProofVerifyDetailsAvailable callback to use for notifying the result of
134   // certificate verification.
135   QuicCryptoClientStream::ProofHandler* proof_handler_;
136 
137   // Used for session resumption. |session_cache_| is owned by the
138   // QuicCryptoClientConfig passed into TlsClientHandshaker's constructor.
139   SessionCache* session_cache_;
140 
141   std::string user_agent_id_;
142 
143   // ProofVerifierCallback used for async certificate verification. This object
144   // is owned by |proof_verifier_|.
145   ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr;
146   std::unique_ptr<ProofVerifyDetails> verify_details_;
147   enum ssl_verify_result_t verify_result_ = ssl_verify_retry;
148   std::string cert_verify_error_details_;
149 
150   bool encryption_established_ = false;
151   bool one_rtt_keys_available_ = false;
152   bool handshake_confirmed_ = false;
153   QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
154       crypto_negotiated_params_;
155 
156   bool allow_empty_alpn_for_tests_ = false;
157 
158   TlsClientConnection tls_connection_;
159 };
160 
161 }  // namespace quic
162 
163 #endif  // QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
164