blob: 297063c4871d230ce28ba76d46a29197d12c59fc [file] [log] [blame]
// Copyright (c) 2020 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_
#define QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_
#include <cstdint>
#include <memory>
#include <string>
#include <vector>
#include "absl/types/span.h"
#include "openssl/ssl.h"
#include "quiche/quic/core/frames/quic_ack_frequency_frame.h"
#include "quiche/quic/core/frames/quic_reset_stream_at_frame.h"
#include "quiche/quic/core/quic_framer.h"
#include "quiche/quic/core/quic_packets.h"
#include "quiche/quic/core/quic_stream_sequencer.h"
#include "quiche/quic/core/quic_types.h"
#include "quiche/quic/platform/api/quic_export.h"
namespace quic {
// Utility class that allows extracting information from a QUIC-TLS Client
// Hello. This class creates a QuicFramer to parse the packet, and implements
// QuicFramerVisitorInterface to access the frames parsed by the QuicFramer. It
// then uses a QuicStreamSequencer to reassemble the contents of the crypto
// stream, and implements QuicStreamSequencer::StreamInterface to access the
// reassembled data.
class QUICHE_EXPORT TlsChloExtractor
: public QuicFramerVisitorInterface,
public QuicStreamSequencer::StreamInterface {
public:
TlsChloExtractor();
TlsChloExtractor(const TlsChloExtractor&) = delete;
TlsChloExtractor(TlsChloExtractor&&);
TlsChloExtractor& operator=(const TlsChloExtractor&) = delete;
TlsChloExtractor& operator=(TlsChloExtractor&&);
enum class State : uint8_t {
kInitial = 0,
kParsedFullSinglePacketChlo = 1,
kParsedFullMultiPacketChlo = 2,
kParsedPartialChloFragment = 3,
kUnrecoverableFailure = 4,
};
State state() const { return state_; }
std::vector<std::string> alpns() const { return alpns_; }
std::string server_name() const { return server_name_; }
bool resumption_attempted() const { return resumption_attempted_; }
bool early_data_attempted() const { return early_data_attempted_; }
const std::vector<uint16_t>& supported_groups() const {
return supported_groups_;
}
const std::vector<uint16_t>& cert_compression_algos() const {
return cert_compression_algos_;
}
absl::Span<const uint8_t> transport_params() const {
return transport_params_;
}
absl::Span<const uint8_t> client_hello_bytes() const {
return client_hello_bytes_;
}
// Converts |state| to a human-readable string suitable for logging.
static std::string StateToString(State state);
// Ingests |packet| and attempts to parse out the CHLO.
void IngestPacket(const ParsedQuicVersion& version,
const QuicReceivedPacket& packet);
// Returns whether the ingested packets have allowed parsing a complete CHLO.
bool HasParsedFullChlo() const {
return state_ == State::kParsedFullSinglePacketChlo ||
state_ == State::kParsedFullMultiPacketChlo;
}
// Returns the TLS alert that caused the unrecoverable error, if any.
std::optional<uint8_t> tls_alert() const {
QUICHE_DCHECK(!tls_alert_.has_value() ||
state_ == State::kUnrecoverableFailure);
return tls_alert_;
}
// Methods from QuicFramerVisitorInterface.
void OnError(QuicFramer* /*framer*/) override {}
bool OnProtocolVersionMismatch(ParsedQuicVersion version) override;
void OnPacket() override {}
void OnVersionNegotiationPacket(
const QuicVersionNegotiationPacket& /*packet*/) override {}
void OnRetryPacket(QuicConnectionId /*original_connection_id*/,
QuicConnectionId /*new_connection_id*/,
absl::string_view /*retry_token*/,
absl::string_view /*retry_integrity_tag*/,
absl::string_view /*retry_without_tag*/) override {}
bool OnUnauthenticatedPublicHeader(const QuicPacketHeader& header) override;
bool OnUnauthenticatedHeader(const QuicPacketHeader& /*header*/) override {
return true;
}
void OnDecryptedPacket(size_t /*packet_length*/,
EncryptionLevel /*level*/) override {}
bool OnPacketHeader(const QuicPacketHeader& /*header*/) override {
return true;
}
void OnCoalescedPacket(const QuicEncryptedPacket& /*packet*/) override {}
void OnUndecryptablePacket(const QuicEncryptedPacket& /*packet*/,
EncryptionLevel /*decryption_level*/,
bool /*has_decryption_key*/) override {}
bool OnStreamFrame(const QuicStreamFrame& /*frame*/) override { return true; }
bool OnCryptoFrame(const QuicCryptoFrame& frame) override;
bool OnAckFrameStart(QuicPacketNumber /*largest_acked*/,
QuicTime::Delta /*ack_delay_time*/) override {
return true;
}
bool OnAckRange(QuicPacketNumber /*start*/,
QuicPacketNumber /*end*/) override {
return true;
}
bool OnAckTimestamp(QuicPacketNumber /*packet_number*/,
QuicTime /*timestamp*/) override {
return true;
}
bool OnAckFrameEnd(
QuicPacketNumber /*start*/,
const std::optional<QuicEcnCounts>& /*ecn_counts*/) override {
return true;
}
bool OnStopWaitingFrame(const QuicStopWaitingFrame& /*frame*/) override {
return true;
}
bool OnPingFrame(const QuicPingFrame& /*frame*/) override { return true; }
bool OnRstStreamFrame(const QuicRstStreamFrame& /*frame*/) override {
return true;
}
bool OnConnectionCloseFrame(
const QuicConnectionCloseFrame& /*frame*/) override {
return true;
}
bool OnNewConnectionIdFrame(
const QuicNewConnectionIdFrame& /*frame*/) override {
return true;
}
bool OnRetireConnectionIdFrame(
const QuicRetireConnectionIdFrame& /*frame*/) override {
return true;
}
bool OnNewTokenFrame(const QuicNewTokenFrame& /*frame*/) override {
return true;
}
bool OnStopSendingFrame(const QuicStopSendingFrame& /*frame*/) override {
return true;
}
bool OnPathChallengeFrame(const QuicPathChallengeFrame& /*frame*/) override {
return true;
}
bool OnPathResponseFrame(const QuicPathResponseFrame& /*frame*/) override {
return true;
}
bool OnGoAwayFrame(const QuicGoAwayFrame& /*frame*/) override { return true; }
bool OnMaxStreamsFrame(const QuicMaxStreamsFrame& /*frame*/) override {
return true;
}
bool OnStreamsBlockedFrame(
const QuicStreamsBlockedFrame& /*frame*/) override {
return true;
}
bool OnWindowUpdateFrame(const QuicWindowUpdateFrame& /*frame*/) override {
return true;
}
bool OnBlockedFrame(const QuicBlockedFrame& /*frame*/) override {
return true;
}
bool OnPaddingFrame(const QuicPaddingFrame& /*frame*/) override {
return true;
}
bool OnMessageFrame(const QuicMessageFrame& /*frame*/) override {
return true;
}
bool OnHandshakeDoneFrame(const QuicHandshakeDoneFrame& /*frame*/) override {
return true;
}
bool OnAckFrequencyFrame(const QuicAckFrequencyFrame& /*frame*/) override {
return true;
}
bool OnResetStreamAtFrame(const QuicResetStreamAtFrame& /*frame*/) override {
return true;
}
void OnPacketComplete() override {}
bool IsValidStatelessResetToken(
const StatelessResetToken& /*token*/) const override {
return true;
}
void OnAuthenticatedIetfStatelessResetPacket(
const QuicIetfStatelessResetPacket& /*packet*/) override {}
void OnKeyUpdate(KeyUpdateReason /*reason*/) override {}
void OnDecryptedFirstPacketInKeyPhase() override {}
std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter()
override {
return nullptr;
}
std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override {
return nullptr;
}
// Methods from QuicStreamSequencer::StreamInterface.
void OnDataAvailable() override;
void OnFinRead() override {}
void AddBytesConsumed(QuicByteCount /*bytes*/) override {}
void ResetWithError(QuicResetStreamError /*error*/) override {}
void OnUnrecoverableError(QuicErrorCode error,
const std::string& details) override;
void OnUnrecoverableError(QuicErrorCode error,
QuicIetfTransportErrorCodes ietf_error,
const std::string& details) override;
QuicStreamId id() const override { return 0; }
ParsedQuicVersion version() const override { return framer_->version(); }
private:
// Parses the length of the CHLO message by looking at the first four bytes.
// Returns whether we have received enough data to parse the full CHLO now.
bool MaybeAttemptToParseChloLength();
// Parses the full CHLO message if enough data has been received.
void AttemptToParseFullChlo();
// Moves to the failed state and records the error details.
void HandleUnrecoverableError(const std::string& error_details);
// Lazily sets up shared SSL handles if needed.
static std::pair<SSL_CTX*, int> GetSharedSslHandles();
// Lazily sets up the per-instance SSL handle if needed.
void SetupSslHandle();
// Extract the TlsChloExtractor instance from |ssl|.
static TlsChloExtractor* GetInstanceFromSSL(SSL* ssl);
// BoringSSL static TLS callbacks.
static enum ssl_select_cert_result_t SelectCertCallback(
const SSL_CLIENT_HELLO* client_hello);
static int SetReadSecretCallback(SSL* ssl, enum ssl_encryption_level_t level,
const SSL_CIPHER* cipher,
const uint8_t* secret, size_t secret_length);
static int SetWriteSecretCallback(SSL* ssl, enum ssl_encryption_level_t level,
const SSL_CIPHER* cipher,
const uint8_t* secret,
size_t secret_length);
static int WriteMessageCallback(SSL* ssl, enum ssl_encryption_level_t level,
const uint8_t* data, size_t len);
static int FlushFlightCallback(SSL* ssl);
static int SendAlertCallback(SSL* ssl, enum ssl_encryption_level_t level,
uint8_t desc);
// Called by SelectCertCallback.
void HandleParsedChlo(const SSL_CLIENT_HELLO* client_hello);
// Called by callbacks that should never be called.
void HandleUnexpectedCallback(const std::string& callback_name);
// Called by SendAlertCallback.
void SendAlert(uint8_t tls_alert_value);
// Used to parse received packets to extract single frames.
std::unique_ptr<QuicFramer> framer_;
// Used to reassemble the crypto stream from received CRYPTO frames.
QuicStreamSequencer crypto_stream_sequencer_;
// BoringSSL handle required to parse the CHLO.
bssl::UniquePtr<SSL> ssl_;
// State of this TlsChloExtractor.
State state_;
// Detail string that can be logged in the presence of unrecoverable errors.
std::string error_details_;
// Whether a CRYPTO frame was parsed in this packet.
bool parsed_crypto_frame_in_this_packet_;
// Array of NamedGroups parsed from the CHLO's supported_groups extension.
std::vector<uint16_t> supported_groups_;
// Array of cert compression algos parsed from the CHLO's
// compress_certificate extension.
std::vector<uint16_t> cert_compression_algos_;
// Array of ALPNs parsed from the CHLO.
std::vector<std::string> alpns_;
// SNI parsed from the CHLO.
std::string server_name_;
// Whether resumption is attempted from the CHLO, indicated by the
// 'pre_shared_key' TLS extension.
bool resumption_attempted_ = false;
// Whether early data is attempted from the CHLO, indicated by the
// 'early_data' TLS extension.
bool early_data_attempted_ = false;
// If set, contains the TLS alert that caused an unrecoverable error, which is
// an AlertDescription value defined in go/rfc/8446#appendix-B.2.
std::optional<uint8_t> tls_alert_;
// QUIC Transport Parameters, if present in the CHLO.
// Not populated for draft29.
std::vector<uint8_t> transport_params_;
// Exact TLS message bytes.
std::vector<uint8_t> client_hello_bytes_;
};
// Convenience method to facilitate logging TlsChloExtractor::State.
QUICHE_EXPORT std::ostream& operator<<(std::ostream& os,
const TlsChloExtractor::State& state);
} // namespace quic
#endif // QUICHE_QUIC_CORE_TLS_CHLO_EXTRACTOR_H_