blob: 0a3e5e4df573325477989843e06c0e8923e5b900 [file] [log] [blame]
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_STREAM_H_
#define QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_STREAM_H_
#include <cstdint>
#include <memory>
#include <string>
#include "quiche/quic/core/crypto/proof_verifier.h"
#include "quiche/quic/core/crypto/quic_crypto_client_config.h"
#include "quiche/quic/core/proto/cached_network_parameters_proto.h"
#include "quiche/quic/core/quic_config.h"
#include "quiche/quic/core/quic_crypto_handshaker.h"
#include "quiche/quic/core/quic_crypto_stream.h"
#include "quiche/quic/core/quic_server_id.h"
#include "quiche/quic/core/quic_session.h"
#include "quiche/quic/core/quic_types.h"
#include "quiche/quic/core/quic_versions.h"
#include "quiche/quic/platform/api/quic_export.h"
namespace quic {
namespace test {
class QuicCryptoClientStreamPeer;
} // namespace test
class TlsClientHandshaker;
class QUIC_EXPORT_PRIVATE QuicCryptoClientStreamBase : public QuicCryptoStream {
public:
explicit QuicCryptoClientStreamBase(QuicSession* session);
~QuicCryptoClientStreamBase() override {}
// Performs a crypto handshake with the server. Returns true if the connection
// is still connected.
virtual bool CryptoConnect() = 0;
// DEPRECATED: Use IsResumption, EarlyDataAccepted, and/or
// ReceivedInchoateReject instead.
//
// num_sent_client_hellos returns the number of client hello messages that
// have been sent. If the handshake has completed then this is one greater
// than the number of round-trips needed for the handshake.
virtual int num_sent_client_hellos() const = 0;
// Returns true if the handshake performed was a resumption instead of a full
// handshake. Resumption only makes sense for TLS handshakes - there is no
// concept of resumption for QUIC crypto even though it supports a 0-RTT
// handshake. This function only returns valid results once the handshake is
// complete.
virtual bool IsResumption() const = 0;
// Returns true if early data (0-RTT) was accepted in the connection.
virtual bool EarlyDataAccepted() const = 0;
// Returns true if the client received an inchoate REJ during the handshake,
// extending the handshake by one round trip. This only applies for QUIC
// crypto handshakes. The equivalent feature in IETF QUIC is a Retry packet,
// but that is handled at the connection layer instead of the crypto layer.
virtual bool ReceivedInchoateReject() const = 0;
// The number of server config update messages received by the
// client. Does not count update messages that were received prior
// to handshake confirmation.
virtual int num_scup_messages_received() const = 0;
bool ExportKeyingMaterial(absl::string_view /*label*/,
absl::string_view /*context*/,
size_t /*result_len*/,
std::string* /*result*/) override {
QUICHE_NOTREACHED();
return false;
}
std::string GetAddressToken(
const CachedNetworkParameters* /*cached_network_params*/) const override {
QUICHE_DCHECK(false);
return "";
}
bool ValidateAddressToken(absl::string_view /*token*/) const override {
QUICHE_DCHECK(false);
return false;
}
const CachedNetworkParameters* PreviousCachedNetworkParams() const override {
QUICHE_DCHECK(false);
return nullptr;
}
void SetPreviousCachedNetworkParams(
CachedNetworkParameters /*cached_network_params*/) override {
QUICHE_DCHECK(false);
}
};
class QUIC_EXPORT_PRIVATE QuicCryptoClientStream
: public QuicCryptoClientStreamBase {
public:
// kMaxClientHellos is the maximum number of times that we'll send a client
// hello. The value 4 accounts for:
// * One failure due to an incorrect or missing source-address token.
// * One failure due the server's certificate chain being unavailible and
// the server being unwilling to send it without a valid source-address
// token.
// * One failure due to the ServerConfig private key being located on a
// remote oracle which has become unavailable, forcing the server to send
// the client a fallback ServerConfig.
static const int kMaxClientHellos = 4;
// QuicCryptoClientStream creates a HandshakerInterface at construction time
// based on the QuicTransportVersion of the connection. Different
// HandshakerInterfaces provide implementations of different crypto handshake
// protocols. Currently QUIC crypto is the only protocol implemented; a future
// HandshakerInterface will use TLS as the handshake protocol.
// QuicCryptoClientStream delegates all of its public methods to its
// HandshakerInterface.
//
// This setup of the crypto stream delegating its implementation to the
// handshaker results in the handshaker reading and writing bytes on the
// crypto stream, instead of the handshaker passing the stream bytes to send.
class QUIC_EXPORT_PRIVATE HandshakerInterface {
public:
virtual ~HandshakerInterface() {}
// Performs a crypto handshake with the server. Returns true if the
// connection is still connected.
virtual bool CryptoConnect() = 0;
// DEPRECATED: Use IsResumption, EarlyDataAccepted, and/or
// ReceivedInchoateReject instead.
//
// num_sent_client_hellos returns the number of client hello messages that
// have been sent. If the handshake has completed then this is one greater
// than the number of round-trips needed for the handshake.
virtual int num_sent_client_hellos() const = 0;
// Returns true if the handshake performed was a resumption instead of a
// full handshake. Resumption only makes sense for TLS handshakes - there is
// no concept of resumption for QUIC crypto even though it supports a 0-RTT
// handshake. This function only returns valid results once the handshake is
// complete.
virtual bool IsResumption() const = 0;
// Returns true if early data (0-RTT) was accepted in the connection.
virtual bool EarlyDataAccepted() const = 0;
// Returns the ssl_early_data_reason_t describing why 0-RTT was accepted or
// rejected.
virtual ssl_early_data_reason_t EarlyDataReason() const = 0;
// Returns true if the client received an inchoate REJ during the handshake,
// extending the handshake by one round trip. This only applies for QUIC
// crypto handshakes. The equivalent feature in IETF QUIC is a Retry packet,
// but that is handled at the connection layer instead of the crypto layer.
virtual bool ReceivedInchoateReject() const = 0;
// The number of server config update messages received by the
// client. Does not count update messages that were received prior
// to handshake confirmation.
virtual int num_scup_messages_received() const = 0;
virtual std::string chlo_hash() const = 0;
// Returns true once any encrypter (initial/0RTT or final/1RTT) has been set
// for the connection.
virtual bool encryption_established() const = 0;
// Returns true if receiving CRYPTO_FRAME at encryption `level` is expected.
virtual bool IsCryptoFrameExpectedForEncryptionLevel(
EncryptionLevel level) const = 0;
// Returns the encryption level to send CRYPTO_FRAME for `space`.
virtual EncryptionLevel GetEncryptionLevelToSendCryptoDataOfSpace(
PacketNumberSpace space) const = 0;
// Returns true once 1RTT keys are available.
virtual bool one_rtt_keys_available() const = 0;
// Returns the parameters negotiated in the crypto handshake.
virtual const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
const = 0;
// Used by QuicCryptoStream to parse data received on this stream.
virtual CryptoMessageParser* crypto_message_parser() = 0;
// Used by QuicCryptoStream to know how much unprocessed data can be
// buffered at each encryption level.
virtual size_t BufferSizeLimitForLevel(EncryptionLevel level) const = 0;
// Called to generate a decrypter for the next key phase. Each call should
// generate the key for phase n+1.
virtual std::unique_ptr<QuicDecrypter>
AdvanceKeysAndCreateCurrentOneRttDecrypter() = 0;
// Called to generate an encrypter for the same key phase of the last
// decrypter returned by AdvanceKeysAndCreateCurrentOneRttDecrypter().
virtual std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() = 0;
// Returns current handshake state.
virtual HandshakeState GetHandshakeState() const = 0;
// Called when a 1RTT packet has been acknowledged.
virtual void OnOneRttPacketAcknowledged() = 0;
// Called when a packet of ENCRYPTION_HANDSHAKE gets sent.
virtual void OnHandshakePacketSent() = 0;
// Called when connection gets closed.
virtual void OnConnectionClosed(QuicErrorCode error,
ConnectionCloseSource source) = 0;
// Called when handshake done has been received.
virtual void OnHandshakeDoneReceived() = 0;
// Called when new token has been received.
virtual void OnNewTokenReceived(absl::string_view token) = 0;
// Called when application state is received.
virtual void SetServerApplicationStateForResumption(
std::unique_ptr<ApplicationState> application_state) = 0;
// Called to obtain keying material export of length |result_len| with the
// given |label| and |context|. Returns false on failure.
virtual bool ExportKeyingMaterial(absl::string_view label,
absl::string_view context,
size_t result_len,
std::string* result) = 0;
};
// ProofHandler is an interface that handles callbacks from the crypto
// stream when the client has proof verification details of the server.
class QUIC_EXPORT_PRIVATE ProofHandler {
public:
virtual ~ProofHandler() {}
// Called when the proof in |cached| is marked valid. If this is a secure
// QUIC session, then this will happen only after the proof verifier
// completes.
virtual void OnProofValid(
const QuicCryptoClientConfig::CachedState& cached) = 0;
// Called when proof verification details become available, either because
// proof verification is complete, or when cached details are used. This
// will only be called for secure QUIC connections.
virtual void OnProofVerifyDetailsAvailable(
const ProofVerifyDetails& verify_details) = 0;
};
QuicCryptoClientStream(const QuicServerId& server_id, QuicSession* session,
std::unique_ptr<ProofVerifyContext> verify_context,
QuicCryptoClientConfig* crypto_config,
ProofHandler* proof_handler,
bool has_application_state);
QuicCryptoClientStream(const QuicCryptoClientStream&) = delete;
QuicCryptoClientStream& operator=(const QuicCryptoClientStream&) = delete;
~QuicCryptoClientStream() override;
// From QuicCryptoClientStreamBase
bool CryptoConnect() override;
int num_sent_client_hellos() const override;
bool IsResumption() const override;
bool EarlyDataAccepted() const override;
ssl_early_data_reason_t EarlyDataReason() const override;
bool ReceivedInchoateReject() const override;
int num_scup_messages_received() const override;
// From QuicCryptoStream
bool encryption_established() const override;
bool one_rtt_keys_available() const override;
const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
const override;
CryptoMessageParser* crypto_message_parser() override;
void OnPacketDecrypted(EncryptionLevel /*level*/) override {}
void OnOneRttPacketAcknowledged() override;
void OnHandshakePacketSent() override;
void OnConnectionClosed(QuicErrorCode error,
ConnectionCloseSource source) override;
void OnHandshakeDoneReceived() override;
void OnNewTokenReceived(absl::string_view token) override;
HandshakeState GetHandshakeState() const override;
void SetServerApplicationStateForResumption(
std::unique_ptr<ApplicationState> application_state) override;
size_t BufferSizeLimitForLevel(EncryptionLevel level) const override;
std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter()
override;
std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override;
SSL* GetSsl() const override;
bool IsCryptoFrameExpectedForEncryptionLevel(
EncryptionLevel level) const override;
EncryptionLevel GetEncryptionLevelToSendCryptoDataOfSpace(
PacketNumberSpace space) const override;
bool ExportKeyingMaterial(absl::string_view label, absl::string_view context,
size_t result_len, std::string* result) override;
std::string chlo_hash() const;
protected:
void set_handshaker(std::unique_ptr<HandshakerInterface> handshaker) {
handshaker_ = std::move(handshaker);
}
private:
friend class test::QuicCryptoClientStreamPeer;
std::unique_ptr<HandshakerInterface> handshaker_;
// Points to |handshaker_| if it uses TLS1.3. Otherwise, nullptr.
// TODO(danzh) change the type of |handshaker_| to TlsClientHandshaker after
// deprecating Google QUIC.
TlsClientHandshaker* tls_handshaker_{nullptr};
};
} // namespace quic
#endif // QUICHE_QUIC_CORE_QUIC_CRYPTO_CLIENT_STREAM_H_