Google Git
Sign in
quiche / quiche.git / 85f18900f41d65dfe417a549703bd4b46289bed3 / . / quic / core / tls_client_handshaker.h
blob: 3647e10f084ea8a7f2f0459ab53193a3899e6264 [file] [log] [blame]
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]1// Copyright (c) 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
6#define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
7
vasilvv872e7a32019-03-12 16:42:44 -0700[diff] [blame]8#include <string>
9
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]10#include "third_party/boringssl/src/include/openssl/ssl.h"
11#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
12#include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h"
13#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
14#include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
15#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]16
17namespace quic {
18
19// An implementation of QuicCryptoClientStream::HandshakerDelegate which uses
20// TLS 1.3 for the crypto handshake protocol.
21class QUIC_EXPORT_PRIVATE TlsClientHandshaker
22 : public QuicCryptoClientStream::HandshakerDelegate,
23 public TlsHandshaker {
24 public:
25 TlsClientHandshaker(QuicCryptoStream* stream,
26 QuicSession* session,
27 const QuicServerId& server_id,
28 ProofVerifier* proof_verifier,
29 SSL_CTX* ssl_ctx,
30 std::unique_ptr<ProofVerifyContext> verify_context,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]31 const std::string& user_agent_id);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]32 TlsClientHandshaker(const TlsClientHandshaker&) = delete;
33 TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete;
34
35 ~TlsClientHandshaker() override;
36
37 // Creates and configures an SSL_CTX to be used with a TlsClientHandshaker.
38 // The caller is responsible for ownership of the newly created struct.
39 static bssl::UniquePtr<SSL_CTX> CreateSslCtx();
40
41 // From QuicCryptoClientStream::HandshakerDelegate
42 bool CryptoConnect() override;
43 int num_sent_client_hellos() const override;
44 int num_scup_messages_received() const override;
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]45 std::string chlo_hash() const override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]46
47 // From QuicCryptoClientStream::HandshakerDelegate and TlsHandshaker
48 bool encryption_established() const override;
49 bool handshake_confirmed() const override;
50 const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
51 const override;
52 CryptoMessageParser* crypto_message_parser() override;
53
54 private:
55 // ProofVerifierCallbackImpl handles the result of an asynchronous certificate
56 // verification operation.
57 class ProofVerifierCallbackImpl : public ProofVerifierCallback {
58 public:
59 explicit ProofVerifierCallbackImpl(TlsClientHandshaker* parent);
60 ~ProofVerifierCallbackImpl() override;
61
62 // ProofVerifierCallback interface.
63 void Run(bool ok,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]64 const std::string& error_details,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]65 std::unique_ptr<ProofVerifyDetails>* details) override;
66
67 // If called, Cancel causes the pending callback to be a no-op.
68 void Cancel();
69
70 private:
71 TlsClientHandshaker* parent_;
72 };
73
74 enum State {
75 STATE_IDLE,
76 STATE_HANDSHAKE_RUNNING,
77 STATE_CERT_VERIFY_PENDING,
78 STATE_HANDSHAKE_COMPLETE,
79 STATE_CONNECTION_CLOSED,
80 } state_ = STATE_IDLE;
81
82 bool SetTransportParameters();
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]83 bool ProcessTransportParameters(std::string* error_details);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]84 void FinishHandshake();
85
86 void AdvanceHandshake() override;
87 void CloseConnection(QuicErrorCode error,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]88 const std::string& reason_phrase) override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]89
90 // Certificate verification functions:
91
92 enum ssl_verify_result_t VerifyCert(uint8_t* out_alert);
93 // Static method to supply to SSL_set_custom_verify.
94 static enum ssl_verify_result_t VerifyCallback(SSL* ssl, uint8_t* out_alert);
95
96 // Takes an SSL* |ssl| and returns a pointer to the TlsClientHandshaker that
97 // it belongs to. This is a specialization of
98 // TlsHandshaker::HandshakerFromSsl.
99 static TlsClientHandshaker* HandshakerFromSsl(SSL* ssl);
100
101 QuicServerId server_id_;
102
103 // Objects used for verifying the server's certificate chain.
104 // |proof_verifier_| is owned by the caller of TlsClientHandshaker's
105 // constructor.
106 ProofVerifier* proof_verifier_;
107 std::unique_ptr<ProofVerifyContext> verify_context_;
108
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]109 std::string user_agent_id_;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]110
111 // ProofVerifierCallback used for async certificate verification. This object
112 // is owned by |proof_verifier_|.
113 ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr;
114 std::unique_ptr<ProofVerifyDetails> verify_details_;
115 enum ssl_verify_result_t verify_result_ = ssl_verify_retry;
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]116 std::string cert_verify_error_details_;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]117
118 bool encryption_established_ = false;
119 bool handshake_confirmed_ = false;
120 QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
121 crypto_negotiated_params_;
122};
123
124} // namespace quic
125
126#endif // QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_