quic/core/tls_server_handshaker.h - quiche - Git at Google

 // Copyright (c) 2017 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 #ifndef QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_
 #define QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_

 #include <string>

 #include "third_party/boringssl/src/include/openssl/pool.h"
 #include "third_party/boringssl/src/include/openssl/ssl.h"
 #include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h"
 #include "net/third_party/quiche/src/quic/core/proto/cached_network_parameters_proto.h"
 #include "net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h"
 #include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
 #include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
 #include "net/third_party/quiche/src/quic/platform/api/quic_export.h"

 namespace quic {

 // An implementation of QuicCryptoServerStream::HandshakerDelegate which uses
 // TLS 1.3 for the crypto handshake protocol.
 class QUIC_EXPORT_PRIVATE TlsServerHandshaker
     : public TlsHandshaker,
       public TlsServerConnection::Delegate,
       public QuicCryptoServerStream::HandshakerDelegate {
  public:
   TlsServerHandshaker(QuicCryptoStream* stream,
                       QuicSession* session,
                       SSL_CTX* ssl_ctx,
                       ProofSource* proof_source);
   TlsServerHandshaker(const TlsServerHandshaker&) = delete;
   TlsServerHandshaker& operator=(const TlsServerHandshaker&) = delete;

   ~TlsServerHandshaker() override;

   // From QuicCryptoServerStream::HandshakerDelegate
   void CancelOutstandingCallbacks() override;
   bool GetBase64SHA256ClientChannelID(std::string* output) const override;
   void SendServerConfigUpdate(
       const CachedNetworkParameters* cached_network_params) override;
   uint8_t NumHandshakeMessages() const override;
   uint8_t NumHandshakeMessagesWithServerNonces() const override;
   int NumServerConfigUpdateMessagesSent() const override;
   const CachedNetworkParameters* PreviousCachedNetworkParams() const override;
   bool ZeroRttAttempted() const override;
   void SetPreviousCachedNetworkParams(
       CachedNetworkParameters cached_network_params) override;
   bool ShouldSendExpectCTHeader() const override;

   // From QuicCryptoServerStream::HandshakerDelegate and TlsHandshaker
   bool encryption_established() const override;
   bool handshake_confirmed() const override;
   const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
       const override;
   CryptoMessageParser* crypto_message_parser() override;
   size_t BufferSizeLimitForLevel(EncryptionLevel level) const override;

  protected:
   const TlsConnection* tls_connection() const override {
     return &tls_connection_;
   }

   // Called when a new message is received on the crypto stream and is available
   // for the TLS stack to read.
   void AdvanceHandshake() override;
   void CloseConnection(QuicErrorCode error,
                        const std::string& reason_phrase) override;

   // TlsServerConnection::Delegate implementation:
   int SelectCertificate(int* out_alert) override;
   int SelectAlpn(const uint8_t** out,
                  uint8_t* out_len,
                  const uint8_t* in,
                  unsigned in_len) override;
   ssl_private_key_result_t PrivateKeySign(uint8_t* out,
                                           size_t* out_len,
                                           size_t max_out,
                                           uint16_t sig_alg,
                                           QuicStringPiece in) override;
   ssl_private_key_result_t PrivateKeyComplete(uint8_t* out,
                                               size_t* out_len,
                                               size_t max_out) override;
   TlsConnection::Delegate* ConnectionDelegate() override { return this; }

  private:
   class QUIC_EXPORT_PRIVATE SignatureCallback
       : public ProofSource::SignatureCallback {
    public:
     explicit SignatureCallback(TlsServerHandshaker* handshaker);
     void Run(bool ok, std::string signature) override;

     // If called, Cancel causes the pending callback to be a no-op.
     void Cancel();

    private:
     TlsServerHandshaker* handshaker_;
   };

   enum State {
     STATE_LISTENING,
     STATE_SIGNATURE_PENDING,
     STATE_SIGNATURE_COMPLETE,
     STATE_HANDSHAKE_COMPLETE,
     STATE_CONNECTION_CLOSED,
   };

   // Called when the TLS handshake is complete.
   void FinishHandshake();

   void CloseConnection(const std::string& reason_phrase);

   bool SetTransportParameters();
   bool ProcessTransportParameters(std::string* error_details);

   State state_ = STATE_LISTENING;

   ProofSource* proof_source_;
   SignatureCallback* signature_callback_ = nullptr;

   std::string hostname_;
   std::string cert_verify_sig_;

   bool encryption_established_ = false;
   bool handshake_confirmed_ = false;
   bool valid_alpn_received_ = false;
   QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
       crypto_negotiated_params_;
   TlsServerConnection tls_connection_;
 };

 }  // namespace quic

 #endif  // QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_
	// Copyright (c) 2017 The Chromium Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	#ifndef QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_
	#define QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_

	#include <string>

	#include "third_party/boringssl/src/include/openssl/pool.h"
	#include "third_party/boringssl/src/include/openssl/ssl.h"
	#include "net/third_party/quiche/src/quic/core/crypto/tls_server_connection.h"
	#include "net/third_party/quiche/src/quic/core/proto/cached_network_parameters_proto.h"
	#include "net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h"
	#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
	#include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
	#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"

	namespace quic {

	// An implementation of QuicCryptoServerStream::HandshakerDelegate which uses
	// TLS 1.3 for the crypto handshake protocol.
	class QUIC_EXPORT_PRIVATE TlsServerHandshaker
	: public TlsHandshaker,
	public TlsServerConnection::Delegate,
	public QuicCryptoServerStream::HandshakerDelegate {
	public:
	TlsServerHandshaker(QuicCryptoStream* stream,
	QuicSession* session,
	SSL_CTX* ssl_ctx,
	ProofSource* proof_source);
	TlsServerHandshaker(const TlsServerHandshaker&) = delete;
	TlsServerHandshaker& operator=(const TlsServerHandshaker&) = delete;

	~TlsServerHandshaker() override;

	// From QuicCryptoServerStream::HandshakerDelegate
	void CancelOutstandingCallbacks() override;
	bool GetBase64SHA256ClientChannelID(std::string* output) const override;
	void SendServerConfigUpdate(
	const CachedNetworkParameters* cached_network_params) override;
	uint8_t NumHandshakeMessages() const override;
	uint8_t NumHandshakeMessagesWithServerNonces() const override;
	int NumServerConfigUpdateMessagesSent() const override;
	const CachedNetworkParameters* PreviousCachedNetworkParams() const override;
	bool ZeroRttAttempted() const override;
	void SetPreviousCachedNetworkParams(
	CachedNetworkParameters cached_network_params) override;
	bool ShouldSendExpectCTHeader() const override;

	// From QuicCryptoServerStream::HandshakerDelegate and TlsHandshaker
	bool encryption_established() const override;
	bool handshake_confirmed() const override;
	const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
	const override;
	CryptoMessageParser* crypto_message_parser() override;
	size_t BufferSizeLimitForLevel(EncryptionLevel level) const override;

	protected:
	const TlsConnection* tls_connection() const override {
	return &tls_connection_;
	}

	// Called when a new message is received on the crypto stream and is available
	// for the TLS stack to read.
	void AdvanceHandshake() override;
	void CloseConnection(QuicErrorCode error,
	const std::string& reason_phrase) override;

	// TlsServerConnection::Delegate implementation:
	int SelectCertificate(int* out_alert) override;
	int SelectAlpn(const uint8_t** out,
	uint8_t* out_len,
	const uint8_t* in,
	unsigned in_len) override;
	ssl_private_key_result_t PrivateKeySign(uint8_t* out,
	size_t* out_len,
	size_t max_out,
	uint16_t sig_alg,
	QuicStringPiece in) override;
	ssl_private_key_result_t PrivateKeyComplete(uint8_t* out,
	size_t* out_len,
	size_t max_out) override;
	TlsConnection::Delegate* ConnectionDelegate() override { return this; }

	private:
	class QUIC_EXPORT_PRIVATE SignatureCallback
	: public ProofSource::SignatureCallback {
	public:
	explicit SignatureCallback(TlsServerHandshaker* handshaker);
	void Run(bool ok, std::string signature) override;

	// If called, Cancel causes the pending callback to be a no-op.
	void Cancel();

	private:
	TlsServerHandshaker* handshaker_;
	};

	enum State {
	STATE_LISTENING,
	STATE_SIGNATURE_PENDING,
	STATE_SIGNATURE_COMPLETE,
	STATE_HANDSHAKE_COMPLETE,
	STATE_CONNECTION_CLOSED,
	};

	// Called when the TLS handshake is complete.
	void FinishHandshake();

	void CloseConnection(const std::string& reason_phrase);

	bool SetTransportParameters();
	bool ProcessTransportParameters(std::string* error_details);

	State state_ = STATE_LISTENING;

	ProofSource* proof_source_;
	SignatureCallback* signature_callback_ = nullptr;

	std::string hostname_;
	std::string cert_verify_sig_;

	bool encryption_established_ = false;
	bool handshake_confirmed_ = false;
	bool valid_alpn_received_ = false;
	QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
	crypto_negotiated_params_;
	TlsServerConnection tls_connection_;
	};

	} // namespace quic

	#endif // QUICHE_QUIC_CORE_TLS_SERVER_HANDSHAKER_H_