blob: f5a349f876b4e008154bfbe4bd94f4725154739c [file] [log] [blame]
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
#define QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_
#include <cstdint>
#include <memory>
#include <string>
#include "absl/strings/string_view.h"
#include "third_party/boringssl/src/include/openssl/ssl.h"
#include "net/third_party/quiche/src/quic/core/crypto/proof_verifier.h"
#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h"
#include "net/third_party/quiche/src/quic/core/crypto/tls_client_connection.h"
#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h"
#include "net/third_party/quiche/src/quic/core/quic_crypto_client_stream.h"
#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h"
#include "net/third_party/quiche/src/quic/core/tls_handshaker.h"
#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
namespace quic {
// An implementation of QuicCryptoClientStream::HandshakerInterface which uses
// TLS 1.3 for the crypto handshake protocol.
class QUIC_EXPORT_PRIVATE TlsClientHandshaker
: public TlsHandshaker,
public QuicCryptoClientStream::HandshakerInterface,
public TlsClientConnection::Delegate {
public:
TlsClientHandshaker(const QuicServerId& server_id,
QuicCryptoStream* stream,
QuicSession* session,
std::unique_ptr<ProofVerifyContext> verify_context,
QuicCryptoClientConfig* crypto_config,
QuicCryptoClientStream::ProofHandler* proof_handler,
bool has_application_state);
TlsClientHandshaker(const TlsClientHandshaker&) = delete;
TlsClientHandshaker& operator=(const TlsClientHandshaker&) = delete;
~TlsClientHandshaker() override;
// From QuicCryptoClientStream::HandshakerInterface
bool CryptoConnect() override;
int num_sent_client_hellos() const override;
bool IsResumption() const override;
bool EarlyDataAccepted() const override;
ssl_early_data_reason_t EarlyDataReason() const override;
bool ReceivedInchoateReject() const override;
int num_scup_messages_received() const override;
std::string chlo_hash() const override;
// From QuicCryptoClientStream::HandshakerInterface and TlsHandshaker
bool encryption_established() const override;
bool one_rtt_keys_available() const override;
const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
const override;
CryptoMessageParser* crypto_message_parser() override;
HandshakeState GetHandshakeState() const override;
size_t BufferSizeLimitForLevel(EncryptionLevel level) const override;
bool KeyUpdateSupportedLocally() const override;
std::unique_ptr<QuicDecrypter> AdvanceKeysAndCreateCurrentOneRttDecrypter()
override;
std::unique_ptr<QuicEncrypter> CreateCurrentOneRttEncrypter() override;
void OnOneRttPacketAcknowledged() override;
void OnHandshakePacketSent() override;
void OnConnectionClosed(QuicErrorCode error,
ConnectionCloseSource source) override;
void OnHandshakeDoneReceived() override;
void SetWriteSecret(EncryptionLevel level,
const SSL_CIPHER* cipher,
const std::vector<uint8_t>& write_secret) override;
// Override to drop initial keys if trying to write ENCRYPTION_HANDSHAKE data.
void WriteMessage(EncryptionLevel level, absl::string_view data) override;
void SetServerApplicationStateForResumption(
std::unique_ptr<ApplicationState> application_state) override;
void AllowEmptyAlpnForTests() { allow_empty_alpn_for_tests_ = true; }
void AllowInvalidSNIForTests() { allow_invalid_sni_for_tests_ = true; }
protected:
const TlsConnection* tls_connection() const override {
return &tls_connection_;
}
void AdvanceHandshake() override;
void CloseConnection(QuicErrorCode error,
const std::string& reason_phrase) override;
// TlsClientConnection::Delegate implementation:
enum ssl_verify_result_t VerifyCert(uint8_t* out_alert) override;
TlsConnection::Delegate* ConnectionDelegate() override { return this; }
private:
// ProofVerifierCallbackImpl handles the result of an asynchronous certificate
// verification operation.
class QUIC_EXPORT_PRIVATE ProofVerifierCallbackImpl
: public ProofVerifierCallback {
public:
explicit ProofVerifierCallbackImpl(TlsClientHandshaker* parent);
~ProofVerifierCallbackImpl() override;
// ProofVerifierCallback interface.
void Run(bool ok,
const std::string& error_details,
std::unique_ptr<ProofVerifyDetails>* details) override;
// If called, Cancel causes the pending callback to be a no-op.
void Cancel();
private:
TlsClientHandshaker* parent_;
};
enum State {
STATE_IDLE,
STATE_HANDSHAKE_RUNNING,
STATE_CERT_VERIFY_PENDING,
STATE_ENCRYPTION_HANDSHAKE_DATA_SENT,
STATE_HANDSHAKE_COMPLETE,
STATE_CONNECTION_CLOSED,
} state_ = STATE_IDLE;
bool SetAlpn();
bool SetTransportParameters();
bool ProcessTransportParameters(std::string* error_details);
void FinishHandshake();
void HandleZeroRttReject();
// Called when server completes handshake (i.e., either handshake done is
// received or 1-RTT packet gets acknowledged).
void OnHandshakeConfirmed();
void InsertSession(bssl::UniquePtr<SSL_SESSION> session) override;
bool PrepareZeroRttConfig(QuicResumptionState* cached_state);
QuicSession* session() { return session_; }
QuicSession* session_;
QuicServerId server_id_;
// Objects used for verifying the server's certificate chain.
// |proof_verifier_| is owned by the caller of TlsClientHandshaker's
// constructor.
ProofVerifier* proof_verifier_;
std::unique_ptr<ProofVerifyContext> verify_context_;
// Unowned pointer to the proof handler which has the
// OnProofVerifyDetailsAvailable callback to use for notifying the result of
// certificate verification.
QuicCryptoClientStream::ProofHandler* proof_handler_;
// Used for session resumption. |session_cache_| is owned by the
// QuicCryptoClientConfig passed into TlsClientHandshaker's constructor.
SessionCache* session_cache_;
std::string user_agent_id_;
// Pre-shared key used during the handshake.
std::string pre_shared_key_;
// ProofVerifierCallback used for async certificate verification. This object
// is owned by |proof_verifier_|.
ProofVerifierCallbackImpl* proof_verify_callback_ = nullptr;
std::unique_ptr<ProofVerifyDetails> verify_details_;
enum ssl_verify_result_t verify_result_ = ssl_verify_retry;
std::string cert_verify_error_details_;
bool encryption_established_ = false;
bool initial_keys_dropped_ = false;
bool one_rtt_keys_available_ = false;
bool handshake_confirmed_ = false;
QuicReferenceCountedPointer<QuicCryptoNegotiatedParameters>
crypto_negotiated_params_;
bool allow_empty_alpn_for_tests_ = false;
bool allow_invalid_sni_for_tests_ = false;
const bool has_application_state_;
// Contains the state for performing a resumption, if one is attempted. This
// will always be non-null if a 0-RTT resumption is attempted.
std::unique_ptr<QuicResumptionState> cached_state_;
TlsClientConnection tls_connection_;
// If |has_application_state_|, stores the tls session tickets before
// application state is received. The latest one is put in the front.
bssl::UniquePtr<SSL_SESSION> cached_tls_sessions_[2] = {};
std::unique_ptr<TransportParameters> received_transport_params_ = nullptr;
std::unique_ptr<ApplicationState> received_application_state_ = nullptr;
};
} // namespace quic
#endif // QUICHE_QUIC_CORE_TLS_CLIENT_HANDSHAKER_H_