| // Copyright 2016 The Chromium Authors. All rights reserved. |
| // Use of this source code is governed by a BSD-style license that can be |
| // found in the LICENSE file. |
| |
| #include "net/third_party/quiche/src/quic/core/stateless_rejector.h" |
| |
| #include <string> |
| |
| #include "net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h" |
| #include "net/third_party/quiche/src/quic/platform/api/quic_bug_tracker.h" |
| #include "net/third_party/quiche/src/quic/platform/api/quic_flags.h" |
| |
| namespace quic { |
| |
| class StatelessRejector::ValidateCallback |
| : public ValidateClientHelloResultCallback { |
| public: |
| explicit ValidateCallback( |
| std::unique_ptr<StatelessRejector> rejector, |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> cb) |
| : rejector_(std::move(rejector)), cb_(std::move(cb)) {} |
| |
| ~ValidateCallback() override = default; |
| |
| void Run(QuicReferenceCountedPointer<Result> result, |
| std::unique_ptr<ProofSource::Details> /* proof_source_details */) |
| override { |
| StatelessRejector* rejector_ptr = rejector_.get(); |
| rejector_ptr->ProcessClientHello(std::move(result), std::move(rejector_), |
| std::move(cb_)); |
| } |
| |
| private: |
| std::unique_ptr<StatelessRejector> rejector_; |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> cb_; |
| }; |
| |
| StatelessRejector::StatelessRejector( |
| ParsedQuicVersion version, |
| const ParsedQuicVersionVector& versions, |
| const QuicCryptoServerConfig* crypto_config, |
| QuicCompressedCertsCache* compressed_certs_cache, |
| const QuicClock* clock, |
| QuicRandom* random, |
| QuicByteCount chlo_packet_size, |
| const QuicSocketAddress& client_address, |
| const QuicSocketAddress& server_address) |
| : state_(UNKNOWN), |
| error_(QUIC_INTERNAL_ERROR), |
| version_(version), |
| versions_(versions), |
| connection_id_(EmptyQuicConnectionId()), |
| chlo_packet_size_(chlo_packet_size), |
| client_address_(client_address), |
| server_address_(server_address), |
| clock_(clock), |
| random_(random), |
| crypto_config_(crypto_config), |
| compressed_certs_cache_(compressed_certs_cache), |
| signed_config_(new QuicSignedServerConfig), |
| params_(new QuicCryptoNegotiatedParameters) {} |
| |
| StatelessRejector::~StatelessRejector() = default; |
| |
| void StatelessRejector::OnChlo(QuicTransportVersion version, |
| QuicConnectionId connection_id, |
| QuicConnectionId server_designated_connection_id, |
| const CryptoHandshakeMessage& message) { |
| DCHECK_EQ(kCHLO, message.tag()); |
| DCHECK_NE(connection_id, server_designated_connection_id); |
| DCHECK_EQ(state_, UNKNOWN); |
| |
| if (!GetQuicReloadableFlag(enable_quic_stateless_reject_support) || |
| !GetQuicReloadableFlag(quic_use_cheap_stateless_rejects) || |
| !QuicCryptoServerStream::DoesPeerSupportStatelessRejects(message)) { |
| state_ = UNSUPPORTED; |
| return; |
| } |
| |
| connection_id_ = connection_id; |
| server_designated_connection_id_ = server_designated_connection_id; |
| chlo_ = message; // Note: copies the message |
| } |
| |
| void StatelessRejector::Process(std::unique_ptr<StatelessRejector> rejector, |
| std::unique_ptr<ProcessDoneCallback> done_cb) { |
| QUIC_BUG_IF(rejector->state() != UNKNOWN) << "StatelessRejector::Process " |
| "called for a rejector which " |
| "has already made a decision"; |
| StatelessRejector* rejector_ptr = rejector.get(); |
| rejector_ptr->crypto_config_->ValidateClientHello( |
| rejector_ptr->chlo_, rejector_ptr->client_address_.host(), |
| rejector_ptr->server_address_, rejector_ptr->version_.transport_version, |
| rejector_ptr->clock_, rejector_ptr->signed_config_, |
| std::unique_ptr<ValidateCallback>( |
| new ValidateCallback(std::move(rejector), std::move(done_cb)))); |
| } |
| |
| class StatelessRejector::ProcessClientHelloCallback |
| : public ProcessClientHelloResultCallback { |
| public: |
| ProcessClientHelloCallback( |
| std::unique_ptr<StatelessRejector> rejector, |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> done_cb) |
| : rejector_(std::move(rejector)), done_cb_(std::move(done_cb)) {} |
| |
| void Run(QuicErrorCode error, |
| const std::string& error_details, |
| std::unique_ptr<CryptoHandshakeMessage> message, |
| std::unique_ptr<DiversificationNonce> diversification_nonce, |
| std::unique_ptr<ProofSource::Details> /* proof_source_details */) |
| override { |
| StatelessRejector* rejector_ptr = rejector_.get(); |
| rejector_ptr->ProcessClientHelloDone( |
| error, error_details, std::move(message), std::move(rejector_), |
| std::move(done_cb_)); |
| } |
| |
| private: |
| std::unique_ptr<StatelessRejector> rejector_; |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> done_cb_; |
| }; |
| |
| void StatelessRejector::ProcessClientHello( |
| QuicReferenceCountedPointer<ValidateClientHelloResultCallback::Result> |
| result, |
| std::unique_ptr<StatelessRejector> rejector, |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> done_cb) { |
| std::unique_ptr<ProcessClientHelloCallback> cb( |
| new ProcessClientHelloCallback(std::move(rejector), std::move(done_cb))); |
| crypto_config_->ProcessClientHello( |
| result, |
| /*reject_only=*/true, connection_id_, server_address_, client_address_, |
| version_, versions_, |
| /*use_stateless_rejects=*/true, server_designated_connection_id_, clock_, |
| random_, compressed_certs_cache_, params_, signed_config_, |
| QuicCryptoStream::CryptoMessageFramingOverhead(version_.transport_version, |
| connection_id_), |
| chlo_packet_size_, std::move(cb)); |
| } |
| |
| void StatelessRejector::ProcessClientHelloDone( |
| QuicErrorCode error, |
| const std::string& error_details, |
| std::unique_ptr<CryptoHandshakeMessage> message, |
| std::unique_ptr<StatelessRejector> rejector, |
| std::unique_ptr<StatelessRejector::ProcessDoneCallback> done_cb) { |
| reply_ = std::move(message); |
| |
| if (error != QUIC_NO_ERROR) { |
| error_ = error; |
| error_details_ = error_details; |
| state_ = FAILED; |
| } else if (reply_->tag() == kSREJ) { |
| state_ = REJECTED; |
| } else { |
| state_ = ACCEPTED; |
| } |
| done_cb->Run(std::move(rejector)); |
| } |
| |
| } // namespace quic |