| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 1 | // Copyright (c) 2019 The Chromium Authors. All rights reserved. |
| 2 | // Use of this source code is governed by a BSD-style license that can be |
| 3 | // found in the LICENSE file. |
| 4 | |
| 5 | #ifndef QUICHE_QUIC_CORE_CRYPTO_TLS_CONNECTION_H_ |
| 6 | #define QUICHE_QUIC_CORE_CRYPTO_TLS_CONNECTION_H_ |
| 7 | |
| 8 | #include <vector> |
| 9 | |
| 10 | #include "third_party/boringssl/src/include/openssl/ssl.h" |
| 11 | #include "net/third_party/quiche/src/quic/core/quic_types.h" |
| 12 | #include "net/third_party/quiche/src/quic/platform/api/quic_string_piece.h" |
| 13 | |
| 14 | namespace quic { |
| 15 | |
| 16 | // TlsConnection wraps BoringSSL's SSL object which represents a single TLS |
| 17 | // connection. Callbacks set in BoringSSL which are called with an SSL* argument |
| 18 | // will get dispatched to the TlsConnection object owning that SSL. In turn, the |
| 19 | // TlsConnection will delegate the implementation of that callback to its |
| 20 | // Delegate. |
| 21 | // |
| 22 | // The owner of the TlsConnection is responsible for driving the TLS handshake |
| 23 | // (and other interactions with the SSL*). This class only handles mapping |
| 24 | // callbacks to the correct instance. |
| renjietang | 96c1767 | 2019-06-14 12:50:14 -0700 | [diff] [blame] | 25 | class QUIC_EXPORT_PRIVATE TlsConnection { |
| nharper | 6ebe83b | 2019-06-13 17:43:52 -0700 | [diff] [blame] | 26 | public: |
| 27 | // A TlsConnection::Delegate implements the methods that are set as callbacks |
| 28 | // of TlsConnection. |
| 29 | class Delegate { |
| 30 | public: |
| 31 | virtual ~Delegate() {} |
| 32 | |
| 33 | protected: |
| 34 | // SetEncryptionSecret provides the encryption secrets to use at a |
| 35 | // particular encryption level |level|. The secrets provided here are the |
| 36 | // ones from the TLS 1.3 key schedule (RFC 8446 section 7.1), in particular |
| 37 | // the handshake traffic secrets and application traffic secrets. For a |
| 38 | // given level |level|, |read_secret| is the secret used for reading data, |
| 39 | // and |write_secret| is the secret used for writing data. |
| 40 | virtual void SetEncryptionSecret( |
| 41 | EncryptionLevel level, |
| 42 | const std::vector<uint8_t>& read_secret, |
| 43 | const std::vector<uint8_t>& write_secret) = 0; |
| 44 | |
| 45 | // WriteMessage is called when there is |data| from the TLS stack ready for |
| 46 | // the QUIC stack to write in a crypto frame. The data must be transmitted |
| 47 | // at encryption level |level|. |
| 48 | virtual void WriteMessage(EncryptionLevel level, QuicStringPiece data) = 0; |
| 49 | |
| 50 | // FlushFlight is called to signal that the current flight of messages have |
| 51 | // all been written (via calls to WriteMessage) and can be flushed to the |
| 52 | // underlying transport. |
| 53 | virtual void FlushFlight() = 0; |
| 54 | |
| 55 | // SendAlert causes this TlsConnection to close the QUIC connection with an |
| 56 | // error code corersponding to the TLS alert description |desc| sent at |
| 57 | // level |level|. |
| 58 | virtual void SendAlert(EncryptionLevel level, uint8_t desc) = 0; |
| 59 | |
| 60 | friend class TlsConnection; |
| 61 | }; |
| 62 | |
| 63 | TlsConnection(const TlsConnection&) = delete; |
| 64 | TlsConnection& operator=(const TlsConnection&) = delete; |
| 65 | |
| 66 | // Functions to convert between BoringSSL's enum ssl_encryption_level_t and |
| 67 | // QUIC's EncryptionLevel. |
| 68 | static EncryptionLevel QuicEncryptionLevel(enum ssl_encryption_level_t level); |
| 69 | static enum ssl_encryption_level_t BoringEncryptionLevel( |
| 70 | EncryptionLevel level); |
| 71 | |
| 72 | SSL* ssl() { return ssl_.get(); } |
| 73 | |
| 74 | protected: |
| 75 | // TlsConnection does not take ownership of any of its arguments; they must |
| 76 | // outlive the TlsConnection object. |
| 77 | TlsConnection(SSL_CTX* ssl_ctx, Delegate* delegate); |
| 78 | |
| 79 | // Creates an SSL_CTX and configures it with the options that are appropriate |
| 80 | // for both client and server. The caller is responsible for ownership of the |
| 81 | // newly created struct. |
| 82 | static bssl::UniquePtr<SSL_CTX> CreateSslCtx(); |
| 83 | |
| 84 | // From a given SSL* |ssl|, returns a pointer to the TlsConnection that it |
| 85 | // belongs to. This helper method allows the callbacks set in BoringSSL to be |
| 86 | // dispatched to the correct TlsConnection from the SSL* passed into the |
| 87 | // callback. |
| 88 | static TlsConnection* ConnectionFromSsl(const SSL* ssl); |
| 89 | |
| 90 | private: |
| 91 | // TlsConnection implements SSL_QUIC_METHOD, which provides the interface |
| 92 | // between BoringSSL's TLS stack and a QUIC implementation. |
| 93 | static const SSL_QUIC_METHOD kSslQuicMethod; |
| 94 | |
| 95 | // The following static functions make up the members of kSslQuicMethod: |
| 96 | static int SetEncryptionSecretCallback(SSL* ssl, |
| 97 | enum ssl_encryption_level_t level, |
| 98 | const uint8_t* read_key, |
| 99 | const uint8_t* write_key, |
| 100 | size_t key_length); |
| 101 | static int WriteMessageCallback(SSL* ssl, |
| 102 | enum ssl_encryption_level_t level, |
| 103 | const uint8_t* data, |
| 104 | size_t len); |
| 105 | static int FlushFlightCallback(SSL* ssl); |
| 106 | static int SendAlertCallback(SSL* ssl, |
| 107 | enum ssl_encryption_level_t level, |
| 108 | uint8_t desc); |
| 109 | |
| 110 | Delegate* delegate_; |
| 111 | bssl::UniquePtr<SSL> ssl_; |
| 112 | }; |
| 113 | |
| 114 | } // namespace quic |
| 115 | |
| 116 | #endif // QUICHE_QUIC_CORE_CRYPTO_TLS_CONNECTION_H_ |
