Google Git
Sign in
quiche / quiche / aabddeb126d4f64c7176b28ff970547cb6509d4b / . / quic / core / tls_client_handshaker.cc
blob: ab8ba6455f0305c352381b6a4110660d140cd75f [file] [log] [blame]
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]1// Copyright (c) 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
QUICHE team5be974e2020-12-29 18:35:24 -0500[diff] [blame]5#include "quic/core/tls_client_handshaker.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]6
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]7#include <cstring>
vasilvv872e7a32019-03-12 16:42:44 -0700[diff] [blame]8#include <string>
9
bnc1c9cb6b2021-01-23 05:51:24 -0800[diff] [blame]10#include "absl/strings/str_cat.h"
vasilvvc872ee42020-10-07 19:50:22 -0700[diff] [blame]11#include "absl/strings/string_view.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]12#include "third_party/boringssl/src/include/openssl/ssl.h"
QUICHE team5be974e2020-12-29 18:35:24 -0500[diff] [blame]13#include "quic/core/crypto/quic_crypto_client_config.h"
14#include "quic/core/crypto/quic_encrypter.h"
15#include "quic/core/crypto/transport_parameters.h"
16#include "quic/core/quic_session.h"
17#include "quic/core/quic_types.h"
18#include "quic/platform/api/quic_flags.h"
19#include "quic/platform/api/quic_hostname_utils.h"
bnc9de6abe2021-04-28 06:24:19 -0700[diff] [blame]20#include "common/quiche_text_utils.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]21
22namespace quic {
23
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]24TlsClientHandshaker::TlsClientHandshaker(
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]25 const QuicServerId& server_id,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]26 QuicCryptoStream* stream,
27 QuicSession* session,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]28 std::unique_ptr<ProofVerifyContext> verify_context,
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]29 QuicCryptoClientConfig* crypto_config,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]30 QuicCryptoClientStream::ProofHandler* proof_handler,
31 bool has_application_state)
nharper80d3b172020-01-17 11:43:39 -0800[diff] [blame]32 : TlsHandshaker(stream, session),
nharperf579b5e2020-01-21 14:11:18 -0800[diff] [blame]33 session_(session),
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]34 server_id_(server_id),
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]35 proof_verifier_(crypto_config->proof_verifier()),
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]36 verify_context_(std::move(verify_context)),
nharper40bdf532019-10-03 11:16:22 -0700[diff] [blame]37 proof_handler_(proof_handler),
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]38 session_cache_(crypto_config->session_cache()),
39 user_agent_id_(crypto_config->user_agent_id()),
dschinaziaaaf1a42020-04-16 11:44:31 -0700[diff] [blame]40 pre_shared_key_(crypto_config->pre_shared_key()),
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]41 crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]42 has_application_state_(has_application_state),
fayang133b8682020-12-08 05:50:33 -0800[diff] [blame]43 crypto_config_(crypto_config),
wub26729912021-06-09 12:04:34 -0700[diff] [blame]44 tls_connection_(crypto_config->ssl_ctx(), this, session->GetSSLConfig()) {
fayang5e0ef2b2021-05-12 14:16:28 -0700[diff] [blame]45 std::string token =
46 crypto_config->LookupOrCreate(server_id)->source_address_token();
47 if (!token.empty()) {
48 session->SetSourceAddressTokenToSend(token);
fayang133b8682020-12-08 05:50:33 -0800[diff] [blame]49 }
50}
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]51
nharpere62aab72020-11-04 16:32:09 -0800[diff] [blame]52TlsClientHandshaker::~TlsClientHandshaker() {}
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]53
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]54bool TlsClientHandshaker::CryptoConnect() {
dschinaziaaaf1a42020-04-16 11:44:31 -0700[diff] [blame]55 if (!pre_shared_key_.empty()) {
56 // TODO(b/154162689) add PSK support to QUIC+TLS.
57 std::string error_details =
58 "QUIC client pre-shared keys not yet supported with TLS";
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]59 QUIC_BUG(quic_bug_10576_1) << error_details;
dschinaziaaaf1a42020-04-16 11:44:31 -0700[diff] [blame]60 CloseConnection(QUIC_HANDSHAKE_FAILED, error_details);
61 return false;
62 }
63
dschinazi869e4342021-02-01 15:41:46 -0800[diff] [blame]64 // Make sure we use the right TLS extension codepoint.
65 int use_legacy_extension = 0;
66 if (session()->version().UsesLegacyTlsExtension()) {
67 use_legacy_extension = 1;
68 }
69 SSL_set_quic_use_legacy_codepoint(ssl(), use_legacy_extension);
70
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]71 // Set the SNI to send, if any.
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]72 SSL_set_connect_state(ssl());
nharpere0f979c2020-05-05 17:31:55 -0700[diff] [blame]73 if (QUIC_DLOG_INFO_IS_ON() &&
74 !QuicHostnameUtils::IsValidSNI(server_id_.host())) {
75 QUIC_DLOG(INFO) << "Client configured with invalid hostname \""
76 << server_id_.host() << "\", not sending as SNI";
77 }
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]78 if (!server_id_.host().empty() &&
nharpere0f979c2020-05-05 17:31:55 -0700[diff] [blame]79 (QuicHostnameUtils::IsValidSNI(server_id_.host()) ||
80 allow_invalid_sni_for_tests_) &&
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]81 SSL_set_tlsext_host_name(ssl(), server_id_.host().c_str()) != 1) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]82 return false;
83 }
84
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]85 if (!SetAlpn()) {
86 CloseConnection(QUIC_HANDSHAKE_FAILED, "Client failed to set ALPN");
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]87 return false;
88 }
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]89
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]90 // Set the Transport Parameters to send in the ClientHello
91 if (!SetTransportParameters()) {
92 CloseConnection(QUIC_HANDSHAKE_FAILED,
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]93 "Client failed to set Transport Parameters");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]94 return false;
95 }
96
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]97 // Set a session to resume, if there is one.
98 if (session_cache_) {
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]99 cached_state_ = session_cache_->Lookup(server_id_, SSL_get_SSL_CTX(ssl()));
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]100 }
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]101 if (cached_state_) {
102 SSL_set_session(ssl(), cached_state_->tls_session.get());
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]103 }
104
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]105 // Start the handshake.
106 AdvanceHandshake();
107 return session()->connection()->connected();
108}
109
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]110bool TlsClientHandshaker::PrepareZeroRttConfig(
111 QuicResumptionState* cached_state) {
112 std::string error_details;
renjietang58468982020-08-18 17:05:29 -0700[diff] [blame]113 if (!cached_state->transport_params ||
114 handshaker_delegate()->ProcessTransportParameters(
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]115 *(cached_state->transport_params),
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]116 /*is_resumption = */ true, &error_details) != QUIC_NO_ERROR) {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]117 QUIC_BUG(quic_bug_10576_2)
QUICHE teamb244e1e2021-03-08 15:53:46 -0800[diff] [blame]118 << "Unable to parse cached transport parameters.";
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]119 CloseConnection(QUIC_HANDSHAKE_FAILED,
120 "Client failed to parse cached Transport Parameters.");
121 return false;
122 }
renjietang8957c6e2020-08-12 16:08:21 -0700[diff] [blame]123
124 session()->connection()->OnTransportParametersResumed(
125 *(cached_state->transport_params));
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]126 session()->OnConfigNegotiated();
127
128 if (has_application_state_) {
renjietang58468982020-08-18 17:05:29 -0700[diff] [blame]129 if (!cached_state->application_state ||
130 !session()->ResumeApplicationState(
131 cached_state->application_state.get())) {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]132 QUIC_BUG(quic_bug_10576_3) << "Unable to parse cached application state.";
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]133 CloseConnection(QUIC_HANDSHAKE_FAILED,
134 "Client failed to parse cached application state.");
135 return false;
136 }
137 }
138 return true;
139}
140
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]141static bool IsValidAlpn(const std::string& alpn_string) {
142 return alpn_string.length() <= std::numeric_limits<uint8_t>::max();
143}
144
145bool TlsClientHandshaker::SetAlpn() {
146 std::vector<std::string> alpns = session()->GetAlpnsToOffer();
147 if (alpns.empty()) {
148 if (allow_empty_alpn_for_tests_) {
149 return true;
150 }
151
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]152 QUIC_BUG(quic_bug_10576_4) << "ALPN missing";
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]153 return false;
154 }
155 if (!std::all_of(alpns.begin(), alpns.end(), IsValidAlpn)) {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]156 QUIC_BUG(quic_bug_10576_5) << "ALPN too long";
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]157 return false;
158 }
159
160 // SSL_set_alpn_protos expects a sequence of one-byte-length-prefixed
161 // strings.
162 uint8_t alpn[1024];
163 QuicDataWriter alpn_writer(sizeof(alpn), reinterpret_cast<char*>(alpn));
164 bool success = true;
165 for (const std::string& alpn_string : alpns) {
166 success = success && alpn_writer.WriteUInt8(alpn_string.size()) &&
167 alpn_writer.WriteStringPiece(alpn_string);
168 }
169 success =
170 success && (SSL_set_alpn_protos(ssl(), alpn, alpn_writer.length()) == 0);
171 if (!success) {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]172 QUIC_BUG(quic_bug_10576_6)
QUICHE teamb244e1e2021-03-08 15:53:46 -0800[diff] [blame]173 << "Failed to set ALPN: "
174 << quiche::QuicheTextUtils::HexDump(
175 absl::string_view(alpn_writer.data(), alpn_writer.length()));
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]176 return false;
177 }
bnc1c9cb6b2021-01-23 05:51:24 -0800[diff] [blame]178
bncd939efc2021-03-08 05:47:44 -0800[diff] [blame]179 // Enable ALPS only for versions that use HTTP/3 frames.
bnc126f68e2021-04-19 15:48:44 -0700[diff] [blame]180 for (const std::string& alpn_string : alpns) {
181 ParsedQuicVersion version = ParseQuicVersionString(alpn_string);
182 if (!version.IsKnown() || !version.UsesHttp3()) {
183 continue;
184 }
185 if (SSL_add_application_settings(
186 ssl(), reinterpret_cast<const uint8_t*>(alpn_string.data()),
187 alpn_string.size(), nullptr, /* settings_len = */ 0) != 1) {
188 QUIC_BUG(quic_bug_10576_7) << "Failed to enable ALPS.";
189 return false;
bnc1c9cb6b2021-01-23 05:51:24 -0800[diff] [blame]190 }
191 }
192
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]193 QUIC_DLOG(INFO) << "Client using ALPN: '" << alpns[0] << "'";
194 return true;
195}
196
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]197bool TlsClientHandshaker::SetTransportParameters() {
198 TransportParameters params;
199 params.perspective = Perspective::IS_CLIENT;
200 params.version =
201 CreateQuicVersionLabel(session()->supported_versions().front());
202
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]203 if (!handshaker_delegate()->FillTransportParameters(&params)) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]204 return false;
205 }
dschinazi83c586a2020-07-07 11:50:45 -0700[diff] [blame]206 if (!user_agent_id_.empty()) {
207 params.user_agent_id = user_agent_id_;
dschinazi7e51f6b2020-05-13 17:36:44 -0700[diff] [blame]208 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]209
dschinazi631f1602020-05-19 10:10:22 -0700[diff] [blame]210 // Notify QuicConnectionDebugVisitor.
211 session()->connection()->OnTransportParametersSent(params);
212
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]213 std::vector<uint8_t> param_bytes;
dschinazi6c84c142019-07-31 09:11:49 -0700[diff] [blame]214 return SerializeTransportParameters(session()->connection()->version(),
215 params, &param_bytes) &&
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]216 SSL_set_quic_transport_params(ssl(), param_bytes.data(),
217 param_bytes.size()) == 1;
218}
219
220bool TlsClientHandshaker::ProcessTransportParameters(
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]221 std::string* error_details) {
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]222 received_transport_params_ = std::make_unique<TransportParameters>();
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]223 const uint8_t* param_bytes;
224 size_t param_bytes_len;
225 SSL_get_peer_quic_transport_params(ssl(), &param_bytes, &param_bytes_len);
dschinazi7b8f0c72020-03-02 13:17:57 -0800[diff] [blame]226 if (param_bytes_len == 0) {
227 *error_details = "Server's transport parameters are missing";
228 return false;
229 }
230 std::string parse_error_details;
231 if (!ParseTransportParameters(
232 session()->connection()->version(), Perspective::IS_SERVER,
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]233 param_bytes, param_bytes_len, received_transport_params_.get(),
234 &parse_error_details)) {
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]235 QUICHE_DCHECK(!parse_error_details.empty());
dschinazi7b8f0c72020-03-02 13:17:57 -0800[diff] [blame]236 *error_details =
237 "Unable to parse server's transport parameters: " + parse_error_details;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]238 return false;
239 }
240
dschinazi631f1602020-05-19 10:10:22 -0700[diff] [blame]241 // Notify QuicConnectionDebugVisitor.
242 session()->connection()->OnTransportParametersReceived(
243 *received_transport_params_);
244
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]245 // When interoperating with non-Google implementations that do not send
246 // the version extension, set it to what we expect.
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]247 if (received_transport_params_->version == 0) {
248 received_transport_params_->version =
249 CreateQuicVersionLabel(session()->connection()->version());
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]250 }
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]251 if (received_transport_params_->supported_versions.empty()) {
252 received_transport_params_->supported_versions.push_back(
253 received_transport_params_->version);
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]254 }
255
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]256 if (received_transport_params_->version !=
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]257 CreateQuicVersionLabel(session()->connection()->version())) {
258 *error_details = "Version mismatch detected";
259 return false;
260 }
261 if (CryptoUtils::ValidateServerHelloVersions(
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]262 received_transport_params_->supported_versions,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]263 session()->connection()->server_supported_versions(),
264 error_details) != QUIC_NO_ERROR ||
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]265 handshaker_delegate()->ProcessTransportParameters(
266 *received_transport_params_, /* is_resumption = */ false,
renjietangc31106b2020-05-06 10:44:17 -0700[diff] [blame]267 error_details) != QUIC_NO_ERROR) {
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]268 QUICHE_DCHECK(!error_details->empty());
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]269 return false;
270 }
271
272 session()->OnConfigNegotiated();
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]273 if (is_connection_closed()) {
renjietang92346b62020-05-11 13:15:24 -0700[diff] [blame]274 *error_details =
275 "Session closed the connection when parsing negotiated config.";
276 return false;
277 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]278 return true;
279}
280
281int TlsClientHandshaker::num_sent_client_hellos() const {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]282 return 0;
283}
284
nharper02703962019-11-07 12:23:13 -0800[diff] [blame]285bool TlsClientHandshaker::IsResumption() const {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]286 QUIC_BUG_IF(quic_bug_12736_1, !one_rtt_keys_available());
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]287 return SSL_session_reused(ssl()) == 1;
nharper02703962019-11-07 12:23:13 -0800[diff] [blame]288}
289
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]290bool TlsClientHandshaker::EarlyDataAccepted() const {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]291 QUIC_BUG_IF(quic_bug_12736_2, !one_rtt_keys_available());
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]292 return SSL_early_data_accepted(ssl()) == 1;
293}
294
nharper26e3e882020-09-09 12:30:55 -0700[diff] [blame]295ssl_early_data_reason_t TlsClientHandshaker::EarlyDataReason() const {
nharper6a6bd312020-09-17 13:20:53 -0700[diff] [blame]296 return TlsHandshaker::EarlyDataReason();
nharper26e3e882020-09-09 12:30:55 -0700[diff] [blame]297}
298
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]299bool TlsClientHandshaker::ReceivedInchoateReject() const {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]300 QUIC_BUG_IF(quic_bug_12736_3, !one_rtt_keys_available());
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]301 // REJ messages are a QUIC crypto feature, so TLS always returns false.
302 return false;
303}
304
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]305int TlsClientHandshaker::num_scup_messages_received() const {
306 // SCUP messages aren't sent or received when using the TLS handshake.
307 return 0;
308}
309
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]310std::string TlsClientHandshaker::chlo_hash() const {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]311 return "";
312}
313
314bool TlsClientHandshaker::encryption_established() const {
315 return encryption_established_;
316}
317
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]318bool TlsClientHandshaker::one_rtt_keys_available() const {
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]319 return state_ >= HANDSHAKE_COMPLETE;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]320}
321
322const QuicCryptoNegotiatedParameters&
323TlsClientHandshaker::crypto_negotiated_params() const {
324 return *crypto_negotiated_params_;
325}
326
327CryptoMessageParser* TlsClientHandshaker::crypto_message_parser() {
328 return TlsHandshaker::crypto_message_parser();
329}
330
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]331HandshakeState TlsClientHandshaker::GetHandshakeState() const {
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]332 return state_;
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]333}
334
nharper486a8a92019-08-28 16:25:10 -0700[diff] [blame]335size_t TlsClientHandshaker::BufferSizeLimitForLevel(
336 EncryptionLevel level) const {
337 return TlsHandshaker::BufferSizeLimitForLevel(level);
338}
339
mattm072a7e32020-10-09 16:16:56 -0700[diff] [blame]340bool TlsClientHandshaker::KeyUpdateSupportedLocally() const {
341 return true;
342}
343
344std::unique_ptr<QuicDecrypter>
345TlsClientHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter() {
346 return TlsHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter();
347}
348
349std::unique_ptr<QuicEncrypter>
350TlsClientHandshaker::CreateCurrentOneRttEncrypter() {
351 return TlsHandshaker::CreateCurrentOneRttEncrypter();
352}
353
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]354void TlsClientHandshaker::OnOneRttPacketAcknowledged() {
355 OnHandshakeConfirmed();
356}
357
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]358void TlsClientHandshaker::OnHandshakePacketSent() {
359 if (initial_keys_dropped_) {
360 return;
361 }
fayangbfc15ea2020-05-13 12:48:32 -0700[diff] [blame]362 initial_keys_dropped_ = true;
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]363 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
364 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_INITIAL);
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]365}
366
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]367void TlsClientHandshaker::OnConnectionClosed(QuicErrorCode error,
368 ConnectionCloseSource source) {
369 TlsHandshaker::OnConnectionClosed(error, source);
fayanga6a85a82020-05-04 08:58:53 -0700[diff] [blame]370}
371
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]372void TlsClientHandshaker::OnHandshakeDoneReceived() {
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]373 if (!one_rtt_keys_available()) {
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]374 CloseConnection(QUIC_HANDSHAKE_FAILED,
375 "Unexpected handshake done received");
376 return;
377 }
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]378 OnHandshakeConfirmed();
379}
380
fayang133b8682020-12-08 05:50:33 -0800[diff] [blame]381void TlsClientHandshaker::OnNewTokenReceived(absl::string_view token) {
382 if (token.empty()) {
383 return;
384 }
385 QuicCryptoClientConfig::CachedState* cached =
386 crypto_config_->LookupOrCreate(server_id_);
387 cached->set_source_address_token(token);
388}
389
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]390void TlsClientHandshaker::SetWriteSecret(
391 EncryptionLevel level,
392 const SSL_CIPHER* cipher,
393 const std::vector<uint8_t>& write_secret) {
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]394 if (is_connection_closed()) {
fayanga6a85a82020-05-04 08:58:53 -0700[diff] [blame]395 return;
396 }
renjietangce663db2020-05-28 13:50:15 -0700[diff] [blame]397 if (level == ENCRYPTION_FORWARD_SECURE || level == ENCRYPTION_ZERO_RTT) {
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]398 encryption_established_ = true;
399 }
400 TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
fayangbb003dd2020-10-27 15:25:26 -0700[diff] [blame]401 if (level == ENCRYPTION_FORWARD_SECURE) {
fayang9261a8a2020-09-22 07:29:46 -0700[diff] [blame]402 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_ZERO_RTT);
403 }
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]404}
405
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]406void TlsClientHandshaker::OnHandshakeConfirmed() {
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]407 QUICHE_DCHECK(one_rtt_keys_available());
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]408 if (state_ >= HANDSHAKE_CONFIRMED) {
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]409 return;
410 }
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]411 state_ = HANDSHAKE_CONFIRMED;
renjietangbd33b622020-02-12 16:52:30 -0800[diff] [blame]412 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
413 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]414}
415
nharpere62aab72020-11-04 16:32:09 -0800[diff] [blame]416QuicAsyncStatus TlsClientHandshaker::VerifyCertChain(
417 const std::vector<std::string>& certs,
418 std::string* error_details,
419 std::unique_ptr<ProofVerifyDetails>* details,
nharper54fc9ab2020-11-12 11:07:39 -0800[diff] [blame]420 uint8_t* out_alert,
nharpere62aab72020-11-04 16:32:09 -0800[diff] [blame]421 std::unique_ptr<ProofVerifierCallback> callback) {
422 const uint8_t* ocsp_response_raw;
423 size_t ocsp_response_len;
424 SSL_get0_ocsp_response(ssl(), &ocsp_response_raw, &ocsp_response_len);
425 std::string ocsp_response(reinterpret_cast<const char*>(ocsp_response_raw),
426 ocsp_response_len);
427 const uint8_t* sct_list_raw;
428 size_t sct_list_len;
429 SSL_get0_signed_cert_timestamp_list(ssl(), &sct_list_raw, &sct_list_len);
430 std::string sct_list(reinterpret_cast<const char*>(sct_list_raw),
431 sct_list_len);
432
433 return proof_verifier_->VerifyCertChain(
434 server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list,
nharper54fc9ab2020-11-12 11:07:39 -0800[diff] [blame]435 verify_context_.get(), error_details, details, out_alert,
436 std::move(callback));
nharpere62aab72020-11-04 16:32:09 -0800[diff] [blame]437}
438
439void TlsClientHandshaker::OnProofVerifyDetailsAvailable(
440 const ProofVerifyDetails& verify_details) {
441 proof_handler_->OnProofVerifyDetailsAvailable(verify_details);
442}
443
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]444void TlsClientHandshaker::FinishHandshake() {
wub48b16812021-04-30 10:22:22 -0700[diff] [blame]445 FillNegotiatedParams();
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]446
wub48b16812021-04-30 10:22:22 -0700[diff] [blame]447 if (retry_handshake_on_early_data_) {
448 QUICHE_CHECK(!SSL_in_early_data(ssl()));
449 } else {
450 if (SSL_in_early_data(ssl())) {
451 // SSL_do_handshake returns after sending the ClientHello if the session
452 // is 0-RTT-capable, which means that FinishHandshake will get called
453 // twice - the first time after sending the ClientHello, and the second
454 // time after the handshake is complete. If we're in the first time
455 // FinishHandshake is called, we can't do any end-of-handshake processing.
456
457 // If we're attempting a 0-RTT handshake, then we need to let the
458 // transport and application know what state to apply to early data.
459 PrepareZeroRttConfig(cached_state_.get());
460 return;
461 }
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]462 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]463 QUIC_LOG(INFO) << "Client: handshake finished";
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]464
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]465 std::string error_details;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]466 if (!ProcessTransportParameters(&error_details)) {
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]467 QUICHE_DCHECK(!error_details.empty());
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]468 CloseConnection(QUIC_HANDSHAKE_FAILED, error_details);
469 return;
470 }
471
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]472 const uint8_t* alpn_data = nullptr;
473 unsigned alpn_length = 0;
474 SSL_get0_alpn_selected(ssl(), &alpn_data, &alpn_length);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]475
476 if (alpn_length == 0) {
477 QUIC_DLOG(ERROR) << "Client: server did not select ALPN";
478 // TODO(b/130164908) this should send no_application_protocol
479 // instead of QUIC_HANDSHAKE_FAILED.
480 CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN");
481 return;
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]482 }
483
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]484 std::string received_alpn_string(reinterpret_cast<const char*>(alpn_data),
485 alpn_length);
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]486 std::vector<std::string> offered_alpns = session()->GetAlpnsToOffer();
487 if (std::find(offered_alpns.begin(), offered_alpns.end(),
488 received_alpn_string) == offered_alpns.end()) {
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]489 QUIC_LOG(ERROR) << "Client: received mismatched ALPN '"
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]490 << received_alpn_string;
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]491 // TODO(b/130164908) this should send no_application_protocol
492 // instead of QUIC_HANDSHAKE_FAILED.
493 CloseConnection(QUIC_HANDSHAKE_FAILED, "Client received mismatched ALPN");
494 return;
495 }
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]496 session()->OnAlpnSelected(received_alpn_string);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]497 QUIC_DLOG(INFO) << "Client: server selected ALPN: '" << received_alpn_string
498 << "'";
bnc1c9cb6b2021-01-23 05:51:24 -0800[diff] [blame]499
500 // Parse ALPS extension.
bnc126f68e2021-04-19 15:48:44 -0700[diff] [blame]501 const uint8_t* alps_data;
502 size_t alps_length;
503 SSL_get0_peer_application_settings(ssl(), &alps_data, &alps_length);
504 if (alps_length > 0) {
505 auto error = session()->OnAlpsData(alps_data, alps_length);
506 if (error) {
507 // Calling CloseConnection() is safe even in case OnAlpsData() has
508 // already closed the connection.
509 CloseConnection(
510 QUIC_HANDSHAKE_FAILED,
511 absl::StrCat("Error processing ALPS data: ", error.value()));
512 return;
bnc1c9cb6b2021-01-23 05:51:24 -0800[diff] [blame]513 }
514 }
515
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]516 state_ = HANDSHAKE_COMPLETE;
renjietangc50cc4a2020-08-17 18:33:30 -0700[diff] [blame]517 handshaker_delegate()->OnTlsHandshakeComplete();
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]518}
519
wub48b16812021-04-30 10:22:22 -0700[diff] [blame]520void TlsClientHandshaker::OnEnterEarlyData() {
521 QUICHE_DCHECK(retry_handshake_on_early_data_);
522 QUICHE_DCHECK(SSL_in_early_data(ssl()));
523
524 // TODO(wub): It might be unnecessary to FillNegotiatedParams() at this time,
525 // because we fill it again when handshake completes.
526 FillNegotiatedParams();
527
528 // If we're attempting a 0-RTT handshake, then we need to let the transport
529 // and application know what state to apply to early data.
530 PrepareZeroRttConfig(cached_state_.get());
531}
532
533void TlsClientHandshaker::FillNegotiatedParams() {
534 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
535 if (cipher) {
536 crypto_negotiated_params_->cipher_suite =
537 SSL_CIPHER_get_protocol_id(cipher);
538 }
539 crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
540 crypto_negotiated_params_->peer_signature_algorithm =
541 SSL_get_peer_signature_algorithm(ssl());
542}
543
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]544void TlsClientHandshaker::ProcessPostHandshakeMessage() {
545 int rv = SSL_process_quic_post_handshake(ssl());
546 if (rv != 1) {
547 CloseConnection(QUIC_HANDSHAKE_FAILED, "Unexpected post-handshake data");
548 }
549}
550
551bool TlsClientHandshaker::ShouldCloseConnectionOnUnexpectedError(
552 int ssl_error) {
553 if (ssl_error != SSL_ERROR_EARLY_DATA_REJECTED) {
554 return true;
555 }
556 HandleZeroRttReject();
557 return false;
558}
559
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]560void TlsClientHandshaker::HandleZeroRttReject() {
561 QUIC_LOG(INFO) << "0-RTT handshake attempted but was rejected by the server";
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]562 QUICHE_DCHECK(session_cache_);
renjietang37d4ae12020-06-18 11:18:31 -0700[diff] [blame]563 // Disable encrytion to block outgoing data until 1-RTT keys are available.
564 encryption_established_ = false;
renjietangf71e8062020-09-14 12:01:15 -0700[diff] [blame]565 handshaker_delegate()->OnZeroRttRejected(EarlyDataReason());
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]566 SSL_reset_early_data_reject(ssl());
renjietang8aff71f2020-05-21 17:24:29 -0700[diff] [blame]567 session_cache_->ClearEarlyData(server_id_);
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]568 AdvanceHandshake();
569}
570
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]571void TlsClientHandshaker::InsertSession(bssl::UniquePtr<SSL_SESSION> session) {
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]572 if (!received_transport_params_) {
QUICHE team460f2702021-03-16 15:08:15 -0700[diff] [blame]573 QUIC_BUG(quic_bug_10576_8) << "Transport parameters isn't received";
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]574 return;
575 }
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]576 if (session_cache_ == nullptr) {
577 QUIC_DVLOG(1) << "No session cache, not inserting a session";
578 return;
579 }
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]580 if (has_application_state_ && !received_application_state_) {
581 // Application state is not received yet. cache the sessions.
582 if (cached_tls_sessions_[0] != nullptr) {
583 cached_tls_sessions_[1] = std::move(cached_tls_sessions_[0]);
584 }
585 cached_tls_sessions_[0] = std::move(session);
586 return;
587 }
588 session_cache_->Insert(server_id_, std::move(session),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]589 *received_transport_params_,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]590 received_application_state_.get());
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]591}
592
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]593void TlsClientHandshaker::WriteMessage(EncryptionLevel level,
vasilvvc872ee42020-10-07 19:50:22 -0700[diff] [blame]594 absl::string_view data) {
nharper0ab1c662020-11-02 17:05:32 -0800[diff] [blame]595 if (level == ENCRYPTION_HANDSHAKE && state_ < HANDSHAKE_PROCESSED) {
596 state_ = HANDSHAKE_PROCESSED;
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]597 }
598 TlsHandshaker::WriteMessage(level, data);
599}
600
nharperac52a862020-06-08 12:41:06 -0700[diff] [blame]601void TlsClientHandshaker::SetServerApplicationStateForResumption(
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]602 std::unique_ptr<ApplicationState> application_state) {
vasilvvf8035162021-02-01 14:49:14 -0800[diff] [blame]603 QUICHE_DCHECK(one_rtt_keys_available());
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]604 received_application_state_ = std::move(application_state);
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]605 // At least one tls session is cached before application state is received. So
606 // insert now.
607 if (session_cache_ != nullptr && cached_tls_sessions_[0] != nullptr) {
608 if (cached_tls_sessions_[1] != nullptr) {
609 // Insert the older session first.
610 session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[1]),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]611 *received_transport_params_,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]612 received_application_state_.get());
613 }
614 session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[0]),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]615 *received_transport_params_,
renjietang28e3a762020-04-16 12:16:17 -0700[diff] [blame]616 received_application_state_.get());
617 }
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]618}
619
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]620} // namespace quic