Google Git
Sign in
quiche / quiche / bb003dd7b64eacffd85cb795cdabbc7305162ada / . / quic / core / tls_client_handshaker.cc
blob: c38724b4454adbc43ec1f71e31f334563b1353a0 [file] [log] [blame]
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]1// Copyright (c) 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#include "net/third_party/quiche/src/quic/core/tls_client_handshaker.h"
6
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]7#include <cstring>
vasilvv872e7a32019-03-12 16:42:44 -0700[diff] [blame]8#include <string>
9
vasilvvc872ee42020-10-07 19:50:22 -0700[diff] [blame]10#include "absl/strings/string_view.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]11#include "third_party/boringssl/src/include/openssl/ssl.h"
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]12#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_client_config.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]13#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
14#include "net/third_party/quiche/src/quic/core/crypto/transport_parameters.h"
15#include "net/third_party/quiche/src/quic/core/quic_session.h"
renjietange7b2cd82020-06-03 16:59:18 -0700[diff] [blame]16#include "net/third_party/quiche/src/quic/core/quic_types.h"
renjietang4ff9ceb2020-05-07 14:19:13 -0700[diff] [blame]17#include "net/third_party/quiche/src/quic/platform/api/quic_flags.h"
nharpere0f979c2020-05-05 17:31:55 -0700[diff] [blame]18#include "net/third_party/quiche/src/quic/platform/api/quic_hostname_utils.h"
dmcardlecf0bfcf2019-12-13 08:08:21 -0800[diff] [blame]19#include "net/third_party/quiche/src/common/platform/api/quiche_text_utils.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]20
21namespace quic {
22
23TlsClientHandshaker::ProofVerifierCallbackImpl::ProofVerifierCallbackImpl(
24 TlsClientHandshaker* parent)
25 : parent_(parent) {}
26
27TlsClientHandshaker::ProofVerifierCallbackImpl::~ProofVerifierCallbackImpl() {}
28
29void TlsClientHandshaker::ProofVerifierCallbackImpl::Run(
30 bool ok,
dschinazi17d42422019-06-18 16:35:07 -0700[diff] [blame]31 const std::string& /*error_details*/,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]32 std::unique_ptr<ProofVerifyDetails>* details) {
33 if (parent_ == nullptr) {
34 return;
35 }
36
37 parent_->verify_details_ = std::move(*details);
38 parent_->verify_result_ = ok ? ssl_verify_ok : ssl_verify_invalid;
39 parent_->state_ = STATE_HANDSHAKE_RUNNING;
40 parent_->proof_verify_callback_ = nullptr;
nharperbe646e52020-04-16 13:24:18 -0700[diff] [blame]41 if (parent_->verify_details_) {
42 parent_->proof_handler_->OnProofVerifyDetailsAvailable(
43 *parent_->verify_details_);
44 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]45 parent_->AdvanceHandshake();
46}
47
48void TlsClientHandshaker::ProofVerifierCallbackImpl::Cancel() {
49 parent_ = nullptr;
50}
51
52TlsClientHandshaker::TlsClientHandshaker(
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]53 const QuicServerId& server_id,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]54 QuicCryptoStream* stream,
55 QuicSession* session,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]56 std::unique_ptr<ProofVerifyContext> verify_context,
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]57 QuicCryptoClientConfig* crypto_config,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]58 QuicCryptoClientStream::ProofHandler* proof_handler,
59 bool has_application_state)
nharper80d3b172020-01-17 11:43:39 -0800[diff] [blame]60 : TlsHandshaker(stream, session),
nharperf579b5e2020-01-21 14:11:18 -0800[diff] [blame]61 session_(session),
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]62 server_id_(server_id),
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]63 proof_verifier_(crypto_config->proof_verifier()),
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]64 verify_context_(std::move(verify_context)),
nharper40bdf532019-10-03 11:16:22 -0700[diff] [blame]65 proof_handler_(proof_handler),
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]66 session_cache_(crypto_config->session_cache()),
67 user_agent_id_(crypto_config->user_agent_id()),
dschinaziaaaf1a42020-04-16 11:44:31 -0700[diff] [blame]68 pre_shared_key_(crypto_config->pre_shared_key()),
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]69 crypto_negotiated_params_(new QuicCryptoNegotiatedParameters),
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]70 has_application_state_(has_application_state),
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]71 tls_connection_(crypto_config->ssl_ctx(), this) {}
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]72
73TlsClientHandshaker::~TlsClientHandshaker() {
74 if (proof_verify_callback_) {
75 proof_verify_callback_->Cancel();
76 }
77}
78
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]79bool TlsClientHandshaker::CryptoConnect() {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]80 state_ = STATE_HANDSHAKE_RUNNING;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]81
dschinaziaaaf1a42020-04-16 11:44:31 -0700[diff] [blame]82 if (!pre_shared_key_.empty()) {
83 // TODO(b/154162689) add PSK support to QUIC+TLS.
84 std::string error_details =
85 "QUIC client pre-shared keys not yet supported with TLS";
86 QUIC_BUG << error_details;
87 CloseConnection(QUIC_HANDSHAKE_FAILED, error_details);
88 return false;
89 }
90
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]91 // Set the SNI to send, if any.
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]92 SSL_set_connect_state(ssl());
nharpere0f979c2020-05-05 17:31:55 -0700[diff] [blame]93 if (QUIC_DLOG_INFO_IS_ON() &&
94 !QuicHostnameUtils::IsValidSNI(server_id_.host())) {
95 QUIC_DLOG(INFO) << "Client configured with invalid hostname \""
96 << server_id_.host() << "\", not sending as SNI";
97 }
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]98 if (!server_id_.host().empty() &&
nharpere0f979c2020-05-05 17:31:55 -0700[diff] [blame]99 (QuicHostnameUtils::IsValidSNI(server_id_.host()) ||
100 allow_invalid_sni_for_tests_) &&
nharper0f51d2e2019-12-11 17:52:05 -0800[diff] [blame]101 SSL_set_tlsext_host_name(ssl(), server_id_.host().c_str()) != 1) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]102 return false;
103 }
104
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]105 if (!SetAlpn()) {
106 CloseConnection(QUIC_HANDSHAKE_FAILED, "Client failed to set ALPN");
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]107 return false;
108 }
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]109
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]110 // Set the Transport Parameters to send in the ClientHello
111 if (!SetTransportParameters()) {
112 CloseConnection(QUIC_HANDSHAKE_FAILED,
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]113 "Client failed to set Transport Parameters");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]114 return false;
115 }
116
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]117 // Set a session to resume, if there is one.
118 if (session_cache_) {
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]119 cached_state_ = session_cache_->Lookup(server_id_, SSL_get_SSL_CTX(ssl()));
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]120 }
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]121 if (cached_state_) {
122 SSL_set_session(ssl(), cached_state_->tls_session.get());
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]123 }
124
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]125 // Start the handshake.
126 AdvanceHandshake();
127 return session()->connection()->connected();
128}
129
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]130bool TlsClientHandshaker::PrepareZeroRttConfig(
131 QuicResumptionState* cached_state) {
132 std::string error_details;
renjietang58468982020-08-18 17:05:29 -0700[diff] [blame]133 if (!cached_state->transport_params ||
134 handshaker_delegate()->ProcessTransportParameters(
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]135 *(cached_state->transport_params),
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]136 /*is_resumption = */ true, &error_details) != QUIC_NO_ERROR) {
137 QUIC_BUG << "Unable to parse cached transport parameters.";
138 CloseConnection(QUIC_HANDSHAKE_FAILED,
139 "Client failed to parse cached Transport Parameters.");
140 return false;
141 }
renjietang8957c6e2020-08-12 16:08:21 -0700[diff] [blame]142
143 session()->connection()->OnTransportParametersResumed(
144 *(cached_state->transport_params));
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]145 session()->OnConfigNegotiated();
146
147 if (has_application_state_) {
renjietang58468982020-08-18 17:05:29 -0700[diff] [blame]148 if (!cached_state->application_state ||
149 !session()->ResumeApplicationState(
150 cached_state->application_state.get())) {
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]151 QUIC_BUG << "Unable to parse cached application state.";
152 CloseConnection(QUIC_HANDSHAKE_FAILED,
153 "Client failed to parse cached application state.");
154 return false;
155 }
156 }
157 return true;
158}
159
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]160static bool IsValidAlpn(const std::string& alpn_string) {
161 return alpn_string.length() <= std::numeric_limits<uint8_t>::max();
162}
163
164bool TlsClientHandshaker::SetAlpn() {
165 std::vector<std::string> alpns = session()->GetAlpnsToOffer();
166 if (alpns.empty()) {
167 if (allow_empty_alpn_for_tests_) {
168 return true;
169 }
170
171 QUIC_BUG << "ALPN missing";
172 return false;
173 }
174 if (!std::all_of(alpns.begin(), alpns.end(), IsValidAlpn)) {
175 QUIC_BUG << "ALPN too long";
176 return false;
177 }
178
179 // SSL_set_alpn_protos expects a sequence of one-byte-length-prefixed
180 // strings.
181 uint8_t alpn[1024];
182 QuicDataWriter alpn_writer(sizeof(alpn), reinterpret_cast<char*>(alpn));
183 bool success = true;
184 for (const std::string& alpn_string : alpns) {
185 success = success && alpn_writer.WriteUInt8(alpn_string.size()) &&
186 alpn_writer.WriteStringPiece(alpn_string);
187 }
188 success =
189 success && (SSL_set_alpn_protos(ssl(), alpn, alpn_writer.length()) == 0);
190 if (!success) {
191 QUIC_BUG << "Failed to set ALPN: "
vasilvvc872ee42020-10-07 19:50:22 -0700[diff] [blame]192 << quiche::QuicheTextUtils::HexDump(absl::string_view(
dmcardlecf0bfcf2019-12-13 08:08:21 -0800[diff] [blame]193 alpn_writer.data(), alpn_writer.length()));
vasilvv4724c9c2019-08-29 11:52:11 -0700[diff] [blame]194 return false;
195 }
196 QUIC_DLOG(INFO) << "Client using ALPN: '" << alpns[0] << "'";
197 return true;
198}
199
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]200bool TlsClientHandshaker::SetTransportParameters() {
201 TransportParameters params;
202 params.perspective = Perspective::IS_CLIENT;
203 params.version =
204 CreateQuicVersionLabel(session()->supported_versions().front());
205
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]206 if (!handshaker_delegate()->FillTransportParameters(&params)) {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]207 return false;
208 }
dschinazi83c586a2020-07-07 11:50:45 -0700[diff] [blame]209 if (!user_agent_id_.empty()) {
210 params.user_agent_id = user_agent_id_;
dschinazi7e51f6b2020-05-13 17:36:44 -0700[diff] [blame]211 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]212
dschinazi631f1602020-05-19 10:10:22 -0700[diff] [blame]213 // Notify QuicConnectionDebugVisitor.
214 session()->connection()->OnTransportParametersSent(params);
215
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]216 std::vector<uint8_t> param_bytes;
dschinazi6c84c142019-07-31 09:11:49 -0700[diff] [blame]217 return SerializeTransportParameters(session()->connection()->version(),
218 params, &param_bytes) &&
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]219 SSL_set_quic_transport_params(ssl(), param_bytes.data(),
220 param_bytes.size()) == 1;
221}
222
223bool TlsClientHandshaker::ProcessTransportParameters(
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]224 std::string* error_details) {
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]225 received_transport_params_ = std::make_unique<TransportParameters>();
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]226 const uint8_t* param_bytes;
227 size_t param_bytes_len;
228 SSL_get_peer_quic_transport_params(ssl(), &param_bytes, &param_bytes_len);
dschinazi7b8f0c72020-03-02 13:17:57 -0800[diff] [blame]229 if (param_bytes_len == 0) {
230 *error_details = "Server's transport parameters are missing";
231 return false;
232 }
233 std::string parse_error_details;
234 if (!ParseTransportParameters(
235 session()->connection()->version(), Perspective::IS_SERVER,
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]236 param_bytes, param_bytes_len, received_transport_params_.get(),
237 &parse_error_details)) {
dschinazi7b8f0c72020-03-02 13:17:57 -0800[diff] [blame]238 DCHECK(!parse_error_details.empty());
239 *error_details =
240 "Unable to parse server's transport parameters: " + parse_error_details;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]241 return false;
242 }
243
dschinazi631f1602020-05-19 10:10:22 -0700[diff] [blame]244 // Notify QuicConnectionDebugVisitor.
245 session()->connection()->OnTransportParametersReceived(
246 *received_transport_params_);
247
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]248 // When interoperating with non-Google implementations that do not send
249 // the version extension, set it to what we expect.
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]250 if (received_transport_params_->version == 0) {
251 received_transport_params_->version =
252 CreateQuicVersionLabel(session()->connection()->version());
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]253 }
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]254 if (received_transport_params_->supported_versions.empty()) {
255 received_transport_params_->supported_versions.push_back(
256 received_transport_params_->version);
dschinazi6cf4d2a2019-04-30 16:20:23 -0700[diff] [blame]257 }
258
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]259 if (received_transport_params_->version !=
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]260 CreateQuicVersionLabel(session()->connection()->version())) {
261 *error_details = "Version mismatch detected";
262 return false;
263 }
264 if (CryptoUtils::ValidateServerHelloVersions(
renjietangcc12f432020-04-09 16:44:22 -0700[diff] [blame]265 received_transport_params_->supported_versions,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]266 session()->connection()->server_supported_versions(),
267 error_details) != QUIC_NO_ERROR ||
dschinazi2c4d8332020-05-27 17:23:32 -0700[diff] [blame]268 handshaker_delegate()->ProcessTransportParameters(
269 *received_transport_params_, /* is_resumption = */ false,
renjietangc31106b2020-05-06 10:44:17 -0700[diff] [blame]270 error_details) != QUIC_NO_ERROR) {
dschinazid1967a22019-04-03 16:11:32 -0700[diff] [blame]271 DCHECK(!error_details->empty());
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]272 return false;
273 }
274
275 session()->OnConfigNegotiated();
renjietang92346b62020-05-11 13:15:24 -0700[diff] [blame]276 if (state_ == STATE_CONNECTION_CLOSED) {
277 *error_details =
278 "Session closed the connection when parsing negotiated config.";
279 return false;
280 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]281 return true;
282}
283
284int TlsClientHandshaker::num_sent_client_hellos() const {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]285 return 0;
286}
287
nharper02703962019-11-07 12:23:13 -0800[diff] [blame]288bool TlsClientHandshaker::IsResumption() const {
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]289 QUIC_BUG_IF(!one_rtt_keys_available_);
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]290 return SSL_session_reused(ssl()) == 1;
nharper02703962019-11-07 12:23:13 -0800[diff] [blame]291}
292
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]293bool TlsClientHandshaker::EarlyDataAccepted() const {
294 QUIC_BUG_IF(!one_rtt_keys_available_);
295 return SSL_early_data_accepted(ssl()) == 1;
296}
297
nharper26e3e882020-09-09 12:30:55 -0700[diff] [blame]298ssl_early_data_reason_t TlsClientHandshaker::EarlyDataReason() const {
nharper6a6bd312020-09-17 13:20:53 -0700[diff] [blame]299 return TlsHandshaker::EarlyDataReason();
nharper26e3e882020-09-09 12:30:55 -0700[diff] [blame]300}
301
nharper4084fc92020-02-10 14:43:35 -0800[diff] [blame]302bool TlsClientHandshaker::ReceivedInchoateReject() const {
303 QUIC_BUG_IF(!one_rtt_keys_available_);
304 // REJ messages are a QUIC crypto feature, so TLS always returns false.
305 return false;
306}
307
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]308int TlsClientHandshaker::num_scup_messages_received() const {
309 // SCUP messages aren't sent or received when using the TLS handshake.
310 return 0;
311}
312
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]313std::string TlsClientHandshaker::chlo_hash() const {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]314 return "";
315}
316
317bool TlsClientHandshaker::encryption_established() const {
318 return encryption_established_;
319}
320
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]321bool TlsClientHandshaker::one_rtt_keys_available() const {
322 return one_rtt_keys_available_;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]323}
324
325const QuicCryptoNegotiatedParameters&
326TlsClientHandshaker::crypto_negotiated_params() const {
327 return *crypto_negotiated_params_;
328}
329
330CryptoMessageParser* TlsClientHandshaker::crypto_message_parser() {
331 return TlsHandshaker::crypto_message_parser();
332}
333
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]334HandshakeState TlsClientHandshaker::GetHandshakeState() const {
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]335 if (handshake_confirmed_) {
336 return HANDSHAKE_CONFIRMED;
337 }
fayang9a863cf2020-01-16 14:12:11 -0800[diff] [blame]338 if (one_rtt_keys_available_) {
339 return HANDSHAKE_COMPLETE;
340 }
341 if (state_ >= STATE_ENCRYPTION_HANDSHAKE_DATA_SENT) {
342 return HANDSHAKE_PROCESSED;
343 }
344 return HANDSHAKE_START;
345}
346
nharper486a8a92019-08-28 16:25:10 -0700[diff] [blame]347size_t TlsClientHandshaker::BufferSizeLimitForLevel(
348 EncryptionLevel level) const {
349 return TlsHandshaker::BufferSizeLimitForLevel(level);
350}
351
mattm072a7e32020-10-09 16:16:56 -0700[diff] [blame]352bool TlsClientHandshaker::KeyUpdateSupportedLocally() const {
353 return true;
354}
355
356std::unique_ptr<QuicDecrypter>
357TlsClientHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter() {
358 return TlsHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter();
359}
360
361std::unique_ptr<QuicEncrypter>
362TlsClientHandshaker::CreateCurrentOneRttEncrypter() {
363 return TlsHandshaker::CreateCurrentOneRttEncrypter();
364}
365
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]366void TlsClientHandshaker::OnOneRttPacketAcknowledged() {
367 OnHandshakeConfirmed();
368}
369
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]370void TlsClientHandshaker::OnHandshakePacketSent() {
371 if (initial_keys_dropped_) {
372 return;
373 }
fayangbfc15ea2020-05-13 12:48:32 -0700[diff] [blame]374 initial_keys_dropped_ = true;
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]375 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_INITIAL);
376 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_INITIAL);
fayang44ae4e92020-04-28 13:09:42 -0700[diff] [blame]377}
378
fayanga6a85a82020-05-04 08:58:53 -0700[diff] [blame]379void TlsClientHandshaker::OnConnectionClosed(QuicErrorCode /*error*/,
380 ConnectionCloseSource /*source*/) {
381 state_ = STATE_CONNECTION_CLOSED;
382}
383
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]384void TlsClientHandshaker::OnHandshakeDoneReceived() {
385 if (!one_rtt_keys_available_) {
386 CloseConnection(QUIC_HANDSHAKE_FAILED,
387 "Unexpected handshake done received");
388 return;
389 }
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]390 OnHandshakeConfirmed();
391}
392
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]393void TlsClientHandshaker::SetWriteSecret(
394 EncryptionLevel level,
395 const SSL_CIPHER* cipher,
396 const std::vector<uint8_t>& write_secret) {
fayanga6a85a82020-05-04 08:58:53 -0700[diff] [blame]397 if (state_ == STATE_CONNECTION_CLOSED) {
398 return;
399 }
renjietangce663db2020-05-28 13:50:15 -0700[diff] [blame]400 if (level == ENCRYPTION_FORWARD_SECURE || level == ENCRYPTION_ZERO_RTT) {
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]401 encryption_established_ = true;
402 }
403 TlsHandshaker::SetWriteSecret(level, cipher, write_secret);
fayangbb003dd2020-10-27 15:25:26 -0700[diff] [blame^]404 if (level == ENCRYPTION_FORWARD_SECURE) {
fayang9261a8a2020-09-22 07:29:46 -0700[diff] [blame]405 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_ZERO_RTT);
406 }
fayanga45ee8a2020-03-20 08:56:11 -0700[diff] [blame]407}
408
fayang2f2915d2020-01-24 06:47:15 -0800[diff] [blame]409void TlsClientHandshaker::OnHandshakeConfirmed() {
410 DCHECK(one_rtt_keys_available_);
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]411 if (handshake_confirmed_) {
412 return;
413 }
414 handshake_confirmed_ = true;
renjietangbd33b622020-02-12 16:52:30 -0800[diff] [blame]415 handshaker_delegate()->DiscardOldEncryptionKey(ENCRYPTION_HANDSHAKE);
416 handshaker_delegate()->DiscardOldDecryptionKey(ENCRYPTION_HANDSHAKE);
fayang01062942020-01-22 07:23:23 -0800[diff] [blame]417}
418
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]419void TlsClientHandshaker::AdvanceHandshake() {
420 if (state_ == STATE_CONNECTION_CLOSED) {
421 QUIC_LOG(INFO)
422 << "TlsClientHandshaker received message after connection closed";
423 return;
424 }
425 if (state_ == STATE_IDLE) {
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]426 CloseConnection(QUIC_HANDSHAKE_FAILED,
427 "Client observed TLS handshake idle failure");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]428 return;
429 }
430 if (state_ == STATE_HANDSHAKE_COMPLETE) {
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]431 int rv = SSL_process_quic_post_handshake(ssl());
432 if (rv != 1) {
433 CloseConnection(QUIC_HANDSHAKE_FAILED, "Unexpected post-handshake data");
434 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]435 return;
436 }
437
438 QUIC_LOG(INFO) << "TlsClientHandshaker: continuing handshake";
439 int rv = SSL_do_handshake(ssl());
440 if (rv == 1) {
441 FinishHandshake();
442 return;
443 }
444 int ssl_error = SSL_get_error(ssl(), rv);
445 bool should_close = true;
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]446 if (ssl_error == SSL_ERROR_EARLY_DATA_REJECTED) {
447 HandleZeroRttReject();
448 return;
449 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]450 switch (state_) {
451 case STATE_HANDSHAKE_RUNNING:
452 should_close = ssl_error != SSL_ERROR_WANT_READ;
453 break;
454 case STATE_CERT_VERIFY_PENDING:
455 should_close = ssl_error != SSL_ERROR_WANT_CERTIFICATE_VERIFY;
456 break;
457 default:
458 should_close = true;
459 }
460 if (should_close && state_ != STATE_CONNECTION_CLOSED) {
461 // TODO(nharper): Surface error details from the error queue when ssl_error
462 // is SSL_ERROR_SSL.
463 QUIC_LOG(WARNING) << "SSL_do_handshake failed; closing connection";
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]464 CloseConnection(QUIC_HANDSHAKE_FAILED,
465 "Client observed TLS handshake failure");
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]466 }
467}
468
469void TlsClientHandshaker::CloseConnection(QuicErrorCode error,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]470 const std::string& reason_phrase) {
dschinazid1967a22019-04-03 16:11:32 -0700[diff] [blame]471 DCHECK(!reason_phrase.empty());
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]472 state_ = STATE_CONNECTION_CLOSED;
renjietang87df0d02020-02-13 11:53:52 -0800[diff] [blame]473 stream()->OnUnrecoverableError(error, reason_phrase);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]474}
475
476void TlsClientHandshaker::FinishHandshake() {
nharper808b6c72020-09-08 13:53:49 -0700[diff] [blame]477 // Fill crypto_negotiated_params_:
478 const SSL_CIPHER* cipher = SSL_get_current_cipher(ssl());
479 if (cipher) {
480 crypto_negotiated_params_->cipher_suite = SSL_CIPHER_get_value(cipher);
481 }
482 crypto_negotiated_params_->key_exchange_group = SSL_get_curve_id(ssl());
483 crypto_negotiated_params_->peer_signature_algorithm =
484 SSL_get_peer_signature_algorithm(ssl());
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]485 if (SSL_in_early_data(ssl())) {
486 // SSL_do_handshake returns after sending the ClientHello if the session is
487 // 0-RTT-capable, which means that FinishHandshake will get called twice -
488 // the first time after sending the ClientHello, and the second time after
489 // the handshake is complete. If we're in the first time FinishHandshake is
nharper786a4ab2020-07-10 11:56:01 -0700[diff] [blame]490 // called, we can't do any end-of-handshake processing.
491
492 // If we're attempting a 0-RTT handshake, then we need to let the transport
493 // and application know what state to apply to early data.
494 PrepareZeroRttConfig(cached_state_.get());
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]495 return;
496 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]497 QUIC_LOG(INFO) << "Client: handshake finished";
498 state_ = STATE_HANDSHAKE_COMPLETE;
499
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]500 std::string error_details;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]501 if (!ProcessTransportParameters(&error_details)) {
dschinazid1967a22019-04-03 16:11:32 -0700[diff] [blame]502 DCHECK(!error_details.empty());
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]503 CloseConnection(QUIC_HANDSHAKE_FAILED, error_details);
504 return;
505 }
506
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]507 const uint8_t* alpn_data = nullptr;
508 unsigned alpn_length = 0;
509 SSL_get0_alpn_selected(ssl(), &alpn_data, &alpn_length);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]510
511 if (alpn_length == 0) {
512 QUIC_DLOG(ERROR) << "Client: server did not select ALPN";
513 // TODO(b/130164908) this should send no_application_protocol
514 // instead of QUIC_HANDSHAKE_FAILED.
515 CloseConnection(QUIC_HANDSHAKE_FAILED, "Server did not select ALPN");
516 return;
dschinazi35e749e2019-04-09 09:36:04 -0700[diff] [blame]517 }
518
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]519 std::string received_alpn_string(reinterpret_cast<const char*>(alpn_data),
520 alpn_length);
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]521 std::vector<std::string> offered_alpns = session()->GetAlpnsToOffer();
522 if (std::find(offered_alpns.begin(), offered_alpns.end(),
523 received_alpn_string) == offered_alpns.end()) {
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]524 QUIC_LOG(ERROR) << "Client: received mismatched ALPN '"
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]525 << received_alpn_string;
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]526 // TODO(b/130164908) this should send no_application_protocol
527 // instead of QUIC_HANDSHAKE_FAILED.
528 CloseConnection(QUIC_HANDSHAKE_FAILED, "Client received mismatched ALPN");
529 return;
530 }
vasilvvad7424f2019-08-30 00:27:14 -0700[diff] [blame]531 session()->OnAlpnSelected(received_alpn_string);
dschinazi91453642019-08-01 11:12:15 -0700[diff] [blame]532 QUIC_DLOG(INFO) << "Client: server selected ALPN: '" << received_alpn_string
533 << "'";
fayang685367a2020-01-14 10:40:15 -0800[diff] [blame]534 one_rtt_keys_available_ = true;
renjietangc50cc4a2020-08-17 18:33:30 -0700[diff] [blame]535 handshaker_delegate()->OnTlsHandshakeComplete();
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]536}
537
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]538void TlsClientHandshaker::HandleZeroRttReject() {
539 QUIC_LOG(INFO) << "0-RTT handshake attempted but was rejected by the server";
renjietang8aff71f2020-05-21 17:24:29 -0700[diff] [blame]540 DCHECK(session_cache_);
renjietang37d4ae12020-06-18 11:18:31 -0700[diff] [blame]541 // Disable encrytion to block outgoing data until 1-RTT keys are available.
542 encryption_established_ = false;
renjietangf71e8062020-09-14 12:01:15 -0700[diff] [blame]543 handshaker_delegate()->OnZeroRttRejected(EarlyDataReason());
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]544 SSL_reset_early_data_reject(ssl());
renjietang8aff71f2020-05-21 17:24:29 -0700[diff] [blame]545 session_cache_->ClearEarlyData(server_id_);
nharperd25cd652020-05-20 13:10:26 -0700[diff] [blame]546 AdvanceHandshake();
547}
548
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]549enum ssl_verify_result_t TlsClientHandshaker::VerifyCert(uint8_t* out_alert) {
550 if (verify_result_ != ssl_verify_retry ||
551 state_ == STATE_CERT_VERIFY_PENDING) {
552 enum ssl_verify_result_t result = verify_result_;
553 verify_result_ = ssl_verify_retry;
554 return result;
555 }
556 const STACK_OF(CRYPTO_BUFFER)* cert_chain = SSL_get0_peer_certificates(ssl());
557 if (cert_chain == nullptr) {
558 *out_alert = SSL_AD_INTERNAL_ERROR;
559 return ssl_verify_invalid;
560 }
561 // TODO(nharper): Pass the CRYPTO_BUFFERs into the QUIC stack to avoid copies.
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]562 std::vector<std::string> certs;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]563 for (CRYPTO_BUFFER* cert : cert_chain) {
564 certs.push_back(
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]565 std::string(reinterpret_cast<const char*>(CRYPTO_BUFFER_data(cert)),
566 CRYPTO_BUFFER_len(cert)));
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]567 }
QUICHE team38c190b2019-05-08 09:12:01 -0700[diff] [blame]568 const uint8_t* ocsp_response_raw;
569 size_t ocsp_response_len;
570 SSL_get0_ocsp_response(ssl(), &ocsp_response_raw, &ocsp_response_len);
571 std::string ocsp_response(reinterpret_cast<const char*>(ocsp_response_raw),
572 ocsp_response_len);
573 const uint8_t* sct_list_raw;
574 size_t sct_list_len;
575 SSL_get0_signed_cert_timestamp_list(ssl(), &sct_list_raw, &sct_list_len);
576 std::string sct_list(reinterpret_cast<const char*>(sct_list_raw),
577 sct_list_len);
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]578
579 ProofVerifierCallbackImpl* proof_verify_callback =
580 new ProofVerifierCallbackImpl(this);
581
582 QuicAsyncStatus verify_result = proof_verifier_->VerifyCertChain(
nharper5ab78c82020-06-05 15:03:44 -0700[diff] [blame]583 server_id_.host(), server_id_.port(), certs, ocsp_response, sct_list,
584 verify_context_.get(), &cert_verify_error_details_, &verify_details_,
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]585 std::unique_ptr<ProofVerifierCallback>(proof_verify_callback));
586 switch (verify_result) {
587 case QUIC_SUCCESS:
nharper9b3cba42020-04-16 08:17:20 -0700[diff] [blame]588 if (verify_details_) {
589 proof_handler_->OnProofVerifyDetailsAvailable(*verify_details_);
590 }
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]591 return ssl_verify_ok;
592 case QUIC_PENDING:
593 proof_verify_callback_ = proof_verify_callback;
594 state_ = STATE_CERT_VERIFY_PENDING;
595 return ssl_verify_retry;
596 case QUIC_FAILURE:
597 default:
598 QUIC_LOG(INFO) << "Cert chain verification failed: "
599 << cert_verify_error_details_;
600 return ssl_verify_invalid;
601 }
602}
603
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]604void TlsClientHandshaker::InsertSession(bssl::UniquePtr<SSL_SESSION> session) {
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]605 if (!received_transport_params_) {
606 QUIC_BUG << "Transport parameters isn't received";
607 return;
608 }
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]609 if (session_cache_ == nullptr) {
610 QUIC_DVLOG(1) << "No session cache, not inserting a session";
611 return;
612 }
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]613 if (has_application_state_ && !received_application_state_) {
614 // Application state is not received yet. cache the sessions.
615 if (cached_tls_sessions_[0] != nullptr) {
616 cached_tls_sessions_[1] = std::move(cached_tls_sessions_[0]);
617 }
618 cached_tls_sessions_[0] = std::move(session);
619 return;
620 }
621 session_cache_->Insert(server_id_, std::move(session),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]622 *received_transport_params_,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]623 received_application_state_.get());
nharperdf7a77b2019-11-11 13:12:45 -0800[diff] [blame]624}
625
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]626void TlsClientHandshaker::WriteMessage(EncryptionLevel level,
vasilvvc872ee42020-10-07 19:50:22 -0700[diff] [blame]627 absl::string_view data) {
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]628 if (level == ENCRYPTION_HANDSHAKE &&
629 state_ < STATE_ENCRYPTION_HANDSHAKE_DATA_SENT) {
630 state_ = STATE_ENCRYPTION_HANDSHAKE_DATA_SENT;
fayangd58736d2019-11-27 13:35:31 -0800[diff] [blame]631 }
632 TlsHandshaker::WriteMessage(level, data);
633}
634
nharperac52a862020-06-08 12:41:06 -0700[diff] [blame]635void TlsClientHandshaker::SetServerApplicationStateForResumption(
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]636 std::unique_ptr<ApplicationState> application_state) {
renjietang1a391de2020-05-12 10:30:13 -0700[diff] [blame]637 DCHECK_EQ(STATE_HANDSHAKE_COMPLETE, state_);
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]638 received_application_state_ = std::move(application_state);
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]639 // At least one tls session is cached before application state is received. So
640 // insert now.
641 if (session_cache_ != nullptr && cached_tls_sessions_[0] != nullptr) {
642 if (cached_tls_sessions_[1] != nullptr) {
643 // Insert the older session first.
644 session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[1]),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]645 *received_transport_params_,
renjietangbcc066a2020-04-21 18:05:57 -0700[diff] [blame]646 received_application_state_.get());
647 }
648 session_cache_->Insert(server_id_, std::move(cached_tls_sessions_[0]),
renjietangb5c69352020-04-22 17:56:04 -0700[diff] [blame]649 *received_transport_params_,
renjietang28e3a762020-04-16 12:16:17 -0700[diff] [blame]650 received_application_state_.get());
651 }
renjietangf21e3852020-04-13 15:45:39 -0700[diff] [blame]652}
653
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]654} // namespace quic