Google Git
Sign in
quiche / quiche / d17a7400d12793f89e4e98c6dff03e8d828ae933 / . / quic / core / tls_handshaker.h
blob: b4f16e8a3d171135199cf60949fb96c2182cb403 [file] [log] [blame]
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]1// Copyright (c) 2017 The Chromium Authors. All rights reserved.
2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
5#ifndef QUICHE_QUIC_CORE_TLS_HANDSHAKER_H_
6#define QUICHE_QUIC_CORE_TLS_HANDSHAKER_H_
7
8#include "third_party/boringssl/src/include/openssl/base.h"
9#include "third_party/boringssl/src/include/openssl/ssl.h"
10#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake.h"
11#include "net/third_party/quiche/src/quic/core/crypto/crypto_message_parser.h"
12#include "net/third_party/quiche/src/quic/core/crypto/quic_decrypter.h"
13#include "net/third_party/quiche/src/quic/core/crypto/quic_encrypter.h"
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]14#include "net/third_party/quiche/src/quic/core/crypto/tls_connection.h"
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]15#include "net/third_party/quiche/src/quic/core/quic_session.h"
16#include "net/third_party/quiche/src/quic/platform/api/quic_export.h"
17
18namespace quic {
19
20class QuicCryptoStream;
21
22// Base class for TlsClientHandshaker and TlsServerHandshaker. TlsHandshaker
23// provides functionality common to both the client and server, such as moving
24// messages between the TLS stack and the QUIC crypto stream, and handling
25// derivation of secrets.
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]26class QUIC_EXPORT_PRIVATE TlsHandshaker : public TlsConnection::Delegate,
27 public CryptoMessageParser {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]28 public:
29 // TlsHandshaker does not take ownership of any of its arguments; they must
30 // outlive the TlsHandshaker.
31 TlsHandshaker(QuicCryptoStream* stream,
32 QuicSession* session,
33 SSL_CTX* ssl_ctx);
34 TlsHandshaker(const TlsHandshaker&) = delete;
35 TlsHandshaker& operator=(const TlsHandshaker&) = delete;
36
37 ~TlsHandshaker() override;
38
39 // From CryptoMessageParser
40 bool ProcessInput(QuicStringPiece input, EncryptionLevel level) override;
41 size_t InputBytesRemaining() const override { return 0; }
42 QuicErrorCode error() const override { return parser_error_; }
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]43 const std::string& error_detail() const override {
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]44 return parser_error_detail_;
45 }
46
47 // From QuicCryptoStream
48 virtual bool encryption_established() const = 0;
49 virtual bool handshake_confirmed() const = 0;
50 virtual const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
51 const = 0;
52 virtual CryptoMessageParser* crypto_message_parser() { return this; }
53
54 protected:
55 virtual void AdvanceHandshake() = 0;
56
57 virtual void CloseConnection(QuicErrorCode error,
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]58 const std::string& reason_phrase) = 0;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]59
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]60 // Returns the PRF used by the cipher suite negotiated in the TLS handshake.
61 const EVP_MD* Prf();
62
63 std::unique_ptr<QuicEncrypter> CreateEncrypter(
64 const std::vector<uint8_t>& pp_secret);
65 std::unique_ptr<QuicDecrypter> CreateDecrypter(
66 const std::vector<uint8_t>& pp_secret);
67
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]68 virtual TlsConnection* tls_connection() = 0;
69
70 SSL* ssl() { return tls_connection()->ssl(); }
71
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]72 QuicCryptoStream* stream() { return stream_; }
73 QuicSession* session() { return session_; }
74
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]75 // SetEncryptionSecret provides the encryption secret to use at a particular
76 // encryption level. The secrets provided here are the ones from the TLS 1.3
77 // key schedule (RFC 8446 section 7.1), in particular the handshake traffic
78 // secrets and application traffic secrets. For a given secret |secret|,
79 // |level| indicates which EncryptionLevel it is to be used at, and |is_write|
80 // indicates whether it is used for encryption or decryption.
81 void SetEncryptionSecret(EncryptionLevel level,
82 const std::vector<uint8_t>& read_secret,
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]83 const std::vector<uint8_t>& write_secret) override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]84
85 // WriteMessage is called when there is |data| from the TLS stack ready for
86 // the QUIC stack to write in a crypto frame. The data must be transmitted at
87 // encryption level |level|.
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]88 void WriteMessage(EncryptionLevel level, QuicStringPiece data) override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]89
90 // FlushFlight is called to signal that the current flight of
91 // messages have all been written (via calls to WriteMessage) and can be
92 // flushed to the underlying transport.
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]93 void FlushFlight() override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]94
95 // SendAlert causes this TlsHandshaker to close the QUIC connection with an
96 // error code corresponding to the TLS alert description |desc|.
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]97 void SendAlert(EncryptionLevel level, uint8_t desc) override;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]98
nharper6ebe83b2019-06-13 17:43:52 -0700[diff] [blame]99 private:
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]100 QuicCryptoStream* stream_;
101 QuicSession* session_;
102
103 QuicErrorCode parser_error_ = QUIC_NO_ERROR;
vasilvvc48c8712019-03-11 13:38:16 -0700[diff] [blame]104 std::string parser_error_detail_;
QUICHE teama6ef0a62019-03-07 20:34:33 -0500[diff] [blame]105};
106
107} // namespace quic
108
109#endif // QUICHE_QUIC_CORE_TLS_HANDSHAKER_H_