net/quic/crypto/quic_crypto_client_config.h

   1 // Copyright 2013 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_
   6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_
   7
   8 #include <map>
   9 #include <string>
  10 #include <vector>
  11
  12 #include "base/memory/scoped_ptr.h"
  13 #include "base/strings/string_piece.h"
  14 #include "net/base/net_export.h"
  15 #include "net/quic/crypto/crypto_handshake.h"
  16 #include "net/quic/quic_protocol.h"
  17 #include "net/quic/quic_server_id.h"
  18
  19 namespace net {
  20
  21 class ChannelIDKey;
  22 class ChannelIDSource;
  23 class CryptoHandshakeMessage;
  24 class ProofVerifier;
  25 class ProofVerifyDetails;
  26 class QuicRandom;
  27
  28 // QuicCryptoClientConfig contains crypto-related configuration settings for a
  29 // client. Note that this object isn't thread-safe. It's designed to be used on
  30 // a single thread at a time.
  31 class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
  32  public:
  33   // A CachedState contains the information that the client needs in order to
  34   // perform a 0-RTT handshake with a server. This information can be reused
  35   // over several connections to the same server.
  36   class NET_EXPORT_PRIVATE CachedState {
  37    public:
  38     CachedState();
  39     ~CachedState();
  40
  41     // IsComplete returns true if this object contains enough information to
  42     // perform a handshake with the server. |now| is used to judge whether any
  43     // cached server config has expired.
  44     bool IsComplete(QuicWallTime now) const;
  45
  46     // IsEmpty returns true if |server_config_| is empty.
  47     bool IsEmpty() const;
  48
  49     // GetServerConfig returns the parsed contents of |server_config|, or NULL
  50     // if |server_config| is empty. The return value is owned by this object
  51     // and is destroyed when this object is.
  52     const CryptoHandshakeMessage* GetServerConfig() const;
  53
  54     // SetServerConfig checks that |server_config| parses correctly and stores
  55     // it in |server_config_|. |now| is used to judge whether |server_config|
  56     // has expired.
  57     QuicErrorCode SetServerConfig(base::StringPiece server_config,
  58                                   QuicWallTime now,
  59                                   std::string* error_details);
  60
  61     // InvalidateServerConfig clears the cached server config (if any).
  62     void InvalidateServerConfig();
  63
  64     // SetProof stores a certificate chain and signature.
  65     void SetProof(const std::vector<std::string>& certs,
  66                   base::StringPiece signature);
  67
  68     // Clears all the data.
  69     void Clear();
  70
  71     // Clears the certificate chain and signature and invalidates the proof.
  72     void ClearProof();
  73
  74     // SetProofValid records that the certificate chain and signature have been
  75     // validated and that it's safe to assume that the server is legitimate.
  76     // (Note: this does not check the chain or signature.)
  77     void SetProofValid();
  78
  79     // If the server config or the proof has changed then it needs to be
  80     // revalidated. Helper function to keep server_config_valid_ and
  81     // generation_counter_ in sync.
  82     void SetProofInvalid();
  83
  84     const std::string& server_config() const;
  85     const std::string& source_address_token() const;
  86     const std::vector<std::string>& certs() const;
  87     const std::string& signature() const;
  88     bool proof_valid() const;
  89     uint64 generation_counter() const;
  90     const ProofVerifyDetails* proof_verify_details() const;
  91
  92     void set_source_address_token(base::StringPiece token);
  93
  94     // SetProofVerifyDetails takes ownership of |details|.
  95     void SetProofVerifyDetails(ProofVerifyDetails* details);
  96
  97     // Copy the |server_config_|, |source_address_token_|, |certs_| and
  98     // |server_config_sig_| from the |other|.  The remaining fields,
  99     // |generation_counter_|, |proof_verify_details_|, and |scfg_| remain
 100     // unchanged.
 101     void InitializeFrom(const CachedState& other);
 102
 103     // Initializes this cached state based on the arguments provided.
 104     // Returns false if there is a problem parsing the server config.
 105     bool Initialize(base::StringPiece server_config,
 106                     base::StringPiece source_address_token,
 107                     const std::vector<std::string>& certs,
 108                     base::StringPiece signature,
 109                     QuicWallTime now);
 110
 111    private:
 112     std::string server_config_;         // A serialized handshake message.
 113     std::string source_address_token_;  // An opaque proof of IP ownership.
 114     std::vector<std::string> certs_;    // A list of certificates in leaf-first
 115                                         // order.
 116     std::string server_config_sig_;     // A signature of |server_config_|.
 117     bool server_config_valid_;          // True if |server_config_| is correctly
 118                                         // signed and |certs_| has been
 119                                         // validated.
 120     // Generation counter associated with the |server_config_|, |certs_| and
 121     // |server_config_sig_| combination. It is incremented whenever we set
 122     // server_config_valid_ to false.
 123     uint64 generation_counter_;
 124
 125     scoped_ptr<ProofVerifyDetails> proof_verify_details_;
 126
 127     // scfg contains the cached, parsed value of |server_config|.
 128     mutable scoped_ptr<CryptoHandshakeMessage> scfg_;
 129
 130     DISALLOW_COPY_AND_ASSIGN(CachedState);
 131   };
 132
 133   QuicCryptoClientConfig();
 134   ~QuicCryptoClientConfig();
 135
 136   // Sets the members to reasonable, default values.
 137   void SetDefaults();
 138
 139   // LookupOrCreate returns a CachedState for the given |server_id|. If no such
 140   // CachedState currently exists, it will be created and cached.
 141   CachedState* LookupOrCreate(const QuicServerId& server_id);
 142
 143   // Delete all CachedState objects from cached_states_.
 144   void ClearCachedStates();
 145
 146   // FillInchoateClientHello sets |out| to be a CHLO message that elicits a
 147   // source-address token or SCFG from a server. If |cached| is non-NULL, the
 148   // source-address token will be taken from it. |out_params| is used in order
 149   // to store the cached certs that were sent as hints to the server in
 150   // |out_params->cached_certs|. |preferred_version| is the version of the
 151   // QUIC protocol that this client chose to use initially. This allows the
 152   // server to detect downgrade attacks.
 153   void FillInchoateClientHello(const QuicServerId& server_id,
 154                                const QuicVersion preferred_version,
 155                                const CachedState* cached,
 156                                QuicCryptoNegotiatedParameters* out_params,
 157                                CryptoHandshakeMessage* out) const;
 158
 159   // FillClientHello sets |out| to be a CHLO message based on the configuration
 160   // of this object. This object must have cached enough information about
 161   // the server's hostname in order to perform a handshake. This can be checked
 162   // with the |IsComplete| member of |CachedState|.
 163   //
 164   // |now| and |rand| are used to generate the nonce and |out_params| is
 165   // filled with the results of the handshake that the server is expected to
 166   // accept. |preferred_version| is the version of the QUIC protocol that this
 167   // client chose to use initially. This allows the server to detect downgrade
 168   // attacks.
 169   //
 170   // If |channel_id_key| is not null, it is used to sign a secret value derived
 171   // from the client and server's keys, and the Channel ID public key and the
 172   // signature are placed in the CETV value of the CHLO.
 173   QuicErrorCode FillClientHello(const QuicServerId& server_id,
 174                                 QuicConnectionId connection_id,
 175                                 const QuicVersion preferred_version,
 176                                 const CachedState* cached,
 177                                 QuicWallTime now,
 178                                 QuicRandom* rand,
 179                                 const ChannelIDKey* channel_id_key,
 180                                 QuicCryptoNegotiatedParameters* out_params,
 181                                 CryptoHandshakeMessage* out,
 182                                 std::string* error_details) const;
 183
 184   // ProcessRejection processes a REJ message from a server and updates the
 185   // cached information about that server. After this, |IsComplete| may return
 186   // true for that server's CachedState. If the rejection message contains
 187   // state about a future handshake (i.e. an nonce value from the server), then
 188   // it will be saved in |out_params|. |now| is used to judge whether the
 189   // server config in the rejection message has expired. |is_https| is used to
 190   // track reject reason for secure vs insecure QUIC.
 191   QuicErrorCode ProcessRejection(const CryptoHandshakeMessage& rej,
 192                                  QuicWallTime now,
 193                                  CachedState* cached,
 194                                  bool is_https,
 195                                  QuicCryptoNegotiatedParameters* out_params,
 196                                  std::string* error_details);
 197
 198   // ProcessServerHello processes the message in |server_hello|, updates the
 199   // cached information about that server, writes the negotiated parameters to
 200   // |out_params| and returns QUIC_NO_ERROR. If |server_hello| is unacceptable
 201   // then it puts an error message in |error_details| and returns an error
 202   // code. |negotiated_versions| contains the list of version, if any, that were
 203   // present in a version negotiation packet previously recevied from the
 204   // server. The contents of this list will be compared against the list of
 205   // versions provided in the VER tag of the server hello.
 206   QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
 207                                    QuicConnectionId connection_id,
 208                                    const QuicVersionVector& negotiated_versions,
 209                                    CachedState* cached,
 210                                    QuicCryptoNegotiatedParameters* out_params,
 211                                    std::string* error_details);
 212
 213   // Processes the message in |server_update|, updating the cached source
 214   // address token, and server config.
 215   // If |server_update| is invalid then |error_details| will contain an error
 216   // message, and an error code will be returned. If all has gone well
 217   // QUIC_NO_ERROR is returned.
 218   QuicErrorCode ProcessServerConfigUpdate(
 219       const CryptoHandshakeMessage& server_update,
 220       QuicWallTime now,
 221       CachedState* cached,
 222       QuicCryptoNegotiatedParameters* out_params,
 223       std::string* error_details);
 224
 225   ProofVerifier* proof_verifier() const;
 226
 227   // SetProofVerifier takes ownership of a |ProofVerifier| that clients are
 228   // free to use in order to verify certificate chains from servers. If a
 229   // ProofVerifier is set then the client will request a certificate chain from
 230   // the server.
 231   void SetProofVerifier(ProofVerifier* verifier);
 232
 233   ChannelIDSource* channel_id_source() const;
 234
 235   // SetChannelIDSource sets a ChannelIDSource that will be called, when the
 236   // server supports channel IDs, to obtain a channel ID for signing a message
 237   // proving possession of the channel ID. This object takes ownership of
 238   // |source|.
 239   void SetChannelIDSource(ChannelIDSource* source);
 240
 241   // Initialize the CachedState from |canonical_crypto_config| for the
 242   // |canonical_server_id| as the initial CachedState for |server_id|. We will
 243   // copy config data only if |canonical_crypto_config| has valid proof.
 244   void InitializeFrom(const QuicServerId& server_id,
 245                       const QuicServerId& canonical_server_id,
 246                       QuicCryptoClientConfig* canonical_crypto_config);
 247
 248   // Adds |suffix| as a domain suffix for which the server's crypto config
 249   // is expected to be shared among servers with the domain suffix. If a server
 250   // matches this suffix, then the server config from another server with the
 251   // suffix will be used to initialize the cached state for this server.
 252   void AddCanonicalSuffix(const std::string& suffix);
 253
 254   // Prefers AES-GCM (kAESG) over other AEAD algorithms. Call this method if
 255   // the CPU has hardware acceleration for AES-GCM. This method can only be
 256   // called after SetDefaults().
 257   void PreferAesGcm();
 258
 259   // Disables the use of ECDSA for proof verification.
 260   // Call this method on platforms that do not support ECDSA.
 261   // TODO(rch): remove this method when we drop support for Windows XP.
 262   void DisableEcdsa();
 263
 264   // Saves the |user_agent_id| that will be passed in QUIC's CHLO message.
 265   void set_user_agent_id(const std::string& user_agent_id) {
 266     user_agent_id_ = user_agent_id;
 267   }
 268
 269  private:
 270   typedef std::map<QuicServerId, CachedState*> CachedStateMap;
 271
 272   // CacheNewServerConfig checks for SCFG, STK, PROF, and CRT tags in |message|,
 273   // verifies them, and stores them in the cached state if they validate.
 274   // This is used on receipt of a REJ from a server, or when a server sends
 275   // updated server config during a connection.
 276   QuicErrorCode CacheNewServerConfig(
 277       const CryptoHandshakeMessage& message,
 278       QuicWallTime now,
 279       const std::vector<std::string>& cached_certs,
 280       CachedState* cached,
 281       std::string* error_details);
 282
 283   // If the suffix of the hostname in |server_id| is in |canoncial_suffixes_|,
 284   // then populate |cached| with the canonical cached state from
 285   // |canonical_server_map_| for that suffix.
 286   void PopulateFromCanonicalConfig(const QuicServerId& server_id,
 287                                    CachedState* cached);
 288
 289   // cached_states_ maps from the server_id to the cached information about
 290   // that server.
 291   CachedStateMap cached_states_;
 292
 293   // Contains a map of servers which could share the same server config. Map
 294   // from a canonical host suffix/port/scheme to a representative server with
 295   // the canonical suffix, which has a plausible set of initial certificates
 296   // (or at least server public key).
 297   std::map<QuicServerId, QuicServerId> canonical_server_map_;
 298
 299   // Contains list of suffixes (for exmaple ".c.youtube.com",
 300   // ".googlevideo.com") of canoncial hostnames.
 301   std::vector<std::string> canoncial_suffixes_;
 302
 303   scoped_ptr<ProofVerifier> proof_verifier_;
 304   scoped_ptr<ChannelIDSource> channel_id_source_;
 305
 306   // True if ECDSA should be disabled.
 307   bool disable_ecdsa_;
 308
 309   // The |user_agent_id_| passed in QUIC's CHLO message.
 310   std::string user_agent_id_;
 311
 312   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 313 };
 314
 315 }  // namespace net
 316
 317 #endif  // NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_