net/quic/quic_crypto_client_stream.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
   6 #define NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
   7
   8 #include <string>
   9
  10 #include "net/quic/crypto/channel_id.h"
  11 #include "net/quic/crypto/proof_verifier.h"
  12 #include "net/quic/crypto/quic_crypto_client_config.h"
  13 #include "net/quic/quic_config.h"
  14 #include "net/quic/quic_crypto_stream.h"
  15 #include "net/quic/quic_server_id.h"
  16
  17 namespace net {
  18
  19 class QuicClientSessionBase;
  20
  21 namespace test {
  22 class CryptoTestUtils;
  23 class QuicChromiumClientSessionPeer;
  24 }  // namespace test
  25
  26 class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream {
  27  public:
  28   // kMaxClientHellos is the maximum number of times that we'll send a client
  29   // hello. The value 3 accounts for:
  30   //   * One failure due to an incorrect or missing source-address token.
  31   //   * One failure due the server's certificate chain being unavailible and
  32   //     the server being unwilling to send it without a valid source-address
  33   //     token.
  34   static const int kMaxClientHellos = 3;
  35
  36   QuicCryptoClientStream(const QuicServerId& server_id,
  37                          QuicClientSessionBase* session,
  38                          ProofVerifyContext* verify_context,
  39                          QuicCryptoClientConfig* crypto_config);
  40   ~QuicCryptoClientStream() override;
  41
  42   // CryptoFramerVisitorInterface implementation
  43   void OnHandshakeMessage(const CryptoHandshakeMessage& message) override;
  44
  45   // Performs a crypto handshake with the server.
  46   virtual void CryptoConnect();
  47
  48   // num_sent_client_hellos returns the number of client hello messages that
  49   // have been sent. If the handshake has completed then this is one greater
  50   // than the number of round-trips needed for the handshake.
  51   int num_sent_client_hellos() const;
  52
  53   // Returns true if a channel ID was sent on this connection.
  54   bool WasChannelIDSent() const;
  55
  56   // Returns true if our ChannelIDSourceCallback was run, which implies the
  57   // ChannelIDSource operated asynchronously. Intended for testing.
  58   bool WasChannelIDSourceCallbackRun() const;
  59
  60  private:
  61   // ChannelIDSourceCallbackImpl is passed as the callback method to
  62   // GetChannelIDKey. The ChannelIDSource calls this class with the result of
  63   // channel ID lookup when lookup is performed asynchronously.
  64   class ChannelIDSourceCallbackImpl : public ChannelIDSourceCallback {
  65    public:
  66     explicit ChannelIDSourceCallbackImpl(QuicCryptoClientStream* stream);
  67     ~ChannelIDSourceCallbackImpl() override;
  68
  69     // ChannelIDSourceCallback interface.
  70     void Run(scoped_ptr<ChannelIDKey>* channel_id_key) override;
  71
  72     // Cancel causes any future callbacks to be ignored. It must be called on
  73     // the same thread as the callback will be made on.
  74     void Cancel();
  75
  76    private:
  77     QuicCryptoClientStream* stream_;
  78   };
  79
  80   // ProofVerifierCallbackImpl is passed as the callback method to VerifyProof.
  81   // The ProofVerifier calls this class with the result of proof verification
  82   // when verification is performed asynchronously.
  83   class ProofVerifierCallbackImpl : public ProofVerifierCallback {
  84    public:
  85     explicit ProofVerifierCallbackImpl(QuicCryptoClientStream* stream);
  86     ~ProofVerifierCallbackImpl() override;
  87
  88     // ProofVerifierCallback interface.
  89     void Run(bool ok,
  90              const std::string& error_details,
  91              scoped_ptr<ProofVerifyDetails>* details) override;
  92
  93     // Cancel causes any future callbacks to be ignored. It must be called on
  94     // the same thread as the callback will be made on.
  95     void Cancel();
  96
  97    private:
  98     QuicCryptoClientStream* stream_;
  99   };
 100
 101   friend class test::CryptoTestUtils;
 102   friend class test::QuicChromiumClientSessionPeer;
 103
 104   enum State {
 105     STATE_IDLE,
 106     STATE_INITIALIZE,
 107     STATE_SEND_CHLO,
 108     STATE_RECV_REJ,
 109     STATE_VERIFY_PROOF,
 110     STATE_VERIFY_PROOF_COMPLETE,
 111     STATE_GET_CHANNEL_ID,
 112     STATE_GET_CHANNEL_ID_COMPLETE,
 113     STATE_RECV_SHLO,
 114     STATE_INITIALIZE_SCUP,
 115     STATE_NONE,
 116   };
 117
 118   // Handles new server config and optional source-address token provided by the
 119   // server during a connection.
 120   void HandleServerConfigUpdateMessage(
 121       const CryptoHandshakeMessage& server_config_update);
 122
 123   // DoHandshakeLoop performs a step of the handshake state machine. Note that
 124   // |in| may be nullptr if the call did not result from a received message.
 125   void DoHandshakeLoop(const CryptoHandshakeMessage* in);
 126
 127   // Start the handshake process.
 128   void DoInitialize(QuicCryptoClientConfig::CachedState* cached);
 129
 130   // Send either InchoateClientHello or ClientHello message to the server.
 131   void DoSendCHLO(const CryptoHandshakeMessage* in,
 132                   QuicCryptoClientConfig::CachedState* cached);
 133
 134   // Process REJ message from the server.
 135   void DoReceiveREJ(const CryptoHandshakeMessage* in,
 136                     QuicCryptoClientConfig::CachedState* cached);
 137
 138   // Start the proof verification process. Returns the QuicAsyncStatus returned
 139   // by the ProofVerifier's VerifyProof.
 140   QuicAsyncStatus DoVerifyProof(QuicCryptoClientConfig::CachedState* cached);
 141
 142   // If proof is valid then it sets the proof as valid (which persists the
 143   // server config). If not, it closes the connection.
 144   void DoVerifyProofComplete(QuicCryptoClientConfig::CachedState* cached);
 145
 146   // Start the look up of Channel ID process. Returns either QUIC_SUCCESS if
 147   // RequiresChannelID returns false or QuicAsyncStatus returned by
 148   // GetChannelIDKey.
 149   QuicAsyncStatus DoGetChannelID(QuicCryptoClientConfig::CachedState* cached);
 150
 151   // If there is no channel ID, then close the connection otherwise transtion to
 152   // STATE_SEND_CHLO state.
 153   void DoGetChannelIDComplete();
 154
 155   // Process SHLO message from the server.
 156   void DoReceiveSHLO(const CryptoHandshakeMessage* in,
 157                      QuicCryptoClientConfig::CachedState* cached);
 158
 159   // Start the proof verification if |server_id_| is https and |cached| has
 160   // signature.
 161   void DoInitializeServerConfigUpdate(
 162       QuicCryptoClientConfig::CachedState* cached);
 163
 164   // Called to set the proof of |cached| valid.  Also invokes the session's
 165   // OnProofValid() method.
 166   void SetCachedProofValid(QuicCryptoClientConfig::CachedState* cached);
 167
 168   // Returns true if the server crypto config in |cached| requires a ChannelID
 169   // and the client config settings also allow sending a ChannelID.
 170   bool RequiresChannelID(QuicCryptoClientConfig::CachedState* cached);
 171
 172   QuicClientSessionBase* client_session();
 173
 174   State next_state_;
 175   // num_client_hellos_ contains the number of client hello messages that this
 176   // connection has sent.
 177   int num_client_hellos_;
 178
 179   QuicCryptoClientConfig* const crypto_config_;
 180
 181   // Client's connection nonce (4-byte timestamp + 28 random bytes)
 182   std::string nonce_;
 183   // Server's (hostname, port, is_https, privacy_mode) tuple.
 184   const QuicServerId server_id_;
 185
 186   // Generation counter from QuicCryptoClientConfig's CachedState.
 187   uint64 generation_counter_;
 188
 189   // True if a channel ID was sent.
 190   bool channel_id_sent_;
 191
 192   // True if channel_id_source_callback_ was run.
 193   bool channel_id_source_callback_run_;
 194
 195   // channel_id_source_callback_ contains the callback object that we passed
 196   // to an asynchronous channel ID lookup. The ChannelIDSource owns this
 197   // object.
 198   ChannelIDSourceCallbackImpl* channel_id_source_callback_;
 199
 200   // These members are used to store the result of an asynchronous channel ID
 201   // lookup. These members must not be used after
 202   // STATE_GET_CHANNEL_ID_COMPLETE.
 203   scoped_ptr<ChannelIDKey> channel_id_key_;
 204
 205   // verify_context_ contains the context object that we pass to asynchronous
 206   // proof verifications.
 207   scoped_ptr<ProofVerifyContext> verify_context_;
 208
 209   // proof_verify_callback_ contains the callback object that we passed to an
 210   // asynchronous proof verification. The ProofVerifier owns this object.
 211   ProofVerifierCallbackImpl* proof_verify_callback_;
 212
 213   // These members are used to store the result of an asynchronous proof
 214   // verification. These members must not be used after
 215   // STATE_VERIFY_PROOF_COMPLETE.
 216   bool verify_ok_;
 217   std::string verify_error_details_;
 218   scoped_ptr<ProofVerifyDetails> verify_details_;
 219
 220   // True if the server responded to a previous CHLO with a stateless
 221   // reject.  Used for book-keeping between the STATE_RECV_REJ,
 222   // STATE_VERIFY_PROOF*, and subsequent STATE_SEND_CHLO state.
 223   bool stateless_reject_received_;
 224
 225   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientStream);
 226 };
 227
 228 }  // namespace net
 229
 230 #endif  // NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_