We started redesigning GpuMemoryBuffer interface to handle multiple buffers [0].
[chromium-blink-merge.git] / net / quic / crypto / crypto_handshake.h
blob8b5e314d519f855f9e02d51052502a3789f2f326
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
6 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
8 #include <string>
9 #include <vector>
11 #include "base/memory/scoped_ptr.h"
12 #include "net/base/net_export.h"
13 #include "net/quic/quic_protocol.h"
15 namespace net {
17 class CommonCertSets;
18 class KeyExchange;
19 class QuicDecrypter;
20 class QuicEncrypter;
22 // HandshakeFailureReason enum values are uploaded to UMA, they cannot be
23 // changed.
24 enum HandshakeFailureReason {
25 HANDSHAKE_OK = 0,
27 // Failure reasons for an invalid client nonce in CHLO.
29 // The default error value for nonce verification failures from strike
30 // register (covers old strike registers and unknown failures).
31 CLIENT_NONCE_UNKNOWN_FAILURE = 1,
32 // Client nonce had incorrect length.
33 CLIENT_NONCE_INVALID_FAILURE = 2,
34 // Client nonce is not unique.
35 CLIENT_NONCE_NOT_UNIQUE_FAILURE = 3,
36 // Client orbit is invalid or incorrect.
37 CLIENT_NONCE_INVALID_ORBIT_FAILURE = 4,
38 // Client nonce's timestamp is not in the strike register's valid time range.
39 CLIENT_NONCE_INVALID_TIME_FAILURE = 5,
40 // Strike register's RPC call timed out, client nonce couldn't be verified.
41 CLIENT_NONCE_STRIKE_REGISTER_TIMEOUT = 6,
42 // Strike register is down, client nonce couldn't be verified.
43 CLIENT_NONCE_STRIKE_REGISTER_FAILURE = 7,
45 // Failure reasons for an invalid server nonce in CHLO.
47 // Unbox of server nonce failed.
48 SERVER_NONCE_DECRYPTION_FAILURE = 8,
49 // Decrypted server nonce had incorrect length.
50 SERVER_NONCE_INVALID_FAILURE = 9,
51 // Server nonce is not unique.
52 SERVER_NONCE_NOT_UNIQUE_FAILURE = 10,
53 // Server nonce's timestamp is not in the strike register's valid time range.
54 SERVER_NONCE_INVALID_TIME_FAILURE = 11,
56 // Failure reasons for an invalid server config in CHLO.
58 // Missing Server config id (kSCID) tag.
59 SERVER_CONFIG_INCHOATE_HELLO_FAILURE = 12,
60 // Couldn't find the Server config id (kSCID).
61 SERVER_CONFIG_UNKNOWN_CONFIG_FAILURE = 13,
63 // Failure reasons for an invalid source-address token.
65 // Missing Source-address token (kSourceAddressTokenTag) tag.
66 SOURCE_ADDRESS_TOKEN_INVALID_FAILURE = 14,
67 // Unbox of Source-address token failed.
68 SOURCE_ADDRESS_TOKEN_DECRYPTION_FAILURE = 15,
69 // Couldn't parse the unbox'ed Source-address token.
70 SOURCE_ADDRESS_TOKEN_PARSE_FAILURE = 16,
71 // Source-address token is for a different IP address.
72 SOURCE_ADDRESS_TOKEN_DIFFERENT_IP_ADDRESS_FAILURE = 17,
73 // The source-address token has a timestamp in the future.
74 SOURCE_ADDRESS_TOKEN_CLOCK_SKEW_FAILURE = 18,
75 // The source-address token has expired.
76 SOURCE_ADDRESS_TOKEN_EXPIRED_FAILURE = 19,
78 MAX_FAILURE_REASON,
81 // These errors will be packed into an uint32 and we don't want to set the most
82 // significant bit, which may be misinterpreted as the sign bit.
83 static_assert(MAX_FAILURE_REASON <= 32, "failure reason out of sync");
85 // A CrypterPair contains the encrypter and decrypter for an encryption level.
86 struct NET_EXPORT_PRIVATE CrypterPair {
87 CrypterPair();
88 ~CrypterPair();
89 scoped_ptr<QuicEncrypter> encrypter;
90 scoped_ptr<QuicDecrypter> decrypter;
93 // Parameters negotiated by the crypto handshake.
94 struct NET_EXPORT_PRIVATE QuicCryptoNegotiatedParameters {
95 // Initializes the members to 0 or empty values.
96 QuicCryptoNegotiatedParameters();
97 ~QuicCryptoNegotiatedParameters();
99 QuicTag key_exchange;
100 QuicTag aead;
101 std::string initial_premaster_secret;
102 std::string forward_secure_premaster_secret;
103 // subkey_secret is used as the PRK input to the HKDF used for key extraction.
104 std::string subkey_secret;
105 CrypterPair initial_crypters;
106 CrypterPair forward_secure_crypters;
107 // Normalized SNI: converted to lower case and trailing '.' removed.
108 std::string sni;
109 std::string client_nonce;
110 std::string server_nonce;
111 // hkdf_input_suffix contains the HKDF input following the label: the
112 // ConnectionId, client hello and server config. This is only populated in the
113 // client because only the client needs to derive the forward secure keys at a
114 // later time from the initial keys.
115 std::string hkdf_input_suffix;
116 // cached_certs contains the cached certificates that a client used when
117 // sending a client hello.
118 std::vector<std::string> cached_certs;
119 // client_key_exchange is used by clients to store the ephemeral KeyExchange
120 // for the connection.
121 scoped_ptr<KeyExchange> client_key_exchange;
122 // channel_id is set by servers to a ChannelID key when the client correctly
123 // proves possession of the corresponding private key. It consists of 32
124 // bytes of x coordinate, followed by 32 bytes of y coordinate. Both values
125 // are big-endian and the pair is a P-256 public key.
126 std::string channel_id;
128 // Used when generating proof signature when sending server config updates.
129 bool x509_ecdsa_supported;
131 // Used to generate cert chain when sending server config updates.
132 std::string client_common_set_hashes;
133 std::string client_cached_cert_hashes;
136 // QuicCryptoConfig contains common configuration between clients and servers.
137 class NET_EXPORT_PRIVATE QuicCryptoConfig {
138 public:
139 // kInitialLabel is a constant that is used when deriving the initial
140 // (non-forward secure) keys for the connection in order to tie the resulting
141 // key to this protocol.
142 static const char kInitialLabel[];
144 // kCETVLabel is a constant that is used when deriving the keys for the
145 // encrypted tag/value block in the client hello.
146 static const char kCETVLabel[];
148 // kForwardSecureLabel is a constant that is used when deriving the forward
149 // secure keys for the connection in order to tie the resulting key to this
150 // protocol.
151 static const char kForwardSecureLabel[];
153 QuicCryptoConfig();
154 ~QuicCryptoConfig();
156 // Key exchange methods. The following two members' values correspond by
157 // index.
158 QuicTagVector kexs;
159 // Authenticated encryption with associated data (AEAD) algorithms.
160 QuicTagVector aead;
162 const CommonCertSets* common_cert_sets;
164 private:
165 DISALLOW_COPY_AND_ASSIGN(QuicCryptoConfig);
168 } // namespace net
170 #endif // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_