net/quic/quic_crypto_server_stream.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_QUIC_CRYPTO_SERVER_STREAM_H_
   6 #define NET_QUIC_QUIC_CRYPTO_SERVER_STREAM_H_
   7
   8 #include <string>
   9
  10 #include "net/quic/crypto/crypto_handshake.h"
  11 #include "net/quic/crypto/quic_crypto_server_config.h"
  12 #include "net/quic/proto/source_address_token.pb.h"
  13 #include "net/quic/quic_config.h"
  14 #include "net/quic/quic_crypto_stream.h"
  15
  16 namespace net {
  17
  18 class CachedNetworkParameters;
  19 class CryptoHandshakeMessage;
  20 class QuicCryptoServerConfig;
  21 class QuicCryptoServerStream;
  22 class QuicSession;
  23
  24 namespace test {
  25 class CryptoTestUtils;
  26 class QuicCryptoServerStreamPeer;
  27 }  // namespace test
  28
  29 // Receives a notification when the server hello (SHLO) has been ACKed by the
  30 // peer. At this point we disable HANDSHAKE_MODE in the sent packet manager.
  31 class NET_EXPORT_PRIVATE ServerHelloNotifier : public
  32     QuicAckNotifier::DelegateInterface {
  33  public:
  34   explicit ServerHelloNotifier(QuicCryptoServerStream* stream)
  35       : server_stream_(stream) {}
  36
  37   // QuicAckNotifier::DelegateInterface implementation
  38   void OnAckNotification(int num_retransmitted_packets,
  39                          int num_retransmitted_bytes,
  40                          QuicTime::Delta delta_largest_observed) override;
  41
  42  private:
  43   ~ServerHelloNotifier() override {}
  44
  45   QuicCryptoServerStream* server_stream_;
  46
  47   DISALLOW_COPY_AND_ASSIGN(ServerHelloNotifier);
  48 };
  49
  50 class NET_EXPORT_PRIVATE QuicCryptoServerStream : public QuicCryptoStream {
  51  public:
  52   // |crypto_config| must outlive the stream.
  53   QuicCryptoServerStream(const QuicCryptoServerConfig* crypto_config,
  54                          QuicSession* session);
  55   ~QuicCryptoServerStream() override;
  56
  57   // Cancel any outstanding callbacks, such as asynchronous validation of client
  58   // hello.
  59   void CancelOutstandingCallbacks();
  60
  61   // CryptoFramerVisitorInterface implementation
  62   void OnHandshakeMessage(const CryptoHandshakeMessage& message) override;
  63
  64   // GetBase64SHA256ClientChannelID sets |*output| to the base64 encoded,
  65   // SHA-256 hash of the client's ChannelID key and returns true, if the client
  66   // presented a ChannelID. Otherwise it returns false.
  67   bool GetBase64SHA256ClientChannelID(std::string* output) const;
  68
  69   uint8 num_handshake_messages() const { return num_handshake_messages_; }
  70
  71   int num_server_config_update_messages_sent() const {
  72     return num_server_config_update_messages_sent_;
  73   }
  74
  75   // Sends the latest server config and source-address token to the client.
  76   virtual void SendServerConfigUpdate(
  77       const CachedNetworkParameters* cached_network_params);
  78
  79   // Called by the ServerHello AckNotifier once the SHLO has been ACKed by the
  80   // client.
  81   void OnServerHelloAcked();
  82
  83   void set_previous_cached_network_params(
  84       CachedNetworkParameters cached_network_params);
  85
  86   const CachedNetworkParameters* previous_cached_network_params() const;
  87
  88   bool use_stateless_rejects_if_peer_supported() const {
  89     return use_stateless_rejects_if_peer_supported_;
  90   }
  91
  92   // Used by the quic dispatcher to indicate that this crypto server
  93   // stream should use stateless rejects, so long as stateless rejects
  94   // are supported by the client.
  95   void set_use_stateless_rejects_if_peer_supported(
  96       bool use_stateless_rejects_if_peer_supported) {
  97     use_stateless_rejects_if_peer_supported_ =
  98         use_stateless_rejects_if_peer_supported;
  99   }
 100
 101   bool peer_supports_stateless_rejects() const {
 102     return peer_supports_stateless_rejects_;
 103   }
 104
 105   void set_peer_supports_stateless_rejects(
 106       bool peer_supports_stateless_rejects) {
 107     peer_supports_stateless_rejects_ = peer_supports_stateless_rejects;
 108   }
 109
 110  protected:
 111   virtual QuicErrorCode ProcessClientHello(
 112       const CryptoHandshakeMessage& message,
 113       const ValidateClientHelloResultCallback::Result& result,
 114       CryptoHandshakeMessage* reply,
 115       std::string* error_details);
 116
 117   // Hook that allows the server to set QuicConfig defaults just
 118   // before going through the parameter negotiation step.
 119   virtual void OverrideQuicConfigDefaults(QuicConfig* config);
 120
 121   // Given the current connection_id, generates a new ConnectionId to
 122   // be returned with a stateless reject.
 123   virtual QuicConnectionId GenerateConnectionIdForReject(
 124       QuicConnectionId connection_id);
 125
 126  private:
 127   friend class test::CryptoTestUtils;
 128   friend class test::QuicCryptoServerStreamPeer;
 129
 130   class ValidateCallback : public ValidateClientHelloResultCallback {
 131    public:
 132     explicit ValidateCallback(QuicCryptoServerStream* parent);
 133     // To allow the parent to detach itself from the callback before deletion.
 134     void Cancel();
 135
 136     // From ValidateClientHelloResultCallback
 137     void RunImpl(const CryptoHandshakeMessage& client_hello,
 138                  const Result& result) override;
 139
 140    private:
 141     QuicCryptoServerStream* parent_;
 142
 143     DISALLOW_COPY_AND_ASSIGN(ValidateCallback);
 144   };
 145
 146   // Invoked by ValidateCallback::RunImpl once initial validation of
 147   // the client hello is complete.  Finishes processing of the client
 148   // hello message and handles handshake success/failure.
 149   void FinishProcessingHandshakeMessage(
 150       const CryptoHandshakeMessage& message,
 151       const ValidateClientHelloResultCallback::Result& result);
 152
 153   // Checks the options on the handshake-message to see whether the
 154   // peer supports stateless-rejects.
 155   static bool DoesPeerSupportStatelessRejects(
 156       const CryptoHandshakeMessage& message);
 157
 158   // crypto_config_ contains crypto parameters for the handshake.
 159   const QuicCryptoServerConfig* crypto_config_;
 160
 161   // Pointer to the active callback that will receive the result of
 162   // the client hello validation request and forward it to
 163   // FinishProcessingHandshakeMessage for processing.  nullptr if no
 164   // handshake message is being validated.
 165   ValidateCallback* validate_client_hello_cb_;
 166
 167   // Number of handshake messages received by this stream.
 168   uint8 num_handshake_messages_;
 169
 170   // Number of server config update (SCUP) messages sent by this stream.
 171   int num_server_config_update_messages_sent_;
 172
 173   // If the client provides CachedNetworkParameters in the STK in the CHLO, then
 174   // store here, and send back in future STKs if we have no better bandwidth
 175   // estimate to send.
 176   scoped_ptr<CachedNetworkParameters> previous_cached_network_params_;
 177
 178   // Contains any source address tokens which were present in the CHLO.
 179   SourceAddressTokens previous_source_address_tokens_;
 180
 181   // If true, the server should use stateless rejects, so long as the
 182   // client supports them, as indicated by
 183   // peer_supports_stateless_rejects_.
 184   bool use_stateless_rejects_if_peer_supported_;
 185
 186   // Set to true, once the server has received information from the
 187   // client that it supports stateless reject.
 188   //  TODO(jokulik): Remove once client stateless reject support
 189   // becomes the default.
 190   bool peer_supports_stateless_rejects_;
 191
 192   DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerStream);
 193 };
 194
 195 }  // namespace net
 196
 197 #endif  // NET_QUIC_QUIC_CRYPTO_SERVER_STREAM_H_