net/quic/quic_crypto_client_stream.h

   1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
   2 // Use of this source code is governed by a BSD-style license that can be
   3 // found in the LICENSE file.
   4
   5 #ifndef NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
   6 #define NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_
   7
   8 #include <string>
   9
  10 #include "net/quic/crypto/channel_id.h"
  11 #include "net/quic/crypto/proof_verifier.h"
  12 #include "net/quic/crypto/quic_crypto_client_config.h"
  13 #include "net/quic/quic_config.h"
  14 #include "net/quic/quic_crypto_stream.h"
  15 #include "net/quic/quic_server_id.h"
  16
  17 namespace net {
  18
  19 class QuicClientSessionBase;
  20
  21 namespace test {
  22 class CryptoTestUtils;
  23 class QuicClientSessionPeer;
  24 }  // namespace test
  25
  26 class NET_EXPORT_PRIVATE QuicCryptoClientStream : public QuicCryptoStream {
  27  public:
  28   QuicCryptoClientStream(const QuicServerId& server_id,
  29                          QuicClientSessionBase* session,
  30                          ProofVerifyContext* verify_context,
  31                          QuicCryptoClientConfig* crypto_config);
  32   ~QuicCryptoClientStream() override;
  33
  34   // CryptoFramerVisitorInterface implementation
  35   void OnHandshakeMessage(const CryptoHandshakeMessage& message) override;
  36
  37   // Performs a crypto handshake with the server.
  38   virtual void CryptoConnect();
  39
  40   // num_sent_client_hellos returns the number of client hello messages that
  41   // have been sent. If the handshake has completed then this is one greater
  42   // than the number of round-trips needed for the handshake.
  43   int num_sent_client_hellos() const;
  44
  45   // Returns true if a channel ID was sent on this connection.
  46   bool WasChannelIDSent() const;
  47
  48   // Returns true if our ChannelIDSourceCallback was run, which implies the
  49   // ChannelIDSource operated asynchronously. Intended for testing.
  50   bool WasChannelIDSourceCallbackRun() const;
  51
  52  private:
  53   // ChannelIDSourceCallbackImpl is passed as the callback method to
  54   // GetChannelIDKey. The ChannelIDSource calls this class with the result of
  55   // channel ID lookup when lookup is performed asynchronously.
  56   class ChannelIDSourceCallbackImpl : public ChannelIDSourceCallback {
  57    public:
  58     explicit ChannelIDSourceCallbackImpl(QuicCryptoClientStream* stream);
  59     ~ChannelIDSourceCallbackImpl() override;
  60
  61     // ChannelIDSourceCallback interface.
  62     void Run(scoped_ptr<ChannelIDKey>* channel_id_key) override;
  63
  64     // Cancel causes any future callbacks to be ignored. It must be called on
  65     // the same thread as the callback will be made on.
  66     void Cancel();
  67
  68    private:
  69     QuicCryptoClientStream* stream_;
  70   };
  71
  72   // ProofVerifierCallbackImpl is passed as the callback method to VerifyProof.
  73   // The ProofVerifier calls this class with the result of proof verification
  74   // when verification is performed asynchronously.
  75   class ProofVerifierCallbackImpl : public ProofVerifierCallback {
  76    public:
  77     explicit ProofVerifierCallbackImpl(QuicCryptoClientStream* stream);
  78     ~ProofVerifierCallbackImpl() override;
  79
  80     // ProofVerifierCallback interface.
  81     void Run(bool ok,
  82              const std::string& error_details,
  83              scoped_ptr<ProofVerifyDetails>* details) override;
  84
  85     // Cancel causes any future callbacks to be ignored. It must be called on
  86     // the same thread as the callback will be made on.
  87     void Cancel();
  88
  89    private:
  90     QuicCryptoClientStream* stream_;
  91   };
  92
  93   friend class test::CryptoTestUtils;
  94   friend class test::QuicClientSessionPeer;
  95
  96   enum State {
  97     STATE_IDLE,
  98     STATE_INITIALIZE,
  99     STATE_SEND_CHLO,
 100     STATE_RECV_REJ,
 101     STATE_VERIFY_PROOF,
 102     STATE_VERIFY_PROOF_COMPLETE,
 103     STATE_GET_CHANNEL_ID,
 104     STATE_GET_CHANNEL_ID_COMPLETE,
 105     STATE_RECV_SHLO,
 106     STATE_INITIALIZE_SCUP,
 107     STATE_NONE,
 108   };
 109
 110   // Handles new server config and optional source-address token provided by the
 111   // server during a connection.
 112   void HandleServerConfigUpdateMessage(
 113       const CryptoHandshakeMessage& server_config_update);
 114
 115   // DoHandshakeLoop performs a step of the handshake state machine. Note that
 116   // |in| may be nullptr if the call did not result from a received message.
 117   void DoHandshakeLoop(const CryptoHandshakeMessage* in);
 118
 119   // Start the handshake process.
 120   void DoInitialize(QuicCryptoClientConfig::CachedState* cached);
 121
 122   // Send either InchoateClientHello or ClientHello message to the server.
 123   void DoSendCHLO(const CryptoHandshakeMessage* in,
 124                   QuicCryptoClientConfig::CachedState* cached);
 125
 126   // Process REJ message from the server.
 127   void DoReceiveREJ(const CryptoHandshakeMessage* in,
 128                     QuicCryptoClientConfig::CachedState* cached);
 129
 130   // Start the proof verification process. Returns the QuicAsyncStatus returned
 131   // by the ProofVerifier's VerifyProof.
 132   QuicAsyncStatus DoVerifyProof(QuicCryptoClientConfig::CachedState* cached);
 133
 134   // If proof is valid then it sets the proof as valid (which persists the
 135   // server config). If not, it closes the connection.
 136   void DoVerifyProofComplete(QuicCryptoClientConfig::CachedState* cached);
 137
 138   // Start the look up of Channel ID process. Returns either QUIC_SUCCESS if
 139   // RequiresChannelID returns false or QuicAsyncStatus returned by
 140   // GetChannelIDKey.
 141   QuicAsyncStatus DoGetChannelID(QuicCryptoClientConfig::CachedState* cached);
 142
 143   // If there is no channel ID, then close the connection otherwise transtion to
 144   // STATE_SEND_CHLO state.
 145   void DoGetChannelIDComplete();
 146
 147   // Process SHLO message from the server.
 148   void DoReceiveSHLO(const CryptoHandshakeMessage* in,
 149                      QuicCryptoClientConfig::CachedState* cached);
 150
 151   // Start the proof verification if |server_id_| is https and |cached| has
 152   // signature.
 153   void DoInitializeServerConfigUpdate(
 154       QuicCryptoClientConfig::CachedState* cached);
 155
 156   // Called to set the proof of |cached| valid.  Also invokes the session's
 157   // OnProofValid() method.
 158   void SetCachedProofValid(QuicCryptoClientConfig::CachedState* cached);
 159
 160   // Returns true if the server crypto config in |cached| requires a ChannelID
 161   // and the client config settings also allow sending a ChannelID.
 162   bool RequiresChannelID(QuicCryptoClientConfig::CachedState* cached);
 163
 164   QuicClientSessionBase* client_session();
 165
 166   State next_state_;
 167   // num_client_hellos_ contains the number of client hello messages that this
 168   // connection has sent.
 169   int num_client_hellos_;
 170
 171   QuicCryptoClientConfig* const crypto_config_;
 172
 173   // Client's connection nonce (4-byte timestamp + 28 random bytes)
 174   std::string nonce_;
 175   // Server's (hostname, port, is_https, privacy_mode) tuple.
 176   const QuicServerId server_id_;
 177
 178   // Generation counter from QuicCryptoClientConfig's CachedState.
 179   uint64 generation_counter_;
 180
 181   // True if a channel ID was sent.
 182   bool channel_id_sent_;
 183
 184   // True if channel_id_source_callback_ was run.
 185   bool channel_id_source_callback_run_;
 186
 187   // channel_id_source_callback_ contains the callback object that we passed
 188   // to an asynchronous channel ID lookup. The ChannelIDSource owns this
 189   // object.
 190   ChannelIDSourceCallbackImpl* channel_id_source_callback_;
 191
 192   // These members are used to store the result of an asynchronous channel ID
 193   // lookup. These members must not be used after
 194   // STATE_GET_CHANNEL_ID_COMPLETE.
 195   scoped_ptr<ChannelIDKey> channel_id_key_;
 196
 197   // verify_context_ contains the context object that we pass to asynchronous
 198   // proof verifications.
 199   scoped_ptr<ProofVerifyContext> verify_context_;
 200
 201   // proof_verify_callback_ contains the callback object that we passed to an
 202   // asynchronous proof verification. The ProofVerifier owns this object.
 203   ProofVerifierCallbackImpl* proof_verify_callback_;
 204
 205   // These members are used to store the result of an asynchronous proof
 206   // verification. These members must not be used after
 207   // STATE_VERIFY_PROOF_COMPLETE.
 208   bool verify_ok_;
 209   std::string verify_error_details_;
 210   scoped_ptr<ProofVerifyDetails> verify_details_;
 211
 212   // True if the server responded to a previous CHLO with a stateless
 213   // reject.  Used for book-keeping between the STATE_RECV_REJ,
 214   // STATE_VERIFY_PROOF*, and subsequent STATE_SEND_CHLO state.
 215   bool stateless_reject_received_;
 216
 217   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientStream);
 218 };
 219
 220 }  // namespace net
 221
 222 #endif  // NET_QUIC_QUIC_CRYPTO_CLIENT_STREAM_H_