diff options
author | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-24 11:40:17 +0200 |
---|---|---|
committer | Allan Sandfeld Jensen <allan.jensen@qt.io> | 2019-05-24 12:42:11 +0000 |
commit | 5d87695f37678f96492b258bbab36486c59866b4 (patch) | |
tree | be9783bbaf04fb930c4d74ca9c00b5e7954c8bc6 /chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h | |
parent | 6c11fb357ec39bf087b8b632e2b1e375aef1b38b (diff) | |
download | qtwebengine-chromium-5d87695f37678f96492b258bbab36486c59866b4.tar.gz |
BASELINE: Update Chromium to 75.0.3770.56
Change-Id: I86d2007fd27a45d5797eee06f4c9369b8b50ac4f
Reviewed-by: Alexandru Croitor <alexandru.croitor@qt.io>
Diffstat (limited to 'chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h')
-rw-r--r-- | chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h | 224 |
1 files changed, 224 insertions, 0 deletions
diff --git a/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h new file mode 100644 index 00000000000..a00302779d9 --- /dev/null +++ b/chromium/net/third_party/quiche/src/quic/core/quic_crypto_server_stream.h @@ -0,0 +1,224 @@ +// Copyright (c) 2012 The Chromium Authors. All rights reserved. +// Use of this source code is governed by a BSD-style license that can be +// found in the LICENSE file. + +#ifndef QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_H_ +#define QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_H_ + +#include <cstdint> +#include <memory> +#include <string> + +#include "net/third_party/quiche/src/quic/core/crypto/crypto_handshake.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_compressed_certs_cache.h" +#include "net/third_party/quiche/src/quic/core/crypto/quic_crypto_server_config.h" +#include "net/third_party/quiche/src/quic/core/quic_config.h" +#include "net/third_party/quiche/src/quic/core/quic_crypto_handshaker.h" +#include "net/third_party/quiche/src/quic/core/quic_crypto_stream.h" +#include "net/third_party/quiche/src/quic/core/quic_session.h" +#include "net/third_party/quiche/src/quic/platform/api/quic_export.h" + +namespace quic { + +class CachedNetworkParameters; +class CryptoHandshakeMessage; +class QuicCryptoServerConfig; +class QuicCryptoServerStreamBase; + +// TODO(alyssar) see what can be moved out of QuicCryptoServerStream with +// various code and test refactoring. +class QUIC_EXPORT_PRIVATE QuicCryptoServerStreamBase : public QuicCryptoStream { + public: + explicit QuicCryptoServerStreamBase(QuicSession* session); + + ~QuicCryptoServerStreamBase() override {} + + // Cancel any outstanding callbacks, such as asynchronous validation of client + // hello. + virtual void CancelOutstandingCallbacks() = 0; + + // GetBase64SHA256ClientChannelID sets |*output| to the base64 encoded, + // SHA-256 hash of the client's ChannelID key and returns true, if the client + // presented a ChannelID. Otherwise it returns false. + virtual bool GetBase64SHA256ClientChannelID(std::string* output) const = 0; + + virtual int NumServerConfigUpdateMessagesSent() const = 0; + + // Sends the latest server config and source-address token to the client. + virtual void SendServerConfigUpdate( + const CachedNetworkParameters* cached_network_params) = 0; + + // These are all accessors and setters to their respective counters. + virtual uint8_t NumHandshakeMessages() const = 0; + virtual uint8_t NumHandshakeMessagesWithServerNonces() const = 0; + virtual bool UseStatelessRejectsIfPeerSupported() const = 0; + virtual bool PeerSupportsStatelessRejects() const = 0; + virtual bool ZeroRttAttempted() const = 0; + virtual void SetPeerSupportsStatelessRejects(bool set) = 0; + virtual const CachedNetworkParameters* PreviousCachedNetworkParams() + const = 0; + virtual void SetPreviousCachedNetworkParams( + CachedNetworkParameters cached_network_params) = 0; + + // Checks the options on the handshake-message to see whether the + // peer supports stateless-rejects. + static bool DoesPeerSupportStatelessRejects( + const CryptoHandshakeMessage& message); +}; + +class QUIC_EXPORT_PRIVATE QuicCryptoServerStream + : public QuicCryptoServerStreamBase { + public: + // QuicCryptoServerStream creates a HandshakerDelegate at construction time + // based on the QuicTransportVersion of the connection. Different + // HandshakerDelegates provide implementations of different crypto handshake + // protocols. Currently QUIC crypto is the only protocol implemented; a future + // HandshakerDelegate will use TLS as the handshake protocol. + // QuicCryptoServerStream delegates all of its public methods to its + // HandshakerDelegate. + // + // This setup of the crypto stream delegating its implementation to the + // handshaker results in the handshaker reading and writing bytes on the + // crypto stream, instead of the handshake rpassing the stream bytes to send. + class QUIC_EXPORT_PRIVATE HandshakerDelegate { + public: + virtual ~HandshakerDelegate() {} + + // Cancel any outstanding callbacks, such as asynchronous validation of + // client hello. + virtual void CancelOutstandingCallbacks() = 0; + + // GetBase64SHA256ClientChannelID sets |*output| to the base64 encoded, + // SHA-256 hash of the client's ChannelID key and returns true, if the + // client presented a ChannelID. Otherwise it returns false. + virtual bool GetBase64SHA256ClientChannelID(std::string* output) const = 0; + + // Sends the latest server config and source-address token to the client. + virtual void SendServerConfigUpdate( + const CachedNetworkParameters* cached_network_params) = 0; + + // These are all accessors and setters to their respective counters. + virtual uint8_t NumHandshakeMessages() const = 0; + virtual uint8_t NumHandshakeMessagesWithServerNonces() const = 0; + virtual int NumServerConfigUpdateMessagesSent() const = 0; + virtual const CachedNetworkParameters* PreviousCachedNetworkParams() + const = 0; + virtual bool ZeroRttAttempted() const = 0; + virtual void SetPreviousCachedNetworkParams( + CachedNetworkParameters cached_network_params) = 0; + + // NOTE: Indicating that the Expect-CT header should be sent here presents a + // layering violation to some extent. The Expect-CT header only applies to + // HTTP connections, while this class can be used for non-HTTP applications. + // However, it is exposed here because that is the only place where the + // configuration for the certificate used in the connection is accessible. + virtual bool ShouldSendExpectCTHeader() const = 0; + + // Returns true once any encrypter (initial/0RTT or final/1RTT) has been set + // for the connection. + virtual bool encryption_established() const = 0; + + // Returns true once the crypto handshake has completed. + virtual bool handshake_confirmed() const = 0; + + // Returns the parameters negotiated in the crypto handshake. + virtual const QuicCryptoNegotiatedParameters& crypto_negotiated_params() + const = 0; + + // Used by QuicCryptoStream to parse data received on this stream. + virtual CryptoMessageParser* crypto_message_parser() = 0; + }; + + class Helper { + public: + virtual ~Helper() {} + + // Given the current connection_id, generates a new ConnectionId to + // be returned with a stateless reject. + virtual QuicConnectionId GenerateConnectionIdForReject( + QuicTransportVersion version, + QuicConnectionId connection_id) const = 0; + + // Returns true if |message|, which was received on |self_address| is + // acceptable according to the visitor's policy. Otherwise, returns false + // and populates |error_details|. + virtual bool CanAcceptClientHello(const CryptoHandshakeMessage& message, + const QuicSocketAddress& client_address, + const QuicSocketAddress& peer_address, + const QuicSocketAddress& self_address, + std::string* error_details) const = 0; + }; + + // |crypto_config| must outlive the stream. + // |session| must outlive the stream. + // |helper| must outlive the stream. + QuicCryptoServerStream(const QuicCryptoServerConfig* crypto_config, + QuicCompressedCertsCache* compressed_certs_cache, + bool use_stateless_rejects_if_peer_supported, + QuicSession* session, + Helper* helper); + QuicCryptoServerStream(const QuicCryptoServerStream&) = delete; + QuicCryptoServerStream& operator=(const QuicCryptoServerStream&) = delete; + + ~QuicCryptoServerStream() override; + + // From QuicCryptoServerStreamBase + void CancelOutstandingCallbacks() override; + bool GetBase64SHA256ClientChannelID(std::string* output) const override; + void SendServerConfigUpdate( + const CachedNetworkParameters* cached_network_params) override; + uint8_t NumHandshakeMessages() const override; + uint8_t NumHandshakeMessagesWithServerNonces() const override; + int NumServerConfigUpdateMessagesSent() const override; + const CachedNetworkParameters* PreviousCachedNetworkParams() const override; + bool UseStatelessRejectsIfPeerSupported() const override; + bool PeerSupportsStatelessRejects() const override; + bool ZeroRttAttempted() const override; + void SetPeerSupportsStatelessRejects( + bool peer_supports_stateless_rejects) override; + void SetPreviousCachedNetworkParams( + CachedNetworkParameters cached_network_params) override; + + // NOTE: Indicating that the Expect-CT header should be sent here presents + // a layering violation to some extent. The Expect-CT header only applies to + // HTTP connections, while this class can be used for non-HTTP applications. + // However, it is exposed here because that is the only place where the + // configuration for the certificate used in the connection is accessible. + bool ShouldSendExpectCTHeader() const; + + bool encryption_established() const override; + bool handshake_confirmed() const override; + const QuicCryptoNegotiatedParameters& crypto_negotiated_params() + const override; + CryptoMessageParser* crypto_message_parser() override; + void OnSuccessfulVersionNegotiation( + const ParsedQuicVersion& version) override; + + protected: + // Provided so that subclasses can provide their own handshaker. + virtual HandshakerDelegate* handshaker() const; + + private: + std::unique_ptr<HandshakerDelegate> handshaker_; + + // If true, the server should use stateless rejects, so long as the + // client supports them, as indicated by + // peer_supports_stateless_rejects_. + bool use_stateless_rejects_if_peer_supported_; + + // Set to true, once the server has received information from the + // client that it supports stateless reject. + // TODO(jokulik): Remove once client stateless reject support + // becomes the default. + bool peer_supports_stateless_rejects_; + + // Arguments from QuicCryptoServerStream constructor that might need to be + // passed to the HandshakerDelegate constructor in its late construction. + const QuicCryptoServerConfig* crypto_config_; + QuicCompressedCertsCache* compressed_certs_cache_; + Helper* helper_; +}; + +} // namespace quic + +#endif // QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_H_ |