blob: 8c3a548da3e4c6956028d61130ea38998e2e9033 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
|
// Copyright (c) 2012 The Chromium Authors. All rights reserved.
// Use of this source code is governed by a BSD-style license that can be
// found in the LICENSE file.
#ifndef NET_QUIC_CORE_QUIC_CRYPTO_STREAM_H_
#define NET_QUIC_CORE_QUIC_CRYPTO_STREAM_H_
#include <cstddef>
#include "base/macros.h"
#include "net/quic/core/crypto/crypto_framer.h"
#include "net/quic/core/crypto/crypto_utils.h"
#include "net/quic/core/quic_config.h"
#include "net/quic/core/quic_packets.h"
#include "net/quic/core/quic_stream.h"
#include "net/quic/platform/api/quic_export.h"
#include "net/quic/platform/api/quic_string_piece.h"
namespace net {
class QuicSession;
// Crypto handshake messages in QUIC take place over a reserved stream with the
// id 1. Each endpoint (client and server) will allocate an instance of a
// subclass of QuicCryptoStream to send and receive handshake messages. (In the
// normal 1-RTT handshake, the client will send a client hello, CHLO, message.
// The server will receive this message and respond with a server hello message,
// SHLO. At this point both sides will have established a crypto context they
// can use to send encrypted messages.
//
// For more details:
// https://docs.google.com/document/d/1g5nIXAIkN_Y-7XJW5K45IblHd_L2f5LTaDUDwvZ5L6g/edit?usp=sharing
class QUIC_EXPORT_PRIVATE QuicCryptoStream : public QuicStream {
public:
explicit QuicCryptoStream(QuicSession* session);
~QuicCryptoStream() override;
// Returns the per-packet framing overhead associated with sending a
// handshake message for |version|.
static QuicByteCount CryptoMessageFramingOverhead(QuicVersion version);
// QuicStream implementation
void OnDataAvailable() override;
// Performs key extraction to derive a new secret of |result_len| bytes
// dependent on |label|, |context|, and the stream's negotiated subkey secret.
// Returns false if the handshake has not been confirmed or the parameters are
// invalid (e.g. |label| contains null bytes); returns true on success.
bool ExportKeyingMaterial(QuicStringPiece label,
QuicStringPiece context,
size_t result_len,
std::string* result) const;
// Performs key extraction for Token Binding. Unlike ExportKeyingMaterial,
// this function can be called before forward-secure encryption is
// established. Returns false if initial encryption has not been established,
// and true on success.
//
// Since this depends only on the initial keys, a signature over it can be
// repurposed by an attacker who obtains the client's or server's DH private
// value.
bool ExportTokenBindingKeyingMaterial(std::string* result) const;
// Returns true once an encrypter has been set for the connection.
virtual bool encryption_established() const = 0;
// Returns true once the crypto handshake has completed.
virtual bool handshake_confirmed() const = 0;
// Returns the parameters negotiated in the crypto handshake.
virtual const QuicCryptoNegotiatedParameters& crypto_negotiated_params()
const = 0;
// Provides the message parser to use when data is received on this stream.
virtual CryptoMessageParser* crypto_message_parser() = 0;
private:
DISALLOW_COPY_AND_ASSIGN(QuicCryptoStream);
};
} // namespace net
#endif // NET_QUIC_CORE_QUIC_CRYPTO_STREAM_H_
|