mirror of
https://github.com/klzgrad/naiveproxy.git
synced 2024-12-01 01:36:09 +03:00
356 lines
12 KiB
C++
356 lines
12 KiB
C++
// Copyright (c) 2017 The Chromium Authors. All rights reserved.
|
|
// Use of this source code is governed by a BSD-style license that can be
|
|
// found in the LICENSE file.
|
|
|
|
#include "net/quic/quartc/quartc_session.h"
|
|
|
|
#include "net/quic/platform/api/quic_ptr_util.h"
|
|
|
|
using std::string;
|
|
|
|
namespace net {
|
|
|
|
namespace {
|
|
|
|
// Default priority for incoming QUIC streams.
|
|
// TODO(zhihuang): Determine if this value is correct.
|
|
static const SpdyPriority kDefaultPriority = 3;
|
|
|
|
// Arbitrary server port number for net::QuicCryptoClientConfig.
|
|
const int kQuicServerPort = 0;
|
|
|
|
// Length of HKDF input keying material, equal to its number of bytes.
|
|
// https://tools.ietf.org/html/rfc5869#section-2.2.
|
|
// TODO(zhihuang): Verify that input keying material length is correct.
|
|
const size_t kInputKeyingMaterialLength = 32;
|
|
|
|
// Used by QuicCryptoServerConfig to provide dummy proof credentials.
|
|
// TODO(zhihuang): Remove when secure P2P QUIC handshake is possible.
|
|
class DummyProofSource : public ProofSource {
|
|
public:
|
|
DummyProofSource() {}
|
|
~DummyProofSource() override {}
|
|
|
|
// ProofSource override.
|
|
void GetProof(const QuicSocketAddress& server_addr,
|
|
const string& hostname,
|
|
const string& server_config,
|
|
QuicTransportVersion transport_version,
|
|
QuicStringPiece chlo_hash,
|
|
std::unique_ptr<Callback> callback) override {
|
|
QuicReferenceCountedPointer<ProofSource::Chain> chain;
|
|
QuicCryptoProof proof;
|
|
std::vector<string> certs;
|
|
certs.push_back("Dummy cert");
|
|
chain = new ProofSource::Chain(certs);
|
|
proof.signature = "Dummy signature";
|
|
proof.leaf_cert_scts = "Dummy timestamp";
|
|
callback->Run(true, chain, proof, nullptr /* details */);
|
|
}
|
|
|
|
QuicReferenceCountedPointer<Chain> GetCertChain(
|
|
const QuicSocketAddress& server_address,
|
|
const string& hostname) override {
|
|
return QuicReferenceCountedPointer<Chain>();
|
|
}
|
|
|
|
void ComputeTlsSignature(
|
|
const QuicSocketAddress& server_address,
|
|
const string& hostname,
|
|
uint16_t signature_algorithm,
|
|
QuicStringPiece in,
|
|
std::unique_ptr<SignatureCallback> callback) override {
|
|
callback->Run(true, "Dummy signature");
|
|
}
|
|
};
|
|
|
|
// Used by QuicCryptoClientConfig to ignore the peer's credentials
|
|
// and establish an insecure QUIC connection.
|
|
// TODO(zhihuang): Remove when secure P2P QUIC handshake is possible.
|
|
class InsecureProofVerifier : public ProofVerifier {
|
|
public:
|
|
InsecureProofVerifier() {}
|
|
~InsecureProofVerifier() override {}
|
|
|
|
// ProofVerifier override.
|
|
QuicAsyncStatus VerifyProof(
|
|
const string& hostname,
|
|
const uint16_t port,
|
|
const string& server_config,
|
|
QuicTransportVersion transport_version,
|
|
QuicStringPiece chlo_hash,
|
|
const std::vector<string>& certs,
|
|
const string& cert_sct,
|
|
const string& signature,
|
|
const ProofVerifyContext* context,
|
|
string* error_details,
|
|
std::unique_ptr<ProofVerifyDetails>* verify_details,
|
|
std::unique_ptr<ProofVerifierCallback> callback) override {
|
|
return QUIC_SUCCESS;
|
|
}
|
|
|
|
QuicAsyncStatus VerifyCertChain(
|
|
const string& hostname,
|
|
const std::vector<string>& certs,
|
|
const ProofVerifyContext* context,
|
|
string* error_details,
|
|
std::unique_ptr<ProofVerifyDetails>* details,
|
|
std::unique_ptr<ProofVerifierCallback> callback) override {
|
|
return QUIC_SUCCESS;
|
|
}
|
|
};
|
|
} // namespace
|
|
|
|
QuicConnectionId QuartcCryptoServerStreamHelper::GenerateConnectionIdForReject(
|
|
QuicConnectionId connection_id) const {
|
|
return 0;
|
|
}
|
|
|
|
bool QuartcCryptoServerStreamHelper::CanAcceptClientHello(
|
|
const CryptoHandshakeMessage& message,
|
|
const QuicSocketAddress& self_address,
|
|
string* error_details) const {
|
|
return true;
|
|
}
|
|
|
|
QuartcSession::QuartcSession(std::unique_ptr<QuicConnection> connection,
|
|
const QuicConfig& config,
|
|
const string& unique_remote_server_id,
|
|
Perspective perspective,
|
|
QuicConnectionHelperInterface* helper,
|
|
QuicClock* clock)
|
|
: QuicSession(connection.get(), nullptr /*visitor*/, config),
|
|
unique_remote_server_id_(unique_remote_server_id),
|
|
perspective_(perspective),
|
|
connection_(std::move(connection)),
|
|
helper_(helper),
|
|
clock_(clock) {
|
|
// Initialization with default crypto configuration.
|
|
if (perspective_ == Perspective::IS_CLIENT) {
|
|
std::unique_ptr<ProofVerifier> proof_verifier(new InsecureProofVerifier);
|
|
quic_crypto_client_config_.reset(
|
|
new QuicCryptoClientConfig(std::move(proof_verifier)));
|
|
} else {
|
|
std::unique_ptr<ProofSource> proof_source(new DummyProofSource);
|
|
// Generate a random source address token secret. For long-running servers
|
|
// it's better to not regenerate it for each connection to enable zero-RTT
|
|
// handshakes, but for transient clients it does not matter.
|
|
char source_address_token_secret[kInputKeyingMaterialLength];
|
|
helper_->GetRandomGenerator()->RandBytes(source_address_token_secret,
|
|
kInputKeyingMaterialLength);
|
|
quic_crypto_server_config_.reset(new QuicCryptoServerConfig(
|
|
string(source_address_token_secret, kInputKeyingMaterialLength),
|
|
helper_->GetRandomGenerator(), std::move(proof_source)));
|
|
// Provide server with serialized config string to prove ownership.
|
|
QuicCryptoServerConfig::ConfigOptions options;
|
|
// The |message| is used to handle the return value of AddDefaultConfig
|
|
// which is raw pointer of the CryptoHandshakeMessage.
|
|
std::unique_ptr<CryptoHandshakeMessage> message(
|
|
quic_crypto_server_config_->AddDefaultConfig(
|
|
helper_->GetRandomGenerator(), helper_->GetClock(), options));
|
|
}
|
|
}
|
|
|
|
QuartcSession::~QuartcSession() {}
|
|
|
|
const QuicCryptoStream* QuartcSession::GetCryptoStream() const {
|
|
return crypto_stream_.get();
|
|
}
|
|
|
|
QuicCryptoStream* QuartcSession::GetMutableCryptoStream() {
|
|
return crypto_stream_.get();
|
|
}
|
|
|
|
QuartcStream* QuartcSession::CreateOutgoingDynamicStream() {
|
|
return ActivateDataStream(
|
|
CreateDataStream(GetNextOutgoingStreamId(), kDefaultPriority));
|
|
}
|
|
|
|
void QuartcSession::OnCryptoHandshakeEvent(CryptoHandshakeEvent event) {
|
|
QuicSession::OnCryptoHandshakeEvent(event);
|
|
if (event == HANDSHAKE_CONFIRMED) {
|
|
DCHECK(IsEncryptionEstablished());
|
|
DCHECK(IsCryptoHandshakeConfirmed());
|
|
|
|
DCHECK(session_delegate_);
|
|
session_delegate_->OnCryptoHandshakeComplete();
|
|
}
|
|
}
|
|
|
|
void QuartcSession::CloseStream(QuicStreamId stream_id) {
|
|
if (IsClosedStream(stream_id)) {
|
|
// When CloseStream has been called recursively (via
|
|
// QuicStream::OnClose), the stream is already closed so return.
|
|
return;
|
|
}
|
|
write_blocked_streams()->UnregisterStream(stream_id);
|
|
QuicSession::CloseStream(stream_id);
|
|
}
|
|
|
|
void QuartcSession::CancelStream(QuicStreamId stream_id) {
|
|
ResetStream(stream_id, QuicRstStreamErrorCode::QUIC_STREAM_CANCELLED);
|
|
}
|
|
|
|
void QuartcSession::ResetStream(QuicStreamId stream_id,
|
|
QuicRstStreamErrorCode error) {
|
|
if (!IsOpenStream(stream_id)) {
|
|
return;
|
|
}
|
|
QuicStream* stream = QuicSession::GetOrCreateStream(stream_id);
|
|
if (stream) {
|
|
stream->Reset(error);
|
|
}
|
|
}
|
|
|
|
bool QuartcSession::IsOpenStream(QuicStreamId stream_id) {
|
|
return QuicSession::IsOpenStream(stream_id);
|
|
}
|
|
|
|
QuartcSessionStats QuartcSession::GetStats() {
|
|
QuartcSessionStats stats;
|
|
const QuicConnectionStats& connection_stats = connection_->GetStats();
|
|
stats.bandwidth_estimate = connection_stats.estimated_bandwidth;
|
|
stats.smoothed_rtt =
|
|
QuicTime::Delta::FromMicroseconds(connection_stats.srtt_us);
|
|
return stats;
|
|
}
|
|
|
|
void QuartcSession::OnConnectionClosed(QuicErrorCode error,
|
|
const string& error_details,
|
|
ConnectionCloseSource source) {
|
|
QuicSession::OnConnectionClosed(error, error_details, source);
|
|
DCHECK(session_delegate_);
|
|
session_delegate_->OnConnectionClosed(
|
|
error, source == ConnectionCloseSource::FROM_PEER);
|
|
}
|
|
|
|
void QuartcSession::StartCryptoHandshake() {
|
|
if (perspective_ == Perspective::IS_CLIENT) {
|
|
QuicServerId server_id(unique_remote_server_id_, kQuicServerPort);
|
|
QuicCryptoClientStream* crypto_stream =
|
|
new QuicCryptoClientStream(server_id, this, new ProofVerifyContext(),
|
|
quic_crypto_client_config_.get(), this);
|
|
crypto_stream_.reset(crypto_stream);
|
|
QuicSession::Initialize();
|
|
crypto_stream->CryptoConnect();
|
|
} else {
|
|
quic_compressed_certs_cache_.reset(new QuicCompressedCertsCache(
|
|
QuicCompressedCertsCache::kQuicCompressedCertsCacheSize));
|
|
bool use_stateless_rejects_if_peer_supported = false;
|
|
QuicCryptoServerStream* crypto_stream = new QuicCryptoServerStream(
|
|
quic_crypto_server_config_.get(), quic_compressed_certs_cache_.get(),
|
|
use_stateless_rejects_if_peer_supported, this, &stream_helper_);
|
|
crypto_stream_.reset(crypto_stream);
|
|
QuicSession::Initialize();
|
|
}
|
|
}
|
|
|
|
bool QuartcSession::ExportKeyingMaterial(const string& label,
|
|
const uint8_t* context,
|
|
size_t context_len,
|
|
bool used_context,
|
|
uint8_t* result,
|
|
size_t result_len) {
|
|
string quic_context(reinterpret_cast<const char*>(context), context_len);
|
|
string quic_result;
|
|
bool success = crypto_stream_->ExportKeyingMaterial(label, quic_context,
|
|
result_len, &quic_result);
|
|
quic_result.copy(reinterpret_cast<char*>(result), result_len);
|
|
DCHECK(quic_result.length() == result_len);
|
|
return success;
|
|
}
|
|
|
|
void QuartcSession::CloseConnection(const string& details) {
|
|
connection_->CloseConnection(
|
|
QuicErrorCode::QUIC_CONNECTION_CANCELLED, details,
|
|
ConnectionCloseBehavior::SEND_CONNECTION_CLOSE_PACKET_WITH_NO_ACK);
|
|
}
|
|
|
|
QuartcStreamInterface* QuartcSession::CreateOutgoingStream(
|
|
const OutgoingStreamParameters& param) {
|
|
// The |param| is for forward-compatibility. Not used for now.
|
|
return CreateOutgoingDynamicStream();
|
|
}
|
|
|
|
void QuartcSession::SetDelegate(
|
|
QuartcSessionInterface::Delegate* session_delegate) {
|
|
if (session_delegate_) {
|
|
LOG(WARNING) << "The delegate for the session has already been set.";
|
|
}
|
|
session_delegate_ = session_delegate;
|
|
DCHECK(session_delegate_);
|
|
}
|
|
|
|
void QuartcSession::OnTransportCanWrite() {
|
|
if (HasDataToWrite()) {
|
|
connection()->OnCanWrite();
|
|
}
|
|
}
|
|
|
|
bool QuartcSession::OnTransportReceived(const char* data, size_t data_len) {
|
|
QuicReceivedPacket packet(data, data_len, clock_->Now());
|
|
ProcessUdpPacket(connection()->self_address(), connection()->peer_address(),
|
|
packet);
|
|
return true;
|
|
}
|
|
|
|
void QuartcSession::OnProofValid(
|
|
const QuicCryptoClientConfig::CachedState& cached) {
|
|
// TODO(zhihuang): Handle the proof verification.
|
|
}
|
|
|
|
void QuartcSession::OnProofVerifyDetailsAvailable(
|
|
const ProofVerifyDetails& verify_details) {
|
|
// TODO(zhihuang): Handle the proof verification.
|
|
}
|
|
|
|
void QuartcSession::SetClientCryptoConfig(
|
|
QuicCryptoClientConfig* client_config) {
|
|
quic_crypto_client_config_.reset(client_config);
|
|
}
|
|
|
|
void QuartcSession::SetServerCryptoConfig(
|
|
QuicCryptoServerConfig* server_config) {
|
|
quic_crypto_server_config_.reset(server_config);
|
|
}
|
|
|
|
QuicStream* QuartcSession::CreateIncomingDynamicStream(QuicStreamId id) {
|
|
return ActivateDataStream(CreateDataStream(id, kDefaultPriority));
|
|
}
|
|
|
|
std::unique_ptr<QuartcStream> QuartcSession::CreateDataStream(
|
|
QuicStreamId id,
|
|
SpdyPriority priority) {
|
|
if (crypto_stream_ == nullptr || !crypto_stream_->encryption_established()) {
|
|
// Encryption not active so no stream created
|
|
return nullptr;
|
|
}
|
|
auto stream = QuicMakeUnique<QuartcStream>(id, this);
|
|
if (stream) {
|
|
// Register the stream to the QuicWriteBlockedList. |priority| is clamped
|
|
// between 0 and 7, with 0 being the highest priority and 7 the lowest
|
|
// priority.
|
|
write_blocked_streams()->RegisterStream(stream->id(), priority);
|
|
|
|
if (IsIncomingStream(id)) {
|
|
DCHECK(session_delegate_);
|
|
// Incoming streams need to be registered with the session_delegate_.
|
|
session_delegate_->OnIncomingStream(stream.get());
|
|
}
|
|
}
|
|
return stream;
|
|
}
|
|
|
|
QuartcStream* QuartcSession::ActivateDataStream(
|
|
std::unique_ptr<QuartcStream> stream) {
|
|
// Transfer ownership of the data stream to the session via ActivateStream().
|
|
QuartcStream* raw = stream.release();
|
|
if (raw) {
|
|
// Make QuicSession take ownership of the stream.
|
|
ActivateStream(std::unique_ptr<QuicStream>(raw));
|
|
}
|
|
return raw;
|
|
}
|
|
|
|
} // namespace net
|