Flag-protected. Add stateless reject support to crypto streams.

net/quic/quic_crypto_client_stream.cc

 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #include "net/quic/quic_crypto_client_stream.h"
 
 #include "base/metrics/histogram.h"
 #include "base/profiler/scoped_tracker.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
@@ skipping 69 matching lines @@
     : QuicCryptoStream(session),
       next_state_(STATE_IDLE),
       num_client_hellos_(0),
       crypto_config_(crypto_config),
       server_id_(server_id),
       generation_counter_(0),
       channel_id_sent_(false),
       channel_id_source_callback_run_(false),
       channel_id_source_callback_(nullptr),
       verify_context_(verify_context),
-      proof_verify_callback_(nullptr) {
+      proof_verify_callback_(nullptr),
+      stateless_reject_received_(false) {
   DCHECK_EQ(Perspective::IS_CLIENT, session->connection()->perspective());
 }
 
 QuicCryptoClientStream::~QuicCryptoClientStream() {
   if (channel_id_source_callback_) {
     channel_id_source_callback_->Cancel();
   }
   if (proof_verify_callback_) {
     proof_verify_callback_->Cancel();
   }
@@ skipping 138 matching lines @@
     // If the cached state needs to be verified, do it now.
     next_state_ = STATE_VERIFY_PROOF;
   } else {
     next_state_ = STATE_GET_CHANNEL_ID;
   }
 }
 
 void QuicCryptoClientStream::DoSendCHLO(
     const CryptoHandshakeMessage* in,
     QuicCryptoClientConfig::CachedState* cached) {
+  if (stateless_reject_received_) {
+    // If we've gotten to this point, we've sent at least one hello
+    // and received a stateless reject in response.  We cannot
+    // continue to send hellos because the server has abandoned state
+    // for this connection.  Abandon further handshakes.
+    next_state_ = STATE_NONE;
+    if (session()->connection()->connected()) {
+      session()->connection()->CloseConnection(
+          QUIC_CRYPTO_HANDSHAKE_STATELESS_REJECT, false);
+    }
+    return;
+  }
+
   // Send the client hello in plaintext.
   session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
   if (num_client_hellos_ > kMaxClientHellos) {
     CloseConnection(QUIC_CRYPTO_TOO_MANY_REJECTS);
     return;
   }
   num_client_hellos_++;
 
   CryptoHandshakeMessage out;
+  DCHECK(session() != nullptr);
+  DCHECK(session()->config() != nullptr);
+  // Send all the options, regardless of whether we're sending an
+  // inchoate or subsequent hello.
+  session()->config()->ToHandshakeMessage(&out);
   if (!cached->IsComplete(session()->connection()->clock()->WallNow())) {
     crypto_config_->FillInchoateClientHello(
         server_id_,
         session()->connection()->supported_versions().front(),
         cached, &crypto_negotiated_params_, &out);
     // Pad the inchoate client hello to fill up a packet.
     const QuicByteCount kFramingOverhead = 50;  // A rough estimate.
     const QuicByteCount max_packet_size =
         session()->connection()->max_packet_length();
     if (max_packet_size <= kFramingOverhead) {
       DLOG(DFATAL) << "max_packet_length (" << max_packet_size
                    << ") has no room for framing overhead.";
       CloseConnection(QUIC_INTERNAL_ERROR);
       return;
     }
     if (kClientHelloMinimumSize > max_packet_size - kFramingOverhead) {
       DLOG(DFATAL) << "Client hello won't fit in a single packet.";
       CloseConnection(QUIC_INTERNAL_ERROR);
       return;
     }
     out.set_minimum_size(
         static_cast<size_t>(max_packet_size - kFramingOverhead));
     next_state_ = STATE_RECV_REJ;
     SendHandshakeMessage(out);
     return;
   }
 
-  session()->config()->ToHandshakeMessage(&out);
   string error_details;
   QuicErrorCode error = crypto_config_->FillClientHello(
       server_id_,
       session()->connection()->connection_id(),
       session()->connection()->supported_versions().front(),
       cached,
       session()->connection()->clock()->WallNow(),
       session()->connection()->random_generator(),
       channel_id_key_.get(),
       &crypto_negotiated_params_,
@@ skipping 41 matching lines @@
     QuicCryptoClientConfig::CachedState* cached) {
   // TODO(rtenneti): Remove ScopedTracker below once crbug.com/422516 is fixed.
   tracked_objects::ScopedTracker tracking_profile(
       FROM_HERE_WITH_EXPLICIT_FUNCTION(
           "422516 QuicCryptoClientStream::DoReceiveREJ"));
 
   // We sent a dummy CHLO because we didn't have enough information to
   // perform a handshake, or we sent a full hello that the server
   // rejected. Here we hope to have a REJ that contains the information
   // that we need.
-  if (in->tag() != kREJ) {
+  if ((in->tag() != kREJ) && (in->tag() != kSREJ)) {
     next_state_ = STATE_NONE;
     CloseConnectionWithDetails(QUIC_INVALID_CRYPTO_MESSAGE_TYPE,
                                "Expected REJ");
     return;
   }
+  stateless_reject_received_ = in->tag() == kSREJ;
   string error_details;
   QuicErrorCode error = crypto_config_->ProcessRejection(
       *in, session()->connection()->clock()->WallNow(), cached,
       server_id_.is_https(), &crypto_negotiated_params_, &error_details);
+
   if (error != QUIC_NO_ERROR) {
     next_state_ = STATE_NONE;
     CloseConnectionWithDetails(error, error_details);
     return;
   }
   if (!cached->proof_valid()) {
     if (!server_id_.is_https()) {
       // We don't check the certificates for insecure QUIC connections.
       SetCachedProofValid(cached);
     } else if (!cached->signature().empty()) {
@@ skipping 117 matching lines @@
                                "Channel ID lookup failed");
     return;
   }
   next_state_ = STATE_SEND_CHLO;
 }
 
 void QuicCryptoClientStream::DoReceiveSHLO(
     const CryptoHandshakeMessage* in,
     QuicCryptoClientConfig::CachedState* cached) {
   next_state_ = STATE_NONE;
-  // We sent a CHLO that we expected to be accepted and now we're hoping
-  // for a SHLO from the server to confirm that.
-  if (in->tag() == kREJ) {
+  // We sent a CHLO that we expected to be accepted and now we're
+  // hoping for a SHLO from the server to confirm that.  First check
+  // to see whether the response was a reject, and if so, move on to
+  // the reject-processing state.
+  if ((in->tag() == kREJ) || (in->tag() == kSREJ)) {
     // alternative_decrypter will be nullptr if the original alternative
     // decrypter latched and became the primary decrypter. That happens
     // if we received a message encrypted with the INITIAL key.
     if (session()->connection()->alternative_decrypter() == nullptr) {
       // The rejection was sent encrypted!
       CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT,
                                  "encrypted REJ message");
       return;
     }
     next_state_ = STATE_RECV_REJ;
@@ skipping 99 matching lines @@
     }
   }
   return false;
 }
 
 QuicClientSessionBase* QuicCryptoClientStream::client_session() {
   return reinterpret_cast<QuicClientSessionBase*>(session());
 }
 
 }  // namespace net