| OLD | NEW |
|---|
| (Empty) | |
| 1 // Copyright (c) 2016 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. |
| 4 |
| 5 #include "net/quic/quartc/quartc_session.h" |
| 6 |
| 7 #include "base/rand_util.h" |
| 8 |
| 9 namespace { |
| 10 // Default priority for incoming QUIC streams. |
| 11 // TODO(zhihuang): Determine if this value is correct. |
| 12 static const net::SpdyPriority kDefaultPriority = 3; |
| 13 |
| 14 // Arbitrary server port number for net::QuicCryptoClientConfig. |
| 15 const int kQuicServerPort = 0; |
| 16 |
| 17 // Length of HKDF input keying material, equal to its number of bytes. |
| 18 // https://tools.ietf.org/html/rfc5869#section-2.2. |
| 19 // TODO(zhihuang): Verify that input keying material length is correct. |
| 20 const size_t kInputKeyingMaterialLength = 32; |
| 21 |
| 22 // Used by QuicCryptoServerConfig to provide dummy proof credentials. |
| 23 // TODO(zhihuang): Remove when secure P2P QUIC handshake is possible. |
| 24 class DummyProofSource : public net::ProofSource { |
| 25 public: |
| 26 DummyProofSource() {} |
| 27 ~DummyProofSource() override {} |
| 28 |
| 29 // ProofSource override. |
| 30 bool GetProof(const net::IPAddress& server_ip, |
| 31 const std::string& hostname, |
| 32 const std::string& server_config, |
| 33 net::QuicVersion quic_version, |
| 34 base::StringPiece chlo_hash, |
| 35 scoped_refptr<net::ProofSource::Chain>* out_chain, |
| 36 std::string* out_signature, |
| 37 std::string* out_leaf_cert_sct) override { |
| 38 std::vector<std::string> certs; |
| 39 certs.push_back("Dummy cert"); |
| 40 *out_chain = new ProofSource::Chain(certs); |
| 41 *out_signature = "Dummy signature"; |
| 42 *out_leaf_cert_sct = "Dummy timestamp"; |
| 43 return true; |
| 44 } |
| 45 |
| 46 void GetProof(const net::IPAddress& server_ip, |
| 47 const std::string& hostname, |
| 48 const std::string& server_config, |
| 49 net::QuicVersion quic_version, |
| 50 base::StringPiece chlo_hash, |
| 51 std::unique_ptr<Callback> callback) override {} |
| 52 }; |
| 53 |
| 54 // Used by QuicCryptoClientConfig to ignore the peer's credentials |
| 55 // and establish an insecure QUIC connection. |
| 56 // TODO(zhihuang): Remove when secure P2P QUIC handshake is possible. |
| 57 class InsecureProofVerifier : public net::ProofVerifier { |
| 58 public: |
| 59 InsecureProofVerifier() {} |
| 60 ~InsecureProofVerifier() override {} |
| 61 |
| 62 // ProofVerifier override. |
| 63 net::QuicAsyncStatus VerifyProof( |
| 64 const std::string& hostname, |
| 65 const uint16_t port, |
| 66 const std::string& server_config, |
| 67 net::QuicVersion quic_version, |
| 68 base::StringPiece chlo_hash, |
| 69 const std::vector<std::string>& certs, |
| 70 const std::string& cert_sct, |
| 71 const std::string& signature, |
| 72 const net::ProofVerifyContext* context, |
| 73 std::string* error_details, |
| 74 std::unique_ptr<net::ProofVerifyDetails>* verify_details, |
| 75 std::unique_ptr<net::ProofVerifierCallback> callback) override { |
| 76 return net::QUIC_SUCCESS; |
| 77 } |
| 78 |
| 79 net::QuicAsyncStatus VerifyCertChain( |
| 80 const std::string& hostname, |
| 81 const std::vector<std::string>& certs, |
| 82 const net::ProofVerifyContext* context, |
| 83 std::string* error_details, |
| 84 std::unique_ptr<net::ProofVerifyDetails>* details, |
| 85 std::unique_ptr<net::ProofVerifierCallback> callback) override { |
| 86 return net::QUIC_SUCCESS; |
| 87 } |
| 88 }; |
| 89 } |
| 90 |
| 91 namespace net { |
| 92 |
| 93 QuicConnectionId QuartcCryptoServerStreamHelper::GenerateConnectionIdForReject( |
| 94 QuicConnectionId connection_id) const { |
| 95 return 0; |
| 96 } |
| 97 |
| 98 bool QuartcCryptoServerStreamHelper::CanAcceptClientHello( |
| 99 const CryptoHandshakeMessage& message, |
| 100 const IPEndPoint& self_address, |
| 101 std::string* error_details) const { |
| 102 return true; |
| 103 } |
| 104 |
| 105 void QuartcSessionTransportObserver::OnCanWrite() { |
| 106 OnQuartcCanWrite(); |
| 107 } |
| 108 |
| 109 QuartcSession::QuartcSession( |
| 110 std::unique_ptr<QuicConnection> connection, |
| 111 const QuicConfig& config, |
| 112 const std::string& remote_fingerprint_value, |
| 113 Perspective perspective, |
| 114 QuartcSessionInterface::Transport* session_transport) |
| 115 : QuicSession(connection.release(), config), |
| 116 remote_fingerprint_value_(remote_fingerprint_value), |
| 117 perspective_(perspective), |
| 118 session_transport_(session_transport) { |
| 119 // Initialization with default crypto configuration. |
| 120 if (perspective_ == Perspective::IS_CLIENT) { |
| 121 std::unique_ptr<ProofVerifier> proof_verifier(new InsecureProofVerifier); |
| 122 quic_crypto_client_config_.reset( |
| 123 new QuicCryptoClientConfig(std::move(proof_verifier))); |
| 124 } else { |
| 125 std::unique_ptr<ProofSource> proof_source(new DummyProofSource); |
| 126 std::string source_address_token_secret = |
| 127 base::RandBytesAsString(kInputKeyingMaterialLength); |
| 128 quic_crypto_server_config_.reset(new QuicCryptoServerConfig( |
| 129 source_address_token_secret, helper_.GetRandomGenerator(), |
| 130 std::move(proof_source))); |
| 131 // Provide server with serialized config string to prove ownership. |
| 132 QuicCryptoServerConfig::ConfigOptions options; |
| 133 quic_crypto_server_config_->AddDefaultConfig(helper_.GetRandomGenerator(), |
| 134 helper_.GetClock(), options); |
| 135 } |
| 136 // Set the observer for the |session_transport_|. |
| 137 DCHECK(session_transport_); |
| 138 session_transport_->SetObserver(this); |
| 139 } |
| 140 |
| 141 QuartcSession::~QuartcSession() {} |
| 142 |
| 143 QuicCryptoStream* QuartcSession::GetCryptoStream() { |
| 144 return crypto_stream_.get(); |
| 145 } |
| 146 |
| 147 QuartcReliableStream* QuartcSession::CreateOutgoingDynamicStream( |
| 148 SpdyPriority priority) { |
| 149 return CreateDataStream(GetNextOutgoingStreamId(), priority); |
| 150 } |
| 151 |
| 152 void QuartcSession::OnCryptoHandshakeEvent(CryptoHandshakeEvent event) { |
| 153 QuicSession::OnCryptoHandshakeEvent(event); |
| 154 if (event == HANDSHAKE_CONFIRMED) { |
| 155 DCHECK(IsEncryptionEstablished()); |
| 156 DCHECK(IsCryptoHandshakeConfirmed()); |
| 157 |
| 158 DCHECK(session_observer_); |
| 159 session_observer_->OnCryptoHandshakeComplete(); |
| 160 } |
| 161 } |
| 162 |
| 163 void QuartcSession::CloseStream(QuicStreamId stream_id) { |
| 164 if (IsClosedStream(stream_id)) { |
| 165 // When CloseStream has been called recursively (via |
| 166 // ReliableQuicStream::OnClose), the stream is already closed so return. |
| 167 return; |
| 168 } |
| 169 write_blocked_streams()->UnregisterStream(stream_id); |
| 170 QuicSession::CloseStream(stream_id); |
| 171 } |
| 172 |
| 173 void QuartcSession::OnConnectionClosed(QuicErrorCode error, |
| 174 const std::string& error_details, |
| 175 ConnectionCloseSource source) { |
| 176 QuicSession::OnConnectionClosed(error, error_details, source); |
| 177 DCHECK(session_observer_); |
| 178 session_observer_->OnConnectionClosed( |
| 179 error, source == ConnectionCloseSource::FROM_PEER); |
| 180 } |
| 181 |
| 182 void QuartcSession::StartCryptoHandshake() { |
| 183 if (perspective_ == Perspective::IS_CLIENT) { |
| 184 QuicServerId server_id(remote_fingerprint_value_, kQuicServerPort); |
| 185 QuicCryptoClientStream* crypto_stream = |
| 186 new QuicCryptoClientStream(server_id, this, new ProofVerifyContext(), |
| 187 quic_crypto_client_config_.get(), this); |
| 188 crypto_stream_.reset(crypto_stream); |
| 189 QuicSession::Initialize(); |
| 190 crypto_stream->CryptoConnect(); |
| 191 } else { |
| 192 quic_compressed_certs_cache_.reset(new QuicCompressedCertsCache( |
| 193 QuicCompressedCertsCache::kQuicCompressedCertsCacheSize)); |
| 194 bool use_stateless_rejects_if_peer_supported = false; |
| 195 QuicCryptoServerStream* crypto_stream = new QuicCryptoServerStream( |
| 196 quic_crypto_server_config_.get(), quic_compressed_certs_cache_.get(), |
| 197 use_stateless_rejects_if_peer_supported, this, &stream_helper_); |
| 198 crypto_stream_.reset(crypto_stream); |
| 199 QuicSession::Initialize(); |
| 200 } |
| 201 } |
| 202 |
| 203 bool QuartcSession::ExportKeyingMaterial(const std::string& label, |
| 204 const uint8_t* context, |
| 205 size_t context_len, |
| 206 bool used_context, |
| 207 uint8_t* result, |
| 208 size_t result_len) { |
| 209 std::string quic_context(reinterpret_cast<const char*>(context), context_len); |
| 210 std::string quic_result; |
| 211 bool success = crypto_stream_->ExportKeyingMaterial(label, quic_context, |
| 212 result_len, &quic_result); |
| 213 quic_result.copy(reinterpret_cast<char*>(result), result_len); |
| 214 DCHECK(quic_result.length() == result_len); |
| 215 return success; |
| 216 } |
| 217 |
| 218 QuartcReliableStreamInterface* QuartcSession::CreateOutgoingStream( |
| 219 const OutgoingStreamParameters& param) { |
| 220 // The |param| is for forward-compatibility. Not used for now. |
| 221 return CreateOutgoingDynamicStream(kDefaultPriority); |
| 222 } |
| 223 |
| 224 void QuartcSession::OnQuartcCanWrite() { |
| 225 connection()->OnCanWrite(); |
| 226 } |
| 227 |
| 228 void QuartcSession::SetObserver( |
| 229 QuartcSessionInterface::Observer* session_observer) { |
| 230 session_observer_ = session_observer; |
| 231 DCHECK(session_observer_); |
| 232 } |
| 233 |
| 234 // Decrypts an incoming QUIC packet to a data stream. |
| 235 bool QuartcSession::OnReceived(const char* data, size_t data_len) { |
| 236 QuicReceivedPacket packet(data, data_len, clock_.Now()); |
| 237 ProcessUdpPacket(connection()->self_address(), connection()->peer_address(), |
| 238 packet); |
| 239 return true; |
| 240 } |
| 241 |
| 242 void QuartcSession::OnProofValid( |
| 243 const QuicCryptoClientConfig::CachedState& cached) { |
| 244 // TODO(zhihuang): Handle the proof verification. |
| 245 } |
| 246 |
| 247 void QuartcSession::OnProofVerifyDetailsAvailable( |
| 248 const ProofVerifyDetails& verify_details) { |
| 249 // TODO(zhihuang): Handle the proof verification. |
| 250 } |
| 251 |
| 252 void QuartcSession::SetClientCryptoConfig( |
| 253 QuicCryptoClientConfig* client_config) { |
| 254 quic_crypto_client_config_.reset(client_config); |
| 255 } |
| 256 |
| 257 void QuartcSession::SetServerCryptoConfig( |
| 258 QuicCryptoServerConfig* server_config) { |
| 259 quic_crypto_server_config_.reset(server_config); |
| 260 } |
| 261 |
| 262 ReliableQuicStream* QuartcSession::CreateIncomingDynamicStream( |
| 263 QuicStreamId id) { |
| 264 QuartcReliableStream* stream = CreateDataStream(id, kDefaultPriority); |
| 265 if (stream) { |
| 266 DCHECK(session_observer_); |
| 267 session_observer_->OnIncomingStream(stream); |
| 268 } |
| 269 return stream; |
| 270 } |
| 271 |
| 272 QuartcReliableStream* QuartcSession::CreateDataStream(QuicStreamId id, |
| 273 SpdyPriority priority) { |
| 274 if (crypto_stream_ == nullptr || !crypto_stream_->encryption_established()) { |
| 275 // Encryption not active so no stream created |
| 276 return nullptr; |
| 277 } |
| 278 QuartcReliableStream* stream = new QuartcReliableStream(id, this); |
| 279 if (stream) { |
| 280 // Make QuicSession take ownership of the stream. |
| 281 ActivateStream(stream); |
| 282 // Register the stream to the QuicWriteBlockedList. |priority| is clamped |
| 283 // between 0 and 7, with 0 being the highest priority and 7 the lowest |
| 284 // priority. |
| 285 write_blocked_streams()->RegisterStream(stream->id(), priority); |
| 286 } |
| 287 return stream; |
| 288 } |
| 289 |
| 290 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 2324833004:
Define Stable API for WebRTC/Quartc (Closed)
