// Copyright (c) 2017 The Chromium Authors. All rights reserved. // Use of this source code is governed by a BSD-style license that can be // found in the LICENSE file. #include "quiche/quic/core/tls_server_handshaker.h" #include <cstddef> #include <cstdint> #include <cstring> #include <memory> #include <optional> #include <string> #include <utility> #include <vector> #include "absl/status/status.h" #include "absl/strings/str_cat.h" #include "absl/strings/string_view.h" #include "absl/types/span.h" #include "absl/types/variant.h" #include "openssl/base.h" #include "openssl/bytestring.h" #include "openssl/ssl.h" #include "openssl/tls1.h" #include "quiche/quic/core/crypto/crypto_handshake.h" #include "quiche/quic/core/crypto/crypto_message_parser.h" #include "quiche/quic/core/crypto/crypto_utils.h" #include "quiche/quic/core/crypto/proof_source.h" #include "quiche/quic/core/crypto/proof_verifier.h" #include "quiche/quic/core/crypto/quic_crypto_server_config.h" #include "quiche/quic/core/crypto/quic_decrypter.h" #include "quiche/quic/core/crypto/quic_encrypter.h" #include "quiche/quic/core/crypto/transport_parameters.h" #include "quiche/quic/core/http/http_encoder.h" #include "quiche/quic/core/http/http_frames.h" #include "quiche/quic/core/quic_config.h" #include "quiche/quic/core/quic_connection.h" #include "quiche/quic/core/quic_connection_context.h" #include "quiche/quic/core/quic_connection_id.h" #include "quiche/quic/core/quic_connection_stats.h" #include "quiche/quic/core/quic_crypto_server_stream_base.h" #include "quiche/quic/core/quic_error_codes.h" #include "quiche/quic/core/quic_session.h" #include "quiche/quic/core/quic_time.h" #include "quiche/quic/core/quic_time_accumulator.h" #include "quiche/quic/core/quic_types.h" #include "quiche/quic/core/quic_versions.h" #include "quiche/quic/core/tls_handshaker.h" #include "quiche/quic/platform/api/quic_bug_tracker.h" #include "quiche/quic/platform/api/quic_flag_utils.h" #include "quiche/quic/platform/api/quic_flags.h" #include "quiche/quic/platform/api/quic_hostname_utils.h" #include "quiche/quic/platform/api/quic_logging.h" #include "quiche/quic/platform/api/quic_server_stats.h" #include "quiche/quic/platform/api/quic_socket_address.h" #define RECORD_LATENCY_IN_US(stat_name, latency, comment) … namespace quic { namespace { // Default port for HTTP/3. uint16_t kDefaultPort = …; } // namespace TlsServerHandshaker::DefaultProofSourceHandle::DefaultProofSourceHandle( TlsServerHandshaker* handshaker, ProofSource* proof_source) : … { … } TlsServerHandshaker::DefaultProofSourceHandle::~DefaultProofSourceHandle() { … } void TlsServerHandshaker::DefaultProofSourceHandle::CloseHandle() { … } QuicAsyncStatus TlsServerHandshaker::DefaultProofSourceHandle::SelectCertificate( const QuicSocketAddress& server_address, const QuicSocketAddress& client_address, const QuicConnectionId& /*original_connection_id*/, absl::string_view /*ssl_capabilities*/, const std::string& hostname, absl::string_view /*client_hello*/, const std::string& /*alpn*/, std::optional<std::string> /*alps*/, const std::vector<uint8_t>& /*quic_transport_params*/, const std::optional<std::vector<uint8_t>>& /*early_data_context*/, const QuicSSLConfig& /*ssl_config*/) { … } QuicAsyncStatus TlsServerHandshaker::DefaultProofSourceHandle::ComputeSignature( const QuicSocketAddress& server_address, const QuicSocketAddress& client_address, const std::string& hostname, uint16_t signature_algorithm, absl::string_view in, size_t max_signature_size) { … } TlsServerHandshaker::DecryptCallback::DecryptCallback( TlsServerHandshaker* handshaker) : … { … } void TlsServerHandshaker::DecryptCallback::Run(std::vector<uint8_t> plaintext) { … } void TlsServerHandshaker::DecryptCallback::Cancel() { … } TlsServerHandshaker::TlsServerHandshaker( QuicSession* session, const QuicCryptoServerConfig* crypto_config) : … { … } TlsServerHandshaker::~TlsServerHandshaker() { … } void TlsServerHandshaker::CancelOutstandingCallbacks() { … } void TlsServerHandshaker::InfoCallback(int type, int value) { … } std::unique_ptr<ProofSourceHandle> TlsServerHandshaker::MaybeCreateProofSourceHandle() { … } bool TlsServerHandshaker::GetBase64SHA256ClientChannelID( std::string* /*output*/) const { … } void TlsServerHandshaker::SendServerConfigUpdate( const CachedNetworkParameters* /*cached_network_params*/) { … } bool TlsServerHandshaker::DisableResumption() { … } bool TlsServerHandshaker::IsZeroRtt() const { … } bool TlsServerHandshaker::IsResumption() const { … } bool TlsServerHandshaker::ResumptionAttempted() const { … } bool TlsServerHandshaker::EarlyDataAttempted() const { … } int TlsServerHandshaker::NumServerConfigUpdateMessagesSent() const { … } const CachedNetworkParameters* TlsServerHandshaker::PreviousCachedNetworkParams() const { … } void TlsServerHandshaker::SetPreviousCachedNetworkParams( CachedNetworkParameters cached_network_params) { … } void TlsServerHandshaker::OnPacketDecrypted(EncryptionLevel level) { … } void TlsServerHandshaker::OnHandshakeDoneReceived() { … } void TlsServerHandshaker::OnNewTokenReceived(absl::string_view /*token*/) { … } std::string TlsServerHandshaker::GetAddressToken( const CachedNetworkParameters* cached_network_params) const { … } bool TlsServerHandshaker::ValidateAddressToken(absl::string_view token) const { … } bool TlsServerHandshaker::ShouldSendExpectCTHeader() const { … } bool TlsServerHandshaker::DidCertMatchSni() const { … } const ProofSource::Details* TlsServerHandshaker::ProofSourceDetails() const { … } bool TlsServerHandshaker::ExportKeyingMaterial(absl::string_view label, absl::string_view context, size_t result_len, std::string* result) { … } void TlsServerHandshaker::OnConnectionClosed( const QuicConnectionCloseFrame& frame, ConnectionCloseSource source) { … } ssl_early_data_reason_t TlsServerHandshaker::EarlyDataReason() const { … } bool TlsServerHandshaker::encryption_established() const { … } bool TlsServerHandshaker::one_rtt_keys_available() const { … } const QuicCryptoNegotiatedParameters& TlsServerHandshaker::crypto_negotiated_params() const { … } CryptoMessageParser* TlsServerHandshaker::crypto_message_parser() { … } HandshakeState TlsServerHandshaker::GetHandshakeState() const { … } void TlsServerHandshaker::SetServerApplicationStateForResumption( std::unique_ptr<ApplicationState> state) { … } size_t TlsServerHandshaker::BufferSizeLimitForLevel( EncryptionLevel level) const { … } std::unique_ptr<QuicDecrypter> TlsServerHandshaker::AdvanceKeysAndCreateCurrentOneRttDecrypter() { … } std::unique_ptr<QuicEncrypter> TlsServerHandshaker::CreateCurrentOneRttEncrypter() { … } void TlsServerHandshaker::OverrideQuicConfigDefaults(QuicConfig* /*config*/) { … } void TlsServerHandshaker::AdvanceHandshakeFromCallback() { … } bool TlsServerHandshaker::ProcessTransportParameters( const SSL_CLIENT_HELLO* client_hello, std::string* error_details) { … } TlsServerHandshaker::SetTransportParametersResult TlsServerHandshaker::SetTransportParameters() { … } bool TlsServerHandshaker::TransportParametersMatch( absl::Span<const uint8_t> serialized_params) const { … } void TlsServerHandshaker::SetWriteSecret( EncryptionLevel level, const SSL_CIPHER* cipher, absl::Span<const uint8_t> write_secret) { … } std::string TlsServerHandshaker::GetAcceptChValueForHostname( const std::string& /*hostname*/) const { … } bool TlsServerHandshaker::UseAlpsNewCodepoint() const { … } void TlsServerHandshaker::FinishHandshake() { … } QuicAsyncStatus TlsServerHandshaker::VerifyCertChain( const std::vector<std::string>& /*certs*/, std::string* /*error_details*/, std::unique_ptr<ProofVerifyDetails>* /*details*/, uint8_t* /*out_alert*/, std::unique_ptr<ProofVerifierCallback> /*callback*/) { … } void TlsServerHandshaker::OnProofVerifyDetailsAvailable( const ProofVerifyDetails& /*verify_details*/) { … } ssl_private_key_result_t TlsServerHandshaker::PrivateKeySign( uint8_t* out, size_t* out_len, size_t max_out, uint16_t sig_alg, absl::string_view in) { … } ssl_private_key_result_t TlsServerHandshaker::PrivateKeyComplete( uint8_t* out, size_t* out_len, size_t max_out) { … } void TlsServerHandshaker::OnComputeSignatureDone( bool ok, bool is_sync, std::string signature, std::unique_ptr<ProofSource::Details> details) { … } bool TlsServerHandshaker::HasValidSignature(size_t max_signature_size) const { … } size_t TlsServerHandshaker::SessionTicketMaxOverhead() { … } int TlsServerHandshaker::SessionTicketSeal(uint8_t* out, size_t* out_len, size_t max_out_len, absl::string_view in) { … } ssl_ticket_aead_result_t TlsServerHandshaker::SessionTicketOpen( uint8_t* out, size_t* out_len, size_t max_out_len, absl::string_view in) { … } ssl_ticket_aead_result_t TlsServerHandshaker::FinalizeSessionTicketOpen( uint8_t* out, size_t* out_len, size_t max_out_len) { … } ssl_select_cert_result_t TlsServerHandshaker::EarlySelectCertCallback( const SSL_CLIENT_HELLO* client_hello) { … } void TlsServerHandshaker::OnSelectCertificateDone( bool ok, bool is_sync, SSLConfig ssl_config, absl::string_view ticket_encryption_key, bool cert_matched_sni) { … } bool TlsServerHandshaker::WillNotCallComputeSignature() const { … } bool TlsServerHandshaker::ValidateHostname(const std::string& hostname) const { … } int TlsServerHandshaker::TlsExtServernameCallback(int* /*out_alert*/) { … } int TlsServerHandshaker::SelectAlpn(const uint8_t** out, uint8_t* out_len, const uint8_t* in, unsigned in_len) { … } TlsServerHandshaker::SetApplicationSettingsResult TlsServerHandshaker::SetApplicationSettings(absl::string_view alpn) { … } SSL* TlsServerHandshaker::GetSsl() const { … } bool TlsServerHandshaker::IsCryptoFrameExpectedForEncryptionLevel( EncryptionLevel level) const { … } EncryptionLevel TlsServerHandshaker::GetEncryptionLevelToSendCryptoDataOfSpace( PacketNumberSpace space) const { … } } // namespace quic
Codebase Browser
chromium