xref: /aosp_15_r20/external/cronet/net/third_party/quiche/src/quiche/quic/core/quic_crypto_server_stream_base.h (revision 6777b5387eb2ff775bb5750e3f5d96f37fb7352b) 
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
4 
5 #ifndef QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_BASE_H_
6 #define QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_BASE_H_
7 
8 #include <cstdint>
9 #include <memory>
10 #include <string>
11 
12 #include "quiche/quic/core/crypto/crypto_handshake.h"
13 #include "quiche/quic/core/crypto/quic_compressed_certs_cache.h"
14 #include "quiche/quic/core/crypto/quic_crypto_server_config.h"
15 #include "quiche/quic/core/quic_config.h"
16 #include "quiche/quic/core/quic_crypto_handshaker.h"
17 #include "quiche/quic/core/quic_crypto_stream.h"
18 #include "quiche/quic/core/quic_session.h"
19 #include "quiche/quic/platform/api/quic_export.h"
20 
21 namespace quic {
22 
23 class CachedNetworkParameters;
24 class CryptoHandshakeMessage;
25 class QuicCryptoServerConfig;
26 class QuicCryptoServerStreamBase;
27 
28 // TODO(alyssar) see what can be moved out of QuicCryptoServerStream with
29 // various code and test refactoring.
30 class QUICHE_EXPORT QuicCryptoServerStreamBase : public QuicCryptoStream {
31  public:
32   explicit QuicCryptoServerStreamBase(QuicSession* session);
33 
34   class QUICHE_EXPORT Helper {
35    public:
~Helper()36     virtual ~Helper() {}
37 
38     // Returns true if |message|, which was received on |self_address| is
39     // acceptable according to the visitor's policy. Otherwise, returns false
40     // and populates |error_details|.
41     virtual bool CanAcceptClientHello(const CryptoHandshakeMessage& message,
42                                       const QuicSocketAddress& client_address,
43                                       const QuicSocketAddress& peer_address,
44                                       const QuicSocketAddress& self_address,
45                                       std::string* error_details) const = 0;
46   };
47 
~QuicCryptoServerStreamBase()48   ~QuicCryptoServerStreamBase() override {}
49 
50   // Cancel any outstanding callbacks, such as asynchronous validation of client
51   // hello.
52   virtual void CancelOutstandingCallbacks() = 0;
53 
54   // GetBase64SHA256ClientChannelID sets |*output| to the base64 encoded,
55   // SHA-256 hash of the client's ChannelID key and returns true, if the client
56   // presented a ChannelID. Otherwise it returns false.
57   virtual bool GetBase64SHA256ClientChannelID(std::string* output) const = 0;
58 
59   virtual int NumServerConfigUpdateMessagesSent() const = 0;
60 
61   // Sends the latest server config and source-address token to the client.
62   virtual void SendServerConfigUpdate(
63       const CachedNetworkParameters* cached_network_params) = 0;
64 
65   // Disables TLS resumption, should be called as early as possible.
66   // Return true if resumption is disabled.
67   // Return false if nothing happened, typically it means it is called too late.
68   virtual bool DisableResumption() = 0;
69 
70   // Returns true if the connection was a successful 0-RTT resumption.
71   virtual bool IsZeroRtt() const = 0;
72 
73   // Returns true if the connection was the result of a resumption handshake,
74   // whether 0-RTT or not.
75   virtual bool IsResumption() const = 0;
76 
77   // Returns true if the client attempted a resumption handshake, whether or not
78   // the resumption actually occurred.
79   virtual bool ResumptionAttempted() const = 0;
80 
81   // Returns true if the client attempted to use early data, as indicated by the
82   // "early_data" TLS extension. TLS only.
83   virtual bool EarlyDataAttempted() const = 0;
84 
85   // NOTE: Indicating that the Expect-CT header should be sent here presents
86   // a layering violation to some extent. The Expect-CT header only applies to
87   // HTTP connections, while this class can be used for non-HTTP applications.
88   // However, it is exposed here because that is the only place where the
89   // configuration for the certificate used in the connection is accessible.
90   virtual bool ShouldSendExpectCTHeader() const = 0;
91 
92   // Return true if a cert was picked that matched the SNI hostname.
93   virtual bool DidCertMatchSni() const = 0;
94 
95   // Returns the Details from the latest call to ProofSource::GetProof or
96   // ProofSource::ComputeTlsSignature. Returns nullptr if no such call has been
97   // made. The Details are owned by the QuicCryptoServerStreamBase and the
98   // pointer is only valid while the owning object is still valid.
99   virtual const ProofSource::Details* ProofSourceDetails() const = 0;
100 
ExportKeyingMaterial(absl::string_view,absl::string_view,size_t,std::string *)101   bool ExportKeyingMaterial(absl::string_view /*label*/,
102                             absl::string_view /*context*/,
103                             size_t /*result_len*/,
104                             std::string* /*result*/) override {
105     QUICHE_NOTREACHED();
106     return false;
107   }
108 };
109 
110 // Creates an appropriate QuicCryptoServerStream for the provided parameters,
111 // including the version used by |session|. |crypto_config|, |session|, and
112 // |helper| must all outlive the stream. The caller takes ownership of the
113 // returned object.
114 QUICHE_EXPORT std::unique_ptr<QuicCryptoServerStreamBase>
115 CreateCryptoServerStream(const QuicCryptoServerConfig* crypto_config,
116                          QuicCompressedCertsCache* compressed_certs_cache,
117                          QuicSession* session,
118                          QuicCryptoServerStreamBase::Helper* helper);
119 
120 }  // namespace quic
121 
122 #endif  // QUICHE_QUIC_CORE_QUIC_CRYPTO_SERVER_STREAM_BASE_H_
123