Land Recent QUIC changes.

net/quic/crypto/crypto_handshake.h

 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.
 
 #ifndef NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 #define NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_
 
 #include <map>
 #include <string>
 #include <vector>
 
 #include "base/memory/scoped_ptr.h"
 #include "base/strings/string_piece.h"
 #include "net/base/net_export.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/quic_protocol.h"
 
 namespace net {
 
+class ChannelIDSigner;
 class CommonCertSets;
 class KeyExchange;
 class ProofVerifier;
 class QuicDecrypter;
 class QuicEncrypter;
 class QuicRandom;
 
 // An intermediate format of a handshake message that's convenient for a
 // CryptoFramer to serialize from or parse into.
 class NET_EXPORT_PRIVATE CryptoHandshakeMessage {
  public:
   CryptoHandshakeMessage();
   CryptoHandshakeMessage(const CryptoHandshakeMessage& other);
   ~CryptoHandshakeMessage();
 
   CryptoHandshakeMessage& operator=(const CryptoHandshakeMessage& other);
 
   // Clears state.
   void Clear();
 
   // GetSerialized returns the serialized form of this message and caches the
   // result. Subsequently altering the message does not invalidate the cache.
   const QuicData& GetSerialized() const;
 
+  // MarkDirty invalidates the cache created by |GetSerialized|.
+  void MarkDirty();
+
   // SetValue sets an element with the given tag to the raw, memory contents of
   // |v|.
   template<class T> void SetValue(QuicTag tag, const T& v) {
     tag_value_map_[tag] =
         std::string(reinterpret_cast<const char*>(&v), sizeof(v));
   }
 
   // SetVector sets an element with the given tag to the raw contents of an
   // array of elements in |v|.
   template<class T> void SetVector(QuicTag tag, const std::vector<T>& v) {
@@ skipping 14 matching lines @@
 
   void Insert(QuicTagValueMap::const_iterator begin,
               QuicTagValueMap::const_iterator end);
 
   // SetTaglist sets an element with the given tag to contain a list of tags,
   // passed as varargs. The argument list must be terminated with a 0 element.
   void SetTaglist(QuicTag tag, ...);
 
   void SetStringPiece(QuicTag tag, base::StringPiece value);
 
+  // Erase removes a tag/value, if present, from the message.
+  void Erase(QuicTag tag);
+
   // GetTaglist finds an element with the given tag containing zero or more
   // tags. If such a tag doesn't exist, it returns false. Otherwise it sets
   // |out_tags| and |out_len| to point to the array of tags and returns true.
   // The array points into the CryptoHandshakeMessage and is valid only for as
   // long as the CryptoHandshakeMessage exists and is not modified.
   QuicErrorCode GetTaglist(QuicTag tag, const QuicTag** out_tags,
                            size_t* out_len) const;
 
   bool GetStringPiece(QuicTag tag, base::StringPiece* out) const;
 
   // GetNthValue24 interprets the value with the given tag to be a series of
   // 24-bit, length prefixed values and it returns the subvalue with the given
   // index.
   QuicErrorCode GetNthValue24(QuicTag tag,
                               unsigned index,
                               base::StringPiece* out) const;
-  bool GetString(QuicTag tag, std::string* out) const;
   QuicErrorCode GetUint16(QuicTag tag, uint16* out) const;
   QuicErrorCode GetUint32(QuicTag tag, uint32* out) const;
   QuicErrorCode GetUint64(QuicTag tag, uint64* out) const;
 
   // size returns 4 (message tag) + 2 (uint16, number of entries) +
   // (4 (tag) + 4 (end offset))*tag_value_map_.size() + ∑ value sizes.
   size_t size() const;
 
   // set_minimum_size sets the minimum number of bytes that the message should
   // consume. The CryptoFramer will add a PAD tag as needed when serializing in
@@ skipping 62 matching lines @@
   // client hello and server config. This is only populated in the client
   // because only the client needs to derive the forward secure keys at a later
   // time from the initial keys.
   std::string hkdf_input_suffix;
   // cached_certs contains the cached certificates that a client used when
   // sending a client hello.
   std::vector<std::string> cached_certs;
   // client_key_exchange is used by clients to store the ephemeral KeyExchange
   // for the connection.
   scoped_ptr<KeyExchange> client_key_exchange;
+  // channel_id is set by servers to a ChannelID key when the client correctly
+  // proves possession of the corresponding private key. It consists of 32
+  // bytes of x coordinate, followed by 32 bytes of y coordinate. Both values
+  // are big-endian and the pair is a P-256 public key.
+  std::string channel_id;
 };
 
 // QuicCryptoConfig contains common configuration between clients and servers.
 class NET_EXPORT_PRIVATE QuicCryptoConfig {
  public:
   enum {
     // CONFIG_VERSION is the one (and, for the moment, only) version number that
     // we implement.
     CONFIG_VERSION = 0,
   };
 
   // kInitialLabel is a constant that is used when deriving the initial
   // (non-forward secure) keys for the connection in order to tie the resulting
   // key to this protocol.
   static const char kInitialLabel[];
 
+  // kCETVLabel is a constant that is used when deriving the keys for the
+  // encrypted tag/value block in the client hello.
+  static const char kCETVLabel[];
+
   // kForwardSecureLabel is a constant that is used when deriving the forward
   // secure keys for the connection in order to tie the resulting key to this
   // protocol.
   static const char kForwardSecureLabel[];
 
   QuicCryptoConfig();
   ~QuicCryptoConfig();
 
   // Protocol version
   uint16 version;
   // Key exchange methods. The following two members' values correspond by
   // index.
   QuicTagVector kexs;
   // Authenticated encryption with associated data (AEAD) algorithms.
   QuicTagVector aead;
 
-  scoped_ptr<CommonCertSets> common_cert_sets;
+  const CommonCertSets* common_cert_sets;
 
  private:
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoConfig);
 };
 
 // QuicCryptoClientConfig contains crypto-related configuration settings for a
 // client. Note that this object isn't thread-safe. It's designed to be used on
 // a single thread at a time.
 class NET_EXPORT_PRIVATE QuicCryptoClientConfig : public QuicCryptoConfig {
  public:
   // A CachedState contains the information that the client needs in order to
   // perform a 0-RTT handshake with a server. This information can be reused
   // over several connections to the same server.
   class CachedState {
    public:
     CachedState();
     ~CachedState();
 
-    // is_complete returns true if this object contains enough information to
-    // perform a handshake with the server.
-    bool is_complete() const;
+    // IsComplete returns true if this object contains enough information to
+    // perform a handshake with the server. |now| is used to judge whether any
+    // cached server config has expired.
+    bool IsComplete(QuicWallTime now) const;
 
     // GetServerConfig returns the parsed contents of |server_config|, or NULL
     // if |server_config| is empty. The return value is owned by this object
     // and is destroyed when this object is.
     const CryptoHandshakeMessage* GetServerConfig() const;
 
-    // SetServerConfig checks that |scfg| parses correctly and stores it in
-    // |server_config|. It returns true if the parsing succeeds and false
-    // otherwise.
-    bool SetServerConfig(base::StringPiece scfg);
+    // SetServerConfig checks that |server_config| parses correctly and stores
+    // it in |server_config_|. |now| is used to judge whether |server_config|
+    // has expired.
+    QuicErrorCode SetServerConfig(base::StringPiece server_config,
+                                  QuicWallTime now,
+                                  std::string* error_details);
+
+    // InvalidateServerConfig clears the cached server config (if any).
+    void InvalidateServerConfig();
 
     // SetProof stores a certificate chain and signature.
     void SetProof(const std::vector<std::string>& certs,
                   base::StringPiece signature);
 
     // SetProofValid records that the certificate chain and signature have been
     // validated and that it's safe to assume that the server is legitimate.
     // (Note: this does not check the chain or signature.)
     void SetProofValid();
 
@@ skipping 35 matching lines @@
   // to store the cached certs that were sent as hints to the server in
   // |out_params->cached_certs|.
   void FillInchoateClientHello(const std::string& server_hostname,
                                const CachedState* cached,
                                QuicCryptoNegotiatedParameters* out_params,
                                CryptoHandshakeMessage* out) const;
 
   // FillClientHello sets |out| to be a CHLO message based on the configuration
   // of this object. This object must have cached enough information about
   // |server_hostname| in order to perform a handshake. This can be checked
-  // with the |is_complete| member of |CachedState|.
+  // with the |IsComplete| member of |CachedState|.
   //
   // |clock| and |rand| are used to generate the nonce and |out_params| is
   // filled with the results of the handshake that the server is expected to
   // accept.
   QuicErrorCode FillClientHello(const std::string& server_hostname,
                                 QuicGuid guid,
                                 const CachedState* cached,
                                 QuicWallTime now,
                                 QuicRandom* rand,
                                 QuicCryptoNegotiatedParameters* out_params,
                                 CryptoHandshakeMessage* out,
                                 std::string* error_details) const;
 
   // ProcessRejection processes a REJ message from a server and updates the
-  // cached information about that server. After this, |is_complete| may return
+  // cached information about that server. After this, |IsComplete| may return
   // true for that server's CachedState. If the rejection message contains
   // state about a future handshake (i.e. an nonce value from the server), then
-  // it will be saved in |out_params|.
+  // it will be saved in |out_params|. |now| is used to judge whether the
+  // server config in the rejection message has expired.
   QuicErrorCode ProcessRejection(CachedState* cached,
                                  const CryptoHandshakeMessage& rej,
+                                 QuicWallTime now,
                                  QuicCryptoNegotiatedParameters* out_params,
                                  std::string* error_details);
 
   // ProcessServerHello processes the message in |server_hello|, writes the
   // negotiated parameters to |out_params| and returns QUIC_NO_ERROR. If
   // |server_hello| is unacceptable then it puts an error message in
   // |error_details| and returns an error code.
   QuicErrorCode ProcessServerHello(const CryptoHandshakeMessage& server_hello,
                                    QuicGuid guid,
                                    QuicCryptoNegotiatedParameters* out_params,
                                    std::string* error_details);
 
   const ProofVerifier* proof_verifier() const;
 
   // SetProofVerifier takes ownership of a |ProofVerifier| that clients are
   // free to use in order to verify certificate chains from servers. If a
   // ProofVerifier is set then the client will request a certificate chain from
   // the server.
   void SetProofVerifier(ProofVerifier* verifier);
 
+  // SetChannelIDSigner sets a ChannelIDSigner that will be called when the
+  // server supports channel IDs to sign a message proving possession of the
+  // given ChannelID. This object takes ownership of |signer|.
+  void SetChannelIDSigner(ChannelIDSigner* signer);
+
  private:
   // cached_states_ maps from the server hostname to the cached information
   // about that server.
   std::map<std::string, CachedState*> cached_states_;
 
   scoped_ptr<ProofVerifier> proof_verifier_;
+  scoped_ptr<ChannelIDSigner> channel_id_signer_;
 
   DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig);
 };
 
 }  // namespace net
 
 #endif  // NET_QUIC_CRYPTO_CRYPTO_HANDSHAKE_H_