mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 1 | /* |
| 2 | * Copyright 2016 The WebRTC Project Authors. All rights reserved. |
| 3 | * |
| 4 | * Use of this source code is governed by a BSD-style license |
| 5 | * that can be found in the LICENSE file in the root of the source |
| 6 | * tree. An additional intellectual property rights grant can be found |
| 7 | * in the file PATENTS. All contributing project authors may |
| 8 | * be found in the AUTHORS file in the root of the source tree. |
| 9 | */ |
| 10 | |
| 11 | #ifndef WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |
| 12 | #define WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |
| 13 | |
kwiberg | 3ec4679 | 2016-04-27 07:22:53 -0700 | [diff] [blame] | 14 | #include <memory> |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 15 | #include <string> |
| 16 | #include <vector> |
| 17 | |
mikescarlett | f537768 | 2016-03-29 12:14:55 -0700 | [diff] [blame] | 18 | #include "net/quic/quic_crypto_client_stream.h" |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 19 | #include "net/quic/quic_packet_writer.h" |
kwiberg | 84f6a3f | 2017-09-05 08:43:13 -0700 | [diff] [blame] | 20 | #include "webrtc/api/optional.h" |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 21 | #include "webrtc/p2p/base/transportchannelimpl.h" |
| 22 | #include "webrtc/p2p/quic/quicconnectionhelper.h" |
| 23 | #include "webrtc/p2p/quic/quicsession.h" |
Edward Lemur | c20978e | 2017-07-06 19:44:34 +0200 | [diff] [blame] | 24 | #include "webrtc/rtc_base/constructormagic.h" |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 25 | |
| 26 | namespace cricket { |
| 27 | |
| 28 | enum QuicTransportState { |
| 29 | // Haven't started QUIC handshake. |
| 30 | QUIC_TRANSPORT_NEW = 0, |
| 31 | // Started QUIC handshake. |
| 32 | QUIC_TRANSPORT_CONNECTING, |
| 33 | // Negotiated, and has an encrypted connection. |
| 34 | QUIC_TRANSPORT_CONNECTED, |
| 35 | // QUIC connection closed due to handshake failure or explicit shutdown. |
| 36 | QUIC_TRANSPORT_CLOSED, |
| 37 | }; |
| 38 | |
| 39 | // QuicTransportChannel uses the QUIC protocol to establish encryption with |
| 40 | // another peer, wrapping an existing TransportChannelImpl instance |
| 41 | // (e.g a P2PTransportChannel) responsible for connecting peers. |
| 42 | // Once the wrapped transport channel is connected, QuicTransportChannel |
| 43 | // negotiates the crypto handshake and establishes SRTP keying material. |
| 44 | // |
| 45 | // How it works: |
| 46 | // |
| 47 | // QuicTransportChannel { |
| 48 | // QuicSession* quic_; |
| 49 | // TransportChannelImpl* channel_; |
| 50 | // } |
| 51 | // |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 52 | // - Data written to SendPacket() is passed directly to |channel_| if it is |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 53 | // an SRTP packet with the PF_SRTP_BYPASS flag. |
| 54 | // |
| 55 | // - |quic_| passes outgoing packets to WritePacket(), which transfers them |
| 56 | // to |channel_| to be sent across the network. |
| 57 | // |
| 58 | // - Data which comes into QuicTransportChannel::OnReadPacket is checked to |
| 59 | // see if it is QUIC, and if it is, passed to |quic_|. SRTP packets are |
| 60 | // signaled upwards as bypass packets. |
| 61 | // |
| 62 | // - When the QUIC handshake is completed, quic_state() returns |
| 63 | // QUIC_TRANSPORT_CONNECTED and SRTP keying material can be exported. |
| 64 | // |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 65 | // - CreateQuicStream() creates an outgoing QUIC stream. Once the local peer |
| 66 | // sends data from this stream, the remote peer emits SignalIncomingStream |
| 67 | // with a QUIC stream of the same id to handle received data. |
| 68 | // |
| 69 | // TODO(mikescarlett): Implement secure QUIC handshake and 0-RTT handshakes. |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 70 | class QuicTransportChannel : public TransportChannelImpl, |
| 71 | public net::QuicPacketWriter, |
| 72 | public net::QuicCryptoClientStream::ProofHandler { |
| 73 | public: |
| 74 | // |channel| - the TransportChannelImpl we are wrapping. |
| 75 | explicit QuicTransportChannel(TransportChannelImpl* channel); |
| 76 | ~QuicTransportChannel() override; |
| 77 | |
| 78 | // TransportChannel overrides. |
| 79 | // TODO(mikescarlett): Implement certificate authentication. |
| 80 | bool SetLocalCertificate( |
| 81 | const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override; |
| 82 | rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override; |
| 83 | // TODO(mikescarlett): Implement fingerprint authentication. |
| 84 | bool SetRemoteFingerprint(const std::string& digest_alg, |
| 85 | const uint8_t* digest, |
| 86 | size_t digest_len) override; |
| 87 | // TODO(mikescarlett): Remove this DTLS-specific method when TransportChannel |
| 88 | // does not require defining it. |
| 89 | bool IsDtlsActive() const override { return true; } |
| 90 | // Sends a RTP packet if the PF_SRTP_BYPASS flag is set. |
| 91 | int SendPacket(const char* data, |
| 92 | size_t size, |
| 93 | const rtc::PacketOptions& options, |
| 94 | int flags) override; |
| 95 | // Sets up the ciphers to use for SRTP. |
| 96 | // TODO(mikescarlett): Use SRTP ciphers for negotiation. |
| 97 | bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override { |
| 98 | return true; |
| 99 | } |
| 100 | // Determines which SRTP cipher was negotiated. |
| 101 | // TODO(mikescarlett): Implement QUIC cipher negotiation. This currently |
| 102 | // returns SRTP_AES128_CM_SHA1_80. |
| 103 | bool GetSrtpCryptoSuite(int* cipher) override; |
| 104 | bool SetSslRole(rtc::SSLRole role) override; |
| 105 | bool GetSslRole(rtc::SSLRole* role) const override; |
| 106 | // Determines which SSL cipher was negotiated. |
| 107 | // TODO(mikescarlett): Implement QUIC cipher negotiation. |
| 108 | bool GetSslCipherSuite(int* cipher) override { return false; } |
| 109 | // Once QUIC is established (i.e., |quic_state_| is QUIC_TRANSPORT_CONNECTED), |
| 110 | // this extracts the keys negotiated during the QUIC handshake, for use |
| 111 | // in external encryption such as for extracting SRTP keys. |
| 112 | bool ExportKeyingMaterial(const std::string& label, |
| 113 | const uint8_t* context, |
| 114 | size_t context_len, |
| 115 | bool use_context, |
| 116 | uint8_t* result, |
| 117 | size_t result_len) override; |
| 118 | // TODO(mikescarlett): Remove this method once TransportChannel does not |
| 119 | // require defining it. |
kwiberg | 3ec4679 | 2016-04-27 07:22:53 -0700 | [diff] [blame] | 120 | std::unique_ptr<rtc::SSLCertificate> GetRemoteSSLCertificate() |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 121 | const override { |
| 122 | return nullptr; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 123 | } |
| 124 | |
| 125 | // TransportChannelImpl overrides that we forward to the wrapped transport. |
| 126 | void SetIceRole(IceRole role) override { channel_->SetIceRole(role); } |
| 127 | IceRole GetIceRole() const override { return channel_->GetIceRole(); } |
| 128 | int SetOption(rtc::Socket::Option opt, int value) override { |
| 129 | return channel_->SetOption(opt, value); |
| 130 | } |
| 131 | bool GetOption(rtc::Socket::Option opt, int* value) override { |
| 132 | return channel_->GetOption(opt, value); |
| 133 | } |
| 134 | int GetError() override { return channel_->GetError(); } |
| 135 | bool GetStats(ConnectionInfos* infos) override { |
| 136 | return channel_->GetStats(infos); |
| 137 | } |
| 138 | const std::string SessionId() const override { return channel_->SessionId(); } |
| 139 | TransportChannelState GetState() const override { |
| 140 | return channel_->GetState(); |
| 141 | } |
| 142 | void SetIceTiebreaker(uint64_t tiebreaker) override { |
| 143 | channel_->SetIceTiebreaker(tiebreaker); |
| 144 | } |
Honghai Zhang | 4cedf2b | 2016-08-31 08:18:11 -0700 | [diff] [blame] | 145 | void SetIceParameters(const IceParameters& ice_params) override { |
| 146 | channel_->SetIceParameters(ice_params); |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 147 | } |
Honghai Zhang | 4cedf2b | 2016-08-31 08:18:11 -0700 | [diff] [blame] | 148 | void SetRemoteIceParameters(const IceParameters& ice_params) override { |
| 149 | channel_->SetRemoteIceParameters(ice_params); |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 150 | } |
| 151 | void SetRemoteIceMode(IceMode mode) override { |
| 152 | channel_->SetRemoteIceMode(mode); |
| 153 | } |
| 154 | void MaybeStartGathering() override { channel_->MaybeStartGathering(); } |
| 155 | IceGatheringState gathering_state() const override { |
| 156 | return channel_->gathering_state(); |
| 157 | } |
| 158 | void AddRemoteCandidate(const Candidate& candidate) override { |
| 159 | channel_->AddRemoteCandidate(candidate); |
| 160 | } |
mikescarlett | f537768 | 2016-03-29 12:14:55 -0700 | [diff] [blame] | 161 | void RemoveRemoteCandidate(const Candidate& candidate) override { |
| 162 | channel_->RemoveRemoteCandidate(candidate); |
| 163 | } |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 164 | void SetIceConfig(const IceConfig& config) override { |
| 165 | channel_->SetIceConfig(config); |
| 166 | } |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 167 | |
| 168 | // QuicPacketWriter overrides. |
| 169 | // Called from net::QuicConnection when |quic_| has packets to write. |
| 170 | net::WriteResult WritePacket(const char* buffer, |
| 171 | size_t buf_len, |
mikescarlett | f537768 | 2016-03-29 12:14:55 -0700 | [diff] [blame] | 172 | const net::IPAddress& self_address, |
| 173 | const net::IPEndPoint& peer_address, |
| 174 | net::PerPacketOptions* options) override; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 175 | // Whether QuicTransportChannel buffers data when unable to write. If this is |
| 176 | // set to false, then net::QuicConnection buffers unsent packets. |
| 177 | bool IsWriteBlockedDataBuffered() const override { return false; } |
| 178 | // Whether QuicTransportChannel is write blocked. If this returns true, |
| 179 | // outgoing QUIC packets are queued by net::QuicConnection until |
| 180 | // QuicTransportChannel::OnCanWrite() is called. |
| 181 | bool IsWriteBlocked() const override; |
| 182 | // Maximum size of the QUIC packet which can be written. |
| 183 | net::QuicByteCount GetMaxPacketSize( |
| 184 | const net::IPEndPoint& peer_address) const override { |
| 185 | return net::kMaxPacketSize; |
| 186 | } |
| 187 | // This method is not used -- call set_writable(bool writable) instead. |
| 188 | // TODO(miekscarlett): Remove this method once QuicPacketWriter does not |
| 189 | // require defining it. |
| 190 | void SetWritable() override {} |
| 191 | |
| 192 | // QuicCryptoClientStream::ProofHandler overrides. |
| 193 | // Called by client crypto handshake when cached proof is marked valid. |
| 194 | void OnProofValid( |
| 195 | const net::QuicCryptoClientConfig::CachedState& cached) override; |
| 196 | // Called by the client crypto handshake when proof verification details |
| 197 | // become available, either because proof verification is complete, or when |
| 198 | // cached details are used. |
| 199 | void OnProofVerifyDetailsAvailable( |
| 200 | const net::ProofVerifyDetails& verify_details) override; |
| 201 | |
Honghai Zhang | d93f50c | 2016-10-05 11:47:22 -0700 | [diff] [blame] | 202 | void SetMetricsObserver(webrtc::MetricsObserverInterface* observer) override { |
| 203 | channel_->SetMetricsObserver(observer); |
| 204 | } |
| 205 | |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 206 | // Returns true if |quic_| has queued data which wasn't written due |
| 207 | // to |channel_| being write blocked. |
| 208 | bool HasDataToWrite() const; |
| 209 | // Writes queued data for |quic_| when |channel_| is no longer write blocked. |
| 210 | void OnCanWrite(); |
| 211 | // Connectivity state of QuicTransportChannel. |
| 212 | QuicTransportState quic_state() const { return quic_state_; } |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 213 | // Creates a new QUIC stream that can send data. |
| 214 | ReliableQuicStream* CreateQuicStream(); |
| 215 | |
zhihuang | 9763d56 | 2016-08-05 11:14:50 -0700 | [diff] [blame] | 216 | TransportChannelImpl* ice_transport_channel() { return channel_.get(); } |
| 217 | |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 218 | // Emitted when |quic_| creates a QUIC stream to receive data from the remote |
| 219 | // peer, when the stream did not exist previously. |
| 220 | sigslot::signal1<ReliableQuicStream*> SignalIncomingStream; |
| 221 | // Emitted when the QuicTransportChannel state becomes QUIC_TRANSPORT_CLOSED. |
| 222 | sigslot::signal0<> SignalClosed; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 223 | |
| 224 | private: |
| 225 | // Fingerprint of remote peer. |
| 226 | struct RemoteFingerprint { |
| 227 | std::string value; |
| 228 | std::string algorithm; |
| 229 | }; |
| 230 | |
| 231 | // Callbacks for |channel_|. |
| 232 | void OnReadableState(TransportChannel* channel); |
| 233 | void OnWritableState(TransportChannel* channel); |
| 234 | void OnReadPacket(TransportChannel* channel, |
| 235 | const char* data, |
| 236 | size_t size, |
| 237 | const rtc::PacketTime& packet_time, |
| 238 | int flags); |
| 239 | void OnSentPacket(TransportChannel* channel, |
| 240 | const rtc::SentPacket& sent_packet); |
| 241 | void OnReadyToSend(TransportChannel* channel); |
| 242 | void OnReceivingState(TransportChannel* channel); |
| 243 | void OnGatheringState(TransportChannelImpl* channel); |
| 244 | void OnCandidateGathered(TransportChannelImpl* channel, const Candidate& c); |
| 245 | void OnRoleConflict(TransportChannelImpl* channel); |
| 246 | void OnRouteChange(TransportChannel* channel, const Candidate& candidate); |
Honghai Zhang | cc411c0 | 2016-03-29 17:27:21 -0700 | [diff] [blame] | 247 | void OnSelectedCandidatePairChanged( |
| 248 | TransportChannel* channel, |
Honghai Zhang | 52dce73 | 2016-03-31 12:37:31 -0700 | [diff] [blame] | 249 | CandidatePairInterface* selected_candidate_pair, |
Taylor Brandstetter | 6bb1ef2 | 2016-06-27 18:09:03 -0700 | [diff] [blame] | 250 | int last_sent_packet_id, |
| 251 | bool ready_to_send); |
Honghai Zhang | 1590c39 | 2016-05-24 13:15:02 -0700 | [diff] [blame] | 252 | void OnChannelStateChanged(TransportChannelImpl* channel); |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 253 | |
| 254 | // Callbacks for |quic_|. |
| 255 | // Called when |quic_| has established the crypto handshake. |
| 256 | void OnHandshakeComplete(); |
| 257 | // Called when |quic_| has closed the connection. |
| 258 | void OnConnectionClosed(net::QuicErrorCode error, bool from_peer); |
mikescarlett | 18b67a5 | 2016-04-11 16:56:23 -0700 | [diff] [blame] | 259 | // Called when |quic_| has created a new QUIC stream for incoming data. |
| 260 | void OnIncomingStream(ReliableQuicStream* stream); |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 261 | |
| 262 | // Called by OnReadPacket() when a QUIC packet is received. |
| 263 | bool HandleQuicPacket(const char* data, size_t size); |
| 264 | // Sets up the QUIC handshake. |
| 265 | bool MaybeStartQuic(); |
| 266 | // Creates the QUIC connection and |quic_|. |
| 267 | bool CreateQuicSession(); |
| 268 | // Creates the crypto stream and initializes the handshake. |
| 269 | bool StartQuicHandshake(); |
| 270 | // Sets the QuicTransportChannel connectivity state. |
| 271 | void set_quic_state(QuicTransportState state); |
| 272 | |
| 273 | // Everything should occur on this thread. |
johan | 27c3d5b | 2016-10-17 00:54:57 -0700 | [diff] [blame] | 274 | rtc::Thread* network_thread_; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 275 | // Underlying channel which is responsible for connecting with the remote peer |
| 276 | // and sending/receiving packets across the network. |
mikescarlett | e774867 | 2016-04-29 20:20:54 -0700 | [diff] [blame] | 277 | std::unique_ptr<TransportChannelImpl> channel_; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 278 | // Connectivity state of QuicTransportChannel. |
| 279 | QuicTransportState quic_state_ = QUIC_TRANSPORT_NEW; |
| 280 | // QUIC session which establishes the crypto handshake and converts data |
| 281 | // to/from QUIC packets. |
kwiberg | 3ec4679 | 2016-04-27 07:22:53 -0700 | [diff] [blame] | 282 | std::unique_ptr<QuicSession> quic_; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 283 | // Non-crypto config for |quic_|. |
| 284 | net::QuicConfig config_; |
| 285 | // Helper for net::QuicConnection that provides timing and |
| 286 | // random number generation. |
| 287 | QuicConnectionHelper helper_; |
| 288 | // This peer's role in the QUIC crypto handshake. SSL_CLIENT implies this peer |
| 289 | // initiates the handshake, while SSL_SERVER implies the remote peer initiates |
| 290 | // the handshake. This must be set before we start QUIC. |
| 291 | rtc::Optional<rtc::SSLRole> ssl_role_; |
| 292 | // Config for QUIC crypto client stream, used when |ssl_role_| is SSL_CLIENT. |
kwiberg | 3ec4679 | 2016-04-27 07:22:53 -0700 | [diff] [blame] | 293 | std::unique_ptr<net::QuicCryptoClientConfig> quic_crypto_client_config_; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 294 | // Config for QUIC crypto server stream, used when |ssl_role_| is SSL_SERVER. |
kwiberg | 3ec4679 | 2016-04-27 07:22:53 -0700 | [diff] [blame] | 295 | std::unique_ptr<net::QuicCryptoServerConfig> quic_crypto_server_config_; |
mikescarlett | 8d37d29 | 2016-04-29 15:35:00 -0700 | [diff] [blame] | 296 | // Used by QUIC crypto server stream to track most recently compressed certs. |
| 297 | std::unique_ptr<net::QuicCompressedCertsCache> quic_compressed_certs_cache_; |
mikescarlett | 6459f84 | 2016-03-04 09:55:02 -0800 | [diff] [blame] | 298 | // This peer's certificate. |
| 299 | rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_; |
| 300 | // Fingerprint of the remote peer. This must be set before we start QUIC. |
| 301 | rtc::Optional<RemoteFingerprint> remote_fingerprint_; |
| 302 | |
| 303 | RTC_DISALLOW_COPY_AND_ASSIGN(QuicTransportChannel); |
| 304 | }; |
| 305 | |
| 306 | } // namespace cricket |
| 307 | |
| 308 | #endif // WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |