| /* |
| * Copyright 2016 The WebRTC Project Authors. All rights reserved. |
| * |
| * Use of this source code is governed by a BSD-style license |
| * that can be found in the LICENSE file in the root of the source |
| * tree. An additional intellectual property rights grant can be found |
| * in the file PATENTS. All contributing project authors may |
| * be found in the AUTHORS file in the root of the source tree. |
| */ |
| |
| #ifndef WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |
| #define WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |
| |
| #include <string> |
| #include <vector> |
| |
| #include "net/quic/quic_packet_writer.h" |
| #include "webrtc/base/optional.h" |
| #include "webrtc/base/scoped_ptr.h" |
| #include "webrtc/p2p/base/transportchannelimpl.h" |
| #include "webrtc/p2p/quic/quicconnectionhelper.h" |
| #include "webrtc/p2p/quic/quicsession.h" |
| |
| namespace cricket { |
| |
| enum QuicTransportState { |
| // Haven't started QUIC handshake. |
| QUIC_TRANSPORT_NEW = 0, |
| // Started QUIC handshake. |
| QUIC_TRANSPORT_CONNECTING, |
| // Negotiated, and has an encrypted connection. |
| QUIC_TRANSPORT_CONNECTED, |
| // QUIC connection closed due to handshake failure or explicit shutdown. |
| QUIC_TRANSPORT_CLOSED, |
| }; |
| |
| // QuicTransportChannel uses the QUIC protocol to establish encryption with |
| // another peer, wrapping an existing TransportChannelImpl instance |
| // (e.g a P2PTransportChannel) responsible for connecting peers. |
| // Once the wrapped transport channel is connected, QuicTransportChannel |
| // negotiates the crypto handshake and establishes SRTP keying material. |
| // |
| // How it works: |
| // |
| // QuicTransportChannel { |
| // QuicSession* quic_; |
| // TransportChannelImpl* channel_; |
| // } |
| // |
| // - Data written to SendPacket() is passed directly to |channel_| if it is |
| // an SRTP packet with the PF_SRTP_BYPASS flag. |
| // |
| // - |quic_| passes outgoing packets to WritePacket(), which transfers them |
| // to |channel_| to be sent across the network. |
| // |
| // - Data which comes into QuicTransportChannel::OnReadPacket is checked to |
| // see if it is QUIC, and if it is, passed to |quic_|. SRTP packets are |
| // signaled upwards as bypass packets. |
| // |
| // - When the QUIC handshake is completed, quic_state() returns |
| // QUIC_TRANSPORT_CONNECTED and SRTP keying material can be exported. |
| // |
| // TODO(mikescarlett): Implement secure QUIC handshake, 0-RTT handshakes, and |
| // QUIC data streams. |
| class QuicTransportChannel : public TransportChannelImpl, |
| public net::QuicPacketWriter, |
| public net::QuicCryptoClientStream::ProofHandler { |
| public: |
| // |channel| - the TransportChannelImpl we are wrapping. |
| explicit QuicTransportChannel(TransportChannelImpl* channel); |
| ~QuicTransportChannel() override; |
| |
| // TransportChannel overrides. |
| // TODO(mikescarlett): Implement certificate authentication. |
| bool SetLocalCertificate( |
| const rtc::scoped_refptr<rtc::RTCCertificate>& certificate) override; |
| rtc::scoped_refptr<rtc::RTCCertificate> GetLocalCertificate() const override; |
| // TODO(mikescarlett): Implement fingerprint authentication. |
| bool SetRemoteFingerprint(const std::string& digest_alg, |
| const uint8_t* digest, |
| size_t digest_len) override; |
| // TODO(mikescarlett): Remove this DTLS-specific method when TransportChannel |
| // does not require defining it. |
| bool IsDtlsActive() const override { return true; } |
| // Sends a RTP packet if the PF_SRTP_BYPASS flag is set. |
| int SendPacket(const char* data, |
| size_t size, |
| const rtc::PacketOptions& options, |
| int flags) override; |
| // Sets up the ciphers to use for SRTP. |
| // TODO(mikescarlett): Use SRTP ciphers for negotiation. |
| bool SetSrtpCryptoSuites(const std::vector<int>& ciphers) override { |
| return true; |
| } |
| // Determines which SRTP cipher was negotiated. |
| // TODO(mikescarlett): Implement QUIC cipher negotiation. This currently |
| // returns SRTP_AES128_CM_SHA1_80. |
| bool GetSrtpCryptoSuite(int* cipher) override; |
| bool SetSslRole(rtc::SSLRole role) override; |
| bool GetSslRole(rtc::SSLRole* role) const override; |
| // Determines which SSL cipher was negotiated. |
| // TODO(mikescarlett): Implement QUIC cipher negotiation. |
| bool GetSslCipherSuite(int* cipher) override { return false; } |
| // Once QUIC is established (i.e., |quic_state_| is QUIC_TRANSPORT_CONNECTED), |
| // this extracts the keys negotiated during the QUIC handshake, for use |
| // in external encryption such as for extracting SRTP keys. |
| bool ExportKeyingMaterial(const std::string& label, |
| const uint8_t* context, |
| size_t context_len, |
| bool use_context, |
| uint8_t* result, |
| size_t result_len) override; |
| // TODO(mikescarlett): Remove this method once TransportChannel does not |
| // require defining it. |
| bool GetRemoteSSLCertificate(rtc::SSLCertificate** cert) const override { |
| return false; |
| } |
| |
| // TransportChannelImpl overrides that we forward to the wrapped transport. |
| void SetIceRole(IceRole role) override { channel_->SetIceRole(role); } |
| IceRole GetIceRole() const override { return channel_->GetIceRole(); } |
| int SetOption(rtc::Socket::Option opt, int value) override { |
| return channel_->SetOption(opt, value); |
| } |
| bool GetOption(rtc::Socket::Option opt, int* value) override { |
| return channel_->GetOption(opt, value); |
| } |
| int GetError() override { return channel_->GetError(); } |
| bool GetStats(ConnectionInfos* infos) override { |
| return channel_->GetStats(infos); |
| } |
| const std::string SessionId() const override { return channel_->SessionId(); } |
| TransportChannelState GetState() const override { |
| return channel_->GetState(); |
| } |
| void SetIceTiebreaker(uint64_t tiebreaker) override { |
| channel_->SetIceTiebreaker(tiebreaker); |
| } |
| void SetIceCredentials(const std::string& ice_ufrag, |
| const std::string& ice_pwd) override { |
| channel_->SetIceCredentials(ice_ufrag, ice_pwd); |
| } |
| void SetRemoteIceCredentials(const std::string& ice_ufrag, |
| const std::string& ice_pwd) override { |
| channel_->SetRemoteIceCredentials(ice_ufrag, ice_pwd); |
| } |
| void SetRemoteIceMode(IceMode mode) override { |
| channel_->SetRemoteIceMode(mode); |
| } |
| void MaybeStartGathering() override { channel_->MaybeStartGathering(); } |
| IceGatheringState gathering_state() const override { |
| return channel_->gathering_state(); |
| } |
| void AddRemoteCandidate(const Candidate& candidate) override { |
| channel_->AddRemoteCandidate(candidate); |
| } |
| void SetIceConfig(const IceConfig& config) override { |
| channel_->SetIceConfig(config); |
| } |
| void Connect() override { |
| channel_->Connect(); |
| } |
| |
| // QuicPacketWriter overrides. |
| // Called from net::QuicConnection when |quic_| has packets to write. |
| net::WriteResult WritePacket(const char* buffer, |
| size_t buf_len, |
| const net::IPAddressNumber& self_address, |
| const net::IPEndPoint& peer_address) override; |
| // Whether QuicTransportChannel buffers data when unable to write. If this is |
| // set to false, then net::QuicConnection buffers unsent packets. |
| bool IsWriteBlockedDataBuffered() const override { return false; } |
| // Whether QuicTransportChannel is write blocked. If this returns true, |
| // outgoing QUIC packets are queued by net::QuicConnection until |
| // QuicTransportChannel::OnCanWrite() is called. |
| bool IsWriteBlocked() const override; |
| // Maximum size of the QUIC packet which can be written. |
| net::QuicByteCount GetMaxPacketSize( |
| const net::IPEndPoint& peer_address) const override { |
| return net::kMaxPacketSize; |
| } |
| // This method is not used -- call set_writable(bool writable) instead. |
| // TODO(miekscarlett): Remove this method once QuicPacketWriter does not |
| // require defining it. |
| void SetWritable() override {} |
| |
| // QuicCryptoClientStream::ProofHandler overrides. |
| // Called by client crypto handshake when cached proof is marked valid. |
| void OnProofValid( |
| const net::QuicCryptoClientConfig::CachedState& cached) override; |
| // Called by the client crypto handshake when proof verification details |
| // become available, either because proof verification is complete, or when |
| // cached details are used. |
| void OnProofVerifyDetailsAvailable( |
| const net::ProofVerifyDetails& verify_details) override; |
| |
| // Returns true if |quic_| has queued data which wasn't written due |
| // to |channel_| being write blocked. |
| bool HasDataToWrite() const; |
| // Writes queued data for |quic_| when |channel_| is no longer write blocked. |
| void OnCanWrite(); |
| // Connectivity state of QuicTransportChannel. |
| QuicTransportState quic_state() const { return quic_state_; } |
| |
| private: |
| // Fingerprint of remote peer. |
| struct RemoteFingerprint { |
| std::string value; |
| std::string algorithm; |
| }; |
| |
| // Callbacks for |channel_|. |
| void OnReadableState(TransportChannel* channel); |
| void OnWritableState(TransportChannel* channel); |
| void OnReadPacket(TransportChannel* channel, |
| const char* data, |
| size_t size, |
| const rtc::PacketTime& packet_time, |
| int flags); |
| void OnSentPacket(TransportChannel* channel, |
| const rtc::SentPacket& sent_packet); |
| void OnReadyToSend(TransportChannel* channel); |
| void OnReceivingState(TransportChannel* channel); |
| void OnGatheringState(TransportChannelImpl* channel); |
| void OnCandidateGathered(TransportChannelImpl* channel, const Candidate& c); |
| void OnRoleConflict(TransportChannelImpl* channel); |
| void OnRouteChange(TransportChannel* channel, const Candidate& candidate); |
| void OnConnectionRemoved(TransportChannelImpl* channel); |
| |
| // Callbacks for |quic_|. |
| // Called when |quic_| has established the crypto handshake. |
| void OnHandshakeComplete(); |
| // Called when |quic_| has closed the connection. |
| void OnConnectionClosed(net::QuicErrorCode error, bool from_peer); |
| |
| // Called by OnReadPacket() when a QUIC packet is received. |
| bool HandleQuicPacket(const char* data, size_t size); |
| // Sets up the QUIC handshake. |
| bool MaybeStartQuic(); |
| // Creates the QUIC connection and |quic_|. |
| bool CreateQuicSession(); |
| // Creates the crypto stream and initializes the handshake. |
| bool StartQuicHandshake(); |
| // Sets the QuicTransportChannel connectivity state. |
| void set_quic_state(QuicTransportState state); |
| |
| // Everything should occur on this thread. |
| rtc::Thread* worker_thread_; |
| // Underlying channel which is responsible for connecting with the remote peer |
| // and sending/receiving packets across the network. |
| TransportChannelImpl* const channel_; |
| // Connectivity state of QuicTransportChannel. |
| QuicTransportState quic_state_ = QUIC_TRANSPORT_NEW; |
| // QUIC session which establishes the crypto handshake and converts data |
| // to/from QUIC packets. |
| rtc::scoped_ptr<QuicSession> quic_; |
| // Non-crypto config for |quic_|. |
| net::QuicConfig config_; |
| // Helper for net::QuicConnection that provides timing and |
| // random number generation. |
| QuicConnectionHelper helper_; |
| // This peer's role in the QUIC crypto handshake. SSL_CLIENT implies this peer |
| // initiates the handshake, while SSL_SERVER implies the remote peer initiates |
| // the handshake. This must be set before we start QUIC. |
| rtc::Optional<rtc::SSLRole> ssl_role_; |
| // Config for QUIC crypto client stream, used when |ssl_role_| is SSL_CLIENT. |
| rtc::scoped_ptr<net::QuicCryptoClientConfig> quic_crypto_client_config_; |
| // Config for QUIC crypto server stream, used when |ssl_role_| is SSL_SERVER. |
| rtc::scoped_ptr<net::QuicCryptoServerConfig> quic_crypto_server_config_; |
| // This peer's certificate. |
| rtc::scoped_refptr<rtc::RTCCertificate> local_certificate_; |
| // Fingerprint of the remote peer. This must be set before we start QUIC. |
| rtc::Optional<RemoteFingerprint> remote_fingerprint_; |
| |
| RTC_DISALLOW_COPY_AND_ASSIGN(QuicTransportChannel); |
| }; |
| |
| } // namespace cricket |
| |
| #endif // WEBRTC_P2P_QUIC_QUICTRANSPORTCHANNEL_H_ |