| OLD | NEW |
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_client_config.h" | 5 #include "net/quic/crypto/quic_crypto_client_config.h" |
| 6 | 6 |
| 7 #include "base/metrics/histogram.h" | 7 #include "base/metrics/histogram.h" |
| 8 #include "base/metrics/sparse_histogram.h" | 8 #include "base/metrics/sparse_histogram.h" |
| 9 #include "base/profiler/scoped_tracker.h" | 9 #include "base/profiler/scoped_tracker.h" |
| 10 #include "base/stl_util.h" | 10 #include "base/stl_util.h" |
| (...skipping 515 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 526 string signature; | 526 string signature; |
| 527 if (!channel_id_key->Sign(hkdf_input, &signature)) { | 527 if (!channel_id_key->Sign(hkdf_input, &signature)) { |
| 528 *error_details = "Channel ID signature failed"; | 528 *error_details = "Channel ID signature failed"; |
| 529 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; | 529 return QUIC_INVALID_CHANNEL_ID_SIGNATURE; |
| 530 } | 530 } |
| 531 | 531 |
| 532 cetv.SetStringPiece(kCIDK, key); | 532 cetv.SetStringPiece(kCIDK, key); |
| 533 cetv.SetStringPiece(kCIDS, signature); | 533 cetv.SetStringPiece(kCIDS, signature); |
| 534 | 534 |
| 535 CrypterPair crypters; | 535 CrypterPair crypters; |
| 536 if (!CryptoUtils::DeriveKeys(out_params->initial_premaster_secret, | 536 if (!CryptoUtils::DeriveKeys( |
| 537 out_params->aead, out_params->client_nonce, | 537 out_params->initial_premaster_secret, out_params->aead, |
| 538 out_params->server_nonce, hkdf_input, | 538 out_params->client_nonce, out_params->server_nonce, hkdf_input, |
| 539 CryptoUtils::CLIENT, &crypters, | 539 Perspective::IS_CLIENT, &crypters, nullptr /* subkey secret */)) { |
| 540 nullptr /* subkey secret */)) { | |
| 541 *error_details = "Symmetric key setup failed"; | 540 *error_details = "Symmetric key setup failed"; |
| 542 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 541 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 543 } | 542 } |
| 544 | 543 |
| 545 const QuicData& cetv_plaintext = cetv.GetSerialized(); | 544 const QuicData& cetv_plaintext = cetv.GetSerialized(); |
| 546 const size_t encrypted_len = | 545 const size_t encrypted_len = |
| 547 crypters.encrypter->GetCiphertextSize(cetv_plaintext.length()); | 546 crypters.encrypter->GetCiphertextSize(cetv_plaintext.length()); |
| 548 scoped_ptr<char[]> output(new char[encrypted_len]); | 547 scoped_ptr<char[]> output(new char[encrypted_len]); |
| 549 size_t output_size = 0; | 548 size_t output_size = 0; |
| 550 if (!crypters.encrypter->EncryptPacket( | 549 if (!crypters.encrypter->EncryptPacket( |
| (...skipping 22 matching lines...) Expand all Loading... |
| 573 client_hello_serialized.length()); | 572 client_hello_serialized.length()); |
| 574 out_params->hkdf_input_suffix.append(cached->server_config()); | 573 out_params->hkdf_input_suffix.append(cached->server_config()); |
| 575 | 574 |
| 576 string hkdf_input; | 575 string hkdf_input; |
| 577 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; | 576 const size_t label_len = strlen(QuicCryptoConfig::kInitialLabel) + 1; |
| 578 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); | 577 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); |
| 579 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); | 578 hkdf_input.append(QuicCryptoConfig::kInitialLabel, label_len); |
| 580 hkdf_input.append(out_params->hkdf_input_suffix); | 579 hkdf_input.append(out_params->hkdf_input_suffix); |
| 581 | 580 |
| 582 if (!CryptoUtils::DeriveKeys( | 581 if (!CryptoUtils::DeriveKeys( |
| 583 out_params->initial_premaster_secret, out_params->aead, | 582 out_params->initial_premaster_secret, out_params->aead, |
| 584 out_params->client_nonce, out_params->server_nonce, hkdf_input, | 583 out_params->client_nonce, out_params->server_nonce, hkdf_input, |
| 585 CryptoUtils::CLIENT, &out_params->initial_crypters, | 584 Perspective::IS_CLIENT, &out_params->initial_crypters, |
| 586 nullptr /* subkey secret */)) { | 585 nullptr /* subkey secret */)) { |
| 587 *error_details = "Symmetric key setup failed"; | 586 *error_details = "Symmetric key setup failed"; |
| 588 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 587 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 589 } | 588 } |
| 590 | 589 |
| 591 return QUIC_NO_ERROR; | 590 return QUIC_NO_ERROR; |
| 592 } | 591 } |
| 593 | 592 |
| 594 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( | 593 QuicErrorCode QuicCryptoClientConfig::CacheNewServerConfig( |
| 595 const CryptoHandshakeMessage& message, | 594 const CryptoHandshakeMessage& message, |
| 596 QuicWallTime now, | 595 QuicWallTime now, |
| (...skipping 168 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 765 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; | 764 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER; |
| 766 } | 765 } |
| 767 | 766 |
| 768 string hkdf_input; | 767 string hkdf_input; |
| 769 const size_t label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1; | 768 const size_t label_len = strlen(QuicCryptoConfig::kForwardSecureLabel) + 1; |
| 770 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); | 769 hkdf_input.reserve(label_len + out_params->hkdf_input_suffix.size()); |
| 771 hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, label_len); | 770 hkdf_input.append(QuicCryptoConfig::kForwardSecureLabel, label_len); |
| 772 hkdf_input.append(out_params->hkdf_input_suffix); | 771 hkdf_input.append(out_params->hkdf_input_suffix); |
| 773 | 772 |
| 774 if (!CryptoUtils::DeriveKeys( | 773 if (!CryptoUtils::DeriveKeys( |
| 775 out_params->forward_secure_premaster_secret, out_params->aead, | 774 out_params->forward_secure_premaster_secret, out_params->aead, |
| 776 out_params->client_nonce, out_params->server_nonce, hkdf_input, | 775 out_params->client_nonce, out_params->server_nonce, hkdf_input, |
| 777 CryptoUtils::CLIENT, &out_params->forward_secure_crypters, | 776 Perspective::IS_CLIENT, &out_params->forward_secure_crypters, |
| 778 &out_params->subkey_secret)) { | 777 &out_params->subkey_secret)) { |
| 779 *error_details = "Symmetric key setup failed"; | 778 *error_details = "Symmetric key setup failed"; |
| 780 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; | 779 return QUIC_CRYPTO_SYMMETRIC_KEY_SETUP_FAILED; |
| 781 } | 780 } |
| 782 | 781 |
| 783 return QUIC_NO_ERROR; | 782 return QUIC_NO_ERROR; |
| 784 } | 783 } |
| 785 | 784 |
| 786 QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate( | 785 QuicErrorCode QuicCryptoClientConfig::ProcessServerConfigUpdate( |
| 787 const CryptoHandshakeMessage& server_config_update, | 786 const CryptoHandshakeMessage& server_config_update, |
| 788 QuicWallTime now, | 787 QuicWallTime now, |
| (...skipping 92 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 881 } | 880 } |
| 882 | 881 |
| 883 // Update canonical version to point at the "most recent" entry. | 882 // Update canonical version to point at the "most recent" entry. |
| 884 canonical_server_map_[suffix_server_id] = server_id; | 883 canonical_server_map_[suffix_server_id] = server_id; |
| 885 | 884 |
| 886 server_state->InitializeFrom(*canonical_state); | 885 server_state->InitializeFrom(*canonical_state); |
| 887 return true; | 886 return true; |
| 888 } | 887 } |
| 889 | 888 |
| 890 } // namespace net | 889 } // namespace net |
| OLD | NEW |