Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(225)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/crypto_utils.cc

Issue 1413613016: Factoring a QuicCryptoServerStreamBase API out of QuicCryptoServerStream (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@106845547
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_utils.h ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/crypto_utils.h" 5 #include "net/quic/crypto/crypto_utils.h"
6 6
7 #include "crypto/hkdf.h" 7 #include "crypto/hkdf.h"
8 #include "net/base/net_util.h" 8 #include "net/base/net_util.h"
9 #include "net/quic/crypto/crypto_handshake.h" 9 #include "net/quic/crypto/crypto_handshake.h"
10 #include "net/quic/crypto/crypto_protocol.h" 10 #include "net/quic/crypto/crypto_protocol.h"
(...skipping 183 matching lines...) Expand 10 before | Expand all | Expand 10 after
194 // reports that there was a version negotiation during the handshake. 194 // reports that there was a version negotiation during the handshake.
195 // Ensure that these two lists are identical. 195 // Ensure that these two lists are identical.
196 if (mismatch) { 196 if (mismatch) {
197 *error_details = "Downgrade attack detected"; 197 *error_details = "Downgrade attack detected";
198 return QUIC_VERSION_NEGOTIATION_MISMATCH; 198 return QUIC_VERSION_NEGOTIATION_MISMATCH;
199 } 199 }
200 } 200 }
201 return QUIC_NO_ERROR; 201 return QUIC_NO_ERROR;
202 } 202 }
203 203
204 QuicErrorCode CryptoUtils::ValidateClientHello(
205 const CryptoHandshakeMessage& client_hello,
206 QuicVersion version,
207 const QuicVersionVector& supported_versions,
208 string* error_details) {
209 if (client_hello.tag() != kCHLO) {
210 *error_details = "Bad tag";
211 return QUIC_INVALID_CRYPTO_MESSAGE_TYPE;
212 }
213
214 // If the client's preferred version is not the version we are currently
215 // speaking, then the client went through a version negotiation. In this
216 // case, we need to make sure that we actually do not support this version
217 // and that it wasn't a downgrade attack.
218 QuicTag client_version_tag;
219 if (client_hello.GetUint32(kVER, &client_version_tag) != QUIC_NO_ERROR) {
220 *error_details = "client hello missing version list";
221 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
222 }
223 QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);
224 if (client_version != version) {
225 // Just because client_version is a valid version enum doesn't mean that
226 // this server actually supports that version, so we check to see if
227 // it's actually in the supported versions list.
228 for (size_t i = 0; i < supported_versions.size(); ++i) {
229 if (client_version == supported_versions[i]) {
230 *error_details = "Downgrade attack detected";
231 return QUIC_VERSION_NEGOTIATION_MISMATCH;
232 }
233 }
234 }
235 return QUIC_NO_ERROR;
236 }
237
204 } // namespace net 238 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_utils.h ('k') | net/quic/crypto/quic_crypto_server_config.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698