Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(67)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1413613016: Factoring a QuicCryptoServerStreamBase API out of QuicCryptoServerStream (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@106845547
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_utils.cc ('k') | net/quic/quic_crypto_client_stream_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 #include <algorithm> 8 #include <algorithm>
9 9
10 #include "base/stl_util.h" 10 #include "base/stl_util.h"
(...skipping 529 matching lines...) Expand 10 before | Expand all | Expand 10 after
540 QuicCryptoNegotiatedParameters* params, 540 QuicCryptoNegotiatedParameters* params,
541 QuicCryptoProof* crypto_proof, 541 QuicCryptoProof* crypto_proof,
542 CryptoHandshakeMessage* out, 542 CryptoHandshakeMessage* out,
543 string* error_details) const { 543 string* error_details) const {
544 DCHECK(error_details); 544 DCHECK(error_details);
545 545
546 const CryptoHandshakeMessage& client_hello = 546 const CryptoHandshakeMessage& client_hello =
547 validate_chlo_result.client_hello; 547 validate_chlo_result.client_hello;
548 const ClientHelloInfo& info = validate_chlo_result.info; 548 const ClientHelloInfo& info = validate_chlo_result.info;
549 549
550 // If the client's preferred version is not the version we are currently 550 QuicErrorCode valid = CryptoUtils::ValidateClientHello(
551 // speaking, then the client went through a version negotiation. In this 551 client_hello, version, supported_versions, error_details);
552 // case, we need to make sure that we actually do not support this version 552 if (valid != QUIC_NO_ERROR)
553 // and that it wasn't a downgrade attack. 553 return valid;
554 QuicTag client_version_tag;
555 if (client_hello.GetUint32(kVER, &client_version_tag) != QUIC_NO_ERROR) {
556 *error_details = "client hello missing version list";
557 return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
558 }
559 QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);
560 if (client_version != version) {
561 // Just because client_version is a valid version enum doesn't mean that
562 // this server actually supports that version, so we check to see if
563 // it's actually in the supported versions list.
564 for (size_t i = 0; i < supported_versions.size(); ++i) {
565 if (client_version == supported_versions[i]) {
566 *error_details = "Downgrade attack detected";
567 return QUIC_VERSION_NEGOTIATION_MISMATCH;
568 }
569 }
570 }
571 554
572 StringPiece requested_scid; 555 StringPiece requested_scid;
573 client_hello.GetStringPiece(kSCID, &requested_scid); 556 client_hello.GetStringPiece(kSCID, &requested_scid);
574 const QuicWallTime now(clock->WallNow()); 557 const QuicWallTime now(clock->WallNow());
575 558
576 scoped_refptr<Config> requested_config; 559 scoped_refptr<Config> requested_config;
577 scoped_refptr<Config> primary_config; 560 scoped_refptr<Config> primary_config;
578 { 561 {
579 base::AutoLock locked(configs_lock_); 562 base::AutoLock locked(configs_lock_);
580 563
(...skipping 1160 matching lines...) Expand 10 before | Expand all | Expand 10 after
1741 QuicCryptoServerConfig::Config::Config() 1724 QuicCryptoServerConfig::Config::Config()
1742 : channel_id_enabled(false), 1725 : channel_id_enabled(false),
1743 is_primary(false), 1726 is_primary(false),
1744 primary_time(QuicWallTime::Zero()), 1727 primary_time(QuicWallTime::Zero()),
1745 priority(0), 1728 priority(0),
1746 source_address_token_boxer(nullptr) {} 1729 source_address_token_boxer(nullptr) {}
1747 1730
1748 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); } 1731 QuicCryptoServerConfig::Config::~Config() { STLDeleteElements(&key_exchanges); }
1749 1732
1750 } // namespace net 1733 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_utils.cc ('k') | net/quic/quic_crypto_client_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698