| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
| 6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
| 7 | 7 |
| 8 #include <map> | 8 #include <map> |
| 9 #include <string> | 9 #include <string> |
| 10 #include <vector> | 10 #include <vector> |
| (...skipping 253 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 264 CryptoHandshakeMessage* out, | 264 CryptoHandshakeMessage* out, |
| 265 std::string* error_details) const; | 265 std::string* error_details) const; |
| 266 | 266 |
| 267 // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing | 267 // BuildServerConfigUpdateMessage sets |out| to be a SCUP message containing |
| 268 // the current primary config, an up to date source-address token, and cert | 268 // the current primary config, an up to date source-address token, and cert |
| 269 // chain and proof in the case of secure QUIC. Returns true if successfully | 269 // chain and proof in the case of secure QUIC. Returns true if successfully |
| 270 // filled |out|. | 270 // filled |out|. |
| 271 // | 271 // |
| 272 // |cached_network_params| is optional, and can be nullptr. | 272 // |cached_network_params| is optional, and can be nullptr. |
| 273 bool BuildServerConfigUpdateMessage( | 273 bool BuildServerConfigUpdateMessage( |
| 274 QuicVersion version, |
| 274 const SourceAddressTokens& previous_source_address_tokens, | 275 const SourceAddressTokens& previous_source_address_tokens, |
| 275 const IPAddressNumber& server_ip, | 276 const IPAddressNumber& server_ip, |
| 276 const IPAddressNumber& client_ip, | 277 const IPAddressNumber& client_ip, |
| 277 const QuicClock* clock, | 278 const QuicClock* clock, |
| 278 QuicRandom* rand, | 279 QuicRandom* rand, |
| 279 const QuicCryptoNegotiatedParameters& params, | 280 const QuicCryptoNegotiatedParameters& params, |
| 280 const CachedNetworkParameters* cached_network_params, | 281 const CachedNetworkParameters* cached_network_params, |
| 281 CryptoHandshakeMessage* out) const; | 282 CryptoHandshakeMessage* out) const; |
| 282 | 283 |
| 283 // SetEphemeralKeySource installs an object that can cache ephemeral keys for | 284 // SetEphemeralKeySource installs an object that can cache ephemeral keys for |
| (...skipping 47 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 331 // the client and back. | 332 // the client and back. |
| 332 void set_server_nonce_strike_register_max_entries(uint32 max_entries); | 333 void set_server_nonce_strike_register_max_entries(uint32 max_entries); |
| 333 | 334 |
| 334 // set_server_nonce_strike_register_window_secs sets the number of seconds | 335 // set_server_nonce_strike_register_window_secs sets the number of seconds |
| 335 // around the current time that the server-nonce strike-register will accept | 336 // around the current time that the server-nonce strike-register will accept |
| 336 // nonces from. Setting a larger value allows for clients to delay follow-up | 337 // nonces from. Setting a larger value allows for clients to delay follow-up |
| 337 // client hellos for longer and still use server nonces as proofs of | 338 // client hellos for longer and still use server nonces as proofs of |
| 338 // uniqueness. | 339 // uniqueness. |
| 339 void set_server_nonce_strike_register_window_secs(uint32 window_secs); | 340 void set_server_nonce_strike_register_window_secs(uint32 window_secs); |
| 340 | 341 |
| 342 // set_enable_serving_sct enables or disables serving signed cert timestamp |
| 343 // (RFC6962) in server hello. |
| 344 void set_enable_serving_sct(bool enable_serving_sct); |
| 345 |
| 341 // Set and take ownership of the callback to invoke on primary config changes. | 346 // Set and take ownership of the callback to invoke on primary config changes. |
| 342 void AcquirePrimaryConfigChangedCb(PrimaryConfigChangedCallback* cb); | 347 void AcquirePrimaryConfigChangedCb(PrimaryConfigChangedCallback* cb); |
| 343 | 348 |
| 344 // Returns the number of configs this object owns. | 349 // Returns the number of configs this object owns. |
| 345 int NumberOfConfigs() const; | 350 int NumberOfConfigs() const; |
| 346 | 351 |
| 347 private: | 352 private: |
| 348 friend class test::QuicCryptoServerConfigPeer; | 353 friend class test::QuicCryptoServerConfigPeer; |
| 349 | 354 |
| 350 // Config represents a server config: a collection of preferences and | 355 // Config represents a server config: a collection of preferences and |
| (...skipping 80 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 431 void EvaluateClientHello( | 436 void EvaluateClientHello( |
| 432 const IPAddressNumber& server_ip, | 437 const IPAddressNumber& server_ip, |
| 433 QuicVersion version, | 438 QuicVersion version, |
| 434 const uint8* primary_orbit, | 439 const uint8* primary_orbit, |
| 435 scoped_refptr<Config> requested_config, | 440 scoped_refptr<Config> requested_config, |
| 436 QuicCryptoProof* crypto_proof, | 441 QuicCryptoProof* crypto_proof, |
| 437 ValidateClientHelloResultCallback::Result* client_hello_state, | 442 ValidateClientHelloResultCallback::Result* client_hello_state, |
| 438 ValidateClientHelloResultCallback* done_cb) const; | 443 ValidateClientHelloResultCallback* done_cb) const; |
| 439 | 444 |
| 440 // BuildRejection sets |out| to be a REJ message in reply to |client_hello|. | 445 // BuildRejection sets |out| to be a REJ message in reply to |client_hello|. |
| 441 void BuildRejection(const Config& config, | 446 void BuildRejection(QuicVersion version, const Config& config, |
| 442 const CryptoHandshakeMessage& client_hello, | 447 const CryptoHandshakeMessage& client_hello, |
| 443 const ClientHelloInfo& info, | 448 const ClientHelloInfo& info, |
| 444 const CachedNetworkParameters& cached_network_params, | 449 const CachedNetworkParameters& cached_network_params, |
| 445 bool use_stateless_rejects, | 450 bool use_stateless_rejects, |
| 446 QuicConnectionId server_designated_connection_id, | 451 QuicConnectionId server_designated_connection_id, |
| 447 QuicRandom* rand, | 452 QuicRandom* rand, QuicCryptoNegotiatedParameters* params, |
| 448 QuicCryptoNegotiatedParameters* params, | |
| 449 const QuicCryptoProof& crypto_proof, | 453 const QuicCryptoProof& crypto_proof, |
| 450 CryptoHandshakeMessage* out) const; | 454 CryptoHandshakeMessage* out) const; |
| 451 | 455 |
| 452 // ParseConfigProtobuf parses the given config protobuf and returns a | 456 // ParseConfigProtobuf parses the given config protobuf and returns a |
| 453 // scoped_refptr<Config> if successful. The caller adopts the reference to the | 457 // scoped_refptr<Config> if successful. The caller adopts the reference to the |
| 454 // Config. On error, ParseConfigProtobuf returns nullptr. | 458 // Config. On error, ParseConfigProtobuf returns nullptr. |
| 455 scoped_refptr<Config> ParseConfigProtobuf(QuicServerConfigProtobuf* protobuf); | 459 scoped_refptr<Config> ParseConfigProtobuf(QuicServerConfigProtobuf* protobuf); |
| 456 | 460 |
| 457 // NewSourceAddressToken returns a fresh source address token for the given | 461 // NewSourceAddressToken returns a fresh source address token for the given |
| 458 // IP address. |cached_network_params| is optional, and can be nullptr. | 462 // IP address. |cached_network_params| is optional, and can be nullptr. |
| (...skipping 127 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 586 // These fields store configuration values. See the comments for their | 590 // These fields store configuration values. See the comments for their |
| 587 // respective setter functions. | 591 // respective setter functions. |
| 588 bool strike_register_no_startup_period_; | 592 bool strike_register_no_startup_period_; |
| 589 uint32 strike_register_max_entries_; | 593 uint32 strike_register_max_entries_; |
| 590 uint32 strike_register_window_secs_; | 594 uint32 strike_register_window_secs_; |
| 591 uint32 source_address_token_future_secs_; | 595 uint32 source_address_token_future_secs_; |
| 592 uint32 source_address_token_lifetime_secs_; | 596 uint32 source_address_token_lifetime_secs_; |
| 593 uint32 server_nonce_strike_register_max_entries_; | 597 uint32 server_nonce_strike_register_max_entries_; |
| 594 uint32 server_nonce_strike_register_window_secs_; | 598 uint32 server_nonce_strike_register_window_secs_; |
| 595 | 599 |
| 600 // Enable serving SCT or not. |
| 601 bool enable_serving_sct_; |
| 602 |
| 596 DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerConfig); | 603 DISALLOW_COPY_AND_ASSIGN(QuicCryptoServerConfig); |
| 597 }; | 604 }; |
| 598 | 605 |
| 599 } // namespace net | 606 } // namespace net |
| 600 | 607 |
| 601 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ | 608 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_SERVER_CONFIG_H_ |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1416583005:
Add support of serving SCT on the server side in QUIC, gated by QUIC_VERSION_30. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@106687764