Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(253)

Issues Search
    My Issues | Starred     Open | Closed | All

Unified Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1437023002: Landing Recent QUIC changes until 2015-11-09 20:32 UTC (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Created 5 years, 1 month ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View side-by-side diff with in-line comments
Download patch
« no previous file with comments | « net/quic/crypto/quic_crypto_server_config.h ('k') | net/quic/quic_chromium_client_session_test.cc » ('j') | no next file with comments »
Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
Index: net/quic/crypto/quic_crypto_server_config.cc
diff --git a/net/quic/crypto/quic_crypto_server_config.cc b/net/quic/crypto/quic_crypto_server_config.cc
index c523dd487d9f785ea6a1ff713ad338e77004ccd9..e4c052f6c71c29193ce616c2b8397a84e5f1db05 100644
--- a/net/quic/crypto/quic_crypto_server_config.cc
+++ b/net/quic/crypto/quic_crypto_server_config.cc
@@ -205,6 +205,7 @@ void ValidateClientHelloResultCallback::Run(const Result* result) {
QuicCryptoServerConfig::ConfigOptions::ConfigOptions()
: expiry_time(QuicWallTime::Zero()),
channel_id_enabled(false),
+ token_binding_enabled(false),
p256(false) {}
QuicCryptoServerConfig::QuicCryptoServerConfig(
@@ -322,6 +323,10 @@ QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig(
msg.SetTaglist(kPDMD, kCHID, 0);
}
+ if (options.token_binding_enabled) {
+ msg.SetTaglist(kTBKP, kP256, 0);
+ }
+
if (options.id.empty()) {
// We need to ensure that the SCID changes whenever the server config does
// thus we make it a hash of the rest of the server config.
@@ -547,27 +552,10 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
validate_chlo_result.client_hello;
const ClientHelloInfo& info = validate_chlo_result.info;
- // If the client's preferred version is not the version we are currently
- // speaking, then the client went through a version negotiation. In this
- // case, we need to make sure that we actually do not support this version
- // and that it wasn't a downgrade attack.
- QuicTag client_version_tag;
- if (client_hello.GetUint32(kVER, &client_version_tag) != QUIC_NO_ERROR) {
- *error_details = "client hello missing version list";
- return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
- }
- QuicVersion client_version = QuicTagToQuicVersion(client_version_tag);
- if (client_version != version) {
- // Just because client_version is a valid version enum doesn't mean that
- // this server actually supports that version, so we check to see if
- // it's actually in the supported versions list.
- for (size_t i = 0; i < supported_versions.size(); ++i) {
- if (client_version == supported_versions[i]) {
- *error_details = "Downgrade attack detected";
- return QUIC_VERSION_NEGOTIATION_MISMATCH;
- }
- }
- }
+ QuicErrorCode valid = CryptoUtils::ValidateClientHello(
+ client_hello, version, supported_versions, error_details);
+ if (valid != QUIC_NO_ERROR)
+ return valid;
StringPiece requested_scid;
client_hello.GetStringPiece(kSCID, &requested_scid);
@@ -658,6 +646,25 @@ QuicErrorCode QuicCryptoServerConfig::ProcessClientHello(
return QUIC_CRYPTO_NO_SUPPORT;
}
+ if (!requested_config->tb_key_params.empty()) {
+ const QuicTag* their_tbkps;
+ size_t num_their_tbkps;
+ switch (client_hello.GetTaglist(kTBKP, &their_tbkps, &num_their_tbkps)) {
+ case QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND:
+ break;
+ case QUIC_NO_ERROR:
+ if (QuicUtils::FindMutualTag(
+ requested_config->tb_key_params, their_tbkps, num_their_tbkps,
+ QuicUtils::LOCAL_PRIORITY, &params->token_binding_key_param,
+ nullptr)) {
+ break;
+ }
+ default:
+ *error_details = "Invalid Token Binding key parameter";
+ return QUIC_INVALID_CRYPTO_MESSAGE_PARAMETER;
+ }
+ }
+
StringPiece public_value;
if (!client_hello.GetStringPiece(kPUBS, &public_value)) {
*error_details = "Missing public value";
@@ -1318,6 +1325,17 @@ QuicCryptoServerConfig::ParseConfigProtobuf(
return nullptr;
}
+ const QuicTag* tbkp_tags;
+ size_t tbkp_len;
+ QuicErrorCode err;
+ if ((err = msg->GetTaglist(kTBKP, &tbkp_tags, &tbkp_len)) !=
+ QUIC_CRYPTO_MESSAGE_PARAMETER_NOT_FOUND &&
+ err != QUIC_NO_ERROR) {
+ LOG(WARNING) << "Server config message is missing or has invalid TBKP";
+ return nullptr;
+ }
+ config->tb_key_params = vector<QuicTag>(tbkp_tags, tbkp_tags + tbkp_len);
+
StringPiece orbit;
if (!msg->GetStringPiece(kORBT, &orbit)) {
LOG(WARNING) << "Server config message is missing ORBT";
« no previous file with comments | « net/quic/crypto/quic_crypto_server_config.h ('k') | net/quic/quic_chromium_client_session_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698