OLD | NEW |
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/crypto_utils.h" | 5 #include "net/quic/crypto/crypto_utils.h" |
6 | 6 |
7 #include "crypto/hkdf.h" | 7 #include "crypto/hkdf.h" |
8 #include "net/base/net_util.h" | 8 #include "net/base/net_util.h" |
9 #include "net/quic/crypto/crypto_handshake.h" | 9 #include "net/quic/crypto/crypto_handshake.h" |
10 #include "net/quic/crypto/crypto_protocol.h" | 10 #include "net/quic/crypto/crypto_protocol.h" |
(...skipping 12 matching lines...) Expand all Loading... |
23 | 23 |
24 // static | 24 // static |
25 void CryptoUtils::GenerateNonce(QuicWallTime now, | 25 void CryptoUtils::GenerateNonce(QuicWallTime now, |
26 QuicRandom* random_generator, | 26 QuicRandom* random_generator, |
27 StringPiece orbit, | 27 StringPiece orbit, |
28 string* nonce) { | 28 string* nonce) { |
29 // a 4-byte timestamp + 28 random bytes. | 29 // a 4-byte timestamp + 28 random bytes. |
30 nonce->reserve(kNonceSize); | 30 nonce->reserve(kNonceSize); |
31 nonce->resize(kNonceSize); | 31 nonce->resize(kNonceSize); |
32 | 32 |
33 uint32 gmt_unix_time = static_cast<uint32>(now.ToUNIXSeconds()); | 33 uint32_t gmt_unix_time = static_cast<uint32_t>(now.ToUNIXSeconds()); |
34 // The time in the nonce must be encoded in big-endian because the | 34 // The time in the nonce must be encoded in big-endian because the |
35 // strike-register depends on the nonces being ordered by time. | 35 // strike-register depends on the nonces being ordered by time. |
36 (*nonce)[0] = static_cast<char>(gmt_unix_time >> 24); | 36 (*nonce)[0] = static_cast<char>(gmt_unix_time >> 24); |
37 (*nonce)[1] = static_cast<char>(gmt_unix_time >> 16); | 37 (*nonce)[1] = static_cast<char>(gmt_unix_time >> 16); |
38 (*nonce)[2] = static_cast<char>(gmt_unix_time >> 8); | 38 (*nonce)[2] = static_cast<char>(gmt_unix_time >> 8); |
39 (*nonce)[3] = static_cast<char>(gmt_unix_time); | 39 (*nonce)[3] = static_cast<char>(gmt_unix_time); |
40 size_t bytes_written = 4; | 40 size_t bytes_written = 4; |
41 | 41 |
42 if (orbit.size() == 8) { | 42 if (orbit.size() == 8) { |
43 memcpy(&(*nonce)[bytes_written], orbit.data(), orbit.size()); | 43 memcpy(&(*nonce)[bytes_written], orbit.data(), orbit.size()); |
(...skipping 89 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
133 StringPiece context, | 133 StringPiece context, |
134 size_t result_len, | 134 size_t result_len, |
135 string* result) { | 135 string* result) { |
136 for (size_t i = 0; i < label.length(); i++) { | 136 for (size_t i = 0; i < label.length(); i++) { |
137 if (label[i] == '\0') { | 137 if (label[i] == '\0') { |
138 LOG(ERROR) << "ExportKeyingMaterial label may not contain NULs"; | 138 LOG(ERROR) << "ExportKeyingMaterial label may not contain NULs"; |
139 return false; | 139 return false; |
140 } | 140 } |
141 } | 141 } |
142 // Create HKDF info input: null-terminated label + length-prefixed context | 142 // Create HKDF info input: null-terminated label + length-prefixed context |
143 if (context.length() >= numeric_limits<uint32>::max()) { | 143 if (context.length() >= numeric_limits<uint32_t>::max()) { |
144 LOG(ERROR) << "Context value longer than 2^32"; | 144 LOG(ERROR) << "Context value longer than 2^32"; |
145 return false; | 145 return false; |
146 } | 146 } |
147 uint32 context_length = static_cast<uint32>(context.length()); | 147 uint32_t context_length = static_cast<uint32_t>(context.length()); |
148 string info = label.as_string(); | 148 string info = label.as_string(); |
149 info.push_back('\0'); | 149 info.push_back('\0'); |
150 info.append(reinterpret_cast<char*>(&context_length), sizeof(context_length)); | 150 info.append(reinterpret_cast<char*>(&context_length), sizeof(context_length)); |
151 info.append(context.data(), context.length()); | 151 info.append(context.data(), context.length()); |
152 | 152 |
153 crypto::HKDF hkdf(subkey_secret, StringPiece() /* no salt */, info, | 153 crypto::HKDF hkdf(subkey_secret, StringPiece() /* no salt */, info, |
154 result_len, 0 /* no fixed IV */, 0 /* no subkey secret */); | 154 result_len, 0 /* no fixed IV */, 0 /* no subkey secret */); |
155 hkdf.client_write_key().CopyToString(result); | 155 hkdf.client_write_key().CopyToString(result); |
156 return true; | 156 return true; |
157 } | 157 } |
158 | 158 |
159 // static | 159 // static |
160 uint64 CryptoUtils::ComputeLeafCertHash(const std::string& cert) { | 160 uint64_t CryptoUtils::ComputeLeafCertHash(const std::string& cert) { |
161 return QuicUtils::FNV1a_64_Hash(cert.data(), cert.size()); | 161 return QuicUtils::FNV1a_64_Hash(cert.data(), cert.size()); |
162 } | 162 } |
163 | 163 |
164 QuicErrorCode CryptoUtils::ValidateServerHello( | 164 QuicErrorCode CryptoUtils::ValidateServerHello( |
165 const CryptoHandshakeMessage& server_hello, | 165 const CryptoHandshakeMessage& server_hello, |
166 const QuicVersionVector& negotiated_versions, | 166 const QuicVersionVector& negotiated_versions, |
167 string* error_details) { | 167 string* error_details) { |
168 DCHECK(error_details != nullptr); | 168 DCHECK(error_details != nullptr); |
169 | 169 |
170 if (server_hello.tag() != kSHLO) { | 170 if (server_hello.tag() != kSHLO) { |
(...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
268 RETURN_STRING_LITERAL(INVALID_EXPECTED_LEAF_CERTIFICATE); | 268 RETURN_STRING_LITERAL(INVALID_EXPECTED_LEAF_CERTIFICATE); |
269 RETURN_STRING_LITERAL(MAX_FAILURE_REASON); | 269 RETURN_STRING_LITERAL(MAX_FAILURE_REASON); |
270 } | 270 } |
271 // Return a default value so that we return this when |reason| doesn't match | 271 // Return a default value so that we return this when |reason| doesn't match |
272 // any HandshakeFailureReason.. This can happen when the message by the peer | 272 // any HandshakeFailureReason.. This can happen when the message by the peer |
273 // (attacker) has invalid reason. | 273 // (attacker) has invalid reason. |
274 return "INVALID_HANDSHAKE_FAILURE_REASON"; | 274 return "INVALID_HANDSHAKE_FAILURE_REASON"; |
275 } | 275 } |
276 | 276 |
277 } // namespace net | 277 } // namespace net |
OLD | NEW |