| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 |
| 8 #include <algorithm> | 9 #include <algorithm> |
| 9 | 10 |
| 11 #include "base/macros.h" |
| 10 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
| 11 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
| 12 #include "crypto/hkdf.h" | 14 #include "crypto/hkdf.h" |
| 13 #include "crypto/secure_hash.h" | 15 #include "crypto/secure_hash.h" |
| 14 #include "net/base/net_util.h" | 16 #include "net/base/net_util.h" |
| 15 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" | 17 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" |
| 16 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" | 18 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" |
| 17 #include "net/quic/crypto/cert_compressor.h" | 19 #include "net/quic/crypto/cert_compressor.h" |
| 18 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" | 20 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
| 19 #include "net/quic/crypto/channel_id.h" | 21 #include "net/quic/crypto/channel_id.h" |
| (...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 221 server_nonce_strike_register_window_secs_(120), | 223 server_nonce_strike_register_window_secs_(120), |
| 222 enable_serving_sct_(false) { | 224 enable_serving_sct_(false) { |
| 223 DCHECK(proof_source_.get()); | 225 DCHECK(proof_source_.get()); |
| 224 default_source_address_token_boxer_.SetKey( | 226 default_source_address_token_boxer_.SetKey( |
| 225 DeriveSourceAddressTokenKey(source_address_token_secret)); | 227 DeriveSourceAddressTokenKey(source_address_token_secret)); |
| 226 | 228 |
| 227 // Generate a random key and orbit for server nonces. | 229 // Generate a random key and orbit for server nonces. |
| 228 server_nonce_entropy->RandBytes(server_nonce_orbit_, | 230 server_nonce_entropy->RandBytes(server_nonce_orbit_, |
| 229 sizeof(server_nonce_orbit_)); | 231 sizeof(server_nonce_orbit_)); |
| 230 const size_t key_size = server_nonce_boxer_.GetKeySize(); | 232 const size_t key_size = server_nonce_boxer_.GetKeySize(); |
| 231 scoped_ptr<uint8[]> key_bytes(new uint8[key_size]); | 233 scoped_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]); |
| 232 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); | 234 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); |
| 233 | 235 |
| 234 server_nonce_boxer_.SetKey( | 236 server_nonce_boxer_.SetKey( |
| 235 StringPiece(reinterpret_cast<char*>(key_bytes.get()), key_size)); | 237 StringPiece(reinterpret_cast<char*>(key_bytes.get()), key_size)); |
| 236 } | 238 } |
| 237 | 239 |
| 238 QuicCryptoServerConfig::~QuicCryptoServerConfig() { | 240 QuicCryptoServerConfig::~QuicCryptoServerConfig() { |
| 239 primary_config_ = nullptr; | 241 primary_config_ = nullptr; |
| 240 } | 242 } |
| 241 | 243 |
| (...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 287 } else { | 289 } else { |
| 288 msg.SetTaglist(kKEXS, kC255, 0); | 290 msg.SetTaglist(kKEXS, kC255, 0); |
| 289 } | 291 } |
| 290 msg.SetTaglist(kAEAD, kAESG, kCC12, 0); | 292 msg.SetTaglist(kAEAD, kAESG, kCC12, 0); |
| 291 msg.SetStringPiece(kPUBS, encoded_public_values); | 293 msg.SetStringPiece(kPUBS, encoded_public_values); |
| 292 | 294 |
| 293 if (options.expiry_time.IsZero()) { | 295 if (options.expiry_time.IsZero()) { |
| 294 const QuicWallTime now = clock->WallNow(); | 296 const QuicWallTime now = clock->WallNow(); |
| 295 const QuicWallTime expiry = now.Add(QuicTime::Delta::FromSeconds( | 297 const QuicWallTime expiry = now.Add(QuicTime::Delta::FromSeconds( |
| 296 60 * 60 * 24 * 180 /* 180 days, ~six months */)); | 298 60 * 60 * 24 * 180 /* 180 days, ~six months */)); |
| 297 const uint64 expiry_seconds = expiry.ToUNIXSeconds(); | 299 const uint64_t expiry_seconds = expiry.ToUNIXSeconds(); |
| 298 msg.SetValue(kEXPY, expiry_seconds); | 300 msg.SetValue(kEXPY, expiry_seconds); |
| 299 } else { | 301 } else { |
| 300 msg.SetValue(kEXPY, options.expiry_time.ToUNIXSeconds()); | 302 msg.SetValue(kEXPY, options.expiry_time.ToUNIXSeconds()); |
| 301 } | 303 } |
| 302 | 304 |
| 303 char orbit_bytes[kOrbitSize]; | 305 char orbit_bytes[kOrbitSize]; |
| 304 if (options.orbit.size() == sizeof(orbit_bytes)) { | 306 if (options.orbit.size() == sizeof(orbit_bytes)) { |
| 305 memcpy(orbit_bytes, options.orbit.data(), sizeof(orbit_bytes)); | 307 memcpy(orbit_bytes, options.orbit.data(), sizeof(orbit_bytes)); |
| 306 } else { | 308 } else { |
| 307 DCHECK(options.orbit.empty()); | 309 DCHECK(options.orbit.empty()); |
| (...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 485 ValidateClientHelloResultCallback* done_cb) const { | 487 ValidateClientHelloResultCallback* done_cb) const { |
| 486 const QuicWallTime now(clock->WallNow()); | 488 const QuicWallTime now(clock->WallNow()); |
| 487 | 489 |
| 488 ValidateClientHelloResultCallback::Result* result = | 490 ValidateClientHelloResultCallback::Result* result = |
| 489 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 491 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
| 490 now); | 492 now); |
| 491 | 493 |
| 492 StringPiece requested_scid; | 494 StringPiece requested_scid; |
| 493 client_hello.GetStringPiece(kSCID, &requested_scid); | 495 client_hello.GetStringPiece(kSCID, &requested_scid); |
| 494 | 496 |
| 495 uint8 primary_orbit[kOrbitSize]; | 497 uint8_t primary_orbit[kOrbitSize]; |
| 496 scoped_refptr<Config> requested_config; | 498 scoped_refptr<Config> requested_config; |
| 497 scoped_refptr<Config> primary_config; | 499 scoped_refptr<Config> primary_config; |
| 498 { | 500 { |
| 499 base::AutoLock locked(configs_lock_); | 501 base::AutoLock locked(configs_lock_); |
| 500 | 502 |
| 501 if (!primary_config_.get()) { | 503 if (!primary_config_.get()) { |
| 502 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; | 504 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; |
| 503 result->error_details = "No configurations loaded"; | 505 result->error_details = "No configurations loaded"; |
| 504 } else { | 506 } else { |
| 505 if (!next_config_promotion_time_.IsZero() && | 507 if (!next_config_promotion_time_.IsZero() && |
| (...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 955 primary_config_->id.size()); | 957 primary_config_->id.size()); |
| 956 next_config_promotion_time_ = QuicWallTime::Zero(); | 958 next_config_promotion_time_ = QuicWallTime::Zero(); |
| 957 if (primary_config_changed_cb_.get() != nullptr) { | 959 if (primary_config_changed_cb_.get() != nullptr) { |
| 958 primary_config_changed_cb_->Run(primary_config_->id); | 960 primary_config_changed_cb_->Run(primary_config_->id); |
| 959 } | 961 } |
| 960 } | 962 } |
| 961 | 963 |
| 962 void QuicCryptoServerConfig::EvaluateClientHello( | 964 void QuicCryptoServerConfig::EvaluateClientHello( |
| 963 const IPAddressNumber& server_ip, | 965 const IPAddressNumber& server_ip, |
| 964 QuicVersion version, | 966 QuicVersion version, |
| 965 const uint8* primary_orbit, | 967 const uint8_t* primary_orbit, |
| 966 scoped_refptr<Config> requested_config, | 968 scoped_refptr<Config> requested_config, |
| 967 scoped_refptr<Config> primary_config, | 969 scoped_refptr<Config> primary_config, |
| 968 QuicCryptoProof* crypto_proof, | 970 QuicCryptoProof* crypto_proof, |
| 969 ValidateClientHelloResultCallback::Result* client_hello_state, | 971 ValidateClientHelloResultCallback::Result* client_hello_state, |
| 970 ValidateClientHelloResultCallback* done_cb) const { | 972 ValidateClientHelloResultCallback* done_cb) const { |
| 971 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 973 ValidateClientHelloHelper helper(client_hello_state, done_cb); |
| 972 | 974 |
| 973 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 975 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
| 974 ClientHelloInfo* info = &(client_hello_state->info); | 976 ClientHelloInfo* info = &(client_hello_state->info); |
| 975 | 977 |
| (...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1135 } | 1137 } |
| 1136 | 1138 |
| 1137 // Use the client nonce to establish uniqueness. | 1139 // Use the client nonce to establish uniqueness. |
| 1138 StrikeRegisterClient* strike_register_client; | 1140 StrikeRegisterClient* strike_register_client; |
| 1139 { | 1141 { |
| 1140 base::AutoLock locked(strike_register_client_lock_); | 1142 base::AutoLock locked(strike_register_client_lock_); |
| 1141 | 1143 |
| 1142 if (strike_register_client_.get() == nullptr) { | 1144 if (strike_register_client_.get() == nullptr) { |
| 1143 strike_register_client_.reset(new LocalStrikeRegisterClient( | 1145 strike_register_client_.reset(new LocalStrikeRegisterClient( |
| 1144 strike_register_max_entries_, | 1146 strike_register_max_entries_, |
| 1145 static_cast<uint32>(info->now.ToUNIXSeconds()), | 1147 static_cast<uint32_t>(info->now.ToUNIXSeconds()), |
| 1146 strike_register_window_secs_, primary_orbit, | 1148 strike_register_window_secs_, primary_orbit, |
| 1147 strike_register_no_startup_period_ | 1149 strike_register_no_startup_period_ |
| 1148 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED | 1150 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED |
| 1149 : StrikeRegister::DENY_REQUESTS_AT_STARTUP)); | 1151 : StrikeRegister::DENY_REQUESTS_AT_STARTUP)); |
| 1150 } | 1152 } |
| 1151 strike_register_client = strike_register_client_.get(); | 1153 strike_register_client = strike_register_client_.get(); |
| 1152 } | 1154 } |
| 1153 | 1155 |
| 1154 strike_register_client->VerifyNonceIsValidAndUnique( | 1156 strike_register_client->VerifyNonceIsValidAndUnique( |
| 1155 info->client_nonce, info->now, | 1157 info->client_nonce, info->now, |
| (...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1489 chlo_multiplier_ = multiplier; | 1491 chlo_multiplier_ = multiplier; |
| 1490 } | 1492 } |
| 1491 | 1493 |
| 1492 void QuicCryptoServerConfig::set_strike_register_no_startup_period() { | 1494 void QuicCryptoServerConfig::set_strike_register_no_startup_period() { |
| 1493 base::AutoLock locker(strike_register_client_lock_); | 1495 base::AutoLock locker(strike_register_client_lock_); |
| 1494 DCHECK(!strike_register_client_.get()); | 1496 DCHECK(!strike_register_client_.get()); |
| 1495 strike_register_no_startup_period_ = true; | 1497 strike_register_no_startup_period_ = true; |
| 1496 } | 1498 } |
| 1497 | 1499 |
| 1498 void QuicCryptoServerConfig::set_strike_register_max_entries( | 1500 void QuicCryptoServerConfig::set_strike_register_max_entries( |
| 1499 uint32 max_entries) { | 1501 uint32_t max_entries) { |
| 1500 base::AutoLock locker(strike_register_client_lock_); | 1502 base::AutoLock locker(strike_register_client_lock_); |
| 1501 DCHECK(!strike_register_client_.get()); | 1503 DCHECK(!strike_register_client_.get()); |
| 1502 strike_register_max_entries_ = max_entries; | 1504 strike_register_max_entries_ = max_entries; |
| 1503 } | 1505 } |
| 1504 | 1506 |
| 1505 void QuicCryptoServerConfig::set_strike_register_window_secs( | 1507 void QuicCryptoServerConfig::set_strike_register_window_secs( |
| 1506 uint32 window_secs) { | 1508 uint32_t window_secs) { |
| 1507 base::AutoLock locker(strike_register_client_lock_); | 1509 base::AutoLock locker(strike_register_client_lock_); |
| 1508 DCHECK(!strike_register_client_.get()); | 1510 DCHECK(!strike_register_client_.get()); |
| 1509 strike_register_window_secs_ = window_secs; | 1511 strike_register_window_secs_ = window_secs; |
| 1510 } | 1512 } |
| 1511 | 1513 |
| 1512 void QuicCryptoServerConfig::set_source_address_token_future_secs( | 1514 void QuicCryptoServerConfig::set_source_address_token_future_secs( |
| 1513 uint32 future_secs) { | 1515 uint32_t future_secs) { |
| 1514 source_address_token_future_secs_ = future_secs; | 1516 source_address_token_future_secs_ = future_secs; |
| 1515 } | 1517 } |
| 1516 | 1518 |
| 1517 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( | 1519 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( |
| 1518 uint32 lifetime_secs) { | 1520 uint32_t lifetime_secs) { |
| 1519 source_address_token_lifetime_secs_ = lifetime_secs; | 1521 source_address_token_lifetime_secs_ = lifetime_secs; |
| 1520 } | 1522 } |
| 1521 | 1523 |
| 1522 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries( | 1524 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries( |
| 1523 uint32 max_entries) { | 1525 uint32_t max_entries) { |
| 1524 DCHECK(!server_nonce_strike_register_.get()); | 1526 DCHECK(!server_nonce_strike_register_.get()); |
| 1525 server_nonce_strike_register_max_entries_ = max_entries; | 1527 server_nonce_strike_register_max_entries_ = max_entries; |
| 1526 } | 1528 } |
| 1527 | 1529 |
| 1528 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs( | 1530 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs( |
| 1529 uint32 window_secs) { | 1531 uint32_t window_secs) { |
| 1530 DCHECK(!server_nonce_strike_register_.get()); | 1532 DCHECK(!server_nonce_strike_register_.get()); |
| 1531 server_nonce_strike_register_window_secs_ = window_secs; | 1533 server_nonce_strike_register_window_secs_ = window_secs; |
| 1532 } | 1534 } |
| 1533 | 1535 |
| 1534 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { | 1536 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { |
| 1535 enable_serving_sct_ = enable_serving_sct; | 1537 enable_serving_sct_ = enable_serving_sct; |
| 1536 } | 1538 } |
| 1537 | 1539 |
| 1538 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( | 1540 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( |
| 1539 PrimaryConfigChangedCallback* cb) { | 1541 PrimaryConfigChangedCallback* cb) { |
| (...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1662 return HANDSHAKE_OK; | 1664 return HANDSHAKE_OK; |
| 1663 } | 1665 } |
| 1664 | 1666 |
| 1665 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server | 1667 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server |
| 1666 // nonce. | 1668 // nonce. |
| 1667 static const size_t kServerNoncePlaintextSize = | 1669 static const size_t kServerNoncePlaintextSize = |
| 1668 4 /* timestamp */ + 20 /* random bytes */; | 1670 4 /* timestamp */ + 20 /* random bytes */; |
| 1669 | 1671 |
| 1670 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, | 1672 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, |
| 1671 QuicWallTime now) const { | 1673 QuicWallTime now) const { |
| 1672 const uint32 timestamp = static_cast<uint32>(now.ToUNIXSeconds()); | 1674 const uint32_t timestamp = static_cast<uint32_t>(now.ToUNIXSeconds()); |
| 1673 | 1675 |
| 1674 uint8 server_nonce[kServerNoncePlaintextSize]; | 1676 uint8_t server_nonce[kServerNoncePlaintextSize]; |
| 1675 static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small"); | 1677 static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small"); |
| 1676 server_nonce[0] = static_cast<uint8>(timestamp >> 24); | 1678 server_nonce[0] = static_cast<uint8_t>(timestamp >> 24); |
| 1677 server_nonce[1] = static_cast<uint8>(timestamp >> 16); | 1679 server_nonce[1] = static_cast<uint8_t>(timestamp >> 16); |
| 1678 server_nonce[2] = static_cast<uint8>(timestamp >> 8); | 1680 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8); |
| 1679 server_nonce[3] = static_cast<uint8>(timestamp); | 1681 server_nonce[3] = static_cast<uint8_t>(timestamp); |
| 1680 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1682 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
| 1681 sizeof(server_nonce) - sizeof(timestamp)); | 1683 sizeof(server_nonce) - sizeof(timestamp)); |
| 1682 | 1684 |
| 1683 return server_nonce_boxer_.Box( | 1685 return server_nonce_boxer_.Box( |
| 1684 rand, | 1686 rand, |
| 1685 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1687 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
| 1686 } | 1688 } |
| 1687 | 1689 |
| 1688 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce( | 1690 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce( |
| 1689 StringPiece token, | 1691 StringPiece token, |
| 1690 QuicWallTime now) const { | 1692 QuicWallTime now) const { |
| 1691 string storage; | 1693 string storage; |
| 1692 StringPiece plaintext; | 1694 StringPiece plaintext; |
| 1693 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) { | 1695 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) { |
| 1694 return SERVER_NONCE_DECRYPTION_FAILURE; | 1696 return SERVER_NONCE_DECRYPTION_FAILURE; |
| 1695 } | 1697 } |
| 1696 | 1698 |
| 1697 // plaintext contains: | 1699 // plaintext contains: |
| 1698 // uint32 timestamp | 1700 // uint32_t timestamp |
| 1699 // uint8[20] random bytes | 1701 // uint8_t[20] random bytes |
| 1700 | 1702 |
| 1701 if (plaintext.size() != kServerNoncePlaintextSize) { | 1703 if (plaintext.size() != kServerNoncePlaintextSize) { |
| 1702 // This should never happen because the value decrypted correctly. | 1704 // This should never happen because the value decrypted correctly. |
| 1703 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; | 1705 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; |
| 1704 return SERVER_NONCE_INVALID_FAILURE; | 1706 return SERVER_NONCE_INVALID_FAILURE; |
| 1705 } | 1707 } |
| 1706 | 1708 |
| 1707 uint8 server_nonce[32]; | 1709 uint8_t server_nonce[32]; |
| 1708 memcpy(server_nonce, plaintext.data(), 4); | 1710 memcpy(server_nonce, plaintext.data(), 4); |
| 1709 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); | 1711 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); |
| 1710 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, | 1712 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, |
| 1711 20); | 1713 20); |
| 1712 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), | 1714 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), |
| 1713 "bad nonce buffer length"); | 1715 "bad nonce buffer length"); |
| 1714 | 1716 |
| 1715 InsertStatus nonce_error; | 1717 InsertStatus nonce_error; |
| 1716 { | 1718 { |
| 1717 base::AutoLock auto_lock(server_nonce_strike_register_lock_); | 1719 base::AutoLock auto_lock(server_nonce_strike_register_lock_); |
| 1718 if (server_nonce_strike_register_.get() == nullptr) { | 1720 if (server_nonce_strike_register_.get() == nullptr) { |
| 1719 server_nonce_strike_register_.reset(new StrikeRegister( | 1721 server_nonce_strike_register_.reset(new StrikeRegister( |
| 1720 server_nonce_strike_register_max_entries_, | 1722 server_nonce_strike_register_max_entries_, |
| 1721 static_cast<uint32>(now.ToUNIXSeconds()), | 1723 static_cast<uint32_t>(now.ToUNIXSeconds()), |
| 1722 server_nonce_strike_register_window_secs_, server_nonce_orbit_, | 1724 server_nonce_strike_register_window_secs_, server_nonce_orbit_, |
| 1723 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); | 1725 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); |
| 1724 } | 1726 } |
| 1725 nonce_error = server_nonce_strike_register_->Insert( | 1727 nonce_error = server_nonce_strike_register_->Insert( |
| 1726 server_nonce, static_cast<uint32>(now.ToUNIXSeconds())); | 1728 server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds())); |
| 1727 } | 1729 } |
| 1728 | 1730 |
| 1729 switch (nonce_error) { | 1731 switch (nonce_error) { |
| 1730 case NONCE_OK: | 1732 case NONCE_OK: |
| 1731 return HANDSHAKE_OK; | 1733 return HANDSHAKE_OK; |
| 1732 case NONCE_INVALID_FAILURE: | 1734 case NONCE_INVALID_FAILURE: |
| 1733 case NONCE_INVALID_ORBIT_FAILURE: | 1735 case NONCE_INVALID_ORBIT_FAILURE: |
| 1734 return SERVER_NONCE_INVALID_FAILURE; | 1736 return SERVER_NONCE_INVALID_FAILURE; |
| 1735 case NONCE_NOT_UNIQUE_FAILURE: | 1737 case NONCE_NOT_UNIQUE_FAILURE: |
| 1736 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | 1738 return SERVER_NONCE_NOT_UNIQUE_FAILURE; |
| 1737 case NONCE_INVALID_TIME_FAILURE: | 1739 case NONCE_INVALID_TIME_FAILURE: |
| 1738 return SERVER_NONCE_INVALID_TIME_FAILURE; | 1740 return SERVER_NONCE_INVALID_TIME_FAILURE; |
| 1739 case NONCE_UNKNOWN_FAILURE: | 1741 case NONCE_UNKNOWN_FAILURE: |
| 1740 case STRIKE_REGISTER_TIMEOUT: | 1742 case STRIKE_REGISTER_TIMEOUT: |
| 1741 case STRIKE_REGISTER_FAILURE: | 1743 case STRIKE_REGISTER_FAILURE: |
| 1742 default: | 1744 default: |
| 1743 LOG(DFATAL) << "Unexpected server nonce error: " << nonce_error; | 1745 LOG(DFATAL) << "Unexpected server nonce error: " << nonce_error; |
| 1744 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | 1746 return SERVER_NONCE_NOT_UNIQUE_FAILURE; |
| 1745 } | 1747 } |
| 1746 } | 1748 } |
| 1747 | 1749 |
| 1748 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1750 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
| 1749 const CryptoHandshakeMessage& client_hello, | 1751 const CryptoHandshakeMessage& client_hello, |
| 1750 const QuicCryptoProof& crypto_proof) const { | 1752 const QuicCryptoProof& crypto_proof) const { |
| 1751 if (crypto_proof.certs->empty()) { | 1753 if (crypto_proof.certs->empty()) { |
| 1752 return false; | 1754 return false; |
| 1753 } | 1755 } |
| 1754 | 1756 |
| 1755 uint64 hash_from_client; | 1757 uint64_t hash_from_client; |
| 1756 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1758 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
| 1757 return false; | 1759 return false; |
| 1758 } | 1760 } |
| 1759 return CryptoUtils::ComputeLeafCertHash(crypto_proof.certs->at(0)) == | 1761 return CryptoUtils::ComputeLeafCertHash(crypto_proof.certs->at(0)) == |
| 1760 hash_from_client; | 1762 hash_from_client; |
| 1761 } | 1763 } |
| 1762 | 1764 |
| 1763 void QuicCryptoServerConfig::ParseProofDemand( | 1765 void QuicCryptoServerConfig::ParseProofDemand( |
| 1764 const CryptoHandshakeMessage& client_hello, | 1766 const CryptoHandshakeMessage& client_hello, |
| 1765 bool* x509_supported, | 1767 bool* x509_supported, |
| (...skipping 25 matching lines...) Expand all Loading... |
| 1791 is_primary(false), | 1793 is_primary(false), |
| 1792 primary_time(QuicWallTime::Zero()), | 1794 primary_time(QuicWallTime::Zero()), |
| 1793 priority(0), | 1795 priority(0), |
| 1794 source_address_token_boxer(nullptr) {} | 1796 source_address_token_boxer(nullptr) {} |
| 1795 | 1797 |
| 1796 QuicCryptoServerConfig::Config::~Config() { | 1798 QuicCryptoServerConfig::Config::~Config() { |
| 1797 STLDeleteElements(&key_exchanges); | 1799 STLDeleteElements(&key_exchanges); |
| 1798 } | 1800 } |
| 1799 | 1801 |
| 1800 } // namespace net | 1802 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1535363003:
Switch to standard integer types in net/. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@master