OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
6 | 6 |
7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 |
8 #include <algorithm> | 9 #include <algorithm> |
9 | 10 |
| 11 #include "base/macros.h" |
10 #include "base/stl_util.h" | 12 #include "base/stl_util.h" |
11 #include "base/strings/string_number_conversions.h" | 13 #include "base/strings/string_number_conversions.h" |
12 #include "crypto/hkdf.h" | 14 #include "crypto/hkdf.h" |
13 #include "crypto/secure_hash.h" | 15 #include "crypto/secure_hash.h" |
14 #include "net/base/net_util.h" | 16 #include "net/base/net_util.h" |
15 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" | 17 #include "net/quic/crypto/aes_128_gcm_12_decrypter.h" |
16 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" | 18 #include "net/quic/crypto/aes_128_gcm_12_encrypter.h" |
17 #include "net/quic/crypto/cert_compressor.h" | 19 #include "net/quic/crypto/cert_compressor.h" |
18 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" | 20 #include "net/quic/crypto/chacha20_poly1305_encrypter.h" |
19 #include "net/quic/crypto/channel_id.h" | 21 #include "net/quic/crypto/channel_id.h" |
(...skipping 201 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
221 server_nonce_strike_register_window_secs_(120), | 223 server_nonce_strike_register_window_secs_(120), |
222 enable_serving_sct_(false) { | 224 enable_serving_sct_(false) { |
223 DCHECK(proof_source_.get()); | 225 DCHECK(proof_source_.get()); |
224 default_source_address_token_boxer_.SetKey( | 226 default_source_address_token_boxer_.SetKey( |
225 DeriveSourceAddressTokenKey(source_address_token_secret)); | 227 DeriveSourceAddressTokenKey(source_address_token_secret)); |
226 | 228 |
227 // Generate a random key and orbit for server nonces. | 229 // Generate a random key and orbit for server nonces. |
228 server_nonce_entropy->RandBytes(server_nonce_orbit_, | 230 server_nonce_entropy->RandBytes(server_nonce_orbit_, |
229 sizeof(server_nonce_orbit_)); | 231 sizeof(server_nonce_orbit_)); |
230 const size_t key_size = server_nonce_boxer_.GetKeySize(); | 232 const size_t key_size = server_nonce_boxer_.GetKeySize(); |
231 scoped_ptr<uint8[]> key_bytes(new uint8[key_size]); | 233 scoped_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]); |
232 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); | 234 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); |
233 | 235 |
234 server_nonce_boxer_.SetKey( | 236 server_nonce_boxer_.SetKey( |
235 StringPiece(reinterpret_cast<char*>(key_bytes.get()), key_size)); | 237 StringPiece(reinterpret_cast<char*>(key_bytes.get()), key_size)); |
236 } | 238 } |
237 | 239 |
238 QuicCryptoServerConfig::~QuicCryptoServerConfig() { | 240 QuicCryptoServerConfig::~QuicCryptoServerConfig() { |
239 primary_config_ = nullptr; | 241 primary_config_ = nullptr; |
240 } | 242 } |
241 | 243 |
(...skipping 45 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
287 } else { | 289 } else { |
288 msg.SetTaglist(kKEXS, kC255, 0); | 290 msg.SetTaglist(kKEXS, kC255, 0); |
289 } | 291 } |
290 msg.SetTaglist(kAEAD, kAESG, kCC12, 0); | 292 msg.SetTaglist(kAEAD, kAESG, kCC12, 0); |
291 msg.SetStringPiece(kPUBS, encoded_public_values); | 293 msg.SetStringPiece(kPUBS, encoded_public_values); |
292 | 294 |
293 if (options.expiry_time.IsZero()) { | 295 if (options.expiry_time.IsZero()) { |
294 const QuicWallTime now = clock->WallNow(); | 296 const QuicWallTime now = clock->WallNow(); |
295 const QuicWallTime expiry = now.Add(QuicTime::Delta::FromSeconds( | 297 const QuicWallTime expiry = now.Add(QuicTime::Delta::FromSeconds( |
296 60 * 60 * 24 * 180 /* 180 days, ~six months */)); | 298 60 * 60 * 24 * 180 /* 180 days, ~six months */)); |
297 const uint64 expiry_seconds = expiry.ToUNIXSeconds(); | 299 const uint64_t expiry_seconds = expiry.ToUNIXSeconds(); |
298 msg.SetValue(kEXPY, expiry_seconds); | 300 msg.SetValue(kEXPY, expiry_seconds); |
299 } else { | 301 } else { |
300 msg.SetValue(kEXPY, options.expiry_time.ToUNIXSeconds()); | 302 msg.SetValue(kEXPY, options.expiry_time.ToUNIXSeconds()); |
301 } | 303 } |
302 | 304 |
303 char orbit_bytes[kOrbitSize]; | 305 char orbit_bytes[kOrbitSize]; |
304 if (options.orbit.size() == sizeof(orbit_bytes)) { | 306 if (options.orbit.size() == sizeof(orbit_bytes)) { |
305 memcpy(orbit_bytes, options.orbit.data(), sizeof(orbit_bytes)); | 307 memcpy(orbit_bytes, options.orbit.data(), sizeof(orbit_bytes)); |
306 } else { | 308 } else { |
307 DCHECK(options.orbit.empty()); | 309 DCHECK(options.orbit.empty()); |
(...skipping 177 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
485 ValidateClientHelloResultCallback* done_cb) const { | 487 ValidateClientHelloResultCallback* done_cb) const { |
486 const QuicWallTime now(clock->WallNow()); | 488 const QuicWallTime now(clock->WallNow()); |
487 | 489 |
488 ValidateClientHelloResultCallback::Result* result = | 490 ValidateClientHelloResultCallback::Result* result = |
489 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, | 491 new ValidateClientHelloResultCallback::Result(client_hello, client_ip, |
490 now); | 492 now); |
491 | 493 |
492 StringPiece requested_scid; | 494 StringPiece requested_scid; |
493 client_hello.GetStringPiece(kSCID, &requested_scid); | 495 client_hello.GetStringPiece(kSCID, &requested_scid); |
494 | 496 |
495 uint8 primary_orbit[kOrbitSize]; | 497 uint8_t primary_orbit[kOrbitSize]; |
496 scoped_refptr<Config> requested_config; | 498 scoped_refptr<Config> requested_config; |
497 scoped_refptr<Config> primary_config; | 499 scoped_refptr<Config> primary_config; |
498 { | 500 { |
499 base::AutoLock locked(configs_lock_); | 501 base::AutoLock locked(configs_lock_); |
500 | 502 |
501 if (!primary_config_.get()) { | 503 if (!primary_config_.get()) { |
502 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; | 504 result->error_code = QUIC_CRYPTO_INTERNAL_ERROR; |
503 result->error_details = "No configurations loaded"; | 505 result->error_details = "No configurations loaded"; |
504 } else { | 506 } else { |
505 if (!next_config_promotion_time_.IsZero() && | 507 if (!next_config_promotion_time_.IsZero() && |
(...skipping 449 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
955 primary_config_->id.size()); | 957 primary_config_->id.size()); |
956 next_config_promotion_time_ = QuicWallTime::Zero(); | 958 next_config_promotion_time_ = QuicWallTime::Zero(); |
957 if (primary_config_changed_cb_.get() != nullptr) { | 959 if (primary_config_changed_cb_.get() != nullptr) { |
958 primary_config_changed_cb_->Run(primary_config_->id); | 960 primary_config_changed_cb_->Run(primary_config_->id); |
959 } | 961 } |
960 } | 962 } |
961 | 963 |
962 void QuicCryptoServerConfig::EvaluateClientHello( | 964 void QuicCryptoServerConfig::EvaluateClientHello( |
963 const IPAddressNumber& server_ip, | 965 const IPAddressNumber& server_ip, |
964 QuicVersion version, | 966 QuicVersion version, |
965 const uint8* primary_orbit, | 967 const uint8_t* primary_orbit, |
966 scoped_refptr<Config> requested_config, | 968 scoped_refptr<Config> requested_config, |
967 scoped_refptr<Config> primary_config, | 969 scoped_refptr<Config> primary_config, |
968 QuicCryptoProof* crypto_proof, | 970 QuicCryptoProof* crypto_proof, |
969 ValidateClientHelloResultCallback::Result* client_hello_state, | 971 ValidateClientHelloResultCallback::Result* client_hello_state, |
970 ValidateClientHelloResultCallback* done_cb) const { | 972 ValidateClientHelloResultCallback* done_cb) const { |
971 ValidateClientHelloHelper helper(client_hello_state, done_cb); | 973 ValidateClientHelloHelper helper(client_hello_state, done_cb); |
972 | 974 |
973 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; | 975 const CryptoHandshakeMessage& client_hello = client_hello_state->client_hello; |
974 ClientHelloInfo* info = &(client_hello_state->info); | 976 ClientHelloInfo* info = &(client_hello_state->info); |
975 | 977 |
(...skipping 159 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1135 } | 1137 } |
1136 | 1138 |
1137 // Use the client nonce to establish uniqueness. | 1139 // Use the client nonce to establish uniqueness. |
1138 StrikeRegisterClient* strike_register_client; | 1140 StrikeRegisterClient* strike_register_client; |
1139 { | 1141 { |
1140 base::AutoLock locked(strike_register_client_lock_); | 1142 base::AutoLock locked(strike_register_client_lock_); |
1141 | 1143 |
1142 if (strike_register_client_.get() == nullptr) { | 1144 if (strike_register_client_.get() == nullptr) { |
1143 strike_register_client_.reset(new LocalStrikeRegisterClient( | 1145 strike_register_client_.reset(new LocalStrikeRegisterClient( |
1144 strike_register_max_entries_, | 1146 strike_register_max_entries_, |
1145 static_cast<uint32>(info->now.ToUNIXSeconds()), | 1147 static_cast<uint32_t>(info->now.ToUNIXSeconds()), |
1146 strike_register_window_secs_, primary_orbit, | 1148 strike_register_window_secs_, primary_orbit, |
1147 strike_register_no_startup_period_ | 1149 strike_register_no_startup_period_ |
1148 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED | 1150 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED |
1149 : StrikeRegister::DENY_REQUESTS_AT_STARTUP)); | 1151 : StrikeRegister::DENY_REQUESTS_AT_STARTUP)); |
1150 } | 1152 } |
1151 strike_register_client = strike_register_client_.get(); | 1153 strike_register_client = strike_register_client_.get(); |
1152 } | 1154 } |
1153 | 1155 |
1154 strike_register_client->VerifyNonceIsValidAndUnique( | 1156 strike_register_client->VerifyNonceIsValidAndUnique( |
1155 info->client_nonce, info->now, | 1157 info->client_nonce, info->now, |
(...skipping 333 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1489 chlo_multiplier_ = multiplier; | 1491 chlo_multiplier_ = multiplier; |
1490 } | 1492 } |
1491 | 1493 |
1492 void QuicCryptoServerConfig::set_strike_register_no_startup_period() { | 1494 void QuicCryptoServerConfig::set_strike_register_no_startup_period() { |
1493 base::AutoLock locker(strike_register_client_lock_); | 1495 base::AutoLock locker(strike_register_client_lock_); |
1494 DCHECK(!strike_register_client_.get()); | 1496 DCHECK(!strike_register_client_.get()); |
1495 strike_register_no_startup_period_ = true; | 1497 strike_register_no_startup_period_ = true; |
1496 } | 1498 } |
1497 | 1499 |
1498 void QuicCryptoServerConfig::set_strike_register_max_entries( | 1500 void QuicCryptoServerConfig::set_strike_register_max_entries( |
1499 uint32 max_entries) { | 1501 uint32_t max_entries) { |
1500 base::AutoLock locker(strike_register_client_lock_); | 1502 base::AutoLock locker(strike_register_client_lock_); |
1501 DCHECK(!strike_register_client_.get()); | 1503 DCHECK(!strike_register_client_.get()); |
1502 strike_register_max_entries_ = max_entries; | 1504 strike_register_max_entries_ = max_entries; |
1503 } | 1505 } |
1504 | 1506 |
1505 void QuicCryptoServerConfig::set_strike_register_window_secs( | 1507 void QuicCryptoServerConfig::set_strike_register_window_secs( |
1506 uint32 window_secs) { | 1508 uint32_t window_secs) { |
1507 base::AutoLock locker(strike_register_client_lock_); | 1509 base::AutoLock locker(strike_register_client_lock_); |
1508 DCHECK(!strike_register_client_.get()); | 1510 DCHECK(!strike_register_client_.get()); |
1509 strike_register_window_secs_ = window_secs; | 1511 strike_register_window_secs_ = window_secs; |
1510 } | 1512 } |
1511 | 1513 |
1512 void QuicCryptoServerConfig::set_source_address_token_future_secs( | 1514 void QuicCryptoServerConfig::set_source_address_token_future_secs( |
1513 uint32 future_secs) { | 1515 uint32_t future_secs) { |
1514 source_address_token_future_secs_ = future_secs; | 1516 source_address_token_future_secs_ = future_secs; |
1515 } | 1517 } |
1516 | 1518 |
1517 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( | 1519 void QuicCryptoServerConfig::set_source_address_token_lifetime_secs( |
1518 uint32 lifetime_secs) { | 1520 uint32_t lifetime_secs) { |
1519 source_address_token_lifetime_secs_ = lifetime_secs; | 1521 source_address_token_lifetime_secs_ = lifetime_secs; |
1520 } | 1522 } |
1521 | 1523 |
1522 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries( | 1524 void QuicCryptoServerConfig::set_server_nonce_strike_register_max_entries( |
1523 uint32 max_entries) { | 1525 uint32_t max_entries) { |
1524 DCHECK(!server_nonce_strike_register_.get()); | 1526 DCHECK(!server_nonce_strike_register_.get()); |
1525 server_nonce_strike_register_max_entries_ = max_entries; | 1527 server_nonce_strike_register_max_entries_ = max_entries; |
1526 } | 1528 } |
1527 | 1529 |
1528 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs( | 1530 void QuicCryptoServerConfig::set_server_nonce_strike_register_window_secs( |
1529 uint32 window_secs) { | 1531 uint32_t window_secs) { |
1530 DCHECK(!server_nonce_strike_register_.get()); | 1532 DCHECK(!server_nonce_strike_register_.get()); |
1531 server_nonce_strike_register_window_secs_ = window_secs; | 1533 server_nonce_strike_register_window_secs_ = window_secs; |
1532 } | 1534 } |
1533 | 1535 |
1534 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { | 1536 void QuicCryptoServerConfig::set_enable_serving_sct(bool enable_serving_sct) { |
1535 enable_serving_sct_ = enable_serving_sct; | 1537 enable_serving_sct_ = enable_serving_sct; |
1536 } | 1538 } |
1537 | 1539 |
1538 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( | 1540 void QuicCryptoServerConfig::AcquirePrimaryConfigChangedCb( |
1539 PrimaryConfigChangedCallback* cb) { | 1541 PrimaryConfigChangedCallback* cb) { |
(...skipping 122 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
1662 return HANDSHAKE_OK; | 1664 return HANDSHAKE_OK; |
1663 } | 1665 } |
1664 | 1666 |
1665 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server | 1667 // kServerNoncePlaintextSize is the number of bytes in an unencrypted server |
1666 // nonce. | 1668 // nonce. |
1667 static const size_t kServerNoncePlaintextSize = | 1669 static const size_t kServerNoncePlaintextSize = |
1668 4 /* timestamp */ + 20 /* random bytes */; | 1670 4 /* timestamp */ + 20 /* random bytes */; |
1669 | 1671 |
1670 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, | 1672 string QuicCryptoServerConfig::NewServerNonce(QuicRandom* rand, |
1671 QuicWallTime now) const { | 1673 QuicWallTime now) const { |
1672 const uint32 timestamp = static_cast<uint32>(now.ToUNIXSeconds()); | 1674 const uint32_t timestamp = static_cast<uint32_t>(now.ToUNIXSeconds()); |
1673 | 1675 |
1674 uint8 server_nonce[kServerNoncePlaintextSize]; | 1676 uint8_t server_nonce[kServerNoncePlaintextSize]; |
1675 static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small"); | 1677 static_assert(sizeof(server_nonce) > sizeof(timestamp), "nonce too small"); |
1676 server_nonce[0] = static_cast<uint8>(timestamp >> 24); | 1678 server_nonce[0] = static_cast<uint8_t>(timestamp >> 24); |
1677 server_nonce[1] = static_cast<uint8>(timestamp >> 16); | 1679 server_nonce[1] = static_cast<uint8_t>(timestamp >> 16); |
1678 server_nonce[2] = static_cast<uint8>(timestamp >> 8); | 1680 server_nonce[2] = static_cast<uint8_t>(timestamp >> 8); |
1679 server_nonce[3] = static_cast<uint8>(timestamp); | 1681 server_nonce[3] = static_cast<uint8_t>(timestamp); |
1680 rand->RandBytes(&server_nonce[sizeof(timestamp)], | 1682 rand->RandBytes(&server_nonce[sizeof(timestamp)], |
1681 sizeof(server_nonce) - sizeof(timestamp)); | 1683 sizeof(server_nonce) - sizeof(timestamp)); |
1682 | 1684 |
1683 return server_nonce_boxer_.Box( | 1685 return server_nonce_boxer_.Box( |
1684 rand, | 1686 rand, |
1685 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); | 1687 StringPiece(reinterpret_cast<char*>(server_nonce), sizeof(server_nonce))); |
1686 } | 1688 } |
1687 | 1689 |
1688 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce( | 1690 HandshakeFailureReason QuicCryptoServerConfig::ValidateServerNonce( |
1689 StringPiece token, | 1691 StringPiece token, |
1690 QuicWallTime now) const { | 1692 QuicWallTime now) const { |
1691 string storage; | 1693 string storage; |
1692 StringPiece plaintext; | 1694 StringPiece plaintext; |
1693 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) { | 1695 if (!server_nonce_boxer_.Unbox(token, &storage, &plaintext)) { |
1694 return SERVER_NONCE_DECRYPTION_FAILURE; | 1696 return SERVER_NONCE_DECRYPTION_FAILURE; |
1695 } | 1697 } |
1696 | 1698 |
1697 // plaintext contains: | 1699 // plaintext contains: |
1698 // uint32 timestamp | 1700 // uint32_t timestamp |
1699 // uint8[20] random bytes | 1701 // uint8_t[20] random bytes |
1700 | 1702 |
1701 if (plaintext.size() != kServerNoncePlaintextSize) { | 1703 if (plaintext.size() != kServerNoncePlaintextSize) { |
1702 // This should never happen because the value decrypted correctly. | 1704 // This should never happen because the value decrypted correctly. |
1703 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; | 1705 LOG(DFATAL) << "Seemingly valid server nonce had incorrect length."; |
1704 return SERVER_NONCE_INVALID_FAILURE; | 1706 return SERVER_NONCE_INVALID_FAILURE; |
1705 } | 1707 } |
1706 | 1708 |
1707 uint8 server_nonce[32]; | 1709 uint8_t server_nonce[32]; |
1708 memcpy(server_nonce, plaintext.data(), 4); | 1710 memcpy(server_nonce, plaintext.data(), 4); |
1709 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); | 1711 memcpy(server_nonce + 4, server_nonce_orbit_, sizeof(server_nonce_orbit_)); |
1710 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, | 1712 memcpy(server_nonce + 4 + sizeof(server_nonce_orbit_), plaintext.data() + 4, |
1711 20); | 1713 20); |
1712 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), | 1714 static_assert(4 + sizeof(server_nonce_orbit_) + 20 == sizeof(server_nonce), |
1713 "bad nonce buffer length"); | 1715 "bad nonce buffer length"); |
1714 | 1716 |
1715 InsertStatus nonce_error; | 1717 InsertStatus nonce_error; |
1716 { | 1718 { |
1717 base::AutoLock auto_lock(server_nonce_strike_register_lock_); | 1719 base::AutoLock auto_lock(server_nonce_strike_register_lock_); |
1718 if (server_nonce_strike_register_.get() == nullptr) { | 1720 if (server_nonce_strike_register_.get() == nullptr) { |
1719 server_nonce_strike_register_.reset(new StrikeRegister( | 1721 server_nonce_strike_register_.reset(new StrikeRegister( |
1720 server_nonce_strike_register_max_entries_, | 1722 server_nonce_strike_register_max_entries_, |
1721 static_cast<uint32>(now.ToUNIXSeconds()), | 1723 static_cast<uint32_t>(now.ToUNIXSeconds()), |
1722 server_nonce_strike_register_window_secs_, server_nonce_orbit_, | 1724 server_nonce_strike_register_window_secs_, server_nonce_orbit_, |
1723 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); | 1725 StrikeRegister::NO_STARTUP_PERIOD_NEEDED)); |
1724 } | 1726 } |
1725 nonce_error = server_nonce_strike_register_->Insert( | 1727 nonce_error = server_nonce_strike_register_->Insert( |
1726 server_nonce, static_cast<uint32>(now.ToUNIXSeconds())); | 1728 server_nonce, static_cast<uint32_t>(now.ToUNIXSeconds())); |
1727 } | 1729 } |
1728 | 1730 |
1729 switch (nonce_error) { | 1731 switch (nonce_error) { |
1730 case NONCE_OK: | 1732 case NONCE_OK: |
1731 return HANDSHAKE_OK; | 1733 return HANDSHAKE_OK; |
1732 case NONCE_INVALID_FAILURE: | 1734 case NONCE_INVALID_FAILURE: |
1733 case NONCE_INVALID_ORBIT_FAILURE: | 1735 case NONCE_INVALID_ORBIT_FAILURE: |
1734 return SERVER_NONCE_INVALID_FAILURE; | 1736 return SERVER_NONCE_INVALID_FAILURE; |
1735 case NONCE_NOT_UNIQUE_FAILURE: | 1737 case NONCE_NOT_UNIQUE_FAILURE: |
1736 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | 1738 return SERVER_NONCE_NOT_UNIQUE_FAILURE; |
1737 case NONCE_INVALID_TIME_FAILURE: | 1739 case NONCE_INVALID_TIME_FAILURE: |
1738 return SERVER_NONCE_INVALID_TIME_FAILURE; | 1740 return SERVER_NONCE_INVALID_TIME_FAILURE; |
1739 case NONCE_UNKNOWN_FAILURE: | 1741 case NONCE_UNKNOWN_FAILURE: |
1740 case STRIKE_REGISTER_TIMEOUT: | 1742 case STRIKE_REGISTER_TIMEOUT: |
1741 case STRIKE_REGISTER_FAILURE: | 1743 case STRIKE_REGISTER_FAILURE: |
1742 default: | 1744 default: |
1743 LOG(DFATAL) << "Unexpected server nonce error: " << nonce_error; | 1745 LOG(DFATAL) << "Unexpected server nonce error: " << nonce_error; |
1744 return SERVER_NONCE_NOT_UNIQUE_FAILURE; | 1746 return SERVER_NONCE_NOT_UNIQUE_FAILURE; |
1745 } | 1747 } |
1746 } | 1748 } |
1747 | 1749 |
1748 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( | 1750 bool QuicCryptoServerConfig::ValidateExpectedLeafCertificate( |
1749 const CryptoHandshakeMessage& client_hello, | 1751 const CryptoHandshakeMessage& client_hello, |
1750 const QuicCryptoProof& crypto_proof) const { | 1752 const QuicCryptoProof& crypto_proof) const { |
1751 if (crypto_proof.certs->empty()) { | 1753 if (crypto_proof.certs->empty()) { |
1752 return false; | 1754 return false; |
1753 } | 1755 } |
1754 | 1756 |
1755 uint64 hash_from_client; | 1757 uint64_t hash_from_client; |
1756 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { | 1758 if (client_hello.GetUint64(kXLCT, &hash_from_client) != QUIC_NO_ERROR) { |
1757 return false; | 1759 return false; |
1758 } | 1760 } |
1759 return CryptoUtils::ComputeLeafCertHash(crypto_proof.certs->at(0)) == | 1761 return CryptoUtils::ComputeLeafCertHash(crypto_proof.certs->at(0)) == |
1760 hash_from_client; | 1762 hash_from_client; |
1761 } | 1763 } |
1762 | 1764 |
1763 void QuicCryptoServerConfig::ParseProofDemand( | 1765 void QuicCryptoServerConfig::ParseProofDemand( |
1764 const CryptoHandshakeMessage& client_hello, | 1766 const CryptoHandshakeMessage& client_hello, |
1765 bool* x509_supported, | 1767 bool* x509_supported, |
(...skipping 25 matching lines...) Expand all Loading... |
1791 is_primary(false), | 1793 is_primary(false), |
1792 primary_time(QuicWallTime::Zero()), | 1794 primary_time(QuicWallTime::Zero()), |
1793 priority(0), | 1795 priority(0), |
1794 source_address_token_boxer(nullptr) {} | 1796 source_address_token_boxer(nullptr) {} |
1795 | 1797 |
1796 QuicCryptoServerConfig::Config::~Config() { | 1798 QuicCryptoServerConfig::Config::~Config() { |
1797 STLDeleteElements(&key_exchanges); | 1799 STLDeleteElements(&key_exchanges); |
1798 } | 1800 } |
1799 | 1801 |
1800 } // namespace net | 1802 } // namespace net |
OLD | NEW |