Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(172)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/quic_crypto_server_config.cc

Issue 1569853005: relnote: Require QUIC handshakes to require either a valid server nonce or a remote strike register. (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@02_CL_111655037
Patch Set: rebase after remove 111628983 Created 4 years, 11 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright 2013 The Chromium Authors. All rights reserved. 1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #include "net/quic/crypto/quic_crypto_server_config.h" 5 #include "net/quic/crypto/quic_crypto_server_config.h"
6 6
7 #include <stdlib.h> 7 #include <stdlib.h>
8 8
9 #include <algorithm> 9 #include <algorithm>
10 10
(...skipping 1124 matching lines...) Expand 10 before | Expand all | Expand 10 after
1135 helper.ValidationComplete(QUIC_NO_ERROR, ""); 1135 helper.ValidationComplete(QUIC_NO_ERROR, "");
1136 return; 1136 return;
1137 } 1137 }
1138 1138
1139 // Use the client nonce to establish uniqueness. 1139 // Use the client nonce to establish uniqueness.
1140 StrikeRegisterClient* strike_register_client; 1140 StrikeRegisterClient* strike_register_client;
1141 { 1141 {
1142 base::AutoLock locked(strike_register_client_lock_); 1142 base::AutoLock locked(strike_register_client_lock_);
1143 1143
1144 if (strike_register_client_.get() == nullptr) { 1144 if (strike_register_client_.get() == nullptr) {
1145 strike_register_client_.reset(new LocalStrikeRegisterClient( 1145 if (!FLAGS_require_strike_register_or_server_nonce) {
1146 strike_register_max_entries_, 1146 strike_register_client_.reset(new LocalStrikeRegisterClient(
1147 static_cast<uint32_t>(info->now.ToUNIXSeconds()), 1147 strike_register_max_entries_,
1148 strike_register_window_secs_, primary_orbit, 1148 static_cast<uint32_t>(info->now.ToUNIXSeconds()),
1149 strike_register_no_startup_period_ 1149 strike_register_window_secs_, primary_orbit,
1150 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED 1150 strike_register_no_startup_period_
1151 : StrikeRegister::DENY_REQUESTS_AT_STARTUP)); 1151 ? StrikeRegister::NO_STARTUP_PERIOD_NEEDED
1152 : StrikeRegister::DENY_REQUESTS_AT_STARTUP));
1153 }
1152 } 1154 }
1153 strike_register_client = strike_register_client_.get(); 1155 strike_register_client = strike_register_client_.get();
1154 } 1156 }
1155 1157
1158 if (!strike_register_client) {
1159 // Either a valid server nonces or a strike register is required.
1160 // Since neither are present, reject the handshake which will send a
1161 // server nonce to the client.
1162 info->reject_reasons.push_back(SERVER_NONCE_REQUIRED_FAILURE);
1163 helper.ValidationComplete(QUIC_NO_ERROR, "");
1164 return;
1165 }
1166
1156 strike_register_client->VerifyNonceIsValidAndUnique( 1167 strike_register_client->VerifyNonceIsValidAndUnique(
1157 info->client_nonce, info->now, 1168 info->client_nonce, info->now,
1158 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb)); 1169 new VerifyNonceIsValidAndUniqueCallback(client_hello_state, done_cb));
1159 helper.StartedAsyncCallback(); 1170 helper.StartedAsyncCallback();
1160 } 1171 }
1161 1172
1162 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage( 1173 bool QuicCryptoServerConfig::BuildServerConfigUpdateMessage(
1163 QuicVersion version, 1174 QuicVersion version,
1164 const SourceAddressTokens& previous_source_address_tokens, 1175 const SourceAddressTokens& previous_source_address_tokens,
1165 const IPAddressNumber& server_ip, 1176 const IPAddressNumber& server_ip,
(...skipping 627 matching lines...) Expand 10 before | Expand all | Expand 10 after
1793 is_primary(false), 1804 is_primary(false),
1794 primary_time(QuicWallTime::Zero()), 1805 primary_time(QuicWallTime::Zero()),
1795 priority(0), 1806 priority(0),
1796 source_address_token_boxer(nullptr) {} 1807 source_address_token_boxer(nullptr) {}
1797 1808
1798 QuicCryptoServerConfig::Config::~Config() { 1809 QuicCryptoServerConfig::Config::~Config() {
1799 STLDeleteElements(&key_exchanges); 1810 STLDeleteElements(&key_exchanges);
1800 } 1811 }
1801 1812
1802 } // namespace net 1813 } // namespace net
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_server_test.cc ('k') | net/quic/quic_crypto_server_stream_test.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698