| OLD | NEW |
|---|
| 1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
| 2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
| 3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
| 4 | 4 |
| 5 #include "net/quic/crypto/quic_crypto_server_config.h" | 5 #include "net/quic/crypto/quic_crypto_server_config.h" |
| 6 | 6 |
| 7 #include <stdlib.h> | 7 #include <stdlib.h> |
| 8 | 8 |
| 9 #include <algorithm> | 9 #include <algorithm> |
| 10 | 10 |
| (...skipping 207 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 218 proof_source_(proof_source), | 218 proof_source_(proof_source), |
| 219 strike_register_no_startup_period_(false), | 219 strike_register_no_startup_period_(false), |
| 220 strike_register_max_entries_(1 << 10), | 220 strike_register_max_entries_(1 << 10), |
| 221 strike_register_window_secs_(600), | 221 strike_register_window_secs_(600), |
| 222 source_address_token_future_secs_(3600), | 222 source_address_token_future_secs_(3600), |
| 223 source_address_token_lifetime_secs_(86400), | 223 source_address_token_lifetime_secs_(86400), |
| 224 server_nonce_strike_register_max_entries_(1 << 10), | 224 server_nonce_strike_register_max_entries_(1 << 10), |
| 225 server_nonce_strike_register_window_secs_(120), | 225 server_nonce_strike_register_window_secs_(120), |
| 226 enable_serving_sct_(false) { | 226 enable_serving_sct_(false) { |
| 227 DCHECK(proof_source_.get()); | 227 DCHECK(proof_source_.get()); |
| 228 default_source_address_token_boxer_.SetKey( | 228 default_source_address_token_boxer_.SetKeys( |
| 229 DeriveSourceAddressTokenKey(source_address_token_secret)); | 229 {DeriveSourceAddressTokenKey(source_address_token_secret)}); |
| 230 | 230 |
| 231 // Generate a random key and orbit for server nonces. | 231 // Generate a random key and orbit for server nonces. |
| 232 server_nonce_entropy->RandBytes(server_nonce_orbit_, | 232 server_nonce_entropy->RandBytes(server_nonce_orbit_, |
| 233 sizeof(server_nonce_orbit_)); | 233 sizeof(server_nonce_orbit_)); |
| 234 const size_t key_size = server_nonce_boxer_.GetKeySize(); | 234 const size_t key_size = server_nonce_boxer_.GetKeySize(); |
| 235 scoped_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]); | 235 scoped_ptr<uint8_t[]> key_bytes(new uint8_t[key_size]); |
| 236 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); | 236 server_nonce_entropy->RandBytes(key_bytes.get(), key_size); |
| 237 | 237 |
| 238 server_nonce_boxer_.SetKey( | 238 server_nonce_boxer_.SetKeys( |
| 239 StringPiece(reinterpret_cast<char*>(key_bytes.get()), key_size)); | 239 {string(reinterpret_cast<char*>(key_bytes.get()), key_size)}); |
| 240 } | 240 } |
| 241 | 241 |
| 242 QuicCryptoServerConfig::~QuicCryptoServerConfig() { | 242 QuicCryptoServerConfig::~QuicCryptoServerConfig() { |
| 243 primary_config_ = nullptr; | 243 primary_config_ = nullptr; |
| 244 } | 244 } |
| 245 | 245 |
| 246 // static | 246 // static |
| 247 QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig( | 247 QuicServerConfigProtobuf* QuicCryptoServerConfig::GenerateConfig( |
| 248 QuicRandom* rand, | 248 QuicRandom* rand, |
| 249 const QuicClock* clock, | 249 const QuicClock* clock, |
| (...skipping 223 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 473 | 473 |
| 474 configs_.swap(new_configs); | 474 configs_.swap(new_configs); |
| 475 SelectNewPrimaryConfig(now); | 475 SelectNewPrimaryConfig(now); |
| 476 DCHECK(primary_config_.get()); | 476 DCHECK(primary_config_.get()); |
| 477 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); | 477 DCHECK_EQ(configs_.find(primary_config_->id)->second, primary_config_); |
| 478 } | 478 } |
| 479 | 479 |
| 480 return ok; | 480 return ok; |
| 481 } | 481 } |
| 482 | 482 |
| 483 void QuicCryptoServerConfig::SetDefaultSourceAddressTokenKeys( |
| 484 const vector<string>& keys) { |
| 485 default_source_address_token_boxer_.SetKeys(keys); |
| 486 } |
| 487 |
| 483 void QuicCryptoServerConfig::GetConfigIds(vector<string>* scids) const { | 488 void QuicCryptoServerConfig::GetConfigIds(vector<string>* scids) const { |
| 484 base::AutoLock locked(configs_lock_); | 489 base::AutoLock locked(configs_lock_); |
| 485 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end(); | 490 for (ConfigMap::const_iterator it = configs_.begin(); it != configs_.end(); |
| 486 ++it) { | 491 ++it) { |
| 487 scids->push_back(it->first); | 492 scids->push_back(it->first); |
| 488 } | 493 } |
| 489 } | 494 } |
| 490 | 495 |
| 491 void QuicCryptoServerConfig::ValidateClientHello( | 496 void QuicCryptoServerConfig::ValidateClientHello( |
| 492 const CryptoHandshakeMessage& client_hello, | 497 const CryptoHandshakeMessage& client_hello, |
| (...skipping 835 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1328 | 1333 |
| 1329 scoped_refptr<Config> config(new Config); | 1334 scoped_refptr<Config> config(new Config); |
| 1330 config->serialized = protobuf->config(); | 1335 config->serialized = protobuf->config(); |
| 1331 | 1336 |
| 1332 if (!protobuf->has_source_address_token_secret_override()) { | 1337 if (!protobuf->has_source_address_token_secret_override()) { |
| 1333 // Use the default boxer. | 1338 // Use the default boxer. |
| 1334 config->source_address_token_boxer = &default_source_address_token_boxer_; | 1339 config->source_address_token_boxer = &default_source_address_token_boxer_; |
| 1335 } else { | 1340 } else { |
| 1336 // Create override boxer instance. | 1341 // Create override boxer instance. |
| 1337 CryptoSecretBoxer* boxer = new CryptoSecretBoxer; | 1342 CryptoSecretBoxer* boxer = new CryptoSecretBoxer; |
| 1338 boxer->SetKey(DeriveSourceAddressTokenKey( | 1343 boxer->SetKeys({DeriveSourceAddressTokenKey( |
| 1339 protobuf->source_address_token_secret_override())); | 1344 protobuf->source_address_token_secret_override())}); |
| 1340 config->source_address_token_boxer_storage.reset(boxer); | 1345 config->source_address_token_boxer_storage.reset(boxer); |
| 1341 config->source_address_token_boxer = boxer; | 1346 config->source_address_token_boxer = boxer; |
| 1342 } | 1347 } |
| 1343 | 1348 |
| 1344 if (protobuf->has_primary_time()) { | 1349 if (protobuf->has_primary_time()) { |
| 1345 config->primary_time = | 1350 config->primary_time = |
| 1346 QuicWallTime::FromUNIXSeconds(protobuf->primary_time()); | 1351 QuicWallTime::FromUNIXSeconds(protobuf->primary_time()); |
| 1347 } | 1352 } |
| 1348 | 1353 |
| 1349 config->priority = protobuf->priority(); | 1354 config->priority = protobuf->priority(); |
| (...skipping 465 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 1815 priority(0), | 1820 priority(0), |
| 1816 source_address_token_boxer(nullptr) {} | 1821 source_address_token_boxer(nullptr) {} |
| 1817 | 1822 |
| 1818 QuicCryptoServerConfig::Config::~Config() { | 1823 QuicCryptoServerConfig::Config::~Config() { |
| 1819 STLDeleteElements(&key_exchanges); | 1824 STLDeleteElements(&key_exchanges); |
| 1820 } | 1825 } |
| 1821 | 1826 |
| 1822 QuicCryptoProof::QuicCryptoProof() {} | 1827 QuicCryptoProof::QuicCryptoProof() {} |
| 1823 QuicCryptoProof::~QuicCryptoProof() {} | 1828 QuicCryptoProof::~QuicCryptoProof() {} |
| 1824 } // namespace net | 1829 } // namespace net |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 1715593002:
QUIC: obtain source address token keys from internal key server. (Closed)
Base URL: https://chromium.googlesource.com/chromium/src.git@114217654