OLD | NEW |
---|---|
1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. | 1 // Copyright (c) 2012 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #include "net/quic/quic_crypto_client_stream.h" | 5 #include "net/quic/quic_crypto_client_stream.h" |
6 | 6 |
7 #include "net/base/completion_callback.h" | |
8 #include "net/base/net_errors.h" | |
7 #include "net/quic/crypto/crypto_protocol.h" | 9 #include "net/quic/crypto/crypto_protocol.h" |
8 #include "net/quic/crypto/crypto_utils.h" | 10 #include "net/quic/crypto/crypto_utils.h" |
9 #include "net/quic/crypto/null_encrypter.h" | 11 #include "net/quic/crypto/null_encrypter.h" |
10 #include "net/quic/crypto/proof_verifier.h" | 12 #include "net/quic/crypto/proof_verifier.h" |
11 #include "net/quic/quic_protocol.h" | 13 #include "net/quic/quic_protocol.h" |
12 #include "net/quic/quic_session.h" | 14 #include "net/quic/quic_session.h" |
13 | 15 |
14 namespace net { | 16 namespace net { |
15 | 17 |
16 QuicCryptoClientStream::QuicCryptoClientStream( | 18 QuicCryptoClientStream::QuicCryptoClientStream( |
(...skipping 115 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
132 return; | 134 return; |
133 } | 135 } |
134 error = crypto_config_->ProcessRejection( | 136 error = crypto_config_->ProcessRejection( |
135 cached, *in, session()->connection()->clock()->WallNow(), | 137 cached, *in, session()->connection()->clock()->WallNow(), |
136 &crypto_negotiated_params_, &error_details); | 138 &crypto_negotiated_params_, &error_details); |
137 if (error != QUIC_NO_ERROR) { | 139 if (error != QUIC_NO_ERROR) { |
138 CloseConnectionWithDetails(error, error_details); | 140 CloseConnectionWithDetails(error, error_details); |
139 return; | 141 return; |
140 } | 142 } |
141 if (!cached->proof_valid()) { | 143 if (!cached->proof_valid()) { |
142 const ProofVerifier* verifier = crypto_config_->proof_verifier(); | 144 ProofVerifier* verifier = crypto_config_->proof_verifier(); |
143 if (!verifier) { | 145 if (!verifier) { |
144 // If no verifier is set then we don't check the certificates. | 146 // If no verifier is set then we don't check the certificates. |
145 cached->SetProofValid(); | 147 cached->SetProofValid(); |
146 } else if (!cached->signature().empty()) { | 148 } else if (!cached->signature().empty()) { |
147 // TODO(rtenneti): In Chromium, we will need to make VerifyProof() | 149 // TODO(rtenneti): In Chromium, we will need to make VerifyProof() |
148 // asynchronous. | 150 // asynchronous. |
wtc
2013/06/24 22:36:56
Delete this TODO comment because it's done.
ramant (doing other things)
2013/06/28 19:16:56
Done.
| |
149 if (!verifier->VerifyProof(server_hostname_, | 151 int rv = verifier->VerifyProof( |
150 cached->server_config(), | 152 server_hostname_, |
151 cached->certs(), | 153 cached->server_config(), |
152 cached->signature(), | 154 cached->certs(), |
153 &error_details)) { | 155 cached->signature(), |
154 CloseConnectionWithDetails(QUIC_PROOF_INVALID, | 156 base::Bind(&QuicCryptoClientStream::VerifyProofCompleted, |
155 "Proof invalid: " + error_details); | 157 base::Unretained(this)), |
156 return; | 158 &error_details); |
wtc
2013/06/24 22:36:56
Ideally we should set next_state_ to a state that
ramant (doing other things)
2013/06/28 19:16:56
Done.
| |
159 if (rv == ERR_IO_PENDING) { | |
160 DVLOG(1) << "Doing VerifyProof"; | |
161 break; | |
162 } else { | |
wtc
2013/06/24 22:36:56
Nit: omit the "else" after a break statement.
ramant (doing other things)
2013/06/28 19:16:56
Done.
| |
163 if (rv != OK) { | |
164 CloseConnectionWithDetails(QUIC_PROOF_INVALID, | |
165 "Proof invalid: " + error_details); | |
166 return; | |
167 } | |
168 cached->SetProofValid(); | |
157 } | 169 } |
158 cached->SetProofValid(); | |
159 } | 170 } |
160 } | 171 } |
161 // Send the subsequent client hello in plaintext. | 172 // Send the subsequent client hello in plaintext. |
162 session()->connection()->SetDefaultEncryptionLevel( | 173 session()->connection()->SetDefaultEncryptionLevel( |
163 ENCRYPTION_NONE); | 174 ENCRYPTION_NONE); |
164 next_state_ = STATE_SEND_CHLO; | 175 next_state_ = STATE_SEND_CHLO; |
wtc
2013/06/24 22:36:56
It is possible to use additional states to avoid d
ramant (doing other things)
2013/06/28 19:16:56
Done.
| |
165 break; | 176 break; |
177 case STATE_PROOF_VERIFICATION_COMPLETED: | |
178 cached->SetProofValid(); | |
179 // Send the subsequent client hello in plaintext. | |
180 session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE); | |
181 next_state_ = STATE_SEND_CHLO; | |
182 break; | |
166 case STATE_RECV_SHLO: { | 183 case STATE_RECV_SHLO: { |
167 // We sent a CHLO that we expected to be accepted and now we're hoping | 184 // We sent a CHLO that we expected to be accepted and now we're hoping |
168 // for a SHLO from the server to confirm that. | 185 // for a SHLO from the server to confirm that. |
169 if (in->tag() == kREJ) { | 186 if (in->tag() == kREJ) { |
170 // alternative_decrypter will be NULL if the original alternative | 187 // alternative_decrypter will be NULL if the original alternative |
171 // decrypter latched and became the primary decrypter. That happens | 188 // decrypter latched and became the primary decrypter. That happens |
172 // if we received a message encrypted with the INITIAL key. | 189 // if we received a message encrypted with the INITIAL key. |
173 if (session()->connection()->alternative_decrypter() == NULL) { | 190 if (session()->connection()->alternative_decrypter() == NULL) { |
174 // The rejection was sent encrypted! | 191 // The rejection was sent encrypted! |
175 CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT, | 192 CloseConnectionWithDetails(QUIC_CRYPTO_ENCRYPTION_LEVEL_INCORRECT, |
(...skipping 49 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... | |
225 return; | 242 return; |
226 } | 243 } |
227 case STATE_IDLE: | 244 case STATE_IDLE: |
228 // This means that the peer sent us a message that we weren't expecting. | 245 // This means that the peer sent us a message that we weren't expecting. |
229 CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE); | 246 CloseConnection(QUIC_INVALID_CRYPTO_MESSAGE_TYPE); |
230 return; | 247 return; |
231 } | 248 } |
232 } | 249 } |
233 } | 250 } |
234 | 251 |
252 void QuicCryptoClientStream::VerifyProofCompleted(int result) { | |
253 if (result != OK) { | |
254 CloseConnectionWithDetails(QUIC_PROOF_INVALID, "Proof invalid:"); | |
wtc
2013/06/24 22:36:56
The error_details string is incomplete: "Proof inv
ramant (doing other things)
2013/06/28 19:16:56
Done.
| |
255 return; | |
256 } | |
257 next_state_ = STATE_PROOF_VERIFICATION_COMPLETED; | |
258 DoHandshakeLoop(NULL); | |
259 } | |
260 | |
235 } // namespace net | 261 } // namespace net |
OLD | NEW |