OpenSSL/NSS implementation of ProofVerfifier.

net/quic/quic_crypto_client_stream.cc

Index: net/quic/quic_crypto_client_stream.cc
diff --git a/net/quic/quic_crypto_client_stream.cc b/net/quic/quic_crypto_client_stream.cc
index 674a441e7971a0b62e9c6ee49486139a489cfcbf..dbdeb40526932e7f5993c1dfb7d3b2de7d0fe222 100644
--- a/net/quic/quic_crypto_client_stream.cc
+++ b/net/quic/quic_crypto_client_stream.cc
@@ -4,6 +4,8 @@
 
 #include "net/quic/quic_crypto_client_stream.h"
 
+#include "net/base/completion_callback.h"
+#include "net/base/net_errors.h"
 #include "net/quic/crypto/crypto_protocol.h"
 #include "net/quic/crypto/crypto_utils.h"
 #include "net/quic/crypto/null_encrypter.h"
@@ -18,6 +20,7 @@ QuicCryptoClientStream::QuicCryptoClientStream(
     QuicSession* session,
     QuicCryptoClientConfig* crypto_config)
     : QuicCryptoStream(session),
+      weak_factory_(this),
       next_state_(STATE_IDLE),
       num_client_hellos_(0),
       crypto_config_(crypto_config),
@@ -29,12 +32,12 @@ QuicCryptoClientStream::~QuicCryptoClientStream() {
 
 void QuicCryptoClientStream::OnHandshakeMessage(
     const CryptoHandshakeMessage& message) {
-  DoHandshakeLoop(&message);
+  DoHandshakeLoop(&message, OK);
 }
 
 bool QuicCryptoClientStream::CryptoConnect() {
   next_state_ = STATE_SEND_CHLO;
-  DoHandshakeLoop(NULL);
+  DoHandshakeLoop(NULL, OK);
   return true;
 }
 
@@ -50,7 +53,8 @@ int QuicCryptoClientStream::num_sent_client_hellos() const {
 static const int kMaxClientHellos = 3;
 
 void QuicCryptoClientStream::DoHandshakeLoop(
-    const CryptoHandshakeMessage* in) {
+    const CryptoHandshakeMessage* in,
+    int result) {
   CryptoHandshakeMessage out;
   QuicErrorCode error;
   string error_details;
@@ -139,28 +143,40 @@ void QuicCryptoClientStream::DoHandshakeLoop(
           return;
         }
         if (!cached->proof_valid()) {
-          const ProofVerifier* verifier = crypto_config_->proof_verifier();
-          if (!verifier) {
-            // If no verifier is set then we don't check the certificates.
-            cached->SetProofValid();
-          } else if (!cached->signature().empty()) {
-            // TODO(rtenneti): In Chromium, we will need to make VerifyProof()
-            // asynchronous.
-            if (!verifier->VerifyProof(server_hostname_,
-                                       cached->server_config(),
-                                       cached->certs(),
-                                       cached->signature(),
-                                       &error_details)) {
-              CloseConnectionWithDetails(QUIC_PROOF_INVALID,
-                                         "Proof invalid: " + error_details);
-              return;
-            }
-            cached->SetProofValid();
+          ProofVerifier* verifier = crypto_config_->proof_verifier();
+          if (verifier && !cached->signature().empty()) {
+            next_state_ = STATE_PROOF_VERIFY;
+            continue;
           }
         }
+        next_state_ = STATE_PROOF_VERIFICATION_COMPLETED;
+        break;
+      case STATE_PROOF_VERIFY: {
+        ProofVerifier* verifier = crypto_config_->proof_verifier();
+        result = verifier->VerifyProof(
+            server_hostname_,
+            cached->server_config(),
+            cached->certs(),
+            cached->signature(),
+            base::Bind(&QuicCryptoClientStream::VerifyProofCompleted,
+                       weak_factory_.GetWeakPtr()));
+        if (result == ERR_IO_PENDING) {
+          DVLOG(1) << "Doing VerifyProof";
+          return;
+        }
+        next_state_ = STATE_PROOF_VERIFICATION_COMPLETED;

[agl, 2013/07/01 16:23:18]

This needs to be STATE_PROOF_VERIFY I think, and that would mean that result
needs to be checked on entry to STATE_PROOF_VERIFY.

(Because the cached->SetProofValid must correspond to the cached->certs() given
to VerifyProof, and cached->certs() may have changed between STATE_PROOF_VERIFY
and STATE_PROOF_VERIFICATION_COMPLETED.)

That also means that VerifyProof must not return ERR_IO_PENDING if asked the
same question twice. If that's not possible then the cache could be implemented
here by adding a generation counter to CachedState and remembering which
generation was verified.

[ramant (doing other things), 2013/07/02 14:19:50]

Implemented generation_counter.

Didn't change the next_state_. Got the error_details from ProofVerifier for
synchronous and asynchronous calls. Kept the error_details in ProofVerifier
(from ownership point of view). Another choice is to store it in session().

Done.

+        break;
+      }
+      case STATE_PROOF_VERIFICATION_COMPLETED:
+        if (result != OK) {
+          error_details = crypto_config_->proof_verifier()->error_details();
+          CloseConnectionWithDetails(QUIC_PROOF_INVALID,
+                                     "Proof invalid: " + error_details);
+          return;
+        }
+        cached->SetProofValid();
         // Send the subsequent client hello in plaintext.
-        session()->connection()->SetDefaultEncryptionLevel(
-            ENCRYPTION_NONE);
+        session()->connection()->SetDefaultEncryptionLevel(ENCRYPTION_NONE);
         next_state_ = STATE_SEND_CHLO;
         break;
       case STATE_RECV_SHLO: {
@@ -232,4 +248,9 @@ void QuicCryptoClientStream::DoHandshakeLoop(
   }
 }
 
+void QuicCryptoClientStream::VerifyProofCompleted(int result) {
+  DVLOG(1) << "VerifyProof completed: " << result;
+  DoHandshakeLoop(NULL, result);
+}
+
 }  // namespace net