Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(71)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/quic/crypto/proof_source.h

Issue 1765603002: Add QUIC 31 in which the server's proof covers both the static server config as well as a hash of t… (Closed) Base URL: https://chromium.googlesource.com/chromium/src.git@master
Patch Set: Rebase Created 4 years, 9 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch
« no previous file with comments | « net/quic/crypto/crypto_utils.cc ('k') | net/quic/crypto/proof_source_chromium.h » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2013 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 5 #ifndef NET_QUIC_CRYPTO_PROOF_SOURCE_H_
6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 6 #define NET_QUIC_CRYPTO_PROOF_SOURCE_H_
7 7
8 #include <string> 8 #include <string>
9 #include <vector> 9 #include <vector>
10 10
11 #include "base/memory/ref_counted.h" 11 #include "base/memory/ref_counted.h"
12 #include "net/base/net_export.h" 12 #include "net/base/net_export.h"
13 #include "net/quic/quic_protocol.h"
13 14
14 namespace net { 15 namespace net {
15 16
16 class IPAddress; 17 class IPAddress;
17 18
18 // ProofSource is an interface by which a QUIC server can obtain certificate 19 // ProofSource is an interface by which a QUIC server can obtain certificate
19 // chains and signatures that prove its identity. 20 // chains and signatures that prove its identity.
20 class NET_EXPORT_PRIVATE ProofSource { 21 class NET_EXPORT_PRIVATE ProofSource {
21 public: 22 public:
22 // Chain is a reference-counted wrapper for a std::vector of std::stringified 23 // Chain is a reference-counted wrapper for a std::vector of std::stringified
(...skipping 25 matching lines...) Expand all
48 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the 49 // If |ecdsa_ok| is true, the signature may use an ECDSA key. Otherwise, the
49 // signature must use an RSA key. 50 // signature must use an RSA key.
50 // 51 //
51 // |out_chain| is reference counted to avoid the (assumed) expense of copying 52 // |out_chain| is reference counted to avoid the (assumed) expense of copying
52 // out the certificates. 53 // out the certificates.
53 // 54 //
54 // The number of certificate chains is expected to be small and fixed thus 55 // The number of certificate chains is expected to be small and fixed thus
55 // the ProofSource retains ownership of the contents of |out_certs|. The 56 // the ProofSource retains ownership of the contents of |out_certs|. The
56 // expectation is that they will be cached forever. 57 // expectation is that they will be cached forever.
57 // 58 //
58 // The signature values should be cached because |server_config| will be 59 // For version before QUIC_VERSION_30, the signature values should be cached
59 // somewhat static. However, since they aren't bounded, the ProofSource may 60 // because |server_config| will be somewhat static. However, since they aren't
60 // wish to evicit entries from that cache, thus the caller takes ownership of 61 // bounded, the ProofSource may wish to evicit entries from that cache, thus
61 // |*out_signature|. 62 // the caller takes ownership of |*out_signature|.
63 //
64 // For QUIC_VERSION_30 and later, the signature depends on |chlo_hash|
65 // which means that the signature can not be cached. The caller takes
66 // ownership of |*out_signature|.
62 // 67 //
63 // |hostname| may be empty to signify that a default certificate should be 68 // |hostname| may be empty to signify that a default certificate should be
64 // used. 69 // used.
65 // 70 //
66 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf 71 // |out_leaf_cert_sct| points to the signed timestamp (RFC6962) of the leaf
67 // cert. 72 // cert.
68 // This function may be called concurrently. 73 // This function may be called concurrently.
69 virtual bool GetProof(const IPAddress& server_ip, 74 virtual bool GetProof(const IPAddress& server_ip,
70 const std::string& hostname, 75 const std::string& hostname,
71 const std::string& server_config, 76 const std::string& server_config,
77 QuicVersion quic_version,
78 base::StringPiece chlo_hash,
72 bool ecdsa_ok, 79 bool ecdsa_ok,
73 scoped_refptr<Chain>* out_chain, 80 scoped_refptr<Chain>* out_chain,
74 std::string* out_signature, 81 std::string* out_signature,
75 std::string* out_leaf_cert_sct) = 0; 82 std::string* out_leaf_cert_sct) = 0;
76 }; 83 };
77 84
78 } // namespace net 85 } // namespace net
79 86
80 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_ 87 #endif // NET_QUIC_CRYPTO_PROOF_SOURCE_H_
OLDNEW
« no previous file with comments | « net/quic/crypto/crypto_utils.cc ('k') | net/quic/crypto/proof_source_chromium.h » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698