OLD | NEW |
1 // Copyright 2013 The Chromium Authors. All rights reserved. | 1 // Copyright 2013 The Chromium Authors. All rights reserved. |
2 // Use of this source code is governed by a BSD-style license that can be | 2 // Use of this source code is governed by a BSD-style license that can be |
3 // found in the LICENSE file. | 3 // found in the LICENSE file. |
4 | 4 |
5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ | 5 #ifndef NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ |
6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ | 6 #define NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ |
7 | 7 |
8 #include <stdint.h> | 8 #include <stdint.h> |
9 | 9 |
10 #include <map> | 10 #include <map> |
(...skipping 68 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
79 ServerConfigState SetServerConfig(base::StringPiece server_config, | 79 ServerConfigState SetServerConfig(base::StringPiece server_config, |
80 QuicWallTime now, | 80 QuicWallTime now, |
81 std::string* error_details); | 81 std::string* error_details); |
82 | 82 |
83 // InvalidateServerConfig clears the cached server config (if any). | 83 // InvalidateServerConfig clears the cached server config (if any). |
84 void InvalidateServerConfig(); | 84 void InvalidateServerConfig(); |
85 | 85 |
86 // SetProof stores a certificate chain and signature. | 86 // SetProof stores a certificate chain and signature. |
87 void SetProof(const std::vector<std::string>& certs, | 87 void SetProof(const std::vector<std::string>& certs, |
88 base::StringPiece cert_sct, | 88 base::StringPiece cert_sct, |
| 89 base::StringPiece chlo_hash, |
89 base::StringPiece signature); | 90 base::StringPiece signature); |
90 | 91 |
91 // Clears all the data. | 92 // Clears all the data. |
92 void Clear(); | 93 void Clear(); |
93 | 94 |
94 // Clears the certificate chain and signature and invalidates the proof. | 95 // Clears the certificate chain and signature and invalidates the proof. |
95 void ClearProof(); | 96 void ClearProof(); |
96 | 97 |
97 // SetProofValid records that the certificate chain and signature have been | 98 // SetProofValid records that the certificate chain and signature have been |
98 // validated and that it's safe to assume that the server is legitimate. | 99 // validated and that it's safe to assume that the server is legitimate. |
99 // (Note: this does not check the chain or signature.) | 100 // (Note: this does not check the chain or signature.) |
100 void SetProofValid(); | 101 void SetProofValid(); |
101 | 102 |
102 // If the server config or the proof has changed then it needs to be | 103 // If the server config or the proof has changed then it needs to be |
103 // revalidated. Helper function to keep server_config_valid_ and | 104 // revalidated. Helper function to keep server_config_valid_ and |
104 // generation_counter_ in sync. | 105 // generation_counter_ in sync. |
105 void SetProofInvalid(); | 106 void SetProofInvalid(); |
106 | 107 |
107 const std::string& server_config() const; | 108 const std::string& server_config() const; |
108 const std::string& source_address_token() const; | 109 const std::string& source_address_token() const; |
109 const std::vector<std::string>& certs() const; | 110 const std::vector<std::string>& certs() const; |
110 const std::string& cert_sct() const; | 111 const std::string& cert_sct() const; |
| 112 const std::string& chlo_hash() const; |
111 const std::string& signature() const; | 113 const std::string& signature() const; |
112 bool proof_valid() const; | 114 bool proof_valid() const; |
113 uint64_t generation_counter() const; | 115 uint64_t generation_counter() const; |
114 const ProofVerifyDetails* proof_verify_details() const; | 116 const ProofVerifyDetails* proof_verify_details() const; |
115 | 117 |
116 void set_source_address_token(base::StringPiece token); | 118 void set_source_address_token(base::StringPiece token); |
117 | 119 |
118 void set_cert_sct(base::StringPiece cert_sct); | 120 void set_cert_sct(base::StringPiece cert_sct); |
119 | 121 |
120 // Adds the connection ID to the queue of server-designated connection-ids. | 122 // Adds the connection ID to the queue of server-designated connection-ids. |
(...skipping 30 matching lines...) Expand all Loading... |
151 // |generation_counter_|, |proof_verify_details_|, and |scfg_| remain | 153 // |generation_counter_|, |proof_verify_details_|, and |scfg_| remain |
152 // unchanged. | 154 // unchanged. |
153 void InitializeFrom(const CachedState& other); | 155 void InitializeFrom(const CachedState& other); |
154 | 156 |
155 // Initializes this cached state based on the arguments provided. | 157 // Initializes this cached state based on the arguments provided. |
156 // Returns false if there is a problem parsing the server config. | 158 // Returns false if there is a problem parsing the server config. |
157 bool Initialize(base::StringPiece server_config, | 159 bool Initialize(base::StringPiece server_config, |
158 base::StringPiece source_address_token, | 160 base::StringPiece source_address_token, |
159 const std::vector<std::string>& certs, | 161 const std::vector<std::string>& certs, |
160 const std::string& cert_sct, | 162 const std::string& cert_sct, |
| 163 base::StringPiece chlo_hash, |
161 base::StringPiece signature, | 164 base::StringPiece signature, |
162 QuicWallTime now); | 165 QuicWallTime now); |
163 | 166 |
164 private: | 167 private: |
165 std::string server_config_; // A serialized handshake message. | 168 std::string server_config_; // A serialized handshake message. |
166 std::string source_address_token_; // An opaque proof of IP ownership. | 169 std::string source_address_token_; // An opaque proof of IP ownership. |
167 std::vector<std::string> certs_; // A list of certificates in leaf-first | 170 std::vector<std::string> certs_; // A list of certificates in leaf-first |
168 // order. | 171 // order. |
169 std::string cert_sct_; // Signed timestamp of the leaf cert. | 172 std::string cert_sct_; // Signed timestamp of the leaf cert. |
| 173 std::string chlo_hash_; // Hash of the CHLO message. |
170 std::string server_config_sig_; // A signature of |server_config_|. | 174 std::string server_config_sig_; // A signature of |server_config_|. |
171 bool server_config_valid_; // True if |server_config_| is correctly | 175 bool server_config_valid_; // True if |server_config_| is correctly |
172 // signed and |certs_| has been | 176 // signed and |certs_| has been |
173 // validated. | 177 // validated. |
174 // Generation counter associated with the |server_config_|, |certs_| and | 178 // Generation counter associated with the |server_config_|, |certs_| and |
175 // |server_config_sig_| combination. It is incremented whenever we set | 179 // |server_config_sig_| combination. It is incremented whenever we set |
176 // server_config_valid_ to false. | 180 // server_config_valid_ to false. |
177 uint64_t generation_counter_; | 181 uint64_t generation_counter_; |
178 | 182 |
179 scoped_ptr<ProofVerifyDetails> proof_verify_details_; | 183 scoped_ptr<ProofVerifyDetails> proof_verify_details_; |
(...skipping 61 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
241 | 245 |
242 // ProcessRejection processes a REJ message from a server and updates the | 246 // ProcessRejection processes a REJ message from a server and updates the |
243 // cached information about that server. After this, |IsComplete| may return | 247 // cached information about that server. After this, |IsComplete| may return |
244 // true for that server's CachedState. If the rejection message contains state | 248 // true for that server's CachedState. If the rejection message contains state |
245 // about a future handshake (i.e. an nonce value from the server), then it | 249 // about a future handshake (i.e. an nonce value from the server), then it |
246 // will be saved in |out_params|. |now| is used to judge whether the server | 250 // will be saved in |out_params|. |now| is used to judge whether the server |
247 // config in the rejection message has expired. | 251 // config in the rejection message has expired. |
248 QuicErrorCode ProcessRejection(const CryptoHandshakeMessage& rej, | 252 QuicErrorCode ProcessRejection(const CryptoHandshakeMessage& rej, |
249 QuicWallTime now, | 253 QuicWallTime now, |
250 QuicVersion version, | 254 QuicVersion version, |
| 255 base::StringPiece chlo_hash, |
251 CachedState* cached, | 256 CachedState* cached, |
252 QuicCryptoNegotiatedParameters* out_params, | 257 QuicCryptoNegotiatedParameters* out_params, |
253 std::string* error_details); | 258 std::string* error_details); |
254 | 259 |
255 // ProcessServerHello processes the message in |server_hello|, updates the | 260 // ProcessServerHello processes the message in |server_hello|, updates the |
256 // cached information about that server, writes the negotiated parameters to | 261 // cached information about that server, writes the negotiated parameters to |
257 // |out_params| and returns QUIC_NO_ERROR. If |server_hello| is unacceptable | 262 // |out_params| and returns QUIC_NO_ERROR. If |server_hello| is unacceptable |
258 // then it puts an error message in |error_details| and returns an error | 263 // then it puts an error message in |error_details| and returns an error |
259 // code. |version| is the QUIC version for the current connection. | 264 // code. |version| is the QUIC version for the current connection. |
260 // |negotiated_versions| contains the list of version, if any, that were | 265 // |negotiated_versions| contains the list of version, if any, that were |
(...skipping 10 matching lines...) Expand all Loading... |
271 | 276 |
272 // Processes the message in |server_update|, updating the cached source | 277 // Processes the message in |server_update|, updating the cached source |
273 // address token, and server config. | 278 // address token, and server config. |
274 // If |server_update| is invalid then |error_details| will contain an error | 279 // If |server_update| is invalid then |error_details| will contain an error |
275 // message, and an error code will be returned. If all has gone well | 280 // message, and an error code will be returned. If all has gone well |
276 // QUIC_NO_ERROR is returned. | 281 // QUIC_NO_ERROR is returned. |
277 QuicErrorCode ProcessServerConfigUpdate( | 282 QuicErrorCode ProcessServerConfigUpdate( |
278 const CryptoHandshakeMessage& server_update, | 283 const CryptoHandshakeMessage& server_update, |
279 QuicWallTime now, | 284 QuicWallTime now, |
280 const QuicVersion version, | 285 const QuicVersion version, |
| 286 base::StringPiece chlo_hash, |
281 CachedState* cached, | 287 CachedState* cached, |
282 QuicCryptoNegotiatedParameters* out_params, | 288 QuicCryptoNegotiatedParameters* out_params, |
283 std::string* error_details); | 289 std::string* error_details); |
284 | 290 |
285 ProofVerifier* proof_verifier() const; | 291 ProofVerifier* proof_verifier() const; |
286 | 292 |
287 ChannelIDSource* channel_id_source() const; | 293 ChannelIDSource* channel_id_source() const; |
288 | 294 |
289 // SetChannelIDSource sets a ChannelIDSource that will be called, when the | 295 // SetChannelIDSource sets a ChannelIDSource that will be called, when the |
290 // server supports channel IDs, to obtain a channel ID for signing a message | 296 // server supports channel IDs, to obtain a channel ID for signing a message |
(...skipping 36 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
327 void SetDefaults(); | 333 void SetDefaults(); |
328 | 334 |
329 // CacheNewServerConfig checks for SCFG, STK, PROF, and CRT tags in |message|, | 335 // CacheNewServerConfig checks for SCFG, STK, PROF, and CRT tags in |message|, |
330 // verifies them, and stores them in the cached state if they validate. | 336 // verifies them, and stores them in the cached state if they validate. |
331 // This is used on receipt of a REJ from a server, or when a server sends | 337 // This is used on receipt of a REJ from a server, or when a server sends |
332 // updated server config during a connection. | 338 // updated server config during a connection. |
333 QuicErrorCode CacheNewServerConfig( | 339 QuicErrorCode CacheNewServerConfig( |
334 const CryptoHandshakeMessage& message, | 340 const CryptoHandshakeMessage& message, |
335 QuicWallTime now, | 341 QuicWallTime now, |
336 const QuicVersion version, | 342 const QuicVersion version, |
| 343 base::StringPiece chlo_hash, |
337 const std::vector<std::string>& cached_certs, | 344 const std::vector<std::string>& cached_certs, |
338 CachedState* cached, | 345 CachedState* cached, |
339 std::string* error_details); | 346 std::string* error_details); |
340 | 347 |
341 // If the suffix of the hostname in |server_id| is in |canonical_suffixes_|, | 348 // If the suffix of the hostname in |server_id| is in |canonical_suffixes_|, |
342 // then populate |cached| with the canonical cached state from | 349 // then populate |cached| with the canonical cached state from |
343 // |canonical_server_map_| for that suffix. Returns true if |cached| is | 350 // |canonical_server_map_| for that suffix. Returns true if |cached| is |
344 // initialized with canonical cached state. | 351 // initialized with canonical cached state. |
345 bool PopulateFromCanonicalConfig(const QuicServerId& server_id, | 352 bool PopulateFromCanonicalConfig(const QuicServerId& server_id, |
346 CachedState* cached); | 353 CachedState* cached); |
(...skipping 20 matching lines...) Expand all Loading... |
367 | 374 |
368 // The |user_agent_id_| passed in QUIC's CHLO message. | 375 // The |user_agent_id_| passed in QUIC's CHLO message. |
369 std::string user_agent_id_; | 376 std::string user_agent_id_; |
370 | 377 |
371 DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig); | 378 DISALLOW_COPY_AND_ASSIGN(QuicCryptoClientConfig); |
372 }; | 379 }; |
373 | 380 |
374 } // namespace net | 381 } // namespace net |
375 | 382 |
376 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ | 383 #endif // NET_QUIC_CRYPTO_QUIC_CRYPTO_CLIENT_CONFIG_H_ |
OLD | NEW |